Standards in the Cloud
But the ODCA also attributes the shift in enterprise attitudes toward the cloud to greater trust in its ability to meet corporate requirements, including demands for high levels of security, performance and interoperability. This is because existing and new organizations set up to address such concerns, including the ODCA, have been making remarkably swift progress over the past three years in creating new standards, codifying industry best practices and developing ways of benchmarking cloud provider services. Some standards/best practices are new and cloud-specific, such as DMTF's Open Virtualization Format (OVF); others, such as SAS-70/SSAE 16, ISO 270000 series and ITIL have long been applied to traditional IT outsourcing services, such as collocation and Web hosting. Now they are becoming the bedrock for trust and governance in the cloud.
ODCA members are in a powerful position – representing, as they do, some $100 billion worth of IT procurement power – to mandate trust and performance requirements on their cloud providers. Cloud providers will have to step up to the plate very quickly and demonstrate conformance with industry best practices for cloud infrastructure management, as well as compliance with a raft of industry security standards. Several cloud providers are already taking a lead here, thanks to their backgrounds in traditional collocation, hosting and managed IT services.
But the industry has further work to do in harmonizing the very wide range of standards that potentially apply to cloud. As the new Heavy Reading Service Provider IT Insider, "Delivering a Trusted Enterprise Cloud: Can Standards Help?," points out, enterprises need standards that have been written for a non-cloud world to be adapted for the virtualized, multi-tenant public cloud. Cloud providers also need to roll out new, standards-based tools and technologies that help them secure workloads, identities and, above all, data across their cloud infrastructures.
Telcos are in a particularly strong position to combine trust in the (data center-hosted) cloud with trust in WAN connectivity to the cloud, a theme that Heavy Reading has highlighted on several occasions. Telcos understand standards and they already have trusted relationships with enterprises from managed hosting and connectivity businesses they can leverage for cloud. Conformance to standards can certainly help telcos deliver a trusted enterprise cloud. But trusted cloud providers have to square a difficult circle: How do they provide a standards-heavy, high-performance trusted cloud solution at a price that is competitive with pure-play cloud providers like Amazon, which is setting the industry benchmark here?
Enterprises want trusted capabilities but they are proving resistant to paying for them. Delivering a Trusted Enterprise Cloud: Can Standards Help? highlights the interesting tension emerging around standardization, especially at the lowest levels of the cloud operating stack, where leading cloud providers like Verizon believe innovation is the key to the question of delivering a trusted cloud cost-effectively.
It will take time for all IT to migrate into the public cloud and supporters of the public cloud model often underestimate the longevity of the requirement for traditional, standards-based IT outsourcing, as well as private cloud environments. Telcos have a large opportunity to provide a hybrid offer that encompasses all three types of environment, offering differentiated levels of trust and standards compliance that match enterprises' wide range of current needs. But they also need to keep pace with innovation, anticipating the day that applications will be rewritten to be secure and resilient in the public cloud and industry standards will be re-shaped to support multi-tenancy and the dynamic, non-geographic nature of the public cloud.
— Caroline Chappell, Analyst, Heavy Reading Service Provider IT Insider
Delivering a Trusted Enterprise Cloud: Can Standards Help?, a 27-page report in PDF format, is available as part of an annual subscription (6 bimonthly issues) to Heavy Reading Service Provider IT Insider, priced at $1,595. Individual reports are available for $900.