Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
CloudStandardsCoordina.on–Phase2Presenta.onofreports
B.Becker,E.Darmois,A.Kingstedt,O.LeGrand,P.Schmi<ng,W.ZieglerCloudStandardsintheDigitalSingleMarket
Brussels,28January2016 ©ETSI2015.Allrightsreserved
Ra.onaleforCSCphase2
CSCPhase1:Arestandardssuppor.ngECCloudStrategy?
¡ ECCloudStrategy(09/2012)• “FasteradopRonofcloudcompuRngthroughoutallsectorsofthe
economytoboostproducRvity,growthandjobs”.
¡ Somepoten.alroadblocksiden.fiedbyEC• FragmentaRonofthedigitalsinglemarket• Contractualissues
• SLA;Dataownership&portability;Security;…• Ajungleofstandards
¡ TheCloudStandardsCoordina.on• “PromotetrustedandreliablecloudofferingsbytaskingETSIto
coordinatewithstakeholdersinatransparentandopenwaytoidenRfyby2013adetailedmapofthenecessarystandards(interaliaforsecurity,interoperability,dataportabilityandreversibility)”
3 CSCPhase2FinalMeeRng–28/01/2016
CSCPhase1Mainconclusions
EnoughStandardstostartwith
FostercollaboraRontoensurenofragmentaRon
happens
NOJungleofStandards
Despitenewstandards
coming,somegaps
idenRfied
Cloud Standards Coordination
Final Report
November 2013
VERSION 1.0
hcp://csc.etsi.org
CSCPhase2FinalMeeRng–28/01/20164
CSCPhase2PriorityAreas
Security&Inter-
operability
OpenSource&Standards
UserNeeds
StandardsMaturity
5 CSCPhase2FinalMeeRng–28/01/2016
CloudStandardsCoordina.on–Phase2
¡ BuildonthefindingsofCSCPhase1• Aligningpreviousfindingswithongoingandfinishedefforts
¡ Focusingontheuserneedsandviewpoint• TesRngthemagainstusers’feedback• Diggingfurtherintousers’needs–specify/qualifyconcerns
¡ AddressingthemainissuesoutlinedattheendofCSCPhase1• UsersprioriRes • Interoperability&Security• StandardsandOpenSource• StatusofCloudCompuRngStandardizaRon,snapshot2• SocializaRon,LiaisonsandDisseminaRon
6 CSCPhase2FinalMeeRng–28/01/2016
CSCPhase2
Whoandwhen
¡ TheExperts• BerndBecker EuroCloud• EmmanuelDarmois CommLedge(leader)• AndersKingstedt SokarcAB• OlivierLeGrand Orange• PeterSchmi<ng FSCOM• WolfgangZiegler z-rands
¡ TheTimeline • OfficialStartDate: January19th2015• ActualStartDate: February1st2015• PlannedEndofWork: January28th2016
• ResultPresentaRonWorkshopinBrussels
• OfficialEnd: January31st2016
CSCPhase2FinalMeeRng–28/01/20167
CSCPhase2Fourreports
CSCPhase2FinalMeeRng–28/01/20168
Standards Maturity
User needs
Interop & Security
Standards & Open Source
Results
¡ Fourreportshavebeenproduced• WP1:CloudCompuRngUserNeeds–basedonthesurvey• WP2:CCStandardsandOpenSourceSokware• WP3:CloudCompuRngInteroperabilityandSecurity• WP4:CloudCompuRngStandardsMaturityAssessment
¡ Anopenreviewprocess• Feedback/commentswereopenunRl25September
• Morethat450commentswerereceivedandprocessed• FinalReviewWorkshopOctober1-2,2015,Brussels
¡ AllreportspublishedonNovember15th• AvailableonCSCwebsite:hcp://csc.etsi.org
¡ What'snowandwhat'snext• CloudStandardsintheDigitalSingleMarket• Brussels,January28th(akatoday)
CSCPhase2FinalMeeRng–28/01/20169
TheWP2reportStandardsandOpenSource
WP2ReportMainobjec.ves
• UnderstandtherelaRonshipbetweenOpenSource(OS)andstandardsandvice-versaviatheidenRficaRonofanumberofinteracRonscenariosbetweenStandardSe<ngOrganizaRonsandOSS(notspecifictoCloudCompuRng),someofthemalreadyvisibleandsomeonlyemerging.
• ClarifyhowthesescenariosapplytoCloudCompuRng.• CollectinformaRonupontheperceivedstrategiesandvisibleacRonsof
theSSOsregardingOpenSource,andhowtheymatchtheabovescenarios;
• CollectinformaRonupontheperceivedstrategiesandinteracRonsoftheOpenSourceprojectstowardsstandardizaRon,especiallywhentheinteracRonscenarioinvolvesoneormoreoftheSSOsrelevantinCloudCompuRng;
• ProposeiniRalrecommendaRonstofosterposiRveinteracRon,tosuggestareasforcollaboraRonbetweenbothcommuniResonwaystosupportthisinteracRon(e.g.technicalframeworks,interoperability,intellectualproperty).
