top of page

Get Off Of My Cloud!

“Get Off Of My Cloud” ( is the hit song by The Rolling Stones (, or rather “a hit song”. Er, “one of their hit songs”. Uh, “one among many of their hit songs...” (

Let’s just say that it’s a reasonably well known song, shall we?

According to NASA (, “A cloud is made of water drops or ice crystals floating in the sky.”, but I want to learn about computers, so that definition doesn’t really work, since it’s generally not a good idea to get computers wet.

Cloud computing ( is a term which has about as many definitions as there are clouds in the sky... (See what I did there?) Interestingly enough, as of this writing, the Wikipedia article has a lovely banner: “This article may be confusing or unclear to readers...” Yup!

The term ( appears to have started as a marketing term, which actually explains a lot. Not having a formal, technical definition, it’s easy to define it any way you want. Some describe it as simply a metaphor for the Internet, while others describe it simply as using someone else’s computers.

The range of “definitions” creates a lot of confusion, so it’s important to try and develop a useful definition that can be used to establish a frame of reference. To this end, US NIST (National Institute of Standards and Technology) released “The NIST Definition of Cloud Computing” ( in 2011 to help establish that frame of reference. The “Purpose and Scope” section of the document illustrates the fact that NIST is attempting to extract order from chaos (emphasis mine):

Cloud computing is an evolving paradigm. The NIST definition characterizes important aspects of cloud computing and is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best use cloud computing. The service and deployment models defined form a simple taxonomy that is not intended to prescribe or constrain any particular method of deployment, service delivery, or business operation.”

Pretty vague, right? Still, vastly better than we had previously, and I suspect they will update the standard from time to time, hopefully to make it a bit less vague.

NIST defines cloud computing as a model composed of five “essential characteristics”, three “service models”, and four “deployment models”.

The essential characteristics are features that seem to reflect ideals toward which organizations should reach, and which make them more or less “cloud-like”. They focus mainly on establishing a framework for flexibly managing computing resources through automation, resource pooling, and self-service tools.

The idea is essentially to allow the end-user the ability to access a service without having to worry about how that service is delivered. This brings us to the service models, which break things down according to where the “line” is drawn between infrastructure and end-user services. (Incidentally, these are the “traditional” three service models. Some add others, and sub-divide these three - I may discuss this at some future date)

Infrastructure as a Service (IaaS)

This refers to companies/services like Amazon (AWS), Microsoft (Azure), Alibaba (Alibaba Cloud), Google (Google Cloud Infrastructure), and Tencent. Together, these five represent about 80% of the market, per Gartner, and provide data centre, server, networking, and storage services. The consumer is responsible for everything else.

Platform as a Service (PaaS)

This can be considered the “middleware” level of cloud computing, where the service provided is the programming tools, libraries, and services used to build the application environments. In addition to the services covered under IaaS, the provider also deals with the operating system and environment. PaaS providers often provide multiple services ( and include offerings like SAP Cloud, Microsoft Azure, Heroku, AWL Lambda, and the Google App Engine.

Software as a Service (Saas)

This is where the consumer uses an application that is hosted and maintained by the provider. The consumer simply configures and uses the application (usually with a subscription of some sort), and the provider handles all of the infrastructure and platform considerations. For IaaS and PaaS, many non-technologists may not recognize the services, but will probably recognize the companies, while SaaS services are often far more recognizable. These include ( services such as Salesforce, Slack, Dropbox, and many others.

Now we come to the deployment models, which simply describe who owns or controls the underlying services:

Private cloud:

This is where the cloud infrastructure is dedicated to a single organization, usually with multiple divisions. It may be owned/managed by the organization, by a third party, or by some combination. This is most common for very large organizations.

Community cloud:

Similar to a private cloud, but dedicated to multiple organizations with some shared need. One example might be a community cloud dedicated to the banking industry.

Public cloud:

This is where most of the services described above reside. The service is provisioned for use by the general public, and the consumer generally has little or no control (or knowledge) regarding where or how services are provided.

Hybrid cloud:

This is the “other” category, where it’s likely that most services will eventually reside, particularly since a “cloud” can be defined in so many different ways. One example might be a company where most services are provided via public cloud services, but proprietary data and services are supported by a private cloud.

It should be noted that many organizations provide services which cross boundaries, both in service model and deployment model – this just increases the complexity of an already complex picture.

Data privacy legislation will also influence how and where various services are provided. Most services will need to support the ability for the consumer to define/control at least the country or region in which services are provided and data is stored. It will be very interesting to see how privacy legislation evolves around the world.

Do we now understand what cloud computing is and how it works? Uh, no. Still, at least we now have a framework for thinking of cloud computing in a more disciplined way. That’s a good place to start.


1 Comment

Soroush Saghafi
Soroush Saghafi
Jun 28, 2021


bottom of page