Out-Law News | 13 Jan 2014 | 5:21 pm | 2 min. read
The Commission has asked the European Telecommunications Standards Institute (ETSI) to help set out what standards cloud service providers should follow in order to operate in a way that both promotes EU market interests and complies with EU laws. ETSI established a 'Cloud Standards Coordination' (CSC) group which has now reported on the current landscape for standards in cloud computing.
"The analysis has concluded that cloud standardisation is much more focused that anticipated," the CSC's report said. "In short: the cloud standards landscape is complex but not chaotic and by no means a 'jungle'. Though several cloud computing standards have seen successful adoption in small-scale and research projects, cloud computing-specific standards [have] not seen widespread adoption by cloud providers to date."
The European Commission previously suggested that standards in cloud computing may relate to issues such as data security, interoperability and data portability.
According to the CSC's report, there has been "significant progress" in the creation of standards that will enable the interoperability of cloud-based services. However, it said that it was important for "arbitrary terms (including service monitoring requirements and service level agreement concerns)" to be "unambiguously defined" if standards affecting interoperability, such as for "APIs, data models [and] vocabularies", were to become commonplace.
"Interoperability standards need to be formal and complete enough that cloud computing workflows can be automated, but flexible enough that new concepts in the underlying technology or in a particular domain (e.g. public cloud procurement) can be quickly introduced and accommodated," it said.
The CSC said that there are already "many good and widely adopted" standards on security that are in use in the cloud environment. However, it said that security standards that are specific to certain types of technologies may become "obsolete" as new security products and practices emerge.
The body said that some standards on cloud computing governance and assurance were "sufficiently mature" that they could be adopted, and it called for further work to be carried out to standardise practices in areas such as "incident management, cloud forensics, and cloud supply chain accountability management".
Businesses should "clearly identify their security and privacy requirements (including legal and regulatory compliance)" and decide whether existing standards on security are "relevant and applicable" to them, the CSC said.
"From a security and privacy perspective, suitable standards are important for the uptake of cloud computing," the CSC said. "Our analysis shows a need for a common vocabulary to enable the cloud service customer to express their requirements and understand the capabilities offered by a cloud service provider. Some existing security and privacy standards exist which are helpful in this area but further development of common vocabularies and metrics specific to cloud computing is needed."
The CSC said that 'open source' projects were worth keeping abreast of because of the potential they have to impact on the way technologies work in the cloud.
"While not formal standards, the open source projects are creating tried-and-tested APIs, protocols and environments which address aspects of interoperability, portability and security relating to cloud computing," the report said. "It is possible that future specifications and standards may derive from one or more of the open source projects. Some examples of positive interaction have already been seen between standards bodies and open source projects that should be encouraged."
The CSC said that the European Commission should task it with providing an updated report some time between late 2014 and the early months of 2015. This is because it expects cloud standards to mature between now and then and "new conclusions could help the cloud community to better address its standardisation longer-term challenges".
"Cloud computing has gained momentum and credibility, thus generating new offers and demands for more complex use cases and services," Luis Jorge Romero, director general of ETSI, said in a statement. "In this perspective, standardisation is seen as a strong enabler for both investors and customers and can help increase security, ensure interoperability, data portability and reversibility."