Guidance from NIST for Cloud Computing. With the rapid trend towards leveraging Cloud/SaaS services to outsource aspects of information technology, guidance for how to do so in a secure manner has been somewhat lacking. That has changed with NIST’s release of the following draft guidance:
NIST Seeks Comments on Draft Guide to Cloud Computing
https://www.nist.gov/itl/csd/20110512_cloud_guide.cfm
A draft of Special Publication 800-146, Cloud Computing Synopsis and Recommendations, provides definitions of cloud computing technologies as well as practical information for decision makers interested in moving to the cloud.
Section 9 may be of particular interest to organizations considering leveraging Cloud strategies. It provides information on how organizations should consider the relative opportunities and risks of cloud computing.
Stay tuned, as we’ll be talking much more about security in the cloud in the months to come…
Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services
CLOUD SECURITY INSIGHTS
Prioritized Findings and Remediation in Cloud Security Reporting
Out of Sight. Out of Control. The Real Cloud Security Problem.
Close the Gaps to Achieve Comprehensive Cloud Visibility and Defense
Gaining Clarity about the Roles and Risks of Cloud Security
