Security Slideshow: NIST Cloud Security Guidelines
By Don Reisinger | Posted 02-16-2011
The National Institute of Standards and Technology unveiled a set of guidelines for managing security and privacy issues in cloud computing. While this effort is aimed at organizations operating in the public sector, NIST's guidelines offered up valuable tips for any enterprise CIO considering the use of public cloud computing services. The NIST's Guidelines on Security and Privacy in Public Cloud Computing (SP 800-144) provides an overview of the security and privacy challenges for public cloud computing and presents recommendations that organizations should consider when outsourcing data, applications and infrastructure to a public cloud environment. The agency also has set up a new NIST Cloud Computing Collaboration Web site to enable two-way communication among the cloud community and NIST cloud research working groups. NIST also recently posted A NIST Definition of Cloud Computing (NIST Special Publication (SP) 800-145). NIST scientists are seeking feedback on both documents. Comments regarding the guidelines should be emailed to firstname.lastname@example.org ; comments on the definition document should be E-mailed to email@example.com. Feedback on both documents must be received no later than Feb. 28, 2011. Here are 10 highlights from the NIST cloud computing guidelines:
NIST Cloud Security Guidelines
Everything's NegotiableNon-negotiable service agreements -- in which the terms of service are prescribed completely by the cloud provider -- are generally the norm in public cloud computing. NIST recommends negotiated service agreements that address your organization's specific concerns about security and privacy details.