- 1 Definitions
- 2 Overview
- 3 Key characteristics
- 4 Service models
- 5 Deployment models
- 6 Operational characteristics
- 7 Benefits of cloud computing
- 8 Business drivers
- 9 Security implications
- 10 Legal implications
- 11 Privacy implications
- 12 U.S. government
- 13 References
- 14 Sources
- 15 See also
- 16 External resources
Definitions[edit | edit source]
There are numerous definitions for "cloud computing":
Courts[edit | edit source]
Cloud computing is
|“||[t]he provision of user-facing software applications, such as electronic mail, via the Internet rather than through a locally based client-server application delivery model.”||”|
|“||is the capacity of Internet-connected devices to display data stored on remote servers rather than on the device itself.||”|
Federal Trade Commission[edit | edit source]
Cloud computing is
|“||[t]he provision of Internet-based computer services. Cloud computing provides businesses and consumers with access to software, data storage, and infrastructure services that are hosted remotely.||”|
GAO[edit | edit source]
Cloud computing is
|“||a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.||”|
General[edit | edit source]
Cloud computing is
|“||a form of computing that relies on Internet-based services and resources to provide computing services. Examples include web-based e-mail applications (Gmail) and business applications that are accessed online through a browser, instead of a local computer.||”|
|“||an emerging form of delivering computing services via networks with the potential to provide IT services more quickly and at a lower cost; it provides users with on-demand access to a shared and scalable pool of computing resources with minimal management effort or service provider interaction.||”|
|“||the scalable provisioning of IT as a service using the Internet or a network. Some of the IT capabilities contributing to scalability and elasticity include virtualization and service-oriented architecture, which have helped to create various cloud models.||”|
|“||’'outsourcing’ computing functions traditionally controlled directly by a consumer—operating and maintaining hardware, installing and running software, storing data — to a third-party service via the Internet.||”|
|“||[a] distributed computing model that permits on-demand network access to a shared pool of configurable computing resources (i.e., networks, servers, storage, applications, and services), software, and information.||”|
NIST[edit | edit source]
Cloud computing is
|“||a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.||”|
OECD[edit | edit source]
Cloud computing is
|“||a service model for computing services based on a set of computing resources that can be accessed in a flexible, elastic, on-demand way with low management effort.||”|
Overview[edit | edit source]
|“||Cloud computing represents a natural evolution of information technology (IT) architecture from centralized computing to network dependent systems with distributed assets and distributed management responsibilities. Rather than being a new technology, cloud computing is a new way of delivering and consuming computing resources, ranging from the simple provision of IT infrastructure and software, to a platform comprised of a combination of various technologies together, access]ed remotely via the Internet.||”|
Cloud computing is a new way of delivering computing resources, not a new technology. It nvolves the sharing or storage by users of their own information on remote servers owned or operated by others and accessed through the Internet or other connections. Cloud computing is not a single capability, but a collection of essential characteristics that are manifested through various types of technology deployment and service models. A wide range of technologies fall under the title "cloud computing."
Cloud computing services exist in many variations, including data storage sites, video sites, tax preparation sites, personal health record websites, photography websites, social networking sites, and Web-based e-mail applications and common business applications that are accessed online through a browser, instead of through a local computer. The term cloud is a metaphor for the Internet, and is an abstraction for the complex infrastructure it conceals.
Cloud computing provides convenient, remote, on-demand utilization (e.g., rental) of computing power and applications that the user cannot afford to maintain locally, but may need from time-to-time. This capability provides ubiquitous network access, on-demand self-service of computing power, metered-use (rent by the hour), elasticity of the capability meeting real-time requirements, and resource pooling.
There are five key factors of cloud computing, which are defined below:
- Data: Recorded information, regardless of form or the media on which it may be recorded; the term includes technical data and computer software.
- Infrastructure: The network, processing, and storage portions of a cloud computing service, which includes the backbones, routers, switches, wireless access points, access methods, and protocols used.
- Resiliency: The ability to adapt to changing conditions and withstand and rapidly recover from disruption due to emergencies.
- Interdependency: The extent to which multiple entities functioning within a single cloud or multiple clouds depend on the performance of each other to ensure stable, secure and efficient operation of the cloud environment.
- Policy: The set of authoritative directives related to a topic including statute, regulation, executive directions, and applicable managerial decisions, both foreign and domestic.
Cloud capability may be deployed by various cloud providers to a multitude of cloud customers in various ways, including: software as a service, platform as a service, and infrastructure as a service. Delivery models of service providers include: private, community, public, and hybrid. Each has benefits and some controversy.
