We're going to need all of them because end-user companies are adopting cloud according to their own needs, fears and budgets, not according to a timeline or set of expectations laid out by service providers.
That means they're going to need more than just one or two options to find a set of processes that work well for it.
It also means there won't be one set of security standards for "cloud" for at least a couple of years, if ever, partly because "the cloud" is so broad a concept it may not be possible to apply one set of standards to everything that could be made part of it.
What standards there are or will be will grow out of use and experience of hosted private clouds and hybrid clouds. Most of those projects are only starting now, so we're missing data on which to base standards, as well as the standards themselves.
Cloud standards won't be here when you start your project, Staten writes, get over it. That doesn't mean he's unsympathetic, or that you're too worried. It just means if you want the advantages of cloud you have to make the leap before all the questions have been answered.
Just consider it part of the risk management part of the development process.