Survey of the Cloud Computing Standards Landscape 2015

Bernd Becker

, Emmanuel Darmois

, Anders Kingstedt

, Olivier Le Grand

, Peter Schmitting

and Wolfgang Ziegler

EuroCloud Europe, 1013 Luxembourg, Luxembourg

Commledge, Viroﬂay 78220, France

Softarc, SE-11120 Stockholm, Sweden

Orange, Paris, France

FSCOM, Valbonne, France

Fraunhofer Institute SCAI, Department of Bioinformatics, 53754 Sankt Augustin, Germany

Keywords:

Cloud Computing, User Survey, Standards, Certiﬁcation.

Abstract:

Cloud Computing is increasingly used as the platform for IT infrastructure provisioning, application/systems

development and end user support of a wide range of core services and applications for businesses and organi-

sations. Cloud Computing is drastically changing the way IT is delivered and used. However, many challenges

remain to be tackled. Concerns such as security, vendor lock-in, interoperability and accessibility are exam-

ples of issues that need to be addressed. Standards and certiﬁcation programs play an important role in terms

of increasing the market conﬁdence in Cloud Computing. The availability of Cloud Computing standards and

certiﬁcation schemes that address current concerns will ensure that both customers/users as well as providers

are likely to regard Cloud Computing with the same level of reliability, trust and maturity as traditional IT. In

February 2015, the Cloud Standards Coordination Phase 2 (CSC-2) was launched by ETSI to address issues

left open after the initial Cloud Standards Coordination work was completed at the end of 2013. CSC-2 is

investigating some speciﬁc aspects of the Cloud Computing Standardization landscape, in particular from the

point of view of the Cloud Computing users (e.g., SMEs, Administrations). In this paper, we will present ﬁnal

results of the work.

1 INTRODUCTION

The Cloud Standards Coordination (CSC) project

took place in 2013 and primarily addressed the Cloud

Computing standards roadmap. In December 2013,

the results were publicly presented in a workshop or-

ganised by the European Commission (EC), and pub-

lished as the CSC Final Report (ETSI, 2013). The

CSC ﬁnal report provides a snapshot of the Cloud

Computing standardisation landscape at the end of

2013. Even though the Cloud standards landscape

was found to be structured and on its way to be-

come mature, important gaps were identiﬁed in the

domains of interoperability, security, privacy, service

level agreements as well as in regard of regulation,

legal and governance aspects.

Given the dynamics of the Cloud Computing mar-

ket and standardization situation, a new study - CSC

Phase 2 - was launched in February 2015 in order to

complement the work done in CSC.

The main stakeholders involved in the preparation

of the CSC (called CSC Phase 1 in this paper to dis-

tinguish it from the CSC Phase 2 project) standards

snapshot were found in the Cloud Computing (CC)

industry, in particular Cloud Computing providers.

Their focus was on the coherence and completeness

of the standards landscape. CSC Phase 2 took a dif-

ferent approach by focusing on the needs of Cloud

Computing customers and their requirements and pri-

orities related to Cloud Computing, thus, further as-

sessing the maturity of Cloud Computing standards.

To support these objectives, CSC Phase 2 has cre-

ated a survey used to collect input from the Cloud

Computing community in terms of needs, beneﬁts,

challenges and areas of concerns regarding the adop-

tion of Cloud Computing. The goal is to evaluate the

perceived maturity of Cloud Computing standards as

well as to understand the interest and requirements

230

Becker, B., Darmois, E., Kingstedt, A., Grand, O., Schmitting, P. and Ziegler, W.

Survey of the Cloud Computing Standards Landscape 2015.

In Proceedings of the 6th International Conference on Cloud Computing and Services Science (CLOSER 2016) - Volume 1, pages 230-238

ISBN: 978-989-758-182-3

of Cloud Computing stakeholders regarding certiﬁca-

tion. The survey is therefore targeting current and fu-

ture Cloud Computing Customers in the private and

public sectors, SMEs as well as large organisations in

all vertical sectors/industries.

The rest of the paper is organised as follows:

Section 2 highlights some related work, Section 3

presents the rationale for conducting the survey, Sec-

tion 4 presents the content of the survey, the method-

ology used for its preparation and distribution, infor-

mation about the feedback collected as well as lessons

learned when conducting the survey, Section 5 pro-

vides detailed results based on the analysis of the col-

lected survey feedback, Section 6 highlights initial

recommendations based on the survey analysis. Fi-

nally, Section 7 summarises the results and lessons

learned and presents future work.

