Cloud computing

The essential characteristics and service models of cloud computing necessitate the implementation of access control mechanisms to maintain system integrity and reduce exposure to malicious actors. The following diagram displays the scope of access control entailed with the various service models of cloud computing.

via NIST

• Broad network access. Computing capabilities are available over the network and are accessed through standard mechanisms – such as application programming interfaces (APIs) or data protocols – that promote use by a variety of thin or thick client platforms (e.g. mobile phones, tablets, laptops, and workstations).

The highest-level categorization of cloud services as based on the type of computing capability that is provided. Any given cloud service may be categorized as one of three service models, namely Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).

• Software as a Service (SaaS)Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. SaaS applications are accessible from client interfaces such as a web browser or program interface. The customer does not manage or control the underlying cloud infrastructure, but may have a limited set of user-configurable settings.
• Platform as a Service (PaaS)Platform as a Service (PaaS). The capability provided to consumers of platform services is to deploy software onto cloud infrastructure using the programming languages, libraries, services, and tools supported by the cloud platform provider. The user does not control or manage the underlying cloud infrastructure itself, but does have control over the deployed applications and possibly configuration settings for the application-hosting environment.
• Infrastructure as a Service (IaaS)Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or contol the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications, and possibly limited control of select networking components such (ex. host firewalls).

• Software as a Service (SaaSSaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. SaaS applications are accessible from client interfaces such as a web browser or program interface. The customer does not manage or control the underlying cloud infrastructure, but may have a limited set of user-configurable settings.
• Platform as a Service (PaaSPaaS). The capability provided to consumers of platform services is to deploy software onto cloud infrastructure using the programming languages, libraries, services, and tools supported by the cloud platform provider. The user does not control or manage the underlying cloud infrastructure itself, but does have control over the deployed applications and possibly configuration settings for the application-hosting environment.

In 2012, the NIST published a document containing its synopsis and recommendations concerning cloud computing. That document contains the following diagram, which depicts public cloud infrastructure.

Via the NIST

• Private cloud
• Community cloud
• Public cloud
• Hybrid cloud

• Private cloud. In a private cloud environment, the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or some combination of them. Infrastructure may exist on or off premises.
• Community cloud. Cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g. mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
• Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
• Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

• Software as a Service (SaaSSaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. SaaS applications are accessible from client interfaces such as a web browser or program interface. The customer does not manage or control the underlying cloud infrastructure, but may have a limited set of user-configurable settings.

• Platform as a Service (PaaSPaaS). The capability provided to consumers of platform services is to deploy software onto cloud infrastructure using the programming languages, libraries, services, and tools supported by the cloud platform provider. The user does not control or manage the underlying cloud infrastructure itself, but does have control over the deployed applications and possibly configuration settings for the application-hosting environment.

• Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. SaaS applications are accessible from client interfaces such as a web browser or program interface. The customer does not manage or control the underlying cloud infrastructure, but may have a limited set of user-configurable settings.
• Platform as a Service (PaaS). The capability provided to consumers of platform services is to deploy software onto cloud infrastructure using the programming languages, libraries, services, and tools supported by the cloud platform provider. The user does not control or manage the underlying cloud infrastructure itself, but does have control over the deployed applications and possibly configuration settings for the application-hosting environment.
• Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or contol the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications, and possibly limited control of select networking components such (ex. host firewalls).

Cloud infrastructure is defined as the collection of hardware and software which collectively enable the five essential characteristics of cloud computing. Cloud infrastructure typically contains a physical layer – consisting of the actual computer hardware and its support systems (cooling, electricity, network connectivity, etc.) – and an abstraction layer consisting of software deployed across the physical layer, which manifests the five essential cloud characteristics.

• Software as a Service (SaaS)
• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)

• Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. SaaS applications are accessible from client interfaces such as a web browser or program interface. The customer does not manage or control the underlying cloud infrastructure, but may have a limited set of user-configurable settings.
• Platform as a Service (PaaS). The capability provided to consumers of platform services is to deploy software onto cloud infrastructure using the programming languages, libraries, services, and tools supported by the cloud platform provider. The user does not control or manage the underlying cloud infrastructure itself, but does have control over the deployed applications and possibly configuration settings for the application-hosting environment.
• Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or contol the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications, and possibly limited control of select networking components such (ex. host firewalls).

The NIST specified three different service models for cloud computing services:

• Software as a Service (SaaS)
• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)

The NIST's definition details four different deployment models for cloud computing:

• Private cloud
• Community cloud
• Public cloud
• Hybrid cloud