1. Geneva, Switzerland, 14 November 2014
National Institute of Standards and
Technology (NIST)
CLOUD COMPUTING PROGRAM
Annie W. Sokol,
IT Specialist, NIST
Annie.sokol@nist.gov
ITU Workshop on “Cloud Computing Standards –
Today and the Future”
(Geneva, Switzerland 14 November 2014)
2. Overview of
NIST Cloud Computing Program
Federal Cloud Computing Strategy
NIST Cloud Program Launch &
Objectives
Federal Cloud Computing Technology
Roadmap
NIST Focus
6. US government agencies need Cloud Computing
standards & guidance to accelerate effective adoption
Private sector and U.S. government agencies must work
together to identify highest priority USG Cloud
Computing requirements & gaps
Neutral, objective entity is instrumental in encouraging
innovation and “a level playing field” for U.S. industry
Why NIST?
7. Program Goal
To accelerate the federal government’s adoption of cloud
computing
– Build a USG Cloud Computing Technology Roadmap which
focuses on the highest priority USG cloud computing security,
interoperability and portability requirements
– Lead efforts to develop standards and guidelines in close
consultation and collaboration with standards bodies, the private
sector, and other stakeholders
8. NIST Cloud Computing Program
PHASE I
• Launch & Objectives
• Standards, Workshops, Architecture
PHASE II
• Future Architecture
• Activities
9. priorities
risks
obstacles
Define Target
USG Cloud
Computing Use
Cases
Define Neutral Cloud
Computing Reference
Architecture &
Taxonomy
Cloud Computing
Standards & Technology
Roadmap
•Translate
Requirements
•Identify Gaps
Expand
CC defn,
ref. arch.
Business Use Cases
Standards
SAJACC
Security
Ref Arch & Tax
Public
Working
Groups
Building the NIST Cloud Computing
Technology Roadmap
10. SP 500-293 USG Cloud Computing
Roadmaps – Volume I & II
Core Elements:
• Prioritized strategic and tactical requirements that must be met for USG agencies
to further cloud adoption;
• Interoperability, portability, and security standards, guidelines, and technology
needed to satisfy these requirements;
• Recommended list of Priority Action Plans (PAPs) -- candidates for voluntary self-
tasking by the stakeholder community.
Use
collaboration
through public
working groups
to validate
findings
11. SP 500-293 Volume I
Roadmap Requirements
Priority Action Plans (PAPs)
1. International voluntary
consensus-based standards*
2. Solutions for High-priority
Security Requirements,
technically de-coupled from
organizational policy decisions
3. Technical specifications to
enable development of
consistent, high-quality
Service-Level Agreements *
4. Clearly and consistently
categorized cloud services*
5. Frameworks to support
seamless implementation of
federated community cloud
environments*
6. Updated Organization
Policy that reflects the
Cloud Computing Business
and Technology model
7. Defined unique
government regulatory
requirements and
solutions*
8. Collaborative parallel
strategic “future cloud”
development initiatives*
9. Defined and implemented
reliability design goals*
10. Defined and implemented
cloud service metrics*
* (Interoperability, portability
and security technology)
12. SP 500-293 USG Cloud Computing
Roadmap – Volume II
Reference Architecture & Taxonomy
• Recommend Industry Mapping so that USG agencies &
others can more easily and consistently compare cloud
services
• In parallel, support formal standards development
process leveraging the reference architecture
Standards
• Provide avenue for USG agency engagement
• Continue standards roadmap
Target Business Use Cases & SAJACC
• Expand initial use case set & use SAJACC to identify
gaps
Security
• leverage working groups to finalize special publication
focusing on challenging security requirements
• Continue technical advisor role – e.g. FedRAMP,
continuous monitoring, conformity assessment system
Useful information
for Cloud Adopters
- Summary of the
work completed
- Analysis
supports: high
priority
requirements
introduced in
Volume I
- References to
detailed
publications and
external work
13. Phase I (COMPLETED)
Reference Architecture & Taxonomy
Security Reference Architecture
Descriptions of Cloud Broker
Standards Inventory
Phase II (On-going)
Future Architecture
Activities
Status
15. The convenience of reliable, trusted and
measureable cloud services become a
foundational element of the global economy.
These services, constructed with open
standards and metric based building blocks,
form the basis for a collection of
interconnected clouds to:
Future Outlook
facilitate world-wide collaboration & shared
knowledge
drive innovation
provide positive environmental and economic
impacts
16. Contacts
NIST ITL Cloud Computing Home Page http://www.nist.gov/itl/cloud
NIST Cloud Computing Collaboration Site (twiki)
http://collaborate.nist.gov/twiki-cloud-
computing/bin/view/CloudComputing
Dr. Abdella Battou abdella.battou@nist.gov
Dr. Robert Bohn robert.bohn@nist.gov
Lisa Carnahan lisa.carnahan@nist.gov
John Messina john.messina@nist.gov
Dr. Michaela Iorga micheala.iorga@nist.gov
Annie Sokol annie.sokol@nist.gov
Mike Hogan michael.hogan@nist.gov
Eric Simmon eric.simmon@nist.gov
Frederic de Vaulx frederic.devaulx@nist.gov
CC Lead/ANTD Chief
Program Manager
Conformity Assessment
RA/Tax
Security
Standards
Standards
SLA/Standards
Metrics
18. Why Standards
Standards contribute more to
economic growth than patents
and licenses
Standards play a strategic
significance to companies
Companies that participate
actively in standards work have
a head start on their
competitors in adapting to
market demands
Research risks and
development costs are reduced
for companies contributing to
the standardization process
Business that are actively
involved in standards work
more frequency reap short and
long term benefits with regard
to costs and competitive status
than those who do not
participate
Participating in standards
development enables one to
anticipate technology
standardization thereby
facilitating one’s products
progress simultaneously with
technology
Standards are a positive
stimulus for innovation
Highlights of a study by DIN (German Standards Institute) and the German Federal Ministry of
Economic Affairs and Technology (IEEE Think Standards, http://www.thinkstandards.net/benefits.html )
19. NIST Special Publication 800-144, Guidelines on Security and
Privacy in Public Cloud Computing, December 2011
NIST Special Publication 800-145, NIST Definition of Cloud
Computing, September 2011
NIST Special Publication 800-146, Cloud Computing Synopsis
and Recommendations, May 2012
NIST Special Publication 500-291, NIST Cloud Computing
Standards Roadmap, July 2011
NIST Special Publication 500-292, NIST Cloud Computing
Reference Architecture, September 2011
NIST Special Publication 500-299, NIST Cloud Computing
Security Reference Architecture (Draft)
NIST Publications relating to
Cloud Computing