CSCPhase2FinalMeeRng–28/01/201611
WP2ReportStandardsandOpenSource
¡ Maincontent5 StandardsandOpenSource:purpose,use
5.1 DefiniRonsandobjecRves5.2 DifferentobjecRves,differentapproaches5.3 MainchallengestoanefficientinteracRon
6 StandardsandOpenSource:InteracRonscenarios6.1 Anoverallview6.2 Thescenarios6.3 CurrentandfuturesituaRon
8 BeceraligningthestandardsandOSScommuniRes8.1 Alignment:ifandwhenneeded8.2 Strategies8.3 SoluRons
9 ConclusionsandRecommendaRonsAnnexA: StandardRelatedOrganizaRonsApproachesAnnexB: OpenSourceOrganizaRonsApproachesAnnexC: Casestudies
C.1 SharingspecificaRons:NFVandOPNFVC.2 OpenSourceandStandards:OpenStack
12 CSCPhase2FinalMeeRng–28/01/2016
WP2ReportObjec.vesandinterac.onchallenges
¡ Differentobjec.ves,differentapproaches• TheleadingforceinOpenSourceisthe(source)code• TheleadingforceinstandardsisthespecificaRon
¡ Mainchallengestoanefficientinterac.on• Technicalchallenges
• Architecture• Incrementalreleasesversusupdates• Standardsdocumentsandsourcecode andmore…
• OrganizaRonalchallenges• Long-termMaintenance• Governance
• Intellectualpropertychallenges• OpenSourceLicenses• PatentandCopyrightPolicies
CSCPhase2FinalMeeRng–28/01/201613
WP2ReportInterac.onscenarios(1/4)
¡ AnOpenSourcecommunityimplementsstandards• AnSSOTechnicalGrouphasdevelopedandpublishedasetofstandards
–thatwillbemaintainedandmaybefurtherevolved.Thissetincludesdetailedprotocol/APIstandardsthatcanbeusedforimplementaRonpurposes;
• AnOpenSourcecommunityoutsidetheSSOwantstomakeareferenceimplementaRonofthesestandards–thatwillbefurtherdistributed(bytheOpenSourcecommunityitselforbyspecializeddistributors)andintegratedintocommercialproductsundercondiRonsdefinedbyanOpenSourceLicense;
• TheOSSimplementaRonissettobefully"compliant"withthesestandardsorcanleadtoevoluRonsofthestandardspublishedandmaintainedbytheSSO.
CSCPhase2FinalMeeRng–28/01/201614
WP2ReportInterac.onscenarios(2/4)
¡ AnSSOdevelopsanOpenSourcereferenceimplementa.on• AnSSOTechnicalGrouphasdevelopedandpublishedasetofstandards
–thatwillbemaintainedandmaybefurtherevolved;• Tospeed-upthemarketadopRon,theTechnicalGroupdecidesto
developareferenceimplementaRonofthesestandardsorofasubsetofthem,usinganOpenSourcemethodologyandenvironment(includingfortesRngpurpose).
CSCPhase2FinalMeeRng–28/01/201615
WP2ReportInterac.onscenarios(3/4)
¡ AnSSOdevelopsstandardsbasedontheresultsofanOpenSourcecommunity• AnOpenSourcecommunityisdesigninganddevelopingasokware
implementaRonthatfulfillstheneedsofanSSO,e.g.providinganimplementaRoncoveringthefuncRonalandarchitecturalrequirementsexpressedinstandardspublishedorunderdevelopmentbythatStandardsOrganizaRon;
• TheStandardOrganizaRondecidestoendorsetheresultsoftheOpenSourcecommunityanddevelopsstandardsbasedonthedocumentedAPIsdevelopedbytheOpenSourcecommunity;
• TheOpenSourcecommunityhasoptedforanOpenSourcelicense.
CSCPhase2FinalMeeRng–28/01/201616
WP2ReportInterac.onscenarios(4/4)
¡ Acollabora.on(“jointproject”)isestablishedbetweenaStandardOrganiza.onandanOpenSourcecommunity• AjointcollaboraRon(“jointproject”)betweenaStandardsOrganizaRon
TechnicalGroupandanOpenSourcecommunityisestablishedwiththeobjecRvesofdevelopingtogetherasetofstandardsandanOpenSourceimplementaRonofthesestandards.
• Thesetofstandardsincludesstandardsatvariousstagesofthestandardsdevelopmentchain(e.g.standardsonrequirements,architecture,protocols/APIs)whiletheOpenSourceimplementaRonprovidesareferenceimplementaRonofthesestandards.
