The National Institute for Standards and Technology (NIST) has published an 84-page draft of its cloud computing guidelines, NIST Cloud Computing Synopsis and Recommendations, or SP 800-146, and is seeking comment from federal agencies and the public on its recommendations.
There are still many myths about cloud computing, even from technologists who are charged with implementing it. Since government agencies look to NIST for guidance in deploying technologies, the document tackles the cloud from various angles and tries to cover as much ground as possible.
Because cloud computing is not merely one technology but a collection of many in a particular systems environment, NIST provides an overview of different cloud environments--software as a service, platform as a service, and infrastructure as a service--and discusses each in detail.
The document also provides information on how organizations should balance the opportunities and efficiencies that cloud computing presents with its security risks. Other topics include computing performance, reliability, economics, compliance, and data and applications security, as well as the typical costs of cloud computing.
Last December U.S. CIO Vivek Kundra issued a "cloud-first" mandate to agencies requiring they consider the cloud as an option before deciding on new technology deployment.
He also demanded that agencies identify three existing systems that could move to the cloud, which he said recently has been done. Cloud computing is an integral part of the feds' 25-point IT reform plan.
Earlier this year NIST also published a draft for managing security and privacy in the cloud, hastening the document's release at Kundra's request to support the cloud-first policy. The standards body sets security requirements for technology the government uses under the Federal Information Security Management Act (FISMA).
NIST is accepting comments on the document via e-mail at firstname.lastname@example.org until June 13.