Information technology — Cloud computing — Overview and vocabulary

ISO/IEC 17788:2014 provides an overview of cloud computing along with a set of terms and definitions. It is a terminology foundation for cloud computing standards. ISO/IEC 17788:2014 is applicable to all types of organizations (e.g., commercial enterprises, government agencies, not-for-profit organizations).

Technologies de l'information — Informatique en nuage — Vue d'ensemble et vocabulaire

General Information

Status
Published
Publication Date
09-Oct-2014
Current Stage
9093 - International Standard confirmed
Start Date
30-Apr-2021
Completion Date
30-Apr-2021
Ref Project

Buy Standard

Standard
ISO/IEC 17788:2014 - Information technology -- Cloud computing -- Overview and vocabulary
English language
10 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 17788
First edition
2014-10-15
Information technology — Cloud
computing — Overview and vocabulary
Technologies de l'information — Informatique en nuage — Vue
d'ensemble et vocabulaire
Reference number
ISO/IEC 17788:2014(E)
ISO/IEC 2014
---------------------- Page: 1 ----------------------
ISO/IEC 17788:2014(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2014

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any

means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission.

Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.

ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2014 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 17788:2014(E)
CONTENTS
Page

1 Scope .............................................................................................................................................................. 1

2 Normative references ..................................................................................................................................... 1

2.1 Identical Recommendations | International Standards ........................................................................ 1

2.2 Paired Recommendations | International Standards ............................................................................ 1

2.3 Additional references .......................................................................................................................... 1

3 Definitions ...................................................................................................................................................... 1

3.1 Terms defined elsewhere ..................................................................................................................... 1

3.2 Terms defined in this Recommendation | International Standard ........................................................ 2

4 Abbreviations ................................................................................................................................................. 4

5 Conventions .................................................................................................................................................... 4

6 Cloud computing overview ............................................................................................................................ 4

6.1 General ................................................................................................................................................ 4

6.2 Key characteristics .............................................................................................................................. 4

6.3 Cloud computing roles and activities .................................................................................................. 5

6.4 Cloud capabilities types and cloud service categories ......................................................................... 6

6.5 Cloud deployment models ................................................................................................................... 6

6.6 Cloud computing cross cutting aspects ............................................................................................... 7

Annex A – Cloud service categories .......................................................................................................................... 9

Bibliography .............................................................................................................................................................. 10

© ISO/IEC 2014 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 17788:2014(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are members of

ISO or IEC participate in the development of International Standards through technical committees

established by the respective organization to deal with particular fields of technical activity. ISO and IEC

technical committees collaborate in fields of mutual interest. Other international organizations, governmental

and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information

technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of the joint technical committee is to prepare International Standards. Draft International

Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as

an International Standard requires approval by at least 75 % of the national bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.

ISO/IEC 17788 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 38, Distributed application platforms and services (DAPS), in collaboration with ITU-T. The

identical text is published as ITU-T Rec. Y.3500 (08/2014).
iv © ISO/IEC 2014 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 17788:2014 (E)
INTERNATIONAL STANDARD
RECOMMENDATION ITU-T
Information technology – Cloud computing – Overview and vocabulary
1 Scope

This Recommendation | International Standard provides an overview of cloud computing along with a set of terms and

definitions. It is a terminology foundation for cloud computing standards.

This Recommendation | International Standard is applicable to all types of organizations (e.g., commercial enterprises,

government agencies, not-for-profit organizations).
2 Normative references

The following Recommendations and International Standards contain provisions which, through reference in this text,

constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated

were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this

Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent

edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently

valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently

valid ITU-T Recommendations.
2.1 Identical Recommendations | International Standards
None.
2.2 Paired Recommendations | International Standards
None.
2.3 Additional references
None.
3 Definitions
3.1 Terms defined elsewhere

This Recommendation | International Standard uses the following terms defined elsewhere.

The following terms are defined in ISO/IEC 27000:

3.1.1 availability: Property of being accessible and usable upon demand by an authorized entity.

