Cloud Standards –The Great Debate

Thursday, March 03, 2011

Ben Kepes


Over on ComputerWorld, Justin Pirie from Mimecast, wrote an impassioned plea calling for the acceleration of the creation of cloud standards.

He argues that with rapidly increasing levels of cloud adoption, an effective set of industry standards is becoming ever more pressing.

Pirie points out the following issues caused by a lack of standards;

  • lack of fluency between vendors creates a communication barrier which is near impossible to overcome
  • considerable confusion around the term ‘cloud’ itself

Pirie calls for rapid moves on two particular standards;

  • Security
  • Cloud data lifecycle (the access to data if the vendor folds)

It seems to me that both of these areas that Pirie calls for standards in can be solved with good buyer control of an SLA.

I’ve always been against cloud standards at so early a stage in the cloud lifecycle. It seems to me that we’re on this amazing wave of innovation with core technologies being reinvented on an almost daily basis.

Any move to lock down standards will really impact on the velocity of that adoption. A few responses to a focus question I raised about this issue concur with my viewpoint;

At this time, cloud standards will be more counterproductive than helpful. Standards will help the larger and slower players with a lot of inertia hold back the pace of innovation in the sector.

Ben, As I posted on Twitter, it’s hard to have cloud standards when we’re still not at a point where we have common definitions.

Is it time now ? Probably not. But it will certainly continue to be a source of great debate for the foreseeable future.

The issue here as I see it is that Pirie is , to use a metaphor, a blunderbuss approach to something that can readily be solved through buyer knowledge and good SLAs.

Cloud data lifecycle is an easy one – buyers simply need to ensure that their cloud service is protected by an escrow arrangement to reassure themselves that their service will live on regardless of what happens with the vendor.

Granted security is slightly more difficult  – but a good SLA will cover data security, backup and retention policies and access to data by third parties. All of which will reassure customers about the security aspects.

We’re in this amazing place where innovation happens on a daily basis – standards have historically been shown to slow that innovation down and in a nascent industry, that’s bad for everyone.

Cross-posted from Diversity

Possibly Related Articles:
Cloud Security
Cloud Security Storage SaaS SLAs Vendor Management Standards
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.