1 / 19

National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM

Learn about NIST's Cloud Computing Program and how it accelerates federal government's cloud adoption through standards development and collaboration with stakeholders.

kumj
Download Presentation

National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “Cloud Computing Standards – Today and the Future” (Geneva, Switzerland 14 November 2014) National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST Annie.sokol@nist.gov

  2. Overview ofNIST Cloud Computing Program Federal Cloud Computing Strategy NIST Cloud Program Launch & Objectives Federal Cloud Computing Technology Roadmap NIST Focus

  3. Federal IT Strategies

  4. Federal Cloud Computing Strategy • US IT Budget ~ $80B/year: Savings ~25% • Move existing apps to cloud when possible • Select – Provision – Manage • 3 main agencies • GSA – Procurement (FedRAMP) • DHS – Operational Security • NIST – Standards

  5. Select – Provision - Manage

  6. Why NIST? US government agencies need Cloud Computing standards & guidance to accelerate effective adoption Private sector and U.S. government agencies must work together to identify highest priority USG Cloud Computing requirements & gaps Neutral, objective entity is instrumental in encouraging innovation and “a level playing field” for U.S. industry

  7. Program Goal To accelerate the federal government’s adoption of cloud computing • Build a USG Cloud Computing Technology Roadmap which focuses on the highest priority USG cloud computing security, interoperability and portability requirements • Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders

  8. NIST Cloud Computing Program

  9. Business Use Cases Standards Building the NIST Cloud Computing Technology Roadmap Security SAJACC Define Target USG Cloud Computing Use Cases priorities risks obstacles Cloud Computing Standards & Technology Roadmap • Translate Requirements • Identify Gaps Public Working Groups Define Neutral Cloud Computing Reference Architecture & Taxonomy Expand CC defn, ref. arch. Ref Arch & Tax

  10. SP 500-293 USG Cloud Computing Roadmaps – Volume I & II Use collaboration through public working groups to validate findings • Core Elements: • Prioritized strategic and tactical requirements that must be met for USG agencies to further cloud adoption; • Interoperability, portability, and security standards, guidelines, and technology needed to satisfy these requirements; • Recommended list of Priority Action Plans (PAPs) -- candidates for voluntary self-tasking by the stakeholder community.

  11. SP 500-293 Volume IRoadmap RequirementsPriority Action Plans (PAPs) • International voluntary consensus-based standards* • Solutions for High-priority Security Requirements, technically de-coupled from organizational policy decisions • Technical specifications to enable development of consistent, high-quality Service-Level Agreements * • Clearly and consistently categorized cloud services* • Frameworks to support seamless implementation of federated community cloud environments* • Updated Organization Policy that reflects the Cloud Computing Business and Technology model • Defined unique government regulatory requirements and solutions* • Collaborative parallel strategic “future cloud” development initiatives* • Defined and implemented reliability design goals* • Defined and implemented cloud service metrics* * (Interoperability, portability and security technology)

  12. SP 500-293 USG Cloud Computing Roadmap – Volume II • Reference Architecture & Taxonomy • Recommend Industry Mapping so that USG agencies & others can more easily and consistently compare cloud services • In parallel, support formal standards development process leveraging the reference architecture • Standards • Provide avenue for USG agency engagement • Continue standards roadmap • Target Business Use Cases & SAJACC • Expand initial use case set & use SAJACC to identify gaps • Security • leverage working groups to finalize special publication focusing on challenging security requirements • Continue technical advisor role – e.g. FedRAMP, continuous monitoring, conformity assessment system • Useful information for Cloud Adopters • Summary of the work completed • Analysis supports: high priority requirements introduced in Volume I • References to detailed publications and external work

  13. Status Phase I (COMPLETED) • Reference Architecture & Taxonomy • Security Reference Architecture • Descriptions of Cloud Broker • Standards Inventory Phase II (On-going) • Future Architecture • Activities

  14. Current Cloud Focus Areas Refinement • Actors • Services • Architecture Service level agreements Metrics Interoperability and Portability Federation

  15. Future Outlook • facilitate world-wide collaboration & shared knowledge • drive innovation • provide positive environmental and economic impacts The convenience of reliable, trusted and measureable cloud services become a foundational element of the global economy. These services, constructed with open standards and metric based building blocks, form the basis for a collection of interconnected clouds to:

  16. Contacts Dr. Abdella Battou abdella.battou@nist.gov Dr. Robert Bohn robert.bohn@nist.gov Lisa Carnahan lisa.carnahan@nist.gov John Messina john.messina@nist.gov Dr. Michaela Iorga micheala.iorga@nist.gov Annie Sokol annie.sokol@nist.gov Mike Hogan michael.hogan@nist.gov Eric Simmon eric.simmon@nist.gov Frederic de Vaulx frederic.devaulx@nist.gov CC Lead/ANTD Chief Program Manager Conformity Assessment RA/Tax Security Standards Standards SLA/Standards Metrics NIST ITL Cloud Computing Home Pagehttp://www.nist.gov/itl/cloud NIST Cloud Computing Collaboration Site (twiki) http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing

  17. Additional References

  18. Why Standards Highlights of a study by DIN (German Standards Institute) and the German Federal Ministry of Economic Affairs and Technology (IEEE Think Standards, http://www.thinkstandards.net/benefits.html) • Standards contribute more to economic growth than patents and licenses • Standards play a strategic significance to companies • Companies that participate actively in standards work have a head start on their competitors in adapting to market demands • Research risks and development costs are reduced for companies contributing to the standardization process • Business that are actively involved in standards work more frequency reap short and long term benefits with regard to costs and competitive status than those who do not participate • Participating in standards development enables one to anticipate technology standardization thereby facilitating one’s products progress simultaneously with technology • Standards are a positive stimulus for innovation

  19. NIST Publications relating to Cloud Computing NIST Special Publication 800-144, Guidelines on Security and Privacy in Public Cloud Computing, December 2011 NIST Special Publication 800-145, NIST Definition of Cloud Computing, September 2011 NIST Special Publication 800-146, Cloud Computing Synopsis and Recommendations, May 2012 NIST Special Publication 500-291, NIST Cloud Computing Standards Roadmap, July 2011 NIST Special Publication 500-292, NIST Cloud Computing Reference Architecture, September 2011 NIST Special Publication 500-299, NIST Cloud Computing Security Reference Architecture(Draft)

More Related