NIST SP800-146：云计算简明指南与决策者建议

需积分: 10 153 浏览量更新于2024-07-16 收藏 1.44MB PDF 举报

NIST SP800-146.pdf文件，即《美国国家标准与技术研究院关于云计算概览及建议》(Cloud Computing Synopsis and Recommendations)，由NIST Computer Security Division的Lee Badger、Tim Grance、Robert Patt-Corner和Jeff Voas共同编撰，发布于2012年5月。这份特别出版物的主要目的是为信息技术决策者提供一个易于理解的云计算技术解释，并就何时以及如何采用云计算作为工具给出指导。云计算是一个快速发展的领域，其优势和局限性尚未完全被研究、记录和验证。文档强调了云计算作为一种潜在解决方案的价值，但同时也指出了当前知识的局限性和未来进一步分析的必要性。NIST SP800-146关注的是确保在利用云计算时，信息安全、隐私保护和标准一致性得到充分考虑。报告的主体部分概述了云计算的基本概念，包括它的定义、架构和关键特性，如按需服务、资源共享、弹性扩展等。它还探讨了云计算对组织和个人的重要影响，比如成本节省、灵活部署和创新机会。针对云计算的使用，该文档提出了一系列推荐，包括： 1. **评估风险**：决策者应在全面理解云计算环境的风险和安全挑战后，根据自身的业务需求和风险承受能力来决定是否使用云服务。 2. **选择合适的云服务模式**：包括公有云、私有云和混合云，根据数据敏感性和合规性要求选择最合适的部署方式。 3. **合同和协议审查**：确保服务提供商具备清晰的服务级别协议（SLAs）和数据保护条款，保护用户权益。 4. **数据分类和保护**：对数据进行分类，确保关键数据在云中的安全存储和传输。 5. **监控和审计**：建立有效的监控机制，定期审查云计算服务的性能和安全性。 6. **备份和灾难恢复**：制定备份策略，以应对可能的数据丢失或服务中断。 7. **技术和服务成熟度**：评估云服务提供商的技术成熟度和能力，确保能够持续支持业务需求。 8. **持续学习和改进**：随着云计算技术的发展，保持更新理解和评估，适应不断变化的环境。这份报告不仅提供了云计算基础知识，也为信息和技术决策者提供了实用的指南，帮助他们在利用云计算的同时，降低潜在风险并最大化其价值。

CLOUD COMPUTING SYNOPSIS AND RECOMMENDATIONS

2-2

network, servers, operating systems, storage, or even individual application capabilities, with the possible

exception of limited user-specific application configuration settings.

Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud

infrastructure consumer-created or -acquired applications created using programming languages and tools

supported by the provider.

The consumer does not manage or control the underlying cloud infrastructure

including network, servers, operating systems, or storage, but has control over the deployed applications

and possibly application hosting environment configurations.

Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision

processing, storage, networks, and other fundamental computing resources where the consumer is able to

deploy and run arbitrary software, which can include operating systems and applications. The consumer

does not manage or control the underlying cloud infrastructure but has control over operating systems,

storage, deployed applications; and possibly limited control of select networking components (e.g., host

firewalls).

Deployment Models:

Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization

comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the

organization, a third party, or some combination of them, and it may exist on or off premises.

Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of

consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and

compliance considerations). It may be owned, managed, and operated by one or more of the organizations

in the community, a third party, or some combination of them, and it may exist on or off premises.

Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned,

managed, and operated by a business, academic, or government organization, or some combination of

them. It exists on the premises of the cloud provider.

Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures

(private, community, or public) that remain unique entities, but are bound together by standardized or

proprietary technology that enables data and application portability (e.g., cloud bursting for load

balancing between clouds)."

Throughout this document, any general use of the term “cloud” or “cloud system” should be assumed to

apply to each of the four deployment models. Care is taken to specify a specific deployment model when

a statement is not applicable to all four models.

To add clarity, this document uses the following terms consistently:

cloud consumer or customer: a person or organization that is a customer of a cloud; note that a

cloud customer may itself be a cloud and that clouds may offer services to one another;

client: a machine or software application that accesses a cloud over a network connection,

perhaps on behalf of a consumer; and

cloud provider or provider: an organization that provides cloud services.

This capability does not necessarily preclude the use of compatible programming languages, libraries, services, and tools from

other sources.

