Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST Cloud Computing Program 1 NIST Cloud Computing Program - Highlights & Next Steps NIST Mission: To promote U.S. innovation and industrial competitiveness.

Similar presentations


Presentation on theme: "NIST Cloud Computing Program 1 NIST Cloud Computing Program - Highlights & Next Steps NIST Mission: To promote U.S. innovation and industrial competitiveness."— Presentation transcript:

1 NIST Cloud Computing Program 1 NIST Cloud Computing Program - Highlights & Next Steps NIST Mission: To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life ©Robert Rathe Secure Cloud 2012, May 10, 2012 Robert Bohn, Cloud Computing Program Manager

2 NIST Cloud Computing Program 2 2 Accelerate the federal government’s adoption of cloud computing* –Build a USG Cloud Computing Technology Roadmap which focuses on the highest priority USG cloud computing security, interoperability and portability requirements –Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders Unchanged: NIST Cloud Computing Program Goal… * REF

3 NIST Cloud Computing Program 3 3 May 2010 Nov 2010 STRATEGICSTRATEGIC NIST CC Definition Tactical efforts Outreach & Fact finding with USG, Industry, SDOs Evaluate past models & lessons learned Define fresh approach to support secure & effective USG cloud computing adoption, prioritize interoperability, portability, & security requirements, collaborate, more quickly respond to operational needs Launch CC Strategic Program Initiate Stakeholder Meetings Collaboratively define working group scope & resources Refine Plan April 2011 Execute CC Strategic program Continue Stakeholder meetings Integrate results into tactical priorities NIST CC Forum & Workshop I NIST CC Forum & Workshop II NIST CC Forum & Workshop III Nov 2011 NIST CC Forum & Workshop IV Complete 1 st draft Interagency Report Assess Results & Replan USG Cloud Computing Technology Roadmap USG Cloud Computing Technology Roadmap REVISITING NIST CLOUD COMPUTING PROGRAM (PHASE 1)… INITIATIVE TO BUILD A USG CLOUD COMPUTING TECHNOLOGY ROADMAP How to build a USG Cloud Computing Technology Roadmap 1. Define Target USG Cloud Computing Use Cases 2. Define Neutral Cloud Computing Reference Architecture & Taxonomy 3. Generate Roadmap – Translate Requirements & Identify Gaps

4 NIST Cloud Computing Program 4 4 USG Cloud Computing Technology Roadmap requirements* - high priorities to further USG Cloud Computing Technology Adoption: Requirement 1: International voluntary consensus based interoperability, portability and security standards Requirement 2: Solutions for high priority Security Requirements Requirement 3: Technical specifications to enable development of consistent, high quality Service Level Agreements Requirement 4: Clearly and consistently categorized cloud services Requirement 5: Frameworks to support seamless implementation of federated community cloud environments Requirement 6: Technical security solutions which are de- coupled from organizational policy decisions Requirement 7: Defined unique government regulatory requirements, technology gaps, and solutions Requirement 8: Collaborative parallel strategic “future cloud” development initiatives Requirement 9: Defined and implemented reliability design goals Requirement 10: Defined and implemented cloud service metrics * relationship to interoperability, portability, and security guidance, standards, & technology highlighted in roadmap Volume I - Highlights

5 NIST Cloud Computing Program 5 Volume II - Highlights

6 NIST Cloud Computing Program 6 How to build a USG Cloud Computing Technology Roadmap 1. Define Target USG Cloud Computing Business Use Cases 2. REFINE & APPLY Neutral CC Reference Architecture & Taxonomy 3. UPDATE Cloud Computing Technology Roadmap – Translate Requirements & Identify Gaps priorities risks obstacles Vendors map services Strategic Program (continue phase 1 activities and…) NIST Tactical Program USG Cloud Computing Technology Roadmap USG Cloud Computing Technology Roadmap... leverage Priority Action Plans (PAPs) selected for self-tasking by Cloud Stakeholder Community Assess & Track: USG CC High Priority Requirements met by Priority Action Plans (self-tasked by NIST and other CC stakeholders) Rqmt 1: International consensus interoperability, security, portability standards Rqmt 2: Solutions for High Priority Security requirements Rqmt 3: Technical Specifications to enable high quality SLAs ……. Rqmt 10: Defined and Implemented cloud service metrics Integrate results into tactical priorities Measure Results We have practical opportunities to leverage our efforts … one is identifying complementary efforts the NIST Roadmap refers to as Priority Action Plans

