On My Wish List for 2010: Certifying the CloudOn My Wish List for 2010: Certifying the Cloud

I think this trust issue will impede larger business customer interest in migrating to this type of architecture for a number of business-critical functions.

Last week's Telecom Management Forum event in Orlando focused on vendors' recent enhancements in topics like IT and Operations Excellence, Improving the Customer Experience, New Services and Business Models. In the latter, some vendors discussed managed services and cloud-based architectures as new business models for both communications/service providers and business users.One of the problems with new ways of doing business is of course defining terms. For instance, by "cloud," is the speaker referring to infrastructure, applications, etc? In fact, all the terminology surrounding "cloud" has yet to be standardized--something an organization like TMF (or another) could take on, which could only help spur understanding (and potentially adoption) of cloud-based (ahem) "solutions."

But another problem discussed here and elsewhere is essentially about trust. How is a customer assured of a cloud's security, reliability or performance? These and related technologies continue to make progress so that assurance itself could be made reasonably concrete. But lingering still is the problem that we face today with managed services--assurances (SLAs, SLOs) are provided only by the providers themselves; similar problems exist with today's clouds--no objective third party certification really exists. And since cloud-based solutions often will require the involvement of multiple suppliers---even at an applications level, the problem becomes even more acute.

I think this compounded trust issue will impede larger business customer interest in migrating to this type of architecture for a number of business-critical functions. Some large cloud-computing vendors/suppliers have their own certification processes (IBM, Red Hat, etc.). It's a great start, but for the IT industry, it's only part of a fix. A potential solution? Certification for especially important cloud functions (like end-end application performance or security) either from major IT vendors (re: other providers' clouds, not their own--akin to Cisco-certified carrier networks) or a reputable third party.

For instance, in the security arena, the formation of the Cloud Security Alliance was announced just last month (see http://www.cloudsecurityalliance.org/). Similar types of organizations are warranted for other critical cloud functions, as is the cooperation between such organizations (or the creation of an umbrella organization). Clouds are and always will be complex, so for their adoption to move forward, these types of industry initiatives (to standardize/deal with the complex and make it simpler for cloud customers) are vital. I hope to see more in 2010.I think this trust issue will impede larger business customer interest in migrating to this type of architecture for a number of business-critical functions.