Hardly any of the services that vendors market as "cloud" adhere to the 2011 NIST definition. No wonder we're so confused.
Here a cloud, there a cloud. Everything today is a cloud service. Except most aren't.
In September 2011, after several years of discussion and 15 drafts, the National Institute of Standards and Technology adopted a real definition of cloud computing. Since then, however, NIST's definition has been lost in translation due in part to opportunistic vendors and marketers, aided at times by ignorant media.
NIST defined five essential characteristics of cloud services: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Virtually no "cloud" service offered today meets all five characteristics.
NIST further defined three cloud models: software-as-a-service, platform-as-a-service, and infrastructure-as-a-service. But all three existed in practice long before the term "cloud" ever entered the vernacular.
Consider the idea that AOL and CompuServe were SaaS providers, as were the myriad ASPs (application service providers) that sprouted around the time of the dotcom boom. Several companies have provided hosted corporate email servers for a dozen years -- are they not PaaS providers? It's been just as easy to buy a hosted "computer" for running a web server or other software fully managed by the customer. This is no different from IaaS.
None of these services were then -- nor are now -- consistent with the true ideals of cloud computing. Certainly none of them provided on-demand self-service. If I needed to ramp up a hosted email environment or acquire a machine to host a web server, those efforts took days, contract negotiations, and a bunch of other headaches that defied "on-demand."
Broad network access is probably the least significant of NIST's cloud characteristics. Everything runs across the Internet, a wireless carrier's infrastructure, or both, including simple file storage and sharing services, which are as old as FTP servers. But broad network access is the one characteristic most companies latch onto in claiming their cloud bona fides.
Resource pooling is a de facto characteristic in almost every IT environment because of the extreme levels of virtualization being employed. The latter is the biggest difference between hosting an email server today and doing so several years ago. Today, your email server is just as likely to be a virtual machine on a cluster of several dozen virtual machines -- assuming you're still running email in-house rather than just subscribing to a service.
A defining factor in whether a service is cloud based should be multi-tenancy, the ability for my services and your services to co-exist, in isolation, within the same physical environment. In contemporary terms, this is something like Office 365, whereby your organization has a group of users sharing the same email server with lots of other groups of users.
Two other defining characteristics are rapid elasticity (the ability to scale up and down quickly as needed) and measured service (whereby payment is based on actual use, not potential use).
Rapid elasticityimplies that the scaling of services happens automatically, not just when some human finally recognizes the need as requested.
If you're paying a monthly subscription fee for a SaaS product based on the number of licensed users, that's not measured service, so that's not a cloud service. If you're renting a machine in a hosting facility and you're paying a flat monthly fee for access to that machine regardless of how much you use it, that's not measured service. If you can't add more machines under that hosted service automatically before you exceed the capacity of the first machine, that's not rapid elasticity, thus not a cloud service.
It's no wonder IT professionals -- and consumers, for that matter -- are so confused. Some definition offenders label their products cloud just because they're on the Internet and are running in some virtualized infrastructure, which is the case with many SaaS products. Others have defined their own version of the term cloud, attempting to reduce the distinction to a simple matter of where the data is stored. For example, they state that the cloud is just a metaphor for the Internet, and that storing data on an office network doesn't count as cloud storage. But that claim puts a big a dent in the concept of a private cloud environment. It's also based exclusively on the idea of broad network access, without any consideration of the other characteristics of cloud services.
What would make the above "cloud services"? How about your SaaS provider billing you based on the actual number of users each day, or the number of actual logged-on minutes per day, or, best of all, the number of actual minutes of application used each day? For a hosted email service to truly be a cloud service, it would be billed based on the actual resource consumption each day, giving customers unlimited capacity and the ability to add and remove users on-demand. Customers wouldn't pay more just because they added more mailboxes. So if you have to do more than call up a single Web page to change something in your service provisioning, or if you're paying a flat fee per some time period or per user, let's just call the service what it is: SaaS, not cloud.
In a survey of 200 IT managers conducted by ElasticHosts in October 2012, more than 67% of respondents said they had been offered cloud services under a fixed term, 40% had been offered services that weren't scalable, and 32% noted that the services offered weren't even self-service. There's no reason to think much has changed since then.
Is your company using any actual cloud services? Or are you using not-cloud services labeled as such? Do you want to get off the merry-go-round with me?
Engage with Oracle president Mark Hurd, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, former Netflix cloud architect Adrian Cockcroft, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.
Lawrence Garvin, head geek and technical product marketing manager at SolarWinds, wrote his first computer program, in RPG-II, in 1974, to calculate quadratic equations. He tested it on some spare weekend cycles on an IBM System 3 that he "borrowed" from his father's ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.