(A.) Policy and legislation
(A.1) Policy objectives
Establishing a coherent framework and conditions for cloud computing was one of the key priorities of the digital agenda for Europe. The digital single market strategy confirmed the importance of cloud computing, which is driving a paradigm shift in the delivery of digital technologies, enhancing innovation, digital single market and access to content.The Communication «2030 Digital Compass: the European way for the Digital Decade»proposes that by 2030 75% of European enterprises have taken up cloud computing services, big data and Artificial Intelligence.
(A.2) EC perspectiveand progress report
The key role of cloud computing is established through the European Cloud Initiative and through the initiative on Building a European Data Economy.Cloud computing is developing fast.Estimatesindicate that these developments could lead to the growth of the European cloud market from €9.5bn in 2013 to €44.8bn by 2020, i.e. almost five times the market size in 2013. The latest Eurostat data available end of 2020) shows the current state of play in the European Union regarding the use of cloud computing by enterprises. The main findings are summarised below:
- 36 % of EU enterprises used cloud computing in 2020, mostly for hosting their e-mail systems and storing files in electronic form.
- 55 % of those firms used advanced cloud services relating to financial and accounting software applications, customer relationship management or to the use of computing power to run business applications.
- Compared with 2018, the use of cloud computing increased by 12 percentage points.
The development of the cloud computing market and the efficient delivery of cloud services particularly depend on the ability to build economies of scale. The establishment of a Digital Single Market will unlock the scale necessary for cloud computing to reach its full potential in Europe.EU-based cloud providers have only a small share of the cloud market, which leaves the EU exposed to such risks and limits the investment potential for the European digital industry in the data processing market. Also, given the impact of data centers and cloud infrastructures on energy consumption, the EU should take the lead in making these infrastructures climate neutral and energy efficient by 2030, while using their excess energy to help heating homes, businesses and common public spaces.
In 2012, the Article 29 data protection working party issued on opinion on cloud computing. This opinion has outlined how the wide scale deployment of cloud computing services can trigger a number of data protection risks, mainly a lack of control over personal data as well as insufficient information with regard to how, where and by whom the data is being processed/sub-processed.
The proposed actions follow the direction as outlined in the EU Communication on ICT standardisation priorities which identified cloud as a key priority for Europe. The actions include a follow-up of cloud standards coordination started in 2012/2013 when the Commission asked ETSI to coordinate stakeholders to produce a detailed map of the necessary standards (e.g. for security, interoperability, data portability and reversibility).
The Cloud Select Industry Group (C-SIG) has been open to all organisations, groups and individuals having a professional interest in cloud computing matters and are active in the European cloud market. The Communication “Unleashing the Potential of Cloud Computing in Europe” (2012) identified key actions to be supported by Cloud Select industry Groups. See section C1 below.
The Commission is also pursuing international cooperation in the field of cloud computing, and anumber of policy and joint research initiatives have been put in place with Japan, Brazil and South Koreaand are ongoing with USA.
The Commission has also funded the CloudWatch2 project which, among others, reported on the status of interoperability and security standards, developed a catalogue of cloud services and mapped EU cloud services and providers.
When it comes to certification andways for customers to know and be assured that their data is equally safe no matter where they are located or who provides the service, the Commission launched the studyCertification Schemes for Cloud Computing SMART 2016/0029) and apublic consultation which ended in October 2017.
In the view of facilitating a fair market for the consumers, the Commission also launched a study on Switching cloud providers (SMART 2016/0032) to collect evidence on legal, economic, and technical issues when switching from provider.
In April 2018 the Commission launched two DSM (Digital Single Market) Cloud Stakeholder groups https://ec.europa.eu/digital-single-market/en/news/cloud-stakeholder-working-groups-start-their-work-cloud-switching-and-cloud-security). The DSM Working Group on Cloud Certification Scheme will begin exploring an EU certification scheme on cloud security. The Group consists of national cyber security authorities, cloud service provider, cloud service customer as well as auditing entities.
The European Security Certification Framework (EU-SEC) strives to address the security, privacy and transparency challenges associated with the greater externalization of IT to Cloud services. EU-SEC will create a certification framework under which existing certification and assurance schemes can co-exist. EU-SEC is funded by Horizon 2020 and publishes its results atwww.sec-cert.eu.