2 RELATED WORK

The CSC Phase 1 project launched by the Euro-

pean Commission and ETSI

in 2012 delivered an

overview of the Cloud standards landscape. The CSC

Phase 1 project presented the results of the project in a

report published in 2013 (ETSI, 2013). These results

are used as groundwork for the CSC Phase 2 project.

Moreover, during the last couple of years there

have been a number of surveys with different objec-

tives related to the usage and experiences in the Cloud

Computing space. Most of them have been user-

oriented and targeted to identify areas where users

see a need for improvement or missing standards, e.g.,

the 2014 Trusted Cloud survey of the European Com-

mission (ECTCES, 2014), (ECTCESeval, 2014). In

many different surveys, security, data protection, or

Service Level Agreements are among the top ranked

concerns related to Cloud Computing. However, to

our best knowledge none of the previous surveys have

focused on users awareness and experience of stan-

dards to the same degree as the 2015 Cloud Standards

Coordination survey.

In (Sill, 2015) the author presents examples of

different valid styles of Cloud standards develop-

ments. In particular, the article discusses the roles

and rules of Standards Deﬁnition Organisations and

Open Source projects. The article draws similar con-

clusions as the authors do in section 7.2.1.

European Telecommunications Standards Institute

3 MOTIVATION FOR

CONDUCTING THE SURVEY

3.1 Cloud Standards Coordination

(Phase 1): Findings and Limitations

One essential direction for the work of CSC (Phase 1)

was the analysis of the standards roadmap at the time

of the work, which has been undertaken during 2013

and ﬁnalised at the end of November 2013. This was a

collective and collaborative effort in which the Cloud

Computing community was engaged on a voluntary

basis. Two main questions were addressed: (i) is

Cloud Computing standardization a fragmented land-

scape (a jungle of standards) and (ii) are Cloud Com-

puting standards mature enough to start implementing

Cloud Computing projects beyond the circle of early

adopters.

To answer these questions, a speciﬁc methodol-

ogy was designed, based on the identiﬁcation of rel-

evant Standards Development Organisations (SDOs)

and the identiﬁed list of Cloud Computing related

standards (and other signiﬁcant documents) that were

available at the time of the CSC 1 project. Using a

number of typical Use Cases, these standards were

mapped to various phases and activities of the Cloud

Computing Service life cycle, thus allowing the iden-

tiﬁcation of potential areas of too much proliferation

or lack of standards.

The CSC 2013 ﬁnal report (ETSI, 2013) brought

precise answers to the two above questions: (i) the

CC landscape is not a jungle (a series of oases rather

than a continuous forest as pointed out in the Euro-

pean Commission feedback), and (ii) there are enough

standards to start with. The report also outlined some

limits and areas where an improved maturity was re-

quired. Some of these areas were of technical na-

ture, in particular related to Service Level Agreements

and Security. Others were more linked to the overall

Cloud Computing industry environment (e.g., regula-

tion or legal framework).

The European Commission concluded that it is

essential to address some of the open issues identi-

ﬁed after CSC Phase 1 and subsequently agreed on

the funding of a new study (namely CSC Phase 2)

to be undertaken by ETSI in 2015. Some of the

CSC Phase 1 open issues have been left unaddressed,

such as the legal and regulatory framework (not in the

scope of ETSI work) or SLA (subject to several ongo-

ing effortS, in particular in the EC Research projects

and the ISO/IEC development of a framework for

Cloud SLA, ISO/IEC 19086). An important conclu-

sion resulting from the CSC 1 project is that Secu-

Survey of the Cloud Computing Standards Landscape 2015

231

rity is a key area in need of progress. A high level

of trust in Security and the availability of standards to

support Cloud Computing security mechanisms is es-

sential in order to build conﬁdence and trust amongst

future Cloud Computing adopters. The interplay of

security standards and certiﬁcation is a key element of

the approach taken for the CSC 2 study. In addition,

the role of Open Source and its relation with Stan-

dardization has become another important element of

CSC Phase 2.

