New document details risk management and other security issues related to cloud computing.
In an attempt to clear up some of the confusion around cloud computing, the National Institute of Standards and Technology has unveiled a guide that explains cloud technologies in “plain terms” to federal agencies and provides recommendations for IT decision makers.
The newly released Special Publication 800-146 Cloud Computing Synopsis and Recommendations repeats the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, and gives insight into various cloud technologies. It also provides guidelines and recommendations on how organizations should weigh the opportunities and risks of cloud computing.
Previous attempts to describe cloud computing in general terms “have been problematic because cloud computing is not a single kind of system, but instead spans a spectrum of underlying technologies,configuration possibilities, service models, and deployment models,” the newly released guidance states. “This document describes cloud systems and discusses their strengths and weaknesses.”
Also aimed at helping federal information systems professionals make better-informed decisions around cloud computing, the guidance gives general how-tos in five areas: management, data governance, security and reliability, virtual machines, and software and applications.
The special publication comes nearly two weeks after the General Services Administration announced its next phase of the Federal Risk and Authorization Management Program. On May 14, GSA released a list of third-party assessment organizations that will assess and test the controls of cloud service providers in accordance with FedRAMP requirements. FedRAMP has been touted as a key step to spurring federal cloud adoption and boosting the confidence of its use governmentwide.