What you need to know about cloud standards

31 May 2021

Image: © Thitichaya/Stock.adobe.com

Forrester’s Tracy Woo discusses the importance of standards when building a cloud strategy and the key points leaders need to consider.

Click here to view the full Cloud Week series.

Cloud platforms are becoming the default choice for digital delivery and, for today’s enterprise, there is little question of whether or not to have a cloud strategy.

Public and private companies recognise that it is a necessary component of staying competitive, with cloud platforms providing access to flexible capacity terms and lowering barriers to innovation.

However, the fast pace of change in technologies also brings its challenges. Cloud platforms are proprietary and opinionated, which can make migration, portability and integration extremely difficult. Users can find themselves at the mercy of vendor lock-in, cost increases, and incomplete security practices.

Why are standards important?

As enterprises scale their usage, standards become a more prominent issue. They can reduce friction and risk for companies with large or complex operations. Similarly, if a company is using a cloud provider, it can ensure that its security capabilities are compatible to work together.

Mature industries, where standards compliance may be a deciding factor, will be seeking familiar assurance, while organisations starting digitally led initiatives with a long-term horizon will find that standards adherence is an important factor in decision-making.

Understanding the key issues behind cloud standards can provide assurance, helping professionals to evaluate options and plan with confidence. Here are three key points to consider when it comes to cloud standards.

Formal cloud standards are still evolving

Cloud standards support a range of goals. Common goals for cloud standards include portability, migration, and security. They also enable interoperability across multiple platforms, balance workloads and underpin security and data protection.

Security and assurance standards are a significant force in cloud computing when it comes to these kinds of objectives, but products and vendors are still fiercely innovating and standards won’t emerge until their technologies stabilise.

Understand the players and motivations

All standards organisations have a business model, including non-profits. Even open source doesn’t mean it isn’t commercially driven. Vendors will often support or propose standards to support their commercial objectives. So, to understand cloud standards, it is important to know who benefits.

Hundreds of international standards organisations exist. The most important and best known is ISO, founded in 1946 by delegates from 25 countries. Others include IEC (a peer organisation), ITUT (the International Telecommunication Union Telecommunication Standardisation Sector) and ANSI (the American National Standards Institute).

Standards fall on a spectrum between de facto and de jure. De facto standards aren’t formalised. Rather, they’re broadly accepted practices or products. Microsoft Windows is frequently described as a de facto standard, as it represents the vast majority of installed PC operating systems. For cloud, the Amazon Web Services (AWS) APIs are the leading de facto standard. For example, various storage providers support Amazon S3 APIs.

Conversely, a de jure standard is formally defined and governed and, in the strictest sense, ISO and its affiliates own this category. Sometimes, standards follow a natural progression from de facto to de jure, starting off as informal and then becoming refined through a series of steps culminating in ISO acceptance.

The open source/open standards axis is key

Open standards and open source aren’t the same – though they may overlap in some cases – and they have a complex interdependency in cloud computing.

Open standards are formalised protocols, accepted by multiple parties as a basis for joint (usually commercial) action, usually under the jurisdiction of some governing authority. They may have multiple implementations or different ways of achieving the same outcome.

By contrast, open source is software that’s free to use and consume. It’s usually based on a common code base but may have multiple distributions, such as Linux with CentOs vs Debian. Open sources and open standards can overlap when the open-source product is so dominant that it becomes a de facto standard (eg Linux).

In many cases, the world of open source, standards, and de facto options from major commercial products bleed together. To understand where open standards may end up, stay tuned to current cloud open-source activities.

Plan for now and track the changes

The most important class of cloud standards, with the clearest evidence of broad adoption, are the security standards.

Meanwhile, interoperability standards are rarely essential to cloud purchasing decisions, though most companies look to future-proof their technology decisions. Portability enables the flexibility to switching deployment models (private or public cloud), lean more heavily to the edge, or prepare for future business initiatives.

So, while standards evolve, enterprises might explore containers and strategically decide whether speed or flexibility is of higher value for that particular workload.

The important thing is to build a plan for now and keep track of developing cloud standards and open-source initiatives. Today’s beta projects may well become the foundation for tomorrow’s cloud API standards.

By Tracy Woo

Tracy Woo is a senior analyst at Forrester, advising infrastructure and operations clients on cloud computing strategies.