NIST Security Reference 2013 (†414)NIST Cloud Computing Security Reference Architecture: Special Publication 500-299 (NIST, [2013?]).
- cloud broker (p. 34): An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between cloud Providers and cloud Consumers. (†512)
- cloud consumer (p. 32): A Cloud Consumer is the entity that maintains a business relationship with, and uses services from, cloud Providers, cloud Brokers, and cloud Carriers. ¶ A cloud Consumer browses the service catalog from a cloud Provider or cloud Broker, requests the appropriate service(s), and sets up service contracts with the cloud Provider (either directly or through a cloud Broker) before effectively using the service. The Consumer may set up Carrier services separately, or use the Carrier services integrated into the offering of the cloud Provider/Broker. ¶ The cloud Consumer may be billed for the service provisioned, and needs to arrange payments accordingly. Cloud Consumers use SLAs to specify the technical performance requirements that must be fulfilled by a cloud Provider and/or cloud Broker. (†510)
- cloud provider (p. 32): A cloud Provider is the entity responsible for making a service available to cloud Consumers (either directly or indirectly via a Broker). A cloud Provider acquires and manages the computing infrastructure required for providing the services, runs the cloud software that provides the services (at least for SaaS and PaaS service deployments), and makes arrangements to deliver the cloud services to the cloud Consumers through network access. A cloud Provider’s activities can be sorted into five major categories: · Service deployment · Service orchestration · Service management · Security · Privacy. (†511)
- trust (p. 22): U.S Government Cloud Computing Technology Roadmap identifies in Requirement "the need to demonstrate that the required level of protection of Federal data can be provided in the cloud environment in order to inspire confidence and trust to a level where security is not perceived to be an impediment to the adoption of cloud computing." The document also emphasizes that the "cloud Provider and the cloud Consumer have differing degrees of control over the computing resources in a cloud system." Therefore the implementation of the security requirements becomes a shared or split responsibility among cloud Actors. (†509)