The purpose of this publication is to provide an overview of public cloud computing and the security and privacy challenges involved. The document discusses the threats, technology risks, and safeguards for public cloud environments, and provides the insight needed to make informed information technology decisions on their treatment.
The key guidelines include:
- Carefully plan the security and privacy aspects of cloud computing solutions before implementing them.
- Understand the public cloud computing environment offered by the cloud provider.
- Ensure that a cloud computing solution — both cloud resources and cloud-based applications — satisfy organizational security and privacy requirements.
- Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.
The intended audience for this publication includes the following categories of individuals:
- System managers, executives, and information officers making decisions about cloud computing initiatives
- Security professionals, including security officers, security administrators, auditors, and others with responsibility for information technology security
- Information technology program managers concerned with security and privacy measures for cloud computing
- System and network administrators
- Users of public cloud computing services.
The publication also provides a detailed list of Federal Information Processing Standards and NIST special publications that provide materials particularly relevant to cloud computing and are recommended to be used in conjunction with SP 800-144.
- ↑ "Guidelines on Security and Privacy in Public Cloud Computing" was first issued as a draft for public comment in February 2011. See Tech Beat, "Cloud Computing at NIST: Two New Draft Documents and a Wiki" (Feb. 2, 2011) (full-text).