In this paper, we will discuss about the NIST definition of cloud computing, cloud computing synopsis and recommendations, guidelines on security and privacy in public cloud computing.
Cloud definition from NIST point of view is, they composed of 5 essential characteristics, 3 service models and four deployment models. The essential characteristics are on-demand self-service, broad network access, resource pooling, rapid elasticity and measured services. The 3 service models are Software as a Service, Platform as a service and Infrastructure as a service. The 4 deployment models are private cloud, community cloud, public cloud and hybrid cloud. The NIST definition for the cloud computing model is it is mostly for ubiquitous to enable, on-demand access for all the broad network, convenient. Because of cloud computing, we can have provisioned servers, infrastructure and all the software services rapidly and in fast pace. This could be elastically provisioned and in some cases it could be automatically without much administration work to do. This has a meter capability at some level of abstraction and it is a self-service model and it is a multi-tenant model. It has both physical and logical structure in all cloud services which serves for different purpose to be unique. There are some standard rules in NIST to follow and if private and all public organizations can follow and implement such guidelines which are prepared by the agencies. (NIST document sources).
In comparing and contrast the cloud definitions that differ with NIST definitions are there is no community cloud in other definitions apart from NIST standards where community of consumers from companies that have shared concerns. There are rules which must and should follow with the NIST cloud computing definition. Majority of the points compared and observed are all similar. There are some characteristics that differ with NIST definition are workload resilience and migration flexibility which are not addressed.
There are many recommendations from NIST and they are terminology, remedies, compliance, security, criticality, backup, negotiated service agreement, service agreement changes. There other recommendations in all the service models. In software as a service model, there are data protection where needs to analyze the provider’s configurations and data locations which are subscribed SaaS application. Client device application protection, which need to protect consumer client devices from all vulnerabilities and attacks. Encryption, which needs a very strong encryption service by using a robust algorithm and need to ensure that all cryptographic keys are adequately protected.
The recommendations and synopsis on a platform as a service systems are generic interfaces which are preferable, standard languages and tools to be restricted proprietary language and tools, data access work with standard access controls, data protection must meet confidentiality and compliance, application frameworks where the tools will mitigate security vulnerabilities, component testing which will ensure the software libraries include with compilation phase and security to be run in a secure manner moreover to be dedicated VLAN segment, make sure secure deletion of data reliability on a consumer’s request. (Armburst, Micheal, Rean Griffith, 2009).
The recommendations and synopsis for Infrastructure as a service systems are multi-tenancy, data protection, secure data deletion, administrative access, VM migration, virtualization best practices.
There are many publications release on the security perspective in public cloud computing where that are believed to have long-term significance where security and privacy considerations are stem from information technology and also are known problems cast in a new setting. Critical guidelines on data and applications may require an agency to undertake a negotiated service agreement in order to use a public cloud. There are many service models, deployment models, outsourcing and accountability, service agreements, the security privacy upside and downside, and about public cloud services. There are key security and privacy issues by governance, compliance, trust, by the architecture, data protection etc. there are also steps to focus on public cloud outsourcing with general concerns, preliminary activities, initiating and coincident activities. There is a security consideration in the system development life cycle. (Eileen Marie Hanna, 2012).
Armburst, Micheal, Rean Griffith, et al. (2009). Above the Clouds: A Berkeley View of Cloud Computing. Berkeley: EECS Department, University of California.
Geelan, Jeremy. (2009). Twenty-One Experts Define Cloud Computing. Virtualization Journal,
Eileen Marie Hanna , Nader Mohamed , Jameela Al-Jaroodi, (2012). The Cloud: Requirements for a Better Service, Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.