Cloud Standards: Bottom Up, Not Top Down - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Infrastructure as a Service
12:40 PM
Connect Directly

Cloud Standards: Bottom Up, Not Top Down

IT has good reason to demand standardization in SaaS, IaaS and PaaS offerings. But what's interesting is that vendors themselves are just as interested, and in many cases, are driving standards efforts.

There's a growing demand for standards to bring some sanity to the cloud computing market. Both buyers and sellers have their reasons to want common ways to do things such as transfer data from one cloud-based app or infrastructure to another. But the competition to be in control is fierce. "The Internet had the IETF, which wrangled people and protocols," says Mathew Lodge, VP of cloud services at VMware. "But in the cloud, the standardization landscape is so fragmented. There isn't a central body or forum or place, although lots of people and organizations are trying to be that."

Two main factors drive demand for standards. Cloud vendors want to show they can meet companies' security requirements, since that's the biggest roadblock to adoption. IT pros also see value in formalized standards for cloud services, according to the 400 respondents to our InformationWeek Standardization Survey: 89% rate standards for cloud infrastructure vendors such as Amazon, Microsoft Azure or Rackspace as extremely (53%) or somewhat (36%) helpful to their organizations; 85% say the same about software-as-a-service. Why? Would-be cloud customers want to avoid getting locked in to one vendor, so investments in cloud services now don't end up limiting future flexibility.

CIOs are right to be wary. When a cloud vendor raises its rates or lets its service quality decline -- or worse, shuts its doors -- IT may be left scrambling. These aren't just theoretical concerns. Amazon Web Services, the dominant provider of infrastructure-as-a-service (IaaS), had three major outages in 2012, and Gmail, the most widely used cloud email provider, had two major outages last year. In late 2011, Google raised prices for its platform-as-a-service (PaaS) offering, App Engine, by more than 100% for many customers. On the flip side, keeping open the option to switch spurs competition and lets companies jump on better deals; Amazon, for example, cut storage-as-a-service prices 20% last year, prompting Google to match. And it's not just private enterprises worried about being tied down. The U.S. Department of Defense recently hired cloud computing strategy firm Fusion PPT to identify cloud standards and best practices to avoid lock-in.

Our full report on cloud standards is free with registration.

What you'll find:
  • Guide to what makes a good standard, cloud or otherwise
  • A sneak peek at the results of our new Standardization Survey
  • Prognostications from a dozen cloud experts
Get This And All Our Reports

Though demand for cloud service standards is growing, the conventional top-down model no longer holds. Standards today are more likely to spring organically from wide adoption of the approaches of one vendor or a small cadre, and we expect to see more de facto than formal standards in the cloud era. Simply promulgating a standard -- even if done by a widely respected standards-developing nonprofit -- isn't enough to make it stick. The pace of innovation with cloud services is just too rapid. Vendors are updating their offerings on a monthly basis, whereas standards organizations usually take years to finalize new specs.

So why do we need cloud standards? For starters, to compare services. Even for something as straightforward as CPUs, cloud providers have created their own measurement units: Amazon Web Services has the Elastic Compute Unit, Google has the Google Compute Engine Unit and Microsoft Azure provides the clock speed of its processors.

One relatively bright spot is security, thanks to the Cloud Security Alliance. CSA member organizations, including most large cloud providers, work together to define best practices in security, and the CSA offers a number of useful resources, many of which are becoming de facto standards. For example, the CSA Cloud Controls Matrix (CCM) is a framework for implementing good cloud data center security practices. It provides detailed security concepts and principles in 13 domains and coordinates with security standards such as ISO 27001, COBIT, PCI, HIPAA and FedRAMP. The CSA's Security, Trust and Assurance Registry is another useful resource. It contains responses from cloud service providers to questions raised by the CCM. The registry has responses from major IaaS vendors including Amazon, Hewlett-Packard, Microsoft, SoftLayer and Verizon Terremark, as well as SaaS vendors, such as and Microsoft Office 365. One caveat: The CSA doesn't independently verify answers.

Sadly, the work done by the CSA hasn't been replicated outside the security realm. So here's a look at the state of standards in the three key areas IT needs to evaluate: portability, interoperability, and provisioning and orchestration.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Moderator
1/24/2013 | 8:26:21 PM
re: Cloud Standards: Bottom Up, Not Top Down
Still a lot of room to improve but the momentum of the various open standards groups like Openstack is promising -- in good part because of the involvement of some smart minds from providers like VMware, HP, etc. Consistent development and friendly competition is sure to lead to a better product all the way around. I would hope that what businesses draw from all the standards development is the need/importance of building out a strategic plan themselves while making cloud investments. Realizing the anticipated benefits only comes with solid plans.
User Rank: Apprentice
1/29/2013 | 4:50:14 PM
re: Cloud Standards: Bottom Up, Not Top Down
Also look at - a group that has been coordinating the various cloud standards efforts for years now. Representatives from the various organizations maintain this wiki and keep it up to date.

-- mark
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll