In the course of the last years, due to the increasing complexity of IT networking, a variety of processes have changed. For example, a few years ago, software and hardware were increasingly being acquired and used for stand-alone operation, while more and more companies are currently sourcing their resources via the cloud services market. This increases the flexibility and cost efficiency of the use of information and communication technology. By relieving small and medium-sized enterprises (SMEs) through the use of cloud services, it will be easier for them to focus on the core business, which could increase the competitiveness of SMEs. But not only companies rely on it. Private users as well as authorities use cloud-based IT services. Standardization in terms of quality improvement and assurance could play a significant role, especially in such forward-looking topics.
The international standardization committee ISO / IEC JTC 1 / SC 38 "Cloud Computing and Distributed Platforms" performs the corresponding standardization work. Recognizing the potential of this new technology paradigm, consumers of IT technologies and services are demanding standards to assist in their transition to Cloud Computing. The work of SC 38 covers the different aspects of standardization in the areas of Cloud Computing and Distributed Platforms including:
• Foundational concepts and technologies,
• Operational issues, and
• Interactions among Cloud Computing systems and with other distributed systems
Since holding its first meeting in May 2010, SC 38 has developed a variety of important Cloud computing standards. Two of these are for instance the foundational standards ISO/IEC 17788:2014 (Ed. 1) “Information technology -- Cloud computing -- Overview and vocabulary” and ISO/IEC 17789:2014 (Ed. 1) “Information technology -- Cloud computing -- Reference architecture”. Foundational standards that deal with vocabulary and reference architecture are essential for developing standards that go further considering the specific technology. For instance the ISO/IEC 19941 specifies cloud computing interoperability and portability types, the relationship and interactions between these two cross-cutting aspects of cloud computing and common terminology and concepts used to discuss interoperability and portability, particularly relating to cloud services. Furthermore, the ISO/IEC 19086 series deals with the standardization of Service level agreements (SLAs).
These kinds of standards help cloud providers in their daily routine, since cloud providers have to guarantee that their cloud service is in accordance with data protection. By introducing the EU General Data Protection Regulation (GDPR) in May 2018, this matter became especially for European countries more relevant than ever. Certain cloud customers may only rely on the offer of cloud providers, who can demonstrate that compliance with data protection is guaranteed. International Standards reflect the state of the art and therefore are reviewed every five years. During the review, it is decided whether the standard should be confirmed for another five years, revised or withdrawn. Due to this, International Standards are always up to date. Since standards reflect the state of the art, using Cloud Computing standards can increase the quality and trustworthiness of cloud providers. Having Cloud Computing standards is therefore beneficial both for the cloud providers and cloud customers. Since introducing the GDPR this year and the significant Cloud Computing standards being ISO/IEC standards, the thought of CEN/CENELEC starting to develop European Standards (EN) in the field of Cloud Computing could be debated. While International Standards have the higher priority in comparison to European Standards, it could be worth a thought, whether European Cloud Computing standards are needful at this time, since the EU GDPR has been introduced this year. It is probably not unthinkable that there could be talks between ISO and CEN/CENELEC regarding this matter in the future.
You can download the article here