NIST Tackles Security Concerns on the Cloud

Study includes recommendations for securely configuring and using full computing virtualization technologies.

By Peter Alpern

By almost any measure, cloud computing is a marketing triumph. Software as a service off the Internet "cloud" was once initially merely a promise of the future. Today in the infinite present, it's the ceaseless rage.

But, more than other industries, questions abound as to whether the cloud has a fit in the industrial world.

Many large-scale manufacturers are intrigued by the concept of using virtualized servers within the plant, yet use is still in its infancy. Even more unclear are questions concerning security.

On this front, the National Institute of Standards and Technology hopes to bring more clarity. Recently, the technology organization set out to definitively lay out clear security requirements for web-based computing applications and services.

U.S. chief information officer Vivek Kundra tasked NIST with speeding up the process of forming security guidelines for federal adoption of the cloud. Kundra has been among the nation's most vocal proponents of wiring federal agencies into the cloud.

NIST laid out a series of proposals in its "Guidelines on Security and Privacy in Public Cloud Computing," which highlights security and privacy challenges related to public cloud computing as well as what steps an organization should take when it begins its migration.

Though the suggestions are focused on public adoption, they reveal significant obstacles that remain for private clouds as well.

More here