US Government Creates Cloud Computing Security Group

Federal Computing Weekly recently reported that the National Institute of Standards and Technology (NIST), an agency of the Commerce Department’s Technology Administration, has announced plans to create a Cloud Computing Security group.

The National Institute of Standards and Technology has created a new team to determine the best way to provide security for agencies that want to adopt the emerging technology called cloud computing, said Ron Ross, a senior computer scientist and information security researcher at NIST.

“The team will give our customers a sense of what kinds of risks they may be taking on by moving into that new territory,” Ross said today at the SaaS/Gov 2009 conference produced by the Software and Information Industry Association and market research firm Input.

Googling reveals an earlier presentation titled ‘Perspectives on Cloud Computing and Standards‘ by Peter Mell and Tim Grance from the Information Technology Laboratory at NIST, wherein they announce plans to develop a NIST Special Publication on Cloud Computing Security to cover the following:

I recommend reading the rest of the presentation , particularly around the NIST definition of Cloud (“what you can’t define, you can’t standardize”) and some of the implementation options under consideration. You can catch the authors giving this presentation in person at the Cloud Computing Interoperability Workshop on March 32rd 23rd in Virginia, US.

It will be interesting to see what this group proposes/mandates.

On a sidenote, this post is the perfect opportunity to draw your attention to fellow Cloud blogger Kevin Jackson. Kevin focuses on Public Sector Cloud news and developments making his blog a must-read.