"Cloud storage needs open standards for the custodianship of users' data, and only a reputable trade body can provide it. What is the industry waiting for? Do we need another SwissDisk, another Sidekick before it will act." The Register, October 2009

Since 2008 a number of associations have formed – particularly in the US – to look at the issue of standards and cloud computing. Much of their work has been concentrated on defining the architecture of the cloud around which standards should be based. (See for instance 3Tera’s model)

Governance

Open Cloud Manifesto which lists IBM, Cisco, Colt, HDS, and Sun amongst its supporters released a white paper in March 2009 which contained the following general principles relating to standards.

1. Cloud providers must work together to ensure that the challenges to cloud adoption (security, integration, portability, interoperability, governance/management, metering/monitoring) are addressed through open collaboration and the appropriate use of standards.

2. Cloud providers must not use their market position to lock customers into their particular platforms and limiting their choice of providers.

3. Cloud providers must use and adopt existing standards wherever appropriate. The IT industry has invested heavily in existing standards and standards organizations; there is no need to duplicate or reinvent them.

4. When new standards (or adjustments to existing standards) are needed, we must be judicious and pragmatic to avoid creating too many standards. We must ensure that standards promote innovation and do not inhibit it.

5. Any community effort around the open cloud should be driven by customer needs, not merely the technical needs of cloud providers, and should be tested or verified against real customer requirements.

6. Cloud computing standards organizations, advocacy groups, and communities should work together and stay coordinated, making sure that efforts do not conflict or overlap. 

The paper however drew criticism from Microsoft (see Steven Martin blog) who saw it emerging from a closed process and did not gain the participation of Amazon or Google.

Areas for Standardisation

The Open Cloud Computing Interface (OCCI) within the Open Grid Forum (OGF) standards body is looking at standardisation in specific areas including

• security,
• interfaces to infrastructure-as-a-service,
• information about deployment such as resource and component descriptions,
• management frameworks,
• data exchange formats and
• cloud taxonomies and reference models

OGF is collaborating with OMG, the Distributed Management Task Force (DMTF), the Storage Networking Industry Association (SNIA), Open Cloud Consortium (OCC) and the Cloud Security Alliance (CSA) “to coordinate and communicate” standards for Cloud computing and storage under the umbrella of Cloud-Standards.org

Their site - http://cloud-standards.org – provides a useful list of associations looking at Cloud standards.

Open Cloud Consortium.org, a member based organisation (including Yahoo, Cisco and John Hopkins University) established in Illinois, has established a number of working groups including:

Working Group on Standards and Interoperability For Large Data Clouds -The focus of this working group is on developing standards for interoperating large data clouds. For example, what are standard interfaces to storage clouds and compute clouds?

Standard Cloud Performance Measurement & Rating System Working Group - The purpose of this working group is to work with the community to refine use cases, gather requirements, and develop benchmarks for comparing the performance of two different clouds.

Working Group on Information Sharing, Security and Clouds - The focus of this working group is on standards and standards based architectures for sharing information between clouds, especially clouds belonging to different organizations and subject to possibly different authorities and policies. This group is also concerned with security architectures for clouds.

Specific Standards

OCCI has published a one-pager on an Open Cloud Computing Interface Specification

The Storage Networking Industry Association (SNIA) has also published a Cloud Data Management Interface (CDMI) standard

Cloud Security Alliance has Microsoft and HP amongst its corporate members and published security guidance in April 2009. This covers the following areas:

• Architectural Framework
• Governing in the Cloud
• Governance and Enterprise Risk Management
• Legal
• Electronic Discovery
• Compliance and Audit
• Information Lifecycle Management
• Portability and Interoperability
• Operating in the Cloud
• Traditional Security, Business Continuity and Disaster Recovery
• Data Center Operations
• Incident Response, Notification and Remediation
• Application Security
• Encryption and Key Management
• Identity and Access Management Storage
• Virtualization

Colt has called for business driven standards (Colt calls for business driven standards in cloud computing) covering risk management, compliance, data retention, security and business continuity.

Download this OCA Reoprt here.