Latest Posts

Latest Comments


Cloud standards: Are they really a big issue when considering a move to the cloud?


Posted by |

In a recent article in Cloud Pro magazine, journalist Adrian Bridgwater estimates that there are somewhere in the region of 50 different cloud standards. I would consider that a relatively conservative guess. The good news is that a proliferation of standards typically denotes a change in technology from infancy towards maturity. Does this signify that the cloud has started to mature? I certainly think so.

Where are these standards coming from? We’ve seen ‘catch all’ standards developed by consortiums made up of the world’s largest technology players; we seen specific standards created by niche cloud players; and we even seen governments and economic trading partners define some for good measure. Even the European Commission has got in on the act. With a firm eye on the billion Euro potential cloud market, the Commission has been actively engaged in defining a common standard across the region.

With so many standards around and with some backed by global giants, which ones do you pay attention to and which ones do you discount as marketing hype? I believe that there is no reason to overcomplicate what is already a very complicated market. Before signing a contract with the CSP, consider the following concerns and check to see if there’s a standard that’s applicable that your provider should adhere to.

1. Data security – this has always been a concern for customers moving to the cloud so it’s no surprise that it’s one of the most crowded standards area. Globally recognised standards such as ISO 27001 and PCI DSS should be high on the priority list as it validates a CSP’s security credentials.

2. Quality – I would always refer to ISO9001 accreditation as proof and an assurance that the CSP has high standards internally and the management of its processes.

3. Public sector standards – If working in the public sector there could be a variety of concerns around sensitivity and availability of data. There are a some key government and public sector standards to consider, such as:
a. Business Impact Level (BIL) standards that certify a CSP to host restricted or classified government data in a multi-tenanted environment.
b. Public Sector Network accreditation also demonstrates a CSP’s capability to provide you with connectivity to the official public sector networks such as N3.
c. If your CSP is to hold sensitive data you should also be looking its staff accreditation – do they have SC clearance to handle sensitive or secure data?

4. Data centre performance – your CSP’s data centre accreditations are also vital – do they operate Tier 3 or 4 accredited data centres that offer greater uptime and availability of data?

5. Standards red flags - compliance to national security standards is another important consideration and can be a red flag. In particular if your CSP is a US based or headquartered company it will be bound by The Patriot Act meaning that your data could be turned over to the US government if required. Using a wholly UK based CSP avoids this.

But beyond actual standards, capability is another vital area that should not be overlooked. You should never ignore the CSP’s documented experience and existing customer list for assurances of capability. Rather than rely on a standard, check out who the CSP already provides services for. If they have a government department or critical infrastructure provider as a customer, the chances are they’ve had to adhere to some of the strictest guidelines around.

As the cloud industry continues to mature, it’s likely that we’ll see even more standards created. While some will disappear just as quickly, the standards that stick will be the ones that are able to match the pace of evolution within the cloud industry.



Post a comment

Comment submitted! Comments needs approval before being displayed.