I’ve seen a lot of talk recently, including on this blog, about clouds moving from the person to the enterprise. While all agree it’s a good idea, there are many road blocks to overcome. Security always gets a mention (see my previous blog entry). But there is a much bigger, and slower, issue: standards bodies.
There are some very important standards that are heavily impacted by cloud computing:
- ITIL (ISO20000) for service management – should be interesting for a multi-cloud service – has anyone any ideas how to do it?
- ISO27000 Series for security management systems – this long-toothed standard needs to say something about trust and reputation management
- ISO15489 Records management – clouds need to store data reliably for long periods. Enterprises need to be able to extract their data from one cloud provider and move it into another.
- Compliance – there aren’t any well-established standards for this but I am aware of ACE from the Open Group and a NIST initiative.
I hope that next year the standards bodies will start to take notice and pursue these.