Effective certification key to ensuring trust in cloud services in Europe, says APM Group

EU finds safe passage through the ‘jungle’ of cloud standards, but maturity to take 18 months.

  • Thursday, 23rd January 2014 Posted 10 years ago in by Phil Alsop

With cloud standards not set to reach maturity until 2015, APM Group, the Cloud Industry Forum’s (CIF) independent certification partner, has called on the European Union to encourage and implement an effective Code of Practice, rather than develop a new generation of pan-European standards.
In September 2012 the European Commission (EC) laid out its strategy to create a single set of rules for cloud computing for Europe to increase EU GDP by €160 billion annually by 2020 and increase transparency in the sector. One of the key tasks assigned to the European Telecommunications Standards Institute (ETSI) was “Cutting through the Jungle of Standards” to identify “a detailed map of the necessary standards for security interoperability, data portability and reversibility”.


The interested parties convened in Brussels in December 2013 to present their findings, reporting that though the cloud standards landscape is not as complex as initially thought, an effective framework of cloud standards is still 18 months from maturity.


CIF’s chairman, Dr Richard Sykes, last year compared the European cloud standards project to a grand projet of old - complex, expensive, and slow to implement – suggesting that a Code of Practice for Cloud Service Providers (CSPs) might be a faster approach to ensuring cloud trust and transparency.


Echoing these views, Richard Pharro, APM Group’s CEO, said: “Unfortunately one of the primary challenges that the authors of standards face is one of time. Standards take time to develop and refine, and lag industry developments so as soon as a particular standard has been devised and gained traction, the industry will have moved on. Given its rapid pace of change, this is felt acutely in the cloud industry, making the task at hand all the more difficult.


“Developing new standards takes years, whereas developing an effective code of conduct could take months. Initiatives such as the CIF Code of Practice are fast and effective in developing and enshrining the commercial and technical behavioural norms that the cloud industry requires. Moreover, cloud codes are more agile than standards, can account for the differing legal frameworks of EU member states, and can be easily upgraded as and when required.


“Technical standards are important for the future of the cloud industry. However, if we accept that the European Commission’s primary aim is to increase trust and transparency in cloud computing, then a code of conduct, akin to the CIF Code of Practice, which aims to ensure that CSPs are entirely transparent in their capabilities and operational practices, seems to be the most sensible way forward – at least in the short-term,” Pharro concluded.