January 25, 2012 – Internal accountability and governance are paramount for the security and privacy of information in the cloud, according to new guidelines finalized by the National Institute of Standards and Technology.
The report, geared at informing IT leaders, executives and security network administrators involved in cloud computing initiatives, delves into threats, risks and safeguards to public cloud environments. NIST noted that, while cloud adoption has grown immensely in the last few years, in terms of maturity it “remains a work in progress.”
Among the key elements in the report for shifting data, applications and infrastructure to the cloud, NIST expressly pointed to internal accountability of information, even when accessed off-premise, as a painstaking yet vital initiative. In addition, NIST warned that deployments require increased attention to data governance and compliance due to a perceived lack of information control.
“Public cloud computing and the other deployment models are a viable choice for many applications and services. However, accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill,” said report co-author Tim Grance in a news release.
The guidelines also emphasize careful planning prior to engagement, an understanding of the cloud environment being offered, and satisfaction that cloud offerings meet internal and client-side requirements. Ultimately, NIST likened preparing for cloud security and privacy as an “exercise in risk management.”
Overall for security and privacy, NIST touted such upsides to public deployments as staff specialization, increased technological acumen for smaller enterprises, platform strength, and access and concentration of data for mobile users.
NIST standards provide the baseline for federal and many governmental IT and technological plans.
Click here to download the 80-page PDF of the guidelines, entitled “Guidelines on Security and Privacy in Public Cloud Computing.”