According to the National Institute of Standards and Technology (NIST), responsible for developing standards and guidelines including minimum requirements for providing adequate information security for agency operations and governmental assets, interest in cloud computing has rapidly grown due to the advantages of greater flexibility and availability of computing resources at lower cost.
Security and privacy, however, are a concern for those considering migrating applications to public cloud computing environments. To address the myriad factors involved in cloud data security, NIST has issued a report entitled “Guidelines on Security and Privacy in Public Cloud Computing.”
Security and privacy, however, are a concern for those considering migrating applications to public cloud computing environments.
“Although the emergence of cloud computing is a recent development, insights into critical aspects of security can be gleaned from reported experiences of early adopters and also from researchers analyzing and experimenting with available cloud provider platforms and associated technologies,” the report states. “Cloud computing does represent a thought-provoking paradigm shift that goes beyond conventional norms to de-perimeterize the organizational infrastructure — at the extreme, displacing applications from one organization’s infrastructure to the infrastructure of another organization, where the applications of potential adversaries may also operate.”
“Because cloud computing has grown out of an amalgamation of technologies, including service oriented architecture, virtualization, Web 2.0, and utility computing, many of the privacy and security issues involved can be viewed as known problems cast in a new setting,” the NIST report offers. “The importance of their combined effect, however, should not be discounted.”
The full report is available online at http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf.