Week 4
Guidelines on Security and Privacy in
Public Cloud Computing
NIST SP
800-144 provides an overview of the security and privacy challenges facing
public cloud computing and presents recommendations that organizations should
consider when outsourcing data, application and infrastructure to a public
cloud environment. The document provides insights on threats, technology risks
and safeguards related to public cloud environments to help organizations make
informed decisions about this use of this technology.
Cloud
system works with two parties, one is service provider and the other is
subscriber. Those two parties come together and they have their own
expectation, so it is important to understand, where they are coming from, what
their goals are, and in case the relationship doesn’t work than business need
an exit strategy. So NIST’s SP 800 documented to help organizations with some
of the expectations that they must between the client and cloud provider.
Here are
few recommended guidelines of successful implementation of cloud solutions from
NIST’s SP 800-144 for best practice to establish secure and privacy challenges
for cloud computing, threats, and risk:
Carefully plan the security and privacy
aspects of cloud computing solutions before engaging them:
Organizations
need to set up clear security objectives when planning for outsourcing.
Organizations need to plan security based on the sensitivity of the data.
Establish a clear understanding of what is the intention of provider? Are they compliance with all relevant organizational
policies and that privacy is maintained? How do they handle your customer’s
data? Are they serious about the relationship? Did you take a risk-based
approach in analyzing available security and privacy options and deciding about
placing organizational functions into a cloud environment?
References
Jansen. Wayne, Grance. Timothy,
December 2011 “Guidelines on Security and
Privacy in Public Cloud Computing”,
Published on NIST Special Publication 800-144, Retrieved From: http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
Banks. Erin K.,
(February 2012) “NIST SP800-144 Guidelines on Security and Privacy Public Cloud
Computing – A Relationship Manual”, Published on EMC.com, Retrieved From: http://publicsectorblog.emc.com/erin_banks/nist-sp800-144-guidelines-on-security-and-privacy-in-public-cloud-computing-a-relationship-manual/
No comments:
Post a Comment