Guidelines on Security and Privacy in Public Cloud Computing (NIST Special Publication 800-144) provides an overview of the security and privacy challenges facing public cloud computing and offers recommendations that organizations should consider when outsourcing data, applications, and infrastructure to a public cloud environment. The document provides analysis of threats, technology risks, and safeguards related to public cloud environments to help organizations make informed decisions.
The publication recommends that organizations plan the security and privacy aspects of cloud computing before implementing it, understand the public cloud computing environment offered by the cloud provider, ensure that both cloud resources and cloud-based applications satisfy organizational security and privacy requirements, and maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.
SP 800-144 is aimed at system managers, executives and information officers making decisions about cloud computing initiatives; security professional responsible for IT security; IT program managers concerned with security and privacy measures for cloud computing; system and network administrators; and users of public cloud computing services.
"Public cloud computing and the other deployment models are a viable choice for many applications and services. However, accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill", said publication co-author Tim Grance.