NIST Definition of Cloud Computing: Essential Characteristics

The essential characteristics define the cloud as a service that is directly manageable by the customer, available across a wide geographical area, and structured with organized resources.

The concept of cloud consumption is introduced from the perspective of the buyer, who is identified as a consumer of “resources” or “services” provided by the cloud provider. The commonly used terminology refers to “cloud provider” and “cloud consumer.”

Cloud computing, as an IT service, has distinctive features that set it apart from other IT services.

The NIST (National Institute of Standards and Technology) (20) is a U.S. government agency that develops standards, guidelines, and best practices to support technological innovation and enhance the security and reliability of information systems. Founded in 1901, its goal is to promote industrial competitiveness and scientific progress through the adoption of shared standards.

In this article, we will rely on NIST publications to understand the meaning of cloud computing.

NIST has provided formal definitions of cloud computing through descriptions of certain essential properties. A cloud service must possess these characteristics to be classified as such.

On-Demand Self-Service

A consumer can unilaterally configure and utilize computing capabilities, such as server time and network storage, based on their needs, autonomously and without requiring interaction with each cloud service provider.

Broad Network Access

The functionalities are available over the network and can be accessed through standard mechanisms that promote usability across various heterogeneous devices (e.g., mobile phones, tablets, laptops, and workstations). This ensures ease of access and a wide availability of resources.

Resource Pooling and Utilization

The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, where different physical and virtual resources are dynamically assigned and reassigned based on consumer demand.

NIST also specifies that cloud consumers typically do not have control or detailed knowledge of the exact location of the provided resources. However, they may be able to specify higher-level attributes such as the country, state, or data center where resources are hosted. Examples of cloud resources include storage, processing, memory, and network bandwidth.

Elasticity and Scalability of Cloud Resources

In some cases, provisioning and releasing functionalities can be performed elastically and automatically, allowing rapid scaling up and down based on demand.

From the consumer’s perspective, cloud resources appear to be highly scalable and can be allocated based on the required consumption at any given moment (just-in-time upscaling/downscaling).

Measured Service

Cloud systems automatically control and optimize resource usage by leveraging a metering capability. At an appropriate level of abstraction relevant to the type of service (e.g., storage, processing, bandwidth, and active user accounts), resource usage can be monitored, controlled, and reported, ensuring transparency for both the provider and the consumer.

Cloud Computing as an OPEX-Based Expense

Beyond NIST’s technological and functional definition, it is useful to consider that cloud computing—especially in the B2B (Business-to-Business) context discussed in this book—represents an operational expense (OPEX) rather than a capital expenditure (CAPEX).

The field of FinOps has emerged to address the necessary integration between technology, finance, and treasury operations. The recurring cost, calculated on a monthly basis, introduces challenges in budget planning and financial management for organizations. This disrupts the traditional model in which IT expenses were typically categorized as capital investments (CAPEX) within long-term budget plans.

This shift requires organizations to adopt service models that can fully leverage the benefits of cloud computing’s adaptability while ensuring cost predictability.

This change also demands scalable architectures, both at the infrastructure and application levels, as well as data models oriented toward secure data sharing based on access rights. These aspects, while beneficial, introduce complexity in cost forecasting and financial planning.

Cloud computing is not a one-size-fits-all solution. It should be interpreted and adopted only after fully understanding its potential and limitations, which is the objective of this section of the book.

Further Considerations

More than two decades after NIST first defined the essential characteristics of cloud computing, these principles still largely hold true in today’s market.

Yet, the increasing complexity of cloud services often makes dynamic scaling a challenge, particularly when dealing with full-fledged cloud-based IT ecosystems.

This difficulty stems from various factors, primarily related to the management of cloud resource configuration and distribution. Consequently, achieving precise and immediate cost predictability for scalability remains elusive.

Public cloud models, in particular, tend to simplify scaling up while making scaling down more complex unless managed through automated systems with predictive controls.

Many organizations still find themselves integrating traditional IT systems with cloud services, resulting in hybrid ecosystems rather than purely cloud-native solutions. This adds an intermediate layer of complexity, impacting Total Cost of Ownership (TCO) and Return on Investment (ROI), as these environments still follow OPEX models.

Moreover, many companies opt for multi-cloud strategies, not necessarily to duplicate environments, but to take advantage of specialized SaaS or PaaS services like Microsoft 365, Google Workspace, Google Cloud BigQuery, or Microsoft Azure Fabric.

In these scenarios, services cannot always be replicated across different cloud providers. High availability and geographical reliability are guaranteed by contracts with a single provider.

Over time, regulations have introduced mandatory measures for cloud ecosystems hosting core and sensitive applications. Businesses must ensure service continuity by replicating services across multiple clouds to mitigate risks such as provider bankruptcy, prolonged cyberattacks, or service outages.

This has led to the need for further classification of cloud resources, independent of the service model, to assist in corporate strategy planning:

• Cloud resources are generally not portable or transferable across different cloud providers.
• What can be transferred is the configuration—the software defining the cloud resources—provided the ecosystem follows a cloud-native operational model (as described in the book’s second section).
• Applications can also be transferred, but only if they have been designed to be compatible with cloud-native principles.

Navigating cloud adoption is a challenging but feasible journey. Much like an expedition, success requires careful preparation, endurance, and a well-charted map of the landscape.

Having a guide can be invaluable.

There are multiple paths to cloud adoption. Some are narrow, requiring technical expertise to reach peak efficiency, while others are more accessible but still yield tangible results in terms of efficiency and effectiveness.

Understanding the cloud, mapping its capabilities, and assessing an organization’s actual potential is crucial in choosing a realistic path to achieving cloud computing success.

---

Holistic Vision

The NIST definition of cloud computing, with its essential characteristics, continues to serve as a compass more than two decades after it was first introduced. While technology has evolved, and the cloud has become more layered and complex, these principles still form the backbone of how organizations approach adoption.

Beyond the technicalities of on-demand resources, elasticity, and measured services, cloud computing is also a matter of culture and economics. The shift from CAPEX to OPEX redefines how businesses plan, invest, and innovate. FinOps practices, hybrid strategies, and multi-cloud ecosystems are not exceptions but the natural evolution of NIST’s foundational vision.

Seen holistically, the essential characteristics of cloud computing are less about the mechanics of servers and storage, and more about trust, adaptability, and transparency. They remind us that the cloud is not simply infrastructure: it is a shared environment where resilience, scalability, and financial sustainability converge.

In this light, adopting the cloud is less a technical migration and more an expedition into a dynamic ecosystem. Success depends not only on technology but on preparation, governance, and the ability to align financial strategies with digital ambitions. The NIST framework remains the map — but every organization must chart its own path across the terrain.