The other DSM Cloud Stakeholder group (working group on cloud switching/ porting data - SWIPO) has defined a self-regulatorycodes of conduct to facilitate data portability and cloud switching.https://swipo.eu/) These portability codes intend to support article 6 of the Regulation on the free-flow of non-personal data. The objective of SWIPO is to reduce the risk of ‘vendor lock-in’, as it will be easier to switch providers when it is clear which processes, technical requirements, time frames and charges apply in case a professional user wants to switch to another provider or port data back to its own IT systems.
On 15 October 2020 all EU Member States signed a Declaration on building the next generation European cloud. A key role in building the European cloud plays the launch of the European Alliance for Industrial Data and Cloud. The objective of the Alliance is to establish a competitive European cloud supply and to foster cloud adoption in the EU private and public sectors, in order to build technological autonomy and data sovereignty in Europe. The Alliance will bring together the key EU industrial actors on the supply side and the demand side with Member States’ authorities. Its aim will be to substantially increase the share of EU suppliers on the European public cloud infrastructure market by 2030. More concretely the aim of the Alliance is to:
- Build the next generation cloud supply: the Commission is committed to co-invest in the interconnection and deployment across the EU.
- Deploy pan-European cloud marketplaces, which will offer users a single portal to cloud offerings meeting key EU standards and rules.
- Define common requirements for cloud services operating on the EU market. The future EU Cloud Rulebook will be developed by the Commission in close cooperation with Member States and in consultation with relevant stakeholders.
The JRC published a study on the relationship of open source software and standards setting at the end of 2019 (https://ec.europa.eu/jrc/en/publication/eur-scientific-and-technical-research-reports/relationship-between-open-source-software-and-standard-setting). The objective of the study was to identify possible commonalities and barriers for interaction between standardisation and open source (OSS) processes and in particular the interplay between OSS and FRAND licensing in standardisation.
(A.3) References
- Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union
- COM(2016)176 “ICT Standardisation priorities for the digital single market”
- COM(2016)178 “European cloud initiative — building a competitive data and knowledge economy in Europe” (Along with SWD(2016)106 and SWD(2016)107)
- COM(2012)529 “Unleashing the potential of cloud computing in Europe”
- COM(2015)192 “A digital single market strategy for Europe”
- Directive (EU) 2016/1148of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the EU (NIS Directive).
- COM(2021)118 “2030 Digital Compass: the European way for the Digital Decade”
The volume of data generated is greatly increasing. A growing proportion of data is expected to be processed at the edge, closer to the users and where data are generated. This shift will require the development anddeployment of fundamentally new data processing technologies encompassing the edge, adding to those current and future developments concerning acentralised cloud-based infrastructure models
(B.) Requested actions
The Communication on ICT Standardisation Priorities for the digital single market proposed priority actions in the domain of Cloud. Some actions are still relevant and mentioned below. Others come from the need to respond to the challenges of the Digital Decade Communication
Action 1 Identify needs for ICT standards and open source technologies to further improve the interoperability, data protection and portability of cloud services and continue or startrespective development activities. This should also take into account available open source technologies and their role for interoperability, data protection and management of multiple clouds.
Action 2 Promote the use of the ICT standards needed to further improve the interoperability, data protection and portability of cloud servicesas well as multi-cloud management.
Action 3 Further strengthen the interlock between standardisation and open source in the area of Cloud and establish and support bilateral actions for close collaboration of open source and standardisation.Foster a level playing field that allows the use of Open Source procedures and deliverables where they make economic sense complementing or substituting standardisation.
Action 4 Promote international standards on service level agreements (SLAs) and usage of the cloud code of conduct (CoC).
Action 5 Promote the use of the ISO/IEC JTC 1 reference cloud architecture and define generic cloud architecture building blocks. Map available standards to the generic cloud architecture building blocks. Define privacy, security and test standards for each building block. This will also help determine which standards can be used for open cloud platforms and architectures taking into account the key role of open source for cloud infrastructure design and implementations.
Action 6 Promote the development of adequate standards/open source developments to ensure a competitive playing field for cloud services provision in Europe and contribute to the green agenda.
