Seven years ago, the National Institute of Standards and Technology (NIST) published the 16th and final version of its Definition of Cloud Computing. NIST Special Publication 800-145 is designed to help federal agencies and private-sector companies identify services that are most likely to deliver the cost savings and agility promised by cloud computing. The definition has proved remarkably resilient as cloud services continue to expand their capabilities with value-added features.

Peter Mell and Tim Grance, authors of the NIST definition, described cloud computing as having these five essential characteristics:

  • On-demand self-service. Customers can provision computing capabilities as needed without human interaction with the service provider.
  • Broad network access. Capabilities are available over the network and can be accessed by a broad range of devices using standard mechanisms.
  • Resource pooling. Cloud resources are pooled and dynamically assigned and reassigned according to customer demand.
  • Rapid elasticity. Capabilities can be rapidly provisioned and quickly scaled up or down to meet changing requirements.
  • Measured service. Cloud usage can be monitored, controlled and reported, providing transparency for both the provider and customer.

One of the most remarkable things about this definition is what’s missing from it. Nowhere does it describe the cloud as “somebody else’s computers” — a notion that persists even among some IT folks. Nothing in the definition says it’s limited to compute and storage capacity, software development platforms, or Software-as-a-Service applications. It can encompass any IT services that meets the five criteria.

Today, cloud providers are offering a wide range of products and services that transcend computer and storage capacity. Some of these are what I call “utilities” — foundational IT services that are an essential part of any data center infrastructure.

For example, backup/recovery and replication services are increasingly incorporated into cloud platforms, enabling organizations to create end-to-end data protection solutions that are compatible with the enterprise IT environment. These services support on-premises, hybrid and cloud-native applications and allow you to set backup frequency and other parameters for each individual workload. They often include integrated monitoring and management tools.

Cloud providers are also offering an array of security and regulatory compliance features. These include identity and access management, single sign-on, and directory services that authenticate users and control access to cloud resources. Web application firewalls, distributed denial of service (DDoS) protection and threat detection services help to defend against external attacks. Encryption key management and rotation of credentials and other “secrets” further boosts security.

The key takeaway here is that the cloud is looking less like basic IT resources in someone else’s data center and more like a fully functioning IT environment. The reason is partly economic — there’s excess compute and storage capacity so cloud providers need to offer value-added services so they’re not competing solely on price. Cloud providers also recognize the need to offer a full suite of services to help reduce complexity and streamline operational tasks.

In developing their cloud definition, Mell and Grance stipulated that cloud computing is an evolving technology and that attributes and characteristics will continue to change over time. However, the definition remains highly accurate even as cloud services have evolved. The “utility” functionality now increasingly offered as part of cloud platforms is helping to deliver on the promise of cloud computing.