Cloud Standards Face Foggy Future

I’ve been privy to several very heated public (you could say almost religious) cloud discussions of late. In fact I was a panelist at the recent OASIS International Cloud Symposium in Washington, D.C. where the new economy cloud vendors evangelized their offerings over focusing on the  purpose of the discussion – cloud standards and interoperability for government customers.  It was abundantly clear to most of the symposium attendees that standardization was a taboo talking point. The born in the cloud providers wanted nothing to do with standardization nor were most willing to engage in a discussion of how to integrate with existing customer IT solutions. From my perspective this is a non-starter if the government is serious about cloud computing or shared services. The success of any cloud solution PaaS, laaS, or SaaS will be predicated on its ability to integrate into the organizations business processes and existing technology base.

In order to move beyond the platform as a service mantra the industry must recognize that cloud represents an instance of service based computing that will require integration with and between different cloud providers. This will require standardization, especially at the service boundary, to ensure proper integration that supports the customer’s utilization model. Although it’s true that standardization only occurs on the back side of the innovation curve – and yes, we have a long way to go on the innovation front.  Although, the majority of the OASIS attendees agreed that there are opportunities to pick the low hanging standards fruit. On the flip side, the new economy cloud providers need to recognize and facilitate the adoption of cloud standards. That includes sincere participation in the standards development process. This includes the realization that cloud-only is not a realistic Enterprise Architecture approach.

Another outstanding challenge with cloud in the federal government will come with the FedRamp evaluation of the cloud application layer / services. To date only infrastructure services have truly been assessed against FISMA requirements.  I’m still not convinced that the current list of cloud providers with an Authority to Operate (ATO) have been held to the same standards that would normally be required as part of an agency C&A. I’ll give one specific example – normally FIPS-140 mode is required end to end. That includes the network / SSL layer as well as the application layer – i.e. implementation behind the firewall. From what I can tell, all the assessments that have been done to date only validated FIPS-140 mode up to the firewall / SSL layer but not beyond. Time will tell how the new FedRamp 3PA process unfolds and to what level of formality cloud providers will be truly held.  One thing is for sure, the future of cloud interoperability standards face a murky future at best.

 

VP, CTO US Federal

More stories

Can we beat the opioid epidemic using artificial intelligence?

A complex and tragic epidemic When there is a natural disaster, explosion or virus with the potential to cause the loss of thousands of lives in the U.S., we are quick to respond and then analyze causal issues contributing to the disaster. Our government and private partner agencies rally together and develop a plan to […]

Continue reading

A New Chain of Trust – Blockchain and Its Impact on Trustworthy Systems

The Need for Trust I remember when I first started learning about security and the concepts of CIA – Confidentiality, Integrity and Availability. At the heart of these concepts is trust. For us in IT, that means creating trusted systems that support our organization’s business processes. Unfortunately, we have not really been able to achieve […]

Continue reading

How to implement Tim O’Reilly’s vision for Government-as-a-Platform

Recently, I interviewed Sangeet Paul Choudary, a C-level executive advisor and an international best-selling author. He is the co-author of Platform Revolution and the author of Platform Scale. He has been selected as a Young Global Leader by the World Economic Forum and is ranked among the top 30 emerging thinkers globally in 2016 by […]

Continue reading