Action 7 SDOs and open source communities to foster their collaboration, mutual exchange, integration of Open Source outcomes in SDO deliverables and identification of technologies, e.g. APIs, that have been developed in open source and could be standardised.
(C.) Activities and additional information
(C.1) Related standardisation activities
CEN-CENELEC
When it comes to Cloud Security, CEN-CLC/JTC 13 ‘Cybersecurity and Data protection’ mirrors the activities of ISO/IEC JTC 1 SC 38 ‘Cloud Computing and distributed platforms’,and considers in this respectthe potential adoption of International Standards as European Standards, where market relevant.CEN-CLC/JTC 13’s scope covers the development of standards for cybersecurity and data protection covering all aspects of the evolving information society. This includes notably: Management systems, frameworks, methodologies; Data protection and privacy; Services and products evaluation standards suitable for security assessment for large companies and small and medium enterprises (SMEs); Competence requirements for cybersecurity and data protection; Security requirements, services, techniques and guidelines for ICT systems, services, networks and devices, including smart objects and distributed computing devices.
In 2021, CEN-CLC/JTC 13 started developing the following relevant deliverables:
- prCEN/CLC/TS XXX ‘Multi-layered approach for a set of information security requirements for information/cyber security controls for Cloud Services’
- prCEN/CLC/TS XXX ‘Requirements for Conformity Assessment Bodies certifying Cloud Services’
ETSI
ISG NFV (Network Functions Virtualisation):https://www.etsi.org/committee/NFV. NFV adapts standard IT virtualisation technologies, consolidating heterogeneous network infrastructures based on disparate, ad hoc equipment types onto industry standard servers, switches and storage.
ISG NFV develops and improves the NFV architectural framework to make more efficient the integration of edge computing and NFV,
GS NFV-EVE 011 documents the set of criteria to help characterize cloud-native VNFs.
GS NFV-IFA 029 documents enhancements of the NFV architecture for providing “PaaS”-type capabilities and supporting virtualised network functions (VNFs) which follow “cloud-native” design principles.
Specifications and reports on container infrastructure management:
Specifications and reports on multi-site / multi-domain deployments
Furthermore, within the framework of NFV Release 5, ISG NFV develops a report on methods and metrics for evaluating the reliability of cloud-native VNFs.
ISG MEC (Multi-access Edge Computing) offers to application developers and content providers cloud-computing capabilities and an IT service environment at the edge of the network. ISG MEC is developing a set of standardized Application Programming Interfaces (APIs) to enable MEC services. To application developers and content providers, the access network offers a service environment with ultra-low latency and high bandwidth and direct access to real-time network information that can be used by applications and services to offer context-related services.
List of relevant documents from ISG MEC:
The group led the publication of aWhite Paper on “MEC security: Status of standards support and future evolutions” written by several authors participating in ETSI ISG MEC, ETSI ISG NFV SEC and ETSI TC CYBER. The work identified aspects of security where the nature of edge computing leaves typical industry approaches to cloud security insufficient.
- As a follow-up of the above white paper, the MEC group started a study on MEC Security (ETSI GR MEC041).
- Also multi-MEC and MEC-Cloud environments can be relevant in this context. In the domain of Cloud Federation, ETSI ISG MEC published a study ETSI GR MEC 035.
As a follow-up of the previous study (MEC 035), the group started the related normative work (ETSI GS MEC 040) to standardize MEC Federation Enablement APIs. The work is done in alignment with GSMA OPG and 3GPP SA6.
ISG NIN (Non-IP Networking): is investigating communications and networking protocols to provide the scale, security, mobility and ease of deployment required for a connected society. It is developing a forwarding plane standard that, while still supporting traditional Internet protocols, will also natively support new forms of routing, with a clean interface between the forwarding plane and the control and management planes. Thus, when accessing a service that might be provided at the edge or centrally, a client no longer needs to discover an IP address which identifies an interface to the equipment that provides the service, but can identify the service, content, etc, directly.
