The Need for Standardisation in Cloud

Computing - The Issues

The second instalment in this couplet of articles looks at some of the issues that the
standardisation of cloud computing, including the European Commission's potential
initiative, will aim to tackle and clarify in order to drive the adoption of cloud
computing forward, particularly within its ripest markets, such as amongst SMEs.
Control Over Data & Security
Arguably the primary area for concern for prospective cloud computing clients is
that of data handling. In other words knowing and controlling where your data personal details if you are a personal consumer, or client data etc for businesses - is
stored (geographically and technologically) and how secure it is in that location. For
on-site private clouds, for example, this is less of a concern, but where a client is
signing up to a public cloud service, based upon shared server resources and public
network connections, they may not fully understand, never mind influence, where
their data lives.
The cloud computing model means that a client's data can ultimately be stored
across national boundaries, across continents even and that raises many issues
around the varying jurisdictions under which that data exists. It can lead to conflicts
between the differing jurisdictions under which cloud providers operate and under
which the data they control is stored. As an illustration of this, data held by US cloud
providers must be supplied to the US government on request under the US's Patriot
Act, even when that data is physically hosted in another country. Consequently, as a
UK resident signing up to a Microsoft Live account for example, a consumer may not
in fact realise that their personal details, and who has access to them, are governed
by US laws, despite understanding that Microsoft is a US based company. In many
other scenarios, private and commercial users of cloud services may not be
confident of the nationality of the provider in the first place, never mind the
jurisdictions and legislation that govern their data.
Not only may this lack of transparency lead to concerns over who has access to and
jurisdiction over data but it may also raise questions about what security measures
are applied to safeguard that data against those who shouldn't have access to it in
any case, and against any kind of intentional corruption of that data. Security
vulnerabilities can of course sit at many points in the cloud model but client
perception and awareness of those at source - at server/data centre level - can be
far less clear than of those at the access points with which the client interacts.

Interoperability
Presently, the primary driver for standardisation across the industry, whether
amongst clients who feel they have a grasp of their data handling processes or not,
is that of interoperability - that is being able to switch their IT functions from one
provider's platform to another compatible platform. The current cloud market raises
many questions in this area for organisations: if it moves some of its functions to
one cloud provider will it then be locked into that provider for its associated
functions; can it integrate functions hosted with other providers; will this carry
prohibitive costs; can it switch workloads between different cloud services
seamlessly; will it be able to migrate away from its chosen provider if a more
preferable solution comes along? From a commercial point of view these are some
of the most pressing questions when choosing a cloud provider and so there is
gathering momentum across the industry, not just in Europe, to establish open
standards which free consumers to treat their cloud computing services more like
the utility computing that the cloud has long promised to deliver. In other words,
allowing clients to tap into different provider's services as and when they need
them, without lock-ins and without barriers.
There are many other aspects of a cloud proposition, in relation to performance,
uptime, storage space etc, that clients can have difficulty understanding and
comparing like for like. All of these issues demand clear and standardised SLAs to
come into play in order to define the language and metrics in which information can
be presented to clients. Form a client's point of view, however, the key is to seek
out reputable cloud providers, enquire about interoperability physical hosting
locations, use recommendations from clients with established relationships where
possible and steer well clear of ambiguities.