Focusing on Data and Fact with less Hype

Jon Shende

Subscribe to Jon Shende: eMailAlertsEmail Alerts
Get Jon Shende: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Microservices Journal, Cloud Development Tools

Article

Standards Acceleration to Jump-Start Adoption of Cloud Computing

National Institute of Science and Technology (NIST) leads the direction to developing a cloud standard

One major concern with the adoption of cloud computing is the lack of a defined standard or standards that are specific to operations impacting security, interoperability & mobility within the Cloud ecosystem.

As most managers of security departments will attest to, there is a fine line between security and operations. While we as business managers want to ensure that we maximize the ROI on our operational investments and ensure that availability is paramount  for our users, we do not want to do so at the expense of our security measures, policies and protocols.

On the other hand we do not want to lock down a system providing maximum security, but to such an extent that there is a degradation in availability - thus negatively impacting operations and our revenue stream by extension.

In the traditional IT Security/Operational world we balance tools and metrics from ITIL and ISO 27001 with that of ISO 27002, COBIT and TOGAF for instance.These to integrate with requirements from FISMA, HIPAA,SOX 404, SAS 70 -2, GLBA etc; but what happens in the cloud ecosystem when we are placing assets in care of a provider who may have systems distributed internationally?  How does all of this fit into the management of risk, governance and compliance of a multinationally distributed system?

IT Scientists at NIST in an attempt to address this gap impacting standards and levels of uncertainty that follows the adoption of related new technologies, proposed SAJAAC.

SAJAAC aims is to initiate the process of hammering out a standard that focuses on "strategy, process and protocol" while reduce the uncertainty which is following the lack of standards within the cloud arena.

NIST in its focus on cloud adoption, believes that" by validating key cloud specifications & sharing information," enterprises can "build confidence in cloud computing technology in the interim before formalized standards are available."

SAJAAC is represented by Scientists at NIST as follows:

SAJAAC

Source - Overview: NIST Cloud Computing Effort presented by Dawn Leaf : May 20th 2010.

As shown in the schematic, there is a NIST hosted portal which is publicly accessible; its aim is to catalyze verifiable information as it is exchanged. Then there is an area of specifications and use cases with ongoing contributions from cloud computing stakeholders based within the areas of industry, academia, and government.

These use cases will be published on the portal and available publicly after a period of vetting and improvements;they will focus on interpreting "requirements in the form of behavioral scenarios which describe the interaction between people and computer systems."

The purpose of these scenarios is to ensure that aspects of portability, interoperability, and security are met for cloud computing end users.

SAJAAC's implementation will act as a key provider of data which will be included in a special publication on cloud computing that scientists at NIST are currently working on.

The advantage of this model, is it's openness to input and collaboration from industry and other relevant avenues, its ongoing parameters and its objectivity.

In closing one question still needs to be addressed which is; Will an addendum to 18 USC 1030 or the UK computer misuse act be crafted to prosecute a cracker who infiltrates our assets held in a cloud located in an area that may fall outside the FBI's jurisdiction or warrant no cooperation from a foreign government?

References

1.NIST Cloud Computing

http://csrc.nist.gov/groups/SNS/cloud-computing/

2.State Of Public Sector Cloud Computing

http://www.cio.gov/documents/StateOfPublicSectorCloudComputing.pdf

3.Overview: NIST Cloud Computing Effort presented by Dawn Leaf : May 20th 2010.

More Stories By Jon Shende

Jon RG Shende is an executive with over 18 years of industry experience. He commenced his career, in the medical arena, then moved into the Oil and Gas environment where he was introduced to SCADA and network technologies,also becoming certified in Industrial Pump and Valve repairs. Jon gained global experience over his career working within several verticals to include pharma, medical sales and marketing services as well as within the technology services environment, eventually becoming the youngest VP of an international enterprise. He is a graduate of the University of Oxford, holds a Masters certificate in Business Administration, as well as an MSc in IT Security, specializing in Computer Crime and Forensics with a thesis on security in the Cloud. Jon, well versed with the technology startup and mid sized venture ecosystems, has contributed at the C and Senior Director level for former clients. As an IT Security Executive, Jon has experience with Virtualization,Strategy, Governance,Risk Management, Continuity and Compliance. He was an early adopter of web-services, web-based tools and successfully beta tested a remote assistance and support software for a major telecom. Within the realm of sales, marketing and business development, Jon earned commendations for turnaround strategies within the services and pharma industry. For one pharma contract he was responsibe for bringing low performing districts up to number 1 rankings for consecutive quarters; as well as outperforming quotas from 125% up to 314%. Part of this was achieved by working closely with sales and marketing teams to ensure message and product placement were on point. Professionally he is a Fellow of the BCS Chartered Institute for IT, an HITRUST Certified CSF Practitioner and holds the CITP and CRISC certifications.Jon Shende currently works as a Senior Director for a CSP. A recognised thought Leader, Jon has been invited to speak for the SANs Institute, has spoken at Cloud Expo in New York as well as sat on a panel at Cloud Expo Santa Clara, and has been an Ernst and Young CPE conference speaker. His personal blog is located at http://jonshende.blogspot.com/view/magazine "We are what we repeatedly do. Excellence, therefore, is not an act, but a habit."