Cloud Security and Privacy Guidelines Outlined by NST -- Redmondmag.com

Cloud Security and Privacy Guidelines Outlined by NST

By Rutrell Yasin
01/25/2012

The first set of guidelines for managing security and privacy issues in cloud computing has been finalized by the National Institute of Standards and Technology.

"Guidelines on Security and Privacy in Public Cloud Computing," Special Publication 800-144, provides an overview of the security and privacy challenges facing public cloud computing, NIST officials said.

The publication also presents recommendations that organizations should consider when outsourcing data, applications and infrastructure to a public cloud environment. The document provides insights on threats, technology risks and safeguards related to public cloud environments to help organizations make informed decisions about this use of this technology.

"Guidelines on Security and Privacy in Public Cloud Computing" was first issued as a draft for public comment in February 2011.

"Public cloud computing and the other deployment models are a viable choice for many applications and services,” said publication co-author Tim Grance. “However, accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill."

The key guidelines include:

Carefully plan the security and privacy aspects of cloud computing solutions before implementing them.
Understand the public cloud computing environment offered by the cloud provider.
Ensure that a cloud computing solution — both cloud resources and cloud-based applications — satisfies organizational security and privacy requirements.
Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.

SP 800-144 is geared toward system managers, executives and CIOs making decisions about cloud computing initiatives; security professional responsible for IT security; IT program managers concerned with security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services, NIST officials said.

The publication also offers a detailed list of Federal Information Processing Standards and NIST special publications that provide materials particularly relevant to cloud computing and are recommended to be used in conjunction with SP 800-144.

About the Author

Rutrell Yasin is the senior technology editor of Government Computer News (GCN.com).

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.