3.2 Understanding the User Needs

The objective of CSC Phase 2 is to assess the ma-

turity of Cloud Computing standards at the end of

2015 (roughly two years after Phase 1). This new

assessment (called Snapshot 2 in the CSC Phase 2

work plan) is meant to be undertaken with a differ-

ent approach (and methodology) than the previous

CSC project. In particular, CSC Phase 1 concluded

that there are enough standards to start with: Con-

sequently it is now signiﬁcant to analyse the matu-

rity and applicability of the available standards, map-

ping the standards to the identiﬁed needs of the Cloud

Computing users. Among these users speciﬁc tar-

get groups are prioritised: Small and Medium Enter-

prises (29 Million of SMEs in Europe) and admin-

istrations. The rationale for this prioritisation is that

these users typically have a reduced capacity in terms

of resources and the skills necessary in order to adopt

and reap the beneﬁts of Cloud Computing.

CSC Phase 2 is therefore aiming at assessing the

maturity of Cloud Computing standards on the basis

of the needs of these very important users. The CSC

Phase 2 analysis is based on the responses to ques-

tions such as (i) What are the typical use cases that

users want to implement in the short to medium term;

(ii) What are their expectations and perceived con-

cerns that limits the adoption of Cloud Computing;

(iii) What are the assets and possible investment made

in Cloud Computing; (iv) How are they going to deal

with existing investments (legacy); (v) Which role are

they expecting to play in the Cloud Computing value

chain; (vi) What support from standards are they ex-

pecting; (vII) What is the signiﬁcance of certiﬁcation

schemes.

To create the basis for the analysis, a survey has

been designed and conducted over the ﬁrst months of

the study. Even though the survey is targeting a spe-

ciﬁc set of users (SMEs, etc.), it is also using the in-

put from larger actors. The survey has also been dis-

tributed as many industry sectors as possible, in order

to cover this particular aspect (i.e., industry / vertical

sector speciﬁc concerns).

4 THE SURVEY

4.1 Overview of the Survey

Cloud Standards Coordination Phase 2 is conducted

by a group of 6 experts that have been recruited by

ETSI through an open consultation and selection pro-

cess. The ﬁrst task of the experts has been to design

the CSC Phase 2 survey. The survey has a key role

in the work of CSC Phase 2: all the other topics ad-

dressed rely on the results of the survey, in particular

the new snapshot of the maturity assessment. The sur-

vey was expected to provide indications on the prior-

ities and major subjects of interest or concerns of the

Cloud Computing users. It has been essential to en-

sure that the survey is:

• Addressing all the aspects of Cloud Computing

in terms of the users expectations, priorities, pre-

ferred use cases, and more, not just the standards

aspects;

• Reaching the targeted types of organisations;

• Collecting results in a variety of sectors.

The design of the survey has been based on the

Cloud Computing knowledge and experiences of the

experts, on previous surveys with a similar goal ,

on the feedback of a few external testers that have

pointed to inconsistencies or ambiguities found in the

survey.

4.2 Methodology, Structure,

Information Capture

The ETSI experts have designed the survey in a way

that it will address the questions listed in the section

3.2. To this extent, apart from questions related to

obtaining information about the respondents (organi-

sation type and size, sector, country, etc.), a total of

45 key questions addressing the speciﬁcities of Cloud

Computing Standards have been asked, in the follow-

ing categories (each representing one page of the sur-

vey):

• Moving to Cloud Computing: expected beneﬁts

and challenges to face (Expectations and chal-

lenges to the organisation, Perceived challenges

related to the maturity of Cloud Computing)

• Adoption of Cloud Computing in the organisation

(Scope of Cloud Computing usage - level of adop-

tion, Cloud Computing roles and availability of

resources )

• Cloud Computing adoption: preparing the organi-

sation (Status of IT alignment of the organisation,

CLOSER 2016 - 6th International Conference on Cloud Computing and Services Science

232

e.g. Data Classiﬁcation, SOA, Software Licenses,

)

• Cloud Computing: Deployment models and Ser-

vice categories (Used deployment model (one or

more), Dominant service categories - use case(s);

IaaS, PaaS and/or SaaS)

• Emerging service Categories (Use case(s) for

CaaS, CompaaS, NaaS and/or DSaaS, or other)

• Cloud Computing and Standards: overview (Ex-

pected impact of Cloud Computing standards,

General awareness and use of Cloud Computing

standards)

• Cloud Computing Standards: a detailed view

(Level of knowledge of speciﬁc Cloud Comput-

ing standards)

• Cloud Computing Certiﬁcation Standards (Role

of certiﬁcation as an enabler of trust, Areas of cer-

tiﬁcation, Types of certiﬁcation

• Awareness of CCSL and the certiﬁcation schemes

within, Plans to use certiﬁcation in the organisa-

tion)

Even though a long survey might be difﬁcult to com-

plete for some respondents, the ETSI experts have

opted for completeness. When analysing the results,

we have seen that the rate of answers to the key ques-

tions was decreasing over the course of pages, but the

typical number of answers in the ﬁnal pages was still

above 60% of the number of answers in the ﬁrst pages.