3.1.2 confidentiality: Property that information is not made available or disclosed to unauthorized individuals,

entities, or processes

3.1.3 information security: Preservation of confidentiality (3.1.2), integrity (3.1.4) and availability (3.1.1) of

information.

NOTE – In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.

3.1.4 integrity: Property of accuracy and completeness.
The following term is defined in Rec. ITU-T Y.101:

3.1.5 interoperability: The ability of two or more systems or applications to exchange information and to mutually

use the information that has been exchanged.
The following term is defined in ISO/IEC 27729:

3.1.6 party: Natural person or legal person, whether or not incorporated, or a group of either.

Rec. ITU-T Y.3500 (08/2014) 1
---------------------- Page: 5 ----------------------
ISO/IEC 17788:2014 (E)
The following term is defined in ISO/IEC 20000-1:

3.1.7 service level agreement (SLA): Documented agreement between the service provider and customer that

identifies services and service targets.

NOTE 1 – A service level agreement can also be established between the service provider and a supplier, an internal group or a

customer acting as a supplier.

NOTE 2 – A service level agreement can be included in a contract or another type of documented agreement.

3.2 Terms defined in this Recommendation | International Standard

For the purposes of this Recommendation | International Standard, the following definitions apply:

3.2.1 application capabilities type: Cloud capabilities type (3.2.4) in which the cloud service customer (3.2.11)

can use the cloud service provider's (3.2.15) applications.

3.2.2 cloud application portability: Ability to migrate an application from one cloud service (3.2.8) to another

cloud service (3.2.8).

3.2.3 cloud auditor: Cloud service partner (3.2.14) with the responsibility to conduct an audit of the provision

and use of cloud services (3.2.8).

3.2.4 cloud capabilities type: Classification of the functionality provided by a cloud service (3.2.8) to the cloud

service customer (3.2.11), based on resources used.

NOTE – The cloud capabilities types are application capabilities type (3.2.1), infrastructure capabilities type (3.2.25) and

platform capabilities type (3.2.31).

3.2.5 cloud computing: Paradigm for enabling network access to a scalable and elastic pool of shareable physical

or virtual resources with self-service provisioning and administration on-demand.

NOTE – Examples of resources include servers, operating systems, networks, software, applications, and storage equipment.

3.2.6 cloud data portability: Data portability (3.2.21) from one cloud service (3.2.8) to another cloud service

(3.2.8).

3.2.7 cloud deployment model: Way in which cloud computing (3.2.5) can be organized based on the control and

sharing of physical or virtual resources.

NOTE – The cloud deployment models include community cloud (3.2.19), hybrid cloud (3.2.23), private cloud (3.2.32) and

public cloud (3.2.33).

3.2.8 cloud service: One or more capabilities offered via cloud computing (3.2.5) invoked using a defined

interface.

3.2.9 cloud service broker: Cloud service partner (3.2.14) that negotiates relationships between cloud service

customers (3.2.11) and cloud service providers (3.2.15).

3.2.10 cloud service category: Group of cloud services (3.2.8) that possess some common set of qualities.

NOTE – A cloud service category can include capabilities from one or more cloud capabilities types (3.2.4).

3.2.11 cloud service customer: Party (3.1.6) which is in a business relationship for the purpose of using cloud

services (3.2.8).
NOTE – A business relationship does not necessarily imply financial agreements.

3.2.12 cloud service customer data: Class of data objects under the control, by legal or other reasons, of the cloud

service customer (3.2.11) that were input to the cloud service (3.2.8), or resulted from exercising the capabilities of the

cloud service (3.2.8) by or on behalf of the cloud service customer (3.2.11) via the published interface of the cloud

service (3.2.8).
NOTE 1 – An example of legal controls is copyright.

NOTE 2 – It may be that the cloud service (3.2.8) contains or operates on data that is not cloud service customer data; this

might be data made available by the cloud service providers (3.2.15), or obtained from another source, or it might be publicly

available data. However, any output data produced by the actions of the cloud service customer (3.2.11) using the capabilities of

the cloud service (3.2.8) on this data is likely to be cloud service customer data (3.2.12), following the general principles of

copyright, unless there are specific provisions in the cloud service (3.2.8) agreement to the contrary.

