worry even much severe. However, as pointed out by Armbrust M et al. [2], the IT infrastructures of Amazon, Google, and Salesforce are better than their peers.

In summary, as a new paradigm, cloud computing does bring changes to business operation; that is, the operation is done remotely, out of the users’ reach and full control. Since this differs from what users are used to, it is natural to see that much concern is raised according to the Findings 2 and 3. To address this, time matters. We need time to tackle technical challenges; we need time to cultivate application developers; we need time to build trust between customers and service providers; we need time to develop use cases to demonstrate the benefits of cloud computing. Once people get to know the reward of cloud computing over its risks, the wide adoption of cloud computing will come true as implied by Finding 4.

4.4  Conclusions

In this chapter, we first examined the differences between cloud and grid computing from their development and the viewpoint of system and users, respectively. Then, we analyzed the reasons why cloud computing is so attractive and some related concerns using the findings in CSCW research. Since cloud computing adopts a userand task-centric design philosophy and shows enough respect for the social habits of users in using computers, its popularity is a natural result. At the same time, like any other new thing, cloud computing faces some challenges that slow its wide adoption. As time goes on and more and more experience is gained, cloud computing will eventually become an effective and efficient way to deliver computing as a utility. During this course, we researchers should address how to overcome the obstacles and demonstrate the real benefits and/or advantages of cloud computing.

Acknowledgments  The work reported here is co-sponsored by Natural Science Foundation of China (NSFC) under grant Nos. 60773145 and 60736020, and National High-Tech R&D (863) Program of China under grant Nos. 2006AA01A101, 2006AA01A108, 2006AA01A111, and 2006AA01A117.

References

1.Ackerman MS (2000) The intellectual challenge of CSCW: the gap between social requirements and technical feasibility. Hum-Comput Interact 15:179–203

2.Armbrust M, Fox A, Griffith R et al (2009) Above the clouds: a Berkeley view of cloud computing. Technical Report No. UCB/EECS-2009-28, University of California, Berkeley

3.Buyya R, Yeo CS, Venugopal S et al (2009) Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility. Futur Gener Comp Syst 6:599–616

4.Dikaiakos MD, Katsaros D, Mehra P et al (2009) Cloud computing: distributed Internet computing for IT and scientific research. IEEE Internet Comput 5:10–13

5.DMTF (2009) Open Virtualization Format Specification. Document Number: DSP0243, http://www.dmtf.org/standards/published_documents/DSP0243_1.0.0.pdf. Accessed 4 January 2010

6.Ellis C, Gibbs S, Rein G (1991) Groupware: some issues and experiences. Commun ACM 2:38–58

7.Foster I, Kesselman C, Tuecke S (2001) The anatomy of the grid: enabling scalable virtual organizations. Int J High Perform Comput Appl 15:200–222

8.Foster I, Zhao Y, Raicu I et al (2008) Cloud computing and grid computing 360-degree compared. In: Proceedings grid computing environments workshop, IEEE Computer Society Press

9.Grudin J (1988) Why CSCW applications fail: problems in the design and evaluation of organization of organizational interfaces. In: Proceedings of CSCW’88, ACM Press, pp 85–93

10. Kleinrock L (2005) A vision for the Internet. ST J Res 1:4–5

11. Leavitt N (2009) Is cloud computing really ready for prime time? IEEE Comp 1:15–20

12. Lee CP, Dourish P, Mark G (2006) The human infrastructure of cyberinfrastructure. In: Proceedings of CSCW 2006, ACM Press, pp 483–492

13. Papazoglou MP, Heuvel W (2007) Service oriented architectures: approaches, technologies and research issues. VLDB J 16:389–415

14. Markus ML (1990) Toward a “Critical Mass” theory of interactive media. In: Fulk J, Steinfield C (eds) Organizations and communication technology. Sage, Newbury Park, CA

15. Miller M (2008) Cloud computing: web-based applications that change the way you work and collaborate online. Que Publishing, Indianapolis, USA

16. Mills KL (2003) Computer-supported cooperative work challenges. In: Drake M (ed) Encyclopedia of library and information science, 2nd edn. Taylor & Francis, New York

