The National Institute of Standards and Technology (NIST) – the organisation that creates technology standards for the federal government – has this week released a new Cloud Computing roadmap and reference architecture to provide guidance for public sector ICT procurers and implementors.
The NIST says: “This solution will create a level playing field for industry to discuss and compare their cloud offerings with the US Government (USG). The resulting reference architecture and taxonomy for cloud computing was developed as an Actor/Role based model that lays out the central elements of cloud computing for Federal CIOs, Procurement Officials and IT Program Managers. The cloudscape is open and diversified and the accompanying taxonomy provides a means to describe it in an unambiguous manner.”
It’s as important to understand what the NIST Architecture is not as what it is. The NIST notes: “The NIST Cloud Computing reference architecture is a logical extension to the NIST Cloud Computing definition. It is a generic high-level conceptual model that is an effective tool for discussing the requirements, structures, and operations of cloud computing. The model is not tied to any specific vendor products, services or reference implementation, nor does it define prescriptive solutions that inhibit innovation.
“The NIST Cloud Computing reference architecture focuses on the requirements of “what” cloud services provide, not a “how to” design solution and implementation. The reference architecture is intended to facilitate the understanding of the operational intricacies in cloud computing. It does not represent the system architecture of a specific cloud computing system; instead it is a tool for describing, discussing, and developing a system-specific architecture using a common framework of reference.”
So what do we need to know?
The NIST Cloud Computing Standards Roadmap includes a standards inventory for key features of deploying a Cloud Computing architecture, such as security, portability, and interoperability. It also identifies models and use cases that are relevant to cloud computing and identifies standardisation priorities for the feds in the areas of security auditing and compliance, and identity and access management.
It also highlights where there are still gaps in the standards process, particular in relation to security and privacy protection, user interfaces, and business-oriented features.
Meanwhile the NIST Cloud Computing Reference Architecture (NIST Cloud Computing Reference Architecture is a design based on different ‘players’ in the Cloud – consumers, brokers, providers, auditors and carriers – and is intended to act as a guide to the roles each should execute.
The five players are defined as:
Cloud Consumer: a person or organisation that maintains a business relationship with, and uses service from, Cloud Providers. Cloud consumers need SLAs to specify the technical performance requirements fulfilled by a Cloud provider.
Cloud Provider: A person, organisation, or entity responsible for making a service available to interested parties. The Cloud Provider acquires and manages the computing infrastructure required for providing the services, runs the Cloud software that provides the services, and makes arrangement to deliver the Cloud services to the Cloud Consumers through network access.
Cloud Auditor: A party that can conduct independent assessment of cloud services, information system operations, performance and security of the Cloud implementation. A Cloud auditor can evaluate the services provided by a Cloud provider in terms of security controls, privacy impact, performance, etc.
Cloud Broker: An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers. The Broker provide Service Intermediation, Service Aggregation and Service Arbitrage.
Cloud Carrier: An intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers. A Cloud provider will set up SLAs with a Cloud carrier to provide services consistent with the level of SLAs offered to Cloud consumers, and may require the Cloud carrier to provide dedicated and secure connections between Cloud consumers and Cloud providers.
Both of the new NIST publications will feed into a wider and more comprehensive NIST US Government Cloud Computing Technology Roadmap which is due for release in November.
He is also the inventor of the patented meshDETECT, Secure Prison Cell Phone Solutions.
LinkedIn Profile
- The Customer Edge Drives the Need for NaaS - June 25, 2023
- Blockchain Evolves And Secures - January 13, 2019
- Bessemer Ventures’ 2018 Cloud Computing Trends - February 25, 2018
