Cloud computing

This document:
- Describes a framework for the structured expression of data-related policies and practices in the cloud computing environment, based on the data taxonomy in ISO/IEC 19944:2017;
- provides guidelines on application of the taxonomy for handling of data based on data subcategory and classification;
- covers expression of data-related policies and practices including, but not limited to data geolocation, cross border flow of data, data access and data portability, data use, data management, and data governance;
- describes how the framework can be used in codes of conduct for practices regarding data at rest and in transit, including cross border transfer of data, as well as remote access to data;
- provides use cases for data handling challenges, i.e. control, access and location of data according to ISO/IEC 19944:2017 data categories.
This document is applicable primarily to cloud service providers, cloud service customers and cloud service users, but also to any person or organization involved in legal, policy, technical or other implications of taxonomy based data management in cloud services.
 
Under development

Cloud computing is described at a high, conceptual level in the two foundational standards ISO/IEC 17788 Cloud computing – Overview and vocabulary and ISO/IEC 17789 Cloud computing – Reference Architecture.
However, as the use of cloud computing has grown, a set of commonly used technologies has grown to support, simplify and extend the use of cloud computing alongside sets of commonly used techniques which enable the effective exploitation of the capabilities of cloud services. Many of these common technologies and techniques are aimed at developers and operations staff, increasingly linked together in a unified approach called DevOps. The aim is to speed and simplify the creation and operation of solutions based on the use of cloud services.
This document aims to describe the common technologies and techniques which relate to cloud computing, how they relate to each other and how they are used by some of the roles associated with cloud computing.
This document describes a series of technologies and techniques commonly used to build applications and systems using cloud computing. These include:
- Virtual Machines (VMs) and Hypervisors
- Containers and Container Management systems
- “Serverless" computing
- Microservices architecture and automation
- Platform as a Service systems and their architecture
- Storage services
- Security, Scalability and Networking as applied to the above cloud computing technologies

The purpose of this technical report is to expand on the description of the interactions between cloud service partners (CSNs) and cloud service customers (CSCs), and between CSNs and cloud service providers (CSPs).
Cloud computing is in a position to offer solutions to many emerging technologies, and it offers many benefits to all cloud service users (CSUs) and CSCs.  The broader requirement for cloud solutions is to ensure organizations have the best capabilities to fulfil their business missions.  This has helped to drive the adoption of cloud services and the marketplace is adjusting to the increasing demands.
In finding and applying appropriate solutions and leveraging the many benefits of using cloud services, many CSCs use multiple CSPs and various deployment models, and include a global network.  In using, sharing, and assessing data, an understanding and clarification of roles, activities and responsibilities will help to maintain the security, privacy, confidentiality and confidence of cloud services.
Interactions of CSCs and CSPs with the various CSNs have caused a degree of concern and confusion in the cloud service marketplace, in some cases causing harm to CSCs through inappropriate security controls and the lack of proper cloud service agreements relating to the cloud services being used. This is in part caused by an inadequate understanding of the relationships involved and by the lack of standards which might apply to those relationships.
Interactions between CSCs and CSPs have been described in detail in standards documents – ISO/IEC 17789 [2], 19941 [7], 27017 [11], 27018 [12] and the 19086 series. Interactions of CSNs, a key role in the cloud service environment, with CSCs and CSPs have not been described in similar detail. This TR is to provide guidance and descriptions for those interactions.
This document provides clarification of the concepts provided in ISO/IEC 17789, 19086, and 19941 regarding CSNs, and CSN interactions with CSCs and CSPs with the help of a few of exemplary market scenarios.  Building on an expanded description of sub-roles and activities, this document provides guidance on using cloud service agreements (CSA) and cloud service level agreements (cloud SLAs) to provide more clarity for CSN interactions. 
This document provides an overview of and guidance on interactions between cloud service partners (CSNs), specifically cloud service brokers, cloud service developers and cloud auditors, and other cloud service entities. In addition, the document describes how cloud service agreements (CSAs) and cloud service level agreements (cloud SLAs) should be used to address those interactions including the following:
Define Terms and concepts, and provide an overview for interactions between CSNs and CSCs and CSPs 
Description of types of CSN interactions
Description of interactions between CSNs and CSCs
Description of interactions between CSNs and CSPs
Elements of CSAs and Cloud SLAs for CSN interactions, both with CSPs and with CSCs
 
