Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST Cloud Computing Program Current Activities

Published byJody Holt Modified over 8 years ago

Similar presentations

Presentation on theme: "NIST Cloud Computing Program Current Activities"— Presentation transcript:

1 NIST Cloud Computing Program Current Activities
Robert Bohn, Ph.D. NIST Cloud Computing Program Manager ETSI - Cloud Standards Coordination  5 December 2012, Cannes, France

2 Outline Roadmap Activities Updates on PAPs/Working Groups Security RA
SLA Guidance Cloud Metrics Cloud Broker Security RA Standards Update

3 USG Cloud Computing Roadmap – Volume I
Prioritized strategic and tactical requirements that must be met for USG agencies to further cloud adoption; Interoperability, portability, and security standards, guidelines, and technology needed to satisfy these requirements; Recommended list of Priority Action Plans (PAPs) -- candidates for voluntary self-tasking by the stakeholder community. Collaboration through public working groups & Federal Cloud Computing Standards & Technology Working Group Intent is to leverage PAPs that are identified as complete or under way by cloud stakeholder community; some may fall within NIST scope

4 USG Cloud Computing Technology Roadmap requirements
R 1:  International voluntary consensus based interoperability, portability and security standards (interoperability, portability, and security standards) R 2: Solutions for high priority Security Requirements (security technology) R 3:  Technical specifications to enable development of consistent, high quality Service Level Agreements (interoperability, portability, and security standards and guidance) R 4: Clearly and consistently categorized cloud services (interoperability and portability guidance and technology) R 5:  Frameworks to support seamless implementation of federated community cloud environments (interoperability and portability guidance and technology) R 6:  Technical security solutions which are de-coupled from organizational policy decisions (security guidance, standards and technology) R 7:  Defined unique government regulatory requirements, technology gaps, and solutions (interoperability, portability and security technology) R 8:  Collaborative parallel strategic “future cloud” development initiatives (interoperability, portability, and security technology) R 9:  Defined and implemented reliability design goals (interoperability, portability, and security technology) R 10: Defined and implemented cloud service metrics (interoperability and portability standards)

5 USG CC Roadmap – Volume II
Use collaboration through public working groups & Federal Cloud Computing Standards & Technology Working Group to continue to validate findings Reference Architecture & Taxonomy Recommend Industry Mapping so that USG agencies & others can more easily and consistently compare cloud services In parallel, support formal standards development process leveraging the reference architecture Standards Provide avenue for USG agency engagement Continue standards roadmap Target Business Use Cases & SAJACC Expand initial use case set & use SAJACC to identify gaps Security leverage working groups to finalize special publication focusing on challenging security requirements Continue technical advisor role – e.g. FedRAMP, continuous monitoring, conformity assessment system

6 USG CC Roadmap – Volume III
BUILDS ON the first two volumes of the USG Cloud Computing Technology Roadmap IS FOR USG agency technical planning and implementation teams - AND ANYONE ELSE THAT FINDS IT USEFUL HAS A GOAL to inform decision makers regarding questions and decision factors in the context of Cloud Computing use cases DESCRIBES HOW to leverage the Federal Cloud Computing Strategy Decision Framework for Cloud Migration and the collaborative NIST Cloud Computing Program work

7 Decision Framework

8 16 aspects… Selection Provision Manage Efficiency Aggregate demand
Agility Innovation Security Requirements Service characteristics Market Characteristics Network infrastructure Government readiness Technology lifecycle Provision Aggregate demand Integrate services Contract effectively Realize value Manage Shift mindset Actively monitor Re-evaluate periodically

9 Application Categories
Collaboration Tools Planning/Management Tools Web Server/Content Management Identity Management Document Retrieval/Library System PaaS IaaS

10 Next Steps for PAPs/Working Groups
Goal 1 - Requirement 3: Address “Technical Specifications for High-Quality Service-Level Agreements”. Goal 2 - Requirement 10: Address “Defined & Implemented Cloud Service Metrics”. Goal 3 -Advanced Actor Analysis - To further the discussion on the roles of and interactions of cloud computing actors (consumer/auditor/broker/carrier).

