“Cloud” gets used to mean almost anything: a website, a SaaS app, a hyperscaler bill. The term has a precise definition, and it is worth knowing because it shapes how you evaluate providers, contracts, and architectures.
The NIST definition
The authoritative reference is NIST Special Publication 800-145, published in September 2011 by Peter Mell and Tim Grance. It is short, free, and still the working definition cited across procurement, compliance, and academic literature.
NIST defines cloud computing as:
In plain terms, cloud computing gives users on-demand network access to pooled compute, storage, networking, applications, and services with little provider interaction.
The model has three parts: five essential characteristics, three service models (IaaS, PaaS, SaaS), and four deployment models. Miss any of the five characteristics and the system is not cloud, regardless of marketing.
The five essential characteristics
- On-demand self-service. A user provisions compute, storage, or network capacity through an API or portal, without filing a ticket or waiting on a human.
- Broad network access. Capabilities are reachable over standard networks (HTTPS, common protocols) from heterogeneous clients, laptops, mobiles, other services.
- Resource pooling. The provider runs a multi-tenant pool. Physical and virtual resources are dynamically assigned to consumers. The consumer generally has no control over the exact physical location, beyond a region or zone.
- Rapid elasticity. Capacity scales out and in quickly, often automatically. To the consumer, the pool appears effectively unlimited.
- Measured service. Usage is metered (CPU-hours, GB-months, requests). Billing, reporting, and quotas all flow from this meter.
If a “cloud” offering requires you to email sales to add a VM, it fails the first characteristic. If you cannot see your usage, it fails the fifth. These are useful filters.
A 2010 Communications of the ACM paper, Armbrust et al., “A View of Cloud Computing”, framed the same idea from an economics angle: the cloud is the appearance of infinite resources on demand, no up-front commitment, and pay-per-use at a fine grain. The NIST characteristics explain how providers engineer this appearance.
Cloud is not synonymous with “public cloud”
NIST defines four deployment models, and all four are cloud:
- Public cloud. Infrastructure is provisioned for open use by the general public, owned and operated by a cloud provider.
- Private cloud. Infrastructure is provisioned for exclusive use by a single organization. It runs on-premises or with a third party. The five characteristics still apply, including self-service, metering, and elasticity, for one tenant.
- Community cloud. Shared by several organizations with common concerns (regulatory, mission, security). Common in government and research consortia.
- Hybrid cloud. Two or more of the above, kept distinct but bound together so workloads or data move between them.
The “public cloud equals cloud” assumption is convenient for hyperscaler marketing, but it is wrong on the definition. A well-run private CloudStack or OpenStack environment with self-service, metering, and elasticity is cloud. A virtualization platform with a ticket-driven provisioning queue is not, no matter who runs it.
Knowing the definition lets you evaluate any provider, including ZCP, against the same checklist instead of brand assumptions.