Investigate Standards & Requirements for Cloud Computing

Once you have determined what the key areas are that need to be considered based on the type of Cloud (Private, Public, Hybrid), Industry, Countries, Business Processes and Vendor requirements – you are ready to identify key standards and audit requirements to consider.

Although many say the Cloud should have its own standards – that can be construed as being a little short cited. Cloud Computing is an evolution of various technologies. Some such as virtualization and hosted computing have been around for decades. Although they have significantly improved in feature functionality as hardware, bandwidth, and the internet access as evolved – the basic premise has not completely changed. Given that the Regulation revolution really took off almost a decade ago – many companies have had to invest millions in creating a framework that works for their organization.

It is important to understand that most companies already have tools, processes, and people trained in both in place. It is not likely that they will replace everything they have worked hard to institute to achieve SAS 70 Audit Control (Outsourcers/Providers or Public Clouds) or control frameworks instituted to achieve Regulatory Compliance. Rather than re-inventing the wheel it is better to take a step back, understand what is currently there and how it is evolving to address the new risks, challenges, and requirements of Today’s Cloud and make recommendations for your organization based on the prescriptive guidance in place.

I have compiled a list of what I believe to be not only credible but very well thought out resources from industry experts. Experts are hard to come by these days meaning there is so much information and mis-information in Blogs, List-Serves and groups that it is hard to really cut through the Hype and understand what really needs to be done. Those that are truly working on their own implementations in practice rarely have the bandwidth to blog about it all day. So be careful about what you come across on the net unless you know it is derived from credible sources.

Distributed Management Task Force (AKA DMTF)

The Distributed Management Task Force has been around for quite some time (over 15 years). Winston Bumpus (the current president of DMTF) is a former colleague of mine from VMware. DMTF has worked on various standards over the last 15 years with industry veterans such as Josh Sirota (Architect at BMC/Marimba with over 27 million deployed endpoints), Simon Crosby – CTO from Citrix, and many other what I consider industry luminaries that have at least a decade or more experience implementing Systems Management across the LAN, WAN, and other structures. DMTF has been instrumental in implementing recommendations for open standards to drive interoperability across Systems Management Frameworks (SMASH – Server, DASH for Desktop, OVF – Open Virtualization Format) and most recently they have published new works around recommendations for creating Inter-Operable Clouds.

(Read full article at