When examining the cloud computing (hereinafter: “CC”) services available on the market, we realise that there are plenty of differences regarding what are they providing exactly and how do they deliver it; and nevertheless, who the customers are.

However, by stripping off the differences, there are five essential characteristics that meant to identify a cloud service, such as “on-demand self-service, broad network access, recourse pooling, rapid elasticity and measured service”.

NIST definition of CC:

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.


CC can be regarded as a kind of a utility service, providing near instant scalable compute and storage resources accessible online on-demand1; or as an infrastructure (deployment/hosting/compute) outsourcing2. Although, there are major conceptual differences between the traditional outsourcing and the CC services. Therefore, the ‘utility service’ perspective brings us closer to the true nature of CC services, especially with respect to the wide variety of consumers.

Service models

The main categories of the CC services are defined through the infrastructure and resource types made available for the customers: (i) Infrastructure-as-a-Service (IaaS); (ii) Platform-as-a-Service (PaaS); and (iii) Software-as-a-Service (SaaS)3. Though, there are several other subcategories or variations of CC services, like Data(base)-as-a-Service (DaaS)4 or Desktop-as-a-Service (DaaS)5.

The IaaS provides the highest level of influence for the customer over the cloud infrastructure (hardware and software resources)6 and the division of responsibilities in the service level agreement when it comes down to security, business continuity, accessibility, data integrity, interoperability.

The next layer is the PaaS, where the consumer can create and deploy applications onto the cloud infrastructure within the limits established by the provider, i.e. by using development tools, computer languages and other services (APIs)7, supported by the provider on the given infrastructure8.

The final layer, SaaS, is the end-user level, where the control and the influence of the customer over the CC resources are basically limited to some application settings9.

It is important to highlight that the above layers of CC service are provided most of the time in combination as a chain of services: the customer of an IaaS can be the provider of the PaaS and/or the SaaS. This makes the liability regarding the CC service-related matters widely spread and blurred between the end-user and the chain of providers. The scope of responsibility for each participant of the CC service is determined by the contractual terms. In case of SaaS providers standard terms are applicable, which are usually quite restricting and disadvantageous for the customers with plenty of waivers and/or exclusions of liability in favour of the provider, not to mention the technical limitations. The deeper we go in the layers, the more room has the customer in terms of technical features. However, IaaS providers are usually the main source of rigid standard contractual terms which are later reflected in SaaS standard contracts.

Deployment models

Typically, the private cloud users (such as single businesses, organisations comprising of multiple consumers) as exclusive customers can have substantial influence on the terms of a service level agreement. Although, there are 3 other deployment models that differ with respect to the scope of end-users and may be supplied under customised contractual terms depending on the purpose of use: (i) community-; (ii) public-; and (iii) hybrid clouds. Since the end-users of a certain cloud deployment share the same concerns, the CC service can be customised to meet the special needs of the customer in a cost-effective manner.

Due to diverse nature of CC services it is very challenging to give a standard definition and description to cloud computing services, and even more complicated to regulate it on statutory level. This is why its provision is defined by the service agreements concluded between the provider and the customer, thus it is crucial to read those terms.


1 Cloud Computing Law- Edited by Christopher Millard, Chapter 1. W Kuan Hon and Christopher Millard

2 O. Rana -The cost of cloud migration (2014) IEEE CC Vol. 1. p. 62-65.

3 NIST definition of CC

4 https://www.oracle.com/cloud/daas.html

5 http://www.navisite.co.uk/services/cloud-desktop-services

6 Go Daddy dedicated virtual machines

7 WordPress.com as a blog provider platform

8 Google App Engine

9 Microsoft Office 365