The number of initiatives is overwhelming. For years the joke was that any time two Dutch meet, they are likely to start an association or co-operative initiative, but apparently that is also true for security and cloud experts. I won’t bore you with all the clever acronyms (it’s a true alphabet soup), but I do want to highlight the more interesting overall findings.
In one of the first forum sessions – called “In Cloud We Trust” – Dr. Laurent Liscia of OASIS gave an interesting perspective on these competing standards. He compared the process of establishing an accepted standard to a Petri dish (no relation). Multiple cultures in a nutritious environment all trying to do a land grab. A process that is not orchestrated, it’s ‘eat or be eaten’ and it is hard to predict the outcome because the process takes time. No amount of pressure or additional heat can accelerate it and watching a Petri Dish real-time is about as useful and as interesting as watching grass grow. Meaning, it’s better to wait for history to run its course.
Having said that, there one initiative from this forum – which had participants from ENISA, The World Economic Forum, TRUSTe and CA Technologies – that I do want to highlight, even though the implementation is still in an incubation phase.
The recommendations are not earth shattering, but if governments and the cloud ecosystem participants could streamline their efforts around these eight, it would further these efforts in a useful and pragmatic way. For more info read the (very readable) full report, but in a nutshell the recommendations are:
- Explore and facilitate the realization of the benefits of cloud
- Advance understanding and management of cloud related risks
- Promote service transparency
- Clarify and enhance accountability across all relevant parties
- Ensure data portability
- Facilitate interoperability
- Accelerate adaptation and harmonization of regulatory frameworks
- Provide sufficient network connectivity to cloud services
P.S. During the event I participated as a forum member in “Cloud Standardization: From Open Systems to Closed Clouds?,” and “Identity and Access in the Cloud.” I will be speaking more about the topic of lock-in at the upcoming International Cloud Expo in New York (June 6-9), and I will cover cloud computing and risk during the Middle East Financial Technology Conference (MEFTEC) in Abu Dhabi (May 30-31).