NIST SP 800-145 provides an overview of cloud service and deployment models. The purpose of the document is to provide a baseline for the discussion of the quickly evolving paradigm of cloud services. This baseline allows organizations to evaluate solutions in the context of capabilities, compliance, and other requirements.
Compliance with data protection laws is an important aspect to consider when evaluating cloud solutions. NIST SP 800-145 notes that providers may pool resources which could result in data being replicated across multiple regions. This could pose an issue for organizations that have requirements about storing data outside of or in a specific country due to their laws. In this case, an organization may opt to use a private, self-hosted cloud to align with their compliance needs.
Cloud computing is a model in which it can be used to implement resource allocation, shared networks, servers, storage, applications and services, providing ubiquitous and convenient network access requirements. The cloud model has five essential characteristics, including cloud computing must have on-demand self-service, extensive network access, resource pooling, rapid elasticity, and measurable service. On-demand self-service allows consumers to automatically access computing capabilities without having to deal with The service provider performs human interaction. There are three main cloud service models: software as a service (SaaS), platform as a service (PAAS) and infrastructure as a service (IAAS). Four deployment models: private cloud, community cloud, public cloud or hybrid cloud
I found it interesting how the On-Demand Self-Service requires no human interaction but you can still select the network storage and the server with no human interaction. How is that possible? In the next years or has already started, most organizations will move their information to the cloud for strong security protections. Good post!
The NIST definition lists five essential characteristics of cloud computing: on-demand self-service, broad network access, resource pooling, rapid elasticity or expansion, and measured service. It also lists three “service models” (software, platform and infrastructure), and four “deployment models” (private, community, public and hybrid) that together categorize ways to deliver cloud services.
The definition is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best use cloud computing.
NIST SP 800-145, The NIST Definition of Cloud Computing
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models”.
A piece that stood out to me in this reading was the on demand self service, where a consumer can kind of customize their needs without needing human interaction among the service providers. That could be essential for certain businesses
Yes, no interaction is great specially in current times. The other thing that is great is that users can keep their data private. They can avoid the shared feature on the cloud, and not keep or store sensitive information on the cloud.
NIST SP 800 145 – The NIST Definition of Cloud Computing”, this document explains the cloud model with five essential characteristics, three service models, and four deployment models.
Three service models are depends on organization’s available infrastructure, IT staff resources, cost considerations, and cloud security needs.
The essential part of a private cloud is virtualization that offers opportunities in reducing infrastructure costs, increasing operational efficiency, and improving deployment flexibility.
Software as a Service (SaaS) provided to the consumer is to use the provider’s applications running on a cloud infrastructure, users can access these applications with the help of internet connection and web browser.
Platform as a Service (PaaS) provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.
Infrastructure as a Service (IaaS) provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software. It is a computing infrastructure managed over the internet and it helps users to avoid the cost and complexity of purchasing and managing the physical servers.
I was really surprised to find out that the public cloud is the most popular model out there since in our courses we are always referring to the CIA triad and expected to protect against a breach of confidentiality. However, I came to the realization that determining a cloud model depends on your business needs, size, and requirements. Another deciding factor is the company’s willingness to allocate budget for investments in the cloud. The advantage of NIST SP 800-145 is that it helps you understand the advantages of the many different models for deployment. Although the private cloud model sounds the most promising since it has optimal utilization of an organization’s existing assets, on-demand provisioning, and higher security and compliance with regulations and standards, it is also the most expensive as you need to pay for hardware, software, and training resources. While security and privacy is a concern for the private cloud, it has many advantages like scalability, 24/7 operation time, decent infrastructure management, and you do not need to purchase your own hardware.
I think organizations choose different cloud models according to their needs. Private cloud, public cloud, and hybrid cloud have their own advantages. Organizations need to determine the appropriate cloud service based on their own needs and cost calculations. All in all, cloud services provide enterprises with many conveniences and reduce the cost of data management services.
