SlideShare a Scribd company logo

Nist cloud computing-standardsispab-dec2008p-mell-090508165235-phpapp01

S
sengura
Education
1 of 11
Download to read offline
Perspectives on Cloud Computing and Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory
Standardization and Cloud Computing • Cloud computing is a convergence of many technologies – Some have their own standards • This convergence combined with massively scaled deployments represents “leap-ahead” capabilities • We have a choice – proprietary stovepipe clouds – standards based clouds • Standards will be vital to achieve success • Can’t standardize what you can’t define
A NIST Definition of Cloud Computing • A computing capability where the architecture surrounding massive clusters of computers is abstracted from the applications using it and a software and server framework (usually based on virtualization) provides clients scalable utility computing capabilities to elastically provide many servers for a single software-as-a-service style application or to host many such applications on a few servers.
Foundational Elements of Cloud Computing Business Models Architecture • Web 2.0 • Autonomic System • Software as a Service Computing (SaaS) • Grid Computing • Utility Computing • Platform Virtualization • Service Level • Web Services Agreements • Service Oriented • Open standards, Data Architectures Portability, and • Web application Accessibility frameworks • Open source software
Need for Cloud Computing Standards • Standards for the cloud architecture • Emerging • Cloud interfaces are the key • Leverage autonomic computing, grids, and virtualization? • Standards for cloud applications • Mature technologies but various approaches exist • Software as a service / Utility computing • Service Oriented Architecture • Web Services standards • Web Application frameworks
Enterprise Cloud Infrastructures • The Need – Security and privacy concerns in using 3rd party clouds with sensitive data – Problem of security boundaries and security compliance (e.g., HIPAA, FISMA, SOX) • How should large enterprises create their own clouds? – Which standards should be adopted? – What is the role of open source and proprietary software? – How should one leverage existing data centers (cloud interconnections)? – Can one acquire isolated instances of 3rd party clouds? • Government owned, contractor operated (GOCO) – What is the minimum size needed to make it cost effective to build a cloud?
The Federal Cloud Infrastructure • An idea: The Federal government identifies minimal standards and an architecture to enable agencies to create or purchase interoperable cloud capabilities – Agencies would own cloud instances or ‘nodes’ – Nodes would provide the same software framework for running cloud applications – Nodes would participate in the Federal cloud infrastructure – Federal infrastructure would promote and adopt cloud architecture standards (non-proprietary) – ‘Minimal standards’ refers to the need to ensure node interoperability and application portability without inhibiting innovation and adoption thus limiting the scale of cloud deployments
The Federal Cloud Infrastructure • Benefits – Federal applications could run on any cloud node – Federal applications could migrate between cloud nodes • Contingency planning/disaster recovery • Scalability/elasticity – Centralized and standardized security enforcement and monitoring (intrusions, secure configurations, vulnerabilities, malware) – Interagency billing of resources used will self-optimize growth of cloud nodes • Limits to agencies independently building their own clouds – Lack of the massive scale needed to leverage cloud benefits – Non-interoperable architectures (e.g., no disaster recovery capabilities)
Possible Approaches Moving Forward • Should the U.S. government: – solely use 3rd party clouds (probably just for non- sensitive data) – procure a single USG cloud – procure multiple independent non-interoperable USG clouds – work towards a Federal cloud infrastructure (standards and architecture)
Upcoming Draft NIST Cloud Computing Security Publication • NIST Special Publication to be created in FY09 – Overview of cloud computing – Cloud computing security issues – Securing cloud architectures – Securing cloud applications – Enabling and performing forensics in the cloud – Centralizing security monitoring in a cloud architecture – Obtaining security from 3rd party cloud architectures through service level agreements – Security compliance frameworks and cloud computing (e.g., HIPAA, FISMA, SOX)
Questions? • Peter Mell • Senior Computer Scientist • NIST, Information Technology Laboratory • 301-975-5572 • mell@nist.gov • Tim Grance • Program Manager, Cyber and Network Security Program • NIST, Information Technology Laboratory • 301-975-4242 • grance@nist.gov

