NIST Addresses Cloud Computing Uncertainty
June 22, 2012
The National Institute of Standards and Technology (NIST) has released a document, entitled Cloud Computing Synopsis and Recommendations, that aims to cut some of the confusion that chief information officers (CIOs) feel around the issue of cloud business, says a ZDNet report.
The document starts by explaining some of the options for cloud configurations and how organizational goals affect which options are right for a particular business. It paves the way for a deeper look at deployment and service models, economic issues, operational issues, security, and service. With more midsize businesses looking to make the move to cloud-based tools, at least for some non-critical applications, this could be a way to help the decision-making process…
Cloud Options
In looking at deployment, the NIST document outlines the options for private cloud deployment, share-cloud hosting, third-party hosting, and public cloud deployment and what this means for resource access and control. The document also considers service delivery options that businesses can choose from including software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS), looking at strengths, weaknesses, and issues around interoperability and portability. This provides an excellent introduction to the different forms of cloud deployment, enabling businesses to get a head start in selecting the right one.
While the document states that moving to the cloud may cut up-front costs for businesses, making them potentially more agile, it is careful to state that determining overall cost reduction is a matter for careful analysis of a number of issues, not least the cost of migration to or from the cloud. While it’s true that migration costs are an important issue, even more important for many businesses is concern about how to integrate the cloud into their existing systems. Building additional capacity remains a more likely scenario than wholesale migration at this point.
The NIST document raises the issue of the potential bottlenecks caused by any networking limitations and stresses the importance of understanding what service agreements include, especially the mutual responsibilities of service providers and their customers. And, on the issue of security, it stresses both the advantages (ease of making security updates) and disadvantages (storage of large amounts of customer data that may be vulnerable) of such a move. With security still a major issue for many businesses, this comparison is worth noting.
NIST Recommendations
Finally, NIST makes a number of recommendations for businesses to consider in the areas of data governance, management, security and reliability, software and applications, and virtual machines. These cover issues such as data migration, operational continuity, compliance, legal issues, licensing, data regulation, encryption, authentication, virtual machine vulnerabilities, application development, configuration and support, and much more.
The document provides a good starting point for any business considering a move to the cloud, presenting issues in a relatively unbiased fashion. Midsize businesses looking to get started with cloud computing will certainly find it a useful resource that clearly sets out the major considerations.
However, some critics have made one comment that is worth consideration: in maintaining its neutrality on the issue, NIST has ignored the operational and transformative benefits that organizations can gain from moving to the cloud, and those are also worth considering. These include the ability to deploy software changes quickly, change their expenditure base so that more budget goes to operations than IT infrastructure, keep costs low (including reducing the cost of labor) and make more efficient use of IT and server resources.