Cloud computing standards update (ISO JTC1/SC38)

My last update on the progress of cloud standardization in the ISO was April 2014, so I’m overdue for another report.

The primary cloud committee in the International Organization for Standardization (ISO) is ISO/IEC JTC1/SC38 whose mandate is standardization in the area of “Cloud Computing and Distributed Platforms,” including, but not limited to:

• Service Oriented Architecture (SOA)
• Service Level Agreement
• Interoperability and Portability
• Data and their Flow Across Devices and Cloud Services

Currently, there are 29 countries and 10 observers involved in this work effort.

The following standards have been published:

• ISO/IEC 17788:2014 Information technology — Cloud computing — Overview and vocabulary
• ISO/IEC 17789:2014 Information technology — Cloud computing — Reference architecture

These standards are derived from, but are not identical to, the NIST definition as described in NIST SP800-145. They were developed in collaboration with the International Telecommunications Union (ITU) and various industry consortia such as the Object Management Group (OMG).

• ISO/IEC 17826:2012 Information technology — Cloud Data Management Interface (CDMI)

This is a standard that was developed by SNIA (Storage Networking Industry Association) and fast tracked to the ISO.

The following standards are now being developed by SC38 working groups (and are only available to members for now):

• ISO/IEC DIS 19086-1 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1: Overview and concepts
• ISO/IEC NP 19086-2 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 2: Metrics
• ISO/IEC CD 19086-3 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 3: Core conformance requirements
• ISO/IEC AWI 19941 Information Technology — Cloud Computing — Interoperability and Portability
• ISO/IEC WD 19944 Information Technology – Cloud Computing – Data and their Flow across Devices and Cloud Services

In addition, ISO/IEC JTC1/SC27 (IT security techniques) is developing cloud security standards:

• ISO/IEC NP 19086-4 Information technology — Cloud computing — Service level agreement (SLA) framework and Technology — Part 4: Security and privacy
• ISO/IEC AWI 20889 Information technology — Security techniques — Privacy enhancing data de-identification techniques

There are other SC27 standards, none specific to cloud computing, that may apply to, or at least be useful for, security in cloud-based solutions.

The IEEE is another organization that is active in the cloud computing standards arena. They are working on:

• P2301 – Guide for Cloud Portability and Interoperability Profiles (CPIP)
• P2302 – Standard for Intercloud Interoperability and Federation (SIIF)
• P2303 – Standard for Adaptive Management of Cloud Computing Environments

The IEEE also launched a Global Intercloud Testbed initiative in 2013.

Another important standards community is the Open Group. They have published a number of documents and white papers, including:

• G135 – Cloud Computing Portability and Interoperability (April 2013)
• C141 – The Open Group Cloud Ecosystem Reference Model (January 2014)

Various other standards bodies are involved as liaison organizations to the ISO, including DMTF (Distributed Management Task Force), OASIS, OGF (Open Grid Forum), and SNIA (Storage Networking Industry).

In Canada, the Standards Council of Canada (SCC) is the official representative to the ISO. If you are interested in volunteering to help the Canadian mirror committee for ISO JTC1/SC38, please contact the Standards Council of Canada and let them know you would like to get involved.