There are many initiatives going on to standardize Cloud Computing and one of the main leaders is the National Institute of Standards and Technology (NIST). NIST’s SAJACC (Standards Acceleration to Jumpstart Adoption of Cloud Computing) Working Group is leading the development of a USG (U.S. Government) Cloud Computing Roadmap. This roadmap will define and prioritize USG requirements for interoperability, portability, and security for cloud computing in order to support secure and effective USG adoption of Cloud Computing. The goal of the SAJACC initiative is to drive the formation of high-quality cloud computing standards by providing worked examples. It shows how key use cases can be supported on cloud systems that implement a set of cloud system specifications.
Briefly, the program is aimed at making Clouds work together (Interoperable) where workloads can move around (Portable) and customer assets are protected (Secure). Use Cases describe how groups of users and their resources may interact with one or more systems to achieve specific goals such as, copying objects (data) between cloud providers and erase or create objects. Use Cases are based on stories with elements such as, actors, goals, assumptions, etc. and are available to the general public here. One third of the use cases deals with security and related principles.
The collaborative participation by other bodies takes Cloud standards to deeper levels. The DMTF (Distributed Management Task Force) enables more effective management of millions of IT systems worldwide by bringing the IT industry together to collaborate on the development, validation and promotion of systems management standards. Their focus on Cloud computing with Interoperability DMTP standards provide well-defined, interoperable interfaces that build upon each other. The Cloud Incubator project prepared the informal settings to start establishing the landscape with published white papers and use cases. The next step is a Cloud Management Working Group which replaced the Incubator project and has the role of writing formal specifications. It goes even deeper with specifications that address the management lifecycle of a virtual environment. The OVF (Open Virtualization Format) specification provides a standard format for packaging and describing virtual machines and applications for deployment across heterogeneous virtualization platforms. For more information about Cloud Management Standards go here.
The Standards Development Organization (SDO) is a trade association for the storage industry and participates in developing and promoting standards – SNIA Cloud Activities. In support of SNIA standards, as well as other storage standards, the SNIA develops software. The software developed by the SNIA is designed to help accelerate the adoption and implementation of standards which will enhance the interoperability of storage systems.
The CSA (Cloud Security Alliance) Cloud Control matrix working group made up of 17 individual members and 100 corporate members adopts an agile philosophy in the rapid development of applied research of GRC – “to promote the use of best practices for providing security assurance within Cloud Computing and provide education on the uses of Cloud Computing to help secure all other forms of computing.” The CSA toolkit highlights critical control requirements in SAJACC use cases.
