Skip to main content

Use Cloud BPM to Meet National Institute of Standards and Technology Guidelines for Cloud Computing

Ben Farrell
August 30, 2011

Cloud computing is confusing. The term covers multiple deployment and service models, and the decision to "go cloud" requires thought around economic considerations and security. Luckily, the National Institute of Standards and Technology (NIST) has published a detailed document for anyone looking for information, definitions and guidance around cloud computing. While NIST's "DRAFT Cloud Computing Synopsis and Recommendations" report has been prepared for use by Federal agencies, commercial IT and business leaders can also learn valuable lessons from federal models for IT and security. A review of the report shows that Appian's Cloud BPM meets NIST's key considerations for a variety of cloud models.

Cloud confusion arises, the report states, because "cloud computing is not a single kind of system, but instead spans a spectrum of underlying technologies, configuration possibilities, service models, and deployment models." The NIST-established definition of cloud computing covers four deployment models:

    • Private cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.

    • Community cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared objectives and concerns. Management and location options are the same as for a private cloud.

    • Public cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

    • Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

It also describes three cloud service models:

    • Cloud Software as a Service (SaaS): Using a provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a Web browser.

    • Cloud Platform as a Service (PaaS). Creating in-house applications that are deployed onto the cloud

    infrastructure. The consumer does not manage or control the underlying cloud infrastructure, but has control over the deployed applications.

    • Cloud Infrastructure as a Service (IaaS). The provider provisions processing, storage, networks, and other fundamental computing resources for the consumer to deploy and run arbitrary software. The consumer does not control the underlying cloud infrastructure but has control over operating systems, storage and deployed applications.

Deciding what type of cloud computing is right for your organization requires examining these deployment and service model variables. It also requires weighing economic considerations (pay-for-use pricing, provisioning elasticity and elimination of large up-front costs) against any perceived lack of control. When you find the right mix, you'll see that cloud computing for businesses and government makes sense on multiple levels. There are cost savings. There are time and resource savings. There are space savings. There are efficiencies that were pipe dreams before tapping into the cloud.

Of course, protecting your information and your clients' information remains the top priority -- as it should be. The report states, "As complex networked systems, clouds are affected by traditional computer and network security issues, [however] by imposing uniform management practices, clouds may be able to improve on some security update and response issues."

While strict cloud security measures must be in place, this is true for any IT system. Computerworld recently reported on exaggerated cloud security fears, with former Federal CIO Vivek Kundra stating that "A lot of people are sort of driving this notion of fear around security...I think that's been amplified, frankly, is because it preserves the status quo." Kundra was fond of pointing out that the federal site is hosted on Amazon's EC2 cloud.

Appian's Cloud BPM helps achieve cost-saving goals while maintaining the highest level of security across many cloud deployment and service models. We support multiple deployment models, as well as both SaaS and PaaS service models. And Appian Cloud provides reliability and security that matches - or exceeds - that of the best internally managed environments. Appian's reliability and security guarantees include 99.5% uptime, SAS-70 Type II infrastructure audit reports, SAML or LDAP/AD integration for secure authentication and single sign-on, SSL encryption of all communication between systems, compliance with national data privacy laws through local hosting, and FISMA security certification. In short, we cover all your security needs in the cloud in order for you to do business.

Cloud computing is the wave of the future, but be careful: make sure the cloud technology you choose offers deployment and service flexibility, and meets the highest security standards. If you do that, nothing can stop your organization (and your partners and customers) from enjoying all the benefits cloud computing offers.

-Ben Farrell, Director of Corporate Communications