The National Institute of Standards and Technology (NIST) has published two new documents on cloud computing: the first edition of a cloud computing standards roadmap and a cloud computing reference architecture and taxonomy. Together, the documents provide guidance to help understand cloud computing standards and categories of cloud services that can be used government-wide
These documents, along with others from NIST and NIST working groups, will be incorporated into the NIST U.S. Government Cloud Computing Technology Roadmap, expected to be published in November, 2011.
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of computing resources, including servers, data storage and applications and services. NIST is responsible for accelerating the federal government's secure adoption of cloud computing by leading efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector and other stakeholders, including federal agencies.
To produce the NIST Cloud Computing Standards Roadmap (NIST Special Publication 500-291), the NIST Cloud Computing Standards Working Group compiled an "Inventory of Standards Relevant to Cloud Computing" that will continue to be updated. The working group includes volunteer participants from industry, government and academia.
The working group categorized these standards for features such as security, portability and interoperability, and identified models, studies and use cases relevant to cloud computing. Many of the standards now being applied to cloud computing were developed for pre-cloud technologies such as web services and the Internet; others are being developed to specifically support cloud functions and requirements.
The working group found a number of gaps in available standards ranging from fundamental issues such as security and privacy protection to user interfaces and important business-oriented features. The group also identified standardization priorities for the federal government, particularly in areas such as security auditing and compliance, and identity and access management.
The NIST Standards Working Group Co-convener Michael Hogan said "NIST SP 500-291 encourages federal agencies to become involved with developing specific cloud computing standards projects that support their priorities in cloud computing services to move cloud computing standards forward."
The publication also suggests that the federal government should recommend specific cloud computing standards and best practices for government-wide use. It can be downloaded from http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/StandardsRoadmap/NIST_SP_500-291_Jul5A.pdf.
The guiding principles used to create the NIST Cloud Computing Reference Architecture (NIST SP 500-292) were to develop a vendor-neutral architecture, or design, consistent with the NIST cloud definition and to create a solution that does not stifle innovation by defining a prescribed technical solution. The resulting reference architecture and taxonomy (vocabulary) was developed as an actor/role-based system that lays out the central elements of cloud computing for federal chief information officers, procurement officials and IT program managers. Roles of the five cloud "actors" -- consumer, provider, broker, auditor and carrier -- are defined.
"Our point was to create a level playing field for industry to discuss and compare their cloud offering with the U.S. government," the NIST Reference Architecture Working Group Co-convener Robert Bohn said. "The publication is also an opportunity for industry to map their reference architecture to the one NIST developed with input from all sectors," he added. The publication can be found at http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/ReferenceArchitectureTaxonomy/NIST_SP_500-292_-_090611.pdf.