3.2.13 cloud service derived data: Class of data objects under cloud service provider (3.2.15) control that are

derived as a result of interaction with the cloud service (3.2.8) by the cloud service customer (3.2.11).

NOTE – Cloud service derived data includes log data containing records of who used the service, at what times, which

functions, types of data involved and so on. It can also include information about the numbers of authorized users and their

identities. It can also include any configuration or customization data, where the cloud service (3.2.8) has such configuration and

customization capabilities.
2 Rec. ITU-T Y.3500 (08/2014)
---------------------- Page: 6 ----------------------
ISO/IEC 17788:2014 (E)

3.2.14 cloud service partner: Party (3.1.6) which is engaged in support of, or auxiliary to, activities of either the

cloud service provider (3.2.15) or the cloud service customer (3.2.11), or both.

3.2.15 cloud service provider: Party (3.1.6) which makes cloud services (3.2.8) available.

3.2.16 cloud service provider data: Class of data objects, specific to the operation of the cloud service (3.2.8),

under the control of the cloud service provider (3.2.15).

NOTE – Cloud service provider data includes but is not limited to resource configuration and utilization information, cloud

service (3.2.8) specific virtual machine, storage and network resource allocations, overall data centre configuration and

utilization, physical and virtual resource failure rates, operational costs and so on.

3.2.17 cloud service user: Natural person, or entity acting on their behalf, associated with a cloud service customer

(3.2.11) that uses cloud services (3.2.8).
NOTE – Examples of such entities include devices and applications.

3.2.18 Communications as a Service (CaaS): Cloud service category (3.2.10) in which the capability provided to

the cloud service customer (3.2.11) is real time interaction and collaboration.

NOTE – CaaS can provide both application capabilities type (3.2.1) and platform capabilities type (3.2.31).

3.2.19 community cloud: Cloud deployment model (3.2.7) where cloud services (3.2.8) exclusively support and

are shared by a specific collection of cloud service customers (3.2.11) who have shared requirements and a

relationship with one another, and where resources are controlled by at least one member of this collection.

3.2.20 Compute as a Service (CompaaS): Cloud service category (3.2.10) in which the capabilities provided to

the cloud service customer (3.2.11) are the provision and use of processing resources needed to deploy and run

software.

NOTE – To run some software, capabilities other than processing resources may be needed.

3.2.21 data portability: Ability to easily transfer data from one system to another without being required to re-enter

data.

NOTE – It is the ease of moving the data that is the essence here. This might be achieved by the source system supplying the data

in exactly the format that is accepted by the target system. But even if the formats do not match, the transformation between them

may be simple and straightforward to achieve with commonly available tools. On the other hand, a process of printing out the

data and rekeying it for the target system could not be described as "easy".

3.2.22 Data Storage as a Service (DSaaS): Cloud service category (3.2.10) in which the capability provided to the

cloud service customer (3.2.11) is the provision and use of data storage and related capabilities.

NOTE – DSaaS can provide any of the three cloud capabilities types (3.2.4).

3.2.23 hybrid cloud: Cloud deployment model (3.2.7) using at least two different cloud deployment models

(3.2.7).

3.2.24 Infrastructure as a Service (IaaS): Cloud service category (3.2.10) in which the cloud capabilities type

(3.2.4) provided to the cloud service customer (3.2.11) is an infrastructure capabilities type (3.2.25).

NOTE – The cloud service customer (3.2.11) does not manage or control the underlying physical and virtual resources, but does

have control over operating systems, storage, and deployed applications that use the physical and virtual resources. The cloud

service customer (3.2.11) may also have limited ability to control certain networking components (e.g., host firewalls).

3.2.25 infrastructure capabilities type: Cloud capabilities type (3.2.4) in which the cloud service customer

(3.2.11) can provision and use processing, storage or networking resources.

