Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
NIST cloud guidelines address security, privacy concerns
Tuesday - 2/8/2011, 1:28pm EST
But can agencies ensure security and privacy in the cloud?
The National Institute of Standards and Technology published two draft documents on privacy and security, following the Office of Management and Budget's endorsement of a "cloud first" policy.
Lee Badger, a computer scientist at NIST, and Tim Grance, a senior computer scientist at NIST, joined the DorobekINSIDER to explain how agencies can take advantage of the costs and efficiencies of moving to the cloud while maintaining security and privacy.
Grance said that defining the goals and needs of security are up to the user, not the cloud vendor. People also remain responsible for privacy and security of their data, even if it is in someone else's environment.
Badger said agencies can protect themselves by, first, being well-informed about their needs and the cloud vendors' capabilities. Also, agencies must use their contracts with vendors to ensure security and privacy needs are met.
Contracts include two kinds of service level agreements - the most common is something you can simply accept or not accept, Badger said. With the other kind of SLA, the user negotiates the details with the cloud provider.
"You really do have to scrutinize the details," Badger said.
The guidelines proposed by NIST are just that - proposals. NIST is seeking comments from the public through Feb. 28 via email.
Grance said NIST seeks technical comments on their draft documents, but also other comments that address cost-efficiency and innovation.
"Of course we're happy to take any comment people are willing to make," he said.
The public can also contribute to a wiki that includes sections on architecture, use cases and
"We encourage that very robust public and private collaboration," Grance said.
TWiki - Open Source Enterprise Wikiand Web 2.0 Platform
Cloud definition (PDF)