NIST Issues Cloud Security Guidelines - InformationWeek
11:52 AM
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

NIST Issues Cloud Security Guidelines

The government standards body has launched a wiki to get feedback on its draft policies for securely deploying cloud computing.

Top 20 Government Cloud Service Providers
(click image for larger view)
Slideshow: Top 20 Government Cloud Service Providers

Organizations implementing cloud computing should think about security first before deploying a production environment, according to the National Institute of Standards and Technology (NIST).

The advice is one of several guidelines NIST has issued in one of two draft documents on cloud computing, which offer the first set of guidelines for how the federal government manages security and privacy in the cloud.

Government agencies look to NIST for guidance in deploying technologies, and the standards body sets security requirements for technology the government uses under the Federal Information Security Management Act (FISMA).

At the behest of U.S. CIO Vivek Kundra, NIST hastened its publishing of cloud computing security guidelines to promote a "cloud-first" mandate he handed down in December. The policy asks agencies to first consider the cloud when considering new IT projects.

Security has always been a worry, especially for the federal government, when it comes to cloud computing, and the NIST guidelines should give the government the advice it's been waiting for to move full steam ahead.

One of the new documents, NIST Special Publication (SP) 800-145, defines cloud computing, while the other, SP 800-144, sets guidelines for security and privacy.

NIST's Cloud To-Do List
Evaluate the security and privacy aspects of cloud services before using them
Understand the vendor's public cloud computing environment
Ensure the client computing systems meet security and privacy requirements
Establish accountability for the security and privacy of data and applications
Obtain legal and technical advice around service-level agreements

In addition to thinking of security first, organizations also should ensure, if using a public cloud from a service provider, that it meets designated security and privacy requirements. They also should see to it that their client-side computing environment can meet the same standards as well, according to NIST.

NIST also recommends agencies take accountability for the privacy and security of data and applications implemented and deployed in public cloud computing environments rather than merely depend on cloud providers to do it for them.

NIST is accepting comments on the documents until Feb. 28 so people can suggest changes or improvements.

In addition to the guidelines, NIST has also deployed a new Web site to promote industry collaboration for the secure deployment of cloud computing within the federal government. The NIST Cloud Computing Collaboration Site provides general information about NIST's cloud computing program and a calendar of events related to the topic. NIST-sponsored cloud computing working groups also use a set of pages on the site, and are open to participation by anyone who wants to join.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll