The National Institute of Standards and Technology has finalized Guidelines on Security and Privacy in Public Cloud Computing (NIST Special Publication 800-144) that provides an overview of the security and privacy challenges facing cloud computing.
The document also provides recommendations for organizations to consider when outsourcing data, applications and infrastructure to the cloud.
Key guidelines include:
- Carefully plan the security and privacy aspects of cloud computing solutions before implementing them.
- Understand the public cloud computing environment offered by the cloud provider.
- Ensure that a cloud computing solution—both cloud resources and cloud-based applications—satisfy organizational security and privacy requirements.
- Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.
SP 800-144 is geared toward system managers, executives and information officers making decisions about cloud computing initiatives; security professional responsible for IT security; IT program managers concerned with security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services, NIST said.
The publication also provides a detailed list of Federal Information Processing Standards and NIST special publications that provide materials particularly relevant to cloud computing and are recommended to be used in conjunction with SP 800-144.