The National Institute of Standards and Technology ("NIST"), whose definition of cloud computing has been widely referenced and recognized, has a long-term goal of providing leadership and guidance around cloud computing to effectuate its use in industry and government. NIST also was designated by the Federal CIO to help accelerate the U.S. government's secure adoption of cloud computing as part of FedRAMP. To further that effort, NIST recently released a cloud computing reference architecture in which NIST sets forth the components and offerings of cloud computing, as well as a cloud computing standards roadmap in which NIST identified current standards, standards gaps, and standardization priorities.
The NIST reference architecture serves several objectives, including facilitating the analysis of standards for security, interoperability, and portability of data. The reference architecture includes a helpful explanation of the often referenced and often confused terms "public cloud", "private cloud", "community cloud", and "hybrid cloud". Of particular interest, NIST tackles the issue of security in the cloud, suggesting that the split of control between cloud providers and cloud consumers means both parties share responsibilities for providing adequate protections to cloud-based systems based on which party is in a better position to implement the protections.
The intent of the standards roadmap, on the other hand, is to use the standards strategy to support the U.S. government's adoption of cloud computing, with the expectation that the standards will be useful more broadly by industry, standards developing organizations, cloud adopters, and policy makers. To produce the roadmap, the NIST Cloud Computing Standards Roadmap Working Group assessed the state of standardization in support of cloud computing, and compiled an inventory of standards relevant to cloud computing that the Working Group will continue to update.
While the current list of standards is an alphabet soup of acronyms that seem more suited for software developers and IT engineers, there are several security standards that cloud computing customers can cross reference with their service provider. As cloud computing continues to mature, it is expected that NIST will update the list to include standards regarding security, interoperability of systems, and portability of data that may be relevant to include in your cloud computing contracts. It will be interesting to follow this NIST initiative to see whether any of these standards become "industry standard" for cloud computing.