Cloud-based computing services are being rapidly adopted, especially by modest-sized businesses eager to save costs generated by having their own computing infrastructure on-premise.
However, doubts persist about the security of cloud-based services, and the reliability of service providers. The cloud industry has attracted its share of ‘cowboy’ operators whose actual servers are based in countries far from here, and who may be difficult to contact (not to mention beyond the reach of NZ law) should something go wrong.
The UK-based Cloud Industry Forum
(www.cloudindustryforum.org) is seeking to dispel these doubts with the adoption of a Code of Practice which has the potential to become a global model for the cloud industry.
CIF member, Phil Haylor, Compliance Officer for Texas-based cloud provider Rackspace commented: "Cloud-based Software-as-a-Service (SaaS) computing is growing at a phenomenal rate and so this sector needs control mechanisms. By laying down the Code of Practice, the Cloud Industry Forum has now established a credible gauge for customers to assess a vendor’s capability to deliver a robust and secure high quality cloud service. With this clarity of information in place, the industry can now move forward and be judged on its ability to deliver.”
The Code will require signatories to clearly outline to customers what they do and don’t provide, and to supply details of their financial and operational substance, along with assurances regarding security, confidentiality and service levels.
The Code has been in development since October 2009, and more than 200 organisations were involved in the draft review. A public database will be launched in February.
The initiative is attracting some interest in this part of the world. Mike Snowden, CEO of local cloud provider OneNet, says "It’s a good idea and I think we should encourage it”.
However, cloud industry consultant Ben Kepes thinks the industry needs time to mature a bit more before codes of practice are adopted, otherwise innovation could be stifled. "I think we’re absolutely ready for different organisations to get together and where appropriate, agree on a bit of standardisation that makes life better for a group of customers, but in terms of actually widespread standards it’s probably too early,” he says.
Kepes believes concerns about security and data sovereignty are mostly red herrings, and that businesses can address them through proper processes and procedures. He recently spent some time in the US, where he talked with cloud vendors, who agree that the year ahead will be the tipping point for mainstream adoption of the cloud.
"I think 12 months from now, a lot of these questions, through natural attrition and market size, will have been resolved without any artificial standards or codes of practice or whatever.”
As part of a concerted effort to boost business confidence in cloud computing, a New Zealand chapter of the Cloud Security Alliance is to be established soon.