CLOUD COMPUTING SYNOPSIS AND RECOMMENDATIONS

3-1

3. Typical Commercial Terms of Service

A consumer’s terms of service for a cloud are determined by a legally binding agreement between the two

parties often contained in two parts: (1) a service agreement, and (2) a Service Level Agreement (SLA).

Generally, the service agreement is a legal document specifying the rules of the legal contract between a

consumer and provider, and the SLA is a shorter document stating the technical performance promises

made by a provider including remedies for performance failures. For simplicity, this publication refers to

the combination of these two documents as a service agreement.

Service Agreements of various types exist. Service agreements are sometimes used internally between

the information systems units and other organizational units of an enterprise to ensure that the information

technology services provided are aligned with the mission objectives of the organization. Service

agreements are normally not used in agreements for services acquired by one government organization

from another. Instead, a Memorandum of Understanding (MOU) or Inter-Agency Agreement (IAA) is

typically used to codify the terms of service.

Section 3 discusses certain elements of typical commercial cloud service agreements that directly express

the quality of service and security that providers offer. Although the self-service aspect of clouds as

defined in the Section 2 implies that a consumer either: (1) accepts a provider’s pricing and other terms,

or (2) finds a provider with more acceptable terms, potential consumers anticipating heavy use of cloud

resources may be able to negotiate more favorable terms. For the typical consumer, however, a cloud’s

pricing policy and service agreement are nonnegotiable.

Published service agreements between consumers and providers can typically be terminated at any time

by either party, either “for cause” such as a consumer’s violation of a cloud’s acceptable use policies, or

for failure of a consumer to pay in a timely manner. Further, an agreement can be terminated for no

reason at all. Consumers should analyze provider termination and data retention policies.

Provider promises, including explicit statements regarding limitations, are codified in their service

agreements. A provider’s service agreement has three basic parts: (1) a collection of promises made to

consumers, (2) a collection of promises explicitly not made to consumers, i.e., limitations, and (3) a set of

obligations that consumers must accept.

3.1 Promises

Generally, providers make four key promises to consumers:

 Availability. Providers typically advertise availability promises as uptime percentages ranging from

99.5% to 100.0%. These are strong claims, and care is needed to understand how these percentages

are calculated. Often, the percentage applies to the number of time intervals within a billing cycle (or

longer periods such as a year) in which services are not “up” for the entire interval. Examples of time

intervals used by prominent providers are 5 minutes, 15 minutes, and 1 hour. For example, if a

provider specifies an availability interval of 15 minutes, and the service is not functional for 14

minutes, 100% availability is preserved using this metric. Generally, the definition of “up” is

intuitively defined as service responsiveness, but in some cases, multiple cloud subsystems must fail

before the service is judged as unavailable. Providers may also limit availability promises if failures

are specific to particular functions or Virtual Machines (VMs).

Some cloud providers historically have not provided service agreements, or have provided them only to large or persistent

users. An service agreement is extremely important to understand a cloud provider’s promises.

CLOUD COMPUTING SYNOPSIS AND RECOMMENDATIONS

3-2

 Remedies for Failure to Perform. If a provider fails to give the promised availability, a provider

should compensate consumers in good faith with a service credit for future use of cloud services.

Service credits can be computed in different ways, but are usually determined by how long the service

was unavailable within a specific billing period. Service credits are generally capped not to exceed a

percentage of a consumer’s costs in the billing period in which downtime occurred. Typical caps

range from 10% to 100% of a consumer’s current costs, depending on the provider. Responsibility

for obtaining a service credit is generally placed on the consumer, who must provide timely

information about the nature of the outage and the time length of the outage. It is unclear whether a

provider will voluntarily inform a consumer of a service disruption. None of the providers recently

surveyed (in their standard service agreements) offer a refund or any other remedy for failure to

perform; however, all providers should understand that a poor reputation to perform offers few long-

term business benefits.

 Data Preservation. If a consumer’s access to cloud services is terminated “for cause,” i.e., because

the consumer has violated the clouds' acceptable use policies or for nonpayment, most providers state

that they have no obligation to preserve any consumer data remaining in cloud storage. Further, after

a consumer voluntarily stops using a cloud, providers generally state that they will not intentionally

erase the consumer’s data for a period of 30 days. Some providers preserve only a snapshot of

consumer data, or recommend that consumers: (1) backup their data outside that provider’s cloud

inside another provider’s cloud, or (2) back it up locally.

