- The lack of broadly accepted cloud standards around security and other key operational points begs for more common definitions across the industry.
- One potential source for best practices is the vendors themselves who, through efforts such as certification programs, could help set standards for the cloud.
Anticipating the unknown is a challenge in even the most conventional and mature IT environment. So in the wilds of the cloud, the potential for missteps, breaches and other issues that lead to disappointing outcomes is vast. This uncertainty – and more to the point the lack of control that many IT organizations feel they have over a virtualized on-demand service environment – has kept many enterprises from going all-in to the cloud.
The hesitation of businesses to make large scale commitments to the cloud could hamper widespread adoption of the model. What enterprises in particular need are well-defined – and broadly accepted – guidelines for the cloud to help them successfully navigate the unknown through best practices, and give their IT organizations a greater degree of control over these virtual environments. This includes having specifications in place that service providers need to adhere to ensure stable and secure service delivery.
While there are a number of organizations including the National Institute of Standards and Technology (NIST), the Cloud Security Alliance (CSA), the Object Management Group (OMG) and the Storage Networking Industry Association (SNIA) working on specifications around technology guidelines and best practices for reliable cloud service delivery, making sense of it all together can seem like an alphabet soup of sources for standards that can be a challenge in itself. However, having some kind of third-party validation that an organization’s or provider’s cloud operation applies the right controls is of critical importance to many organizations. This is particularly true in areas such as security — 96 percent of enterprises (surveyed in Current Analysis’ 2011 survey on cloud adoption in North America) said that having third party security certification of their cloud provider is important.
Today businesses are looking to a hodgepodge of data center, security and vertical industry standards for basic assurances. One other source for guidance may actually be from some of the more elite vendors themselves. Large suppliers of key data center and networking technologies may have presence in the cloud environment and also the design expertise that makes them credible resources for specifications for their service provider customers — around how to employ technology and processes needed to achieve satisfactory service levels.
Cisco is among the few elite vendors that has the technology depth and industry credibility to play a part in shaping standards for cloud design and delivery. Along with its newly launched CloudVerse platform, which bundles together data center, network, and hosted cloud applications to accelerate cloud build outs, Cisco introduced a series of new certifications through its Cloud Partner Program (CPP) for service provider resellers — to help validate the partners’ design and delivery capabilities.
The question remains: will vendor certifications like Cisco’s help establish standards for cloud development and delivery or will they lead to more confusion in the marketplace? What do you think?