27 May 2009
Making cloud computing safe, secure
As everyone has a different understanding of what so many terms mean, a group of security experts got together to come up with a working definition for cloud computing.
Cloud computing is a new technique with potential for achieving significant cost savings and information technology agility.
Since the federal government is considering cloud computing as a component of its new technology infrastructure, a group of security wonks from the National Institute of Standards and Technology (NIST) got together to evaluate the computing method and then promote its effective and secure use within government and industry by providing technical guidance and standards.
The working definition of cloud computing described by NIST is “a pay-per-use model for enabling available, convenient, and on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” The draft working definition also describes five key characteristics, three delivery models, and four deployment models.
The NIST cloud computing research team is studying cloud architectures, security, and deployment strategies for the federal government. But its first task was to collaborate with industry and government to develop a working definition of cloud computing that will serve as a foundation for its research. The term “cloud computing” comes from the field’s standard use of drawing the Internet as a cloud in diagrams.
Security is always a concern with any new computer approach, and this one is no different.
“Cloud computing has both security advantages and disadvantages,” said cloud research team leader Peter Mell. “The cloud computing model inherently promotes availability of services through its distributed architecture model. However, this same model presents data confidentiality and integrity challenges by pooling hardware resources for use by multiple parties.”
For related information, go to www.isa.org/networks.