Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory



Similar documents
Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

WRITTEN TESTIMONY OF NICKLOUS COMBS CHIEF TECHNOLOGY OFFICER, EMC FEDERAL ON CLOUD COMPUTING: BENEFITS AND RISKS MOVING FEDERAL IT INTO THE CLOUD

Cloud Security. DLT Solutions LLC June #DLTCloud

The NIST Definition of Cloud Computing (Draft)

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

BUSINESS MANAGEMENT SUPPORT

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Cloud computing: the state of the art and challenges. Jānis Kampars Riga Technical University

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

Security & Trust in the Cloud

Federal Cloud Computing Initiative Overview

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

Managing Cloud Computing Risk

Cloud Computing; What is it, How long has it been here, and Where is it going?

CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD. Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas

Flying into the Cloud: Do You Need a Navigator? Services. Colin R. Chasler Vice President Solutions Architecture Dell Services Federal Government

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing

Security Issues in Cloud Computing

THE CLOUD AND ITS EFFECTS ON WEB DEVELOPMENT

Secure Cloud Computing through IT Auditing

Confidence in the Cloud Five Ways to Capitalize with Symantec

NIST Cyber Security Activities

Cloud Computing. What is Cloud Computing?

journey to a hybrid cloud

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

An Overview of Big Data Technology and Security Implications

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Cyber Security and Privacy - Program 183

The NIST Definition of Cloud Computing

CLOUD COMPUTING An Overview

White Paper on CLOUD COMPUTING

CLOUD IN HEALTHCARE EXECUTIVE SUMMARY 1/21/15

Strategies for Secure Cloud Computing

Cloud Computing: Risks and Auditing

Effectively and Securely Using the Cloud Computing Paradigm. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Cloud Courses Description

How To Compare Cloud Computing To Cloud Platforms And Cloud Computing

Guidelines for Successful Cloud Investments by deborah collier Technology Policy Director

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME

SECTION A: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT

CHAPTER 8 CLOUD COMPUTING

HHSN W 1 QSSI - Quality Software Services, Inc

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Introduction This contract is intended to provide IT solutions and services as

Cloud Computing: The Next Computing Paradigm

Clinical Trials in the Cloud: A New Paradigm?

What Is It? Business Architecture Research Challenges Bibliography. Cloud Computing. Research Challenges Overview. Carlos Eduardo Moreira dos Santos

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

IJRSET 2015 SPL Volume 2, Issue 11 Pages: 29-33

Introduction to Cyber Security / Information Security

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Enterprise Continuous Monitoring Technical Reference Architecture

Task Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare

Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

How To Protect Your Cloud Computing Resources From Attack

Cloud Computing. Bringing the Cloud into Focus

Unlocking the Benefits of Cloud Computing For Emerging Economies

Virtualization Technologies in SCADA/EMS/DMS/OMS. Vendor perspective Norman Sabelli Ventyx, an ABB company

Cloud Courses Description

Cloud Manufacturing Olena Skarlat

Click to edit Master title style. How To Choose The Right MSSP

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

Cloud Security for Federal Agencies

An Introduction to Cloud Computing in the Federal Public Sector

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

Course 20465C: Designing a Data Solution with Microsoft SQL Server

NIST Cloud Computing Security Reference Architecture (SP draft)

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

GAO INFORMATION SECURITY. Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing. Report to Congressional Requesters

VA Office of Inspector General

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

An Introduction to Cloud Computing in the Public Sector

Transcription:

Perspectives on Cloud Computing and Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory

Standardization and Cloud Computing Cloud computing is a convergence of many technologies Some have their own standards This convergence combined with massively scaled deployments represents leap-ahead capabilities We have a choice proprietary stovepipe clouds standards based clouds Standards will be vital to achieve success Can t standardize what you can t define

A NIST Definition of Cloud Computing A computing capability where the architecture surrounding massive clusters of computers is abstracted from the applications using it and a software and server framework (usually based on virtualization) provides clients scalable utility computing capabilities to elastically provide many servers for a single software-as-a-service style application or to host many such applications on a few servers.

Foundational Elements of Cloud Computing Business Models Web 2.0 Software as a Service (SaaS) Utility Computing Service Level Agreements Open standards, Data Portability, and Accessibility Architecture Autonomic System Computing Grid Computing Platform Virtualization Web Services Service Oriented Architectures Web application frameworks Open source software

Need for Cloud Computing Standards Standards for the cloud architecture Emerging Cloud interfaces are the key Leverage autonomic computing, grids, and virtualization? Standards for cloud applications Mature technologies but various approaches exist Software as a service / Utility computing Service Oriented Architecture Web Services standards Web Application frameworks

Enterprise Cloud Infrastructures The Need Security and privacy concerns in using 3 rd party clouds with sensitive data Problem of security boundaries and security compliance (e.g., HIPAA, FISMA, SOX) How should large enterprises create their own clouds? Which standards should be adopted? What is the role of open source and proprietary software? How should one leverage existing data centers (cloud interconnections)? Can one acquire isolated instances of 3 rd party clouds? Government owned, contractor operated (GOCO) What is the minimum size needed to make it cost effective to build a cloud?

The Federal Cloud Infrastructure An idea: The Federal government identifies minimal standards and an architecture to enable agencies to create or purchase interoperable cloud capabilities Agencies would own cloud instances or nodes Nodes would provide the same software framework for running cloud applications Nodes would participate in the Federal cloud infrastructure Federal infrastructure would promote and adopt cloud architecture standards (non-proprietary) Minimal standards refers to the need to ensure node interoperability and application portability without inhibiting innovation and adoption thus limiting the scale of cloud deployments

The Federal Cloud Infrastructure Benefits Federal applications could run on any cloud node Federal applications could migrate between cloud nodes Contingency planning/disaster recovery Scalability/elasticity Centralized and standardized security enforcement and monitoring (intrusions, secure configurations, vulnerabilities, malware) Interagency billing of resources used will self-optimize growth of cloud nodes Limits to agencies independently building their own clouds Lack of the massive scale needed to leverage cloud benefits Non-interoperable architectures (e.g., no disaster recovery capabilities)

Possible Approaches Moving Forward Should the U.S. government: solely use 3 rd party clouds (probably just for nonsensitive data) procure a single USG cloud procure multiple independent non-interoperable USG clouds work towards a Federal cloud infrastructure (standards and architecture)

Upcoming Draft NIST Cloud Computing Security Publication NIST Special Publication to be created in FY09 Overview of cloud computing Cloud computing security issues Securing cloud architectures Securing cloud applications Enabling and performing forensics in the cloud Centralizing security monitoring in a cloud architecture Obtaining security from 3 rd party cloud architectures through service level agreements Security compliance frameworks and cloud computing (e.g., HIPAA, FISMA, SOX)

Questions? Peter Mell Senior Computer Scientist NIST, Information Technology Laboratory 301-975-5572 mell@nist.gov Tim Grance Program Manager, Cyber and Network Security Program NIST, Information Technology Laboratory 301-975-4242 grance@nist.gov

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information