Nist cloud computing architecture

Domain 1: Cloud Computing Concepts and Architectures 1.0 Introduction This domain provides the conceptual framework for the rest of the Cloud Security Alliance’s guidance. It describes and defines cloud computing, sets our baseline terminology, and details the overall logical and architectural frameworks used in the rest of the document. There are many different ways of viewing cloud computing: It's a technology, a collection of technologies, an operational model, a business model, just to name a few. It is, at its essence, transformative and disruptive. It's also growing very, very quickly, and shows no signs of slowing down. While the reference models we included in the first version of this Guidance are still relatively accurate, they are most certainly no longer complete. And even this update can't possibly account for every possible evolution in the coming years. Cloud computing offers tremendous potential benefits in agility, resiliency, and economy. Organizations can move faster (since they don't have to purchase and provision hardware, and everything is software defined), reduce downtime (thanks to inherent elasticity and other cloud characteristics), and save money (due to reduced capital expenses and better demand and capacity matching). We also see security benefits since cloud providers have significant economic incentives to protect customers. However, these benefits only appear if you understand and adopt cloud-native models and adjust your architectures and ...

The IBM cloud computing reference architecture (CCRA) (figure below), introduces the fundamental component of cloud environment. The structure of this [architecture is modular. It defines the fundamental architectural components which underpin and provide guidelines for creating a cloud environment. In this architecture there are three main roles, each of which present a single person or organizations and sub-roles which may be defined, based on project scenarios. • A cloud service consumer role consumes cloud service instances. • Cloud service provider has responsible to supply and/or provide cloud services. This role and its sub-roles are defined by ownership of a common cloud management platform (CCMP). • The cloud service creator is responsible for creating services in cloud environments. The core components of this architecture are mainly cloud services, common cloud management platform and infrastructure. Cloud services may represent any type of source: IBM The purpose of the IBM CCRA is to provide a design blueprint for: • Cloud services, offered to customers • • Workload-optimized systems • Enabling the management of multiple Since the first release of CCRA in March 2010 (it was then called something else), there has been a lot of work and effort in the further development and evolution of the architecture into the mature and solid version that is now available. The CCRA has gone through multiple evolutions since the inception, and the current version as added pro...

In September 2011, The National Institute for Standard and Technology (NIST) created Special Publication (SP) 500-292, “NIST Cloud Computing Reference Architecture,” to establish a baseline cloud computing architecture. NIST SP 500-292 defines services and relationships between cloud service providers, consumers, and other stakeholders. When preparing to implement or revisit your cloud computing architecture, you’ll want to review the specifics of NIST SP 500-292. What is the NIST Cloud Computing Reference Architecture ? The NIST SP 500-292 breaks down into several sections that define and explain all elements of • The Level 1 terms – A set of Roles that collectively comprise the cloud Reference Model • The Level 2 terms – A set of Activities that define the model’s Architectural Components By understanding these terms and the relationships between them, any company can begin to optimize its cloud computing security architecture in response to ever-evolving cloud threats. The NIST’s Cloud Computing Architecture Model The first portion of NIST SP 500-292 defines the relationships between all stakeholders involved in • Cloud Consumer • Cloud Provider • Cloud Auditor • Cloud Broker • Cloud Carrier As a disclaimer, these roles may be less stable today than they were in 2011, as providers and consumers alike have changed drastically in nature and scale. Still, the definitions are useful as templates for understanding the basis of stakeholders’ differing roles and responsibiliti...