Standards, standards, everywhere...
But not a real cloud security standard in sight.
Published 16:14, 08 November 10
In the past few weeks we have seen the Open Data Centre Alliance come out with its defining of interoperable cloud data centre solutions, the Common Assurance Maturity Model with its framework for common assurance for cloud providers and now Oracle has proposed its Open Cloud Resource Model API.
And these are in addition to the other various cloud guidelines that have been proposed in the past 12-18 months, such as those by The Jericho Forum, ENISA and the Cloud Security Alliance to name but a few.
They don’t all overlap completely, but they do all seem to have a similar aspiration of making the cloud secure and interoperable. But it would seem that a pooling of resources, or bringing development under the auspices of a larger standards group to ensure that work isn’t repeated would be a good idea and would save a lot of time and effort for everyone in the long run.
Oracle has submitted its API to the DMTF which is a good start, but there is still a way to go.
Standards are interesting things. Development often appears to move at glacial speeds as different vendors have different motives and therefore help or hinder a fledgling standard. (Think about it, if it is easy to move from one provider to another, then customers will which is not ideal if you are a vendor.) However, it is the customer that benefits from a standard and so should jump up and down demanding a standard from vendors which will enable migration across cloud providers which will improve competition and ultimately offer a better service all round.
So, if you are thinking of using the cloud (or are already using it), then start to apply pressure to your suppliers you will make a difference.
Guy Bunker, Jericho Forum board member