NIST: Cloud providers should adopt portability standards
Cloud computing providers should voluntarily adopt standards for data and software portability, says the National Institute of Standards and Technology.
In the first of a three-volume draft cloud computing roadmap released Nov. 1, meant to detail high priority tasks necessary for further cloud adoption within the federal government and elsewhere, NIST notes that moving from one cloud provider to another requires the interim step of manually moving data, software and components to a non-cloud platform or conversion from one proprietary format to another.
It's a situation that runs contrary to government needs for standards-based products, processes and services, the draft roadmap says, since it carries the risk of potentially large public investments being placed into technology that becomes prematurely obsolete. Government agencies should also able be easily to change cloud service providers, and cloud providers themselves should be able to compete in a level economic playing field, the draft document adds.
It suggests that international, consensus-based standards for interoperability, portability and security should be in place no later than 2016.
Cloud providers should also harmonize technical policies, credentials, namespaces and trust infrastructure so that platform as a service is possible across multiple service providers' physical environments, the draft says. Federal community cloud requirements and scenarios should be in place no later than 2015, the draft says.
The draft also calls for technical security solution to be decoupled from server location. "In the absence of mechanisms to allow differing policies to coexist side by side in a global environment irrespective of geographical location and sovereignty, large-scale interoperability and portability for cloud workloads may not be feasible," the draft says.
In a brief interview, Dawn Leaf, NIST senior executive for cloud computing, said the roadmap recommends development of technical solutions that will allow countries to implement their data policies in the cloud, but doesn't address data sovereignty issues from a legal or policy perspective.
The draft roadmap also calls for industry and the government to adopt consistent technical specifications for service level agreements.
"Disparities in cloud providers' SLAs and high-profile issues related to cloud failures have led some to conclude that public cloud SLAs in their current form are of little value to customers," the draft states.
SLAs should include key elements required for cloud service including warranties, guarantees and performance metrics, and they should be written with a common understanding of terms and definitions, the draft says. Doing so would also create a means for objectively comparing competing cloud service, the draft adds, stating that better SLAs should start appearing in 2012, with periodic updates to standardized vocabulary and a SLA taxonomy of key elements occurring periodically thereafter.