I think you raise a good point that for most companies, the public cloud model is the most economical. If money was equal then I believe that like you’ve mentioned the private cloud model would be the most promising. Having the full control of scalability, infrastructure, and deployment would give companies the most autonomy and potentially security. However, a benefit that the public cloud offers is that they burden on securing the infrastructure is often on the cloud provider and does not need to be managed individually, unlike with the private cloud model.
The essential characteristics of cloud computing has provided organizations and their employees additional ways to access network resources efficiently and securely. When organizations adopt cloud computing in their environments baselines around on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service are established. In addition, I think it’s important to note that monitoring controls should also be established to ensure resources are being used appropriately. These monitoring controls should be reviewed, for example the bandwidth used by a specific service/resource, to ensure the measured bandwidth is not exceeding the expected bandwidth baselines. If they are, the initial baselines should be updated/adjusted accordingly and more resources should be allocated.
From my understanding, NIST 800-145 provides rules or standards to organizations using cloud computing services. NIST 800-145 defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared
pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.
I did not really quite understand this article but I would say NIST establishes minimum requirements for organizations using cloud computing services to understand how cloud services work and to provide strong security protections over their network. I saw something interesting in the “on demand self service” requiring no human interaction with each service provider and I am wondering if this is possible or if it’s happening now with organizations using cloud computing services.
NIST SP 800-145 is a great source for system planners, program managers, and others that use cloud services (customers or providers) to understand the different types of cloud computing as its service and deployment models. According to publishing, cloud computing offers on-demand self-service where the user can adjust server time, storage, and other functionalities as needed. These functionalities are served over the networks via mobile phones, tablets, laptops, and workstations. During my experience with AWS, the best feature offered was the rapid elasticity, where we could provision and release outward and inward commensurate based on the organizations’ demand. Cloud computing might be provided as SaaS, PasS, or IaaS, and different features offered by each should be considered. It can be used as a private, community, public, or hybrid cloud when it comes to deployment.
The NIST 800-145 dives into the details of cloud computing. Cloud computing is the delivery of computing services such as servers, storage, databases, networking, and software over the Internet to offer faster innovation and flexible resources. It is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be quickly distributed with minimal effort or interaction. Also discussed in the reading is the five essential cloud characteristics. These five characteristics are on-demand self-service, broad network access, resource pooling, rapid elasticity or expansion, and measured service.
The term cloud computing refers to the practice of remotely storing data or running applications on a network of Internet servers. These servers are controlled and managed by companies providing cloud services. Users rent a particular amount of storage space on these servers which is accessible from anywhere. Apart from storage and application hosting, users can also use the cloud for remote computing by renting the appropriate resources from the service providers. Some corporations have large amounts of data that require processing from time to time to be converted into relevant information. Not all companies can invest in the cyberinfrastructure needed for processing large amounts of data. In such cases, they rent the resources of a computer on the cloud and outsource some for processing.
Cloud is used to store data, host applications, and outsource computing. There are four kinds of clouds (private, public, hybrid, community) which offer three different kinds of services (PaaS, IaaS, SaaS)
The main advantage of the cloud is flexibility and cost-effectiveness, and portability.
The main threats to the security of the cloud are data breach, data loss, account hacking, disgruntled insiders, technology loopholes, shared space, and vulnerable user interfaces
Users can secure their data by backing up regularly updating backups, creating strong passwords, opting for two-step authentication, encrypting their data, maintaining online discipline, and avoiding keeping sensitive information on cloud
There are several data privacy issues with the cloud such as data ownership, data location, data migration, and data permanency.
Users can keep their data private by encrypting the data, reading the terms and conditions of the service provider carefully, avoiding the shared feature on the cloud, and not storing sensitive information on the cloud.
The NIST special publication 800-145 document was a nice refresher on the definition of cloud computing. Nothing in this document is anything we haven’t learned up to this point, but it was interesting that the document noted the cloud model is composed of five essential characteristics, three service models, and four deployment models. It’s helpful to have the characteristics laid out in this way so it may be used as a sort of checklist when planning one’s own system. I also found the first sentence of the purpose and scope to be the most enlightening when it comes to this technology. It states that “Cloud computing is an evolving paradigm.” This is something that appears to be the case as the cloud computing model has changed and grown rapidly in a very short period of time.
