ETSI Cloud Standards Coordination (CSC) - Final Report, December 2013
The European Commission Communication on the European Cloud strategy identifies a key action for standardisation in this context:
Key action 1: Cutting through the jungle of standards [...]
• Promote trusted and reliable cloud offerings by tasking ETSI to coordinate with stakeholders in a transparent and open way to identify by 2013 a detailed map of the necessary standards (inter alia for security, interoperability, data portability and reversibility).
• Enhance trust in cloud computing services by recognising at EU-level technical specifications in the field of information and communication technologies for the protection of personal information in accordance with the new Regulation on European Standardisation.
Following the request from the European Commission, ETSI launched the Cloud Standards Coordination (CSC) initiative in a fully open and transparent way, open for all stakeholders.
After an analysis of major aspects of cloud computing standardization, the final Report provides:
• A definition of roles in cloud computing;
• The collection and classification of over 100 cloud computing Use Cases;
• A list of around 20 relevant organizations in cloud computing Standardization and a selection of around 150 associated documents, Standards & Specifications as well as Reports & White Papers produced by these organizations;
• A classification of activities that need to be undertaken by Cloud Service Customers or Cloud Service Providers over the whole Cloud Service Life-Cycle;
• A mapping of the selected cloud computing documents (in particular Standards & Specifications) on these activities.
Based on these technical results, conclusions regarding the status of Cloud Standardization at the time of this writing have been developed, concerning general aspects (fragmentation, etc.) and more specific topics of Interoperability, Security & Privacy and Service Level Agreements.
Regarding fragmentation, the analysis has concluded that cloud standardization is much more focused that anticipated. In short: the Cloud Standards landscape is complex but not chaotic and by no means a 'jungle'.
Though several cloud computing standards have seen successful adoption in small-scale and research projects, cloud computing-specific standards are not seen widespread adoption by cloud providers to date. However, given its dynamism, Cloud Standardization will likely mature in the next 18 months. Adoption may be encouraged if mechanisms are found for domainspecific stakeholders to agree on shared vocabularies and formal definitions that are machine readable.
Important gaps in the cloud computing standards landscape have been identified. New cloud computing standards, or cloud computing specific extensions to existing standards that fill these gaps should be encouraged.
The legal environment for cloud computing is highly challenging. Research into standardized ways of describing, advertising, consuming and verifying legal requirements is necessary.
Solutions need to accommodate both national and international (e.g. EU) legal requirements.
This analysis also shows that standards are maturing in some areas (for example, for IaaS machine control, vocabularies, SLA or security) while maturation is slower in other areas