Cloud Industry Code of Practice

Is it only in London where you wait hours for a bus, and then two or three (or maybe even four) come along at once?

The Cloud industry has made a number of initiatives to improve the overall approach to the market, for the good of both vendors and users.

The latest initiative is the 2009-formed “Cloud Industry Forum” which has published an “Industry Code of Practice” under a public consultation recently. Anyone who would like to download a copy and perhaps submit feedback should click here as soon as possible.

The Intellect Technology Association (“Intellect”), which represents the IT, telecoms and electronics vendors, has also published a “Business case for Software as a Service“. Although the title suggests a preference for SaaS, the document is actually a very balanced, concise yet useful factual summary of the two approaches.

There is a summary of security issues on page 13. Some of the key points made are:

“While the SaaS model offers significant advantages over on-premise, it does carry potential risks that must also be considered.”

“For SaaS providers [security] is mission critical, and is generally taken very seriously to the point where data security is as important, if not more so, than the SaaS product itself.”

“…it is worth contrasting [SaaS] with your in-house security and compliance before becoming unnecessarily worried about storing your data outside your organization”

Whilst my experience of using SaaS systems first hand suggests there are aspects that need to be added to both documents, both are worth reading if you are a vendor or user of SaaS services.

Further thoughts on the Cloud Industry

Keeping to the transport theme, it’s interesting to think that when the Titanic went down, shipping didn’t stop. However when the Hindenburg burst into flames, it was the end of giant passenger-carrying airships for many years. The difference? In the case of ships, there were no credible alternatives. For airships, there were credible alternatives, and any advantages were outweighed by the risks.

Whatever the cause of the Hindenberg disaster (the hydrogen may have only fuelled a fire that had started elsewhere), the effect was the same – the death of the passenger airship industry.

The cloud industry is relatively new, and on-premise remains a credible alternative. Whilst a major problem in a cloud system might not be a disaster in the sense of the Hindenberg, would the cloud industry be immune from a Hindenberg-equivalent disaster that would take the cloud industry to its knees?

Or for the sake of both users and vendors, should the industry be looking very carefully for any “Hindenberg” risks, be they equivalent to hydrogen, or less obvious? The “Industry Code of Practice” is a good step towards making sure the industry avoids a disaster, and can recover should one occur. Who would want a lower quality cloud vendor to sink the whole industry?