moving to the cloud: nist vision and initiatives - siena

National Institute of

Standards and Technology

Information Technology Laboratory

Moving to the Cloud:

NIST Vision and Initiatives

part of the

US Federal Cloud Computing Strategy

Dawn Leaf

NIST Senior Executive for Cloud Computing

March 16, 2011




Boulder, Colorado, USA

Gaithersburg, Maryland, USA

Courtesy HDR Architecture, Inc./Steve Hall © Hedrich Blessing

©Geoffrey Wheeler

NIST Mission: To promote U.S. innovation and industrial competitiveness by advancingmeasurement science,

standards, and

technology

in ways that

enhance economic

security and improve

our quality of life ©Robert Rathe




Purpose Today – Information Exchange

• Background:

– US Federal Cloud Computing Strategy

– universal challenges

– NIST program goals & rationale

• Context: program timeline

• Opportunities: collaboration & working group efforts

• Highlights: progress & examples of useful information for cloud

adopters

• Special focus: Standards Acceleration to Jumpstart the Adoption of

Cloud Computing (SAJACC) & security work

• General Comments & Questions ?

3




NIST Cloud Computing Program Goal

• Accelerate the federal government’s secure adoption of cloud

computing*

– Build a USG Cloud Computing Technology Roadmap which

focuses on the highest priority USG cloud computing security,

interoperability and portability requirements

– Lead efforts to develop standards and guidelines in close

consultation and collaboration with standards bodies, the private

sector, and other stakeholders

4

* REF http://www.cio.gov/documents/Federal-Cloud-Computing-Strategy.pdf




Universal Challenges

5

• Adopters need a “Rulebook”

• cloud model is emerging -- there isn’t a large

installed base

• mainly commodity & infrastructure

Rule Book

from the

Chicago,

Milwaukee,

St. Paul and

Pacific

Railroad

Company

dated 1959.,

antiqueradio

museum.org

• Providers need to understand the specific issues

and barriers – not just general security,

interoperability & portability concerns

Improve our music.com, Musicians are Expert Mind Readers, Mark Gibson, January 2009

• Detailed cloud computing services

are defined in the eye of the

beholder – hard to get apples to

apples comparisonCopy right free images




Universal Challenges

6

The Cloud Computing “space” & community is so broad that it isn’t feasible to cover all relevant work & collaboration opportunities

Copy Right Free Images

Backlog of internet driven policy questions &

decisions (e.g. privacy and security) now need to

be considered in light of cloud roles &

responsibilities

US Library of Congress

Balance -- between advantages of formal standards

development processes and market driven

defacto “standard” specifications

US Library of Congress




NIST Cloud Computing Program

Concept & Rationale

How to build a USG Cloud ComputingStandards Roadmap

1. Define

Target USG

Cloud

Computing

Business Use

Cases

2. Define

Neutral Cloud

Computing

Reference

Architecture &

Taxonomy

3. Generate Cloud

Computing

Roadmap –

Translate

Requirements

& Identify Gaps

priorities

risks

obstacles

Expand

CC Definition

ref. architecture

Concurrent & Iterative 3-step

process

that drives tactical efforts

Strategic Program Tactical Program

NIST CC efforts

• SDO submissions & support

• Guidance – Special Publications;

technical advisor to Fed CIO Council

• Standards Acceleration to

Jumpstart the Adoption of

Cloud Computing (SAJACC) --through qualitative testing of

specifications against interoperability,

security, and portability requirements

• Complex Computing

Simulation & Modeling – Koala

IaaS resource allocation algorithms

Beneficial bi-product: Identify priorities for

hand-off to other stakeholders – policy

makers, prototypes, pilots, R&D organizations

7

Interagency Report:

