Week 4

Guidelines on Security and Privacy in Public Cloud Computing

NIST SP 800-144 provides an overview of the security and privacy challenges facing public cloud computing and presents recommendations that organizations should consider when outsourcing data, application and infrastructure to a public cloud environment. The document provides insights on threats, technology risks and safeguards related to public cloud environments to help organizations make informed decisions about this use of this technology.

Cloud system works with two parties, one is service provider and the other is subscriber. Those two parties come together and they have their own expectation, so it is important to understand, where they are coming from, what their goals are, and in case the relationship doesn’t work than business need an exit strategy. So NIST’s SP 800 documented to help organizations with some of the expectations that they must between the client and cloud provider.

Here are few recommended guidelines of successful implementation of cloud solutions from NIST’s SP 800-144 for best practice to establish secure and privacy challenges for cloud computing, threats, and risk:

Carefully plan the security and privacy aspects of cloud computing solutions before engaging them:

Organizations need to set up clear security objectives when planning for outsourcing. Organizations need to plan security based on the sensitivity of the data. Establish a clear understanding of what is the intention of provider?  Are they compliance with all relevant organizational policies and that privacy is maintained? How do they handle your customer’s data? Are they serious about the relationship? Did you take a risk-based approach in analyzing available security and privacy options and deciding about placing organizational functions into a cloud environment? 

References

Jansen. Wayne, Grance. Timothy, December 2011 “Guidelines on Security and

Privacy in Public Cloud Computing”, Published on NIST Special Publication 800-144, Retrieved From: http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf

 Banks. Erin K., (February 2012) “NIST SP800-144 Guidelines on Security and Privacy Public Cloud Computing – A Relationship Manual”, Published on EMC.com, Retrieved From: http://publicsectorblog.emc.com/erin_banks/nist-sp800-144-guidelines-on-security-and-privacy-in-public-cloud-computing-a-relationship-manual/