In an effort to make the vetting of potential cloud applications less like a
"One of the big security issues with the cloud is what defines security. One of the things that we see is every service provider has a different take on security when you are looking to buy. It's hard to make an informed decision," says Matthew Lowth, a security architect at National Australia Bank. "One of the reasons to create standards is so you can scale up and down based on your need to execute a project and have knowledge of the security of the cloud. The standards inform consumers that if they buy a certain level of service they can expect certain levels of security."
Working as part of the
The
The ODCA includes companies and IT suppliers that are working toward increasing use of cloud computing by businesses. The alliance includes banks such as JPMorgan Chase (JPM), UBS (UBSN) and Deutsche Bank (DBK), nonbanks such as BMW (BMW) and Disney (DIS), and a number of vendors that sell and develop cloud solutions. NAB, JPMorgan Chase and UBS are all also part of a steering committee that is focusing on the standards and interoperability model.
"If we look at the number of providers that have joined and the type of providers that have joined (including VMware (VMW) and Red Hat (RHT), they have a vested interest in satisfying what large and small businesses want, so they can sell more software. We think the combined powers of the [vendors and other participants] is a powerful incentive for cloud suppliers to build out to the standards," says Denis McGee, general manager of application development and testing at NAB, who mentioned the alliance has 350 members globally, and would also work in conjunction with other standards organizations. The standards are obviously not regulations, but the goal is to make the standards part of service level agreements signed by firms and cloud service providers. "Three hundred and fifty members is a lot of purchasing power," McGee says.
The providers have reason to be concerned about the image of cloud security. In January, a survey of government agencies by the 1105 Government Information Group found that more than half of the respondents said cloud solutions aren't secure enough, with the majority citing security concerns such as data loss, identity authentication and credential management, clarification of record ownership, identity provisioning and the fear that cloud data will be exported to less secure countries
NAB also hopes to increase its own use of the cloud. It is working with IT outsourcing partner IBM to develop a private cloud to offer "infrastructure on demand" to rapidly provision IT resources to quickly scale up to execute marketing programs, and the subsequent spike in processing that results from the new business that results from the marketing program. "These needs can fluctuate up quickly, and then just as quickly fluctuate back down," McGee says.