The survey was created using the survey tool ”Sur-

vey Monkey”

. The results have been collected and

analysed only by the ETSI experts and a strict priva-

cy/conﬁdentiality policy has been adopted: answers

to the survey have been shared and used only amongst

the ETSI CSC Phase 2 experts. Only aggregated re-

sults have been and will be published.

ETSI is hosting the CSC web site

were all infor-

mation regarding CSC Phase 1 and Phase 2 is made

publicly available (including the link to access to sur-

vey).

4.3 Distribution of the Survey

The survey has been launched on March 30th, 2015

and was kept open for almost 6 months to ensure the

largest possible number of answers. A distribution

letter has been made available to all organisations that

were willing and able to use it for advertising the sur-

vey. Over 120 different channels have been contacted

to relay the survey and have distributed the survey

URL.

www.surveymonkey.com

http://csc.etsi.org

A large range of different distribution channels

have been used: (i) European Commission DGs web

sites and distribution list (emails, Twitter, etc.), (ii)

Standards Setting Organisations, global, regional or

national, (iii) ETSI memberships (750 organisations

from various industry sectors), (iv) Industry Associa-

tions, (v) Administrations, (vi) LinkedIn groups, (vII)

Open Source projects.

5 SURVEY ANALYSIS

5.1 Signiﬁcant Findings Analysis and

Conclusions

The following ﬁndings are based on the evaluation

of the 376 responses that had been received by mid-

September 2015. General Purpose Information Re-

garding Respondents Organisations: More respon-

dents are coming from SME organisations (up to

249 employees) than from large organisations (more

than 249 employees). The ICT sector is dominating

(43%) followed by academia and public administra-

tion. Some industry sectors are so far not represented

at all. Note: the industry classiﬁcation used is based

on the EC sector classiﬁcation.

Beneﬁts and Challenges: Reduction of CAPEX,

improved business agility and faster time to market

are seen as the major positive factors for adopting

Cloud Computing while security and privacy/integrity

are viewed as the most critical challenges with SLA,

performance and efﬁciency, resiliency, vendor or data

lock-in and interoperability across vendor solutions

ranked among the highest concerns.

Adoption and Scope: A majority of respondents

(57%) have already started adopting Cloud comput-

ing, probably including a signiﬁcant part of the re-

spondents from the ICT sector. The main use of Cloud

Computing is as the platform for ICT resources with

IaaS as the most probable starting point. 40% of or-

ganisations are playing the role of Cloud Computing

Customer. Regarding the level of resources and sup-

port to Cloud Computing, nearly half of respondents

mention that they receive an adequate support from

their IT team but a third of the respondents have a

dedicated Cloud Computing support team.

Cloud Computing Adoption: Preparing your

Organisation Some typical aspects need to be con-

sidered and some conditions must be met in order to

make the transition to the Cloud in a secure and reli-

able way. Nearly half of respondents claim that data

categorisation and classiﬁcation is on-going in their

organisations. Data security awareness and level con-

Survey of the Cloud Computing Standards Landscape 2015

233

Figure 1: Which Cloud deployment model seems best ﬁt to

your needs (Question 25).

trol is seen as an important aspect to be tackled by a

majority of the respondents. Regarding software pro-

visioning and compensations models, a third of re-

spondents indicate that negotiations is on-going with

the software vendor responsible for running the Cloud

Computing software / service while approximately

25% of the respondents mention that no action is seen

as necessary (not needed or already achieved?).

