ITU Workshop on “Cloud Computing Standards –
Today and the Future”
(Geneva, Switzerland 14 November 2014)
National Institute of Standards and
Technology (NIST)
CLOUD COMPUTING PROGRAM
Annie W. Sokol,
IT Specialist, NIST
Annie.sokol@nist.gov
Geneva, Switzerland, 14 November 2014
Overview of
NIST Cloud Computing Program
Federal Cloud Computing Strategy
NIST Cloud Program Launch &
Objectives
Federal Cloud Computing Technology
Roadmap
NIST Focus
Federal IT Strategies
Federal Cloud Computing Strategy
US IT Budget ~ $80B/year: Savings
~25%
Move existing apps to cloud when possible
Select – Provision – Manage
3 main agencies
GSA – Procurement (FedRAMP)
DHS – Operational Security
NIST – Standards
Select – Provision - Manage
5
Why NIST?
US government agencies need Cloud Computing
standards & guidance to accelerate effective adoption
Private sector and U.S. government agencies must work
together to identify highest priority USG Cloud
Computing requirements & gaps
Neutral, objective entity is instrumental in encouraging
innovation and “a level playing field” for U.S. industry
Program Goal
To accelerate the federal government’s adoption of cloud
computing
–
Build a USG Cloud Computing Technology Roadmap which
focuses on the highest priority USG cloud computing security,
interoperability and portability requirements
–
Lead efforts to develop standards and guidelines in close
consultation and collaboration with standards bodies, the private
sector, and other stakeholders
NIST Cloud Computing Program
PHASE I
• Launch & Objectives
• Standards, Workshops, Architecture
PHASE II
• Future Architecture
• Activities
Public Working Groups
Building the NIST Cloud Computing
Technology Roadmap
Business Use Cases
SAJACC
Define Target
USG Cloud
Computing Use
Cases
priorities
risks
obstacles
Cloud Computing
Standards & Technology
Roadmap
Standards
•Translate
Requirements
•Identify Gaps
Security
Ref Arch & Tax
Define Neutral Cloud
Computing Reference
Architecture &
Taxonomy
Expand
CC defn,
ref. arch.
SP 500-293 USG Cloud Computing
Roadmaps – Volume I & II
Use
collaboration
through public
working groups
to validate
findings
Core Elements:
• Prioritized strategic and tactical requirements that must be met for USG agencies
to further cloud adoption;
• Interoperability, portability, and security standards, guidelines, and technology
needed to satisfy these requirements;
• Recommended list of Priority Action Plans (PAPs) -- candidates for voluntary selftasking by the stakeholder community.
SP 500-293 Volume I
Roadmap Requirements
Priority Action Plans (PAPs)
1.
2.
3.
4.
5.
International voluntary
consensus-based standards*
Solutions for High-priority
Security Requirements,
technically de-coupled from
organizational policy decisions
Technical specifications to
enable development of
consistent, high-quality
Service-Level Agreements *
Clearly and consistently
categorized cloud services*
Frameworks to support
seamless implementation of
federated community cloud
environments*
Updated Organization
Policy that reflects the
Cloud Computing Business
and Technology model
7. Defined unique
government regulatory
requirements and
solutions*
8. Collaborative parallel
strategic “future cloud”
development initiatives*
9. Defined and implemented
reliability design goals*
10. Defined and implemented
cloud service metrics*
* (Interoperability, portability
and security technology)
6.
SP 500-293 USG Cloud Computing
Roadmap – Volume II
Useful information
for Cloud Adopters
- Summary of the
work completed
- Analysis
supports: high
priority
requirements
introduced in
Volume I
- References to
detailed
publications and
external work
Reference Architecture & Taxonomy
• Recommend Industry Mapping so that USG agencies &
others can more easily and consistently compare cloud
services
• In parallel, support formal standards development
process leveraging the reference architecture
Standards
• Provide avenue for USG agency engagement
• Continue standards roadmap
Target Business Use Cases & SAJACC
• Expand initial use case set & use SAJACC to identify
gaps
Security
• leverage working groups to finalize special publication
focusing on challenging security requirements
• Continue technical advisor role – e.g. FedRAMP,
continuous monitoring, conformity assessment system
Status
Phase I (COMPLETED)
Reference Architecture & Taxonomy
Security Reference Architecture
Descriptions of Cloud Broker
Standards Inventory
Phase II (On-going)
Future Architecture
Activities
Current Cloud Focus Areas
Refinement
Actors
Services
Architecture
Service level agreements
Metrics
Interoperability and Portability
Federation
Future Outlook
The convenience of reliable, trusted and
measureable cloud services become a
foundational element of the global economy.
These services, constructed with open
standards and metric based building blocks,
form the basis for a collection of
interconnected clouds to:
 facilitate world-wide collaboration & shared
knowledge
 drive innovation
 provide positive environmental and economic
impacts
Contacts
Dr. Abdella Battou
Dr. Robert Bohn
Lisa Carnahan
John Messina
Dr. Michaela Iorga
Annie Sokol
Mike Hogan
Eric Simmon
Frederic de Vaulx
abdella.battou@nist.gov
robert.bohn@nist.gov
lisa.carnahan@nist.gov
john.messina@nist.gov
micheala.iorga@nist.gov
annie.sokol@nist.gov
michael.hogan@nist.gov
eric.simmon@nist.gov
frederic.devaulx@nist.gov
CC Lead/ANTD Chief
Program Manager
Conformity Assessment
RA/Tax
Security
Standards
Standards
SLA/Standards
Metrics
NIST ITL Cloud Computing Home Page http://www.nist.gov/itl/cloud
NIST Cloud Computing Collaboration Site (twiki)
http://collaborate.nist.gov/twiki-cloudcomputing/bin/view/CloudComputing
Additional References
Geneva, Switzerland, 14 November 2014
17
Why Standards
Highlights of a study by DIN (German Standards Institute) and the German Federal Ministry of
Economic Affairs and Technology (IEEE Think Standards, http://www.thinkstandards.net/benefits.html )
Standards contribute more to
economic growth than patents
and licenses
Standards play a strategic
significance to companies
Companies that participate
actively in standards work have
a head start on their
competitors in adapting to
market demands
Research risks and
development costs are reduced
for companies contributing to
the standardization process
Business that are actively
involved in standards work
more frequency reap short and
long term benefits with regard
to costs and competitive status
than those who do not
participate
Participating in standards
development enables one to
anticipate technology
standardization thereby
facilitating one’s products
progress simultaneously with
technology
Standards are a positive
stimulus for innovation
NIST Publications relating to
Cloud Computing
NIST Special Publication 800-144, Guidelines on Security and
Privacy in Public Cloud Computing, December 2011
NIST Special Publication 800-145, NIST Definition of Cloud
Computing, September 2011
NIST Special Publication 800-146, Cloud Computing Synopsis
and Recommendations, May 2012
NIST Special Publication 500-291, NIST Cloud Computing
Standards Roadmap, July 2011
NIST Special Publication 500-292, NIST Cloud Computing
Reference Architecture, September 2011
NIST Special Publication 500-299, NIST Cloud Computing
Security Reference Architecture (Draft)