Interoperability and Security For Cloud Computing and Storage

There is no doubt that cloud computing is the rage, and there's plenty of substance under the hype. But there are two fundamental issues that still fog its future success -- security and interoperability. That is, moving all of the security controls, security defenses, and regulatory compliance and auditing capabilities to cloud services and making sure that various types of clouds -- public, private, and hybrid clouds -- can be managed together.

In the past two weeks, two organizations have stepped forward to try to solve these thorny issues. Last week, the Distributed Management Task Force (DMTF), announced that it has formed a group dedicated to addressing the need for open management standards for cloud computing. It kicked-off the "Open Cloud Standards Incubator", which will work to develop a set of informational specifications for cloud resource management. The DMTF's leadership consists of IT heavyweights such as AMD, Cisco, Citrix, EMC, HP, IBM, Intel, Microsoft, Novell, Red Hat, Savvis, Sun Microsystems, and VMware. Missing from the group however, are some early leaders in cloud computing, such as Amazon and Salesforce.com.

No specific standards currently exist for enabling interoperability between private clouds within enterprises and hosted or public cloud providers. DMTF's Open Cloud Standards Incubator will focus on solving this by developing cloud resource management protocols, packaging formats and security mechanisms to facilitate interoperability. This, the group hopes, will facilitate interoperability between corporate private clouds and other private, public, and combinations of the two through open cloud resource management standards. The group will also work on specifications to improve cloud service portability, and even management consistency across disparate clouds and enterprise platforms.

Analysts agree on the need for such standards, but some argue the DMTF may be trying to achieve too much. "If DMTF does nothing else but look at easing the IT transition between private services and cloud services, they will get a highly valued gold star," says Eric Ogren, principal analyst at the Ogren Group.

Yet, if cloud computing is to reach its vision of frictionless access to hardware and application resources, the walls between one service and platform and another need to come down. "The DMTF initiative is focused on the large issues of interoperability between the many moving parts of cloud, which is very much needed. Most of today's implementations of 'cloud' -- such as they are -- are highly stove-piped and not truly interoperable," says Scott Crawford, a research director at analyst firm Enterprise Management Associates. "This is in direct contrast to the ideal of cloud computing and other service-centric concepts, in which components can more readily integrate with each other to create a whole that is greater than the sum of its parts. Interoperability -- or rather, the lack of it -- is already an issue in virtualization, on which many cloud computing concepts directly depend."

Open cloud management standards are expected to start surfacing in about a year.

When it comes to the second barrier to cloud computing -- security -- the Cloud Security Alliance published an 83-page guidance paper that describes the issues that enterprises need to solve if the risks of cloud computing are to be mitigated. These issues include the safe use of storage, and virtualized systems, in cloud services, IT governance, law, network security, audit, application security, cryptography, and risk management.

Experts fear both initiatives may be trying to tackle problems larger than themselves. "The CSA is trying to map and solve almost every conceivable aspect of security and the cloud," says Orgen. "It may be too much."

Crawford has similar concerns. "The fact that most of the leaders invested in the success of virtualization as well as cloud are represented is a good sign, but will this varied group truly march together? And will they line up with related efforts such as the CSA -- or vice versa? I hope they will on both counts, but I can certainly understand the healthy dose of skepticism with which this initiative will be greeted," he says.

InformationWeek Analytics has published an independent analysis of the challenges around enterprise storage. Download the report here (registration required).