geneva, switzerland, 14 november 2014 national institute of standards and technology (nist) cloud...
TRANSCRIPT
![Page 1: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/1.jpg)
Geneva, Switzerland, 14 November 2014
National Institute of Standards and Technology (NIST)
CLOUD COMPUTING PROGRAM
Annie W. Sokol,IT Specialist, [email protected]
ITU Workshop on “Cloud Computing Standards – Today and the Future”
(Geneva, Switzerland 14 November 2014)
![Page 2: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/2.jpg)
Overview ofOverview ofNIST Cloud Computing ProgramNIST Cloud Computing Program
Federal Cloud Computing StrategyNIST Cloud Program Launch & ObjectivesFederal Cloud Computing Technology RoadmapNIST Focus
![Page 3: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/3.jpg)
Federal IT Strategies
![Page 4: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/4.jpg)
US IT Budget ~ $80B/year: Savings ~25%Move existing apps to cloud when possibleSelect – Provision – Manage 3 main agencies
GSA – Procurement (FedRAMP)DHS – Operational SecurityNIST – Standards
Federal Cloud Computing Strategy
![Page 5: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/5.jpg)
Select – Provision - Manage
5
![Page 6: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/6.jpg)
US government agencies need Cloud Computing standards & guidance to accelerate effective adoption
Private sector and U.S. government agencies must work together to identify highest priority USG Cloud Computing requirements & gaps
Neutral, objective entity is instrumental in encouraging innovation and “a level playing field” for U.S. industry
Why NIST?
![Page 7: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/7.jpg)
Program GoalProgram Goal
To accelerate the federal government’s adoption of cloud computing
– Build a USG Cloud Computing Technology Roadmap which focuses on the highest priority USG cloud computing security, interoperability and portability requirements
– Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders
![Page 8: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/8.jpg)
NIST Cloud Computing ProgramNIST Cloud Computing Program
![Page 9: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/9.jpg)
prioritiesrisksobstacles
Define Target USG Cloud
Computing Use Cases
Define Target USG Cloud
Computing Use Cases
Define Neutral Cloud Computing Reference
Architecture & Taxonomy
Define Neutral Cloud Computing Reference
Architecture & Taxonomy
Cloud Computing Standards & Technology Roadmap
•Translate Requirements•Identify Gaps
Cloud Computing Standards & Technology Roadmap
•Translate Requirements•Identify Gaps
ExpandCC defn, ref. arch.
Business Use Cases
Standards
SAJACC
Security
Ref Arch & Tax
Pu
blic W
ork
ing
Gro
up
sBuilding the NIST Cloud Computing
Technology Roadmap
![Page 10: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/10.jpg)
SP 500-293 USG Cloud Computing SP 500-293 USG Cloud Computing Roadmaps – Volume I & IIRoadmaps – Volume I & II
Core Elements:
• Prioritized strategic and tactical requirements that must be met for USG agencies to further cloud adoption;
• Interoperability, portability, and security standards, guidelines, and technology needed to satisfy these requirements;
• Recommended list of Priority Action Plans (PAPs) -- candidates for voluntary self-tasking by the stakeholder community.