Under development

Edge computing is increasingly used in systems that deal with aspects of the physical world. Edge computing involves the placement of processing and data storage near or at the places where those systems interact with the physical world, which is where the "edge" exists. One of the trends in this space is the development of increasingly capable IoT devices (sensors and actuators), generating more data or new types of data, which data benefits from processing close to the place where it is generated.
Cloud computing is commonly used in systems that utilise edge computing. This can involve the connection of both devices and edge computing nodes to centralized cloud services. However, it is the case that the locations in which cloud computing is performed are increasingly distributed in nature, with cloud services being implemented in locations that are nearer to the edge, for the purpose of supporting usecases that demand such close placement for reasons of reducing latency or avoiding the need to transmit large volumes of data over networks with limited bandwidth.
This document aims to describe edge computing and the significant elements which contribute to the successful implementation of edge computing systems, with an emphasis on the use of cloud computing and cloud computing technologies in the context of edge computing, including the virtualization of compute, storage and networking resources.
It is useful to read this document in conjunction with the ISO/IEC TR 30164 Edge Computing (under development in SC 41 - Internet of Things and related technologies), which takes a view of edge computing from the point of view of IoT systems and the IoT devices which interact with the physical world.
The scope of this technical report is to investigate and report on the concept of Edge Computing, its relationship to Cloud Computing and IoT, and the technologies that are key to the implementation of Edge Computing.  This report will explore the following topics with respect to Edge Computing:
- Concept of Edge Computing Systems
- Architectural Foundation of Edge Computing
- Edge Computing Terminology
- Software Classifications in Edge Computing – for example: firmware, services, applications 
- Supporting technologies such as Containers, Serverless, Microservices
- Networking for edge systems, including virtual networks
- Data – data flow, data storage, data processing in edge computing
- Management – of software, of data and of networks, resources, quality of service
- Virtual placement of software and data, and metadata
- Security and Privacy
- Real Time
- Mobile Edge Computing, Mobile Devices
 
Under development

As the adoption of cloud computing expands and the market grows, cloud service providers (CSPs) offer many different solutions of cloud services that can be classified as infrastructure, platform and application capabilities. Inevitably, CSPs, in designing solutions to meet the functionalities of cloud service customers (CSCs), put together diverse metering elements and billing modes that complement the cloud services offered to cloud service customers (CSCs).  It is challenging for CSCs to determine the differences of many diverse metering elements and billing modes from various CSPs as they navigate their journey to adopt cloud computing.
Measured service is one of the key characteristics of cloud computing (ISO/IEC 17788).  The feature is that a CSC may only be charged for the resources used.  To this end, it is necessary that usage can be monitored, controlled, reported, and billed for delivered cloud service.  Metering elements can be given and classified according to its cloud capabilities type.  Reasonable and scientific metering and billing results can be easily achieved if common operation practices apply.
The purpose of this TR is to provide basic clarity and guidance through a sample set of cloud service metering elements and billing elements for different cloud service capability types, including a discussion on billing function component and metering which is one of four main parts of billing function component. Such a sample set of metering and billing elements can help CSP better describe its billing and metering exercise, and can help CSC better understand the situation in order to make informed decisions.
The scope of this document is to describes a sample set of cloud service metering and billing elements.
 
Under development

This document establishes a set of building blocks (concepts, terms and definitions, including Data Level Objectives and Data Qualitative Objectives) that can be used to create Data Sharing Agreements  (DSAs). This document is applicable to DSAs where the data is intended to be processed using one or more cloud services or other distributed platforms.
 
Under development

In most cases, cloud service providers (CSPs) and cloud service customers (CSCs) negotiate service level agreements (SLAs) which include service level objectives (SLOs) and service qualitative objectives (SQOs) for which CSPs make commitments.. The commitments described in SLAs must be measured against actual performance of the service to ensure compliance with the SLA. How actual performance compares against commitments in SLAs, is explained in ISO/IEC 19086-2:2018[2] Metric model.  Cloud SLAs are covered in ISO/IEC 19086-1:2016[1] Service level agreement (SLA) framework Part 1:  Overview and concepts and in ISO/IEC 19086-4:2019[3] Security and privacy.
ISO/IEC 19086-2 Metric model establishes common terminology, defines a model for specifying metrics for cloud SLAs, and includes applications of the model with examples.  This document provides a primer on using the metrics model in 19086-2 to compose the calculation of a cloud service performance measure in order to compare against an SLA commitment. A few examples from the SLOs listed in ISO/IEC 19086-1 (Clause 10) are given in the document, such as Cloud Service Response Time Mean and Cloud Service Availability. As specific, measurable characteristics of a cloud service, SLOs are the basis for defining the metrics used to evaluate and compare agreements between parties.
In the second half of the document, a basic dissection of these examples is provided using a practical method based on a tabular format. This  format allows for a consistent usage of the model across practitioners such as:
- Extracting metric material from an SLA narrative and representing this content separately and unambiguously.
- Designing and representing a new metric definition.
Along with demonstrating this method on previous examples, some best practices are collected and reported.  These best practices also provide practical guidance on how to extend or complement the model when necessary, which is allowed by the 19086-2 Metric model standard but beyond its scope and non-normative.
The scope of this technical report is to describe a practical method for using ISO/IEC 19086-2 Metric Model.
 
