Standards are vital to both cloud security and cloud interoperability, but it is foolish to think that an agency can influence the pace of technological maturity by policy or fiat.
The European Telecommunication Standards Institute’s (ETSI) Cloud Standards Coordination (CSC) initiative recently released a report on the state of cloud standards. To be blunt, the report is the poor result of an ill-conceived initiative that is flawed in both its approach and conclusions.
And the Europeans aren’t alone in this folly over cloud standards. The ETSI report has been mirrored on the U.S. side of the Atlantic by the National Institute of Standards and Technology with its equally ill-conceived initiative making the case for Standards Acceleration to Jumpstart the Adoption of Cloud Computing .
While it is true that standards are vital to both cloud security and cloud interoperability, it is foolish to think that a government organization can influence the pace of technological maturity by policy or fiat. Technological maturity is the key determinant for the success of standards in terms of sufficiency, suitability and sustainability.
In other words, the less mature a technology, the less likely a standard will meaningfully address the issues it is designed to correct.
The reality is that cloud computing is still an embryonic technology. And although both the European Union and the United States desire interoperability via standardization, most current efforts are simply wasted breath until the technology is mature enough to support standardization. The bottom line is that you cannot standardize a moving target.
The report also states that, “given its dynamism, cloud standardization will likely mature as new standards for technology elements are needed.” CSC predicts “this starting to happen within the next 12-18 months.” There are two problems with the statement. First, standardization has no impact on technological maturity. Only the pace of innovation dictates maturity. Second, 12-18 months is a form of irrational exuberance. That estimate should be doubled.
One of the most important lines of the report is, “Emerging cloud-specific standards are not seeing widespread adoption by cloud providers.” The authors could have started and stopped the report after that one sentence. It would at least have saved some trees and spared us from useless meetings.
The report also missed an opportunity to explore an interesting tangent on open source software in arguing that, “while not formal standards, open source projects are creating tried-and-tested APIs, protocols and environments which address aspects of interoperability, portability and security relating to cloud computing.”
While it is unfortunate the authors did not explore the impact of open source, they are correct in acknowledging the role of open source on standardization. Open source software democratizes and thus accelerates the innovation cycle, and this, in turn, accelerates the overall maturity lifecycle of a technology.
Finally, the report offers the following way forward: “All stakeholders shall analyze and coordinate on required actions regarding standards development.” No, no, no! In effect, this is saying, ‘”Let’s continue what we have been doing in the hope that the outcome will somehow magically change.” They continue to put the standardization cart before the maturity horse.
The proper sequence is innovation, followed by stability and then standardization. I would expect both NIST and ETSI to understand and respect the technology lifecycle and modify their behavior accordingly. Standards bodies should only be guided by technical and not political considerations.
Michael C. Daconta (firstname.lastname@example.org or @mdaconta) is the Vice President of Advanced Technology at InCadence Strategic Solutions and the former Metadata Program Manager for the Homeland Security Department. His new book is entitled, The Great Cloud Migration: Your Roadmap to Cloud Computing, Big Data and Linked Data.