I've seen a lot of talk recently, including on this blog, about clouds moving from the person to the enterprise. While all agree it's a good idea, there are many road blocks to overcome. Security always gets a mention (see my previous blog entry). But there is a much bigger, and slower, issue: standards bodies. There are some very important standards that are heavily impacted by cloud computing:
- ITIL (ISO20000) for service management - should be interesting for a multi-cloud service - has anyone any ideas how to do it?
- ISO27000 Series for security management systems - this long-toothed standard needs to say something about trust and reputation management
- ISO15489 Records management - clouds need to store data reliably for long periods. Enterprises need to be able to extract their data from one cloud provider and move it into another.
- Compliance - there aren't any well-established standards for this but I am aware of ACE from the Open Group and a NIST initiative.