• ThiscollaboraRonincludestheestablishmentofajointsteeringTechnicalCommiceewhosetasksistocoordinatethedevelopmentofstandardsbytheStandardOrganizaRonandthedevelopmentoftheOpenSourceimplementaRon.ThisTechnicalCommiceewilldrivetheroadmapintermsofusecases,requirementsandarchitecturethatshouldbesupportedbytheOpenSourceimplementaRon.
CSCPhase2FinalMeeRng–28/01/201617
Interac.onscenariosinprac.ceinCloudCompu.ng
¡ Sharingspecifica.ons:NFVandOPNFV• Scenario: AnSSOdevelopsanOpenSourcereferenceimplementaRon• InpracRce,itisclearthatkeepingeachorganizaRonabreastof
developmentsofjointinterestischallenging,giventhequitedifferentgovernanceprocessesofETSINFVISGandOPNFV.
¡ OpenSourceandStandards:OpenStack• Scenario: AnOSSorganizaRonimplementsReferenceAPIs• Amongstthedecisionsthathavetobetakenfortheprojectoutput,the
choiceofwhichCloudCompuRngstandardwillbesupportedisimportant
¡ DistributedManagementTaskForce(DMTF)• AddressinghowtheOVF,CIMIandCADFstandardsdevelopedbyDMTF
havebeenadoptedinmajorOpenSourceprojects,i.e.OpenStackandCloudStack.
CSCPhase2FinalMeeRng–28/01/201618
WP2ReportRecommenda.ons(1/2)
¡ Collabora.on• EncouragecollaboraRonbetweenOSScommuniResandSSOsworking
onsimilarorcloselyrelatedtopics,e.g.NFVandOPNFV,possiblythroughjointeventslikeworkshops,plugtests;
• EncouragethecreaRonof“jointprojects”betweentheSSOswherethestandardsaredevelopedandOpenSourcecommuniResinordertopushforcloserelaRonship,interacRon,exchangeandcooperaRon;
¡ Roadmaps• MakesurethatcollaboraRonbetweenSSOsandOSSorganizaRons
addresstheknownCloudCompuRng(standards)gaps,e.g.inServiceLevelAgreement,Security,PrivacyandIntegrity;
• EncourageOpenSourceiniRaRvestostandardizetheirspecificaRonsthatareimportantforinteroperability(e.g.APIs:DataModel,Protocol,Format).
19 CSCPhase2FinalMeeRng–28/01/2016
WP2ReportRecommenda.ons(2/2)
¡ Organiza.on• FacilitatetheimplementaRonofOpenSourcesoluRonsbasedon
Standards(developedorunderdevelopmentinaSSO);• Ensurethatpre-standardizaRonacRviRes(e.g.thoseemanaRngfrom
researchprojects)canbesustainedoveralongerperiodinordertoallowforasmoothtransiRonofresultswithinCloudCompuRngstandardizaRon.
¡ Marke.ng,dissemina.on,promo.on• EncourageSSOstoincreasethedisseminaRonandcommunicaRon
effortswithtogoaltoincreasetheawarenessofplansfor/workonnewCloudrelatedspecificaRons,targeRngtheOSScommuniResintheCloudarea;
• EngageindustrialusersofCloudOSS;
20 CSCPhase2FinalMeeRng–28/01/2016
TheWP3reportInteroperabilityandSecurity
Backdrop
CSCPhase2FinalMeeRng–28/01/201622
Why?-Interoperability
¡ Lock-inconcerns¡ Thevisionofasmooth&
effortlessintegra.on• AcrossCloudServices• BetweenOn-Premiseandthe
Cloud
¡ IncreasedsupportforInterop&portabilitywilldriveadop.onoftheCloud
Howcri.calarethefollowingissuesforyourorganiza.on?
Lowuseofpubliccloudscenarioss.llexists
CSCPhase2FinalMeeRng–28/01/201623
Why?-Security
¡ Topconcern¡ Secureaccesstoanduseof
CloudservicesandCloudServiceCustomerdataarekeyprerequisitesforCloudadop.on
¡ Standardsexist,buttheyneedtobeexpandedandtailoredforCloudSeengs
WhichimpactcanCloudCompu.ngStandardshaveonyourorganiza.on'sconcerns?
Howcri.calarethefollowingissuesforyourorganiza.on?
CSCPhase2FinalMeeRng–28/01/201624
Facetsofinteroperability&portability(ISO/IEC19941,draf)
CSCPhase2FinalMeeRng–28/01/201625
Aspectsofsecurity
InformaRonSecurity
InformaRon
ConfidenRality
Integrity
Availability
Non-repudiaRon
Trust
Iden.tyand
AccessMgmt.(IAM)
Crypto-graphy
Objectives
Key capabilities
Authen-RcaRon
Autho-rizaRon
Securitypolicymgmt.
