By Teresa Carlson, Vice President, Microsoft Federal
When we talk about cloud standards, we’re often thinking about security and privacy. But standards also play an extremely important role in ensuring interoperability and data portability, which are both critical to making sure government gets the best value from its cloud solutions. The MITRE “Ahead in the Clouds” forum tackled the topic of cloud standards in July, and I focused my response on standards as a means to an end – attaching definable goals to standards-setting that will support adoption without hindering innovation. My response is posted below, and the other great responses from industry leaders can be found on MITRE’s Forum.
MITRE’s Question for July: The use of standards-based solutions can be an important risk reduction approach for Government. Please describe current standards that could help the Government in its adoption of cloud computing. Also, what cloud standards efforts would you like to see in the future?
Standards can be extremely valuable in providing security and privacy assurances to organizations exploring cloud computing options, and they are also critical to laying a foundation of interoperability within the IT industry. Interoperability is really essential because it promotes competition, innovation, and customer choice, which are all key to ensuring the government has access to the best solutions at the best prices. It’s important to always think about standards as a means to this end, because creating standards for the sake of creating standards has the potential to hinder innovation.
History shows that standards tend to emerge as they are needed. Industries adopt standards when organizations demand them. They have the power to level the playing field and provide access to the best solutions. In the cloud, this means security standards, protocols, Internet standards and storage standards. Some of the best cloud standards that exist today are the same ones that advanced the Web, including HTTP, Simple Object Access Protocol (SOAP), Representational State Transfer (REST) and Extensible Markup Language (XML). These are all market-tested standards carried over from Web 2.0 or grid computing and they all support interoperability. In some cases these existing standards aren’t a perfect fit for the cloud, especially when it comes to connectivity, datacenter proximity and privacy, but new standards that address these issues specifically will continue to build upon Web services and REST-based approaches. Our developers always talk about how high level, semantic standards tend to work better than syntactic standards because they avoid the friction and overlap that can actually hinder progress.
But standards don’t create interoperability on their own. If two providers implement the same standard within their cloud offering there is no guarantee that those products will be able to interoperate with each other. It still requires ongoing technical collaboration amongst companies, governments and standards-setting organizations. In the federal space, standardized terms, language and processes will go a long way to achieving this goal. On the security side, FedRAMP is a great example of collectively addressing standards and streamlining the process of evaluating cloud solutions. Making authorization government-wide will eliminate the time and resources that each agency needs to devote to risk management.
The best standards come from an open, collaborative process that is driven by market need. Worthwhile standards need to be tied to a specific “use case” that addresses a critical outcome like interoperability or security. There are some great standards that already exist today that we can build upon to address current cloud gaps, which will keep the playing field level and offer the best solutions for federal agencies.