While cloud computing is an evolving technology, it is not new. In fact, telecom companies were the first cloud service providers and they had established certain customer expectations and industry standards over the decades of their operations. The standards of cloud industry are largely modeled around similar expectations with additions prompted by the nature of the deployments and the type of transactions that take place in the new cloud applications.
Standards may be defined around the types of Cloud computing in use. Clouds may be private, public or hybrid clouds. Mandates around Private clouds demand adherence to defined processes and established governance frameworks. Infrastructure libraries, documentation, backup control and Service Level Agreements (SLAs) for business integration and service management must be in place. Public clouds must adhere to established frameworks and also provision for additional audits under the various acts.
The industry type may determine the standards adopted for the cloud. The industry vertical, segment or country of operation may dictate the standard. Health care, for instance, will be governed by HIPAA and the financial industry will be governed by Sarbanes Oxley in the USA and Canada. The industry itself may have its regulations and sets of requirements for security, access control, segregation of duties, data protection and so on. The SLA requirements may also vary across the segment depending on the size of the company, the amount of data processed and the nature of the data. Finally, the regulations of the country in which the industry is located may have an impact on the kind of standards that are adopted by the industry.
The current tools and processes in place may also have bearing on the standards adopted for the cloud. The internal and external practices of the customers (industry) will have to be taken into consideration while determining the standards that can be implemented.
Finally, the current requirements or standards that have been established by vendors around the cloud will create expectations / standardizations. This is especially true where software licensing and usage are concerned. Industries must understand restrictions and components that are not clearly defined, and establish practices that will not result in unexpected costs, legal ramifications or breaches of any kind.
Since the cloud is an integration of several technologies, the standards already established for the technology may have to be adhered to and integrated with any compliance standards that may be emerging or evolving in context.
In short, cloud computing service providers must investigate key areas for compliance and determine key expectations from regulatory authorities, customers and even competitors in the same industry vertical.