Privacy(dataprotecRon) Miscconcerns
InformaRon
PII
EU directive 95/46/EC General Data Protection Regulation
Mandated by
National level legislation Domain specific legislation
Examples: - Business continuity - Audit, compliance - Data isolation - Incident mgmt. - Governance - Change control and
configuration mgmt.
CSCPhase2FinalMeeRng–28/01/201626
WP3-Observa.ons
¡ Security,interoperabilityandPortability• Thecomplexityandapplicabilityiscrosscu<ng
innature• Security:acertainlevelofconfusionandlack
ofknowledgepreventsadopRon/ofCloudCompuRng/
• InteroperabilityandPortability:• animportant(andchallenging)cornerstoneforfricRonfreeexchangebetweenandto/fromCloudservices
• Understandingthefacetsofinterop&portabilityiskeytosuccess
• APIsbetweenCloudplasormswillensureeasiertransiRonofdataandapplicaRons
27 CSCPhase2FinalMeeRng–28/01/2016
WP3–Recurringsecurityconcerns
¡ Dataencryp.on¡ Dataisola.on¡ Privacy(Dataprotec.on)¡ Datainteroperability&portability¡ Mul.-stageauthoriza.on¡ IAMinhybridCloudscenarios¡ Con.ngencyplanning(datarecovery)¡ Datacategoriza.on(taxonomy,classifica.onetc.)¡ PersonalData(PII)
¡ And,again,thesheercomplexityofSecurity…
CSCPhase2FinalMeeRng–28/01/201628
WP3–Observa.ons(cont’d)
¡ TheCloudSLA:playsanimportantroleindefiningtherolesandresponsibiliResandmeasuresrequiredforthesafeandcontrolledprovisioningandmanagementofCloudservices
¡ InparRcular,theelementsoftheCloudSLAwillassistinaddressingcriRcalareassuchas:• AcceptableUsePolicy(AUP)• SecurityPolicy• PrivacyPolicy• BusinessConRnuityPolicy(BCP)• ServiceDescripRons• ServiceLevelObjecRves(SLOs)• ServiceQualityObjecRves(SQOs)• Metrics• CSLArequirements
CSCPhase2FinalMeeRng–28/01/201629
WP3ReportInteroperabilityandSecurity
¡ Conclusions• Risks:
• SlowadopRonofCloudCompuRng
• Outstandinggapsandkeyissues:• Interoperability&portability,primarily• InterpretaRonofandgeneraluncertainResrelatedtolegalframeworks
• Awareness,dissemina.onandmarke.ng:• KeysuccessfactorforconRnuedandacceleratedCloudadopRon
30 CSCPhase2FinalMeeRng–28/01/2016
WP3ReportInteroperabilityandSecurity
¡ Recommenda.onsandcall-to-ac.on:• Startusingalreadyexis.ngstandardsandsolu.ons• HighlighttheactualsecuritybenefitsthatexistsforCloudCompuRng• Increasetheuseofcer.fica.onschemes• TackleSecurityissuesbyensuringthatyourorganizaRonhasfullcontrolofyour
informaRon• Ensurethatapplicablelegalframeworksareunderstoodandadheredto• StartusingtheCloudSLAframeworkstandardwhenavailable(expected2016)• AcceleratetheCollabora.onsbetweenCloudCompuRngstakeholders
31
TheSwedishPensionsAgency;ReportontheuseofCloudServicesintheSwedishPublicSector,December2015: “Cloud Services provide important potential benefits for public authorities, individually and in collaboration. Cloud Services are here to stay. We assess that the use of Cloud Services will increase both in the private as well as the public domain in Sweden”
CSCPhase2FinalMeeRng–28/01/2016
Founda.on
Makinguseofstandards(example)
InformaRontechnology–Cloud
compuRng–ReferencearchitectureISO/IEC17789/ITU-TY.3502
InformaRontechnology–Cloud
CompuRng–OverviewandVocabularyISO/IEC17788/ITU-TY.3500
ISO/IEC19941(draf),Informa.ontechnology–Cloudcompu.ng–InteroperabilityandPortability
ISO/IEC19086(Draf),InformaRonTechnology--CloudCompuRng–ServiceLevelagreementSLAframeworkandterminology
ISO/IEC19944(draf),InformaRonTechnology--CloudCompuRng-Dataandtheirflowacrossdevicesandcloudservices
CSCPhase2FinalMeeRng–28/01/201632
Lastslide…!
¡ Ques.ons?