7 NIST Cloud Computing Program 7 7 Recommended Priority Action Plans are tactical as well as strategic Examples of Priority Action Plans & interim solutions to apply while cloud solutions are maturing USG Cloud Computing Technology Roadmap requirements - high priorities to further USG Cloud Computing Technology Adoption: Requirement 1: International voluntary consensus based interoperability, portability and security standards (interoperability, portability, and security standards) Requirement 2: Solutions for high priority Security Requirements (security technology) Requirement 3: Technical specifications to enable development of consistent, high quality Service Level Agreements (interoperability, portability, and security standards and guidance) Requirement 4: Clearly and consistently categorized cloud services (interoperability and portability guidance and technology) Requirement 5: Frameworks to support seamless implementation of federated community cloud environments (interoperability and portability guidance and technology) Requirement 6: Technical security solutions which are de-coupled from organizational policy decisions (security guidance, standards and technology) Requirement 7: Defined unique government regulatory requirements, technology gaps, and solutions (interoperability, portability and security technology) Requirement 8: Collaborative parallel strategic “future cloud” development initiatives (interoperability, portability, and security technology) Requirement 9: Defined and implemented reliability design goals (interoperability, portability, and security technology) Requirement 10: Defined and implemented cloud service metrics (interoperability and portability standards) Encourage standards & compensate with Service Level Agreements to require demonstration of data/system portability between providers Request that cloud service vendors map their offerings to a common reference (i.e. NIST Reference Architecture) so that it is easier to compare services Define unique USG/mission/sector/business Requirements (e.g. 508 compliance, e-discovery, record retention )

8 NIST Cloud Computing Program 8 NIST COMPUTING PROGRAM TIMELINE (PHASE 2) June 2012 STRATEGICSTRATEGIC NIST Cloud Computing Special Pubs Guidelines on Security and Privacy …… Definition of Cloud Computing ………… CC Synopsis & Recommendations…… CC Standards Roadmap ………………… CC Reference Architecture…………… USG CC Technology Roadmap Draft Tactical efforts Public & Federal Standards & Technology working groups Initiate NIST CC Program Phase II Integrate & track USG Technology Roadmap Priority Action Plans (PAPs) with external stakeholders Integrate results into tactical priorities Measure Results Nov 2011 NIST CC Forum & Workshop IV NIST CC Forum & Workshop V Nov 2012 NIST CC Forum & Workshop VI Re-Assess Progress & Phase 2 Plan Standards liaison, FedRamp & other technical advisory, Guidance, Koala USG Cloud Computing Technology Roadmap Version 2 USG Cloud Computing Technology Roadmap Version 2 Analyze Phase 1 working group & project results Complete 1 st draft for public comment USG Cloud Computing Technology Roadmap Version 1 SP USG Cloud Computing Technology Roadmap Version 1 SP Planned NIST Cloud Computing Special Pubs Challenging Security Requirements for US Government CC Adoption Revised USG CC Technology Roadmap Vol I High-priority requirements to Further USG Agency CC Adoption 2.Vol II Useful Information for Cloud Adopters 3.Draft Vol. III Technical Considerations for USG CC Deployment Decisions

9 NIST Cloud Computing Program Goals for RA/Tax Public WG Goal 1 - Requirement 3: Address “Technical Specifications for High-Quality Service-Level Agreements” Goal 2 - Requirement 5: Address “Frameworks to Support Federated Community Clouds”. Goal 3 - Requirement 10: Address “Defined & Implemented Cloud Service Metrics”. Goal 4 -Advanced Actor Analysis - To further the discussion on the roles of and interactions of cloud computing actors (consumer/auditor/broker/carrier). Goal 5 - Develop an in-depth study on security and RA mapping. (Collaborative with CC Security WG) 9

10 NIST Cloud Computing Program GOAL 1: R3 - Technical Specifications for High-Quality Service-Level Agreements & PAPs Cloud SLAs represent a negotiated service contract between two parties that specifies what cloud service will be provided to the customer. This requirement must be met to ensure: – key elements required for cloud services (warranties, guarantees, performance metrics, etc.) are not left out of the SLA and therefore rendered unenforceable, – common terms and definitions are used within the SLAs to avoid costly misunderstandings between parties, – to create an environment which allows agencies to objectively compare competing services. 10 Develop a controlled and standardized vocabulary of cloud SLA terms and definitions. Ensure consistency in guidance and policy regarding SLA relevant terms and definitions. Develop a cloud SLA Taxonomy to ensure the complete specification of key cloud computing elements that need to appear in an SLA periodically PAPs

