NIST lays out roadmap for cloud computing
The National Institute of Standards and Technology released the final version of its Cloud Computing Technology Roadmap Volumes I and II, the culmination of a three-year old effort to assess and set objectives for the accelerated adoption of cloud computing in government.
“Cloud computing is still in an early deployment stage, and standards are crucial to increased adoption,” the report adds. “The urgency is driven by rapid deployment of cloud computing in response to financial incentives.”
The first volume, High-Priority Requirements to Further Cloud Computing Adoption, identifies 10 requirements NIST believes are necessary to maintain innovative cloud adoption across government. The requirements relate to interoperability, performance, portability and security, and are largely intact from the draft version of the roadmap, published in 2011.
Volume II, Useful Information for Cloud Adopters, is designed to be a technical reference for those actively working on strategic and tactical cloud computing initiatives. Volume II integrates and summarizes the work completed to date and explains how these findings support the roadmap introduced in Volume I.
Among Volume I’s 10 requirements is a call for a focus on technical specifications to enable development of consistent, high-quality Service-Level Agreements in provisioning cloud services.
Another requirement addresses the need for improved frameworks to support federated community clouds. “Technical policies, credentials, namespaces and trust infrastructure must be harmonized to support a community cloud that spans multiple service providers’ physical environments,” said the NIST plan.
Yet another requirement identifies the need to improve cloud service metrics, including standardized units of measurements for cloud resources. “In utility industries,” the paper said, “the notion of units of measurement is fundamental to buying and selling service.” But even though cloud computing uses a utility model for service delivery “IT resources are supplied as abstracted services, often characterized as infrastructure as a service or platform as a service. Consumers need to be able to precisely specify and receive services,” the paper argued.
The NIST document also acknowledges the role of parallel technologies, including big data and cybersecurity, in shaping cloud services as well as the way cloud acts an “enabler of big data capture, storage, analysis, sharing and management.”
“Big data subject matter experts commonly refer to cloud computing as being indistinguishable from big data,” said the NIST document. “Just as cloud computing struggled with definition early in its adoption, and similarly was represented as an “old” or “new” capability depending on the perspective of those defining it, big data as a concept is the focus of definition and framing discussions.
Likewise, cybersecurity has a complicated interdependency with cloud, according to the NIST roadmap, which “presents certain unique security challenges resulting from the cloud's very high degree of outsourcing, dependence on networks, sharing (multi-tenancy) and scale.”
Those security challenges include “authentication techniques such as multifactor authentication with tokens, applied cryptography and software assurance techniques (e.g., testing and analysis) needed to build confidence that logical boundaries implemented in cloud systems are sufficiently strong to provide security.”
NIST cited projects that relate to these challenges, including the Department of Homeland Security’s Continuous Asset Evaluation, Situational Awareness, and Risk Scoring (CAESARS) project, which provides an architecture for dynamic system monitoring and reporting, and the National Science Foundation Future Internet Architectures initiative, which is developing Internet architectures to provide advanced security and reliability in the context of emerging Internet usage patterns.
NIST says future phases of the roadmap project will involve applying the government cloud computing business use case template to support government cloud development, validating the Reference Architecture (SP 500-292) through examples of categorized services, and with establishing a repository of the mapped vendor services to support the government and others in comparing cloud service offerings.
The NIST paper represents the points of view of more than 200 commenters from federal agencies, industry, higher education and standards development groups in constituting a workable path for cloud computing.
Connect with the GCN staff on Twitter @GCNtech.