Acknowledgements:- AllorganizaRonswhoprovidedfeedbackonthedrakWP3
report(noonemenRoned,nooneforgocen…)- ISO/IECWG4- ETSI
CSCPhase2FinalMeeRng–28/01/201633
TheWP2andWP3reportsPanelDiscussion
ThePanellists
¡ MichelDrescher(CloudWatch)
¡ AlainPannetrat(CloudSecurityAlliance)
¡ GrahamTaylor(OpenForumEurope)
¡ JacquiTaylor(FlyingBinary)
¡ FrankZdarsky(NFV)
CSCPhase2FinalMeeRng–28/01/201635
TheWP1reportCloudCompu.ngUsers'needs
CloudCompu.ngUserNeeds:asurvey
¡ Ourobjec.ves• Tocollectandanalyze(viaasurvey)thefeedbackfromtheusers
• TounderstandtheneedsoftheCCuserscommunity• ToidenRfytheirhighestpriority(exisRngornew)usecases• ToensurethattheirprioriResaretakenintoaccountinstandardizaRon.
• TofurtherrefinethePhase1reportconclusions.¡ Whatwedid
• Surveyon-lineonMarch30thtoSeptember25th• 378answerscollectedforthereport
• Drakreportdistributed(version1.0)forpubliccommentsonJune24th• ReviewedinthepublicReviewWorkshoponOctober1st
¡ Finaldeliverable: anETSISpecialReport
37 CSCPhase2FinalMeeRng–28/01/2016
GeneralFindings
¡ Benefitsandchallenges• MostposiRvefactors
• ReducRonofCAPEX,improvedbusinessagility,fasterRmetomarket• Mainchallenges
• CompaRbilitywithin-housesystems,security,privacy/integrity
¡ Adop.onandscope• Amajorityoftherespondents(58%)havealreadystartedtoadoptCC• None(0%)oftherespondentsareNOTplanningtoadoptCC
¡ CloudDeploymentModelsandCloudServiceCategories• PrivateClouddominatesfollowedbyHybridCloudandPublicCloud
¡ Standardstoppriori.es• Interoperability,security,servicelevelagreements,portabilityandAPIs
¡ Cloudcompu.ngcer.fica.onstandards• CerRficaRonschemes:aposiRveway(75%)toincreaseconfidenceinCS
Providers
38 CSCPhase2FinalMeeRng–28/01/2016
Trendsandparerns
¡ SecurityandDataPrivacyareseenasmajorconcerns• Thisisnotanewfinding,butthefactthatitissRllverymuchpresentisa
clearindicaRonontheperceivedchallengeaheadforsecuritystandardsandCloudcerRficaRoninparRcular.
¡ Interoperabilityisanotherareathatisrankedhigh• Thisconcernismostlikelylinkedtotheissueofvendorlock-inandthelack
ofportabilitystandardsforcross-Cloudscenarios¡ Transi.ontoCloudCompu.ng
• HighpercepRonfromtherespondentsthatitshouldbecarefullyplannedandorganized,inparRcularinareasperRnenttodata(classificaRon,storage,etc.),processesandsecurity.
¡ Roleofstandards• Itisseenasimportantandthereisalreadyahighlevelofawareness,toa
smallerextentevenintermsofknowledgeontheexisRngsetofstandards.• BenefitfromstandardsrelatedtoCloudCompuRngisseenasmorecriRcal
thanOpenSource:thisfindingishoweversubjecttofurtheranalysis.39 CSCPhase2FinalMeeRng–28/01/2016
TheSurvey
¡ 364responses• 48%fromlargerOrganisaRons(above250employees)• 52%fromsmallerOrganisaRons
¡ Roleofyourorganisa.oninCloudCompu.ng• 40%CloudCustomers• 39%CloudProviders,Developers,Brokers• 21%others
¡ StageofCloudAdop.on• 51%arealreadyintheCloud(fullyorparRally)• 49%aredeploying,piloRng,concidering
CSCPhase2FinalMeeRng–28/01/201640
SurveyResultsQues.on5
Sizeofyourorganiza.on?
41
52 %
CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on9
Maturityofyourorganiza.on:howcri.calarethefollowingchallenges?
42 CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on11
MaturityofCloudCompu.ng:howcri.calarethefollowingissuesforyourorganiza.on?
43 CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on15
StageofCloudCompu.ngAdop.on
44
51 %
49 %
CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on16
Roleofyourorganiza.oninCloudCompu.ng
45
39 %
40 %
CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on17
LevelofyourresourcesandsupporttoCloudCompu.ng
46 CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on19
DataClassifica.oninyourorganiza.on
47
39 %
CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on20
DataSecurityinyourorganiza.on
CSCPhase2FinalMeeRng–28/01/201648
46 %
SurveyResultsQues.on25
WhichClouddeploymentmodelseemsbestfittoyourneeds?
49
58 %
CSCPhase2FinalMeeRng–28/01/2016
WhichimpactcanCloudCompu.ngStandardshaveonyourorganiza.on'sconcerns?
