| Added Service
|
A service performed using cloud services. The provider of added services contracts with cloud providers to obtain use of the resources that they control. The added services may in turn be cloud services. For example, an SaaS provider might use resources from a PaaS provider. Generally, the added services are software services, but they do not necessarily have the essential cloud computing characteristics. For example, they may not be available through on-demand self-service, or they may not be elastic.
|
| ADM
|
Architecture Development Method; see [TOGAF].
|
| AMPU
|
Average Margin Per User. The margin made by the firm from each customer, typically measured as the revenue minus the costs and divided by the number of users. This is a widely-used metric for gauging the success of businesses in the telecommunications industry.
|
| API
|
Application Programming Interface.
|
| Appliance
|
A self-contained IT system that can be plugged into an existing IT infrastructure to carry out a single purpose. An appliance is designed to address a specific IT operation from within a closed architecture that may contain an operating environment, storage, and specific applications. The appliance's purpose could be to provide additional processing power, network storage or monitoring, or anti-virus and security.
|
| ARPU
|
Average Revenue Per Unit. A measure of the revenue generated per user or unit. Average revenue per unit allows for the analysis of a company's revenue generation and growth at the per-unit level, which can help investors to identify which products are high or low revenue-generators. This measure is most often used in the telecommunications sector to survey the amount of revenue generated per cell-phone user, for example.
|
| ASP
|
Active Server Page. A kind of dynamically-generated web page in Microsoft's .NET framework.
|
| Authentication
|
The process of establishing confidence in the truth of some claim. In the context of identity management, an authentication system provides an understood level of confidence that an identifier refers to a specific individual (individual authentication) or identity (identity authentication), or that an attribute applies to a specific individual (attribute authentication).
|
| Availability
|
The proportion of the time that a system is available for use. It is typically measured in 9s. A “Five 9s” system is up 99.999% of the time – a little over five minutes per year downtime. Planned, scheduled outages for maintenance are typically excluded.
|
| BASEL II
|
The second set of recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. It deals with how much capital banks need to put aside to guard against financial and operational risks.
|
| BI
|
Business Intelligence.
|
| BPaaS
|
Business Process as a Service. A service model may be added to the original models of IaaS, PaaS, and SaaS, in which the consumer has the ability to use provider-defined business processes running on a cloud infrastructure. The business processes interface with various client devices through a thin client interface such as a web browser. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual business processes and underlying application capabilities, with the possible exception of limited user-specific process configuration settings.
|
| BPM
|
Business Process Management.
|
| BPO
|
Business Process Outsourcing.
|
| Broad Network Access
|
The essential characteristic of cloud computing that capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
|
| Business Operations Controller
|
A person that controls or manages ongoing recurring activities involved in the running of a business for the purpose of producing value for the stakeholders. Refer to Business Operations Controller for a description of the typical responsibilities of a Business Operations Controller.
|
| Business Procurement Manager
|
A person that manages the sourcing and purchasing of goods and services for business use. Refer to Business Procurement Manager for a description of the typical responsibilities of a Business Procurement Manager.
|
| Buyer
|
A person or organization that contracts to acquire an asset in return for some form of consideration. For cloud computing, the contracted asset will be a cloud computing service; e.g., a virtual machine for a period of time or use of a cloud computing software application.
|
| CAPEX
|
Capital Expenditure.
|
| CFAT
|
Cash Flow after Taxes.
|
| CEM
|
Customer Experience Management.
|
| CEO
|
Chief Executive Officer.
|
| CFO
|
Chief Financial Officer.
|
| CiA
|
Capacity in Advance. An arrangement under which a service provider maintains spare capacity at its cost and only charges for what is used.
|
| CIO
|
Chief Information Officer.
|
| Cloud Burst
|
A technique used by hybrid clouds to provide additional resources to private clouds on an as-needed basis. If the private cloud has the processing power to handle its workloads, the hybrid cloud is not used. When workloads exceed the private cloud’s capacity, the hybrid cloud automatically allocates additional resources to the private cloud.
|
| Cloud Computing
|
A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
|
| Cloud Service
|
A service offered over a network or the Internet that has the essential characteristics of cloud computing.
|
| CMU
|
Carnegie-Mellon University.
|
| CoD
|
Capacity on Demand.
|
| Community Cloud
|
The cloud computing deployment model in which the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on-premise or off-premise.
|
| Compliance
|
The act of adhering to, and demonstrating adherence to, a standard or regulation.
|
| Consumer
|
A person or organization with needs who makes use of a service.
|
| COO
|
Chief Operations Officer.
|
| CoS
|
Cost of Service.
|
| COSO
|
Committee of Sponsoring Organizations of the Treadway Commission. See [COSO].
|
| CPU
|
Central Processing Unit.