3.2.26 measured service: Metered delivery of cloud services (3.2.8) such that usage can be monitored, controlled,

reported and billed.

3.2.27 multi-tenancy: Allocation of physical or virtual resources such that multiple tenants (3.2.37) and their

computations and data are isolated from and inaccessible to one another.

3.2.28 Network as a Service (NaaS): Cloud service category (3.2.10) in which the capability provided to the cloud

service customer (3.2.11) is transport connectivity and related network capabilities.

NOTE – NaaS can provide any of the three cloud capabilities types (3.2.4).

3.2.29 on-demand self-service: Feature where a cloud service customer (3.2.11) can provision computing

capabilities, as needed, automatically or with minimal interaction with the cloud service provider (3.2.15).

3.2.30 Platform as a Service (PaaS): Cloud service category (3.2.10) in which the cloud capabilities type (3.2.4)

provided to the cloud service customer (3.2.11) is a platform capabilities type (3.2.31).

Rec. ITU-T Y.3500 (08/2014) 3
---------------------- Page: 7 ----------------------
ISO/IEC 17788:2014 (E)

3.2.31 platform capabilities type: Cloud capabilities type (3.2.4) in which the cloud service customer (3.2.11)

can deploy, manage and run customer-created or customer-acquired applications using one or more programming

languages and one or more execution environments supported by the cloud service provider (3.2.15).

3.2.32 private cloud: Cloud deployment model (3.2.7) where cloud services (3.2.8) are used exclusively by a

single cloud service customer (3.2.11) and resources are controlled by that cloud service customer (3.2.11).

3.2.33 public cloud: Cloud deployment model (3.2.7) where cloud services (3.2.8) are potentially available to any

cloud service customer (3.2.11) and resources are controlled by the cloud service provider (3.2.15).

3.2.34 resource pooling: Aggregation of a cloud service provider's (3.2.15) physical or virtual resources to serve

one or more cloud service customers (3.2.11).

3.2.35 reversibility: Process for cloud service customers (3.2.11) to retrieve their cloud service customer data

(3.2.12) and application artefacts and for the cloud service provider (3.2.15) to delete all cloud service customer data

(3.2.12) as well as contractually specified cloud service derived data (3.2.13) after an agreed period.

3.2.36 Software as a Service (SaaS): Cloud service category (3.2.10) in which the cloud capabilities type (3.2.4)

provided to the cloud service customer (3.2.11) is an application capabilities type (3.2.1).

3.2.37 tenant: One or more cloud service users (3.2.17) sharing access to a set of physical and virtual resources.

4 Abbreviations

For the purposes of this Recommendation | International Standard, the following abbreviations apply:

CaaS Communications as a Service
CompaaS Compute as a Service
DSaaS Data Storage as a Service
IaaS Infrastructure as a Service
IAM Identity and Access Management
NaaS Network as a Service
PaaS Platform as a Service
PII Personally Identifiable Information
SaaS Software as a Service
SLA Service Level Agreement
5 Conventions
References to terms defined in clause 3 are shown in bold.
6 Cloud computing overview
6.1 General

Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable physical or

virtual resources with self-service provisioning and administration on-demand. The cloud computing paradigm is

composed of key characteristics, cloud computing roles and activities, cloud capabilities types and cloud service

categories, cloud deployment models and cloud computing cross cutting aspects that are briefly described in this

clause 6.
6.2 Key characteristics

Cloud computing is an evolving paradigm. This clause 6.2 identifies and describes key characteristics of cloud

computing and is not intended to prescribe or constrain any particular method of deployment, service delivery, or

business operation.
Key characteristics of cloud computing are:
4 Rec. ITU-T Y.3500 (08/2014)
---------------------- Page: 8 ----------------------
ISO/IEC 17788:2014 (E)

– Broad network access: A feature where the physical and virtual resources are available over a network

and accessed through standard mechanisms that promote use by heterogeneous client platforms. The

focus of this key characteristic is that cloud computing offers an increased level of convenience in that

users can access physical and virtual resources from wherever they need to work, as long as it is network

accessible, using a
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.