Cloud Deployment Model and Service Cate-

gories: Private cloud clearly dominates followed

by hybrid cloud and public cloud deployment mod-

els. Concerning cloud service categories, high-

availability is seen as the top application for the cloud

computing category IaaS while software development

is also seen as the top capability for PaaS. Concern-

ing SaaS, general data storage is the dominating us-

age area for SaaS while specialised applications such

as ERP, CRM or E-Business are less frequently men-

tioned (see Figure 1). It should be noted that - in an-

swers to another question - 54% of respondents indi-

cate an interest in emerging Cloud Computing service

categories such as CaaS, NaaS, DSaaS and CompaaS.

Cloud Computing and Standards: Security, pri-

vacy and integrity, performance and portability across

vendor solutions are ranked highest regarding the im-

pact that standards have on the organisations con-

cerns. Regarding how standards are considered in the

organisations, 45% indicate that standards are used

while 35% say that standards are considered. This in-

dicates a promising insight into the value and impor-

tance of standards. Concerning areas of importance

for standards, security and data protection are men-

tioned, in line with responses to other questions (see

Figure 2). Regarding the detailed feedback on indi-

vidual standards, the number of responses to the sur-

vey is not yet signiﬁcant enough, making the analysis

unreliable until further survey results are obtained.

Security - Privacy and Integrity: Security and

Privacy and integrity are recurring concerns in the

web survey. These areas rank high both in terms of

aspects seen as important for the respondent and its

Figure 2: Degree of Cloud Computing Standards consider-

ation or usage in your organization (Question 35).

Figure 3: Adoption and use of Cloud Computing standards:

Security (Question 39).

organization and also when it comes to related stan-

dards that are seen as most critical for Cloud Comput-

ing. In several questions, security or a particular type

of security (data security) and Privacy and integrity

come out at top.

Some observations that can be made:

• The use of SaaS for processing sensitive data

(incl. personal data) ranks low in terms of usage

areas. This observation is consistent with how Se-

curity ranks as a concern; the conclusion might be

that there is simply not yet sufﬁcient conﬁdence

in Cloud Computing for the users to provision

and process sensitive data in the cloud computing

space.

• There are different legal barriers across Europe

and no up-to-date European Data Protection Di-

rective yet.

• Among the low number of respondents, ISO/IEC

27001 is the standard most known and used.

• Security is a complex, slightly ambiguous and in-

precise concept. It can be and probably is inter-

preted in many different ways. Security can for

instance map to and concern one or more of the

following areas:

– Data protection (and information classiﬁcation,

data encryption etc.)

– Data access

CLOSER 2016 - 6th International Conference on Cloud Computing and Services Science

234

– Identity management

– Authorization

– Authentication

– Data privacy

– Data integrity

– Accessibility

– Operations

and probably some additional domains / areas. It

is likely that Security and Privacy and Integrity

are in fact grouped together and seen as a single

concern by the respondents.

Security at large is without doubt a major concern

for most users, customers and providers alike, in par-

ticular in a Cloud setting, as the resources typically

are shared and the data integrity as a consequence

needs additional attention to ensure a retained con-

ﬁdence in the ownership of data. Many users are con-

cerned about losing the control of data, in many cases

probably justiﬁably so. Unless Security - all relevant

aspects of Security related to Cloud Computing - is

fully addressed and the users made aware of available

options and existing protocols and standards that can

be used to build reliable Cloud Computing offerings,

the adoption of Cloud Computing is likely to continue

to grow slowly (see Figure 3).

Interoperability: One of the recurring concerns

raised by the web survey respondents concerns inter-

operability, or - rather - the lack thereof. Answers to

the following questions indicate or support the claim

that Interoperability is one of the top concerns among

the respondents. Some highlighted aspects of interop-

erability include:

• Interoperability is a key success factor to ensure

Increased business agility. Unless a high level of

interoperability in solutions internal to the orga-

nization as well as interoperability with external

stakeholders (collaborators, customers, suppliers,

subsidiaries etc.) is secured, it will be difﬁcult to

obtain a high level of business agility. Interoper-

ability (and Portability) across vendor solutions is

also seen as a major concern for many organiza-

tions.

• Interoperability is also seen as main concern

among many of the respondents, both in terms of

a general issue for the organization of the respon-

dent and in terms of lack of support for interoper-

ability standards.

The web survey strongly suggests that SDOs pro-

viding interoperability standards for Cloud Comput-

ing must accelerate their efforts. The ongoing work

in ISO/IEC on providing guidance for this domain

(ISO/IEC 19041: ”Cloud Computing Interoperability

& Portability concepts”) is an example of an activity

that is likely to provide valuable information in this

respect.

