Welcome!

Government Cloud Authors: Pat Romanski, Elizabeth White, Dana Gardner, Liz McMillan, Gopala Krishna Behara

Blog Feed Post

Call for participation: New OASIS TC – Cloud Certification Profiles

certification1For the last couple of years I have been working extensively with different standards groups to find a way to help accelerate the intersection of open standards work and the definition of Cloud Best Practices.

To this end two main groups are being developed: The Kantara Cloud ID Security group, now launched and underway, and in the process of being launched, the ‘CCP’ working group for OASIS: Cloud Certification Profiles.

This actually began as the ‘PACR’ group, where it was initiated by a Government member who was looking for more specific guidance on how the public sector might increase the transparency of Cloud providers and also work around more specific direction for its adoption.

This would be a Cloud Certification Profile, incorporating different standards (e.g. SAML) that they may want to verify is correctly implemented by the Cloud provider.

You can see the original charter proposal here – Our plans to launch the new group is based on generalizing the approach, so it can be used for any industry not just government, and the charter will be updated to this effect.

As part of this updating I am inviting industry experts to join our OASIS project team and help finalize this charter as part of becoming involved.

Certified Cloud Computing

As discussed in this blog this approach will enable “Certified Cloud Computing“.

For a sense of the market context for this, check out this paragraph, taking from this Gartner report on Cloud hosting.

“As of April 2013, Microsoft’s “external certification position” can be summarized as:

International Organization for Standardization (ISO) 27001, Standards for Attestation Engagements (SSAE) 16 Standard on Assurance Engagements (ISAE) 3402, EU Model Clauses, and Health Insurance Portability and Accountability Act Business Associate Agreement (HIPAA BAA) certifications apply to Windows Azure core services only: Cloud Services (Web and Worker role instances), storage (Tables, blobs and Queues), virtual networks and virtual machines.

It does not currently cover the rest of Windows Azure features, including Web Sites, SQL Database, Service Bus, Caching, Access Control, CDN, Media Services or Windows Azure Active Directory.”

This last point about what it does not cover is the gap in the market we are setting out to address. Like Microsoft, we will enable any Cloud provider to also state their external certification position.

Also on the overall role of open standards to Cloud adoption, check out the USA CIO Council’s publication: ‘Creating Effective Cloud Computing Contracts for the Federal Government‘. Download here.

One of the key requirements they identify is that buying agencies should include base references from the open standards community into their own procurement RFPs:

“Standards specification: In accordance with Office of Management and Budget (OMB) Circular A-119, Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities, agencies should specify relevant voluntary consensus standards in their procurements. The NIST Standards.gov website includes a useful list of questions that agencies should consider before selecting standards for agency use”.

We have also started a presentation summarizing the role of OASIS within this context. Download : OASIS In The Cloud presentation.

If you would like to join this standards effort, please start by joining in the discussion thread in our Linkedin community, or email me directly.

The post Call for participation: New OASIS TC – Cloud Certification Profiles appeared first on Cloud Computing Best Practices.

Read the original blog entry...

More Stories By Cloud Best Practices Network

The Cloud Best Practices Network is an expert community of leading Cloud pioneers. Follow our best practice blogs at http://CloudBestPractices.net

IoT & Smart Cities Stories
Early Bird Registration Discount Expires on August 31, 2018 Conference Registration Link ▸ HERE. Pick from all 200 sessions in all 10 tracks, plus 22 Keynotes & General Sessions! Lunch is served two days. EXPIRES AUGUST 31, 2018. Ticket prices: ($1,295-Aug 31) ($1,495-Oct 31) ($1,995-Nov 12) ($2,500-Walk-in)
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...