Most cloud vendors are setting themselves up as the gold-standard in terms of everything from how thier product's are priced, labeled, serviced etc. They are patiently waiting for signs of a critical mass to declare victory over important matters that will influence customer defection rates and unbending loyalty. History is litered with examples of technology standards pitted against each other with the consumer watching the battle unfold. Most recently: Blu-Ray, HD DVD, USB, GSM, CDMA. The consumer cares about standards and those obscure protocols because they impact our wallet, our sanity and life-long experience with every day products.
To pick and choose standards for cloud computing we need not look further than the ‘web services/SOA’ craze of the last 5 years. That hoopla spawned standards and vendor specifications to last us a life-time. All of us (tech savvy or not) will see XML as one of those unsung hero's and a saving grace that pulls us back from the brink of mass confusion. It is THE currency of data portability and like the electric socket in our home will force cloud vendors to conform in some fashion. I can pull out all my blog posts into a neat folded ‘XML’ file and take it where ever I want. I can do the same with iTunes.
On the flip side vendors still must be willing to cooperate and commit to that sort of openness, secure cloud integration, application portability and data portability. Will the US home developer actually put that 110 Volt electric socket and in all of the rooms?
Some would say that the higher you go up the cloud stack the more difficult it is to reclaim your content. The prevailing sentiment is that an infrastructure provider allows you to move in, and move out with all your belongings. Like a hotel room. A software-as-a-service provider gets to keep all that code – that it owns - and if you walk away you are down more than your data. Here is a blog I wrote about reclaiming your data and applications.
If salesforce.com confirmed to ideal standards it would allow an organization to export all that goodness and make it much easier as it hunts for a replacement. Standards have been around for thorny 'middle-ware' since 2004: interoperability and business process management. SaaS and PaaS vendor are in the drivers seat and will want to stay that way. If I can't increase stickiness, I will lock-you in. Telecom carriers along side COTS application vendors have long played the lock-in game. In the end they hold the shorter end of the stick. Instead they should focus on customer and brand loyalty, service-levels and building trust and legitimate interdependence.
The nuance that gets lost in the discourse: plenty of standards already exist. Yet vendors are avoiding adoption as others play into sound-bites until they get critical mass. Another simple example, all the standards for security are ready for prime-time cloud computing: SAML, XAXML, KEYPROV, ISO 15489, EDRM, PKCS, WS-Federation, Liberty ID-FF etc.)
There are a number of notorious topics that do deserve special attention. Service Level Agreements and contract terms and conditions are not uniform across service providers. Count on government bodies such as the US GSA to swiftly drive the convergence to common attributes around performance metrics, incident response details etc.
The National Institute of Standards and Technology (NIST) calls out customer on-boarding, service provisioning, inter-cloud interaction as prime topics that deserve attention:
- VM image distribution (e.g., DMTF OVF)
- VM provisioning and control (e.g., Amazon EC2 API)
- Inter-cloud VM exchange
- Persistent storage (e.g., Azure Storage, S3, EBS, GFS, Atmos)
- VM SLAs that are machine readable
- uptime, resource guarantees, storage redundancy
- Secure VM configuration (e.g. NIST Security Content Automation Protocol)
- Workflow and business rules import and export
