Although the cloud computing reference models offered by ISO/IEC and NIST are used to address the same IT-as-a-Service model, they can be very confusing. These two standards are important because of their widespread use and the need for a cloud security professional to be conversant on each. Table has been provided below to help you between understand the differences in terminology and focus.
ISO/IEC 17788
ISO 17788 six essential characteristics of Cloud Computing
- On demand self-service
- Broad network access
- Resource pooling
- Rapid Elasticity
- Measured service
- Multi-tenancy
NIST
NIST five essential characteristics of Cloud Computing
- On demand self-service
- Broad network access
- Resource pooling
- Rapid Elasticity
- Measured service
Cloud Computing System Description
ISO/IEC describes cloud computing systems from four distinct viewpoints:
- User view
- Functional view
- Implementation view
- Deployment view
Not Defined
Cloud Computing Functional Components
The ISO/IEC 17789 cloud computing reference architecture defines four distinct functional layers:
- User layer
- Access layer
- Service layer
- Resource layer
Cloud Computing Functional Components
The NIST cloud computing reference architecture defines NIST Reference Model with three cloud computing service models and Five Actors.
Cloud Computing Ecosystem Participants
The ISO/IEC 17789 cloud computing reference architecture defines three roles and multiple sub-roles:
- Cloud service customer (CSC)
- Cloud service provider (CSP)
- Cloud service partner (CSN)
Cloud Computing Ecosystem Participants
The NIST cloud computing reference architecture defines five major actors.
- Cloud User/Cloud Customer
- Cloud Provider
- Cloud Auditor
- Cloud Carrier
- Cloud Services Broker (CSB)
Cloud Computing Services Description
The ISO/IEC 17789 cloud computing reference architecture defines cloud service capabilities and categories
- Software Capabilities
- Platform Capabilities
- Infrastructure Capabilities
Representative cloud service categories are:
- Communications as a service (CaaS)
- Compute as a service (CompaaS)
- Data storage as a service (DSaaS)
- Network as a service (NaaS)
These extended services are also referred to as “XaaS” e.g. Database as a service, Email as a service ……..
Cloud Computing Services Description
NIST defines three cloud computing service models:
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
Not Defined
Cloud Computing Ecosystem Governance Model
The NIST cloud computing reference architecture defines four Deployment Models .
- Private Cloud
- Public Cloud
- Community Cloud
- Hybrid Cloud