Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand. Cloud service refers to one or more capabilities offered via cloud computing invoked using a defined interface.

Key characteristics of cloud computing are:

• Broad network access: A feature where the physical and virtual resources are available over a network and accessed through standard mechanisms that promote use by heterogeneous client platforms. The focus of this key characteristic is that cloud computing offers an increased level of convenience in that users can access physical and virtual resources from wherever they need to work, as long as it is network accessible, using a wide variety of clients including devices such as mobile phones, tablets, laptops, and workstations;
• Measured service: A feature where the metered delivery of cloud services is such that usage can be monitored, controlled, reported, and billed. This is an important feature needed to optimize and validate the delivered cloud service. The focus of this key characteristic is that the customer may only pay for the resources that they use. From the customers’ perspective, cloud computing offers the users value by enabling a switch from a low efficiency and asset utilization business model to a high efficiency one;
• Multi-tenancy: A feature where physical or virtual resources are allocated in such a way that multiple tenants and their computations and data are isolated from and inaccessible to one another. Typically, and within the context of multi-tenancy, the group of cloud service users that form a tenant will all belong to the same cloud service customer organization. There might be cases where the group of cloud service users involves users from multiple different cloud service customers, particularly in the case of public cloud and community cloud deployments. However, a given cloud service customer organization might have many different tenancies with a single cloud service provider representing different groups within the organization;
• On-demand self-service: A feature where a cloud service customer can provision computing capabilities, as needed, automatically or with minimal interaction with the cloud service provider. The focus of this key characteristic is that cloud computing offers users a relative reduction in costs, time, and effort needed to take an action, since it grants the user the ability to do what they need, when they need it, without requiring additional human user interactions or overhead;
• Rapid elasticity and scalability: A feature where physical or virtual resources can be rapidly and elastically adjusted, in some cases automatically, to quickly increase or decrease resources. For the cloud service customer, the physical or virtual resources available for provisioning often appear to be unlimited and can be purchased in any quantity at any time automatically, subject to constraints of service agreements. Therefore, the focus of this key characteristic is that cloud computing means that the customers no longer need to worry about limited resources and might not need to worry about capacity planning;
• Resource pooling: A feature where a cloud service provider’s physical or virtual resources can be aggregated in order to serve one or more cloud service customers. The focus of this key characteristic is that cloud service providers can support multi-tenancy while at the same time using abstraction to mask the complexity of the process from the customer. From the customer’s perspective, all they know is that the service works, while they generally have no control or knowledge over how the resources are being provided or where the resources are located. This offloads some of the customer’s original workload, such as maintenance requirements, to the provider. Even with this level of abstraction, it should be pointed out that users might still be able to specify location at a higher level of abstraction (e.g., country, state, or data centre).

Cloud Computing Cross Cutting Aspects

Cross cutting aspects are behaviours or capabilities which need to be coordinated across roles and implemented consistently in a cloud computing system. Such aspects may impact multiple roles, activities, and components, in such a way that it is not possible to clearly assign them to individual roles or components, and thus become shared issues across the roles, activities and components.

Key cross cutting aspects include:

1. Auditability: The capability of collecting and making available necessary evidential information related to the operation and use of a cloud service, for the purpose of conducting an audit;
2. Availability: The property of being accessible and usable upon demand by an authorized entity. The “authorized entity” is typically a cloud service customer;
3. Governance: The system by which the provision and use of cloud services are directed and controlled. Cloud governance is cited as a cross-cutting aspect because of the requirement for transparency and the need to rationalize governance practices with SLAs and other contractual elements of the cloud service customer to cloud service provider relationship. The term internal cloud governance is used for the application of design-time and run-time policies to ensure that cloud computing based solutions are designed and implemented, and cloud computing based services are delivered, according to specified expectations. The term external cloud governance is used for some form of agreement between the cloud
   service customer and the cloud service provider concerning the use of cloud services by the cloud service customer;
4. Interoperability: Ability of a cloud service customer to interact with a cloud service and exchange information according to a prescribed method and obtain predictable results;
5. Maintenance and versioning: Maintenance refers to changes to a cloud service or the resources it uses
   in order to fix faults or in order to upgrade or extend capabilities for business reasons. Versioning implies the appropriate labelling of a service so that it is clear to the cloud service customer that a particular version is in use;
6. Performance: A set of behaviours relating to the operation of a cloud service, and having metrics defined in a SLA;
7. Portability: Ability of cloud service customers to move their data or their applications between multiple cloud service providers at low cost and with minimal disruption. The amount of cost and disruption that is acceptable may vary based upon the type of cloud service that is being used;
8. Protection of PII: Protect the assured, proper, and consistent collection, processing, communication, use and disposal of Personally Identifiable Information (PII) in relation to cloud services;
9. Regulatory: There are a number of different regulations that may influence the use and delivery of cloud services. Statutory, regulatory, and legal requirements vary by market sector and jurisdiction, and they can change the responsibilities of both cloud service customers and cloud service providers. Compliance with such requirements is often related to governance and risk management activities;
10. Resiliency: Ability of a system to provide and maintain an acceptable level of service in the face of faults (unintentional, intentional, or naturally caused) affecting normal operation;
11. Reversibility: A process for the cloud service customer to retrieve their cloud service customer data and application artefacts and for the cloud service provider to delete all cloud service customer data as well as contractually specified cloud service derived data after an agreed period;
12. Security: Ranges from physical security to application security, and includes requirements such as authentication, authorization, availability, confidentiality, identity management, integrity, non-repudiation, audit, security monitoring, incident response, and security policy management;
13. Service levels and service level agreement: The cloud computing service level agreement (cloud SLA) is a service level agreement between a cloud service provider and a cloud service customer based on a taxonomy of cloud computing specific terms to set the quality of the cloud services delivered. It characterizes quality of the cloud services delivered in terms of: 1) a set of measurable properties specific to cloud computing (business and technical) and 2) a given set of cloud computing roles (cloud service customer and cloud service provider and related sub-roles).

Cloud Computing Reference Architecture

Cloud Computing Interoperability

Cloud Computing Service Level Agreement

Cloud Computing SLA Metric model

References

• ISO/IEC 17788:2014
• ISO/IEC 17789:2014
• ISO/IEC 19086-1:2016
• ISO/IEC 19086-2:2018
• ISO/IEC 19941:2017