IEEE CIO Says Cloud Interoperability a Bigger Problem than Security!

We’ve repeatedly stated that in the absence of any meaningful Cloud Computing standards there’d be a total lack of interoperability resulting in vendor lock-in.  And that would be a major obstacle for widescale adoption of Cloud Computing.  Now, someone at IEEE has confirmed this thesis.

Here is what I wrote in a recent article at What’s the Impact of No Cloud Standards?

No standards translates into a lack of interoperability, which locks-in the customer to a single cloud service provider. For example, the lack of a standard IaaS management API requires cloud user software to be particularized to a single Cloud Service Provider. This is because every cloud service provider has a different version of web services (mostly REST based, but a few use SOAP WS’s) protocols and software interfaces that the customer must adhere to.

I have also been pounding the table that there was no UNI for (shared) private network access to the Cloud and no NNI for public-public, private-public (AKA Hybrid Cloud), private-private Cloud communications!

According to  Dr. Alexander Pasik, CIO at IEEE and an early advocate of cloud computing as an analyst at Gartner in the 1990s. “To achieve the economies of scale that will make cloud computing successful, common platforms are needed to ensure users can easily navigate between services and applications regardless of where they’re coming from, and enable organizations to more cost-effectively transition their IT systems to a services-oriented model.”

“The greatest challenge facing longer-term adoption of cloud computing services is not security, but rather cloud interoperability and data portability, say cloud computing experts from IEEE, a technical professional association. At the same time, IEEE’s experts say cloud providers could reassure customers by improving the tools they offer enterprise customers to give them more control over their own data and applications while offering a security guarantee. Today, many public cloud networks are configured as closed systems and are not designed to interact with each other. The lack of integration between these networks makes it difficult for organizations to consolidate their IT systems in the cloud and realize productivity gains and cost savings. To overcome this challenge, industry standards must be developed to help cloud service providers design interoperable platforms and enable data portability, the organization said.”

According to industry research firm IDC, revenue from public cloud computing services is expected to reach $55.5 billion by 2014, up from $16 billion in 2009. Cloud computing plays an important role in people’s professional and personal lives by supporting a variety of software-as-a-service (SaaS) applications used to store healthcare records, critical business documents, music and e-book purchases, social media content, and more.

However, the IEEE said lack of interoperability still presents challenges for organizations interested in consolidating a host of enterprise IT systems on the cloud. According to IEEE Fellow Elisa Bertino, professor of Computer Science at Purdue University and research director at the Center for Education and Research in Information Assurance, the interoperability issue is more pressing than perceived data security concerns.

“Security in the cloud is no different than security issues that impact on-premises networks. Organizations are not exposing themselves to greater security risks by moving data to the cloud. In fact, an organization’s data is likely to be more secure in the cloud because the vendor is a technology specialist whose business model is built on data protection.” 

However, Steve O’Donnell, an IEEE member and former global head of Data Centres at BT in the United Kingdom, suggested much of the concern is about control for IT managers. “There’s a lack of enterprise tools that enable management of security and availability in the cloud in the same way as in a data center,” he said. “Enterprises believe their own data centers are secure and available, and want to own the management of cloud security and availability rather than outsourcing it to a third party.”

For its part, in April IEEE’s Standards Association announced its Cloud Computing standards Initiative, claimed to be the first broad-scope, forward-looking effort put forth by a global standards development organization aimed at addressing cloud portability and interoperability.  We don’t believe that at all and are not expecting much from this intitiative as there has been very little information conveyed to potential IEEE Cloud standards participants. 

Here is some background info on the two new IEEE Cloud Computing WGs, which will meet next month in San Jose, CA:

As part of its leadership in advancing cloud computing technologies, the IEEE Standards Association (IEEE-SA) has formed two new Working Groups (WGs) around IEEE P2301 and IEEE P2302. IEEE P2301 will provide profiles of existing and in-progress cloud computing standards in critical areas such as application, portability, management, and interoperability interfaces, as well as file formats and operation conventions. With capabilities logically grouped so that it addresses different cloud audiences and personalities, IEEE P2301 will provide an intuitive roadmap for cloud vendors, service providers, and other key stakeholders. When completed, the standard will aid users in procuring, developing, building, and using standards-based cloud computing products and services, enabling better portability, increased commonality, and greater interoperability across the industry.

IEEE P2302 defines essential topology, protocols, functionality, and governance required for reliable cloud-to-cloud interoperability and federation. The standard will help build an economy of scale among cloud product and service providers that remains transparent to users and applications. With a dynamic infrastructure that supports evolving cloud business models, IEEE P2302 is an ideal platform for fostering growth and improving competitiveness. It will also address fundamental, transparent interoperability and federation much in the way SS7/IN did for the global telephony system, and naming and routing protocols did for the Internet.

Note:  This author will be attending their first meeting July 15, 2011 in Santa Clara, CA.  Please let me know via comment below if you’d like to read a summary report.

IEEE Cloud Computing References: