NIST identifies cloud computing standards gaps
When it comes to gaps in technology standards for cloud computing, security and privacy stands out as the area with the most holes, according to a National Institute of Standards and Technology cloud computing standards roadmap released Sept. 13.
The document identifies 11 standards gaps, with four pertaining to security and privacy. Among the gaps are "policies, processes and technical controls in supporting the security auditing, regulation, and law compliance needs."
Auditing is especially important for federal agencies, the document says, since the Office of Management and Budget has said that agency cloud computing contracts should include a clause enabling third party auditor access for the purpose assessing security controls.
The majority of technological standards that support cloud computing pre-date the cloud era, NIST says. The fact of cloud computing itself has also created new standardization gaps, and has brought some pre-cloud gaps to the forefront.
The document also limns a conceptual model of all the actors within cloud computing and their interactions. NIST identifies five actors: a consumer, a provider, an auditor, brokers and carriers. Brokers are entities that could emerge as a middleman between consumers and providers, the document says, and be responsible for managing the use, performance and delivery of cloud services.
Carriers are telecommunication providers who manage the network on which cloud services are provided, NIST also explains.
- download the NIST Cloud Computing Standards Roadmap (.pdf)
- download a NIST Cloud Computing Reference Architecture, also released Sept. 13 (.pdf)
- go to a NIST inventory of cloud computing-relevant standards
- go to a NIST press release about the roadmap and taxonomy