The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce. Its purpose is to develop standards for measurements in science and technology that “promote U.S. innovation and industrial competitiveness.” The ultimate goal is to “enhance economic security and improve our quality of life.” NIST was founded in 1901 as the National Bureau of Standards. Its standards and regulations regarding measurements of weight, mass, and other metrics influence much of the world’s commerce. It even operates a website that provides the official time for any location in the United States. NIST has recently turned its attention to cloud computing.
In a publication titled “The NIST Definition of Cloud Computing,” released in September 2011, NIST has issued its guidelines for standardized definitions and terminology in relation to the field of “cloud computing.” The Federal Information Security Management Act of 2002 (FISMA) requires NIST to develop these guidelines for the purpose of facilitating information security. A set of standard terms and definitions is crucial to developing security protocols for cloud-based data, particularly when data may be spread across multiple servers or networks in multiple physical locations. Although the specific audience of NIST’s publication is the federal government, it notes that private organizations may choose to follow its recommendations.
NIST defines “cloud computing” as a model that allows access to shared resources online that is convenient and available on demand from anywhere a user has access to the internet. Resources may include data storage, applications, and other services, and should involve little management on the user’s end. The report defines “cloud computing” based on a set of “essential characteristics,” “service models,” and “deployment models.”
Five essential characteristics define cloud computing. A consumer must be able to access cloud services on-demand and on a self-service basis, with no human interaction required. Services must be available through ordinary network access, such as through laptop computers, tablets, or smartphones. Cloud services should be pooled to serve multiple consumers at once. Services should also be sufficiently elastic to allow for rapid changes in demand on system resources, giving consumers the same or similar experience no matter how many users are online. Finally, the service should be measurable, allowing both the service provider and consumer to track usage statistics like bandwidth and storage.
Cloud computing has three fundamental service models. Infrastructure as a Service (IaaS) allows the user access to general system resources like processing or storage. The most common example would be online data storage or backup services. Platform as a Service (PaaS) offers a virtual computing platform in which a user can create software applications or configure platform settings. The service provider controls the overall operating system. Finally, Software as a Service (SaaS) provides the highest level of online service and support, allowing users to access applications hosted online through their web browser, with little to no need to install software on the local machine.
Cloud services can follow four deployment models. A public cloud is available to the entire internet. On the other end of the spectrum, a private cloud is only available to consumers of a specific organization. A community cloud may be available to a group of users with common interests or concerns, and a hybrid cloud combines elements of the other three models.
Prism Risk Management provides businesses and organizations with risk and loss prevention consulting and offers services in loss control planning. To learn how our team can help your organization, contact us today.
Web Resources:
The NIST Definition of Cloud Computing (PDF), National Institute of Standards and Technology, September 2011
More Blog Posts:
Texas Workers Comp: DWC Accepting Comment on Proposed Rules, Prism Risk Management Blog, November 8, 2011
Risk Management 101: What Makes Something Insurable by Property & Casualty Insurance? Prism Risk Management Blog, October 27, 2011
Texas Schools Feeling the Effects of Drought, Fires, Prism Risk Management Blog, September 26, 2011
Photo credit: ‘Cloud computing’ by Sam Johnston (This vector image was created with Inkscape) [CC-BY-SA-3.0], via Wikimedia Commons
Prism Risk Management, LLC 