Mike Daconta


Why NIST's cloud definition is fatally flawed

I recently sat through a briefing on cloud security in which the presenter incorrectly defined platform as a service and then asserted that “PaaS is going away.” 

Given that PaaS incarnations such as Hadoop are the mainstay of big data, that would imply that big data is going away — and that is patently wrong. 

Furthermore, the laypeople in the audience failed to grasp the slide on NIST’s “3-4-5” definition framework of cloud computing, which uses three service models, four deployment models and five characteristics. The framework was too complex and failed to provide the simple, unified concept of cloud computing that this audience desperately needed.

Related coverage:

NIST to tackle big data in 2012

NIST tackles security, privacy of cloud computing

NIST had failed an audience that had heard so much about cloud computing, only to remain lost in a flawed and tangled definition. Over the next few weeks, that continued to grate on me until I realized the root cause of the problem: NIST’s definition of cloud computing is incomplete, distorted and short-sighted. 

Here’s how:

NIST’s definition of cloud computing is incomplete in two significant ways: first, by excluding the notion of big data and second, by limiting itself to three out of an almost infinite number of possible “things as a service.”

In relation to big data, GCN’s recent cover story “Taming Big Data” and a recent InformationWeek article on “Hadoopla!” reported on the big data revolution and its explosive growth in both vendor implementations and customer adoption. 

Rapid elasticity?

Big data is a critical cloud business driver that must be part of any serious definition. Although some may feel the characteristic of “rapid elasticity” broadly covers data volume, it is one-dimensional and omits the equally key aspects of variety and velocity.

In relation to everything as a service, a recent Network World article titled “(fill-in-the-blank)-as-a-service” demonstrates how vendors have absurdly twisted the “as-a-service” moniker into anything they already do. This fails to differentiate and thereby define what the cloud actually is.

The NIST definition is distorted because it implies that the three service models — software as a service, platform as a service, and infrastructure as a service — are layered, which is not necessarily true. It also implies the models are of equal importance and scope, which is significantly false. 

In isolation from PaaS, SaaS is simply a rebranding of Web apps via an Application Service Provider. Instead, the focus must and should be on developing cloud apps that use cloud services. This is the Apple iCloud model.

And IaaS is just server virtualization. This is great for data-center efficiency but offers none of the key cloud benefits, including scalability, metering and big data. Virtualizing what you currently do, while it might be good business, does not deliver any meaningful cloud capabilities.

New type of OS

A cloud is not about virtualizing a single operating system. It is about a new type of OS that can span any number of machines. That is the magic of the cloud. Google rewrote a file system to allow its index of Web pages to span across any number of cheap Linux-based machines and thus spawned the notion of the cloud. That concept of a multi-machine approach must be the heart of any true definition of cloud computing.

The NIST definition is short-sighted because it merely describes the current state of IT affairs through some empirical observations and fails to account for how the cloud is evolving. PaaS is in extreme flux; SaaS is irrelevant (in cloud terms) without PaaS; and IaaS is actually unrelated to true, multi-machine cloud capabilities.

What are the ramifications of all of this? NIST has been forced between a rock and a hard place by the “Cloud First” policy to take a stand on a set of technologies that is still emerging. In the end, that will cause the government to spend double or triple what it should by rushing into unfinished technology. 

Consider a recent InformationWeek article that proclaimed “Cloud computing is still in its adolescence.” Add to that the fact that Apple’s iCloud is a major new entry in this space with its own ideas on the cloud.  So, let me again caution government IT managers: Until you know how to define the cloud, don’t migrate to it.

Michael C. Daconta (mdaconta@incadencecorp.com) is vice president of advanced technology at InCadence Strategic Solutions and the former Metadata Program Manager for the Homeland Security Department. He is currently working on the second edition of his book, “Information as Product: How to Deliver the Right Information to the Right Person at the Right Time."


About the Author

Michael C. Daconta (mdaconta@incadencecorp.com) is the Vice President of Advanced Technology at InCadence Strategic Solutions and the former Metadata Program Manager for the Homeland Security Department. His new book is entitled, The Great Cloud Migration: Your Roadmap to Cloud Computing, Big Data and Linked Data.

inside gcn

  • blockchain (Immersion Imagery/Shutterstock.com)

    DARPA eyes 'less-explored avenues' of blockchain

Reader Comments

Mon, Mar 26, 2012 Mike Lemire United States

PaaS is much more than big data platforms. At Acquia we have a large and growing PaaS offering; the platform in our case is Drupal-based web sites; we provide the platform (the LAMP stack and ancillary services) which is optimized for hosting Drupal based web sites. Our PaaS offering is built on Amazon's IaaS platform. PaaS offerings built on IaaS is an cloud model which will grow imo.

Mon, Mar 26, 2012 Timothy Harder Cloud

thought provoking but disagree -- http://bit.ly/GRh15A It is possible and necessary to innovate while refining definitions.

Mon, Mar 26, 2012 Ari

I mostly agree. While your assertion regarding Saas is often correct, Saas really only refers to something where the implementation is abstracted from the consumer - you don't know if the "service" is based on Iaas, Paas, or is just a plain old vanilla web-based implementation with a traditional architecture. It could be any of the above. Iaas's foundation is virtualization, but its the streamlined provisioning and management of the physical resources that separate it from generic virtualization. Without the streamlined management capabilities, it could not serve as the foundation for Paas, which provides the OS-like management and platform capabilities you refer to.

Fri, Mar 23, 2012 Doug Laney Chicago

Great point Michael. And great to see the industry finally realizing that Big Data is not just about volume, but also velocity and variety...albeit 11 years after I originated the "3Vs" in a Gartner publication. For future reference, here's the piece: http://blogs.gartner.com/doug-laney/deja-vvvue-others-claiming-gartners-volume-velocity-variety-construct-for-big-data/ --Doug Laney, VP Research, Gartner, @doug_laney

Fri, Mar 23, 2012 Imran Anwar New York

I see this playing out similar to the evolution of the good old Internet and Web. There used to be debates over what was static and what was a dynamic web page. There were arguments over Java and Javascript. The same is happening and will happen in cloud. There will be those who try to or will have to stick to rigid descriptions (sometimes out of necessity, e.g. government buyers can't just say we are using something that is not sort of etched in stone) of cloud computing, and others who will go with the flow. Eventually, definitions will matter less, use cases the most. What do you think? Imran Anwar iCloud.pk

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group