NIST Publishes Cloud Synopsis & Recommendations [DRAFT]
52 views | +0 today
Follow
NIST Publishes Cloud Synopsis & Recommendations [DRAFT]
Enterprise and industry takeaways from NIST's May 2011 Draft 800-146: Cloud Computing Synopsis and Recommendations
Your new post is loading...
Your new post is loading...
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

Our Take: NIST Publishes Recommendations for Cloud Computing Standardization

On May 16, 2011, the National Institute of Standards and Technology (NIST) published a document of recommendations for standardization, titled 800-146: Cloud Computing Synopsis and Recommendations. The first of its kind in terms of scope and detail, this document sets a starting point for security from which cloud service providers can benchmark their offerings, and IT professionals can look to for guidance when selecting a reliable partner.

 

Overall, the document pulled from more than 60 resources, including major providers, organizations and thought leaders, to clearly assess the current market’s computing systems and capabilities, then bring open issues to light. Its recommendations include the following themes:

 

* The call to clearly establish roles, responsibilities, capabilities and terminology between providers and subscribers.

* Needed verification that providers’ promised quality of services are being delivered.

* Providers’ responsibility to transparently report delivery across areas including performance, reliability, economics, security and more.

* Attention to security issues, including detailed planning and reporting on data disclosure, privacy, integrity, multi-tenancy, browsers, hardware and technology, and management.

 

This curated page is full of industry news related to the NIST publication. 

more...
No comment yet.
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

NIST Cloud Security Model

May 22, 2011 — SYS-CON MEDIA

 

"The NIST Recommendations Document naturally therefore includes a comprehensive GRC (Governance, Risk and Compliance) framework as well as identifying a set of core technologies needed to secure Cloud hosting environments in line with Government and other compliance requirements. Essentially there’s two main parts to this:

 

1) a Process Maturity Model : In 800-53 Control Families and Classes a series of procedures and best practices are defined across three core areas of Technical Controls like ‘Identity and Access Management’, as well as operational and managerial ones.

2) Core technologies : NIST identifies a series of key technologies and Cloud architectures necessary to securing remote Cloud environments..."

more...
No comment yet.
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

Cloud Standards Dominate Interop Discussion

Cloud Standards Dominate Interop Discussion | NIST Publishes Cloud Synopsis & Recommendations [DRAFT] | Scoop.it

May 13, 2011 — CRN, by Andrew R. Hickey

 

"Cloud standards, or the lack thereof, dominated a good deal of the cloud discussion at Interop Las Vegas 2011 this week, with many vendors and industry experts calling for some kind of standardization in the wild west that is cloud computing."

more...
No comment yet.
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

7 Truths About Cloud Computing

 May 12, 2011 — Light Reading, by Carol Wilson

 

"Gleaned from hours of discussion at Interop, here are the big cloud trends influencing service providers...

 

It's too soon for cloud service standards.

... There are still too many things to work out to begin cementing things in standards, although standard APIs for connecting pieces of cloud services will become important."

more...
No comment yet.
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

NIST Seeks Comments on Draft Guide to Cloud Computing

May 12, 2011 — NIST

 

"The cloud computing research team at the National Institute of Standards and Technology (NIST) is requesting public comments on a draft of its most complete guide to cloud computing to date.


NIST Cloud Computing Synopsis and Recommendations (Special Publication 800-146) explains cloud computing technology in plain terms and provides practical information for information technology decision makers interested in moving into the cloud."

more...
No comment yet.
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

NIST Publications: Special Publications (800 Series)

NOTE: This section of the NIST website includes a link to the DRAFT Cloud Computing Synopsis and Recommendations.

 

"Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations."

more...
No comment yet.
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

Security and Privacy Standards for Cloud Services

Aug. 5, 2011 — Law.com, by Sean Doherty

 

"New computer and network services provided by web-based applications, cloud computing, and mobile computing platforms can reduce computing costs and provide lawyers with the resources to accomplish their clients' missions without straying far from their core competencies. To fully embrace these new technologies, service providers need to maintain information security and ensure lawyers that when they transmit and store information in the cloud, it is not for all the world to see."

more...
No comment yet.
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

NIST Recommends Security Measures for Cloud Subscribers

May 20, 2011 — Infosecurity (USA)

 

"'Information security in the cloud is a real challenge,' said Lee Badger, an IT specialist with the NIST’s Computer Security Division and one of the authors of the publication.

 

'There are several factors to consider. One is that cloud systems, at least in some of their configurations, are outsourced system. Therefore, for one to have confidence that the system is treating your data with due care, one has to have confidence that the people who are running that system are exercising the care you think is appropriate,' Badger told Infosecurity."

more...
No comment yet.
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

Security Standards – Why They Are So Critical for the Cloud

Security Standards – Why They Are So Critical for the Cloud | NIST Publishes Cloud Synopsis & Recommendations [DRAFT] | Scoop.it

May 13, 2011 — Cloud Security Alliance Blog, by Matthew Gardiner

 

"While it is easy to poke fun at standards by saying such things as “I love standards because there are so many from which to choose,” it is also easy to see the incredible value that they can unlock. Look at the Internet itself as an example. It is hard to imagine the cloud reaching its potential without it using a set of widely adopted standards – security and otherwise.

 

In the context of this blog when I refer to security standards, I am talking about security interface standards (basically cloud security APIs) that enable security systems in one domain, whether in a cloud service or in an on-premise enterprise system, to communicate and interoperate programmatically with security systems in other domains. The absence of such standards drives the use of customized integrations which have been the bane of IT agility since the beginning of modern computing."

more...
No comment yet.
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

Cloud Security Needs Global Standards

Cloud Security Needs Global Standards | NIST Publishes Cloud Synopsis & Recommendations [DRAFT] | Scoop.it

May 10, 2011 — GovInfo Security, by Tom Field

 

Interview with Marlin Pohlman of the Cloud Security Alliance on New Directives

 

"Globally, countries and organizations now recognize the need for a unified approach for managing IT infrastructure services, says Marlin Pohlman of the Cloud Security Alliance. The trick is developing this new set of global standards."

more...
No comment yet.
Scooped by Harris Cyber Integrated Solutions
Scoop.it!

Strassmann’s Blog: Will Standards Define the Cloud Environment?

Strassmann’s Blog: Will Standards Define the Cloud Environment? | NIST Publishes Cloud Synopsis & Recommendations [DRAFT] | Scoop.it

April 20, 2011 — Strassmann's Blog, by Paul Strassmann

 

"Standards are critical with increasing pressure to ensure that cloud technology investments remain viable for years to come. Standards allow CIOs to select products that best suit their needs today–regardless of vendor–while helping to ensure that no proprietary constraints arise when new systems are put in place in the future."

more...
No comment yet.