Two basic kinds of clouds include storage clouds and processing clouds; both require extremely fast, reliable, secure and low-cost networking. Clouds are a good fit for very large-scale applications involving huge quantities of data and vast computing power that is often highly variable in quantity over time.
Any information stored locally on a computer can be stored in a cloud, including email, word processing documents, spreadsheets, videos, health records, photographs, tax or other financial information, business plans, PowerPoint presentations, accounting information, advertising campaigns, sales numbers, appointment calendars, address books, and more. The entire contents of a user’s storage device may be stored with a single cloud provider or with many cloud providers.
The concept incorporates software as a service (SaaS), Web 2.0 and other recent, well-known technology trends, in which the common theme is reliance on the Internet for satisfying the computing needs of the user. Often-quoted examples are Salesforce.com and Google Apps which provide common business applications online that are accessed from a web browser, while the software and data are stored on remote servers.
Cloud computing is rapidly becoming an integral part of the U.S. economy, with implications for business development, security, and privacy. As of September 2008, 69% of Americans were using web-based email services, storing data online, or otherwise using software programs such as word processing applications whose functionality is located on the web. A March 2009 study indicated that corporate IT spending on cloud computing services are expected to triple, reaching US$42 billion by 2012. Cloud computer is forecast to reach US$241 billion by 2020. A survey of users and vendors of cloud software, support and services and other industry experts indicated that over 50% of respondents performed more than half of their computing in the cloud today, and over 80% of respondents expect to be performing more than half of their computing in the cloud within five years.
The rise of cloud computing can be ascribed at least in part to efforts by cloud computing providers to make their services as user-friendly as possible. Cloud computing consumers enjoy the convenience of accessing their information from any Internet-connected device, the ability to share documents and information with others, and the security of protection from data loss.
Figure 1 gives a general view of a cloud and its clients: the cloud's computing resources are depicted as a grid of computer systems where clients access a cloud over network connections. As shown in the figure, new clients may arrive, existing clients may depart, and the number of clients using a cloud at any one time is variable. Similarly, a cloud maintains a pool of hardware resources that it manages to maximize service and minimize costs. To maintain highly available services despite expected component failures and service life expirations, a cloud incorporates new hardware components as needed and retires old or failing components. To provide services cost-effectively, a cloud will manage the pool of hardware resources for resource efficiency; one of the strategies that a cloud provider employs during periods of reduced subscriber demand is to power off unused components.
Key characteristics[edit | edit source]
- On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
- Ubiquitous network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and PDAs).
- Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.
- Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
- Measured services. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
Service models[edit | edit source]
A cloud can provide access to software applications such as email or office productivity tools, or can provide a toolkit for customers to use to build and operate their own software, or can provide network access to traditional computing resources such as processing power and storage. The different delivery/service models have different strengths and are suitable for different customers and business objectives:
- Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface such as a Web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
- Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.
- Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control over select networking components (e.g., host firewalls.
"As you go down the list from number one to number three, the subscriber gains more control over what they can do within the space of the cloud. The cloud provider has less control in an IaaS system than with an SaaS agreement."
Deployment models[edit | edit source]
A cloud computing system may be deployed privately or hosted on the premises of a cloud customer, may be shared among a limited number of trusted partners, may be hosted by a third party, or may be a publicly accessible service. Depending on the kind of cloud deployment, the cloud may have limited private computing resources, or may have access to large quantities of remotely accessed resources.
The different deployment models present a number of tradeoffs in how customers can control their resources, and the scale, cost, and availability of those resources:
- Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
- Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
- Partner cloud. The cloud services are offered by a cloud provider to a limited and well-defined number of parties.
- Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
- Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
Operational characteristics[edit | edit source]
Cloud computing favors applications that can be broken up into small independent parts. Cloud systems generally depend on networking and hence any limitations on networking, such as data import/export bottlenecks or service disruptions, reduce cloud utility, especially for applications that are not tolerant of disruptions.
Benefits of cloud computing[edit | edit source]
There was a time when every household, town, farm or village had its own water well. Today, shared public utilities give us access to clean water by simply turning on the tap; cloud computing works in a similar fashion. Just like the water from the tap in your kitchen, cloud computing services can be turned on or off quickly as needed. Like at the water company, there is a team of dedicated professionals making sure the service provided is safe and available on a 24/7 basis. Best of all, when the tap isn’t on, not only are you saving water, but you aren’t paying for resources you don’t currently need.