ISO/IEC JTC 1
ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection
ISO/IEC 27017 — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
ISO/IEC 27018 — Code of practice for personally identifiable information (PII) protection in public cloud acting as PII processors
ISO/IEC 27036-4 — Information security for supplier relationships — Part 4: Guidelines for security of cloud services
ISO/IEC JTC 1/SC 38 Cloud computing and distributed platforms:
A full suite of standards is available and in progress in ISO/IEC JTC 1 SC 38 on cloud computing technologies including, most notably, the ISO Cloud Reference Architecture but also work on vocabulary, SLAs, etc. This is complemented by work in ISO/IEC JTC 1 SC27 on cybersecurity and on more specific work as on Virtualisation. Below is a non-exhaustive list of relevant ISO standards.
http://www.iso.org/iso/jtc1_sc38_home
ISO/IEC 19086-1 — Cloud computing — service level agreement (SLA) framework — Part 1: Overview and concepts
ISO/IEC 19086-2 — Cloud computing — Service level agreement (SLA) framework — Part 2: Metric model
ISO/IEC 19086-3 — Cloud computing — Service level agreement (SLA) framework — Part 3: Core conformance requirements
ISO/IEC 19086-4 — Cloud computing — Service level agreement (SLA) framework — Part 4: Components of security and of protection of PII
ISO/IEC 19941 Cloud Computing — Interoperability and portability
ISO/IEC 19944 Cloud Computing — Cloud services and devices: data flow, data categories and data use
ISO/IEC TR 22678 -- Cloud Computing -- Guidance for Policy Development
ISO/IEC TR 23186 -- Cloud computing -- Framework of trust for processing of multi-sourced data
ISO/IEC NP TR 23187 -- Cloud computing — Interacting with cloud service partners (CSNs) (work in progress)
ISO/IEC PDTR 23613 -- Cloud service metering and billing elements (work in progress)
ISO/IEC AWI 23751 -- Cloud computing and distributed platforms — Data sharing agreement (DSA) framework (work in progress)
ISO/IEC TR 23951 -- Cloud computing — Best practices for cloud SLA metrics (work in progress)
ISO/IEC 22624 -- Cloud Computing -- Taxonomy based data handling for cloud services (final stages of approval)
ISO/IEC CD 22123 -- Cloud Computing -- CONCEPTS AND TERMINOLOGY (work in progress)
ISO/IEC TS 23167 -- Cloud Computing -- Common Technologies and Techniques (work in progress)
ISO/IEC TR 23188 -- Cloud computing -- Edge computing landscape (work in progress)
ISO/IEC 17788 — Cloud computing — Overview and vocabulary
ISO/IEC 17789 Cloud computing — Reference architecture
ISO/IEC TR 3445 — Cloud computing — Audit of cloud services
(Work in progress)
ISO/IEC 5140 — Cloud computing — Concepts for multi-cloud and other interoperation of multiple cloud services
(Work in progress)
ITU
ITU-T SG13 leads ITU’s work on standards for future networks and 5G and is the primary SG working on cloud computing and data handling. It approved 29 Recommendations and 2 Supplements and has 26 ongoing work items covering different aspects of cloud computing (e.g. terminology, overview, reference architecture, functional requirements for technologies supporting XaaS and inter-cloud computing, edge cloud for FMSC, and performance management framework in inter-cloud and data storage federation). Relevant URLs:
Y.Sup49 to ITU-T Y.3500-series (11/2018) - Cloud computing standardisation roadmap, including deliverables of various SDOs:
https://www.itu.int/rec/T-REC-Y.Sup49/en.
Flipbook “Cloud computing: From paradigm to operation” with a collection of many ITU-T outputs on cloud computing:
https://www.itu.int/en/publications/Documents/tsb/2020-Cloud-computing-From-paradigm-to-operation/index.html
In the domain of Big Data for Cloud, ITU-T related work is listed in the Big Data chapter of this Rolling Plan.
More info:https://www.itu.int/en/ITU-T/studygroups/2017-2020/13
ITU-T SG11 work on cloud and edge computing with regard to signalling, monitoring and interoperability testing. SG11 developed 7 Recommendations which cover monitoring of cloud computing, signalling requirements of intelligent edge computing, interoperability testing of cloud computing and testing requirements for virtual switches (ITU-T Q.3914, ITU-T Q.4040-Q.4059-series, ITU-T Q.5001). The ITU-T Q.Supplement 65 “Cloud computing interoperability activities”, provides the summary information for cloud computing interoperability activities of existing standards development organizations (SDOs) and the groups, forums and open sources developing the specifications that have the potential to utilize cloud computing interoperability testing tools.
