Capping IT Off
I’ve seen a lot of talk recently, including on this blog, about clouds moving from the person to the enterprise. While all agree it’s a good idea, there are many road blocks to overcome. Security always gets a mention (see my previous blog entry). But there is a much bigger, and slower, issue: standards bodies.
There are some very important standards that are heavily impacted by cloud computing:
- ITIL (ISO20000) for service management – should be interesting for a multi-cloud service – has anyone any ideas how to do it?
- ISO27000 Series for security management systems – this long-toothed standard needs to say something about trust and reputation management
- ISO15489 Records management – clouds need to store data reliably for long periods. Enterprises need to be able to extract their data from one cloud provider and move it into another.
- Compliance – there aren’t any well-established standards for this but I am aware of ACE from the Open Group and a NIST initiative.
I hope that next year the standards bodies will start to take notice and pursue these.
About the author
Chief Security Architect at Capgemini UK. John specialises at helping businesses understand what security they need, then bringing together the 'technology deal' to implement that. He is an active member of the Jericho Forum and contributed to the latest Cloud Security Alliance guidance on cloud security. He is also a certified TOGAF 9 practitioner.
- More at
next year it will.