It’s interesting to read the document as the common theme behind cloud computing is to provide a centralized service while drastically reducing the cost of deployment. One of the more interesting characteristics of cloud computing is the ability to pool resources. The evolution of the microchip into the modern century has allowed the consumer to have highly advanced calculators do calculations that it would take an entire building to use in the 60s & 70s. Which is truly amazing to really rationalize and even then, it’s still not enough. What cloud computing does is give the average consumer laptop the ability to access and expand resources beyond its limits. Think about this, when you’re at home watching a new show on Netflix on any device or browsing YouTube – that entire platform hosts thousands of terabytes in video to your device. Easily accessible to the average person – and yet we don’t physically store that information on your computer. The consumer doesn’t have access to a data center – but cloud gives the power of a data center on a lot of cheap and affordable devices. But doing so also relies on external security services for them to trust and store that information without being subject to outsiders – and the liability increases when potentially millions of consumers can have their personal data stolen at any time.
Cloud computing has its place, but in doing so you are also trusting that the organization platforming is doing their due diligence with your personal data.
Your last sentence is very key and should be stressed more often in my opinion. When we agree to use the cloud we are indeed putting our trust in the host to protect our data, which leaves the user/consumer at the hosts mercy, should the host be negligent, it can could cost the user in the end
NIST 800-145 provides the definition of cloud computing in a sentence. “Cloud computing g is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. ” I can’t understand about cloud computing clearly. Furthermore, I know that the cloud computing is composed of five essential characteristics, three service models, and four deployment models. However, a couple of essential characteristics is unclear to me.
SaaS (Software as a Service) is a cloud model that requires almost no effort on the consumer’s part. They wouldn’t have to install an operating system nor configure or write any software. Nor would they have to make sure the system is updated and patched. All the consumer would have to do is login to this on-demand software and simply begin to use it.
PaaS (Platform as a Service) is a model that the cloud service provider gives the consumer a platform that they can use to develop their own application. They would provide the OS, and a few other building blocks (programming languages, libraries, services, and tools) that they would need to write their own applications that are customized just for them.
If someone has contracted with a cloud service provider to outsource their equipment, this is referred to as IaaS (Infrastructure as a service). The consumer would still be responsible for the management of the operating system and data security.
Thanks for sharing Joshua. I run into these cloud service types when I’m performing audits. The minor details, such as a PaaS allows the user entity to deploy certain app customizations while SaaS offers zero customization to the user entity, are so important. When we audit a cloud system we’ll typically categorize them (i.e. SaaS, PaaS, and IaaS) which helps us determine the level of controls testing we can and should perform on behalf of our organization.
Very interesting response Bryan, I like how you elaborated on my post and reiterated some of the details of PaaS and SaaS and even gave details on how you perceive them for your job. I think it is dope that you are already doing IT auditing prior to earning your ITACS graduate degree.
The NIST 800 145 defines cloud computing, then lays out essential characteristics, service models, and deployment models of cloud computing. This is a great, basic outline of cloud computing which includes topics that we have covered in our classes. While it is probably a review for most of us, I enjoyed the detailed essential characteristics that the document lays out. It includes characteristics that you may not think about until you pull back the layers and start working with cloud computing. For instance, “measured service”. This refers to the monitoring and control of resources used by the consumer. Resources are measured by different metrics (bandwidth, storage, user accounts, etc.) depending on the type of service.
NIST 800-145 defines cloud computing as a model for enabling convenient, easy, on-demand network access into a wide array of networks, servers, storage, applications, services, etc that can be easily equipped with little effort by management or service interaction. NIST composes the model of five essential characteristics, three service models, & four deployment models. The essential characteristics are on-demand self-service, broad network access, resource pooling, rapid elasticity, & measured service. The service models are SaaS, PaaS, & IaaS. Finally, the deployment models are private cloud, community cloud, & public cloud.