|
| CRM
|
Customer Relationship Management.
|
| CSA
|
Cloud Security Alliance. See [CSA].
|
| CTO
|
Chief Technical Officer.
|
| DEV
|
Development.
|
| DIACAP
|
The US Department of Defense Information Assurance Certification and Accreditation Program. It defines the risk management process for DoD information systems.
|
| DMTF
|
Distributed Management Task Force. See [DMTF].
|
| DoD
|
The Department of Defense of the USA.
|
| Driver (risk)
|
A factor that has a strong influence on the eventual outcome or result.
|
| EC
|
European Commission.
|
| Eclipse
|
A particular open source software development environment. See [ECLIPSE].
|
| Ecosystem
|
A system of participants in a defined market that have integrated business processes and use common standards for exchange of information, products, and services.
|
| eDiscovery Legislation
|
Legislation relating to discovery in civil litigation which deals with the exchange of information in electronic format.
|
| EOL
|
End of Life.
|
| End User
|
A person that uses a service and interacts with its performer. End users are often unaware of how their services are provided or procured. Examples of these actors include employees, mobile users, and World-Wide Web users.
|
| Enterprise
|
A collection of organizations that has a common set of goals and/or a single bottom line. An enterprise can be a government agency, a whole corporation, a division of a corporation, a single department, or a chain of geographically distant organizations linked together by common ownership.
|
| ERM
|
Enterprise Risk Management.
|
| ESB
|
Enterprise Services Bus.
|
| EU
|
European Union.
|
| Factor (risk)
|
A component of a system that significantly affects its behavior.
|
| FedRAMP
|
Federal Risk and Authorization Management Program (in the USA). See [FEDRAMP].
|
| FISMA
|
The US Federal Information Security Management Act of 2002.
|
| FM
|
Financial Management.
|
| Fremium
|
A business model in which a provider gives a service away free-of-charge, possibly but not necessarily supported by advertising, acquires a lot of customers very efficiently through word of mouth, referral networks, organic search marketing, etc., then offers premium priced value added services or an enhanced version of the service to the customer base.
|
| GLBA
|
The US Gramm-Leach-Bliley Act. This Act is also known as the Financial Services Modernization Act of 1999. It provides limited privacy protections against the sale of private financial information.
|
| Grid Computing
|
A computing model in which a wide variety of geographically distributed computational resources are presented as a single, unified resource. A computer grid is analogous to an electric power network (grid), where power generators are distributed, and consumers are able to use electricity without bothering about where it comes from. Grid computing can be used to solve problems that require computationally intensive processing, as in the SETI@home project.
|
| HIPAA
|
The US Health Insurance Portability and Accountability Act (HIPAA) of 1996. It includes provisions that address the security and privacy of health data.
|
| HPTC
|
High Performance Technical Computing.
|
| HW
|
Hardware.
|
| Hybrid Cloud
|
The cloud computing deployment model in which the cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
|
| Hypervisor
|
A particular virtualization technique that allows multiple operating systems, termed guests, to run concurrently on a host computer.
|
| IaaS
|
Infrastructure as a Service. The cloud service model in which the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).
|
| ICAEW
|
Institute of Chartered Accountants in England and Wales. See [ICAEW].
|
| IEC
|
International Electrotechnical Commission.
|
| I/O
|
Input/Output.
|
| IP
|
Internet Protocol.
|
| ISAE 3402
|
The International Standards for Assurance Engagements (ISAE) No. 3402. This standard applies to the assessment and audit of the internal controls of service organizations.
|
| ISO
|
International Organization for Standardization.
|
| IT
|
Information Technology.
|
| ITIL
|
Information Technology Infrastructure Library. See [ITIL].
|
| JSP
|
Java Server Pages.
|
| K
|
Kilo.
|
| KPI
|
Key Performance Indicator. Indicator to measure the defined business operations goals and provide opportunities to further optimize the business to achieve business objectives.
|
| LoB
|
Line of Business.
|
| M
|
Mega.
|
| Measured Service
|
The essential characteristic of cloud computing that cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
|
| Metric
|
An attribute that can be measured. Metrics are used to measure the QoS performance and the state of progress of people and organizations.
|
| Metering
|
A mechanism to measure usage of resources in cloud computing. It is usually measured per client and application with a measurement frequency of daily, weekly, monthly, and annually. Metering is also used by the cloud consumer in comparative study of cloud vendors on cost and reliability.
|
| Mission Risk
|
A systemic risk that affects a program’s ability to achieve its key objectives.
|
| MIT
|
Massachusetts Institute of Technology.
|
| Monitoring
|
A mechanism to collect information on services performances in a controlled environment for further analysis.
|
| ms
|
Milliseconds.
