Welcome!

Virtualization Authors: Liz McMillan, Unitiv Blog, Dana Gardner, Pat Romanski, Roger Strukhoff

Blog Feed Post

2014 Prediction: Certified Cloud Computing

The Techtarget History of Cloud infographic stops at 2014 and asks ‘What next?’, and my answer, my proposal for a key trend in 2014 is ‘Certified Cloud Computing‘.

The goal of our Canada Cloud Roadmap is to suggest where the trend may go across five, ten, twenty years or more, providing the freedom to work more imaginatively, but with a prediction for the next year it has to be based on tangible activities present in the market now.

certification1Certified Cloud Computing

This is one of the first aspects of Certified Cloud Computing, (CertCloud) in essence it already exists.

In short it refers to Cloud Providers being audited by a particular standards authority and if compliant issued a certificate to that effect.

It already exists today in that many hosting providers are audited for standards like ISO27001 or SAS-70, however technically it doesn’t exist in that these aren’t “Cloud specific”, they are audit practices based on the traditional data centre models and technologies.

The move from dedicated (“c0-located”) hardware to shared, multi-tenant Cloud environment means they do not cover all aspects of the technical configuration, and the most critical ones too.

It also faces these kinds of credibility challenges.

Use case scenarios and standards

So to be specific CertCloud builds on a previous industry of traditional data centre audit practices and modernizes them for the Cloud age, with the addition of new ‘Cloud Certification Profiles’ (CCP). This is a new standards group we are working with OASIS to launch, and in general we will see many different organizations finalize their position in this kind of service area.

A perfect example is the Cloud Security Alliance, where one of the primary customer needs and hesitations is knowing how secure their information is with one provider over another; so seeing a “Cloud Security Score”, like a credit score, would be helpful.

Check out this press release from Canadian telco provider Telus last year, where it identifies:

“87 per cent of Canadian business and IT leaders have significant concerns about public cloud’s ability to handle data in compliance with regulations and legislation.”

Originally our OASIS group was called ‘PACR‘ this group was formed to help Governments develop these types of regulatory compliance audit frameworks, and while this will be one of the focus areas we have since generalized it so that it can also suit any industry need (finance, banking etc.).

For some real-world examples of where this type of certification approach might be applied:

G-Cloud Canada

One of the original motivations is being able to replicate the UK, repeating it elsewhere such as Canada for example.

The Canadian Government themselves are pioneering this type of framework, indeed one of the key reference points was Shared Services Canada have recently released an updated roadmap plan (46-page PDF) for their implementation of Cloud Computing, which describes:

  • An overall model based on the NIST definitions
  • Overall business drivers include data centre consolidation to as few as possible
  • An architecture of secure zones and VPCs (Virtual Private Clouds)
  • Workload mobility

What is especially noteworthy is how big a foundational role ICAM (Identity and Credential Access Management) will play in this architecture, and a critical point about ‘Certified and Accredited infrastructure’.

Programs like the G-Cloud are basically marketplace systems based on certification of suppliers. What’s especially important about this approach is how it levels the playing field, small suppliers can join as easily as large ones. The traditional RFP process typically excludes them.

The post 2014 Prediction: Certified Cloud Computing appeared first on Cloud Computing Best Practices.

Read the original blog entry...

More Stories By Cloud Ventures

The Cloud Ventures Network is an expert community of leading Cloud pioneers. Follow our best practice blogs at http://CloudBestPractices.net