11 SLA Taxonomy Chair: John Messina (NIST) and Ken Stavinoha (Cisco)
Purpose: Address Roadmap Requirement 3 on Service Level Agreements (SLA)s Goals: Create a mindmap/taxonomy identifying the major elements that should appear within a high-quality SLA. Write report on how to create high-quality SLA Status: Mindmap/taxonomy draft complete (available on NIST CC twiki public website) Report draft complete (available on NIST CC twiki public website) Moving Forward: Establish Federal SLA collaborative activities Submit material to international standards bodies for further development

12 Mind Map of a Master Service Agreement

13 Contents of SLA Business Level Objectives Roles & Responsibilities
Requirements Operational Policies Continuity Limitations Financial Glossary of Terms Service Level Objectives Resources Performance Indicators Service Deployment Service Management Description Security Privacy

14 Cloud Business Requirements

15 Performance Indicators

16 Cloud Metrics Chair: Frederic J. de Vaulx and Steve Woodward (CloudPersectives) Purpose: Address Roadmap Requirement 10 on Cloud Metrics Goals: Improve consistency & terminology to facilitate valuable comparative analysis Create a framework to help clarify measures, definitions and collection methods Align with the roadmap high priority goals like SLAs Status: Cloud reference and description list (available on NIST CC twiki public website) Draft concept model for cloud metrics, measures and usages (available on NIST CC twiki public website) Moving Forward: Present the concept model to organizations involved in cloud metrics Write the Cloud Measure document based on the draft outline

17 Cloud Metrics Work Areas & Priorities

18 Goal 3: Advanced Actor Analysis – Cloud Broker
Intermediate Cloud Service Provider dd Consumer accesses multiple provider services through a single broker interface The Cloud Consumer retains visibility into the cloud service providers they use Intermediary uses additional providers as invisible components of its own service, presented as integrated offering No consumer visibility into or control over additional cloud providers

19 The NIST Cloud Computing Reference Architecture
Cloud Carrier Cloud Auditor Security Audit Privacy Impact Audit Performance Audit Cloud Service Consumer Cloud Broker Service Intermediation Aggregation Arbitrage Cloud Service Provider Privacy Physical Resource Layer Hardware Facility Resource Abstraction and Control Layer Service Layer IaaS SaaS PaaS Cloud Service Management Business Support Provisioning/ Configuration Portability/ Interoperability

20 NIST Security Reference Architecture
Physical Resource Layer Hardware Facility Resource Abstraction and Control Layer Service Layer IaaS SaaS PaaS Biz Process/ Operations App/Svc Usage Scenarios Software as a Service Cloud Provider Application Development Platform as a Service Develop, Test, Deploy and Manage Usage Scenarios Note that the supporting technology for each service model is different. This also will result in different security considerations. Each service model will likely have very different security architectures. Infrastructure as a Service Create/Install, Manage, Monitor Usage Scenarios IT Infrastructure/ Operation

21 Draft NIST CC Reference Architecture
Cloud Consumer Cloud Consumer Cloud Provider Cloud Broker Cloud Orchestration Cloud Service Management Service Layer SaaS Service Intermediation Business Support Cloud Auditor PaaS IaaS Provisioning/ Configuration Service Aggregation Security Audit Resource Abstraction and Control Layer Privacy Impact Audit Physical Resource Layer Portability/ Interoperability Service Arbitrage Hardware Performance Audit Facility Cloud Carrier Cross Cutting Concerns: Security, Privacy, etc

22 NIST Security Reference Architecture – formal model

23 Cloud Computing Standards Developers
IEEE ISO IEC IETF ITU-T PSDO SG 11 Signalling requirements, protocols and test specifications SG 13 Future networks including mobile and NGN SG 17 Security ISO TC 68 Financial services ISO/IEC JTC 1 Information Technology JTC 1 PAS Submitters OASIS OMG SNIA TCG W3C OGF CA OCC SC 2 Financial Services, security SC 7 Software & systems engineering SC 27 IT security techniques SC 38 Distributed application platforms & services ATIS CSA Kantara TIA others Key: PSDO = Partner Standards Development Organization; PAS = Publicly Available Specification; = private sector, national member-based international standards body; = UN agency, member state-based international standards body; = international consortium standards developer 23

