Cloud Computing is now everywhere, creating challenges in terms of security, interoperability, portability and so on, for all the players involved in the technology, whether being Cloud providers, partners or customers. Part of the solution is to rely on standards that provide a set of good practices, while supporting innovation. Ms. Rim Doukha, project officer in the EIG ANEC and Mr. Nicolas Domenjoud, Responsible sector “ICT and technical standardization” at ILNAS, present some examples of standards supporting Cloud deployment and how national organizations can benefit from standardization.
What standards exist for Cloud Computing?
ISO/IEC JTC 1/SC 38 “Cloud Computing and Distributed Platforms” is a technical committee responsible for the development of international standards in this domain. It has already many publications answering market needs, including:
– ISO/IEC 17826:2016 Information technology – Cloud Data Management Interface (CDMI), intended for system developers who implement and use Cloud storage. It provides a detailed description on how to access Cloud storage and its available capabilities. In addition, the standard allows users to discover and master the management of data stored in the Cloud and containers running in these environments.
– ISO/IEC 19941:2017 Information technology – Cloud Computing – Interoperability and portability, which specifies the interoperability and portability aspects of Cloud Computing. The migration of applications and data is a challenge for Cloud users, due to the incompatibility between infrastructures. This standard allows users to have a common understanding of the technologies that help to achieve interoperability and portability in the Cloud, by establishing fundamental terminology and concepts.
“Businesses and innovators can use these standards to achieve good performance levels when using, creating or proposing new Cloud services”, says Rim Doukha.
However, beyond a successful implementation, security is one of the most important pillars in Cloud technology. Hence, the technical committee ISO/IEC JTC 1/SC 27 “Information security, cybersecurity and privacy protection”, in liaison with ISO/IEC JTC 1/SC 38, develops security standards for the Cloud, such as:
– ISO/IEC 27017:2015 Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for Cloud services. This document provides guidance on the information security controls in Cloud Computing. It helps users to maintain a strong security posture in the Cloud in order to hinder possible attacks.
Thus, adopting standards has the aim to achieve a high level of performance, improve the quality of services and increase consumer confidence.
How can one consult these standards?
ILNAS offers different services for the national market. Published standards are available for free consultation at reading stations installed in several places of the country, in order for stakeholders to easily get a content overview. They can also be purchased on the ILNAS eShop.
Are there other ways market actors can get involved in standardization?
“Getting involved in standardization has many benefits. Most importantly, experts can participate in shaping the content of standards among a community of international experts. They can contribute to, and state their opinion on, projects they consider important. They can also propose new standards in order to spread out their innovations and facilitate their market adoption”, explains Nicolas Domenjoud.
About ILNAS and EIG ANEC
ILNAS, as the Luxembourg’s standards body, is a member of European and international standards organizations (CEN, CENELEC, ETSI, ISO, IEC and ITU-T). In this context and through the “Luxembourg Standardization Strategy 2020-2030”, ILNAS, with the support of the Economic Interest Group ANEC, allows and encourages the participation of the national market in the process of technical standardization.