Recommended

NIST Cloud Computing Standards
NIST Cloud Computing StandardsNIST Cloud Computing Standards
NIST Cloud Computing Standards
GovCloud Network
 
5.cloudsecurity
5.cloudsecurity5.cloudsecurity
5.cloudsecurity
DrRajapraveen
 
Cloud computing
Cloud computingCloud computing
Cloud computing
AnandPadgilwara
 
Cloud computing 9 cloud deployment models and security concerns
Cloud computing 9 cloud deployment models and security concernsCloud computing 9 cloud deployment models and security concerns
Cloud computing 9 cloud deployment models and security concerns
Vaibhav Khanna
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
prachupanchal
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data security
Mohammed Fazuluddin
 
4.cloud Deployment models
4.cloud Deployment models4.cloud Deployment models
4.cloud Deployment models
DrRajapraveen
 
Cloud Deployment Model
Cloud Deployment ModelCloud Deployment Model
Cloud Deployment Model
Yong Heui Cho
 

Recommended

NIST Cloud Computing Standards
NIST Cloud Computing StandardsNIST Cloud Computing Standards
NIST Cloud Computing Standards
GovCloud Network
 
5.cloudsecurity
5.cloudsecurity5.cloudsecurity
5.cloudsecurity
DrRajapraveen
 
Cloud computing
Cloud computingCloud computing
Cloud computing
AnandPadgilwara
 
Cloud computing 9 cloud deployment models and security concerns
Cloud computing 9 cloud deployment models and security concernsCloud computing 9 cloud deployment models and security concerns
Cloud computing 9 cloud deployment models and security concerns
Vaibhav Khanna
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
prachupanchal
 
Cloud computing and data security
Cloud computing and data securityCloud computing and data security
Cloud computing and data security
Mohammed Fazuluddin
 
4.cloud Deployment models
4.cloud Deployment models4.cloud Deployment models
4.cloud Deployment models
DrRajapraveen
 
Cloud Deployment Model
Cloud Deployment ModelCloud Deployment Model
Cloud Deployment Model
Yong Heui Cho
 
Basics of Cloud Computing
Basics of Cloud ComputingBasics of Cloud Computing
Basics of Cloud Computing
Anshi Bhadoria
 
3.cloud service delivery models
3.cloud service delivery models3.cloud service delivery models
3.cloud service delivery models
DrRajapraveen
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Aniket Saxena
 
Chapter "Cloud Computing Architecture and Services"
Chapter "Cloud Computing Architecture and Services"Chapter "Cloud Computing Architecture and Services"
Chapter "Cloud Computing Architecture and Services"
Sebastian Segura
 
Cloud computing
Cloud computingCloud computing
Cloud computing
SSMTUTORIALSTUTORIAL
 
Cloud Security - GSFC Presentation, Sept 23 2009
Cloud Security - GSFC Presentation, Sept 23 2009Cloud Security - GSFC Presentation, Sept 23 2009
Cloud Security - GSFC Presentation, Sept 23 2009
Joshua McKenty
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
Yong Heui Cho
 
introduction to cloud computing
introduction to cloud computingintroduction to cloud computing
introduction to cloud computing
Abdul Jabbar
 
CLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGECLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGE
Shalini Toluchuri
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
RituparnaNag
 
Army G6 Cloud Roadshow Brief
Army G6 Cloud Roadshow BriefArmy G6 Cloud Roadshow Brief
Army G6 Cloud Roadshow Brief
GovCloud Network
 
cloud computing.....
cloud computing.....cloud computing.....
cloud computing.....
Gopibabu Srungavarapu
 
Basics of cloud
Basics of cloudBasics of cloud
Basics of cloud
Syborg Services
 
1.Introduction to cloud computing converted
1.Introduction to cloud computing converted1.Introduction to cloud computing converted
1.Introduction to cloud computing converted
DrRajapraveen
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
Bahtiyar Bircan
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Nishith Kumar
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Anuhya Reddy
 