|
| MTBF
|
Mean Time Between Failures. Used in conjunction with MTTR as a measure of reliability for repairable components and, by analogy, for cloud services.
|
| MTTF
|
Mean Time To Fail. A measure of reliability used for non-repairable components.
|
| MTTR
|
Mean Time To Repair. Used in conjunction with MTBF as a measure of reliability for repairable components and, by analogy, for cloud services.
|
| Multi-Tenancy
|
A principle in software architecture where a single instance of a computing resource serves multiple client organizations (the tenants) providing a separate environment for each. How cloud multi-tenancy is enabled depends on the service model. In the case of IaaS, multi-tenancy of the infrastructure is enabled by the virtualization of the infrastructure resources. For PaaS, multi-tenancy of a platform is enabled by the platform software providing separate environments for its user organizations. In this sense, a multi-user operating system can be regarded as multi-tenant by definition. For SaaS, multi-tenancy of a software application depends on the application being designed to partition its configuration and data for the client organizations. Most of today’s applications are designed for a single tenant, and cannot be changed to multi-tenant operation without significant re-architecting.
|
| NAS
|
Network-Attached Storage. File-level computer data storage connected to a computer network providing data access to heterogeneous clients.
|
| NIST
|
National Institute of Standards and Technology (of the USA). See [NIST].
|
| NOC
|
Network Operations Center.
|
| NPV
|
Net Present Value.
|
| OAuth
|
Open Authorization. See [OAuth].
|
| Object-orientation
|
Often used in connection with object-oriented programming, a programming paradigm using software constructs called “objects”.
|
| OGF
|
Open Grid Forum. See [OGF].
|
| OLA
|
Operational-Level Agreement.
|
| On-Demand Self-Service
|
The essential characteristic of cloud computing that a consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.
|
| OPEX
|
Operational Expenditure.
|
| OS
|
Operating System. A collection of programs and data that efficiently manages computing resources.
|
| Outsourcing
|
A service model in which the consumer transfers the management or execution of the entire IT function to an external provider for a regular (e.g., monthly) fee.
|
| Outtasking
|
A service model in which the consumer turns over a specific IT operation to the provider organization, rather than the entire IT function.
|
| PaaS
|
Platform as a Service. The cloud service model in which the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.
|
| Pay-as-you-go
|
A financial policy by which capital projects are financed from current revenue in the operating budget rather than through borrowing. For cloud computing, an arrangement in which payment for IT resources is on a per-use-time basis using an OPEX style charging principle.
|
| Pay-by-the-drink
|
Usage-based billing.
|
| Pay-upfront
|
A billing model in which payment is made in advance.
|
| PC
|
Personal Computer.
|
| PCI DSS
|
The Payment Card Industry Data Security Standard. It states international security requirements for protecting cardholder data. See [PCI-DSS].
|
| PDA
|
Personal Digital Assistant.
|
| Peer-to-Peer Network
|
A computer network model in which each node plays a similar role. Peer-to-peer networking is contrasted with other models where different nodes play different roles. For example, in the client-server model, clients and servers are not interchangeable.
|
| PHP
|
Hypertext Preprocessor. PHP is a widely-used general-purpose scripting language that is especially suited for web development.
|
| PLM
|
Product Lifecycle Management.
|
| Pricing Model
|
A financial model used to determine pricing of a product or service.
|
| Private Cloud
|
The cloud computing deployment model in which the cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on-premise or off-premise.
|
| Process
|
A sequence or flow of activities in an organization with the objective of carrying out work.
|
| Provider
|
A person or organization that offers a capability exposed as a service. A cloud computing provider is a person or organization that offers capabilities exposed as a service that satisfies the essential characteristics of cloud computing. The provider of a cloud service has control over a set of resources, and makes them available to consumers of the service, in a way that has the essential characteristics of cloud computing.
|
| Public Cloud
|
The cloud computing deployment model in which the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
|
| QoS
|
Quality of Service. Outlines the non-functional requirements (e.g., performance) of a resource in a controlled computing environment.
|
| R&D
|
Research and Development.
|
| Rapid Elasticity
|
The essential characteristic of cloud computing that capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
|
| Resource Pooling
|
The essential characteristic of cloud computing that the provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location-independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or data center). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.
|
| Risk
|
The effect of uncertainty on objectives.
|
| Risk Management
|
The activities and methods used by an organization to manage risks associated with its business operations.
|
| ROI
|
Return On Investment.
|
| RPO
|
Recovery Point Objective.
|
| RTO
|
Recovery Time Objective.
|
| SaaS
|
Software as a Service. The cloud service model in which the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
|
| Safe Harbor
|
A US government program that helps US companies to establish adequate compliance with data privacy laws in other countries. The European Commission’s Directive on Data Protection went into effect in October 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. The Safe Harbor program provides a streamlined means for US organizations to comply with this Directive. It also provides similar help with regard to data privacy legislation in Switzerland.
