The National Institute of Standards and Technologies is calling on agencies to take the lead in addressing security and privacy challenges relating to public cloud computing.
NIST’s Guidelines on Security and Privacy in Public Cloud Computing do not suggest any specific service or deployment method for cloud computing, but lists several guidelines agencies should follow when considering their cloud services.
NIST asked agencies to plan and consider the security aspects of utilizing the cloud and said agencies should ensure cloud solutions fulfill the agency’s requirements.
The document also suggests agencies establish strong contractual obligations and stay on top of agency need and whether the provider is meeting those needs. NIST told agencies they are responsible for securing data and applications implemented and deployed in public cloud computing environments.
“The organization should collect and analyze available data about the state of the system regularly and as often as needed to manage security and privacy risks, as appropriate for each level of the organization,” NIST said.