Cloud Computing. Rainer Zimmermann

Transcription

1 Cloud Computing Standardisation Rainer Zimmermann European Commission Information Society and Media Directorate General Software & Service Architectures and Infrastructures Unit

2 cloud: a definition Cloud an elastic execution environment of resources involving multiple stakeholders and providing a metered service at multiple granularities for a specified level of quality (of service). Source: Expert group on Cloud Computing,

3 Cloud Computing What are the challenges? 3

4 main cloud challenges Interoperability lock-in risks portability of data, security settings; Privacy & Liability where is my data? whose law applies? who can access it? Governance, control no control of licensing terms, SLA, use of legacy application Security, Dependability data, outages... 4

5 interoperability Interoperability is essential for the cloud to be fair, open and competitive Open specifications are a key in creating competitive and flourishing markets that deliver what customers need 5

6 data portability avoid lock-in customers and users fear to end locked-in with one provider can be a barrier to adoption 6

7 data protection Within the cloud, data may be hosted anywhere in the world, but needs to be protected against privacy intrusions and fraudulent use Europe has been a leader in data protection since 1995 (with the Data Protection Directive) The European data protection regime is now under revision to ensure our fundamental rights and freedoms are well addressed in the digital era 7

8 legal framework - liability Cloud providers should protect European cloud customer s data: portability transparency EU data protection standards European governments must have legal frameworks in place to guarantee data protection, privacy and liability in case something goes wrong 8

9 Cloud Computing What is Europe doing? 9

10 European Cloud Strategy Vice President Neelie Kroes announced in Davos three axes for action: Legal Framework Data protection, privacy laws, user s rights Technical & Commercial Research & standardization Market Member states engagement, pilots, public procurement 10

11 Cloud Computing in the Digital Agenda "Europe should also build its innovative advantage in key areas through reinforced infrastructures and [ ] should develop an EU-wide strategy on 'cloud computing' notably for government and science. [ ] The strategy should consider economic, legal and institutional aspects. 11

12 other steps May 23rd - Major stakeholders meeting a consultation meeting with high level industrial representatives output a draft policy paper recommendations to EC and industry next preparatory meeting in October 2011 Public web consultation, closed on August 31 more than 500 replies some early findings BUT full analysis still on-going International front Discussion of cloud issues in the Trans-Atlantic Economic Council (TEC), G8, WEF, and other international fora EU-US INFSO dialogue: July 1st a consultation meeting on certain cloud issues next meeting is planned for October

13 consultation of major industries recommendations to EC European initiatives relevant to technology standardisation should endorse technology neutrality avoid to mandate standards or preferences too early foster the creation of EU-wide harmonized and globally interoperable rules 13

14 consultation of major industries recommendations to industry industry should be active on standardisation and in particular should consider a possible adaptation of existing IT certification regimes to the needs of cloud services deal with the necessary transparency, as regards to EU privacy rules, data handling and data storage propose adaptation of existing rules to CC, and best practices for providers foster the creation of EU-wide harmonized and globally interoperable rules make a comprehensive inventory of existing and emerging Cloud standardisation and interoperability initiatives in order to identify necessary steps to ensure data portability and guidelines for ease of migration 14

15 web consultation quotes on standards for Clouds: Continuing innovation in cloud and virtualisation will mean that this space will remain dynamic for the foreseeable future. As such it may still be too early to mandate or recommend standards as opposed to advising on available standards. a CAREFUL Le législateur pourrait donc veiller à la protection des droits des consommateurs par discussion la mise à disposition and des informations relatives aux modalités de conservation des données dans un format ouvert et adoption interopérable The use of non-proprietary process data formats is and open APIs is critical for cloud computing interoperability. The EU should avoid technology mandates of any standard. strongly Instead, the appropriate role would be to call for open interfaces and standards, wherever and whenever they are available. recommended [ ] many other standards bodies and industry fora are working to adapt and develop standards for the cloud, [ ]. However, government, industry and any other stakeholders must be careful to avoid picking winners. 15

16 FI-WARE: the PPP platform provides cloud hosting from FI-WARE presentation, 2nd European Summit on the Future Internet, Luxembourg, 6-7 June

17 Cloud standardisation: the issues standardisation is highly complex the supply side is not interested too early: players prefer to gain market share the demand side is hesitant current solutions could result in lock in situations large number of involved parties technology providers, solution integrators, governments, user groups, etc. regulatory requirements to comply with several standardisation bodies and fora with heavy non-european participation there is a real need to develop 17

18 Cloud Computing what are the standards in the game? 18

19 standards at which level? from NIST, ttp:// 19

20 Examples: Which type of standards need to be developed in Cloud Computing? ITSM, ITIL, OCCI Business Service SLA??? S-RAMP Service Discovery Service Catalog??? Vendor Application APIs Google, Amazon, Salesforce.com.. OCCI Open Cloud Computing Interface OGA OCI Open Cloud Interface OVF Virtual Container CDMI Cloud Data Management Interface - SNIA At Rest, In transit, OpenID, OpenAuth, SAML, Advance Data, Transport Encryption e.g.aes, VPN, SSL Management Service Catalog Application Compute Storage Identity Encryption gap API gap from CapGemini presentation, Digital Age enda, WS18, Brussels XML, HTTP, REST, Web Services.. Syntax 20

21 from the presentation of the WG Interoperability, Data Portability and Reversibility, Brussels

22 A (partial) list of involved SDO from the SIENA initiative web site, 22

23 A (partial) list of involved SDO - 2 from the SIENA initiative web site, 23

24 Standards roadmap SIENA FP7 support action ending in May 2012 main output: roadmap on Grids and Clouds for Research and for Public Services and after? and for industry? 24

25 Cloud Computing Standards what could be next? 25

26 from chaos 26

27 and to the structure ETSI role this meeting should be the starting point for ETSI to map the landscape in standardisation and help us work out the interest of the Union, its industries and its citizens. 27

28 in practical terms Taking into account European legislative context roadmaps input industrial needs citizens/societal needs SDOs roles and input international dialogue and harmonisation 28

29 the desired output internationally agreed solid and mature criteria or standards for Cloud Computing small set of EU std for specific fields like privacy small set of national std for specific needs 29

30 Further Information Sites to drill further: - Software & Service Architectures and Infrastructures European Future Internet portal ch?form=cloudcomputing&lang=en Cloud consultation Mail to: Rainer.Zimmermann@ec.europa.eu 30