|
| Sarbanes-Oxley
|
A US federal law enacted on July 30, 2002, which sets standards for all US public company boards, management, and public accounting firms, in particular for corporate accounting.
|
| SAS 70
|
Statement on Auditing Standard 70. A Report on the Processing of Transactions by Service Organizations where professional standards are set up for a service auditor that audits and assesses internal controls of a service organization. It was developed and is maintained by the American Institute of Certified Public Accountants.
|
| SCM
|
Supply Chain Management.
|
| Scorecard
|
A simple record in which results can be entered. Paper scorecards are used in games such as golf to keep score. The term is used in IT jargon to refer to a record, which may be held electronically, that describes some aspect of a person, organization, system, or activity. A Balanced Scorecard (BSC) is a particular form of scorecard: a semi-standard structured report supported by proven design methods and automation tools that can be used by managers to keep track of the execution of activities by staff within their control and monitor the consequences arising from these actions.
|
| SEI
|
Software Engineering Institute (of the Carnegie-Mellon University).
|
| Service
|
A logical representation of a repeatable business activity.
|
| Service Contract
|
The contract between the provider and the consumer of a service, relating to its provision and consumption. The provider agrees to provide the service, under certain conditions. The consumer agrees to accept the conditions when using the service and, in many cases, to pay for the service.
|
| Service-Oriented Architecture (SOA)
|
An architectural style that supports service-orientation, which is a way of thinking in terms of services and service-based development and the outcomes of services.
|
| SETI@home
|
(SETI at home) an Internet-based public volunteer computing project to search for extra-terrestrial intelligence, using the volunteers’ computers as a distributed computing grid to analyze radio signals.
|
| SFA
|
Sales Force Automation.
|
| Single Sign-On (SSO)
|
An access control method in which multiple systems with individual access control mechanisms are federated in such a way that a user can sign on to one of them and then access them all without signing on again.
|
| SLA
|
Service-Level Agreement. SLAs are characteristics of services that are met by service providers and are expected by service consumers as per defined contractual agreements.
|
| SME
|
Small and Medium-sized Enterprises.
|
| SMP
|
Symmetric Multi-Processing.
|
| SNIA
|
Storage Networking Industry Association. See [SNIA].
|
| SOA
|
Service-Oriented Architecture.
|
| SOE
|
Standard Operating Environment. A standard operating system configuration.
|
| SOX
|
Sarbanes-Oxley.
|
| SPOF
|
Single Point of Failure.
|
| SPL
|
Software Product Line.
|
| SQL
|
Structured Query Language.
|
| SRM
|
Supplier Relationship Management.
|
| SSAE 16
|
Statement on Standards for Attestation Engagements (SSAE) No. 16. This standard applies to the assessment and audit of the internal controls of service organizations. It mirrors and complies with ISAE 3402 and effectively replaces the Statement on Auditing Standard 70 (SAS 70) Type II.
|
| SSL
|
Secure Sockets Layer. A secure data communications protocol.
|
| SSO
|
Single Sign-On.
|
| TCO
|
Total Cost of Ownership.
|
| TCP/IP
|
Transmission Control Protocol/Internet Protocol.
|
| TOGAF
|
The Open Group Architecture Framework. See [TOGAF].
|
| Throughput
|
The amount of work that a computer can do in a given time period.
|
| UI
|
User Interface.
|
| UNIX
|
The UNIX System. See [UNIX].
|
| US
|
United States (of America).
|
| USA
|
United States of America.
|
| Utility Computing
|
The packaging of computing resources as a metered service similar to a traditional public utility.
|
| Virtual Machine
|
A software program that emulates a physical machine.
|
| Virtualization
|
A means of separating the execution of a software environment from the underlying hardware. Virtualization may be: hardware-assisted (where, as the term suggests, the hardware has specific features within its design to aid virtualization), full-virtualization sufficiently separating software execution from the hardware resources so as to allow operating systems to operate unmodified, partial-virtualization where some aspects of software execution require modification to run successfully, or para-virtualization where for performance reasons a specific port of an operating system or suitable virtual machine interface is required for communicating with hardware in a virtualized environment to offset the performance degradation associated with executing certain functions in a virtualized machine versus on the native hardware.
|
| VPN
|
Virtual Private Network.
|
| Web 2.0
|
The second generation of web sites, having greater sophistication than simple web pages. The greater sophistication takes several different forms; there is no agreed precise definition of what characterizes a Web 2.0 site.
|
| XML
|
Extensible Markup Language.
|
| XMP
|
(Cray) A model of supercomputer produced by Cray Research.
|