In the last years, the surging demand for inexpensive and scalable IT infrastructures led to the widespread adoption of Cloud computing architectures; nowadays, Cloud architectures have reached their momentum due to their inherent capacity of simplifying IT infrastructure building and maintenance by making related costs easily accountable and paid on a pay-per-use basis. Although a general agreement about standards has still to be reached, some emerging de-facto definitions, such as the one proposed by the National Institute of Standards and Technology (NIST) underline that Cloud computing inherits from several state-of-the-art technologies, including grid computing, virtualization, Service Oriented Architectures (SOA), and utility computing. At the same time, to make the process more complex, at the current stage, Cloud providers work at the different Cloud software stack layers, namely, Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) and they tend to adopt proprietary Cloud solutions and middleware platforms, thus producing isolated environments with many risks stemming from that isolation that can hardly obstruct further advancements of Cloud computing. This lack of proper Cloud standardization and certification processes, especially for security-related aspects, hinders the outsourcing of enterprise IT assets to third-party Cloud computing platforms because organizations are afraid of the loss of control over their Cloud-hosted assets and feel very hard and difficult to migrate from one Cloud solution to another one. Starting from the core assumption that only a deep and broad knowledge of existing efforts can pave the way to the publication of widely-accepted future Cloud standards, this chapter aims at putting together current trends and open issues in Cloud standardization to derive an original and holistic view of the existing proposals and specifications. In particular, among the several Cloud technical areas, our analysis focuses on two main aspects, namely, security and interoperability, because they are the ones mostly covered by ongoing standardization efforts and, from both our experience and existing studies about enterprise concerns and acceptance of Cloud technologies, currently represent two of the main limiting factors for the diffusion and large adoption of Cloud. After an in-depth presentation of security and interoperability requirements and standardization issues, we overview main general frameworks and initiatives in these two areas, and then we introduce and survey all main related standards; finally, we compare surveyed standards and give future standardization directions for Cloud.
Bracci, F., Corradi, A., Foschini, L. (2013). Cloud standards: Security and interoperability issues. Hershey, PA : IGI Global [10.4018/978-1-4666-4522-6.ch020].
Cloud standards: Security and interoperability issues
BRACCI, FABIO;CORRADI, ANTONIO;FOSCHINI, LUCA
2013
Abstract
In the last years, the surging demand for inexpensive and scalable IT infrastructures led to the widespread adoption of Cloud computing architectures; nowadays, Cloud architectures have reached their momentum due to their inherent capacity of simplifying IT infrastructure building and maintenance by making related costs easily accountable and paid on a pay-per-use basis. Although a general agreement about standards has still to be reached, some emerging de-facto definitions, such as the one proposed by the National Institute of Standards and Technology (NIST) underline that Cloud computing inherits from several state-of-the-art technologies, including grid computing, virtualization, Service Oriented Architectures (SOA), and utility computing. At the same time, to make the process more complex, at the current stage, Cloud providers work at the different Cloud software stack layers, namely, Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) and they tend to adopt proprietary Cloud solutions and middleware platforms, thus producing isolated environments with many risks stemming from that isolation that can hardly obstruct further advancements of Cloud computing. This lack of proper Cloud standardization and certification processes, especially for security-related aspects, hinders the outsourcing of enterprise IT assets to third-party Cloud computing platforms because organizations are afraid of the loss of control over their Cloud-hosted assets and feel very hard and difficult to migrate from one Cloud solution to another one. Starting from the core assumption that only a deep and broad knowledge of existing efforts can pave the way to the publication of widely-accepted future Cloud standards, this chapter aims at putting together current trends and open issues in Cloud standardization to derive an original and holistic view of the existing proposals and specifications. In particular, among the several Cloud technical areas, our analysis focuses on two main aspects, namely, security and interoperability, because they are the ones mostly covered by ongoing standardization efforts and, from both our experience and existing studies about enterprise concerns and acceptance of Cloud technologies, currently represent two of the main limiting factors for the diffusion and large adoption of Cloud. After an in-depth presentation of security and interoperability requirements and standardization issues, we overview main general frameworks and initiatives in these two areas, and then we introduce and survey all main related standards; finally, we compare surveyed standards and give future standardization directions for Cloud.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.