Monday, July 16, 2012
What Standards Are Needed in the Cloud?
While some are concerned about privacy in the cloud, or data export standards, it's my opinion that we can all benefit from a few specific standards -- ones that would benefit both providers such as Amazon, Google, etc., and consumers of cloud services. While SAS 70 and a few U.S. government (FIPS, FISMA, etc.) standards supply a level of due diligence on cloud or outsourced IT services, a global approach would be most successful. Ed Ferrara of Forrester Research advocates Cloud and Managed Service Provider (MSP) certifications, as opposed to vendor specific certifications, “...understanding the cloud provider’s underlying capabilities, resources, security processes and safeguards, as well as the provider’s overall financial health will be very important for organizations who want to safely and successfully utilize cloud computing.” Data standards such as HIPAA and others is a good first step. A Cloud Standards Customer Council has been formed, with enterprise members that include IBM, Kaavo, CA Technologies, Rackspace, Software AG. More than 100 of the world's leading organizations including Lockheed Martin, Citigroup, State Street and North Carolina State University have already joined the Council. Some private organizations offer certifications that, if more widely adopted, could form the basis of PAAS certifications. When one considers security failures in some cloud-based products and services, CIOs should look closely at how a particular provider measures up. Breaches at Sony, Citibank, the International Monetary Fund and others show that determined attacks by hackers can result in serious problems. Understanding the conflicts between countries' laws can also be part of the transparency needed (think about how the US Patriot Act may be at odds with EU Data Privacy laws). Read more at the WSJ… http://blogs.wsj.com/cio/2012/07/13/cloud-providers-the-case-for-universal-standards/