Yesterday the National Institute of Standards and Technology announced "the final release of Special Publication 800-145, The NIST Definition of Cloud Computing." NIST's definition of Cloud Computing has been very influential in setting tent pegs in the ground to cabin the scope and discussion of the often nebulous definition of cloud computing.
In the next in our series of free webinars on cloud computing, Information Law Group Attorney Richard Santalesa examines implications arising from NIST's "Guidelines on Security and Privacy in Public Cloud Computing," with a focus on the legal considerations any team tasked with implementation of security best practices will need to grapple with.To register for this free one hour webinar on May 24 at 12pm ET, visit - http://bit.ly/kyRdku
A draft release of a 90-page Proposed Security Assessment and Authorization for U.S. Government Cloud Computing was distributed by the White House CIO Council yesterday, curiously numbered a 0.96 release.
It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer's data.
In other posts, I talked about the trend toward more prescriptive encryption requirements in laws and regulations governing certain categories of personal data and other protected information. Here's an overview of the standards and related products available for safe (and legally defensible) handling of protected data.