- Economical. Cloud computing is a pay-as-you-go approach to IT, in which a low initial investment is required to get going. Additional investment is incurred as system use increases and costs can decrease if usage decreases. In this way, cash flows better match total system cost. The reduction of up-front costs reduces the risks for pilot projects and experimental efforts, thus reducing a barrier to organizational flexibility, or agility. In outsourced and public deployment models, cloud computing also can provide elasticity, that is, the ability for customers to quickly request, receive, and later release as many resources as needed. By using an elastic cloud, customers may be able to avoid excessive costs from over-provisioning, i.e., building enough capacity for peak demand and then not using the capacity in non-peak periods. Whether or not cloud computing reduces overall costs for an organization depends on a careful analysis of all the costs of operation, compliance, and security, including costs to migrate to and, if necessary, migrate from a cloud.
- Flexible. IT departments that anticipate fluctuations in user load do not have to scramble to secure additional hardware and software. With cloud computing, they can add and subtract capacity as its network load dictates, and pay only for what they use.
- Rapid implementation. Without the need to go through the procurement and certification processes, and with a near-limitless selection of services, tools, and features, cloud computing helps projects get off the ground in record time.
- Consistent service. Network outages can send an IT department scrambling for answers. Cloud computing can offer a higher level of service and reliability, and an immediate response to emergency situations.
- Increased effectiveness. Cloud computing frees the user from the finer details of IT system configuration and maintenance, enabling them to spend more time on mission-critical tasks and less time on IT operations and maintenance.
- Energy efficient. Because resources are pooled, each user community does not need to have its own dedicated IT infrastructure. Several groups can share computing resources, leading to higher utilization rates, fewer servers, and less energy consumption.
Business drivers[edit | edit source]
- Pursuing new business opportunities, such as trialling new ideas to reach and interact with customers over the Internet;
- Reducing upfront costs of capital expenditure of computer equipment and related expenses such as a physical data center and support staff, while reducing the associated financial risk to the organization by replacing upfront costs with reasonably predictable operational expenditure, and only paying for the amount of computer processing and data storage that is actually used;
- Potentially reducing ongoing costs due to the use of infrastructure and technical specialists that are typically shared among many customers to achieve economies of scale, however the cost of applying controls to help address security risks especially associated with shared infrastructure may reduce the potential cost savings of some types of cloud computing;
- Potentially improving business continuity and the availability of computing infrastructure if users have guaranteed available network connectivity, where the infrastructure can rapidly and flexibly scale to meet peaks and troughs in usage demand, and with the computing infrastructure typically located in multiple physical locations for improved disaster recovery; and,
- Potentially reducing carbon footprint due to the more efficient use of computer hardware requiring less electricity and less air conditioning.
Security implications[edit | edit source]
The decision to embrace cloud computing technology is a risk-based decision, not a technology-based decision. As such, this decision from a risk management perspective requires inputs from all stakeholders. Once the business decision has been made to move towards a cloud computing environment, the entity must then determine the appropriate manner for their security assessments and authorizations.
Potential information security benefits[edit | edit source]
The use of cloud computing has the potential to provide several benefits related to information security. These benefits are related to the attributes of cloud computing — specifically, its use of virtualization and automation, broad network access, potential economies of scale, and use of self-service technologies.
The use of virtualization and automation in cloud computing can expedite the implementation of secure configurations for virtual machine images. Virtualization allows a cloud computing provider to rapidly replicate secure configurations for cloud-based virtual servers, rather than manually applying secure configurations to physical servers, which could be required in a traditional environment that has not employed virtualization techniques. Virtualization can allow faster deployment of secure server configurations, security upgrades, and patches for security vulnerabilities than a traditional computing infrastructure can.
Other advantages relate to cloud computing’s broad network access and use of Internet-based technologies. Cloud computing provides a reduced need to carry data in removable media because of the ability to access the data through the Internet, regardless of location. NIST officials have stated that shifting public data to a public cloud using the Internet that is separate from the agency’s internal network is a means of network segmentation that may reduce exposure of sensitive data on the agency’s internal network.
Additional advantages relate to the potential economies of scale and distributed nature of cloud computing. Low-cost disaster recovery and data storage are also potential benefits. Specifically, cloud computing may provide a cheaper way to store backup copies of information.