Currently, the ongoing work items of SG11 focus on signalling requirements for federated multi-access edge computing, protocols for microservices based intelligent edge computing and intelligent control of cloud-network-converged networks gateway.
More info: https://itu.int/go/tsg11
ITU-T SG20 develops standards on Internet of things (IoT), smart cities and communities. It also studies aspects related to edge computing for the Internet of things (IoT) which allows IoT deployments to be enhanced through data processing closer to the end device. . ITU-T SG20 has approved the following Recommendations:
- Recommendation ITU-T Y.4122 “Requirements and capability framework of edge computing-enabled gateway in the IoT”
- Recommendation ITU-T Y.4208 “IoT requirements for support of edge computing”
More info: https://itu.int/go/tsg20
ITU-T SG17 works on cloud computing security. It has approved four Recommendations:
- ITU-T X.1603 “Data security requirements for the monitoring service of cloud computing”,
- ITU-T X.1604 “Security requirements of network as a service (NaaS) in cloud computing”
- ITU-T X.1605 “Security requirements of public infrastructure as a service (IaaS) in cloud computing”
- ITU-T X.1606 “Security requirements for communication as a service application environments”. . SG17 has is working on Security guidelines for container, distributed cloud, multi-cloud, edge cloud and Security requirements of cloud-based platform under low latency and high reliability application scenarios, network security situational awareness platform for cloud computing, etc.
- More details here:https://www.itu.int/en/ITU-T/studygroups/2017-2020/17
IEEE
Cloud computing:
IEEE recently published the IEEE 2301-2020 IEEE Guide for Cloud Portability and Interoperability Profiles (CPIP). It provides standards-based choices in areas such as application interfaces, portability interfaces, management interfaces, interoperability interfaces, file formats, and operation conventions for cloud computing ecosystem participants (cloud vendors, service providers, and users).
Fog/Edge Computing:
Work is going on in IEEE P1934.1 “Nomenclature and Taxonomy for Distributing Computing, Communications and Networking along the Things-to-Cloud Continuum” and IEEE P1935 “Standard for Edge/Fog Manageability and Orchestration”.
More recently IEEE SA initiated a new family of standards on cloud-edge collaborative framework through its work on IEEE P2805.1 on “Self-Management Protocols for Edge Computing Node”, IEEE P2805.2 on “Data Acquisition, Filtering and Buffering Protocols for Edge Computing Node”, IEEE P2805.3 on “Cloud-Edge Collaboration Protocols for Machine Learning”, and the IEEE P2961 on “Guide for an Architectural Framework and Application for Collaborative Edge computing”.
More information is available athttps://ieeesa.io/rp-cloudcomputing
IETF
The IETF has multiple groups working on standards for virtualization techniques, including techniques used in cloud computing and datacenters.
The Layer 2 Virtual Private Networks (L2VPN) Working Group produced specifications defining and specifying solutions for supporting provider-provisioned Layer-2 Virtual Private Networks (L2VPNs). They also addressed requirements driven by cloud computing services and data centers as they apply to Layer-2 VPN services. TheL2VPN Service Model (L2SM) Working Group is tasked to created a data model that describes an L2VPN service.
The Layer 3 Virtual Private Networks (L3VPN) Working Group was responsible for defining, specifying and extending solutions for supporting provider-provisioned Layer-3 (routed) Virtual Private Networks (L3VPNs). These solutions provide IPv4, IPv6, and MPLS services including multicast.
The Layer Three Virtual Private Network Service Model (L3SM) Working Group was tasked to create a YANG data model that describes an L3VPN service (an L3VPN service model) that can be used for communication between customers and network operators, and to provide input to automated control and configuration applications.
The Network Virtualization Overlays (NVO3) Working Group develops a set of protocols and extensions that enable network virtualization within a datacenter environment that assumes an IP-based underlay. An NVO3 solution provides layer 2 and/or layer 3 services for virtual networks enabling multi-tenancy and workload mobility, addressing management and security issues.
The System for Cross-domain Identity Management (SCIM) Working Group worked on standardising methods for creating, reading, searching, modifying, and deleting user identities and identity-related objects across administrative domains, with the goal of simplifying common tasks related to user identity management in services and applications.