Cloud Computing - ISO/IEC 17788
Cloud Computing - ISO/IEC 17788Cloud Computing - ISO/IEC 17788
Cloud Computing - ISO/IEC 17788
Hamid Reza Qavami
 
Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)
Raj Sarode
 
The Evolution Towards Cloud Computing
The Evolution Towards Cloud ComputingThe Evolution Towards Cloud Computing
The Evolution Towards Cloud Computing
Anne Starr
 
Cloud def-v15
Cloud def-v15Cloud def-v15
Cloud def-v15
sengura
 
Bob Burch Design Portfolio
Bob Burch Design PortfolioBob Burch Design Portfolio
Bob Burch Design Portfolio
Bob Burch
 

More Related Content

What's hot

Cloud Security - GSFC Presentation, Sept 23 2009
Cloud Security - GSFC Presentation, Sept 23 2009Cloud Security - GSFC Presentation, Sept 23 2009
Cloud Security - GSFC Presentation, Sept 23 2009
Joshua McKenty
 

What's hot (20)

Basics of Cloud Computing
Basics of Cloud ComputingBasics of Cloud Computing
Basics of Cloud Computing
 
3.cloud service delivery models
3.cloud service delivery models3.cloud service delivery models
3.cloud service delivery models
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Chapter "Cloud Computing Architecture and Services"
Chapter "Cloud Computing Architecture and Services"Chapter "Cloud Computing Architecture and Services"
Chapter "Cloud Computing Architecture and Services"
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Security - GSFC Presentation, Sept 23 2009
Cloud Security - GSFC Presentation, Sept 23 2009Cloud Security - GSFC Presentation, Sept 23 2009
Cloud Security - GSFC Presentation, Sept 23 2009
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
 
introduction to cloud computing
introduction to cloud computingintroduction to cloud computing
introduction to cloud computing
 
CLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGECLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGE
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
Army G6 Cloud Roadshow Brief
Army G6 Cloud Roadshow BriefArmy G6 Cloud Roadshow Brief
Army G6 Cloud Roadshow Brief
 
cloud computing.....
cloud computing.....cloud computing.....
cloud computing.....
 
Basics of cloud
Basics of cloudBasics of cloud
Basics of cloud
 
1.Introduction to cloud computing converted
1.Introduction to cloud computing converted1.Introduction to cloud computing converted
1.Introduction to cloud computing converted
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing - ISO/IEC 17788
Cloud Computing - ISO/IEC 17788Cloud Computing - ISO/IEC 17788
Cloud Computing - ISO/IEC 17788
 
Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)Chap 4 platform as a service (paa s)
Chap 4 platform as a service (paa s)
 
The Evolution Towards Cloud Computing
The Evolution Towards Cloud ComputingThe Evolution Towards Cloud Computing
The Evolution Towards Cloud Computing
 

Viewers also liked

Guitarristas barrocos
Guitarristas barrocosGuitarristas barrocos
Guitarristas barrocos
abullejos
 
Destination Weddings and Honeymoons
Destination Weddings and HoneymoonsDestination Weddings and Honeymoons
Destination Weddings and Honeymoons
Strubstyle
 
Cv Tim Van Veen
Cv Tim Van VeenCv Tim Van Veen
Cv Tim Van Veen
timvanveen
 

Viewers also liked (20)

Cloud def-v15
Cloud def-v15Cloud def-v15
Cloud def-v15
 
Bob Burch Design Portfolio
Bob Burch Design PortfolioBob Burch Design Portfolio
Bob Burch Design Portfolio
 
Miguel de fuenllana
Miguel de fuenllanaMiguel de fuenllana
Miguel de fuenllana
 
Martenot
MartenotMartenot
Martenot
 
Goodlifeadvice
GoodlifeadviceGoodlifeadvice
Goodlifeadvice
 
Premium Analysis Presentation
Premium Analysis PresentationPremium Analysis Presentation
Premium Analysis Presentation
 
