NIST Wants to Make Clouds Work Together; Draft Due in September

Robert Bohn, cloud computing program manager at the National Institute of Standards and Technology (NIST), said today that NIST is collaborating with IEEE to create standards that would allow for interoperability between different cloud environments that currently do not exchange data freely.

He added that NIST is tackling the concept of “federated clouds” to enable trust relationships that would allow intra- and inter-organizational groups at Federal agencies to access relevant data possessed by others. NIST is aiming for the release of a draft publication by the end of September.

“There’s a growing recognition that the lack of cloud federation really stifles the marketplace, it hinders what people could really do with cloud,” Bohn said at an FCW cloud computing event today.

The solution? “I’d like to see clouds of clouds,” Bohn said. He explained that the current landscape of cloud computing does allow for some interaction between different cloud environments, but there are currently no strong linkages between systems that facilitate the use of services or data from other clouds.

“I’m not going to say hybrid cloud doesn’t exist. I’m not going to say connection between a private cloud, public cloud, hybrid cloud doesn’t exist,” Bohn said. “That does exist. But that takes a lot of effort to do that. That just doesn’t happen easily.”

Bohn provided a salient example to help crystallize the concept: the state of email, circa 1985. Communication, Bohn said, did exist at this point, but was siloed and restricted to machines running on the same system as one another.

He contended that it was the creation of standards that provided for email interoperability that now underpins modern electronic communication, adding that the same concept applied to telephone communications from early on.

Now, NIST is preparing for a world where separate cloud infrastructures have a standard method of validation and verification to allow services and data to be used by trusted entities.

“This leads us to a basic problem in security: authentication and authorization,” Bohn said, adding that good governance policies and trust relationships between service providers will be the key to progress.

Bohn said NIST is pressing on to take the concept from “the dream state to the real state.” Following the release of the draft publication in September, Bohn said NIST will open a roughly 60-day public comment period to refine the standards and guidance.

NIST’s partnership with IEEE kicked off on Aug. 31, 2017, following the realization that both groups were already working on similar standards. They are opening the project up to consider all manner of government, business, and medical use cases, with an ultimate goal of creating a stronger “economy amongst cloud providers.”

Bohn wants government officials to phone NIST with potential use cases, or simple reasons why they’d “like to use somebody else’s services.” Federating within government agencies themselves, Bohn said, could allow operational units to grab data, networking, or services from, for example, the human resources department, and speed the function of the collective organization.

He added that the “spectrum of options” is wide, and different situations will dictate the level of federation and associated security controls necessary. “We can do a very simple federation,” Bohn said. “We don’t have to make a full-blown, nationwide federated cloud system. This is what I mean that there’s a spectrum of options, certainly if you’re in the Federal government.”

Recent