The Public Eye with Eric Chabrow

Cloud's Security Challenge Isn't Just Technical

Cloud's Security Challenge Isn't Just Technical

"Everybody is very interested in ensuring security," Peter Mell, project lead for the National Institute of Standards and Technology's cloud research team, said in an interview for a forthcoming story I'm researching on federal government cloud computing. "What I see most discussed is security compliance issues. Can I document it, implement it, test it and show that it meets the federal government requirements for the security assistance?"

The federal government requires agencies to certify private contractors' IT systems they use, a situation that isn't easily accomplished with cloud computing providers, an industry where no security standards have been adopted. Another compliance challenge involves the nascent security technologies cloud providers offer.

"Compliance is going to be a little bit tricky in the cloud space." 

"Compliance is going to be tricky in the cloud space for several reasons, but one reason is that clouds are likely to use new security technologies that aren't well understood or widely adopted, and that will make it difficult to prove the required level of security to auditors and to authorizing officials," Mell said.

Mell leads a team of four other NIST computer scientists working on cloud computing security guidance. The first of the team's work will be found in an update of NIST Special Publication 800-37: A Security Life Cycle Approach. A draft of the publication should be available in June or July, with the final version published in August, Mell said. Click here to read more about the regulatory challenges agencies face in using cloud computing.

What information security obstacles do you see in implementing cloud computing? Please respond below.

Also, as I continue reporting on cloud computing security, you can help. Let me know of any government cloud computing projects, either those launched or planned. Contact me at

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.