The Cloud needs some standards (or a Code of Practice)

One of the big issues for a buyer today considering Cloud Computing is how do you choose a good Cloud provider from a bad one?  Who do you trust?  Maybe the Cloud Topic needs some standards?  Well actually there are so many standards bodies and vendor groups that the picture is confused – something that I try to demystify with my company and with the various cloud groups that I’m involved with.  If you type “cloud standards” in to Google, you’ll find an alphabet soup of acronyms, and even the first entry in the list – a “Wiki site for Cloud Standards Coordination” – initially looks promising, but doesn’t yet mention some of the key organizations that have something worthwhile to contribute to this topic.When you do some  research you find the International Organization for Standardization (their ISO 27001 on IT security is relevant for the data centre) or the IBM backed Open Cloud Manifesto  or The Open Data Center Alliance, and many others, but most of their output seems to be about technical standards for set up, programming and interoperability of services – good for the industry as a whole, but not necessarily relevant to the average business trying to decide on  a cloud alternative for email management or accounting or project management.  Another issue is that some of these standards have a high barrier to entry for the small software provider.  If it’s going to cost tens of thousands of pounds (or more) to get a product ISO (or whatever) certified, that guarantees that only the big players will be able to afford it.  The smaller, more innovative software developers might have great products, and deploy them on a safe and secure infrastructure making use of the benefits of Cloud architecture, but they’ll be precluded from the shortlist because they don’t have the accepted “quality mark”.  We need something that’s focussed on helping the buyer rather than the developer, and which helps the innovative entrepreneur at the S end of SME just as much as helping one of the Enterprise level IT players.

That’s where the Cloud Industry Forum (CIF) comes in – an organization that Business Two Zero and D2C wholeheartedly supports (disclosure – actually I’m on their governance board – see below).  CIF, a not for profit organization, was established in 2009 to provide transparency for the industry through certification to a Code of Practice for credible online Cloud Service Providers.   The emphasis within the code is on best practice in the approach to service provision, rather than technical standards of programming.  The code covers areas like contract terms, Service Level Agreements, data protection, data location, or transparency of the cloud service supply chain.  These are the practical things that a buyer needs to know about the service they are signing  up for.  Organizations that apply for and conform to the Code of Practice get a “CIF Certified” quality mark.  The process itself allows for a self-certification approach, although a full external audit can also be done if you want to pay for that.  Self-certification brings the cost down to an affordable level (starts at £200 a year) for the smaller Cloud players, but it’s still properly policed by an independent organisation.

Members of the Cloud Industry Forum include Microsoft, Dell, VMware, Rackspace, Fasthosts, Claranet, Ingram Micro, Interxion, Memset, Nominet, Star, Mamut, FrontRange, Unit 4 (Agresso, FinancialForce), UKFast, Webroot, and is supported by vendor organizations like Intellect, EuroCloud UK, the British Application Software Developers Association and the UK Cloud Alliance.  The Code of Practice was agreed in 2011, and the first wave of Cloud companies have just gone through the accreditation process.  One of those is NexusAB, a 10 person SaaS company – they provide integrated quality assurance and technical inspection services for sub-surface drilling and completion departments.  They work with oil field asset data, the most precious data that an oil company has.  Their customers trust that precious data to the cloud and to a small company like NexusAB, but if you speak to them you’ll find that having CIF certification was instrumental in providing the level of comfort required to win their recent big deal with BP.  That is exactly what the CIF Code of Practice is all about.  Go here if you want to find out more.  And please tell me if you think there is anything similar that companies should be considering.

Disclosure: I am on the Governance Board for the Code of Practice of the Cloud Industry Forum, a not for profit organisation, and I regularly speak on their behalf.  In addition I chair Intellect’s Software as a Service Group, and I am a Director of EuroCloud UK.

A version of this article was first published on Fresh Business Thinking.


LinkedIn Twitter
Founder & CXO of Agile Elephant, a digital transformation consultancy and solutions provider. Head of D2C, a consulting firm which provides business and social media consulting and Cloud based solutions for content, collaboration, web publishing, online accounting and ERP. Was director EuroCloud UK, chaired techUK's Software as a Service Group, now Chair of Cloud Industry Forum.

2 responses to “The Cloud needs some standards (or a Code of Practice)”

  1. Ian Moyse

    With so much hype, Cloud is being pushed as the pervasive answer to everything! Rightly or wrongly! As more and more cloud solutions come to market and are campaigned to customers the blurring of differentiation between them is making the customer choice harder. It is increasingly easy for vendors to ‘cloud wash’ old technologies and re-market them as a full cloud solution, but not all will be successful and not all will deliver on the overpromised benefits that are often being made. We are seeing trends of new cloud certifications, new cloud vendors, existing vendors cloud-washing old products and increasing volumes of articles touting the good, bad and the ugly of cloud solutions. Customers and the various channels to market have a need and responsibility to themselves to self educate and better understand cloud technologies that can benefit or challenge their business models moving forwards. It will be increasingly essential that independent cloud certifications are available to validate cloud vendors claims and provide consistent reference points for customers to utilise in comparison.

    Ian Moyse