A cloud provider may have more resources to devote to security than the customer may have available. The large-scale and mitigation techniques that cloud providers offer may also reduce vulnerability to denial of service attacks. It also may require less effort for cloud computing customers to ensure effective information security if information security controls were already implemented by the provider. Customers could also be freed from the responsibility of maintaining a physical infrastructure, as well as resolving management, operational, and technical issues related to the underlying cloud platform, although the customers would still be responsible for ensuring these issues are addressed and that data are adequately protected.
The self-service aspect of cloud computing may also provide benefits. The ability to apply security controls on demand is a potential benefit. Cloud computing provided the ability for more flexible and granular control of security. For example, features such as encryption and monitoring could be individually applied as needed.
Potential information security risks[edit | edit source]
The use of cloud computing can create numerous information security risks for federal agencies. Thee are serious concerns about the potential information security risks associated with cloud computing. These concerns include risks related to being dependent on a vendor’s security assurances and risks related to the use of multitenancy.
- the possibility of ineffective or noncompliant service provider security controls — which could lead to vulnerabilities affecting the confidentiality, integrity, and availability of information;
- the potential loss of governance and physical control over data and information — that is, in using cloud computing services, the customer cedes control to the provider for the performance of certain security controls and practices;
- the insecure or ineffective deletion of customer data by cloud providers once services have been provided and are complete; and
- potentially inadequate background security investigations for service provider employees — which could lead to an increased risk of wrongful activities by malicious insiders.
Of particular concern is dependency on a vendor andthe possibility of loss of data if a cloud computing provider terminated its services. For example, the provider and the customer may not have agreed on terms to transfer or duplicate the data. The European Network and Information Security Agency also has identified dependency on a vendor as a high risk, noting the lack of tools, procedures, or standard data formats to ensure data, application, and service portability. The agency stated that this can make it difficult for the customer to migrate from one provider to another or to migrate data and services back to an in-house IT environment.
Multitenancy and use of shared resources can also increase risk because one customer could intentionally or unintentionally gain access to another customer’s data, causing a release of sensitive information.
Additional concerns relate to exchanging authentication information on users and responding to security incidents. Another concern is the increased volume of data transmitted across public networks. This could lead to an increased risk of the data being intercepted in transit and then disclosed.
NIST has stated that cloud computing security is dependent on the security of a user’s Internet browser, and that vulnerabilities in the browser can create vulnerabilities for the cloud computing service.
Although there are numerous potential information security risks related to cloud computing, these risks vary based on the particular deployment model. For example, NIST has stated that private clouds may have a lower threat exposure than community clouds, which may have a lower threat exposure than public clouds.
However, these risks may vary based on the cloud deployment model. Private clouds may have a lower threat exposure than public clouds, but evaluating this risk requires an examination of the specific security controls in place for the cloud’s implementation.
Further, the growing interconnectivity among information systems, the Internet, and other infrastructure presents increasing opportunities for attacks. For example, in 2009, several media reports described incidents that affected cloud service providers such as Amazon and Google. According to these reports, in December 2009, Amazon’s Elastic Compute Cloud experienced two attacks on its cloud infrastructure. Google reported that in December 2009, an attack was made on e-mail accounts that it provided, which resulted in the inadvertent release of sensitive information.
Legal implications[edit | edit source]
Most legal issues involved in cloud computing will currently be resolved during contract evaluation (i.e., when making comparisons between the proposals of different cloud providers) or negotiations. The more common case in cloud computing will be selecting between different contracts on offer in the market (contract evaluation) as opposed to contract negotiations. However, opportunities may exist for prospective customers of cloud services to choose providers whose contracts are negotiable.
Unlike traditional Internet services, standard contract clauses may deserve additional review because of the nature of cloud computing. The parties to a contract should pay particular attention to their rights and obligations related to notifications of breaches in security, data transfers, creation of derivative works, change of control, and access to data by law enforcement entities. Because the cloud can be used to outsource critical internal infrastructure, and the interruption of that infrastructure may have wide ranging effects, the parties should carefully consider whether standard limitations on liability adequately represent allocations of liability, given the parties’ use of the cloud, or responsibilities for infrastructure.
|“||Legal issues such as information privacy, security, and legal jurisdiction are highly nation-specific. In the US, for example, the PATRIOT Act allows the US government to demand disclosure of any data stored in any datacenter, anywhere in the world if that system is operated by a US-based company, broadly defined. That single law places US-based Cloud service providers such as Google, Microsoft, Amazon, and others at a great disadvantage when competing for business in foreign markets. Governments, even close allies, will think twice about using US Cloud providers if their sensitive data can fall under the reach of this act.||”|
Until legal precedent and regulations address security concerns specific to cloud computing, customers and cloud providers alike should look to the terms of their contract to effectively address security risks.
