(Source: NIST)
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.
The characteristics, service models, and deployment models (henceforth called implementation models) mentioned in the definition are separate dimensions of cloud computing that can occur in any combination. The risks that are described in this book are a direct result of one or more of the essential characteristics of cloud computing, the service model that is chosen, and the implementation model.
The five essential characteristics are:
On-demand self-service
Customers can configure computer facilities themselves, without human interaction with the service supplier. The services are easily available and can be obtained directly over the Internet.
Broad network access
Services are offered on a network. When standard protocols and standard formats are used, it is possible to obtain these services on different resources, such as PCs, laptops, tablets, and mobile phones.
Resource pooling
Multiple customers share the supplier’s infrastructure through a rental model. The resources are appointed dynamically. This is done depending on demand from the customer. The exact location of the infrastructure is not important to the customer, though in general, the customer can set some preconditions, such as, for example, a particular country or a specific data center. The types of computer resources one has to think about—among others—are storage, computing capacity, memory, network bandwidth, and virtual environments.
Rapid elasticity
Services can be configured and released quickly and often automatically in an elastic fashion. This offers the capability of quickly scaling up and down. The customer experiences this as the apparently unlimited ability to obtain services at any moment and in any desired quantity.
Measured service
Systems check and optimize the use of the underlying infrastructure. Here, for example, the usage of the following is measured: storage capacity, computing capacity, bandwidth, and active user accounts. The result is transparent for the supplier and the customer and as a result is a fair basis on which to invoice.