Just finished reviewing the latest draft update to the National Institute of Standards and Technology (NIST) publication 800-145 “The NIST Definition of Cloud Computing”. This publication is rapidly becoming the accepted defintion within the US Federal government of Cloud Computing and, for the most part, it’s a rather decent treaty of the topic and capture of the key taxonomy. However, the listed essential characteristics of this document have always seemed lacking to me, but until today, I couldn’t quite put my finger on what I believed was missing—Resiliency. The NIST publication lists on-demand self-service, broad network access, resource pooling, rapid elasticity and measured services as the five key essential characteristics that comprise the Cloud Computing model. Indeed, in the paragraph that precedes this list, they even state, “This cloud model promotes availability…” Yet, how is availability promoted if one of the key essential characteristics is not resiliency?
Resiliency is the ability of the Cloud to provide availability in face of catastrophic failure of individual components and facilities. Without this one defining factor, I would argue, it would be inappropriate for any business or government to choose Cloud Computing as an alternative option. While it’s true that within providers, such as Amazon, Rackspace, Joyent, you can model Continuity-of-Operations (COOP) into your systems, these providers leave the design and deployment of this option as an exercise to the consumer, while I argue that it should be inherent in the service package.
This raises the question for me, is NIST’s defintion merely a lowest common denominator of the available service provider offerings on the market today rather than setting the expectation for what a consumer should expect from a Cloud provider? If so, that would be disappointing to learn that our government thought leaders are simply mouthpieces for the vendors. I believe NIST needs to set the bar high with it’s expectations of what defines Cloud Computing and resiliency, failover and COOP should all be key essential characteristics of that entity.
Indeed, I’ll go so far as to say that this should be the default state of the Cloud and offer options to consumers to mark things as volatile at a reduced cost versus the alternative approach that is assumed now that everything is volatile and persistent needs to be specifically designed into the deployed Cloud solution. After all, don’t we already expect this from Cloud providers, such as Google and Facebook? We don’t expect one day we will log on to one of these provider’s services and receive the message, “sorry, we crashed and all your data is gone,” so, why should we believe this is not a tenant worthy of defining the Cloud?