11 NIST Cloud Computing Program Draft Master Service Taxonomy

12 NIST Cloud Computing Program Draft SLA Cloud SLA Taxonomy

13 NIST Cloud Computing Program GOAL 2: R5- Frameworks to Support Federated Community Clouds & PAPs The case in which a Community Cloud deployment is not implemented in an environment (private/public cloud) that accommodates the entire community, there is a need to define and implement mechanisms to support the governance and processes that enable federation and interoperability between different cloud service provider environments to form a general or mission-specific federated Community Cloud. PAPs 13 Define federated Community cloud requirements and scenarios Identify how Hybrid Cloud and Cloud Broker elements described in the cloud Reference Architecture can be leveraged and harmonized Present analysis of GRID communities’ applicability to federated cloud communities, including technology, trust infrastructure, & governance All stakeholders -- assess Intercloud efforts (e.g., Standards Developing Organizations) for applicability NEW: Document current usage patterns and projected near-term trends in grid and cloud architectures with attention to tools used for effective support of federated user communities.

14 NIST Cloud Computing Program GOAL 2: R5- Current Activities Developing SOW, project plans Invitation to the Grid communities to participate Collaboration Tools: Supplemental Wiki. Identify, assemble and make available prior Grid community documents 14

15 NIST Cloud Computing Program GOAL 3: R10 - Defined & Implemented Cloud Service Metrics & PAPs In utility industries, the notion of units of measurement is fundamental to buying and selling service. However, in the case of cloud computing service delivery, which uses a utility model, IT resources are supplied as abstracted services, often characterized as Infrastructure as a Service or Platform as a Service. Abstracted services can be set to run fast or slow, to be small or large, and to be as reliable as desired (subject to underlying technology constraints). Service consumers pay for a “quantity” and a "quality" of the service, which is metered by a cloud computing system. Consumers need to be able to precisely specify and receive services. PAPs 15 Specify and Standardize the Units of Measurement for cloud services, seeking public comment and collaboration In parallel, incorporate Cloud Service Units of Measurement consistently in Service-Level Agreements

16 NIST Cloud Computing Program GOAL 3: R10 - Areas of Concentration & Deliverables Areas of Concentration Specify and normalize a small set of existing units of measurement for cloud services Define the cloud service measurement space, need atomic service units. The integration of normalized Units of Measurement for cloud services to SLAs. Deliverables Draft specification of the cloud service measurement space. Template for listing and organizing Cloud Services Units of Measurement. List of non-exhaustive Cloud Services Units of Measurement (existing or new) and normalization methods. Report of study of Units of Measurement successfully defined and used for the IT industry (i.e. network, storage, database etc...) List of Cloud Services Units of Measurement relevant for SLAs. 16

17 NIST Cloud Computing Program GOAL 4: Advanced Actor Analysis The current NIST Reference Architecture document is very focused on the roles and responsibilities of the cloud provider. The four other roles were not studied to a similar depth. Therefore, inclusions of a fuller description of their responsibilities and the activities/functions they will perform is necessary to attain a more complete description in the NIST RA. For example, cloud carrier may provide additional services that are needed by the Cloud Consumer and Cloud Provider. Milestones Expansion of Cloud Consumer / Auditor / Broker Roles & Responsibilities 2/2012 Generate the relevant definitions3/2012 Discussion of actor interactions4/2012 Deliverables Analysis document5/

18 NIST Cloud Computing Program GOAL 5: Security RA that supplements NIST RA (Collaborative with CC Security WG) Develop a Security RA that supplements the NIST RA. The approach - leverage on the CSA’s Reference Architecture to design a Security Reference Architecture for Cloud Computing. Public IaaS – initial exercise Milestones INITIAL DRAFT:4/2012 INTERNAL REVIEW5/2012 ADDRESS COMMENTS & PUBLIC DRAFT6/ 2012 PUBLIC REVIEW7/ 2012 PROCESS & ADDRESS COMMENTS8/ 2012 FINAL DOCUMENT9/ 2012 Deliverables Internal draft4/2012 Public draft6/2012 Final document9/

19 NIST Cloud Computing Program 19 NIST invites you to collaborate with us on Cloud Computing! US Federal Cloud Computing references: Public NIST cloud web site: Cloud Computing Forum & Workshop V: June 5-7, 2012: Washington, DC Contacts: Dawn Leaf: Senior Executive for Cloud Computing Robert Bohn: Cloud Computing Program Manager United States Department of Commerce National Institute of Standards and Technology Information Technology Laboratory 100 Bureau Drive Stop 2000 Gaithersburg, MD Tel: (301) ,


Download ppt "NIST Cloud Computing Program 1 NIST Cloud Computing Program - Highlights & Next Steps NIST Mission: To promote U.S. innovation and industrial competitiveness."

Similar presentations


Ads by Google