NIST Issues Long-Awaited Cloud Guidance

SP 800-146 Describes Cloud's Strengths, Weaknesses
NIST Issues Long-Awaited Cloud Guidance

NIST has published its long-awaited cloud computing guidance, Special Publication 800-146: Cloud Computing Synopsis and Recommendations, that addresses risk management and other security matters.

See Also: Webinar | Prevent, Detect & Restore: Data Security Backup Systems Made Easy

The National Institute of Standards and Technology says the new guidance explains cloud computing systems in plain language and provides recommendations for information technology decision makers, including chief information officers, information systems developers, system and network administrators, information system security officers and systems owners.

SP 800-146 furnishes details on cloud deployment; available services; economic considerations; technical characteristics, such as performance and reliability; typical terms of service and security; and risk management challenges. The guidance also recommends how and when cloud computing is appropriate and indicates the limits of current knowledge and areas for future research and analysis.

The document reviews the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology and provides guidelines and recommendations on how organizations should consider the relative opportunities and risks of cloud computing.

Inherently, the guidance states, the move to cloud computing is a business decision in which the business case should consider the relevant factors, such as readiness of existing applications for cloud deployment, transition and life-cycle costs, maturity of service orientation in existing infrastructure and other factors including security and privacy requirements.

"Cloud computing has been the subject of a great deal of commentary," the guidance authors write. "Attempts to describe cloud computing in general terms, however, have been problematic because cloud computing is not a single kind of system, but instead spans a spectrum of underlying technologies, configuration possibilities, service models and deployment models. This document describes cloud systems and discusses their strengths and weaknesses."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.