Many organizations are analyzing the cost/benefits and deciding that it makes sense to move some or all of their apps into the public cloud. But going “to the cloud” creates a new set of security concerns that need to be addressed, and according to a recent report from the U.S. National Institute of Standards and Technology (NIST), “Without proper governance, the organizational computing infrastructure could be transformed into a sprawling, unmanageable mix of insecure services.” That is obviously not a desirable state of affairs.
To help companies navigate their ways through the potential pitfalls, NIST has created Guidelines on Security and Privacy in Public Cloud Computing. It’s actually part of an initiative to encourage the adoption of cloud computing by federal government agencies, and incudes security standards to be used when moving applications and data into the public cloud. These guidelines are are also useful as a framework for other organizations to follow. You can download a PDF version of the document, which is labeled Draft Special Publication 800-144, here: