Cloud computing is gaining its popularity in an accelerated mode and many businesses and government entities are adopting cloud computing for supporting their business needs. NIST has recently released a a special publication on .Guidelines on Security and Privacy in Public Cloud Computing..
The SP 800-144 document covers the security requirements to be met by federal agencies opting for cloud computing. The key guidelines are based on the following:
-
Carefully plan the security and privacy aspects of cloud computing solutions before engaging them.
-
Understand the public cloud computing environment offered by the cloud provider.
-
Ensure that a cloud computing solution satisfies organizational security and privacy requirements.
-
Ensure that the client-side computing environment meets organizational security and privacy requirements for cloud computing.
-
Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.
There are 7 chapters, chapters from 2 to 6 are the key sections. These chapters cover topics such as:
-
Basics of cloud computing
-
Various models of public cloud computing
-
The benefits and drawbacks of public cloud computing from a security and privacy perspective
-
Key threats to the security and privacy of information in public cloud computing
-
Potential risk mitigation option in the cloud computing
-
Outsourcing data to public cloud computing
The publication also provides a detailed list of Federal Information Processing Standards and NIST special publications that provide materials particularly relevant to cloud computing and are recommended to be used in conjunction with SP 800-144.
The document can be downloaded from here (PDF).
