The National Institute of Standards and Technology (NIST) is a developer of standards for the U.S. government. According to their website, their mission is:
“From the smart electric power grid and electronic health records to atomic clocks, advanced nanomaterials, and computer chips, innumerable products and services rely in some way on technology, measurement, and standards provided by the National Institute of Standards and Technology.
Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.”
One of the initiatives of the NIST Cloud Computing Program is to stimulate the creation of standards for cloud computing. Its mission is:
“The long term goal is to provide thought leadership and guidance around the cloud computing paradigm to catalyze its use within industry and government. NIST aims to shorten the adoption cycle, which will enable near-term cost savings and increased ability to quickly create and deploy enterprise applications. NIST aims to foster cloud computing systems and practices that support interoperability, portability, and security requirements that are appropriate and achievable for important usage scenarios.”
Over the past five years, NIST has made considerable progress and has had a significant influence on the cloud computing industry. Publications (as listed on their website) include:
NIST Special Publication 500 Series:
- NIST Special Publication 500-291 version 2, NIST Cloud Computing Standards Roadmap, July 2013
- NIST Special Publication 500-291, NIST Cloud Computing Standards Roadmap, July 2011
- NIST Special Publication 500-292, NIST Cloud Computing Reference Architecture, September 2011
- NIST Special Publication 500-293, US Government Cloud Computing Technology Roadmap, Release 1.0 (Draft), Volume I High-Priority Requirements to Further USG Agency Cloud Computing Adoption, November 2011
- NIST Special Publication 500-293, US Government Cloud Computing Technology Roadmap, Release 1.0 (Draft), Volume II Useful Information for Cloud Adopters, November 2011
- NIST Special Publication 500-299, NIST Cloud Computing Security Reference Architecture (Draft)
NIST Special Publication 800 Series:
- NIST Special Publication 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations, June 2010
- NIST Special Publication 800-125, Guide to Security for Full Virtualization Technologies, January 2011
- NIST Special Publication 800-144, Guidelines on Security and Privacy in Public Cloud Computing, December 2011
- NIST Special Publication 800-145, NIST Definition of Cloud Computing, September 2011
- NIST Special Publication 800-146, Cloud Computing Synopsis and Recommendations, May 2012
Of particular interest is SP 800-145 and 500-292 which have become the basis for recently approved ISO standards (specifically DIS 17788 and DIS 17789). These standards create a common terminology for both cloud service providers and cloud customers. The NIST definition for cloud computing is used widely.
On June 25th, NIST announced the formation of three new working groups to tackle areas where cloud standards are still needed. These are:
- Cloud Services: the study of Cloud Services and methodologies to determine their characteristics and properties to enable cloud services to be clearly and consistently categorized;
- Federated Community Cloud: develop a framework to support seamless implementations of disparate community cloud environments; and
- Interoperability & Portability: identify the issues and types of interoperability and portability needed for cloud computing systems, the relationships and interactions between interoperability and portability, and contexts where interoperability and portability are relevant in cloud computing.
The ISO Cloud Computing committee (ISO/IEC JTC1/SC38) has also proposed a New Work Item on Cloud Interoperability and Portability, so this topic will be explored internationally as well. Another emerging New Work Item for SC38 is entitled “Data Flow and their Flow across Devices and Cloud Services.” If you are interested in this work, you should join your national ISO standards committee.
In my opinion, all of these are important areas for standardization. Perhaps they will help pave the way to “plug and play” cloud computing, much like many PC-based devices are today. Few, if any, of us can really understand all of the technical details of cloud-based systems – standards will go a long way to making cloud computing ubiquitous, trustworthy and reliable.
Understanding how IBM Spectrum Protect enables hybrid data protection
Abdicating your company’s data protection responsibilities to the first cloud solution provider you encounter is just as unwise as doing nothing at all to leverage the cloud. On the other hand, it can be a wise decision to investigate what results you might achieve by choosing a backup technology that is capable of supporting a hybrid protection approach capable of covering both on-premises technology and offsite cloud capabilities.