Cloud Computing Certiﬁcation Standards: Al-

most 75% consider certiﬁcation as a positive means to

increase the conﬁdence in Cloud Computing service

providers. Regarding the domains in which certiﬁca-

tion is seen as very important, data security and data

privacy are dominating. Cloud service certiﬁcation

(per cloud service, covering all partners and providers

in the end-to-end chain) and cloud provider certiﬁca-

tion are considered as the preferred types of certiﬁca-

tion while self-certiﬁcation is only seen as an accept-

able certiﬁcation scheme. A majority of the respon-

dents are unaware of the Cloud Certiﬁcation Schemes

List (CCSL) deﬁned by ENISA while in this list, the

well-known ISO/IEC 27001 Certiﬁcation comes ﬁrst

as a scheme for cloud certiﬁcation. A majority of the

cloud service customers indicate that they plan to in-

clude one of these certiﬁcation schemes in their Cloud

purchasing processes. A majority of cloud service

providers also plans to certify their cloud service of-

fering.

5.2 Identiﬁcation of Trends and

Patterns

Based on the responses received mid-June 2015, it is

possible to make some tentative and high-level anal-

ysis. From this analysis, some patterns emerge that

will have to be clariﬁed and conﬁrmed by a ﬁnal anal-

ysis made at the conclusion of the survey. The trends

that are assessed as the most signiﬁcant are presented

below.

Security, Integrity and Data Privacy: these top-

ics are seen as major concerns. This is not a new ﬁnd-

ing, but the fact that it is still very much present is a

clear indication on the perceived challenge ahead for

security standards and Cloud certiﬁcation in particu-

lar (see Figure 4).

Interoperability and Portability: these areas are

Figure 4: Maturity of Cloud Computing: critical issues

(Question 11).

Survey of the Cloud Computing Standards Landscape 2015

235

Figure 5: Ranking Cloud Certiﬁcation areas according to

their importance (Question 48).

Figure 6: Maturity of your organization: critical challenges

(Question 9).

ranked high. Concern in this area is most likely linked

to the issue of vendor lock-in, the unclear capabilities

of individual cloud service offerings ability to move

data from one service to another and the lack of porta-

bility standards for cross-Cloud scenarios in general

(see Figure 8).

Moving to the Cloud: there is a high percep-

tion from the respondents that the transition to Cloud

Computing should be carefully planned and orga-

nized, in particular in areas pertinent to data (clas-

siﬁcation, storage, etc.), processes and security (see

Figure 6).

Standards: in general, the role of standards is

seen as important and there is a growing level of

awareness, to a smaller extent even in terms of knowl-

edge on the existing set of standards. It is to be noted

that, in this perspective, the beneﬁt from standards re-

Figure 7: Impact of Cloud Computing Standards on your

organization’s concerns (Question 34).

Figure 8: Domains of lacking of Cloud Computing stan-

dards (Question 37).

lated to Cloud Computing is seen as more critical than

Open Source: this ﬁnding is however subject to fur-

ther analysis (see Figure 7).

Certiﬁcation: a very large majority (79%) of the

respondents conﬁrm the role of certiﬁcation as a very

useful way to improve conﬁdence in Cloud Comput-

ing. However the selection of Cloud Certiﬁcation

schemes is complex: the Cloud Certiﬁcation Scheme

List (CCSL) is an attempt to make a selection of such

schemes but the survey shows that only 31of respon-

dents are aware of this list. This is clearly show-

ing a need for increasing the awareness of the Cloud

Computing community on CCSL and all the means to

have access to a pre-analyzed and recommended list

of schemes (see Figure 5).

6 RECOMMENDATIONS

Based on the principal areas of concern as identiﬁed

from the survey results the Cloud Standards Coordi-

nation Phase 2 experts have listed below some recom-

mendations following the ﬁndings in the web survey.

