NIST SP800-144: Guidelines on Security and Privacy in Public Cloud Computing

NIST has released as final their special publication 800-144 (SP800-144). Perhaps the single biggest takeaway from the guide is that risk management has not changed fundamentally from non-cloud environments, but the devil may be in the details.

It offers the following list of benefits from the transition to public cloud.

Benefits

  • Staff specialization
  • Platform strength
  • Resource availability
  • Backup and Recovery
  • Mobile endpoints
  • Data Concentration

You might read that list and want to ask “yes, but what about all the Amazon outages or the high-profile breaches like Dreamhost…,” which is why they also wrote a “Security and Privacy Downside”.

Risks

  • System complexity
  • Shared multi-tenant environment
  • Internet-facing services
  • Loss of control

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.