One of the big issues for a buyer today considering Cloud Computing is how do you choose a good Cloud provider from a bad one? Who do you trust? Maybe the Cloud Topic needs some standards? Well actually there are so many standards bodies and vendor groups that the picture is confused – something that I try to demystify with my company and with the various cloud groups that I’m involved with. If you type “cloud standards” in to Google, you’ll find an alphabet soup of acronyms, and even the first entry in the list – a “Wiki site for Cloud Standards Coordination” – initially looks promising, but doesn’t yet mention some of the key organizations that have something worthwhile to contribute to this topic.When you do some research you find the International Organization for Standardization (their ISO 27001 on IT security is relevant for the data centre) or the IBM backed Open Cloud Manifesto or The Open Data Center Alliance, and many others, but most of their output seems to be about technical standards for set up, programming and interoperability of services – good for the industry as a whole, but not necessarily relevant to the average business trying to decide on a cloud alternative for email management or accounting or project management. Another issue is that some of these standards have a high barrier to entry for the small software provider. If it’s going to cost tens of thousands of pounds (or more) to get a product ISO (or whatever) certified, that guarantees that only the big players will be able to afford it. The smaller, more innovative software developers might have great products, and deploy them on a safe and secure infrastructure making use of the benefits of Cloud architecture, but they’ll be precluded from the shortlist because they don’t have the accepted “quality mark”. We need something that’s focussed on helping the buyer rather than the developer, and which helps the innovative entrepreneur at the S end of SME just as much as helping one of the Enterprise level IT players.That’s where the Cloud Industry Forum (CIF) comes in – an organization that Business Two Zero and D2C wholeheartedly supports (disclosure – actually I’m on their governance board – see below). CIF, a not for profit organization, was established in 2009 to provide transparency for the industry through certification to a Code of Practicefor credible online Cloud Service Providers. The emphasis within the code is on best practice in the approach to service provision, rather than technical standards of programming. The code covers areas like contract terms, Service Level Agreements, data protection, data location, or transparency of the cloud service supply chain. These are the practical things that a buyer needs to know about the service they are signing up for. Organizations that apply for and conform to the Code of Practice get a “CIF Certified” quality mark. The process itself allows for a self-certification approach, although a full external audit can also be done if you want to pay for that. Self-certification brings the cost down to an affordable level (starts at £200 a year) for the smaller Cloud players, but it’s still properly policed by an independent organisation.Members of the Cloud Industry Forum include Microsoft, Dell, VMware, Rackspace, Fasthosts, Claranet, Ingram Micro, Interxion, Memset, Nominet, Star, Mamut, FrontRange, Unit 4 (Agresso, FinancialForce), UKFast, Webroot, and is supported by vendor organizations like Intellect, EuroCloud UK, the British Application Software Developers Association and the UK Cloud Alliance. The Code of Practice was agreed in 2011, and the first wave of Cloud companies have just gone through the accreditation process. One of those is NexusAB, a 10 person SaaS company – they provide integrated quality assurance and technical inspection services for sub-surface drilling and completion departments. They work with oil field asset data, the most precious data that an oil company has. Their customers trust that precious data to the cloud and to a small company like NexusAB, but if you speak to them you’ll find that having CIF certification was instrumental in providing the level of comfort required to win their recent big deal with BP. That is exactly what the CIF Code of Practice is all about. Go here if you want to find out more. And please tell me if you think there is anything similar that companies should be considering.
Disclosure: I am on the Governance Board for the Code of Practice of the Cloud Industry Forum, a not for profit organisation, and I regularly speak on their behalf. In addition I chair Intellect’s Software as a Service Group, and I am a Director of EuroCloud UK.
David heads up D2C, a consulting firm which provides business and social media consulting as well as advising on Cloud based solutions for accounting, content, collaboration, and web publishing. He is Chair of the UK's Intellect Software as a Service Group, a director of EuroCloud UK, on the governance board of the Cloud Industry Forum and a regular speaker at social media and Cloud Computing events including chairing London's Cloud Computing World Forum in 2009, 2010 and 2011. He has been appointed to the governance board of the Cloud Industry Forum. David organizes London Wiki Wednesdays, was one of the founders of CreativeCoffee Club and was part of the team that started Amplified (the Network of Networks).