NIST SP 800-145 provides an overview of cloud service and deployment models. The purpose of the document is to provide a baseline for the discussion of the quickly evolving paradigm of cloud services. This baseline allows organizations to evaluate solutions in the context of capabilities, compliance, and other requirements.
Compliance with data protection laws is an important aspect to consider when evaluating cloud solutions. NIST SP 800-145 notes that providers may pool resources which could result in data being replicated across multiple regions. This could pose an issue for organizations that have requirements about storing data outside of or in a specific country due to their laws. In this case, an organization may opt to use a private, self-hosted cloud to align with their compliance needs.
Cloud computing is a model in which it can be used to implement resource allocation, shared networks, servers, storage, applications and services, providing ubiquitous and convenient network access requirements. The cloud model has five essential characteristics, including cloud computing must have on-demand self-service, extensive network access, resource pooling, rapid elasticity, and measurable service. On-demand self-service allows consumers to automatically access computing capabilities without having to deal with The service provider performs human interaction. There are three main cloud service models: software as a service (SaaS), platform as a service (PAAS) and infrastructure as a service (IAAS). Four deployment models: private cloud, community cloud, public cloud or hybrid cloud
Hi Yangyuan,
I found it interesting how the On-Demand Self-Service requires no human interaction but you can still select the network storage and the server with no human interaction. How is that possible? In the next years or has already started, most organizations will move their information to the cloud for strong security protections. Good post!
The NIST definition lists five essential characteristics of cloud computing: on-demand self-service, broad network access, resource pooling, rapid elasticity or expansion, and measured service. It also lists three “service models” (software, platform and infrastructure), and four “deployment models” (private, community, public and hybrid) that together categorize ways to deliver cloud services.
The definition is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best use cloud computing.
NIST SP 800-145, The NIST Definition of Cloud Computing
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models”.
A piece that stood out to me in this reading was the on demand self service, where a consumer can kind of customize their needs without needing human interaction among the service providers. That could be essential for certain businesses
Yes, no interaction is great specially in current times. The other thing that is great is that users can keep their data private. They can avoid the shared feature on the cloud, and not keep or store sensitive information on the cloud.
NIST SP 800 145 – The NIST Definition of Cloud Computing”, this document explains the cloud model with five essential characteristics, three service models, and four deployment models.
Three service models are depends on organization’s available infrastructure, IT staff resources, cost considerations, and cloud security needs.
The essential part of a private cloud is virtualization that offers opportunities in reducing infrastructure costs, increasing operational efficiency, and improving deployment flexibility.
Software as a Service (SaaS) provided to the consumer is to use the provider’s applications running on a cloud infrastructure, users can access these applications with the help of internet connection and web browser.
Platform as a Service (PaaS) provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.
Infrastructure as a Service (IaaS) provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software. It is a computing infrastructure managed over the internet and it helps users to avoid the cost and complexity of purchasing and managing the physical servers.
I was really surprised to find out that the public cloud is the most popular model out there since in our courses we are always referring to the CIA triad and expected to protect against a breach of confidentiality. However, I came to the realization that determining a cloud model depends on your business needs, size, and requirements. Another deciding factor is the company’s willingness to allocate budget for investments in the cloud. The advantage of NIST SP 800-145 is that it helps you understand the advantages of the many different models for deployment. Although the private cloud model sounds the most promising since it has optimal utilization of an organization’s existing assets, on-demand provisioning, and higher security and compliance with regulations and standards, it is also the most expensive as you need to pay for hardware, software, and training resources. While security and privacy is a concern for the private cloud, it has many advantages like scalability, 24/7 operation time, decent infrastructure management, and you do not need to purchase your own hardware.
Hi Elizabeth,
I think organizations choose different cloud models according to their needs. Private cloud, public cloud, and hybrid cloud have their own advantages. Organizations need to determine the appropriate cloud service based on their own needs and cost calculations. All in all, cloud services provide enterprises with many conveniences and reduce the cost of data management services.