24 NIST SP 500-291 Recommendations Accelerating Development and Use of Cloud Standards
Contribute Agency Requirements Participate in Standards Development Encourage Compliance Testing to Accelerate Technically Sound Standards-Based Deployments Specify Cloud Computing Standards USG-Wide Use of Cloud Computing Standards Dissemination of Information on Cloud Computing Standards Contribute Agency Requirements Participate in Standards Development Encourage Compliance Testing to Accelerate Technically Sound Standards-Based Deployments Specify Cloud Computing Standards USG-Wide Use of Cloud Computing Standards Dissemination of Information on Cloud Computing Standards

25 New Topics for Consideration
Accessibility Conformity Assessment Performance Reliability Forensics Law Enforcement Education

26 NIST Cloud Computing Special Publications
CC Standards Roadmap …………………… CC Reference Architecture………………… USG CC Technology Roadmap Draft Guidelines on Security and Privacy …… Definition of Cloud Computing ………… CC Synopsis & Recommendations…… Searchable as “NIST SP xxx-nnn”

27 Contacts Dr. Chris Greer chris.greer@nist.gov
Dr. Robert Bohn John Messina Dr. Michaela Iorga Annie Sokol Mike Hogan Eric Simmon Frederic de Vaulx Acting SES Program Mgr RA/Tax Co-Convener Security Standards Volume III Metrics NIST ITL Cloud Computing Home Page NIST Cloud Computing Collaboration Site (twiki)

Download ppt "NIST Cloud Computing Program Current Activities"

Similar presentations

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.

ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
DMTF Cloud Standards Cloud Management & OVF Update to ITU-T SG13.

DMTF Cloud Standards Cloud Management & OVF Update to ITU-T SG13.
NIST Cloud Computing Program 1 NIST Cloud Computing Program - Highlights & Next Steps NIST Mission: To promote U.S. innovation and industrial competitiveness.

NIST Cloud Computing Program 1 NIST Cloud Computing Program - Highlights & Next Steps NIST Mission: To promote U.S. innovation and industrial competitiveness.
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
September 30, 2011 OASIS Open Smart Grid Reference Model: Standards Landscape Analysis.

September 30, 2011 OASIS Open Smart Grid Reference Model: Standards Landscape Analysis.
Delivering Mission Agility Through Agile SOA Governance 13 th SOA e-Government Conference 4/12/2012 Presented by Wolf Tombe Chief Technology Officer (CTO)

Delivering Mission Agility Through Agile SOA Governance 13 th SOA e-Government Conference 4/12/2012 Presented by Wolf Tombe Chief Technology Officer (CTO)
Decision Making Tools for Strategic Planning 2014 Nonprofit Capacity Conference Margo Bailey, PhD April 21, 2014 Clarify your strategic plan hierarchy.

Decision Making Tools for Strategic Planning 2014 Nonprofit Capacity Conference Margo Bailey, PhD April 21, 2014 Clarify your strategic plan hierarchy.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
e-Framework Components and Responsibilities.

e-Framework Components and Responsibilities.
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Geneva, Switzerland, 14 November 2014 Cloud computing reference architecture Olivier Le Grand, Standardization Senior Manager on Future Networks, Orange.

Geneva, Switzerland, 14 November 2014 Cloud computing reference architecture Olivier Le Grand, Standardization Senior Manager on Future Networks, Orange.
Annie W. Sokol, IT Specialist, NIST

Annie W. Sokol, IT Specialist, NIST
A Tour of Federated Clouds Robert Bohn, PhD Advanced Network Technologies Division GEOSS 25 March 2015 Norfolk, VA.

A Tour of Federated Clouds Robert Bohn, PhD Advanced Network Technologies Division GEOSS 25 March 2015 Norfolk, VA.
1 ISO/RTO Council Wholesale Demand Response Projects & OpenADR David Forfia.

1 ISO/RTO Council Wholesale Demand Response Projects & OpenADR David Forfia.
Cloud Computing Guide & Handbook SAI USA Madhav Panwar.

Cloud Computing Guide & Handbook SAI USA Madhav Panwar.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Similar presentations

Ads by Google