Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
NIST cloud guidelines address security, privacy concerns
Tuesday - 2/8/2011, 1:28pm EST
But can agencies ensure security and privacy in the cloud?
The National Institute of Standards and Technology published two draft documents on privacy and security, following the Office of Management and Budget's endorsement of a "cloud first" policy.
Lee Badger, a computer scientist at NIST, and Tim Grance, a senior computer scientist at NIST, joined the DorobekINSIDER to explain how agencies can take advantage of the costs and efficiencies of moving to the cloud while maintaining security and privacy.
Grance said that defining the goals and needs of security are up to the user, not the cloud vendor. People also remain responsible for privacy and security of their data, even if it is in someone else's environment.
Badger said agencies can protect themselves by, first, being well-informed about their needs and the cloud vendors' capabilities. Also, agencies must use their contracts with vendors to ensure security and privacy needs are met.
Contracts include two kinds of service level agreements - the most common is something you can simply accept or not accept, Badger said. With the other kind of SLA, the user negotiates the details with the cloud provider.
"You really do have to scrutinize the details," Badger said.
The guidelines proposed by NIST are just that - proposals. NIST is seeking comments from the public through Feb. 28 via email.
Grance said NIST seeks technical comments on their draft documents, but also other comments that address cost-efficiency and innovation.
"Of course we're happy to take any comment people are willing to make," he said.
The public can also contribute to a wiki that includes sections on architecture, use cases and
"We encourage that very robust public and private collaboration," Grance said.
TWiki - Open Source Enterprise Wikiand Web 2.0 Platform
Cloud definition (PDF)