Cloud Computing Needs Standards

Cloud computing is the latest phenomenon in the IT world. However, the emergence of standards is a sign of market maturity, and it can be a big mistake to commit to products from a market that is not mature. That’s why everyone is asking, “When will we see some cloud standards?”

Unfortunately, there’s no simple answer.

The protocol, data format and program-interface standards for using cloud services are mostly in place, which is why the market has been able to grow so fast. But standards for configuration and management of cloud services are not here yet. What’s more, the crucial contextual standards for practices, methods and conceptual frameworks are still evolving.

Cloud computing will not reach its full potential until the management and contextual standards are fully developed and stable. In the meantime, there will be pitfalls, so buyers of cloud services should beware.

Cloud standards start with TCP/IP. Internet standards were probably the biggest market enablers of all time, even before the cloud markets of infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) were added to the voice and data communication services they already supported. 

On top of TCP/IP, the cloud uses established standard Web and Web Service data formats and protocols. The programming interface standards on which Cloud PaaS offerings are based are equally well-established. They include the single-vendor .NET standards and multivendor standards such as Unix, Linux, Java and SQL.

This means that companies can use cloud services—and make those services available to their customers—secure in the knowledge that they and their customers can use off-the-shelf products without being locked into a particular cloud vendor by proprietary interfaces. Then this essential precondition for market growth is fulfilled.

Configuration and Management

When it comes to configuration and management, the lack of effective, widely accepted standards is beginning to be felt. Resource and configuration management can vary substantially between cloud suppliers, even for IaaS.
This may not seem particularly important but, with a typical pay-per-use model, fine-tuning can make a big difference in your monthly bill. While it is unlikely that standards can make it possible for an enterprise to have a single management regime for all its cloud suppliers, it will make it easier to move from one supplier to another. 

There are several industry bodies working on cloud configuration and management standards, including the Distributed Management Task Force (www.dmtf.org), the Open Grid Forum (www.ogf.org) and the Storage Networking Industry Association (www.snia.org).

Contextual Cloud Standards

The lack of contextual standards is the biggest problem for the cloud. There are as yet no widely accepted frameworks to assist the integration of cloud services into enterprise architectures, to support the transfer of information between different clouds, or to enable swift procurement and contract negotiation.
This is not necessarily a bad thing: A period of experimentation with different practices is needed so that the best ones can be identified. But, during this period, cloud users must put significant effort into deciding how to proceed, and they should be prepared to make changes in light of their experiences and the experiences of others.

Legal Framework

The first area in which most users will start to worry is the legal one. For example, if an on-line retailer stores customers’ information in the cloud, can the cloud provider sell that data if the retailer fails to pay its service charges? If so, where does that leave the retailer and its customers? This is an important part of the context for cloud computing standards. 

Steve McDonald, general counsel at the Rhode Island School of Design, identifies 16 legal and quasi-legal issues that can arise in contracts with vendors for cloud computing services (tinyurl.com/2erpewk). These issues include privacy and confidentiality, location and ownership of data, unauthorized use of data and service-level agreements. Until there is a commonly agreed upon approach to these issues, contractual negotiations for cloud services will be protracted and difficult.