Out-Law News 1 min. read

Cloud computing terms defined in new ISO standard

Concepts such as the public and private cloud have been defined as part of a new cloud computing standard developed by the International Organisation for Standardisation (ISO).

The new standard described cloud computing as "an evolving paradigm" and identified and described its "key characteristics". A separate standard has also been developed for cloud computing 'reference architecture'. The standard "provides an overall framework for the basic concepts and principles of a cloud computing system", according to the ISO's document.

"While many of the concepts defined and explained by the ISO will be familiar to many customers and suppliers in the cloud computing environment, their inclusion in new cloud computing standards is nevertheless significant," IT contracts expert Tim Roughton of Pinsent Masons, the law firm behind Out-Law.com, said.

"There are already a number of initiatives, including at EU level, aimed at setting new standards on more complicated aspects of cloud computing, including in relation to data security. Standardising what basic cloud computing concepts mean paves the way for more complex cloud standards to be built in future," he said.

The ISO's cloud computing 'overview and vocabulary' standard defined so-called 'cloud deployment models', such as the private, public, community and hybrid cloud.

A public cloud is a "cloud deployment model where cloud services are potentially available to any cloud service customer and resources are controlled by the cloud service provider", the standard said.

"A public cloud may be owned, managed, and operated by a business, academic, or government organisation, or some combination of them. It exists on the premises of the cloud service provider," it said. "Actual availability for specific cloud service customers may be subject to jurisdictional regulations. Public clouds have very broad boundaries, where cloud service customer access to public cloud services has few, if any, restrictions."

The private cloud, in contrast, is "where cloud services are used exclusively by a single cloud service customer and resources are controlled by that cloud service customer".

"A private cloud may be owned, managed, and operated by the organisation itself or a third party and may exist on premises or off premises," the standard said. "The cloud service customer may also authorise access to other parties for its benefit. Private clouds seek to set a narrowly controlled boundary around the private cloud based on limiting the customers to a single organisation."

The standard also outlined the various 'roles' that exist within the cloud computing environment, including that of the 'cloud service provider' and 'cloud service partner', which it said is involved in supporting the "activities of either the cloud service provider or the cloud service customer, or both".

It also identified the different types of cloud services that are available and includes descriptions that explain the high-level differences between those services, such as 'Infrastructure as a Service' (IaaS) and 'Platform as a Service' (Paas).

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.