By David Terrar, CEO of D2C Limited, Co-founder of Cloud Advocates
One of the big issues for a buyer is – how do you choose a good Cloud provider from a bad one? Who do you trust? Maybe Cloud Computing needs some standards? Well actually there are so many standards bodies and vendor groups that the picture is confused – something that we hope to demystify over the coming months with this newsletter. If you type “cloud standards” in to Google, you’ll find an alphabet soup of acronyms, and even the first entry in the list – a “Wiki site for Cloud Standards Coordination” initially looks promising, but doesn’t yet mention some of the key organizations that have something worthwhile to contribute to this topic.
When you do some research you find the International Organization for Standardization (their ISO 27001 on IT security might be relevant )or the IBM backed Open Cloud Manifesto or The Open Data Center Alliance, and many others, but most of their output seems to be about technical standards for programming and interoperability of services – good for the industry as a whole, but not necessarily relevant to the average business trying to decide on a cloud alternative for email management, or accounting or project management. Another issue is that some of these standards have a high barrier to entry for the small software provider. If it’s going to cost tens of thousands of pounds to get a product ISO certified, that guarantees that only the big players will be able to afford it. The smaller, more innovative software developers might have great products, and a safe and secure infrastructure making use of the benefits of Cloud architecture, but they’ll be precluded from the shortlist because they don’t have the accepted “quality mark”. We need something that’s focussed on helping the buyer rather than the developer, and which helps the innovative entrepreneur just as much as one of the major IT players.
[atag827]That’s where the Cloud Industry Forum (CIF) comes in (disclosure – actually I’m on their governance board). CIF, a not for profit organization, was established in 2009 to provide transparency for the industry through certification to a Code of Practice for credible online Cloud service providers. The emphasis within the code is on best practice in the approach to service provision, rather than technical standards of programming. The code covers areas like contract terms, Service Level Agreements, data protection, data location, or transparency of the service supply chain. These are the practical things that a buyer needs to know. Organizations that sign up and conform to the code of practice get a “CIF Certified” quality mark. The process itself allows for a self-certification approach as well as a full external audit. Self-certification brings the cost down to an affordable level for the smaller Cloud players, but it’s still properly policed.
Members of the Cloud Industry Forum include Microsoft, Rackspace, Fasthosts, Nominet, Star, Mamut, FrontRange, Unit 4 (Agresso, FinancialForce), Webroot, and is supported by vendor organizations like Intellect, EuroCloud UK, the British Application Software Developers Association and the UK Cloud Alliance. The Code of Practice has only just been agreed, and the first wave of Cloud companies are currently going through the accreditation process. The other standards bodies mentioned above are interesting for the IT insiders, but the “CIF Certified” mark should actually tell the buyer something about the transparency and security of a given Cloud solution and the company behind it.
David Terrar is a consultant and software developer who specialises in the use of Cloud applications and social media in business. He is a co founder of Cloud Advocates, an association of consultants who aim to demystify the Cloud and provide pragmatic help and advice for businesses, organizations and accounting practices. To find out more, visit www.cloudadvocates.com
Join us on