I think you raise a good point that for most companies, the public cloud model is the most economical. If money was equal then I believe that like you’ve mentioned the private cloud model would be the most promising. Having the full control of scalability, infrastructure, and deployment would give companies the most autonomy and potentially security. However, a benefit that the public cloud offers is that they burden on securing the infrastructure is often on the cloud provider and does not need to be managed individually, unlike with the private cloud model.
The essential characteristics of cloud computing has provided organizations and their employees additional ways to access network resources efficiently and securely. When organizations adopt cloud computing in their environments baselines around on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service are established. In addition, I think it’s important to note that monitoring controls should also be established to ensure resources are being used appropriately. These monitoring controls should be reviewed, for example the bandwidth used by a specific service/resource, to ensure the measured bandwidth is not exceeding the expected bandwidth baselines. If they are, the initial baselines should be updated/adjusted accordingly and more resources should be allocated.
From my understanding, NIST 800-145 provides rules or standards to organizations using cloud computing services. NIST 800-145 defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared
pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.
I did not really quite understand this article but I would say NIST establishes minimum requirements for organizations using cloud computing services to understand how cloud services work and to provide strong security protections over their network. I saw something interesting in the “on demand self service” requiring no human interaction with each service provider and I am wondering if this is possible or if it’s happening now with organizations using cloud computing services.
NIST SP 800-145 is a great source for system planners, program managers, and others that use cloud services (customers or providers) to understand the different types of cloud computing as its service and deployment models. According to publishing, cloud computing offers on-demand self-service where the user can adjust server time, storage, and other functionalities as needed. These functionalities are served over the networks via mobile phones, tablets, laptops, and workstations. During my experience with AWS, the best feature offered was the rapid elasticity, where we could provision and release outward and inward commensurate based on the organizations’ demand. Cloud computing might be provided as SaaS, PasS, or IaaS, and different features offered by each should be considered. It can be used as a private, community, public, or hybrid cloud when it comes to deployment.
The NIST 800-145 dives into the details of cloud computing. Cloud computing is the delivery of computing services such as servers, storage, databases, networking, and software over the Internet to offer faster innovation and flexible resources. It is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be quickly distributed with minimal effort or interaction. Also discussed in the reading is the five essential cloud characteristics. These five characteristics are on-demand self-service, broad network access, resource pooling, rapid elasticity or expansion, and measured service.
The term cloud computing refers to the practice of remotely storing data or running applications on a network of Internet servers. These servers are controlled and managed by companies providing cloud services. Users rent a particular amount of storage space on these servers which is accessible from anywhere. Apart from storage and application hosting, users can also use the cloud for remote computing by renting the appropriate resources from the service providers. Some corporations have large amounts of data that require processing from time to time to be converted into relevant information. Not all companies can invest in the cyberinfrastructure needed for processing large amounts of data. In such cases, they rent the resources of a computer on the cloud and outsource some for processing.
Cloud is used to store data, host applications, and outsource computing. There are four kinds of clouds (private, public, hybrid, community) which offer three different kinds of services (PaaS, IaaS, SaaS)
The main advantage of the cloud is flexibility and cost-effectiveness, and portability.
The main threats to the security of the cloud are data breach, data loss, account hacking, disgruntled insiders, technology loopholes, shared space, and vulnerable user interfaces
Users can secure their data by backing up regularly updating backups, creating strong passwords, opting for two-step authentication, encrypting their data, maintaining online discipline, and avoiding keeping sensitive information on cloud
There are several data privacy issues with the cloud such as data ownership, data location, data migration, and data permanency.
Users can keep their data private by encrypting the data, reading the terms and conditions of the service provider carefully, avoiding the shared feature on the cloud, and not storing sensitive information on the cloud.
The NIST special publication 800-145 document was a nice refresher on the definition of cloud computing. Nothing in this document is anything we haven’t learned up to this point, but it was interesting that the document noted the cloud model is composed of five essential characteristics, three service models, and four deployment models. It’s helpful to have the characteristics laid out in this way so it may be used as a sort of checklist when planning one’s own system. I also found the first sentence of the purpose and scope to be the most enlightening when it comes to this technology. It states that “Cloud computing is an evolving paradigm.” This is something that appears to be the case as the cloud computing model has changed and grown rapidly in a very short period of time.