The Computing in the Network Research Group (coinrg) of the IRTF explores existing research and fosters investigation of “Compute In the Network” and resultant impacts to the data plane. The goal is to investigate how to harness and to benefit from this emerging disruption to the Internet architecture to improve network and application performance as well as user experience.
https://trac.ietf.org/trac/iab/wiki/Multi-Stake-Holder-Platform#Cloud
Fraunhofer Institute and OFE
The Fraunhofer Institute and Open Forum Europe (OFE) have been carrying out a study on behalf of the European Commission, entitled “The impact of Open Source Software and Hardware on technological independence, competitiveness and innovation in the EU economy”. The study is in latest stages of being published (foreseen September 2021).The analysis estimates a cost-benefit ratio of above 1:4 and predicts that an increase of 10% of OSS contributions would annually generate an additional 0.4% to 0.6% GDP as well as more than 600 additional ICT start-ups in the EU. Case studies reveal that by procuring OSS instead of proprietary software, the public sector could reduce the total cost of ownership, avoid vendor lock-in and thus increase its digital autonomy. The study also contains policy recommendations including thepromotion OSS in addition to standardisation as a further channel of knowledge and technology transfer, e.g., as an explicit dissemination channel for Horizon Europe projects.
OGF
Open Grid Forum (OGF) is a leading standards development organisation operating in the areas of grid, cloud and related forms of advanced distributed computing. The OGF community pursues these topics through an open process for development, creation and promotion of relevant specifications and use-cases.
OMG
Object Management Group (OMG): the OMG’s focus is always on modelling, and the first specific cloud-related specification efforts have only just begun, focusing on modelling deployment of applications & services on the clouds for portability, interoperability & reuse.
Hosted by the OMG is the Cloud Standards Customer Council, which has produced a series of customer-oriented white papers on diverse topics related to cloud computing, all of which are publicly accessible at: http://www.cloud-council.org/resource-hub.htm
OneM2M
The oneM2M architecture is based on distributed computing capabilities, data management and storage, and it supports interworking with non-oneM2M entities and integrates with communication infrastructures. The oneM2M system operates in the cloud when the data are centralized. At the same time, separate oneM2M based cloud services may be federated as an alternative to the direct integration of dedicated data bases. The oneM2M standards also address edge related technologies for Automotive and Industry 4.0 domains. In 2018 oneM2M started a dedicated work item on Edge and Fog Computing (WI-0080). Different solutions have been developed, such as Edge/Fog offloading, dynamic service management, common service description /service-awareness, loosely/tightly coupled Edge/Fog Computing. The study of those solutions resulted in related normative work that contains advanced features and enhancements for oneM2M specifications TS-0001, TS-0004 and TS-0026. Specific studies are available as Technical reports as well as all specifications being made publicly accessible at: <https://onem2m.org/technical/published-specifications>.
Related guidelines are also provided in ETSI TR 103 527 V1.1.1 (2018-07) SmartM2M; Virtualized IoT Architectures with Cloud Back-ends.
OASIS
The Topology and Orchestration Specification for Cloud Applications (TOSCA)TC works to enhance the portability of cloud applications and services across their entire lifecycle. TOSCA enables the interoperable description of application and infrastructure cloud services, independent of the supplier creating the service, and any particular cloud provider or hosting technology. TOSCA is at the top of the list of “most used standards projects” inthe Cloudwatch2 study. The OASIS TOSCA TC and ETSI NFV ISG cooperate to align their Network Functions Virtualisation (NFV) service models and specifications.
The Cloud Application Management for Platforms (CAMP) TCadvances an interoperable protocol that cloud implementers can use to package and deploy their applications. CAMP defines interfaces for self-service provisioning, monitoring, and control. Common CAMP use cases include: moving on-premise applications to the cloud (private or public) or redeploying applications across cloud platforms from multiple vendors.
The OASIS Open Data Protocol (Odata)TC works to simplify the querying and sharing of data across disparate applications and multiple stakeholders for re-use in the enterprise, Cloud, and mobile devices. A REST-based protocol, OData builds on HTTP and JSON using URIs to address and access data feed resources. OASIS OData standards have been approved as ISO/IEC 20802-1:2016 and ISO/IEC 20802-2:2016.
