14 DAY TRIAL // It was not long ago that the shortcomings of data security in the cloud were pointed out and, since Quantum Mechanics isn't quite there yet, NIST has decided to issue some guidelines.
NIST, short for National Institute of Standards and Technology, decided it was time organizations got a clear idea of what they should look for before outsourcing their data.
Cloud computing providers basically offer to use their own data centers to store and manage the data of their clients.
That way, corporations don't need to maintain their own storage conglomerates, saving much in terms of ownership, management and power expenses.
There are risks when trusting another with your important files, though, hence NIST's guidelines.
The Special Publication 800-144 (SP 800-144) offers guidelines for understanding the public cloud environment before taking a decision.
It also explores how one can make sure that the cloud resources and applications satisfy their security and privacy needs.
Furthermore, NIST looked at how these security and privacy aspects may be planned before implementation.
Not only that, but SP 800-144 also paid attention to how a provider needs to maintain accountability over the privacy and security of data and applications implemented and deployed in a public cloud.
“Public cloud computing and the other deployment models are a viable choice for many applications and services. However, accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill,” said publication co-author Tim Grance.
System managers, executives and information officers are the sort of people that the publication is supposed to help.
The insights on risks, safeguards and threats should aid with the making of informed decisions. As for those who want to be particularly thorough, SP 800-144 also mentions other Federal Information Processing Standards and NIST special publications that can help.