NIST continues to ponder cloud computing. Its definition of cloud computing is now up to version #15, and its presentation on Effectively and Securely Using the Cloud Computing Paradigm is now up to version #26. No word on when either of these two will become final.
Meanwhile, ENISA (the European Network and Information Security Agency) released a 123 page report on "Cloud Computing: Benefits, risks, and recommendations for information security" last month. As ENISA stated on its Web site, "ENISA clears the fog on cloud computing security". A self-assured statement, but I have to hand it to ENISA - I think that it did an excellent job in this report.
With all of the hype surrounding cloud computing, the vendor evasiveness, and marketing "fluff," it is nice to read a cloud-agnostic, vendor neutral document that clearly articulates many of the security issues facing cloud computing. One can only hope that ENISA follows-up this document with some in-depth analyses of the effectiveness of specific information security technologies in cloud computing environments.
If you are interested in cloud computing, yet worried about information security in the cloud (most people), then you owe it to yourself to read this report. Quite honestly, it is far and away one of the best documents about the subject that I have read. (Second only, of course, to our book on such, Cloud Security & Privacy!)