If you are considering cloud computing and need to address related data privacy concerns, the articles discussed below provide an explanation of how cloud computing actually works to help you with your analysis.

The National Institute of Standards and Technology (NIST) recently revised its definition of cloud computing:

"Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models."

Another recent background resource is the “Cloud Computing: Architectural and Policy Implications” paper released by the Technology Policy Institute, which was written by Professor Christopher S. Yoo. The paper discusses the technical resources used in cloud computing, starting with an explanation of “Key Cloud Computing Concepts,” including “virtualization.” [The NIST also just released the final version of its Guide to Security for Full Virtualization Technologies] Other topics include the economics of cloud computing, as well as architectural implications for access networking and data center interconnectivity. The paper concludes with a discussion of industry impact and regulatory implications.

On the same day the NIST released its newly revised definition of cloud computing, it also released its first privacy and security guidelines. “The key guidelines recommended to federal departments and agencies, and applicable to the private sector, include:

  • Carefully plan the security and privacy aspects of cloud computing solutions before engaging them.
  • Understand the public cloud computing environment offered by the cloud provider and ensure that a cloud computing solution satisfies organizational security and privacy requirements.  
  • Ensure that the client-side computing environment meets organization security and privacy requirements for cloud computing.  
  • Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments."