Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
NIST cloud guidelines address security, privacy concerns
Tuesday - 2/8/2011, 1:28pm EST
But can agencies ensure security and privacy in the cloud?
The National Institute of Standards and Technology published two draft documents on privacy and security, following the Office of Management and Budget's endorsement of a "cloud first" policy.
Lee Badger, a computer scientist at NIST, and Tim Grance, a senior computer scientist at NIST, joined the DorobekINSIDER to explain how agencies can take advantage of the costs and efficiencies of moving to the cloud while maintaining security and privacy.
Grance said that defining the goals and needs of security are up to the user, not the cloud vendor. People also remain responsible for privacy and security of their data, even if it is in someone else's environment.
Badger said agencies can protect themselves by, first, being well-informed about their needs and the cloud vendors' capabilities. Also, agencies must use their contracts with vendors to ensure security and privacy needs are met.
Contracts include two kinds of service level agreements - the most common is something you can simply accept or not accept, Badger said. With the other kind of SLA, the user negotiates the details with the cloud provider.
"You really do have to scrutinize the details," Badger said.
The guidelines proposed by NIST are just that - proposals. NIST is seeking comments from the public through Feb. 28 via email.
Grance said NIST seeks technical comments on their draft documents, but also other comments that address cost-efficiency and innovation.
"Of course we're happy to take any comment people are willing to make," he said.
The public can also contribute to a wiki that includes sections on architecture, use cases and
"We encourage that very robust public and private collaboration," Grance said.
TWiki - Open Source Enterprise Wikiand Web 2.0 Platform
Cloud definition (PDF)