The goal of the OASIS Virtual I/O Device (VIRTIO) TCis to simplify virtual devices, making them more extensible and more recognizable. It ensures that virtual environments and guests have a straightforward, efficient, standard, and extensible mechanism for virtual devices. Guest can use similar standard PCI drivers and discovery mechanisms for PCI devices of the VIRTIO family as for physical PCI devices.
OFE
Recently Open Forum Europe (OFE) carried out a study on behalf of the European Commission, entitled “Standards and Open Source: bringing them together”. The aim of this study was to analyse and make practical progress on the collaboration models between SDOs and cloud open source software development initiatives, and to develop a roadmap of actions to improve the integration of open source communities in the standard setting process.
https://ec.europa.eu/digital-single-market/en/news/standards-and-open-source-bringing-them-together
(C.2) Other activities related to standardisation
BSI
Cloud Computing Compliance Controls Catalogue (C5)
The C5 defines a baseline for cloud security, divided into thematic sections (e.g. organisation of information security, physical security), using mostly recognised security standards. C5 outlines prerequisites for a conformity assessment using international standards (ISAE 3000, ISAE 3402), adding cloud specific requirements, especially for transparency.
C-SIGs
The cloud select industry groups as a contribution from Europe to the global cloud standardisation community.
- Cloud Select Industry Group on Code of Conduct: the European Commission has been working with industry to finalise a code of conduct for cloud computing providers. The code of conduct supports a uniform application of data protection rules by cloud service providers. The Code of Conduct for Protection of Personal Data in cloud services has been published in June 2016. Strong relationship with ISO/IEC 27018 standard.
- Cloud Select Industry Group on Service Level Agreements: the goal of this subgroup is to work towards the development of standardisation guidelines for SLAs for cloud services. Work was submitted to ISO/IEC SC38 committee as input to the work on the 19086 standards.
- Cloud Select Industry Group on Certification Schemes: theDigital Single Market Strategy 2015 (DSM)committed the European Commission to delivering a European Cloud Initiative, including certification.
GICTF
Global Inter-Cloud Technology Forum (GICTF) is promoting standardisation of network protocols and the interfaces through which cloud systems inter-work with each other, to promote international interworking of cloud systems, to enable global provision of highly reliable, secure and high-quality cloud services, and to contribute to the development Japan’s ICT industry and to the strengthening of its international competitiveness.
http://www.gictf.jp/index_e.html.
GAIA-X
Gaia-X aims at developing common requirements for a European data infrastructure based on standards which ensure transparency and interoperability. GAIA-X addresses this requirement by aligning network and interconnection providers, Cloud Solution Providers (CSP), High Performance Computing (HPC) as well as sector specific clouds and edge systems. https://www.data-infrastructure.eu/ ”
OCC
The Open Cloud Consortium (OCC) supports the development of standards for cloud computing and frameworks for interoperating between clouds; develops benchmarks for cloud computing; and supports reference implementations for cloud computing, preferably open source reference implementations. The OCC has a particular focus in large data clouds. It has developed the MalStone Benchmark for large data clouds and is working on a reference model for large data clouds.
TM Forum
TM Forum: The primary objective of TM Forum’s Cloud Services Initiative is to help the industry overcome these barriers and assist in the growth of a vibrant commercial marketplace for cloud-based services. The centrepiece of this initiative is an ecosystem of major buyers and sellers who will collaborate to define a range of common approaches, processes, metrics and other key service enablers.
SNIA
Storage Networking Industry Association (SNIA): The Cloud Work Group exists to create a common understanding among buyers and suppliers of how enterprises of all sizes and scales of operation can include cloud computing technology in a safe and secure way in their architectures to realise its significant cost, scalability and agility benefits. It includes some of the industry’s leading cloud providers and end-user organisations, collaborating on standard models and frameworks aimed at eliminating vendor lock-in for enterprises looking to benefit from cloud products and services.
(C.3) additional information
Open source projects address particular aspects of cloud computing (e.g. OpenStack (IaaS), the Open Networking Foundation (ONF), Cloud Foundry (PaaS), Docker (Container technology) and kubernetes) and as such, open source communities should be encouraged to collaborate with standardisation and submit their APIs for standardisation.