SurveyResultsQues.on34
50 CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on35
TowhichdegreeareCloudCompu.ngStandardsconsideredorusedinyourorganiza.on?
51
76 %
22 %
CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on40
Yourorganiza.on'sadop.onanduseofCCstandards:Dataprotec.on
52 CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on47
WouldyouconsiderCloudCer.fica.onasapossibilitytoimproveconfidenceinCloud?
53 CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on48
PleaserankthefollowingCloudCer.fica.onareasaccordingtheirimportance
54 CSCPhase2FinalMeeRng–28/01/2016
SurveyResultsQues.on52
WhichofthefollowingCloudCer.fica.onSchemeslistedinCCSLareyouareawareof?
55 CSCPhase2FinalMeeRng–28/01/2016
WP1OnlineSurveyWrapUp
Conclusionsandrecommenda.ons¡ ThepresentreportindicatesthatrunningawebsurveyonCloudstandardsmayyield
relevantfindingseventhoughthenumberofrespondentsislimitedandthecomposiRonoftherespondentsresulRngfromtheinvitaRontoselectedstakeholdersisrepresentaRveoftheoverallpopulaRononlytoanunknownextent.
¡ ThefindingsmadeduringtheanalysisofthesurveysupporttheconRnuedstrivetowardsclosingtheidenRfiedgapsintermsofsupportforCloudCompuRngstandards.Italsoshowsagrowingawarenessoftheimportanceofstandards,ingeneralandforCloudCompuRnginparRcular.
¡ Basedontheprincipalareasofconcern,illustratedintheabovefigure,theCloudStandardsCoordinaRonPhase2expertshavelistedsomerecommendaRonsfollowingthefindingsinthewebsurvey.TheserecommendaRonsare:
CSCPhase2FinalMeeRng–28/01/201656
WP1OnlineSurveyWrapUp
Collabora.onacrosskeyCloudCompu.ngstakeholders¡ EncourageandincreasecollaboraRonsacross
• thevariousrelevantini.a.vesinEurope• standardsdevelopmentorganiza.ons(formal,dejureanddefacto)
toavoidandminimizefragmentaRonandoverlapintheCloudCompuRngrelatedstandardizaRonefforts.
¡ DuringtheCSC-2,contactshavebeenmadewith
• theUSstandardiza.onagency,NIST• theEuroCIOorganiza.on
inordertoaddfurthervaluetotheCSC-2resultsaswellassecuringawarenessoftheCSCwork.
CSCPhase2FinalMeeRng–28/01/201657
WP1OnlineSurveyWrapUp
Dissemina.onandMarke.ng¡ NeedtoensurethatCloudCompuRngstakeholders(users,customersandproviders)
aremadeawareofexisRngstandardsandcerRficaRonprograms.
¡ TherelaRvelylowresponseandawarenessfoundamongtherespondentsofthewebsurveystronglysuggeststhattheimportanceandpotenRalbenefitsofstandardsandcerRficaRonschemesneedtobefurtheradvocatedandmarketedbyusingintherelevantchannelsthroughtheappropriateEUagenciesandalsobytheSDOs.
58 CSCPhase2FinalMeeRng–28/01/2016
WP1OnlineSurveyWrapUp
ConducttheCloudWebSurveyregularly¡ KeepingtrackoftheenduserspercepRonofCloudCompuRngbenefitsand
challengesprovidesanexcellentbackdropforongoingaswellasfutureeffortstoclosetheidenRfiedgapsandaddressthechallengesdisclosedbythewebsurvey.
¡ TheSTF486expertsseethewebsurveyasagoodtooltogaugetheprogressandstate-of-affairsintheCloudCompuRngspaceandrecommendthatthewebsurveyisreopenedandrunonaregularbasis,tentaRvelyonanannuallybasis.
59 CSCPhase2FinalMeeRng–28/01/2016
WP1OnlineSurveyWrapUp
Securityaspects-akeyconcern¡ “Security”,asaconcept,iswithoutdoubtamajorconcernformostusers,customers
andprovidersalike,inparRcularinaCloudse<ng,astheresourcestypicallyaresharedand-asaconsequence-dataintegrityconfidenRalityandavailabilityneedaddiRonalacenRontoensurearetainedconfidenceintheownershipofdata.
¡ Manyusersareconcernedabout“losingthecontrolofdata”
¡ UnlessSecurity-allrelevantaspectsofSecurityrelatedtoCloudCompuRng-arefullyaddressedandtheusersaremadeawareofavailableopRonsandexisRngprotocolsandstandardsthatcanbeusedtobuildreliableCloudCompuRngofferings.
¡ TheadopRonofCloudCompuRngislikelyconRnuingtogrowslowerthanexpected.
