Mini-glossary: Cloud computing terms you should know

You don't have to know everything about cloud computing, but a familiarity with the terminology will help you follow the trends and industry developments. This glossary offers a rundown of the terms you're likely to come across.

You don't have to know everything about cloud computing, but a familiarity with the terminology will help you follow the trends and industry developments. This glossary offers a rundown of the terms you're likely to come across.

Cloud computing is one of the hottest topics in IT these days, with Microsoft, Google, Amazon, and other big players joining in the fray. However, the technology brings with it new terminology that can be confusing. Here are some common cloud-related terms and their meanings.

Note: This glossary is also available as a PDF download.

Advertising-based pricing model

A pricing model whereby services are offered to customers at low or no cost, with the service provider being compensated by advertisers whose ads are delivered to the consumer along with the service.

Amazon EC2

Amazon's Elastic Compute Cloud Web service, which provides resizable computing capacity in the cloud so developers can enjoy great scalability for building applications.

Amazon S3

Amazon Simple Storage Services -- Amazon's cloud storage service.


Content delivery network -- A system consisting of multiple computers that contain copies of data, which are located in different places on the network so clients can access the copy closest to them.


A metaphor for a global network, first used in reference to the telephone network and now commonly used to represent the Internet.

Cloud broker

An entity that creates and maintains relationships with multiple cloud service providers. It acts as a liaison between cloud services customers and cloud service providers, selecting the best provider for each customer and monitoring the services.

Cloud operating system

A computer operating system that is specially designed to run in a provider's datacenter and be delivered to the user over the Internet or another network. Windows Azure is an example of a cloud operating system or "cloud layer" that runs on Windows Server 2008. The term is also sometimes used to refer to cloud-based client operating systems such as Google's Chrome OS.

Cloud Oriented Architecture

A term coined by Jeff Barr at Amazon Web Services to describe an architecture where applications act as services in the cloud and serve other applications in the cloud environment.

Cloud portability

The ability to move applications and data from one cloud provider to another. See also Vendor lock-in.

Cloud provider

A company that provides cloud-based platform, infrastructure, application, or storage services to other organizations and/or individuals, usually for a fee.

Cloud storage

A service that allows customers to save data by transferring it over the Internet or another network to an offsite storage system maintained by a third party.


Replacing traditional IT services with cloud services.


Connecting multiple cloud computing environments.


Software that enables creating, deploying, running, or managing applications in the cloud.


A group of linked computers that work together as if they were a single computer, for high availability and/or load balancing.

Consumption-based pricing model

A pricing model whereby the service provider charges its customers based on the amount of the service the customer consumes, rather than a time-based fee. For example, a cloud storage provider might charge per gigabyte of information stored. See also Subscription-based pricing model.

Customer self-service

A feature that allows customers to provision, manage, and terminate services themselves, without involving the service provider, via a Web interface or programmatic calls to service APIs.

Disruptive technology

A term used in the business world to describe innovations that improve products or services in unexpected ways and change both the way things are done and the market. Cloud computing is often referred to as a disruptive technology because it has the potential to completely change the way IT services are procured, deployed, and maintained.

Elastic computing

The ability to dynamically provision and de-provision processing, memory, and storage resources to meet demands of peak usage without worrying about capacity planning and engineering for peak usage.

External cloud

Public or private cloud services that are provided by a third party outside the organization.

Google App Engine

A service that enables developers to create and run Web applications on Google's infrastructure and share their applications via a pay-as-you-go, consumption-based plan with no setup costs or recurring fees.

Google Apps

Google's SaaS offering that includes an office productivity suite, email, and document sharing, as well as Gmail, Google Talk for instant messaging, Google Calendar and Google Docs, spreadsheets, and presentations.


Hardware as a service; see IaaS.

Hosted application

An Internet-based or Web-based application software program that runs on a remote server and can be accessed via an Internet-connected PC or thin client. See also SaaS.

Hybrid cloud

A networking environment that includes multiple integrated internal and/or external providers.


Infrastructure as a service -- Cloud infrastructure services, whereby a virtualized environment is delivered as a service over the Internet by the provider. The infrastructure can include servers, network equipment, and software.

