CLOUD COMPUTING

Federal Initiatives Provide Cloud Security Guidance

Salvatore Salamone | Date: 01-18-12 | Comments

• 00
• PrintPDF
• Filed Under: Cloud Computing




• Two efforts aimed at improving the security of cloud services used by federal agencies provide guidelines for providers. As the provisions of those specifications are adopted, businesses will reap the benefits of improved security for their cloud services.

• Security is often cited as a primary cause for concern when considering cloud deployments. To overcome these concerns, companies moving to public cloud services might look to some emerging standards for help.

  The first source of help is an initiative from the Federal government called the Federal Risk and Authorization Management Program. This program, known by its acronym FedRAMP, establishes a baseline of security requirements for government contractors interested in providing the federal government with cloud services.

  FedRAMP defines a set of minimum security controls cloud providers have to meet to work with the federal government. The guidelines also define an assessment process for authorizing those services and mandate the use of a continuous monitoring tool that all agencies apply to ensure compliance with the guidelines.

  While FedRAMP only applies to government agencies, the thought is that, as has happened in the past, many providers will implement the necessary security features and practices to be in compliance. And this in turn will raise the level of security of those public clouds services for any company that uses them. Additionally, companies can look to the details of FedRAMP when developing their own security criteria for using cloud service providers.

  A second source of help comes from the National Institute of Standards and Technology. NIST has developed a road map and a reference document about cloud architecture covering interoperability and security.

  In developing this material, NIST applied past standards used for pre-cloud technologies, like Web services and the Internet. NIST identified several holes in current cloud standards, for example, in the area of privacy protection. It also created new standards specifically for cloud architectures.

  As is the case with FedRAMP, the NIST work is designed to give federal agencies guidance on cloud security, but it will also be used by service providers to map their architectures to the one NIST developed. This will help ensure that providers who work with the federal government offer the security needed to make cloud computing safer. And this, in turn, will mean that businesses that use the same cloud service providers will benefit from this work.

  For more details about these initiatives, take a look at these two articles:

  eWEEK: "White House Sets Uniform Security Standard for Cloud Providers"

  Smarter Technology: "NIST Releases New Federal Cloud Standards"

   

IBM Resources

• Is mobile Africa's future?
• Cloud computing insights from 110 implementation projects
• Capturing the Potential of Cloud
• End to End Virtualization: A holistic approach for a dynamic environment.
• Developing in the Cloud: Why It.s Time To Rethink Your Development Processes
• Defining a Framework for Cloud Adoption

Most Read

• Tablets, Smartphones Obsolete PowerPoint
• Top 10 Innovations of 2012
• Cloud Desktop Boosts Small Business
• Quantum Computing Almost Here
• Recent Reports Examine Smartphone Shopping Behaviors
• SMB BI Adoption Grows, Shifts to Cloud
• Gen Y Loves a Well-Connected Car
• Tool Educates SMBs on the Cloud
• Facebook Gaming in Decline

Trending

• Robots Construct Reconfigurable Buildings
• Cloud Desktop Boosts Small Business
• Shipboard Humanoid Robot to Aid Navy
• Facebook Gaming in Decline
• Motion Control Vaults Augmented Reality
• Nintendo Wii Diagnoses Eye Malady
• Smart Cities Win Awards
• Success Depends on Phrasing
• Online Video Spells Death for DVD

RELATED CONTENT

• New Federal Cloud Program to Mandate Security
• NIST Releases New Federal Cloud Standards
• Apps.gov: Federal Computing Cloud Takes Shape
• Feds Fess Up to Confusion, Disagreements over Data Center Consolidation
• Telecommuting Efforts Increasingly Aided by the Cloud
• Cloud Computing for the Public Sector
• Cloud Computing Could Be Key to U.S. Cyber-Defense

View the IBM Smarter Analytics Leadership Summit

Videos

TWITTER FEED

• about 11 hours agoRT @EPatton4: Nice piece by @Daniel_Bowers at Ideas on #IBM newest blades and x220 compute node announced Monday 5/14 http://t.co/a3z61lK0
  
• about 13 hours agoThe Smarter Computing Daily is out! http://t.co/FR7642Ug ▸ Top stories today via @newsociallearn @cboulangfr @kelseyhowarth
  
• May 15th 12:48 PMThe Smarter Computing Daily is out! http://t.co/FR7642Ug ▸ Top stories today via @ibm_oesterreich @ashleyafisher @carlantoine @ibmitar
  
• May 15th 10:40 AMIT Migration Life Cyle: An Expert Panel Discussion #OpenITchat May 21st http://t.co/68Yb6aCM #storify #openitchat #ibm
  
• May 15th 9:13 AM@pgillin @ForwardViewIBM @IBMSmrtCommerce @IBMSmrtrCmptng @IBMISSFED @ibmsecurity @iangertler Done. Good luck on the @IBM webinar, Paul!
  
• May 15th 9:11 AMRT @pgillin Join us for a #security webinar Tues 2 EDT: Why Cybercriminals Target Midsize Orgs & How to Foil Them http://t.co/m5h0dL1Z
  
• May 15th 9:08 AM@dataxu Our pleasure ... keep making #bigdata, the #cloud and IT optimization work for the online and #mobile advertising arena!
  
• May 15th 9:06 AM#SmarterComputing! RT @rwang0: 4 personas of next gen #CIO shifting from Infrastructure to Innovation http://t.co/KtlVAuU2 #sapphirenow
  
• May 14th 12:48 PMThe Smarter Computing Daily is out! http://t.co/FR7642Ug ▸ Top stories today via @royisoncloud @shubhs77 @jlbrowning
  
• May 14th 11:02 AMIBM making smarter computing real for x86 #SandyBridge users. http://t.co/AgM3lR0I
  
< PrevNext >

JOIN US

Like us on Facebook Follow us on Twitter Get the Smarter Tech Newsletter Register to view the archived "Data Center Optimization Techniques: Stop Wasting Time & Money" eSeminar Register Now >

Connect with the The Future of IT Architecture blog