The National Institute of Standards and Technology has released a preliminary set of guidelines for cloud computing security. The draft version of Special Publication 800-144, “Guidelines on Security and Privacy in Public Cloud Computing,” offers recommended precautions and policies that federal agencies should follow if they plan to use public cloud resources.The document does not dismiss public clouds as an option for government systems. But the authors of the document, NIST computer scientists Wayne Jansen and Timothy Grance, were clear about the many hazards of outsourcing systems to a public cloud provider. Much of what makes cloud computing an attractive option for government agencies is also at odds with the way agencies have traditionally applied governance and security to information systems, Jansen and Grance wrote”

Several critical pieces of technology, such as a solution for federated trust, are not yet fully realized, impinging on successful cloud computing deployments. Determining the security of complex computer systems composed together is also a long-standing security issue that plagues large-scale computing in general, and cloud computing in particular. Attaining high-assurance qualities in implementations has been an elusive goal of computer security researchers and practitioners and…is also a work in progress for cloud computing.

The rest of this post is at: Virtual Integrated System Blog – Government – NISTs Guidelines for Public Cloud Security Emphasize Risk Management.