Cloud Computing Activities

Cloud computing activities, as outlined in ISO/IEC 17789

A cloud computing activity is defined as a specified pursuit or set of tasks.
Cloud computing activities need to have a purpose and deliver one or more outcomes.

Cloud Service Capabilities

Cloud capability types look at capabilities provided by each cloud service model.

• Application capability types - allow access to an application, hosted in the cloud, over the network.
• Platform capability types - allow access to develop and deploy solutions. The solutions may be in-house developed or acquired from another entity. The platform itself may be customizable but the underlying infrastructure is not.
• Infrastructure capability types - allow the ability to maintain underlying infrastructure such as installing operating systems, tools, provisioning of infrastructure compute, storage, and network resources.

Cloud Service Categories

• Software as a Service (SaaS) - The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. (Source: NIST CC Definition)
• Infrastructure as a Service (IaaS) - The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). (Source: NIST CC Definition)
• Platform as a Service (PaaS) - The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. (Source: NIST CC Definition)

Cloud Deployment Models

• Public - The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. (Source: NIST CC Definition)
• Private - The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. (Source: NIST CC Definition)
• Hybrid - The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). (Source: NIST CC Definition)
• Community - The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. (Source: NIST CC Definition)

Cloud Shared Considerations

• Interoperability - The capability to communicate, to execute programs, or to transfer data among various functional units under specified conditions. [Source: American National Standard Dictionary of Information Technology (ANSDIT)]
• Portability - The ability to transfer data from one system to another without being required to recreate or reenter data descriptions or to modify significantly the application being transported. 2. The ability of software or of a system to run on more than one type or size of computer under more than one operating system. 3. Of equipment, the quality of being able to function normally while being conveyed. [Source: Federal Standard 1037C]
• Reversibility - The ability to transfer services from one cloud environment to another. Transferring should be secure, simple, and automatic.
• Availability - The purchased services from the CSP must be available, within the constraints of the SLA, to the customer. Also, the ability of the CSP to scale and grow to meet customer needs. If the consumer need to expand their services and there are no resources available to do so, the CSP service fails.
• Security - protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Ultimately, the data owner is responsible for the security of the data.
• Privacy - Information privacy is the assured, proper, and consistent collection, processing, communication, use and disposition of disposition of personal information (PI) and personally identifiable information (PII) throughout its life cycle. (Source: adapted from OASIS)
• Resiliency - The ability to continue operating under unexpected situations.
• Performance - How well the service delivers, the major concerns are network availability and bandwidth.
• Governance - The policies, procedures, and controls that govern the usage of the cloud.
• Maintenance and versioning - Depending on the service category (SaaS, IaaS, PaaS) that is used will determine who is responsible for maintenance and versioning. Updates and patches may be applied without customer knowledge.
• Service levels and Service Level Agreements (SLA) - an SLA specifies the required performance parameters and will define the business relationship of a solution. The SLA specifies in clear terms requirements for uptime, availability, processes, customer support, security controls, etc.
• Auditability - An examination of the cloud service controls to verify if they are meeting agreed upon measurements.
• Regulatory - Statutory, regulatory and legal requirements vary by market sector and jurisdiction, and they can change the responsibilities of both cloud service customers and cloud service providers. Compliance with such requirements is often related to governance and risk management activities.

Impact of Related Technologies

• Machine learning - a field within Artificial Intelligence (AI) that focuses on the ability of computers to learn on their own without being programmed. Many CSPs are offering machine learning tools.
• Artificial intelligence - A branch of computer science devoted to developing data processing systems that performs functions normally associated with human intelligence, such as reasoning, learning, and self-improvement.
• Blockchain - a collaborative, tamper-resistant ledger that maintains transactional records. The transactional records (data) are grouped into blocks. A block is connected to the previous one by including a unique identifier that is based on the previous block’s data. As a result, if the data is changed in one block, it’s unique identifier changes, which can be seen in every subsequent block (providing tamper evidence). This domino effect allows all users within the blockchain to know if a previous block’s data has been tampered with. Since a blockchain network is difficult to alter or destroy, it provides a resilient method of collaborative record keeping.
• Internet of Things (IoT) - User or industrial devices that are connected to the internet. IoT devices include sensors, controllers, and household appliances.
• Containers - a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications.
• Quantum computing - a type of computation that harnesses the collective properties of quantum states, such as superposition, interference, and entanglement, to perform calculations.