NIST Publishes Cloud Security Guidelines

By John Wagley

Organizations should take time to “carefully plan” the security and privacy aspects of cloud computing before implementing any new solution or service, according to a new National Institute of Standards and Technology (NIST) report.

That was just one recommendation in the publication, Guidelines on Security and Privacy in Public Cloud Computing, which describes many of cloud computing’s risks as well as numerous steps organizations can take to make cloud computing more secure.

In addition to focusing more on planning, the paper lists three other overarching security-related recommendations. One is for organizations to ensure that any solution meets the organization’s privacy- and security-related requirements. Another is for cloud services customers to ensure that their own “computing environment” meets security and privacy requirements. Cloud computing customers should also work to “maintain accountability” of data and applications involved in cloud services.

The report is mainly intended for federal departments and agencies, but it's also applicable to the private sector, according to the agency.

Along with the guidelines, NIST published a draft definition of cloud computing. Part of the definition states that cloud computing has five “essential characteristics.” These include on-demand service, broad network access, and resource pooling. They also include rapid elasticity, in that “capabilities can be rapidly and elastically provisioned,” as well as measured service.

NIST has asked for comments on the two publications, with a deadline of February 28th.

The agency has also introduced a new Web site that includes information on its cloud computing work and activities. Called the Cloud Computing Collaboration Site, it also allows registered users to participate in certain cloud computing-related discussions.

 ♦ Screenshot of NIST report


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.