USG Cloud Computing

Technology Roadmap –list of Tactical Priorities &

Deliverables




NIST Cloud Computing Program Timeline

May

2010

Nov

2010S

T

R

A

T

E

G

I

C

NIST

CC

DefinitionTactical efforts

Outreach & Fact finding with

USG, Industry, SDOs

Evaluate past models &

lessons learned

Define fresh approach

to support secure &

effective USG cloud

computing adoption, prioritize interoperability,

portability, & security

requirements, collaborate,

more quickly respond to

operational needs

Launch CC

Strategic Program

Initiate

Stakeholder

Meetings

Collaboratively

define working

group scope &

resources

Develop Detailed

Plan

March

2011

Execute CC

Strategic

program

Continue

Stakeholder

meetings

Integrate results

into tactical

priorities

NIST CC

Forum &

Workshop I

NIST CC

Forum &

Workshop II

NIST CC

Forum &

Workshop III

Oct

2011

Complete

USG Cloud

Computing

Standards

Roadmap

Interagency

Report

Assess

Results &

Replan

NIST CC

Forum &

Workshop

8




NIST Cloud Computing

Forums & Workshops

• Cloud Computing Forums & Workshops (May & Nov. 2010)

– 300-500 attendees with broad industry, SDO, government & international community program participants

NEXT ONE is April 7 & 8, 2011 on the NIST Gaithersburg MD campus

9




NIST Cloud Computing Collaboration Site

10

each strategic &

tactical effort is a

NIST-led project &

working group

http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/WebHome

Public NIST cloud web site url

http://www.nist.gov/itl/cloud/index.cfm




NIST Cloud Computing Program Highlights –

May 2010 through February 2011

Reference Architecture -- surveyed and completed initial analysis of (10) cloud reference architecture models proposed by known cloud organizations, providers and federal agencies, including: Cloud Computing Use Case Discussion Group, Distributed Management Task Force, Cloud Security Alliance, IBM Cloud Reference Architecture, GSA: Federal Cloud Computing Initiative, Cisco Cloud Reference Architecture Framework Open Security Architecture: Secure Architecture Models, SNIA standard: Cloud Data Management Interface , Elastra: A Cloud Technology Reference Model for Enterprise Clouds; Developed reference architecture & taxonomy concepts to facilitate working group efforts

Developing neutral reference architecture & companion taxonomy

System

Developers

CIOs and

IT Managers

Biz Users

Cloud Service

Developers,

Vendors

Software as a Service

Platform as a Service

Infrastructure as a Service

Application

Middle

ware

OS

Hype

rvisor

Hard

ware

IaaS

PaaS

SaaS

Concept only…..






Standards Developing Organizations participation –• NIST submitted the NIST Definition of Cloud Computing, V15, as a proposed US National Body

contribution to the International Organization for Standardization/International Electrotechnical Commission - Joint Technical Committee 1/Subcommittee 38, Distributed Application Platforms & Services (JTC 1/SC 38 Cloud Computing Study Group) (Jan 2011)

Standards Acceleration to Jumpstart Adoption ofCloud Computing (SAJACC) • Portal launched September 2010; • (24) interoperability, security, & portability

requirements draft use cases publically availableNovember 2010;

• Proof of concept test driver available fordata interface February 2011

NIST Cloud Standards Portal

Use Cases

Validated

Specifications

“reference”

Implementations

Standards

Development

Organizations

specifications

standards

Existing Standards

Working Groups

Community

OutreachNIST

SAJACC

Process






Special Publications:1. SP 800 -125, DRAFT Guide to Security for Full Virtualization Technologies, July 2010; revised Dec 2010 2. SP 800 – 144, DRAFT Guidelines on Security and Privacy Issues in Public Cloud Computing, Jan 20113. SP 800 – 145, DRAFT Cloud Computing Definition, Jan 2011

SPs inform best practices, but are not a “rule book” -- key considerations

• Cloud computing is another model – each organization best understands its’ mission and requirements, and can best assess the deployment strategy, benefits, & risks

• Need an Exit Strategy• Need to retain policies – cloud is not an abdication of responsibility• Consider negotiated service level agreements




Questions?

14

moving to the cloud: nist vision and initiatives - siena

Documents