Privacy implications[edit | edit source]
|“||Privacy issues for cloud service providers tend not to be cloud-specific, but rather draw from the broader set of privacy challenges posed by the Internet and by outsourcing arrangements.||”|
|“||The first challenge results from the potential storage of data in multiple jurisdictions and their transfer from one jurisdiction to another for cloud resources management purposes. Often, the location of the jurisdiction of the server where the data is stored is not known to the cloud user, and as a result, the customer of cloud computing services, i.e. the main person responsible for the processing of data, may have difficulties to thoroughly check and control the data handling practices and to make sure that data is handled in a lawful way. There may need to be greater reliance on contractual solutions and alternative validations of processes and procedures. It should be noted that many of these issues already exist in outsourced situations, but may even be more complex in the cloud. In addition, in some cases personal data might even be held in or transferred to jurisdictions with unpredictable legal and regulatory frameworks which puts data protection at a high risk. Furthermore, the cloud user might not always be informed about data breaches. It has to be noted, however, that some cloud computing providers do detail their data handling practices and the geographical location of their data centres. Some offers also include certifications on data processing and data security procedures in use.
Another legal issue concerns the question of who has a legal right, and under which circumstances, to access the data processed and stored in the cloud. This includes access to the data by government agencies for national security and law enforcement purposes, an issue which is particularly sensitive and would need to be addressed in an appropriate forum. Other legal challenges . . . include whose national laws apply to the personal data stored in the cloud given the multitude of differing national laws or which country is responsible for the arbitration of contract disputes i.e. the country in which the cloud computing service originated or the country in which the service is used.
According to a report of the Pew Internet and American Life Project, an overwhelming majority of users of cloud computing services expressed serious concern about the possibility that a service provider would disclose their data to others.
A typical information exchange in cloud computing occurs when a user shares information with the cloud provider. Can any and all information be legally shared in a cloud service? With cloud computing, many factors affect the answer to this fundamental question. The shortest answer to the question, however, is that for some information and for some users, sharing may be illegal, may be limited in some ways, or may affect the status or protections of the information shared.
Generally, an individual is free to share his or her personal information with a cloud provider. For a business, disclosing the personal information of customers or employees, or other business information to a cloud provider is often unrestricted by law because no privacy law or other law applies. For example, privacy laws do not cover most marketing records in the United States. Even when privacy laws apply to particular categories of customer or employee information, disclosure to a cloud provider may not be restricted.
For a federal agency, various laws may have bearing on the decision to employ a cloud provider. For example, the Privacy Act of 1974 imposes standards for the collection, maintenance, use, and disclosure of personal information. The use of cloud computing for personal information held by a federal agency may violate the Privacy Act of 1974, especially if there is no contractual arrangement between the agency and the cloud provider. If a cloud provider offers services to the public on behalf of agencies, other Privacy Act requirements may apply, as may security obligations under various federal laws and policies. Federal record management and disposal laws may also be relevant.
U.S. government[edit | edit source]
Cloud computing can both increase and decrease the [[security] of information systems in federal agencies. Potential information security benefits include those related to the use of virtualization, such as faster deployment of patches, and from economies of scale, such as potentially reduced costs for disaster recovery.
Risks include dependence on the security practices and assurances of a vendor, dependency on the vendor, and concerns related to sharing of computing resources. However, these risks may vary based on the cloud deployment model. Private clouds may have a lower threat exposure than public clouds, but evaluating this risk requires an examination of the specific security controls in place for the cloud’s implementation.
References[edit | edit source]
- Daston Corp. v. MiCore Solutions, Inc., 2010 WL 3328619 (Va. Cir. Ct., Fairfax Cty. July 30, 2010) (Trial Order).
- Riley v. California, 134 S. Ct. 2473, 2490-91 (2014).
- Federal Trade Commission, Health Breach Notification Rule, 74 Fed. Reg. 42962-01 n.85 (Aug. 25, 2009).
- 5G Wireless: Capabilities and Challenges for an Evolving Network, at 20 n.34.
- Data Security Breach Notification Laws, at 2 n.11.
- Information Technology: HUD Can Take Additional Actions to Improve Its Governance, at 26 n.24.
- Best Practices for Negotiating Cloud-Based Software Contracts at 4.
- Cloud Computing: Storm Warning for Privacy?, at 2.
- Criminal Justice Information Services Security Policy, Glossary, at A-2.
