NIST Tackles Security Concerns on the Cloud

Study includes recommendations for securely configuring and using full computing virtualization technologies.

By almost any measure, cloud computing is a marketing triumph. Software as a service off the Internet "cloud" was once initially merely a promise of the future. Today in the infinite present, it's the ceaseless rage.

But, more than other industries, questions abound as to whether the cloud has a fit in the industrial world.

Many large-scale manufacturers are intrigued by the concept of using virtualized servers within the plant, yet use is still in its infancy. Even more unclear are questions concerning security.

On this front, the National Institute of Standards and Technology hopes to bring more clarity. Recently, the technology organization set out to definitively lay out clear security requirements for web-based computing applications and services.

U.S. chief information officer Vivek Kundra tasked NIST with speeding up the process of forming security guidelines for federal adoption of the cloud. Kundra has been among the nation's most vocal proponents of wiring federal agencies into the cloud.

NIST laid out a series of proposals in its "Guidelines on Security and Privacy in Public Cloud Computing," which highlights security and privacy challenges related to public cloud computing as well as what steps an organization should take when it begins its migration.

Though the suggestions are focused on public adoption, they reveal significant obstacles that remain for private clouds as well.

"Cloud computing can and does mean different things to different people," the report explains. For all the buzz surrounding its presence, "cloud computing remains a work in progress."

Perhaps the biggest obstacle to widespread adoption is that cloud providers can't apply cookie-cutter solutions to complex security questions.

Among the key guidelines, NIST suggests:

  • Carefully plan the security and privacy aspects of cloud computing solutions before engaging them.
  • Understand the public cloud computing environment offered by the cloud provider and ensure that a cloud computing solution satisfies organizational security and privacy requirements.
  • Ensure that the client-side computing environment meets organization security and privacy requirements for cloud computing.
  • Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.
  • "Organizations should require that any selected public cloud computing solution is configured, deployed and managed to meet their security, privacy and other requirements," the report states.
  • NIST also points out that for all the hype, there has been little clarity in defining what truly constitutes cloud computing. The report maintains five "essential" characteristics to identify what falls under the scope of "cloud": on-demand self service, broad network access, resource pooling, rapid elasticity and measured service.
  • NIST also launched a cloud-computing collaboration website to provide information and to further the dialogue between government researchers, agency technology chiefs and the broader public.

See Also:
• Bringing Harmony to Automation

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish