NIST (National Institite of Guidelines and Standards) recently released two documents the first defines a proposed definition of Cloud Computing and the second defining Guidelines on Security and Privacy in Public Cloud Computing.
The definition defines four key characteristic:
Broad network access
delivered in three Service Models:
Cloud Software as a Service (SaaS)
Cloud Platform as a Service (PaaS)
Cloud Infrastructure as a Service (IaaS)
via four Deployment Models:
The second guideline document is a bit more ambitious and is a bit more ambitious and serves as a good starting point for understanding the key issues surrounding cloud security and privacy challenges and a high level overview of key activities and elements to consider when outsourcing to a public cloud provider. Perhaps my favorite take from the entire documents is in the conclusion section stating:
“ The transition to an outsourced, public cloud computing environment is in many ways an exercise in risk management.”
At the end of the day the risks vs. rewards of outsourcing to the cloud need to be carefully analyzed. Jump in without doing your homework and you may get burned. Sit on the sidelines to long and you may be passed by.