Challenging Security Requirements for US Government Cloud Computing Adoption
The Federal Cloud Strategy, February 8, 2010, outlines a federal cloud computing program that identifies program objectives aimed at accelerating the adoption of cloud computing across the federal government. NIST, along with other agencies, was tasked with a key role and specific activities in support of that effort, including the delivery of the NIST Cloud Computing Technology Roadmap and the publication of other Special Publications that address the reference architecture, definitions, and security aspects of cloud computing. In order to achieve adoption of cloud computing for the federal government, it is necessary to address the security and privacy concerns that federal agencies have when migrating their services to a cloud environment. To further exacerbate the situation, there are few documented details that directly address how to achieve some security aspects in a cloud environment. The purpose of this document is to provide an overview of the high-priority security and privacy challenges perceived by federal agencies as impediments to the adoption of cloud computing. The document provides descriptions of the existing mitigations to these security and privacy impediments. If no mitigations are listed, then ongoing efforts that could lead to mitigations are described. In the cases where no ongoing efforts were identified, the document makes recommendations for possible mitigation or references existing best practices.