With the rapid trend towards leveraging Cloud/SaaS services to outsource aspects of information technology, guidance for how to do so in a secure manner has been somewhat lacking. That has changed with NIST’s release of the following draft guidance:
NIST Seeks Comments on Draft Guide to Cloud Computing
A draft of Special Publication 800-146, Cloud Computing Synopsis and Recommendations, provides definitions of cloud computing technologies as well as practical information for decision makers interested in moving to the cloud.
Section 9 may be of particular interest to organizations considering leveraging Cloud strategies. It provides information on how organizations should consider the relative opportunities and risks of cloud computing.
Stay tuned, as we’ll be talking much more about security in the cloud in the months to come…
Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services