In September 2013 the European Commission (EC) published the strategy to “to create single set of rules for cloud computing and increase EU GDP by €160 billion annually by 2020”. This strategy identified a number of key actions one of these being “Cutting through the Jungle of Standards”. Following a request from the European Commission, the European Telecommunications Standards Institute (ETSI) launched the Cloud Standards Coordination (CSC) initiative. In November 2013 ETSI published its final report from the CSC initiative. According to this report “the Cloud Standards landscape is complex but not chaotic and by no means a 'jungle'”.
The final Report is based on an analysis of over 100 cloud computing use cases. It starts with a definition of roles and parties involved in cloud computing. The obvious roles of provider and customer are expanded to include a cloud service partner (who may act as a broker) as well as the government. Unsurprisingly the use cases involve three common activities: cloud service acquisition, cloud service use and cloud service termination. These activities are broken down into more detail for a number of specific use cases. The report identifies around 20 organizations involved in the standardization activities related to cloud computing and around 150 documents. However at the activity level it finds that seldom more than 2 standards are relevant to any activity.
The report concludes that emerging cloud specific standards are not seeing widespread adoption by cloud providers. It suggests that cloud standards need to be flexible enough to allow each provider’s unique selling points to be accommodated. The report identifies the following gaps:
Interoperability – this is a significant concern since vendor lock-in a risk for cloud customers. The report concludes that while management protocols and interfaces, particularly for IaaS, are maturing, management specifications for PaaS and SaaS require more effort. There are many proprietary and open source solutions, but very few, if any standards.
Security and Privacy – these are important areas of concern for cloud customers. According to the report there are existing security and privacy standards which are helpful in this area but further development of common vocabularies and metrics is needed. In addition there is a need for further standardization in the areas of accountability and cloud incident management (e.g., related to SLA infringements).
Service Level Agreement: the main requirement for standardization in relation to Service Level Agreements is the creation of an agreed set of terminology and definitions for Service Level Objectives, and an associated set of metrics for each of these. There is some on-going work in this area, but this needs to be completed and importantly to be adopted by public cloud service providers.
Regulation, Legal and Governance aspects - The legal environment for cloud computing is highly challenging and a key barrier for adoption. Given the global nature of the cloud and its potential to transcend international borders, there is a need for international Framework and Governance, underpinned via global standards.
The area of standards is important to cloud computing and standards will be the key to obtaining the benefits from this model for the delivery of IT services. In view of this KuppingerCole have undertaken a detailed study of cloud standards and we have identified the standards that are important to the various processes involved in the selection, use and assurance of cloud services from the perspective of a cloud customer. We have classified these standards in terms of the actions that a cloud customer needs to take. You can get an overview of this subject area from our recorded webcast: Negotiating the Cloud Standards and Advice Jungle. For a more detailed view join the workshop on this subject at EIC in Munich during May 2014.