The National Institute of Standards (NIST) has developed guidelines for cloud computing and cloud security based upon extensive research for a reference architecture which includes taxonomies that define roles, services and service deployment models. Their approach has been to invite participation and contributions from various stakeholders both from Government and the private sector; this approach has been instrumental in enabling the creation of a security reference architecture and related taxonomies. This body of work provides common verbiage and understanding to enable clarity of communication between the stakeholders and facilitate the decision-making process of adopting the 'cloud' for business transformation.
More information on NIST's cloud computing reference architecture and taxonomies can be found on NIST's cloud computing collaboration site: http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/ReferenceArchitectureTaxonomy
NIST’s cloud computing "security reference architecture" (SRA) is currently under development and it will help delineate which security aspects of the cloud ecosystem the consumer of a cloud offering is responsible for. Electrosoft is working with NIST to perform the analysis of both the security controls required by FISMA and the security implementations suggested by the Cloud Security Alliance (CSA).
- Juanita Koilpillai
For more information about Cloud Security, please Contact Us.