May 21, 2009 - Eric Chabrow

Cloud computing is a nebulous concept. It mean one thing to one person and something else to another.

A team of computer scientists at the National Association of Standards and Technology (NIST) has come up with a working albeit long definition of cloud computing: "a pay-per-use model for enabling available, convenient and on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."

Coming up with a precise definition is as hard as securing the technology, the prime objective of NIST cloud computing team.

Coming up with a precise definition is as hard as securing the technology, the prime objective of NIST cloud computing team. But before NIST can provide guidance to secure cloud technology, its computer scientists must understand exactly what is cloud computing. So, it worked with experts in government and industry to develop the definition. The term cloud computing, by the way, comes from the field's standard use of drawing the Internet as a cloud in diagrams, according to NIST.

The working draft definition also describes five key characteristics, three delivery models and four deployment models, as described in Draft NIST Working Definition of Cloud Computing.

NIST also released a PowerPoint presentation about cloud computing entitled Effectively and Securely Using the Cloud Computing Paradigm, co-written by NIST cloud computing team leader Peter Mell.

"Cloud computing has both security advantages and disadvantages," Mell says, as quoted in a NIST article. "The cloud computing model inherently promotes availability of services through its distributed architecture model. However, this same model presents data confidentiality and integrity challenges by pooling hardware resources for use by multiple parties."

GovInfoSecurity.com has had a number of articles covering NIST's cloud computing ventures, including Weighing the Pros and Cons of Cloud Computing, Rules Make Adoption of Cloud Computing a Challenge for Agencies and What's Happening at NIST, an interview with its Computer Security Division Chief Curtis Barker. My recent cloud computing blogs include Cloud's Security Challenge Isn't Just Technical and Slowing the Rush to Cloud Computing. Please check them out.

What are you hopes, concerns about cloud computing in the federal government? Share your thoughts below.