Wednesday, July 17, 2013

NIST Cloud Computing Security

In a somewhat timely release, given all the press about hacking into corporate and public sector databases, comes an updated reference architecture from NIST on cloud computing security

If you are doing a project to build a cloud, or to build cloud security for your enterprise, or if you use a cloud in your project, you might want to have your IT staff go through this document. It is rich with models and tradeoffs and recommendations.

As often the case with such government reports and recommendations, the first umpteen pages are government blah blah, but in the latter part of the document and the appendices, it gets down to business.

First up of real interest is the so-called reference architecture, complete with host of acronymns.
Then, a bit later comes the "security conservation principle" which in a few words says that no matter how you arrange the boxes, actors, and flows, security should be preserved.

There's 204 pages in this document, so I think I'll not review the whole document here, leaving it you and your staff to follow up.

Check out these books I've written in the library at Square Peg Consulting