NIST Provides Guidelines for Safe Cloud Computing Deployment

    A recent survey shows that although cloud adoption is on the rise, a number of organizations have yet to adopt the platform in any form. GigaOM Research and North Bridge Venture Partners, in collaboration with 57 other organizations, compiled the third annual Future of Cloud Computing Survey, in which only 25 percent of respondents had not yet adopted cloud platforms in their companies. The top reason for lack of adoption or slowed adoption was considered to be security issues, as identified by 46 percent of those surveyed. 

    For organizations that have yet to adopt cloud computing or that have only dabbled in cloud adoption via public cloud services, a recent publication by the National Institute of Standards and Technology (NIST) could help safely and efficiently move into the cloud. The document, “Cloud Computing: A Review of Features, Benefits, and Risks, and Recommendations for Secure, Efficient Implementations,” is available in our IT Downloads section.

    In the document, NIST contributors define cloud computing characteristics, issues associated with its deployment, and models of deployment, including:

    • Private cloud
    • Community cloud
    • Public cloud
    • Hybrid cloud
    • On-site private cloud

    Service models—IaaS, SaaS, and PaaS— of cloud computing are also discussed in detail, with consideration given to business objectives and jobs suited for each type.

    Discussions on security delve into open issues and explanations of how to more securely deploy a cloud environment:

    By imposing uniform management practices, cloud providers may be able to improve on some security update and response issues. Clouds, however, have the potential to aggregate private, sensitive information about customers in cloud data centers. Cloud providers must assure the subscriber that they can keep customer data isolated and protected. Since cloud users and administrators rely heavily on Web browsers, browser security failures can lead to cloud security breaches. The privacy and security of cloud computing depend primarily on whether the cloud service provider has implemented robust security controls and a sound privacy policy required by their customers.

    The publication also discusses general information security and makes recommendations on risk management and data governance.

    Both organizations currently deploying cloud environments and those that are considering doing so will benefit from this strategic text. It is filled with best practices and solid standards for instituting a cloud computing platform in most any size of organization.

    Latest Articles