- NIST Special Publication 800-145, at 3.
- Cloud Computing: The Concept, Impacts and the Role of Government Policy, at 4.
- Guide to Cloud Computing for Policy Makers, at 8.
- Jessie Holliday Scanlon & Brad Wieners, "The Internet Cloud," Industry Standard (July 9, 1999) (full-text).
- "IDC Says Cloud Computing is More Than Just Hype; Worldwide IT Spending on Cloud Services Expected to Reach $42 Billion by 2012" (Mar. 6, 2009),
- “Forrester forecasts USD 241 billion cloud computing market by 2020,” Infor. Wk. News Network, Apr. 26, 2011.
- “Future of Cloud Computing,” slide 34.
- The Basics of Cloud Computing, at 3.
- Diffusing the Fog: Cloud Computing and Implications for Public Policy, at 12.
- Cloud Computing: The Concept, Impacts and the Role of Government Policy, at 19.
- Cloud Computing: The Concept, Impacts and the Role of Government Policy, at 19-20.
- "Cloud Computing Gains in Currency," Internet and American Life Project (Sept. 12, 2008).
- See, e.g., 44 U.S.C. chs. 31 & 33.
Sources[edit | edit source]
- NIST Special Publication 800-145.
- NIST Special Publication 800-146.
- NSTAC Report to the President on Cloud Computing.
- "Business drivers" section: Cloud Computing Security Considerations, at 4.
See also[edit | edit source]
- Application Platform As A Service
- Application service provider
- The Basics of Cloud Computing
- CIO Council Cloud Computing Security Working Group
- Cloud access
- Cloud auditor
- Cloud broker
- Cloud bursting
- Cloud carrier
- Cloud communication
- Cloud Computing Advisory Council
- Cloud Computing Executive Steering Committee
- Cloud Computing Information Assurance Framework
- Cloud Computing Program Management Office
- Cloud computing provider
- Cloud Computing Security Considerations
- Cloud computing service
- Cloud Computing Standards and Technology Working Group
- Cloud Computing Strategic Direction Paper
- Cloud Computing Strategy (DoD)
- Cloud computing terms of service
- Cloud Computing: Benefits, Risks, and Recommendations for Information Security
- Cloud Computing: Storm Warning for Privacy?
- Cloud consumer
- Cloud distribution
- Cloud First
- Cloud Interoperability
- Cloud operating system
- Cloud orchestration
- Cloud polling
- Cloud portability
- Cloud provider
- Cloud robotics
- Cloud Security Alliance
- Cloud service
- Cloud service aggregation
- Cloud service arbitrage
- Cloud service contract
- Cloud service intermediation
- Cloud service management
- Cloud storage
- Cloud subscriber
- Community cloud
- Creating Effective Cloud Computing Contracts for the Federal Government, Best Practices for Acquiring IT as a Service
- Critical Cloud Computing - A CIIP Perspective on Cloud Computing Services
- Data Storage-as-a-Service
- DoD Cloud Strategy
- ECPA Reform and the Revolution in Cloud Computing
- E-Mail as a Service
- External cloud
- Federal Cloud Computing Strategy
- Governmental Cloud
- Guide to Cloud Computing for Policy Makers
- Hybrid cloud
- Information Security: Additional Guidance Needed to Address Cloud Computing Concerns
- Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing
- Infrastructure as a service (IaaS)
- Internal cloud
- Internet Protocol cloud
- NIST Cloud Computing Security Working Group
- NIST Special Publication 800-146: Cloud Computing Synopsis and Recommendations
- NIST Special Publication 500-293: US Government Cloud Computing Technology Roadmap
- Platform as a service (PaaS)
- Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies
- Private cloud
- Public cloud
- Security Guidance for Critical Areas of Focus in Cloud Computing
- Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC)
- State of Public Sector Cloud Computing
- Software as a service (SaaS)
- Utility computing
- Vertical cloud
- Virtual private cloud
External resources[edit | edit source]
- The ABCs of Cloud Computing: A comprehensive cloud computing portal where agencies can get information on procurement, security, best practices, case studies and technical resources.
- Primer on Cloud Computing Security: A white paper that seeks to clarify the variations of cloud services and examine the current and near-term potential for Federal cloud computing from a cybersecurity perspective.
- Privacy Recommendations for Cloud Computing: A paper which highlights potential privacy risks agencies should consider as they migrate to cloud computing.
|This page uses Creative Commons Licensed content from Wikipedia (view authors).|