17. Wikipedia (2009) Utility Computing. http://en.wikipedia.org/wiki/Utility_computing. Accessed 4 Jan 2010

Chapter 5

Overview of Cloud Standards

Anand Govindarajan and Lakshmanan

Abstract  Cloud computing is slowly transforming itself from a hype to reality. However, its maturity and further adoption depends on its ability to address concerns such as security, interoperability, portability and governance at the earliest opportunity. This can be accelerated by compliance to guidelines and standards defined in consensus by the cloud providers. Without addressing these concerns, users would be wary to tread this path in spite of its powerful economic model for business computing. This chapter will explore the readiness of various standards of interoperability, security, portability and governance for the cloud computing model. The market adoption of these standards will also be explored and gaps or opportunities for improvement will be discussed.

5.1  Overview – Cloud Standards – What and Why?

An IDC Survey [1] of senior Information Technology (IT) executives/CIOs shows that limited or lack of security, reliability, interoperability, portability and compliance in the cloud are some of the top concerns for its mainstream adoption.

The impact of these challenges and solution responsibility are not limited to the cloud providers, but span across all the players in the cloud ecosystem such as the service consumers, service providers and governing bodies. Hence, a solution or an approach to address these concerns should be built with consensus from all the players. Cloud Standardisation is the means to such solutions.

A. Govindarajan (*)

Technical/Data Architect, Retail Banking Business Unit - UK EME

RBS Technology Services India Tower A, India Land Tech Park, Plot No.14, 3rd Main Street, Ambattur Industrial Estate, Ambattur, Chennai-600058 India e-mail: ganandg@hotmail.com

Lakshmanan

Lead Principal, (IT Architecture Educator and Mentor)

Education & Research, Infosys Technologies Limited, Electronic City, Bangalore 560 100 India

Systems and Applications, Computer Communications and Networks,

DOI 10.1007/978-1-84996-241-4_5, © Springer-Verlag London Limited 2010

Standardisation provides predictability for providers and consumers alike. It enables innovation, promotes vendor independence, interoperability, encourages repeatable processes and increases resources/skills availability.

IT has a fair share of standards that has lead to its maturity and faster adoption. Cloud computing can look at re-use/extension of the IT standards, restricting the creation of fresh ones to address unique scenarios and challenges of this model. For example, Amazon, a public cloud provider, could utilise the existing security standards for data centres like physical security, network security, etc., to protect its cloud environments. However, interoperability of a service between two public cloud environments would need fresh standards.

There needs to be cautious balance between the levels of standardisation so that it does not stifle innovation and enables early industry adoption. Hence, what will be some of the important standards that typical Enterprises look for before adoption? These are (restricting the definitions to IT):

•Interoperability/integration – interoperability enables products/software components to work with or integrate with each other seamlessly, in order to achieve a desired result. Thus, it provides flexibility and choice to use multiple products to achieve our need. This is enabled by either integrating through standard interfaces or by means of a broker that converts one product interface to another.

•Security – security involves the protection of information assets through various policies, procedures and technologies, which need to adhere to standards and best practices in order to achieve the desired level of security. For example, Payment Card Industry (PCI) data security standards from PCI SSC [2] define ways to secure credit card data to avoid fraud. This is applicable to all organisations that hold, process or pass credit cardholder information.

•Portability – as per Wikipedia [3], a software is said to be portable when the cost of porting the same from an existing platform for which it was originally developed, to a new platform, is less than the cost of re-writing it for the new platform. Software with good portability thus avoids vendor lock-in. This is typically achieved by adhering to standard interfaces defined between the software component and vendor platforms. For example, Java programs are set to be portable across operating systems (OS) that adhere to standard interfaces defined between the Java runtime environment and the OS.

•Governance, Risk Management and Compliance (GRC) – governance focuses on ensuring that the enterprise adheres to defined policies and processes. Risk management puts in controls to manage and mitigate risks as defined by the enterprise. Compliance ensures that the enterprise adheres to various legal/legislative as well as internal policies. Standards have been defined for IT systems to adhere to certain industry as well as legal standards such as Sarbanes–Oxley (SOX) [4], Health Insurance Portability and Accountability Act (HIPAA) [5], etc.

Having discussed the need for standards, the subsequent sections will present the various initiatives in this direction.

To understand the need for standards from the cloud perspective and the status of various initiatives better, a hypothetical company called Nimbus Corp is considered.