Use collaboration through public working groups to validate findings
![Page 11: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/11.jpg)
SP 500-293 Volume IRoadmap Requirements
Priority Action Plans (PAPs)
1. International voluntary consensus-based standards*
2. Solutions for High-priority Security Requirements, technically de-coupled from organizational policy decisions
3. Technical specifications to enable development of consistent, high-quality Service-Level Agreements *
4. Clearly and consistently categorized cloud services*
5. Frameworks to support seamless implementation of federated community cloud environments*
6. Updated Organization Policy that reflects the Cloud Computing Business and Technology model
7. Defined unique government regulatory requirements and solutions*
8. Collaborative parallel strategic “future cloud” development initiatives*
9. Defined and implemented reliability design goals*
10. Defined and implemented cloud service metrics*
* (Interoperability, portability and security technology)
![Page 12: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/12.jpg)
SP 500-293 USG Cloud Computing Roadmap – Volume II
Reference Architecture & Taxonomy• Recommend Industry Mapping so that USG agencies &
others can more easily and consistently compare cloud services
• In parallel, support formal standards development process leveraging the reference architecture
Standards• Provide avenue for USG agency engagement• Continue standards roadmap
Target Business Use Cases & SAJACC• Expand initial use case set & use SAJACC to identify
gaps
Security• leverage working groups to finalize special publication
focusing on challenging security requirements• Continue technical advisor role – e.g. FedRAMP,
continuous monitoring, conformity assessment system
Useful information for Cloud Adopters
-Summary of the work completed-Analysis supports: high priority requirements introduced in Volume I-References to detailed publications and external work
![Page 13: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/13.jpg)
Phase I (COMPLETED)Reference Architecture & TaxonomySecurity Reference ArchitectureDescriptions of Cloud BrokerStandards Inventory
Phase II (On-going)Future ArchitectureActivities
Status
![Page 14: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/14.jpg)
RefinementActorsServicesArchitecture
Service level agreementsMetricsInteroperability and PortabilityFederation
Current Cloud Focus Areas
![Page 15: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/15.jpg)
The convenience of reliable, trusted and measureable cloud services become a foundational element of the global economy. These services, constructed with open standards and metric based building blocks, form the basis for a collection of interconnected clouds to:
Future Outlook
facilitate world-wide collaboration & shared knowledge
drive innovation provide positive environmental and economic
impacts
![Page 16: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/16.jpg)
ContactsContacts
NIST ITL Cloud Computing Home Page http://www.nist.gov/itl/cloud
NIST Cloud Computing Collaboration Site (twiki)http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing
Dr. Abdella Battou [email protected]. Robert Bohn [email protected] Carnahan [email protected] Messina [email protected]. Michaela Iorga [email protected] Sokol [email protected] Hogan [email protected] Simmon [email protected] de Vaulx [email protected]
CC Lead/ANTD ChiefProgram ManagerConformity AssessmentRA/Tax SecurityStandardsStandardsSLA/StandardsMetrics
![Page 17: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/17.jpg)
Additional References
Geneva, Switzerland, 14 November 2014 17
![Page 18: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/18.jpg)
Why Standards
Standards contribute more to economic growth than patents and licenses
Standards play a strategic significance to companies
Companies that participate actively in standards work have a head start on their competitors in adapting to market demands
Research risks and development costs are reduced for companies contributing to the standardization process
Business that are actively involved in standards work more frequency reap short and long term benefits with regard to costs and competitive status than those who do not participate
Participating in standards development enables one to anticipate technology standardization thereby facilitating one’s products progress simultaneously with technology
Standards are a positive stimulus for innovation
Highlights of a study by DIN (German Standards Institute) and the German Federal Ministry of Economic Affairs and Technology (IEEE Think Standards, http://www.thinkstandards.net/benefits.html )
![Page 19: Geneva, Switzerland, 14 November 2014 National Institute of Standards and Technology (NIST) CLOUD COMPUTING PROGRAM Annie W. Sokol, IT Specialist, NIST](https://reader036.vdocuments.us/reader036/viewer/2022082213/56649d6f5503460f94a504a4/html5/thumbnails/19.jpg)
NIST Special Publication 800-144, Guidelines on Security and Privacy in Public Cloud Computing, December 2011
NIST Special Publication 800-145, NIST Definition of Cloud Computing, September 2011
NIST Special Publication 800-146, Cloud Computing Synopsis and Recommendations, May 2012
NIST Special Publication 500-291, NIST Cloud Computing Standards Roadmap, July 2011
NIST Special Publication 500-292, NIST Cloud Computing Reference Architecture, September 2011
NIST Special Publication 500-299, NIST Cloud Computing Security Reference Architecture (Draft)
NIST Publications relating to Cloud Computing