While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Need more guidance on developing your cloud computing strategy? The National Institute of Standards and Technology is expected to unveil a draft of its cloud technology roadmap in early November.
The publication, called the USG Cloud Computing Technology Roadmap, will identify existing cloud standards on security, interoperability and portability; provide a reference architecture and business-use cases; and recommend high-priority standards, guidance and technology requirements that need to be met for federal agencies to broaden their adoption of the cloud computing model. The roadmap will also recommend action plans for industry, academia, and standards organizations to help close these requirements, says Dawn Leaf, NIST’s senior executive for cloud computing.
The cloud roadmap will also identify gaps where new or additional standards, guidance and technology are needed in the future, Leaf says.
The draft publication is meant to complement the work of the Federal Cloud Computing Strategy, which also includes the Federal Risk and Authorization Management Program (FedRAMP). The goal is to foster cloud adoption, reduce uncertainty over the new computing model and facilitate the overall strategic development of cloud computing, she says.
The roadmap will come in two volumes: The first part provides a high-level strategic overview for executive-level agency and other cloud stakeholders, so they develop a broad understanding of the NIST USG Cloud Computing Technology Roadmap concepts and issues. The second part will provide more technical details for the IT staffers who are actually adopting the technology, Leaf says.
The first draft of the roadmap document will be open for public comment.
The roadmap is necessary to focus attention on the barriers that result from the differences in the cloud model as agencies plan their cloud strategies, Leaf says. For example, traditional security guidance and mechanisms, including FISMA requirements, rely on defined logical and physical IT system boundaries. But the cloud concept makes these traditional boundaries more complex. The roadmap will identify such issues, existing standards and guidance, and help agencies build their blueprints for deployment, she says.
“Adopters of any IT solutions have always made risk-based solutions, and we’re trying to state the new factors and new concepts that they need to consider in the cloud,” she says. “The goal of the roadmap is also to help NIST and other cloud stakeholders to focus the scope of our work, so that we work on the most important and high priority issues as opposed to a shotgun approach.”
NIST has made two components of the cloud computing technology roadmap, the reference architecture and standards roadmap, available on its cloud computing public web site. NIST also previously released two draft special publications on the cloud: Special Publication 800-145 (Definition of Cloud Computing) and Special Publication 800-146 (Cloud Computing Synopsis and Recommendations), which includes definition of cloud service and delivery models in terms of system boundaries. This material will help form the content of the cloud computing tech roadmap document, she says.