European Cloud Computing Strategy to call for standardisation
26 September 2012 | 0
The European Cloud Computing Strategy, due to be announced on September 28, will seek to cut through the current jungle of standards in the European Union. The plans, put forward by the European Commission, will also try to establish guidelines for service level agreements in order to build public trust in cloud services.
The Commission admits that setting standards will not be easy. "Currently, individual vendors have an incentive to fight for dominance by locking in their customers, inhibiting standardised, industry-wide approaches," according to Commission’s strategy document.
The standards that the Commission wants would be voluntary but would apply to all cloud providers, not just to deals with public administrations.
There have already been many efforts to establish working standards for cloud services, led predominantly by suppliers, but the Commission fears that without certified standards "clouds may develop in a way that lacks interoperability, data portability and reversibility, all crucial for the avoidance of lock-in."
"An appropriate set of standards that can be certified in order to allow public and private procurers to be confident that they have met their compliance obligations. These standards and certificates in turn can be referenced in terms and conditions so that providers and users feel confident that the contract is fair," the strategy document says.
In the US, the National Institute for Standards and Technology (NIST) has published a widely accepted set of definitions for cloud-computing terms, while the European Telecommunications Standards Institute has a group working on meeting standardisation needs and conformity with interoperability standards.
The Commission also wants public administrations to lead the way and use more cloud computing services, particularly those with open standards. "Public authorities have a role to play in forging a trusted cloud environment in Europe. They have an opportunity to use their procurement weight to promote the adoption of a European cloud based on open cloud technologies and secure cloud platforms."
The fragmented nature of the legal framework for cloud services in 27 different EU member states means that contracts and service level agreements often come with extensive disclaimers. However the Commission believes that current proposals for regulations on a Common European Sales Law would solve a lot of these problems although some "specific complementary work" on cloud issues may be needed.
Finally, the Commission said that determining applicable law for issues related to data security and responsibility could be difficult in certain cases, for example in a situation where there is a non-EU user of a non-EU provider operating equipment in the EU. The Commission strategy document said that it would get advice on data protection issues from the Article 29 Working Party – an independent group made up of the data protection commissioners from the 27 member EU nations.
According to a 2011 Commission survey, 80% of organisations could reduce costs by 10-20% by taking advantage of cloud computing.
IDG News Service