60 CSCPhase2FinalMeeRng–28/01/2016
Cer.fica.onaddsconfidence
¡ TheanalysissupportstheprovisioningofcerRficaRonschemes,wherecerRficaRonofvendorsandthecrosscu<ngaspectsof
• datastorageloca.on(oneaspectofprivacy)• clouddatacentreinfrastructure• cloudprovisioningprocessandinteroperability/reversibility• Legal/Contractualaspects,SLAaretopprioriRes.
¡ TheseaspectsaregeneralconcernsthatneedtobeaddressedtoacceleratetheadopRonofCloudCompuRng.
¡ TheCSC-2resultsofthewebsurveyareusedasinputtotheothertasksandworkitemsoftheCSC
61 CSCPhase2FinalMeeRng–28/01/2016
WP1Summary
¡ TheCloudStandardsCoordina.onPhase2expertsseethestandardscoordina.oneffortaswellfundedandhighlyrelevant.
¡ Itisrecommendedthatthestandardscoordina.onresultsbethoroughlydisseminatedandthattheindustryandStandardsDevelopmentOrganiza.oncontactsandcollabora.onsmadeaspartoftheCloudStandardsCoordina.onini.a.vecon.nue.
CSCPhase2FinalMeeRng–28/01/201662
ConclusionOntheroadforadop.on
¡ Users• Different:expectaRons,issues,resources,skills,percepRon• Common:must-have,must-adapt,must-prepare
¡ Adop.on• MostorganizaRons(incl.SMEs)havestartedtheadaptaRonwork• SecurityandPrivacy&Dataintegrityarerecurrentconcerns• WhattodowiththelegacyIT?
¡ Standards• Muchsupportexpectedfromstandards&cerRficaRon• Moreawareness&markeRngofexisRngstandardsneeded• Morecoverage:SLA,Security,Privacy&Integrity,Interop
• àlooksabitlikestatusattheendof2013
63 CSCPhase2FinalMeeRng–28/01/2016
TheWP4reportStandardsMaturityAssessment
WP4ReportStandardsMaturityAssessment
¡ Maincontentofthereport• 5EvoluRonoftheCloudCompuRngstandardslandscape
• 5.1 CustomersandUsersviewonCloudCompuRngStandardsandCerRficaRon
• 5.2 CloudCompuRngStandardizaRonandCerRficaRon• 5.3 CloudCompuRngStandardsandtheCloudServicelife-cycle
• 6Usersconcerns:howstandardscanhelp• 6.1 Comparisonofuserconcerns:howstandardscanhelp• 6.2 Howstandardsareinsupportofusers’concerns• 6.3 Summary
• 7ConclusionsandRecommendaRons• AnnexA: CloudCompuRngStandardsLandscape
• A.1 PresentaRonofresults• A.2 SSOsandStandardslist
• AnnexB: StandardsintheCCServicelife-cycle
65 CSCPhase2FinalMeeRng–28/01/2016
WP4ReportStandardsMaturityAssessment
¡ Listofstandards• Thereare114documentsfrom16organizaRons,94withthestatus
“Published”,14withthestatus“Drak”and6withthestatus"Inprogress".ThisistobecomparedwiththelistofCSCphase1thatincluded65documentsfrom17organizaRons,50withthestatus“Published”and15withthestatus“Drak”.
¡ Observa.ons• ThenumberofSSOsinvolvedisslightlylowerthanCSCphase1;• TheoverallnumberofstandardsishigherthaninCSCphase1,in
parRcularforthe“Published”ones.ThisisshowingthatthecoverageofthestandardsislargerthanduringCSCphase1(asanRcipated);
• Thisclearlyindicatesthattosomedegreeaconsolida.onofthestandardiza.onlandscapehastakenplacesinceCSCphase1.
• ThisisbothbecauseofareducednumberofactorsandofagreaterimportanceofStandardsversusWhitePapersandReports(whichwereplayingagreaterroleinCSCphase1).
66 CSCPhase2FinalMeeRng–28/01/2016
WP4ReportStandardsMaturityAssessment
¡ Topusers’concerns• ThethreeconcernsidenRfiedinthe2013report
-ServiceLevelAgreements,Interoperability,Security–aresRllrankedunderthetopconcerns.
¡ Standards• Therearealreadyanumberofstandardsin
supportoftheseconcerns• ManyofthemnotCloud-specificarealreadyused
orneedtobepromotedandadopted• Moreareunderdevelopment,e.g.fromISO/IEC,OGF,NIST
¡ Otherconcerns• Contract(besidesorcomplementarytotheSLA);• LegalaspectandLegislaRon;• Financialhealthofproviders.AsitwasthecaseforCSC-1,thestandardsandspecificaRonsidenRfiedinCSC-2maynotbeverymuchsupporRve.
