Cloud computing has come a long way since the National Institute of Standards and Technology (NIST) defined its five “essential characteristics” in 2011:¹
- on-demand self-service
- broad network access
- resource pooling
- rapid elasticity
- measured service
At the time, NIST’s definition was groundbreaking, capturing the essence of cloud computing in a concise, high-level framework. However, this simplicity came with limitations. Security and practical constraints were underexplored, and its three service models—Infrastructure as a Service, Platform as a Service, and Software as a Service — did not fully address the expanding needs of cloud users.
The International Organization for Standardization (ISO) has redefined cloud standards to meet the complexities of modern cloud environments.²³ Unlike the high-level approach of NIST, ISO emphasizes practicality, security, and customer-centricity, focusing on the real-world challenges and constraints of today’s cloud systems. ISO’s updated framework addresses the limitations of theoretical "unlimited capabilities" by prioritizing robust, transparent contractual agreements. These agreements explicitly acknowledge service constraints, fostering greater trust in shared cloud environments. Additionally, ISO introduces four new service models to complement the original three, catering to diverse customer needs:
- Network as a Service
- Communications as a Service
- Compute as a Service
- Data Storage as a Service
Let’s explore how ISO’s updated standards enhance the essential characteristics of cloud computing while reflecting the industry’s evolution over the last decade.
On-demand self-service is modernized by recognizing that some human interaction may still be required. Rather than assuming fully automated processes, ISO adopts a pragmatic approach that balances automation with flexibility. The scope is also expanded to include not only the provisioning but also the configuration of cloud resources.
Broad network access is enhanced by ensuring convenient, secure, and policy-compliant access to cloud resources across various networks and deployment models (public, private, hybrid, and community). By requiring interoperable access through standard mechanisms like APIs and peered connections, ISO enables seamless integration for diverse consumer needs.
Resource pooling takes on new depth under ISO standards. Providers are required to offer both multi-tenancy and single-tenancy options, allowing customers to choose exclusive or shared access to resources. ISO also emphasizes abstraction, shielding customers from the underlying complexity while taking on maintenance tasks previously handled by users.
Rapid elasticity and scalability are addressed with greater clarity. ISO separates elasticity from scalability, explaining the differences between horizontal and vertical scaling. It acknowledges practical limitations, such as latency and infrastructure constraints, and mandates transparent Service Level Agreements (SLAs) to align customer and provider expectations.
Measured service introduces a more flexible, consumption-based billing model, enabling customers to pay only for what they use. This characteristic is reinforced by detailed SLAs, ensuring clarity and fairness in billing while fostering trust between providers and users.
Multi-tenancy is elevated to a key feature, acknowledging its critical role in modern cloud environments. By introducing granular roles for customers, users, and tenants, ISO ensures precise resource allocation and access control. This refinement is especially beneficial for large organizations navigating security, confidentiality, and regulatory compliance. ISO also highlights the importance of robust identity and access management systems to address the complexity of modern deployments.
ISO’s revised cloud standards mark a significant leap forward. By addressing the practical realities of cloud computing and expanding its scope, ISO paves the way for a more customer-centric, transparent, and secure cloud ecosystem. These updates highlight the industry’s progress and dedication to meeting real-world customer needs.
References
[1]: The NIST Definition of Cloud Computing. Special publication 800–145. U.S. Department of Commerce. National Institute of Standards and Technology
[2]: ISO/IEC 22123–1:2023(E) - Information technology Cloud computing Part 1: Vocabulary. International Organization for Standardization. September 2023
[3]: ISO/IEC 22123–2:2023(E) - Information technology Cloud computing Part 2: Concepts. International Organization for Standardization. September 2023
Top comments (0)