The cloud has evolved in myriads of ways. The computing paradigms, business models and other cloud related concepts can be very confusing. Further, subjective definitions ‘right’ and ‘not right’ confuses the issue. Cloud adoption becomes the problem instead of the solution to the problem!
Standards in Cloud Computing may be the way to go. How does one know what the standards are? Well, if you sift through the murk, you will see that there are some glimmerings of standards implemented.
For one, security standards are crystallizing. Third party certifications, such as the US government’s FIPS 140-2 are emerging. Cryptographic algorithms that are FIPS 140-2 certified are being widely accepted by cloud vendors and consumers alike as a de facto standard for encryption.
A number of Standard Developing Organizations (SDOs)–that include a number of international standards bodies—have entered the cloud arena and are actively working towards developing the standards. The National Institute for Standards and Technology (NIST) has established a conceptual reference model for cloud. This model defines cloud terminology and provides a birds eye view on different views on organizational roles in cloud computing. It covers stakeholders and players in the cloud—including cloud service providers, brokers, customers, auditors and others—and attempts to provide the motivation for discussion and development of a cloud ecosystem that is beneficial to all parties involved in the transactions.
All these standard organizations are focusing attention on mitigating the disruptions caused by cloud technology in three dimensions, by:
- Framing international cloud Standards
- Categorizing cloud standards, and
- Illustrating the category in great detail
Cloud standards can be prescriptive or evaluative.
Prescriptive standards are exact and technically oriented standards. The focus is on functional management and interoperability between vendors in order to homogenize cloud deployments. The “dominant design” of the product is expected to be technically sound and functionally efficient.
Evaluative standards are descriptive and may or may not include maturity models, auditing models and quality models. They are points of comparison between vendors with a view to mitigate risks to the end consumer.
Having said all this, it must be acknowledged that everything about cloud computing cannot be standardized. The scope of work and the areas for standardization have been picked by SDOs with unerring acumen. The process will help impact the critical parts of the cloud while giving scope to individual cloud vendors to promote their products with features that are unique to them.