Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
NIST cloud guidelines address security, privacy concerns
Tuesday - 2/8/2011, 1:28pm EST
But can agencies ensure security and privacy in the cloud?
The National Institute of Standards and Technology published two draft documents on privacy and security, following the Office of Management and Budget's endorsement of a "cloud first" policy.
Lee Badger, a computer scientist at NIST, and Tim Grance, a senior computer scientist at NIST, joined the DorobekINSIDER to explain how agencies can take advantage of the costs and efficiencies of moving to the cloud while maintaining security and privacy.
Grance said that defining the goals and needs of security are up to the user, not the cloud vendor. People also remain responsible for privacy and security of their data, even if it is in someone else's environment.
Badger said agencies can protect themselves by, first, being well-informed about their needs and the cloud vendors' capabilities. Also, agencies must use their contracts with vendors to ensure security and privacy needs are met.
Contracts include two kinds of service level agreements - the most common is something you can simply accept or not accept, Badger said. With the other kind of SLA, the user negotiates the details with the cloud provider.
"You really do have to scrutinize the details," Badger said.
The guidelines proposed by NIST are just that - proposals. NIST is seeking comments from the public through Feb. 28 via email.
Grance said NIST seeks technical comments on their draft documents, but also other comments that address cost-efficiency and innovation.
"Of course we're happy to take any comment people are willing to make," he said.
The public can also contribute to a wiki that includes sections on architecture, use cases and
"We encourage that very robust public and private collaboration," Grance said.
TWiki - Open Source Enterprise Wikiand Web 2.0 Platform
Cloud definition (PDF)