NIST creates cloud-computing team

The National Institute of Standards and Technology has created a new team to determine the best way to provide security for agencies that want to adopt the emerging technology called cloud computing, said Ron Ross, a senior computer scientist and information security researcher at NIST.

“The team will give our customers a sense of what kinds of risks they may be taking on by moving into that new territory,” Ross said today at the SaaS/Gov 2009 conference produced by the Software and Information Industry Association and market research firm Input.

Cloud computing refers to an arrangement in which an organization pays a service provider to deliver applications, computing power and storage via the Web.

Implementing cloud computing at agencies will be similar to how government organizations adopted and secured wireless technology, Ross said.

“When wireless came along, we didn’t really know a lot about how to protect it, but we developed that understanding as we went forward, and now we do a pretty good job of protecting wireless,” he said.

Security experts at NIST are responsible for figuring out how to make the new technology secure. Each agency will decide whether and to what extent it wants to adopt cloud computing.

NIST plans to demonstrate how current standards and guidelines for evaluating technology can be used for cloud computing, Ross said.

Federal agencies need to determine how to certify and accredit new technology when a service provider is involved, as is the case with cloud computing, and service providers will need to provide evidence to federal customers that they have accomplished the due diligence on security, he said.

Meanwhile, the team hopes to prepare NIST officials to handle agencies’ questions about cloud computing. “When customers ask us, ‘Is it a good way to go?’ or ‘Is it secure enough for us?’ we’re going to try and provide some of that information,” Ross said.

About the Author

Doug Beizer is a staff writer for Federal Computer Week.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Thu, May 12, 2011 Horacio Cordero Pittsburgh, PA

Hello Everyone: You might want to avoid cloud computing if a regulatory issue prevents you to hosting your data in a cloud computing service. Also, if the application requires high speed than the Internet of if you will require to have full owenrship of your physical assets. Other than that, there are ways to use the potential of cloud computing as a solution for the Federal or State governments. Thank you.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group