67 CSCPhase2FinalMeeRng–28/01/2016
WP4ReportSummary
• ThereissRllworktobedonetofullyaddressthemainconcernsofexisRngandfutureCloudCompuRngusersaspresentedinthe“Userssurvey”and“InteroperabilityandSecurity”reports.
• ThewebsurveyshowsagrowingawarenessofalreadyexisRngstandardsandcerRficaRonschemeswillmostlikelyfavorablychangetheexperienceofmanyusersthattheCloudisinsufficientlysafeandreliabletouseforenterpriseclassICT(e.g.weakSLAs,insufficientrecovery/fallbackprovisionsfordisastersinthepast,datathekby,e.g.,naRonalintelligenceagencies,industrialespionage).
• TheanalysisoftheavailablestandardsthattargettheCloudinthemainareasofusers’concernshowthateffortsareunderwaytoatleastparRallyaddresssomeofthemajorconcerns.
• ExamplesofsignificantongoingdevelopmentsincludetheworkdoneinISO/IECwherethreeparalleldevelopmentprojectsareunderway–onCloudSLA,interoperabilityandportability,security,andfinallyondata.
68 CSCPhase2FinalMeeRng–28/01/2016
WP4ReportRecommenda.ons(1)
• EncouragethedevelopmentofofeducaRonanddisseminaRonmaterialofCloudCompuRngstandards(acrossallconcernedSSOs);
• EncouragethelargeSDOs/SSOstostrengthencollaboraRonandcooperaRon,…thussupporRngtheEC’sobjecRvetomaketheCloudavailableandsecurefortheEUmemberstates’ciRzens,publicsectorandprivatesectoralike;
• EncourageSSOsandOpenSourceorganizaRonstomoresystemaRcallyprovideformallydocumentedsupportforCloudCompuRngstandards;
• Regularlyorganize“progressreport”eventstoadverRsetheprogressmade…towardstheCloudServiceCustomers(e.g.SMEs,industries)thussupporRngtheEC’sobjecRvetomaketheCloudavailableandsecurefortheEUmemberstates’ciRzens,publicsectorandprivatesectoralike.
69 CSCPhase2FinalMeeRng–28/01/2016
WP4ReportRecommenda.ons(2)
• AspartoftheprogressreporteventstheadopRonofeachappropriatestandardorspecificaRonshouldbeevaluatedtoprovideanindicaRonforthechangesintheuseofstandardsandspecificaRons,e.g.,increasedordecreaseduserespecRvely;
• TherearemanyinteroperabilityandportabilitystandardsandspecificaRonsthataresupportedbyCloudprovidersthatarenotCloud-specific.IdenRfyingandpublishingacoresetoftheseacrossCloudproviderswouldbehelpfulduringtheproviderselecRonphase;
• GapsidenRfiedinthisreport(markedinthetablesinsecRon6.3.0–6.3.3)needfurtheranalysistoidenRfytherelevanceofeachgap,e.g.whichgapsareblockingandneedtobeaddressedwithpriority.
• FurtheranalysisisneededtodecidewhetherintervenRonbytheECisneededtoorganizetheefforttoclosethegapswithahighpriorityortherespecRvecommuniReswilltakecareofand/orthemarketwilldrivetheeffortforclosingthegaps.
70 CSCPhase2FinalMeeRng–28/01/2016
WP4ReportRecommenda.ons(3)
• SpecialacenRonshouldbegiventothecreaRonofstandardsandspecificaRonsfordetailedmonitoringoftheCSPservicestoenableefficientandinformaRvereporRngtowardstheirCSCsandtoenabletheCSCstoretrieveinformaRonneededtomonitorthefulfillmentoftheirSLAsandtotakeproacRveacRonsincaseofdegradaRonofoneoremorerelevantmetrics;
• EncourageOpenSourceProjects,probablytogetherwithsomeincenRves,tobringtheirAPIsintoSSO/SDOsforrenderingthemintoastandardoraspecificaRon.
CSCPhase2FinalMeeRng–28/01/201671
WP4ReportSomeareasforfurtherstudy
• UpdatedandmorecompletelistofCloudServicelife-cycleacRviResinAnnexB.
• AmorecompletemappingofstandardsonthelistofacRviRes,provideditismodifiedasdescribedabove.
• RecommendaRonsregardingthewaytosupporttheeducaRonanddisseminaRoneffortregardingexisRngandemergingstandards.
• ExpandthelistofstandardstorelevantnonCloudCompuRng-specificstandards.
72 CSCPhase2FinalMeeRng–28/01/2016
TheWP1andWP4reportsPanelDiscussion
ThePanellists
¡ CarmelaAsero(JRC)
¡ Mar.nChapman(Oracle)
¡ HelmutFallmann(Fabasof)
¡ GeorgeGreve(Kolabsystem)
CSCPhase2FinalMeeRng–28/01/201674