NIST guide tackles security challenges of public cloud computing
January 31, 2011
Cloud computing is an increasingly popular but evolving paradigm that presents challenges to security along with its promises of greater efficiency and flexibility. The National Institute of Standards and Technology has proposed guidelines for addressing these challenges, together with a concise definition of cloud computing.
“Many of the features that make cloud computing attractive can also be at odds with traditional security models and controls,” says draft Special Publication 800-144, “Guidelines on Security and Privacy in Public Cloud Computing.”
The guidelines emphasize planning, awareness and accountability as agencies consider moving resources to the public cloud.
Related coverage:
Advantages of cloud computing can come with a serious price tag
NASA explores the cloud with Nebula
One of the first challenges to be addressed in cloud computing is defining the term.
“Cloud computing can and does mean different things to different people,” the guidelines document states. The technology and concept is evolving, and NIST expects that the definition will change over time as well. The definition published in Draft SP 800-145 is intended to provide a starting place for discussing and defining security needs.
According to the short definition, “cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
Essential characteristics identified are on-demand service, broad network access, resource pooling, rapid elasticity and measured service. Service models include cloud software as a service, cloud platform as a service and cloud infrastructure as a service. These can be deployed in any combination of private, public or community cloud models, depending on their management and how access to the resources is controlled.