IBM Smart Business

IBM's cloud solutions, which include IBM Smart Business Test Cloud, IBM Smart Analytics Cloud, IBM Smart Business Storage Cloud, IBM Information Archive, IBM Lotus Live, and IBM LotusLive iNotes.

Internal cloud

A type of private cloud whose services are provided by an IT department to those in its own organization.


A Web-based application that combines data and/or functionality from multiple sources.

Microsoft Azure

Microsoft cloud services that provide the platform as a service (see PaaS), allowing developers to create cloud applications and services.


Software that sits between applications and operating systems, consisting of a set of services that enable interoperability in support of distributed architectures by passing data between applications. So, for example, the data in one database can be accessed through another database.

On-demand service

A model by which a customer can purchase cloud services as needed; for instance, if customers need to utilize additional servers for the duration of a project, they can do so and then drop back to the previous level after the project is completed.


Platform as a service -- Cloud platform services, whereby the computing platform (operating system and associated services) is delivered as a service over the Internet by the provider.

Pay as you go

A cost model for cloud services that encompasses both subscription-based and consumption-based models, in contrast to traditional IT cost model that requires up-front capital expenditures for hardware and software.

Private cloud

Services offered over the Internet or over a private internal network to only select users, not available to the general public.

Public cloud

Services offered over the public Internet and available to anyone who wants to purchase the service.


Software as a service -- Cloud application services, whereby applications are delivered over the Internet by the provider, so that the applications don't have to be purchased, installed, and run on the customer's computers. SaaS providers were previously referred to as ASP (application service providers).

An online SaaS company that is best known for delivering customer relationship management (CRM) software to companies over the Internet.

Service migration

The act of moving from one cloud service or vendor to another.

Service provider

The company or organization that provides a public or private cloud service.


Service level agreement -- A contractual agreement by which a service provider defines the level of service, responsibilities, priorities, and guarantees regarding availability, performance, and other aspects of the service.

Subscription-based pricing model

A pricing model that lets customers pay a fee to use the service for a particular time period, often used for SaaS services. See also Consumption-based pricing model.

Utility computing

Online computing or storage sold as a metered commercial service in a way similar to a public utility

Vendor lock-in

Dependency on the particular cloud vendor and difficulty moving from one cloud vendor to another due to lack of standardized protocols, APIs, data structures (schema), and service models.

Vertical cloud

A cloud computing environment that is optimized for use in a particular industry, such as health care or financial services.

Virtual private data center

Resources grouped according to specific business objectives.


Virtual private cloud -- A private cloud that exists within a shared or public cloud, e.g., the Amazon VPC that allows Amazon EC2 to connect to legacy infrastructure on an IPsec VPN.

Windows Live Services

Microsoft's cloud-based consumer applications, which include Windows Live Mail, Windows Live Photo Gallery, Windows Live Calendar, Windows Live Events, Windows Live Skydrive, Windows Live Spaces, Windows Live Messenger, Windows Live Writer, and Windows Live for Mobile.


Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...


The big down-side I see for small business is: "What will happen in a cash-flow crunch?" Every small businessperson knows that sometimes customers don't pay their bills, and it can be a challenge to meet payroll and there isn't enough left for other bills. So you pay your employees, take the dunning phone calls, pay some late charges when the money comes in, and business goes on. There are safeguards and due process built-in to the system so that the Sheriff can't come and padlock your doors the day after your bill is late. Your creditors get their money, just a little later and a little extra. Now enter "the Cloud". Your business becomes entirely dependent on your Cloud provider. If they shut you off, you're dead, and they're probably not bound by procedural regulations similar to lending institutions or utilities. If you can't pay on time, they put your service "on hold", and you're out of business. You try to scramble to find money to pay them to keep the business going, and now maybe there's not enough money for payroll. But if you don't pay "the Cloud", your business is dead. Like many "new deals", the Cloud looks attractive on the front end because it doesn't involve a large upfront capital outlay. But IMHO, choosing "the Cloud" for a small business is akin to walking into the lion's den, or jumping into shark-infested waters.


So now the comments appear! I must be REALLY losing it!! ?:|


that Amazon was one of the players in the Cloud. I learned a lot about the cloud from this mini-glossary.