Guitarristas barrocos
Guitarristas barrocosGuitarristas barrocos
Guitarristas barrocos
 
El método dalcroze
El método dalcrozeEl método dalcroze
El método dalcroze
 
Destination Weddings and Honeymoons
Destination Weddings and HoneymoonsDestination Weddings and Honeymoons
Destination Weddings and Honeymoons
 
Profilanalysering
ProfilanalyseringProfilanalysering
Profilanalysering
 
Alfonso mudarra pdf
Alfonso mudarra pdfAlfonso mudarra pdf
Alfonso mudarra pdf
 
Autores vihuela
Autores vihuelaAutores vihuela
Autores vihuela
 
Cv Tim Van Veen
Cv Tim Van VeenCv Tim Van Veen
Cv Tim Van Veen
 
HRA Strategies
HRA StrategiesHRA Strategies
HRA Strategies
 
Water Energy
Water EnergyWater Energy
Water Energy
 
Martenot
MartenotMartenot
Martenot
 
Edgar willems
Edgar willemsEdgar willems
Edgar willems
 
John dowland
John dowlandJohn dowland
John dowland
 
Luys millán
Luys millánLuys millán
Luys millán
 
Luys de narváez
Luys de narváezLuys de narváez
Luys de narváez
 

Similar to Nist cloud computing-standardsispab-dec2008p-mell-090508165235-phpapp01

Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012
Agora Group
 
Clould Computing and its application in Libraries
Clould Computing and its application in LibrariesClould Computing and its application in Libraries
Clould Computing and its application in Libraries
Amit Shaw
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
nitinw25
 
Cloud computing computer
Cloud computing computerCloud computing computer
Cloud computing computer
Sanath Surawar
 

Similar to Nist cloud computing-standardsispab-dec2008p-mell-090508165235-phpapp01 (20)

Cloud Computing basic concept to understand
Cloud Computing basic concept to understandCloud Computing basic concept to understand
Cloud Computing basic concept to understand
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012
 
cloud computing
cloud computing cloud computing
cloud computing
 
Clould Computing and its application in Libraries
Clould Computing and its application in LibrariesClould Computing and its application in Libraries
Clould Computing and its application in Libraries
 
Cloud Computing and Services | PPT
Cloud Computing and Services | PPTCloud Computing and Services | PPT
Cloud Computing and Services | PPT
 
Cloud Computing genral for all concepts.pptx
Cloud Computing genral for all concepts.pptxCloud Computing genral for all concepts.pptx
Cloud Computing genral for all concepts.pptx
 
4831586.ppt
4831586.ppt4831586.ppt
4831586.ppt
 
Cloud Computing (Lecture 1 & 2).pptx
Cloud Computing (Lecture 1 & 2).pptxCloud Computing (Lecture 1 & 2).pptx
Cloud Computing (Lecture 1 & 2).pptx
 
CC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838e
CC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838eCC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838e
CC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838e
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
Introduction to Cloud Computing.pptx
Introduction to Cloud Computing.pptxIntroduction to Cloud Computing.pptx
Introduction to Cloud Computing.pptx
 
cloud computing notes for anna university syllabus
cloud computing notes for anna university syllabuscloud computing notes for anna university syllabus
cloud computing notes for anna university syllabus
 
CLOUD COMPUTING.ppt
CLOUD COMPUTING.pptCLOUD COMPUTING.ppt
CLOUD COMPUTING.ppt
 
Speaker Presention by Irena Bojanova of the University of Maryland University...
Speaker Presention by Irena Bojanova of the University of Maryland University...Speaker Presention by Irena Bojanova of the University of Maryland University...
Speaker Presention by Irena Bojanova of the University of Maryland University...
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud computing computer
Cloud computing computerCloud computing computer
Cloud computing computer
 
Cloud computing explained
Cloud computing explained Cloud computing explained
Cloud computing explained
 