It’s interesting to read the document as the common theme behind cloud computing is to provide a centralized service while drastically reducing the cost of deployment. One of the more interesting characteristics of cloud computing is the ability to pool resources. The evolution of the microchip into the modern century has allowed the consumer to have highly advanced calculators do calculations that it would take an entire building to use in the 60s & 70s. Which is truly amazing to really rationalize and even then, it’s still not enough. What cloud computing does is give the average consumer laptop the ability to access and expand resources beyond its limits. Think about this, when you’re at home watching a new show on Netflix on any device or browsing YouTube – that entire platform hosts thousands of terabytes in video to your device. Easily accessible to the average person – and yet we don’t physically store that information on your computer. The consumer doesn’t have access to a data center – but cloud gives the power of a data center on a lot of cheap and affordable devices. But doing so also relies on external security services for them to trust and store that information without being subject to outsiders – and the liability increases when potentially millions of consumers can have their personal data stolen at any time.
Cloud computing has its place, but in doing so you are also trusting that the organization platforming is doing their due diligence with your personal data.
Hello Michael,
Your last sentence is very key and should be stressed more often in my opinion. When we agree to use the cloud we are indeed putting our trust in the host to protect our data, which leaves the user/consumer at the hosts mercy, should the host be negligent, it can could cost the user in the end
NIST 800-145 provides the definition of cloud computing in a sentence. “Cloud computing g is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. ” I can’t understand about cloud computing clearly. Furthermore, I know that the cloud computing is composed of five essential characteristics, three service models, and four deployment models. However, a couple of essential characteristics is unclear to me.
SaaS (Software as a Service) is a cloud model that requires almost no effort on the consumer’s part. They wouldn’t have to install an operating system nor configure or write any software. Nor would they have to make sure the system is updated and patched. All the consumer would have to do is login to this on-demand software and simply begin to use it.
PaaS (Platform as a Service) is a model that the cloud service provider gives the consumer a platform that they can use to develop their own application. They would provide the OS, and a few other building blocks (programming languages, libraries, services, and tools) that they would need to write their own applications that are customized just for them.
If someone has contracted with a cloud service provider to outsource their equipment, this is referred to as IaaS (Infrastructure as a service). The consumer would still be responsible for the management of the operating system and data security.
Thanks for sharing Joshua. I run into these cloud service types when I’m performing audits. The minor details, such as a PaaS allows the user entity to deploy certain app customizations while SaaS offers zero customization to the user entity, are so important. When we audit a cloud system we’ll typically categorize them (i.e. SaaS, PaaS, and IaaS) which helps us determine the level of controls testing we can and should perform on behalf of our organization.
Very interesting response Bryan, I like how you elaborated on my post and reiterated some of the details of PaaS and SaaS and even gave details on how you perceive them for your job. I think it is dope that you are already doing IT auditing prior to earning your ITACS graduate degree.
The NIST 800 145 defines cloud computing, then lays out essential characteristics, service models, and deployment models of cloud computing. This is a great, basic outline of cloud computing which includes topics that we have covered in our classes. While it is probably a review for most of us, I enjoyed the detailed essential characteristics that the document lays out. It includes characteristics that you may not think about until you pull back the layers and start working with cloud computing. For instance, “measured service”. This refers to the monitoring and control of resources used by the consumer. Resources are measured by different metrics (bandwidth, storage, user accounts, etc.) depending on the type of service.
NIST 800-145 defines cloud computing as a model for enabling convenient, easy, on-demand network access into a wide array of networks, servers, storage, applications, services, etc that can be easily equipped with little effort by management or service interaction. NIST composes the model of five essential characteristics, three service models, & four deployment models. The essential characteristics are on-demand self-service, broad network access, resource pooling, rapid elasticity, & measured service. The service models are SaaS, PaaS, & IaaS. Finally, the deployment models are private cloud, community cloud, & public cloud.