The Cloud and Shared Responsibility: It’s Not Me, It’s You (NSS Labs Blog)


Some might say that if marketing departments and encryption have anything in common, it’s the ability to obfuscate a message. A perfect example of this is the term “cloud”—surely one of today’s most overused and abused terms. You can’t turn on the television or go anywhere without being reminded that “the future is cloud” or without being encouraged to buy a “cloud-enabled t-shirt.” (Yes, it’s a thing.) With so much focus on the cloud, I’d like to illustrate the alignment of NSS Labs’ usage of the term with the most widely accepted standard, NIST SP 800-145, which defines cloud computing as:

“ . . . a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” (NIST SP 800-145)

In addition to defining cloud computing, NIST SP 800-145 recognizes four deployment models and three service models. Each of the four deployment models (public, private, hybrid, and community) is defined by how the tenancy of cloud consumers is handled. The three service models (Infrastructure as a Service [IaaS], Platform as a Service [PaaS], and Software as a Service [SaaS]) are differentiated according to how a cloud provider presents an environment to consumers.