Industry is adopting cloud computing and benefiting from the nearly instantaneous and positive impact of cloud technology. Eighty percent of companies report improvements to their operations within the first few months of adoption. Already, the average employee uses 36 cloud-based apps in their daily work.
Cloud computing is a thriving sector. As companies seek to outsource IT, they increasingly rely upon cloud computing services. And, alongside demand for these services, innovation is flourishing. New technologies, relying on open source platforms, are emerging and introducing significant changes to software development.
Standards can help to provide confidence and guidance in a rapidly changing industry. To enable the standardization of cloud computing at the international level, the IEC and ISO joint technical committee on IT set up a subcommittee in this area: ISO/IEC JTC 1/SC 38. To better understand its work and plans for the future, e-tech spoke with its Chair, Steve Holbrook.
Cloud computing is an enabling technology. It is based on the principles of shared devices, network access and shared data storage.
According to Holbrook, cloud computing is the result of the "evolution of distributed computing over the last 60 years, ever since two computers could talk to each other, allowing us to go from the mainframe to the modern era. It is the latest and most efficient form of distributed computing".
Since its creation in 2010, Subcommittee 38 has published 15 standards and is in the process of developing 14 other publications. It has completed the foundational standards for cloud computing. This includes such key standards as ISO/IEC 17788, which provides an overview of cloud computing and a set of terms and definitions, and ISO/IEC 17789, which specifies the cloud computing reference architecture. Holbrook remarked that many of these terms and references are used within other standards publications.
Holbrook also noted the importance of ISO/IEC 19086-1, which establishes a set of common cloud service building blocks, including terms and offerings, that can be used to create service level agreements (SLAs). "This is a grab bag of elements to put in an SLA but does not dictate terms. It is essentially components and measurements. This standard is used by customers and governments to help with their acquisition of cloud computing services", he added.
With the foundational standards now in place, SC 38 can focus its work on new areas. According to Holbrook, "SC 38 can now look towards future projects like updating of the existing standards, working together with consortia and open source efforts to bring in the innovations of cloud computing into standardization and focusing on the needs of the end-users".
Moving forward, SC 38 plans to better integrate its achievements with the work of the other IEC and ISO subcommittees.
"Systems integration is necessary. It can be a challenge to integrate with other JTC 1 subcommittees, but it is essential as an increasing number of areas intersect with each other. We work particularly closely with SC 27 (information security, cyber security and privacy protection), SC 41 (Internet of Things) and SC 42 (artificial intelligence)", Holbrook remarked.
Earlier this year, SC 27 published ISO/IEC 19086-4, which is the fourth part of the ISO/IEC 19086 series on SLAs. This standard provides the requirements for the security and privacy aspects of cloud service level agreements.
Collaboration is also underway with SC 41 on edge computing. Holbrook explained, "connected devices, sensors and actuators that collect and analyze data at the edge rely upon distributed computing to process the data. Cloud computing principles apply across the spectrum of distributed processing from the edge to the data center. It is an essential element for them. Some of the processing of data occurs near the edge, some takes place nearer the data center. The workload should be distributed to the most efficient place". Currently, SC 38 and SC 41 are preparing harmonized technical reports on edge computing.
Artificial intelligence (AI) is also evolving and improving especially with machine learning which uses data to find patterns and trends. Cloud computing is an essential element as it provides the storage for the data and the distributed processing used for analysis. According to Holbrook, AI is a "killer app that is lighting up cloud computing. It is illuminating an exciting horizon in technology. We need to enable technology that is smarter and more agile".
Open source software is an area where much innovation is occurring within cloud computing. Holbrook noted, "the notion of containers is a new trend in cloud computing. The idea is that cloud services can be packaged and run in isolation in a platform independent way. Innovations like Kubernetes make it possible to manage workloads across multiple computers and teams". These innovations are being addressed by SC 38. Recent updates have been made to standards to incorporate containers and container management.
While current contact with the groups developing the open source software has been indirect, SC 38 is finding ways to work together with them. For example, they can submit proposals for standardization and methods are being developed for their specifications to feed information into standards.
Standardization can be important for open source. As pointed out by Holbrook, "standardization is especially needed to establish well known interfaces between technologies. However, there is a mismatch between the speed and culture of the open source community and the standardization community. Much is linked to meta concerns, such as legal and privacy issues, which is not top of mind for programmers in consortia".
In its initial phase of work, SC 38 focused on standards for cloud service providers. As a next step, SC 38 plans to also focus on the needs of cloud service customers.
One area of this focus is in the realm of how data flows from devices to cloud services. "Providers can have a say in what to do with data they derive from observations of customer patterns by, for example, offering targeted advertisement. Some of the data is clearly owned by the customer, some of the data is derived by the provider. The role of each of the parties involved – whether a service provider or customer – should be clearly defined", according to Holbrook. "How does data flow across the system, what are the different kinds of data categories and how can this data be used? Customers, and regulators, should have a say in areas such as privacy and tracking. We have already started to see this in Europe with the GDPR".
In 2017, SC 38 published ISO/IEC 19944 which provides a data taxonomy. It identifies the categories of data that flow across the cloud service customer devices and cloud services and how the data should be handled. An update to this standard is currently underway to expand the data taxonomy to include not only protections for personal information but also for enterprise information.
As it focuses on the end-users, SC 38 has also begun developing guides to better understand cloud computing. Earlier in the year, it published ISO/IEC TR 22678 which provides guidance on using international standards to formulate policies that regulate cloud services and their providers.
The role of SC 38 will be to help the industry as it transitions to new ways of providing and consuming services. As Holbrook concluded, "cloud computing is a leading edge technology and standards in this area are evolving extremely quickly. We need to find new ways to collaborate to better address the challenges ahead".