TRENDING:

Cloud Security

Weighing Pros, Cons of Cloud Computing Security

NIST Scientists Raise Questions, Now Seek Answers Eric Chabrow (GovInfoSecurity) • April 9, 2009    
Weighing Pros, Cons of Cloud Computing Security
As Vivek Kundra, the new federal chief information officer touts the benefits of cloud computing, a group of computer scientists from the National Institute of Standards and Technologies have outlined the information security pros and cons of cloud computing as they dive into a year-long effort to develop guidance for the technology.

The presentation, Effectively and Securely Using the Cloud Computing Paradigm, is not intended to provide official NIST guidance or policy but is presented to engage government IT managers in a discussion on the benefits and security challenges of cloud computing.

"Cloud computing is a convergence of many technologies (and) some have their own standards," the presentation states. "This convergence combined with massively scaled deployments represents leap-ahead capabilities."

Among the potential cloud computing benefits identified by the computer scientists: dedicated security teams, greater infrastructure security, reduction in certification and accreditation activities, simplifying compliance analysis, low-cost disaster recovery and rapid reconstitution of services.

The information security challenges they identified included conflicts with existing data dispersal and international privacy laws, data ownership, service guarantees, securing virtual machines, massive outages and encryption needs.

Other concerns the NIST computer scientists raised included moving personal identifiable information and sensitive data to the cloud, using service-level agreements to obtain cloud security, contingency planning and disaster recovery for cloud implementations and handling compliance.

"So where are we?" the NIST scientists asked in their presentation. "Today, cloud standards don't exist. Grid computing has many standards but isn't the same model. SOA/WE (service-oriented architecture/web services) has standards but this only applies to the applications running on the cloud. Standards will be vital to achieve success. ... (You) can't standardize what you can't define."

And, defining definitions and models related to cloud computing and its security is what NIST intends to do. By early fall, NIST intends to publish special publications that address the problems cloud computing solves, the technical characteristics of cloud computing and how best to leverage cloud computing and obtain security.

Do you have questions or comments for the NIST Cloud Research Team? If so, contact project lead Peter Mell at mell@nist.gov or program manager Tim Grance at grance@nist.gov.

Previous
DHS Offers Tool to Detect Conficker
Next
Data Privacy Trends: Randy Sabett, Information Security Attorney

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.