Recently uploaded

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 

Nist cloud computing-standardsispab-dec2008p-mell-090508165235-phpapp01

  • 1. Perspectives on Cloud Computing and Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory
  • 2. Standardization and Cloud Computing • Cloud computing is a convergence of many technologies – Some have their own standards • This convergence combined with massively scaled deployments represents “leap-ahead” capabilities • We have a choice – proprietary stovepipe clouds – standards based clouds • Standards will be vital to achieve success • Can’t standardize what you can’t define
  • 3. A NIST Definition of Cloud Computing • A computing capability where the architecture surrounding massive clusters of computers is abstracted from the applications using it and a software and server framework (usually based on virtualization) provides clients scalable utility computing capabilities to elastically provide many servers for a single software-as-a-service style application or to host many such applications on a few servers.
  • 4. Foundational Elements of Cloud Computing Business Models Architecture • Web 2.0 • Autonomic System • Software as a Service Computing (SaaS) • Grid Computing • Utility Computing • Platform Virtualization • Service Level • Web Services Agreements • Service Oriented • Open standards, Data Architectures Portability, and • Web application Accessibility frameworks • Open source software
  • 5. Need for Cloud Computing Standards • Standards for the cloud architecture • Emerging • Cloud interfaces are the key • Leverage autonomic computing, grids, and virtualization? • Standards for cloud applications • Mature technologies but various approaches exist • Software as a service / Utility computing • Service Oriented Architecture • Web Services standards • Web Application frameworks
  • 6. Enterprise Cloud Infrastructures • The Need – Security and privacy concerns in using 3rd party clouds with sensitive data – Problem of security boundaries and security compliance (e.g., HIPAA, FISMA, SOX) • How should large enterprises create their own clouds? – Which standards should be adopted? – What is the role of open source and proprietary software? – How should one leverage existing data centers (cloud interconnections)? – Can one acquire isolated instances of 3rd party clouds? • Government owned, contractor operated (GOCO) – What is the minimum size needed to make it cost effective to build a cloud?
  • 7. The Federal Cloud Infrastructure • An idea: The Federal government identifies minimal standards and an architecture to enable agencies to create or purchase interoperable cloud capabilities – Agencies would own cloud instances or ‘nodes’ – Nodes would provide the same software framework for running cloud applications – Nodes would participate in the Federal cloud infrastructure – Federal infrastructure would promote and adopt cloud architecture standards (non-proprietary) – ‘Minimal standards’ refers to the need to ensure node interoperability and application portability without inhibiting innovation and adoption thus limiting the scale of cloud deployments
  • 8. The Federal Cloud Infrastructure • Benefits – Federal applications could run on any cloud node – Federal applications could migrate between cloud nodes • Contingency planning/disaster recovery • Scalability/elasticity – Centralized and standardized security enforcement and monitoring (intrusions, secure configurations, vulnerabilities, malware) – Interagency billing of resources used will self-optimize growth of cloud nodes • Limits to agencies independently building their own clouds – Lack of the massive scale needed to leverage cloud benefits – Non-interoperable architectures (e.g., no disaster recovery capabilities)
  • 9. Possible Approaches Moving Forward • Should the U.S. government: – solely use 3rd party clouds (probably just for non- sensitive data) – procure a single USG cloud – procure multiple independent non-interoperable USG clouds – work towards a Federal cloud infrastructure (standards and architecture)
  • 10. Upcoming Draft NIST Cloud Computing Security Publication • NIST Special Publication to be created in FY09 – Overview of cloud computing – Cloud computing security issues – Securing cloud architectures – Securing cloud applications – Enabling and performing forensics in the cloud – Centralizing security monitoring in a cloud architecture – Obtaining security from 3rd party cloud architectures through service level agreements – Security compliance frameworks and cloud computing (e.g., HIPAA, FISMA, SOX)
  • 11. Questions? • Peter Mell • Senior Computer Scientist • NIST, Information Technology Laboratory • 301-975-5572 • mell@nist.gov • Tim Grance • Program Manager, Cyber and Network Security Program • NIST, Information Technology Laboratory • 301-975-4242 • grance@nist.gov