The newly formed Open Data Center Alliance is using an array of usage models to weld cloud-using customers into a force that prevents vendor lock. At the same time, the group is promoting secure movement of virtual workloads from one provider to another. The organisation is made up of more than 200 members including JPMorgan Chase, Lockheed Martin and Marriott.
While there are other nascent cloud-user organisations forming, such as CSCC (Cloud Standards Customer Council), ODCA (Open Data Center Alliance) in June issued eight usage models that organisations can use today when specifying baseline requirements for cloud projects.
The emergence of the ODCA’s usage models is a recognition of the seismic changes in data centre operations. IT managers must now provide strategic guidance to C-level managers and line-of-business leaders for incorporating the changes being wrought by virtualisation and cloud computing while avoiding vendor lock in.
The usage models from the ODCA can help in this effort. However, my analysis shows that many of the guidelines can be immediately strengthened and made more practical. For example, the ODCA Security Provider Assurance guide doesn’t spell out exactly what level of law enforcement action is needed for the provider to turn over your data. In a private data centre, there are understood procedures and boundaries on the execution of search warrants. In a hosted environment, data protections from unwarranted law enforcement searches are murky. Therefore, IT managers should demand very specific answers from providers about the safeguards in place to prevent data loss when the governmental agency comes knocking.
All together, there are eight published usage models that fit into four general categories:
Secure federation is made of the SM (Security Monitoring) and the SPA (Security Provider Assurance) models. The SM usage model depends heavily on work being done at the Cloud Security Alliance and CloudAudit, both of which are made up primarily of security service vendors. Among the more interesting usage requirements is the daunting ability of the cloud provider to supply “dedicated capabilities with specific resources and reserved for specific customers.”
The SPA document has three stated purposes that are backed up with a four-category, bronze-to-platinum rating system. The publication also enables cloud consumers to compare security levels from one provider to another and between internally and externally hosted clouds. The SPA usage model should make it easier for cloud consumers to understand and select among various levels of security offered by providers. As previously stated, this usage model should be augmented to probe when a search warrant would result in the loss of data control.
Continued on page 2
Page: 1 2
US finalises $4.7bn award to Samsung Electronics, $1.6bn to Texas Instruments to boost domestic chip…
OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…
US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…
Amazon staff in seven cities across US go on strike after company fails to negotiate,…
Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…
Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…