The definition of Cloud computing depends on who you talk to. Most definitions cover services which were being supplied over the Internet by players like EDS and IBM to the US Department of Defence over a decade ago. Today these services underpin much of defence and financial services infrastructure of the West and are routinely used by customers who say they would never consider transitioning to something as untested as Cloud computing.
Over the last month I have attended on a number of meetings which identifed a need to provide prospective customers with clear guidance as to what they are actually being offered by would-be suppliers and, more particularly, who has verified the claims of response times, resilience and security, to what standards, how and when.
If customers have to do the checking themselves, this can wipe out the benefits on offer. There is a need for credible, shared, evalutions services. More-over these will need to cross national and international, not just sectoral, boundaries.
The report of the Information Society Alliance sub-group on Security by Design, due for publication before the end of the month, will make some recommendations as to how the UK might take a lead in this process.
What that report will not do, however, is list the questions that need to be asked of a would-be Cloud Computing suppliers.
Last night, at the ISSA – UK Advisory Board, I was delighted to learn that the outputs from a couple of ISSA UK workshops last year are likely to be written up as guidance. That guidance is likely to list the questions that need to be asked.
I will not steal their thunder but suggest you visit the ISSA-UK website, join (it is remarkably cheap and very good value) and await details.
ISSA is not a professional body. It is the “club” where members of all the relevant professional bodies meet for mutual education.