Under development

Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and displacement of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress.
The purpose of this document is to provide an overview of public cloud computing and the security and privacy challenges involved. The document discusses the threats, technology risks, and safeguards for public cloud environments, and provides the insight needed to make informed information technology decisions on their treatment. The document does not prescribe or recommend any specific cloud computing service, service arrangement, service agreement, service provider, or deployment model. Each organization must perform its own analysis of its needs, and assess, select, engage, and oversee the public cloud services that can best fulfill those needs.

Cloud computing is an evolving paradigm. The NIST definition characterizes important aspects of cloud computing and is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best use cloud computing. The service and deployment models defined form a simple taxonomy that is not intended to prescribe or constrain any particular method of deployment, service delivery, or business operation.

Cloud computing allows computer users to conveniently rent access to fully featured applications, to software development and deployment environments, and to computing infrastructure assets such as network-accessible data storage and processing. This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the relative opportunities and risks of cloud computing. Cloud computing has been the subject of a great deal of commentary. Attempts to describe cloud computing in general terms, however, have been problematic because cloud computing is not a single kind of system, but instead spans a spectrum of underlying technologies, configuration possibilities, service models, and deployment models. This document describes cloud systems and discusses their strengths and weaknesses. Depending on an organization's requirements, different technologies and configurations are appropriate. To understand which part of the spectrum of cloud systems is most appropriate for a given need, an organization should consider how clouds can be deployed (deployment models), what kinds of services can be provided to customers (service models), the economic opportunities and risks of using cloud services (economic considerations), the technical characteristics of cloud services such as performance and reliability (operational characteristics), typical terms of service (service level agreements), and the security opportunities and risks (security).

The NIST Cloud Computing Standards Roadmap Working Group has surveyed the existing standards landscape for interoperability, performance, portability, security, and accessibility standards/models/studies/use cases/conformity assessment programs, etc., relevant to cloud computing. Where possible, new and emerging standardization work has also been tracked and surveyed. Using this available information, current standards, standards gaps, and standardization priorities are identified within this document.

The NIST Definition of Cloud Computing identified cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. As an extension to the above NIST cloud computing definition, a NIST cloud computing reference architecture has been developed by the NIST Cloud Computing Reference Architecture and Taxonomy Working Group that depicts a generic high-level computing. It contains a set of views and descriptions that are the basis for discussing the characteristics, uses, and standards for cloud computing, and relates to a companion cloud computing taxonomy (http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505). Cloud computing use cases describe the consumer requirements when using cloud computing service offerings. Through its working groups as described below, the NIST Cloud Computing program has studied a range of U.S. federal government and general-purpose use cases to extract features that are amenable to standardization. Using these examples, the current document analyzes how existing cloud-related standards fit the needs of federal cloud consumers and identifies standardization gaps. Cloud computing standards are already available in support of many of the functions and requirements. While many of these standards were developed in support of pre-cloud computing technologies, such as those designed for web services and the Internet, they also support the functions and requirements of cloud computing. Other standards have been developed or are now being developed to support specific cloud computing functions and requirements, such as virtualization, infrastructure management, service level agreements (SLAs), audits and cloud- specific data handling. Wherever possible, applicable standards are identified in this document.

To assess the state of standardization in support of cloud computing, the NIST Cloud Computing Standards Roadmap Working Group has compiled an Inventory of Standards Relevant to Cloud Computing  (http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/StandardsInventory). This inventory is being maintained and updated as necessary. Using the taxonomy developed by the NIST Cloud Computing Reference Architecture and Taxonomy Working Group, cloud computing relevant standards have been mapped to the requirements of accessibility, interoperability, performance, portability, and security.