There is no security standard for cloud; move forward anyway

Real standards won't be established until it's too late

By  

It's great that Microsoft is offering solid, documentable processes. It's great that DMTF, NIST, and the Cloud Security Alliance, are as well.

We're going to need all of them because end-user companies are adopting cloud according to their own needs, fears and budgets, not according to a timeline or set of expectations laid out by service providers.

That means they're going to need more than just one or two options to find a set of processes that work well for it.

It also means there won't be one set of security standards for "cloud" for at least a couple of years, if ever, partly because "the cloud" is so broad a concept it may not be possible to apply one set of standards to everything that could be made part of it.

What standards there are or will be will grow out of use and experience of hosted private clouds and hybrid clouds. Most of those projects are only starting now, so we're missing data on which to base standards, as well as the standards themselves.

Cloud standards won't be here when you start your project, Staten writes, get over it. That doesn't mean he's unsympathetic, or that you're too worried. It just means if you want the advantages of cloud you have to make the leap before all the questions have been answered.

Just consider it part of the risk management part of the development process.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness