Now that the definition of cloud computing is 7 years old—practically middle-aged in tech iteration years—it could use a fresher vocabulary to better describe it, says new research.
“The definition is now seven years old and the industry has evolved rapidly to include diverse technologies such as containers and serverless computing. Does it need to be updated?” asks Christine Miyachi, systems engineer at the Xerox Corporation, in her article “What is ‘Cloud’? It is time to update the NIST definition?” in the May/June 2018 issue of IEEE Cloud Computing.
The current definition, established by the National Institute of Standards and Technology in 2011, includes three basic services: Infrastructure as a Service (Iaas), Platform as a Service (PaaS), and Software as a Service (Saas).
“IaaS, PaaS, and SaaS definitions have been remarkably resilient, and most cloud computing providers still use these terms on their marketing materials,” Miyachi writes.
But much has changed over the past several years—including the addition of what is called “serverless” computing.
“With serverless, you just call the function and the cloud provider takes care of the rest, and you would be billed just for the resources used for a few milliseconds. If traditional enterprise computing was like buying a car, and traditional cloud computing was like renting it for the day, serverless is like taking a taxi,” says Miyachi.
IaaS, PaaS, SaaS, and XaaS defined
To understand where cloud computing is going, we must understand where it has been. The traditional definition consists of three distinct services.
IaaS is perfect for an IT department that needs the most control over business operations. It provides servers, storage, virtualization, and networking, which allows businesses to build and manage their own applications, data, and operating systems.
PaaS is ideal for software designers who build and manage applications and data. It provides all of the services of IaaS as well as web servers and development tools.
SaaS is perfect for the average consumer. It provides all of the above-mentioned services for a seamless, uncomplicated cloud experience. Gaming is a popular example.
Miyachi says the cloud community now summarizes all of these types of services as XaaS or “any technology delivered over the Internet that used to be delivered onsite.” The “X” stands for “everything.”
An updated model of cloud computing
Plenty of new services have emerged in the cloud domain: blockchain, business services, databases, functions, Windows, and even malware, which serves the black market, says Miyachi.
“Cloud providers are able to offer other technologies as cloud services now because Internet access has become increasingly reliable and faster, and server virtualization and serverless advances make powerful computing platforms and services readily available,” Miyachi explains.
In light of these emerging technologies, experts are working on organizing and redefining what cloud services really mean. Miyachi cites Johan den Haan, CTO at Medix, who is an expert in model-driven engineering.
“He has created an interactive model and a more granular framework for cloud computing that may be a better fit to today’s range of technologies and commercial providers offer,” says Miyachi.
She provides an updated model of cloud computing based on his model, in the illustration below.
Miyachi believes these distinctions are a good start in redefining cloud computing. But some issues still need to be ironed out.
“Serverless computing is hard to define. There are no virtual machines to create and the PaaS vendor figures out the best way to run your functions. Where would you put serverless computing in the current model?” says Miyachi.
Despite those difficulties, serverless computing is used widely by industry giants such as Amazon, Google, and IBM. It is known as cloud functions.
“As cloud computing emerged, the use of amorphous clouds to represent compute and storage as well as networking services was born, and NIST provided definitions for us to understand those services. Perhaps the authors at NIST will update their model as definitions from standards organizations are more widely vetted and accepted,” Miyachi says.
Research related to the National Institute of Standards and Technology in the Computer Society Digital Library:
- NIST Bases Flagship Security Engineering Publication on ISO/IEC/IEEE
- Putting the “Systems” in Security Engineering: An Examination of NIST Special Publication 800-160
- NIST and Computer Security
- NIST Contributions to IT
- NIST: Building a Solid Foundation
- NIST Contributions to Biometric Technology
- Managing Enterprise Security Risk with NIST Standards
- Development of the NIST Virtual Library
- The Case for Flexible NIST Security Standards
- The NIST Cryptographic Workshop on Hash Functions