This post is an introduction to the concept of cloud on IT.
In the context of cloud computing, a bucket is a basic storage container.
Cloud Essential Characteristics
Cloud essential characteristics:
- Resource Pooling
- Broad Network Access
- Rapid Elasticity
- Measured Service
- On-Demand Self-Service
- Multitenancy
Multitenancy is considered within Resource Pooling according to NIST SP 800-145, while ISO/IEC 22123 considers it a different characteristic.
Cloud Logical Model
Cloud logical model layers, according to CCSK v3:
- Infrastructure
- Metastructure
- Infostructure
- Appistructure
Cloud Service Model
Cloud service models are often known as the SPI stack or SPI tiers:
- Software as a Service (SaaS)
- Platform as Service (PaaS)
- Infrastructure as a Service (IaaS)
In SaaS, you exploit services directly.
In PaaS, you build, develop or run applications over the given resources.
In IaaS, you use a virtual hardware like processors or storage drives.
There are many technologies coining the term “as a Service”, using it as a commercial label. Some examples are:
- Software as a Service (SaaS)
- Identity as a Service (IDaaS)
- Security as a Service (SECaaS)
- Platform as a Service (PaaS)
- Function as a Service (Faas) / Serverless architecture
- Database as a Service
- Infrastructure as a Service (IaaS)
- Containers as a Service (Caas)
- Compute as a Service (CaaS)
Cloudwashing refers to the act of selling as a non-cloud service as a cloud service.
Function as a Service (FaaS) / Serverless architecture
Function as a Service (FaaS), more commonly know as serverless architecture, is a sub-type within PaaS.
You can read more about FaaS, most commonly known on this post.
Container as a Service (CaaS)
Container as a Service (CaaS) is considered to be in the middle of PaaS and IaaS. According to the book “CCSP Practice Test Third Edition”, chapter 1 question 43, “CaaS is a subcategory of IaaS for computing resources provided as a service”.
Cloud Deployment Models
Cloud deployment models are:
- Public
- Private
- Hybrid
- Community
You can find the cloud deployment models on this post.
Technologies enabling Cloud Computing
By leveraging virtualization, the cloud provider does not have to deploy an entire hardware device for every new user.
If the cloud provider had to purchase a new box for every user, the cost of cloud services would be as much as running a traditional environment (or likely cost even more), and there would be no reason for any organization to migrate to the cloud, especially considering the risks associated with disclosing data to a third party.
Cloud computing often integrates DevOps practices to enable automated and scalable deployment workflows.
DevOps practices include IT configuration management (ITSM), insfrastructure as code (IaC) and continuous integrity/continuous deploymnet CI/CD.
You can read more about DevOps on this post.
Cloud computing is possible thanks to technologies like infrastructure as code (IaC), that allows to managing computer resources through definition files, rather than physical hardware or configuration tools.
Cloud Data Centers
This section focuses on cloud data center security.
There is an informal saying that the cloud data centers characteristics should be “ping, power, pipe“, that means:
- Ping: meaning remote access for a customer to racked devices in the data center
- Power: meaning electrical utilities
- Pipe: meaning connectivity to an internet service provider/the internet
Uptime Institute Data Center Tiers
Uptime Institute Data Center Tiers:
Tier No. | Short Description | Uptime percentage | Max. downtime |
1 | Full equipment | 99.671 | |
2 | Redundant equipment | 99.741 | |
3 | Redundant communications and power paths | 99.982 | 1,6 hours |
4 | Adds fault tolerance | 99.995 |
You can review this external link to the official Uptime Institute data center tier description.
Cloud Computing Standards
Types of Cloud Computing Standards featured on this post
- Definitions and Concepts
- Reference Architectures
Cloud Computing Standard Definitions and Concepts
Cloud computing standard definitions and concepts:
- ISO/IEC 22123-1 & 22123-2
- NIST SP 500-145
This list does exclude the cloud computing security standards.
ISO/IEC 22123-1 & 22123-2
ISO/IEC 22123-1 has the title “Vocabulary”.
ISO/IEC 22123-2 has the title “Concepts”.
NIST SP 500-145
NIST SP 500-145 has the title “The NIST Definition of Cloud Computing”.
NIST SP 500-145 official website
Cloud Computing Standard Reference Architectures
Cloud computing standard reference architecture:
- ISO/IEC 22123-3
- NIST SP 500-292
- CSA Enterprise Architecture
ISO/IEC 22123-3
ISO/IEC 22123-3:2023 is about cloud computing reference architecture. You can read more about it on this post.
This standard was preceded by ISO/IEC 17789:2014.
NIST SP 500-292
NIST SP 500-292 has the title “NIST Cloud Computer Reference Architecture”.
CSA Enterprise Architecture
CSA Enterprise Architecture (EA) is both a methodology and a set of tools. It is a framework, a comprehensive approach for the architecture of a secure cloud infrastructure, and can be used to assess opportunities for improvement, create roadmaps for technology adoption, identify reusable security patterns, and assess various cloud providers and security technology vendors against a common set of capabilities.
It leverages the following standards:
- TOGAF (enterprise IT architecture framework)
- ITIL (IT service management)
- SABSA (IS architecture framework)
- Jericho
Vendor Cloud Architecture Frameworks
AWS Well Architected Tool
AWS well architected tool website
Azure Well-Architected Framework
Azure Well-Architected Framework website
Google Cloud Architecture Framework
Google Cloud Architecture Framework website
Cloud Platform for Content Management System
Cloud platforms for content management systems (CMS):
- Platform.sh
- Pantheon
- Acquia
Cloud Security
Information security in the cloud has some singularities. You can read about cloud security on this post.
Cloud Service Providers
A Cloud Service Provider (CSP) is a provider that supplies cloud services.
You can find more information and a list of popular CSPs on this post.
List of Cloud Service Modules
This blog has a dedicated post about common cloud service modules, like storage, monitoring, etc.
You might also be interested in…
External References
- Function as a Server (FaaS) / Serverless
- Chapman et al, “CISSP Study Guide 9th Edition”, section “Serverless architecture”, pp. 406; Wiley, 2021