 Legal Care of Consumer Information. Generally, providers promise not to sell, license, or disclose

consumer data except in response to legal requests. Providers, however, usually reserve the right to

monitor consumer actions in a cloud, and they may even demand a copy of consumer software to

assist in that monitoring.

3.2 Limitations

Generally, provider policies include five key limitations:

 Scheduled Outages. If a provider announces a scheduled service outage, the outage does not count

as failure to perform. For some providers, outages must be announced in advance, or must be

bounded in duration.

 Force majeure events. Providers generally disclaim responsibility for events outside their realistic

control. Examples include power failures, natural disasters, and failures in network connectivity

between consumers and providers.

 Service Agreement Changes. Providers generally reserve the right to change the terms of the

service agreement at any time, and to change pricing with limited advanced notice. For standard

service agreement changes, notice is generally given by a provider by posting the change to a Web

site. It is then the consumer’s responsibility to periodically check the Web site for changes. Changes

may take effect immediately or after a delay of several weeks. For changes that affect an individual

consumer’s account, notice may be delivered via email or a delivery service.

 Security. Providers generally assert that they are not responsible for the impacts of security breaches

or for security in general, i.e., unauthorized modification or disclosure of consumer data, or service

interruptions caused by malicious activity. Generally, service agreements are explicit about placing

security risks on consumers. In some cases, providers promise to use best efforts to protect consumer

data, but all of the providers surveyed disclaim security responsibility for data breach, data loss, or

service interruptions by limiting remedies to service credits for failure to meet availability promises.

Further, it is unclear how easy it would be for a consumer to determine that a service disruption was

maliciously induced versus induction from another source.

CLOUD COMPUTING SYNOPSIS AND RECOMMENDATIONS

3-3

 Service API Changes. Providers generally reserve the right to change or delete service Application

Programming Interfaces (APIs) at any time.

3.3 Obligations

Generally, consumers must agree to three key obligations:

 Acceptable Use Polices. Consumers generally must agree to refrain from storing illegal content,

such as child pornography, and from conducting illegal activities such as: (1) gambling, (2) sending

spam, (3) conducting security attacks (e.g., denial of service or hacking), (4) distributing spyware, (5)

intrusive monitoring, and (6) attempting to subvert cloud system infrastructures. Acceptable use

policies vary among providers.

 Licensed Software. All providers state that third-party software running in their clouds must

conform to the software’s license terms. In some cases, providers bundle such software and include

monitoring to ensure that license restrictions are enforced.

 Timely Payments. Cloud service costs are generally incurred gradually over a billing period, with

the fee due to the provider at the period’s end. Failure to pay, after a grace period, usually subjects a

consumer to suspension or termination “for cause” which can result in loss of consumer data.

3.4 Recommendations

 Terminology. Consumers should pay close attention to the terms that are used in service agreements.

Common terms may be redefined by a cloud provider in ways that are specific to that provider's

offerings.

 Remedies. Unless a specific service agreement has been negotiated with a provider, remedies for any

failures are likely to be extremely limited; consumers may wish to formulate and negotiate remedies

that are commensurate with damage that might be sustained.

 Compliance. Consumers should carefully assess whether the service agreement specifies compliance

with appropriate laws and regulations governing consumer data.

 Security, Criticality, and Backup. Consumers should carefully examine the service agreement for

any disclaimers relating to security or critical processing, and should also search for any comment on

whether the provider recommends independent backup of data stored in their cloud.

 Negotiated Service Agreement. If the terms of the default service agreement do not address all

consumer needs, the consumer should discuss modifications of the service agreement with the

provider prior to use.

 Service Agreement Changes. Be aware that, depending on the details of the service agreement, a

provider may change the terms of service with a specified level of advance notice. Changes may

affect both price and quality of service. It is prudent to develop a plan to migrate workloads to

alternate cloud providers, or back on-premise, in the event that a change in service terms is

unacceptable.

剩余80页未读，继续阅读

艾米的爸爸

粉丝: 801
资源: 314

NIST SP800-146：云计算简明指南与决策者建议

NIST SP800-30信息安全文档

NIST SP800-177r1.pdf

NIST SP800-153.pdf

NIST SP800-170.pdf

NIST SP800-176.pdf

NIST SP800-50.pdf

NIST SP800-77.pdf

NIST sp800-27.pdf

NIST SP800-101.pdf

NIST SP800-89.pdf

最新资源