Why SME needs standards for Cloud Computing Technologies?

By Peter Statev, SBS expert in ETSI TC NTECH.

As in many other economy sectors, Cloud Computing Standards (CCS) are a core set of common and repeatable best practices that have been agreed upon by a business or industry group. Typically, different vendors, industry user groups, and end users collaborate to develop standards based on the broad expertise of a large number of stakeholders. Good example of such collaboration is ETSI (http://www.etsi.org).

CCS are in the early phases of development and implementation. Some are coming along, but, to many watching the development of these standards, it can seem like the Wild West. The main concept and structural interaction among the network elements representing the provider-rendered cloud based services are perfectly visualized by “Cloud computing” created by Sam Johnston:

 

When elaborated, accepted and implemented CCS would enable companies/users to:

  • Move their infrastructure or applications from one cloud provider to another.
  • More easily integrate applications between their on-premise data center and private and public cloud environments.

What are the main topics CCS are addressing?

Interoperability

Interoperability refers to cloud users being able to take their tools, applications, virtual images, and so on and use them in another cloud environment without having to do any rework. Say one application runs in one environment and you need that application to operate with a partner’s application in another cloud environment.

Simple Object Access Protocol (SOAP), Representational State Transfer (REST), and Atom Syndication Format and Atom Publishing Protocol (both standards referred to as Atom) are all examples of widely used interoperability standards and protocols.

Portability

Portability lets you take one application or instance running on one vendor’s implementation and deploy it on another vendor’s implementation. For example, you might want to move your database or application from one cloud environment to another.

Integration

When you think integration, you generally think of combining various hardware and software components together to create something. The same idea applies in the cloud. One example of integration: easily integrating your data with Software as a Service application. This is an example of taking some of your internal IT capability and integrating it into the cloud environment.

Portability and integration become major issues when cloud vendors have different platforms. This can lead to vendor lock-in, which means that moving to another cloud provider is so difficult that you don’t even bother trying.

Security in cloud computing

You need to make sure that the right controls, procedures, and technology are in place to protect your corporate assets. Your organization has invested a lot internally to protect your assets, and it’s reasonable to assume that your cloud provider should do the same.

Cloud security standards are a set of processes, policies, and best practices that ensure that the proper controls are placed over an environment to prevent application, information, identity, and access issues (to name a few).

Two organizations that are very active in this area are the Cloud Security Alliance and a think tank called the Jericho Forum.

Conclusion: In Cloud world, where Applications, Platforms and Infrastructure are detached and virtually accessible by users, standards are extremely important to guarantee Security, Privacy and Service Level Agreement. Especially for SME!

Reference: http://en.wikipedia.org/wiki/Cloud_computing