In cloud standards, it’s all about survival of the fittest

The Kuppinger Cole European Identity Conference 2011 (EIC), which was held in Munich earlier this month, truly represented a ‘Who’s Who’ of cloud initiatives and standards.  Representatives from many influential, established and aspiring standards and industry bodies were on hand to showcase progress of the security initiatives currently in the works.

The number of initiatives is overwhelming. For years the joke was that any time two Dutch meet, they are likely to start an association or co-operative initiative, but apparently that is also true for security and cloud experts. I won’t bore you with all the clever acronyms (it’s a true alphabet soup), but I do want to highlight the more interesting overall findings.

In one of the first forum sessions – called “In Cloud We Trust” – Dr. Laurent Liscia of OASIS gave an interesting perspective on these competing standards. He compared the process of establishing an accepted standard to a Petri dish (no relation).  Multiple cultures in a nutritious environment all trying to do a land grab. A process that is not orchestrated, it’s ‘eat or be eaten’ and it is hard to predict the outcome because the process takes time.  No amount of pressure  or additional heat can accelerate it and watching a Petri Dish real-time is about as useful and as interesting as watching grass grow. Meaning, it’s better to wait for history to run its course.

Having said that, there one initiative from this forum – which had participants from ENISA, The World Economic Forum, TRUSTe and CA Technologies – that I do want to highlight, even though the implementation is still in an incubation phase.

Earlier this year the World Economic Forum IT partnership – in collaboration with Accenture and with input from a steering group including representation from CA Technologies – published “Advancing cloud computing: what to do now?” with eight recommended action areas. 
The reason I mention this particular initiative is because of the enormous influence this organization has on governments. As associations all over the world realize that legislation and government stimulus may determine the success of their regional cloud industry – an industry that is likely to be the next economic engine of prosperity – they are rapidly publishing recommendations on what they feel their local governments should do to facilitate the success of cloud computing. So as not to be drowned out in the aforementioned alphabet soup of initiatives, it makes sense to anchor such local recommendations against the global guidance of the World Economic Forum. 

The recommendations are not earth shattering, but if governments and the cloud ecosystem participants could streamline their efforts around these eight, it would further these efforts in a useful and pragmatic way. For more info read the (very readable) full report, but in a nutshell the recommendations are:

  1. Explore and facilitate the realization of the benefits of cloud
  2. Advance understanding and management of cloud related risks
  3. Promote service transparency
  4. Clarify and enhance accountability across all relevant parties
  5. Ensure data portability
  6. Facilitate interoperability
  7. Accelerate adaptation and harmonization of regulatory frameworks
  8. Provide sufficient network connectivity to cloud services

P.S. During the event I participated as a forum member in “Cloud Standardization: From Open Systems to Closed Clouds?,” and “Identity and Access in the Cloud.” I will be speaking more about the topic of lock-in at the upcoming International Cloud Expo in New York (June 6-9), and I will cover cloud computing and risk during the Middle East Financial Technology Conference (MEFTEC) in Abu Dhabi (May 30-31).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: