Welcome!

GovIT Authors: Yakov Fain, Kevin Jackson, Cloud Ventures, Solar VPS

Blog Feed Post

Call for participation: New OASIS TC – Cloud Certification Profiles

certification1For the last couple of years I have been working extensively with different standards groups to find a way to help accelerate the intersection of open standards work and the definition of Cloud Best Practices.

To this end two main groups are being developed: The Kantara Cloud ID Security group, now launched and underway, and in the process of being launched, the ‘CCP’ working group for OASIS: Cloud Certification Profiles.

This actually began as the ‘PACR’ group, where it was initiated by a Government member who was looking for more specific guidance on how the public sector might increase the transparency of Cloud providers and also work around more specific direction for its adoption.

This would be a Cloud Certification Profile, incorporating different standards (e.g. SAML) that they may want to verify is correctly implemented by the Cloud provider.

You can see the original charter proposal here – Our plans to launch the new group is based on generalizing the approach, so it can be used for any industry not just government, and the charter will be updated to this effect.

As part of this updating I am inviting industry experts to join our OASIS project team and help finalize this charter as part of becoming involved.

Certified Cloud Computing

As discussed in this blog this approach will enable “Certified Cloud Computing“.

For a sense of the market context for this, check out this paragraph, taking from this Gartner report on Cloud hosting.

“As of April 2013, Microsoft’s “external certification position” can be summarized as:

International Organization for Standardization (ISO) 27001, Standards for Attestation Engagements (SSAE) 16 Standard on Assurance Engagements (ISAE) 3402, EU Model Clauses, and Health Insurance Portability and Accountability Act Business Associate Agreement (HIPAA BAA) certifications apply to Windows Azure core services only: Cloud Services (Web and Worker role instances), storage (Tables, blobs and Queues), virtual networks and virtual machines.

It does not currently cover the rest of Windows Azure features, including Web Sites, SQL Database, Service Bus, Caching, Access Control, CDN, Media Services or Windows Azure Active Directory.”

This last point about what it does not cover is the gap in the market we are setting out to address. Like Microsoft, we will enable any Cloud provider to also state their external certification position.

Also on the overall role of open standards to Cloud adoption, check out the USA CIO Council’s publication: ‘Creating Effective Cloud Computing Contracts for the Federal Government‘. Download here.

One of the key requirements they identify is that buying agencies should include base references from the open standards community into their own procurement RFPs:

“Standards specification: In accordance with Office of Management and Budget (OMB) Circular A-119, Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities, agencies should specify relevant voluntary consensus standards in their procurements. The NIST Standards.gov website includes a useful list of questions that agencies should consider before selecting standards for agency use”.

We have also started a presentation summarizing the role of OASIS within this context. Download : OASIS In The Cloud presentation.

If you would like to join this standards effort, please start by joining in the discussion thread in our Linkedin community, or email me directly.

The post Call for participation: New OASIS TC – Cloud Certification Profiles appeared first on Cloud Computing Best Practices.

Read the original blog entry...

More Stories By Cloud Ventures

The Cloud Ventures Network is an expert community of leading Cloud pioneers. Follow our best practice blogs at http://CloudBestPractices.net