Future Trends

NIST Report Makes the Case for Stringent Cloud Security Procedures

Zero trust security

NIST Report Makes the Case for Stringent Cloud Security Procedures

The National Institute of Standards and Technology, a non-regulatory organization within the Department of Commerce, has urged security and information technology practitioners to adopt a zero trust policy to maintain and monitor cloud security.

In a new report, NIST said private companies and federal agencies should be given assurance that their data is protected and private from other entities sharing the same server, GovernmentCIO reported Monday.

According to NIST, cloud servers hosting data for organizations in other countries brought about by IT globalization may add to more security and privacy issues and challenges.

It added that a country’s data security and privacy laws and regulations might differ from an organization’s policies or mandates.

The NIST report notes that cloud services in the same location cannot be necessarily automated or scaled. As such, cloud security efforts will be unreliable.

The agency recommended that organizations looking for data security in the cloud should configure and audit the platform to establish its reliability.

Also, it suggested that enterprises deploy workloads to cloud servers with trusted platforms and asset-tagging capabilities. In particular, the practice of recording, verifying and auditing information about assets on the network before launching workloads can improve cloud security.

According to the NIST document, when examining a cloud platform launch's trustworthiness, an entity should follow the attestation principle, which refers to testing a signature and set of security measurements against a signature and security measurements stored within the platform hardware.

The GovernmentCIO report said the zero trust plan, as with the Cybersecurity and Infrastructure Security Agency’s Continuous Diagnostics and Mitigation program, is among the cloud security strategies trending across the federal agencies in 2020. 

NIST said prototype implementation is another way to address security concerns. However, it noted that the measure is not meant to prevent the use of other products, services and techniques.

Potomac Officers Club Logo
Become a Potomac Officer Club Insider
Sign up for our weekly email & get exclusive event, and speaker updates, and find networking opportunities to connect with GovCon decision makers.

Category: Future Trends