Geneva, Switzerland, 14 November 2014
National Institute of Standards and Technology (NIST)
CLOUD COMPUTING PROGRAM
Annie W. Sokol,IT Specialist, [email protected]
ITU Workshop on “Cloud Computing Standards – Today and the Future”
(Geneva, Switzerland 14 November 2014)
Overview ofOverview ofNIST Cloud Computing ProgramNIST Cloud Computing Program
Federal Cloud Computing StrategyNIST Cloud Program Launch & ObjectivesFederal Cloud Computing Technology RoadmapNIST Focus
Federal IT Strategies
US IT Budget ~ $80B/year: Savings ~25%Move existing apps to cloud when possibleSelect – Provision – Manage 3 main agencies
GSA – Procurement (FedRAMP)DHS – Operational SecurityNIST – Standards
Federal Cloud Computing Strategy
Select – Provision - Manage
5
US government agencies need Cloud Computing standards & guidance to accelerate effective adoption
Private sector and U.S. government agencies must work together to identify highest priority USG Cloud Computing requirements & gaps
Neutral, objective entity is instrumental in encouraging innovation and “a level playing field” for U.S. industry
Why NIST?
Program GoalProgram Goal
To accelerate the federal government’s adoption of cloud computing
– Build a USG Cloud Computing Technology Roadmap which focuses on the highest priority USG cloud computing security, interoperability and portability requirements
– Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders
NIST Cloud Computing ProgramNIST Cloud Computing Program
prioritiesrisksobstacles
Define Target USG Cloud
Computing Use Cases
Define Target USG Cloud
Computing Use Cases
Define Neutral Cloud Computing Reference
Architecture & Taxonomy
Define Neutral Cloud Computing Reference
Architecture & Taxonomy
Cloud Computing Standards & Technology Roadmap
•Translate Requirements•Identify Gaps
Cloud Computing Standards & Technology Roadmap
•Translate Requirements•Identify Gaps
ExpandCC defn, ref. arch.
Business Use Cases
Standards
SAJACC
Security
Ref Arch & Tax
Pu
blic W
ork
ing
Gro
up
sBuilding the NIST Cloud Computing
Technology Roadmap
SP 500-293 USG Cloud Computing SP 500-293 USG Cloud Computing Roadmaps – Volume I & IIRoadmaps – Volume I & II
Core Elements:
• Prioritized strategic and tactical requirements that must be met for USG agencies to further cloud adoption;
• Interoperability, portability, and security standards, guidelines, and technology needed to satisfy these requirements;
• Recommended list of Priority Action Plans (PAPs) -- candidates for voluntary self-tasking by the stakeholder community.
Use collaboration through public working groups to validate findings
SP 500-293 Volume IRoadmap Requirements
Priority Action Plans (PAPs)
1. International voluntary consensus-based standards*
2. Solutions for High-priority Security Requirements, technically de-coupled from organizational policy decisions
3. Technical specifications to enable development of consistent, high-quality Service-Level Agreements *
4. Clearly and consistently categorized cloud services*
5. Frameworks to support seamless implementation of federated community cloud environments*
6. Updated Organization Policy that reflects the Cloud Computing Business and Technology model
7. Defined unique government regulatory requirements and solutions*
8. Collaborative parallel strategic “future cloud” development initiatives*
9. Defined and implemented reliability design goals*
10. Defined and implemented cloud service metrics*
* (Interoperability, portability and security technology)
SP 500-293 USG Cloud Computing Roadmap – Volume II
Reference Architecture & Taxonomy• Recommend Industry Mapping so that USG agencies &
others can more easily and consistently compare cloud services
• In parallel, support formal standards development process leveraging the reference architecture
Standards• Provide avenue for USG agency engagement• Continue standards roadmap
Target Business Use Cases & SAJACC• Expand initial use case set & use SAJACC to identify
gaps
Security• leverage working groups to finalize special publication
focusing on challenging security requirements• Continue technical advisor role – e.g. FedRAMP,
continuous monitoring, conformity assessment system
Useful information for Cloud Adopters
-Summary of the work completed-Analysis supports: high priority requirements introduced in Volume I-References to detailed publications and external work
Phase I (COMPLETED)Reference Architecture & TaxonomySecurity Reference ArchitectureDescriptions of Cloud BrokerStandards Inventory
Phase II (On-going)Future ArchitectureActivities
Status
RefinementActorsServicesArchitecture
Service level agreementsMetricsInteroperability and PortabilityFederation
Current Cloud Focus Areas
The convenience of reliable, trusted and measureable cloud services become a foundational element of the global economy. These services, constructed with open standards and metric based building blocks, form the basis for a collection of interconnected clouds to:
Future Outlook
facilitate world-wide collaboration & shared knowledge
drive innovation provide positive environmental and economic
impacts
ContactsContacts
NIST ITL Cloud Computing Home Page http://www.nist.gov/itl/cloud
NIST Cloud Computing Collaboration Site (twiki)http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing
Dr. Abdella Battou [email protected]. Robert Bohn [email protected] Carnahan [email protected] Messina [email protected]. Michaela Iorga [email protected] Sokol [email protected] Hogan [email protected] Simmon [email protected] de Vaulx [email protected]
CC Lead/ANTD ChiefProgram ManagerConformity AssessmentRA/Tax SecurityStandardsStandardsSLA/StandardsMetrics
Additional References
Geneva, Switzerland, 14 November 2014 17
Why Standards
Standards contribute more to economic growth than patents and licenses
Standards play a strategic significance to companies
Companies that participate actively in standards work have a head start on their competitors in adapting to market demands
Research risks and development costs are reduced for companies contributing to the standardization process
Business that are actively involved in standards work more frequency reap short and long term benefits with regard to costs and competitive status than those who do not participate
Participating in standards development enables one to anticipate technology standardization thereby facilitating one’s products progress simultaneously with technology
Standards are a positive stimulus for innovation
Highlights of a study by DIN (German Standards Institute) and the German Federal Ministry of Economic Affairs and Technology (IEEE Think Standards, http://www.thinkstandards.net/benefits.html )
NIST Special Publication 800-144, Guidelines on Security and Privacy in Public Cloud Computing, December 2011
NIST Special Publication 800-145, NIST Definition of Cloud Computing, September 2011
NIST Special Publication 800-146, Cloud Computing Synopsis and Recommendations, May 2012
NIST Special Publication 500-291, NIST Cloud Computing Standards Roadmap, July 2011
NIST Special Publication 500-292, NIST Cloud Computing Reference Architecture, September 2011
NIST Special Publication 500-299, NIST Cloud Computing Security Reference Architecture (Draft)
NIST Publications relating to Cloud Computing