And its not cloud computing. Clusters are most often used for massive parallel processing. Load balancing is not MPP. Even in cloud computing the original use for Clusters is MPP, but then most people think computers are for reading email and browsing the web. There are less and less of us that use computers for real computing but we still use more computing power and do more processing by cpu cycles then all the rest of you put together, and we also do email and browse the web.


Um... Doesn't Microsoft refer to their cloud offerings as BPOS for applications and AZURE for the development platform?


I expected to see Amazon, Google and Microsoft services in that list - they are synonymous with "the cloud". But Salesforce? I stopped reading right there.


Cloud = the now politcally correct term for smoke and mirrors which implies someone is pulling the wool over your eyes. People need to wake up and see that if they are not careful, a few select entities will have control over most of the data that currently exists.


Windows Azure platform allows developers to create cloud applications and services. It offers Windows Azure(OS as an online service), SQL Azure (Full RDBMS), AppFabric(connects cloud services and on-premises applications). BPOS - Business Productivity Online Standard Suite. It is a hosted communication and collaboration tools and the services include Exchange Online, SharePoint Online, Office Communications Online, Office Live Meeting, Dynamics CRM Online. Thanks Amol (MSFT)


The reason there aren't any words for Security in the Cloud Computing glossary is because, at least in the current evolution, there is no such thing. Cloud computing has a long way to go before security can even be addressed in an internal deployment much less a WAN or WWAN.


I _hate_ marketing speak. "To the cloud!" is nothing more than a rebranding of the old dumb terminal/smart server scheme of computing. Wow, how innovative!


Do not agree to the comment that there is no such thing as Security for cloud. Microsoft Azure platform is been designed with security in mind and built in, a number of different security features. Fundamental aspects of security are securing data and verify identities have access to requested resources. Azure has .NET Access Control Service, which works with web services and apps to provide a way to integrate common identities. This service will support popular identity providers. Applications determine whether a user is allowed access based on Security Assertion Markup Language (SAML) tokens that are created by the Security Token Service (STS) and contains information about the user. The STS provides a digital signature for each token. Applications have lists of digital certificates for the STS's it trusts. Trust relationships can be created between a trusted STS and an STS that issues a token to provide for identity federation. The Access Control Service is an STS that runs in the cloud. This STS validates the signature on the SAML token that is sent by the client application (web browser) and creates and signs a new token for the client application to present to the cloud application. .NET access control service and STS are just one piece of cloud security strategy; there are other components as well. Thanks Amol Gote (MSFT)


A major part of cloud security may be the notion that cloud consumers can depend on their data being backed up and then hide amongst the rest of the consumers, hoping that by shear probability they will not be the victim of a cloud predator. If they get picked off, then they may file an insurance claim and rewind to a previous data state, and then hope it does not happen again. Data encryption should be able to allay data privacy issues.


every jerk journalist has latched on to it and they think they will make everyone adopt it if they say it often enough and loud enough.


I was explaining one of the aspects of security. Security has multiple facets to it. Also you mentioned about Internet connection dying, how do you manage when your in premise corporate network fail? Also in cloud deployment there is option not to deploy the entire data in the cloud, but you can design your app to have data sitting inside your corporate premises and have application hosted in cloud connecting to the in premise data over the service bus. Thanks Amol Gote (MSFT).


about the details, but they will only say that just one of their protections is some kind of host based protection scheme; at least I thought that was what I heard him say. I could tell he was trying to be careful in case I was some kind of cracker scoping out their site, but I decided not to push too hard. Since they provide cloud based password vaults, I would think it would be as bullet proof as possible. I hope more bullet proof that the average bank! But that isn't saying much!


Isn't any security based on a token service still subject to a man in the middle attack? As far as access security is concerned, how does this differ from an internal network failure? The cloud provider should surely have a failover setup pretty much the same as a private network, so if the IP gets taken out by a denial of service attack, then they should have a temporary switchover IP until the original IP gets clear again.

The 'G-Man.'
The 'G-Man.'

Security covers more than who has access. What about Security of a connection to data? Security to access the data - my internet connection just died - my data is now unavailable to me. The security of the company is now at risk as we no longer have access to the informarion we need. You are just thinking 1 dimensional.

Editor's Picks