Collaboration across Key Cloud Computing

Stakeholders: Encourage and increase collabora-

tions across the various relevant initiatives in Europe

as well across standards development organizations

(formal, de jure and de facto) to avoid and minimize

fragmentation and overlap in theCloud Computing re-

lated standardization efforts. During the CSC-2, con-

tacts have been made with the US standardization

agency, NIST as well as for example the EuroCIO

organization. Both contacts have resulted in follow-

up activities that will add further value to the CSC-

2 results as well as securing awareness of the CSC

work. Dissemination and Education: Make sure

that Cloud Computing stakeholders (users, customers

and providers) are made aware of existing standards

and certiﬁcation programs. The relatively low re-

sponse and awareness found among the respondents

of the web survey strongly suggests that the impor-

CLOSER 2016 - 6th International Conference on Cloud Computing and Services Science

236

tance and potential beneﬁts of standards and certiﬁca-

tion schemes need to be further advocated and mar-

keted by using in the relevant channels through the

appropriate EU agencies and also by the SDOs. Con-

duct the Cloud Web Survey Regularly: Keeping

track of the end users perception of Cloud Computing

beneﬁts and challenges provides an excellent back-

drop for ongoing as well as future efforts to close the

identiﬁed gaps and address the challenges disclosed

by the web survey. The experts see the web survey

as a good tool to gauge the progress and state-of-

affairs in the CloudComputing space and recommend

that the web survey is reopened and run on a regu-

lar basis, tentatively on an annually basis. Security

aspects - a Key Concern:Security, as a concept, is

without doubt a major concern for most users, cus-

tomers and providers alike, in particular in a Cloud

setting, as the resources typically are shared and data

integrity conﬁdentiality and availability, as a conse-

quence need additional attention to ensure a retained

conﬁdence in the ownership of data. Many users are

concerned about losing the control of data, in many

cases probably justiﬁably so. Unless Security - all

relevant aspects of Security related to Cloud Com-

puting - is fully addressed and the users made aware

of available options and existing protocols and stan-

dards that can be used to build reliable Cloud Com-

puting offerings, the adoption of CloudComputing is

likely to continue to grow slowly. Certiﬁcation adds

Conﬁdence: The analysis supports the provisioning

of certiﬁcation schemes, where certiﬁcation of ven-

dors and the cross cutting aspects data storage lo-

cation (one aspect of privacy), cloud data centre in-

frastructure, cloud provisioning process and interop-

erability/reversibility are top priorities. These aspects

are general concerns that need to be addressed to ac-

celerate the adoption of Cloud Computing.

7 CONCLUSIONS

7.1 Results

The present report indicates that running a web survey

on Cloud standards may yield relevant ﬁndings even

though the number of respondents is limited and the

composition of the respondents resulting from the in-

vitation to selected stakeholders is representative for

the overall population only to an unknown extent. The

ﬁndings made during the analysis of the survey sup-

port the continued strive towards closing the identiﬁed

gaps in terms of support for Cloud Computing stan-

dards. It also shows a growing awareness of the im-

portance of standards, in general and for Cloud Com-

puting in particular.

The main result is the identiﬁcation of trends from

the outcome of the survey described in section 5. In-

termediate results of the survey including early rec-

ommendations were published mid-June 2015 as a

draft for public comments. The comments received

have been discussed in a public worksop and the feed-

back from the users’ community allowed for the pub-

lication of the ﬁnal report (WP1Report, 2015) by mid-

November 2015.

7.2 Lessons Learned

Designing a survey is a complex task. The main dif-

ﬁculty for its authors has been to ﬁght against length

and complexity. However, completeness was some-

how at this cost. It was even more difﬁcult to bat-

tle against ambiguity: many questions could be in-

terpreted in a different (sometimes totally opposite)

manner depending on the role of the respondent in

the Cloud computing eco-system. To overcome this,

two important elements have been helpful. The most

important - as already pointed above - was the feed-

back from reviewers: we could never have enough of

this! Another positive element was the existence of a

clear deﬁnition of the roles in Cloud Computing: we

have seen a lot of maturation from the CSC Phase 1

to Phase 2.

7.2.1 Open Source and Standards

Cloud Computing is certainly one of the areas of ICT

where Open Source Software (OSS) is playing a re-

ally crucial role. A lot of OSS projects are undertaken

and some OSS products are becoming the de facto ref-

erence in the global Cloud Computing architecture.

This evolution is creating tensions as well as opportu-

nities with respect to standards. Another task of CSC

Phase 2 is the in-depth analysis of the interplay be-

tween Open Source and Standards. A draft version of

the report was published in July 2015 as a draft for

public comments. The comments received have been

discussed in a public workshop and the feedback from

the users’ community allowed for the publication of

the ﬁnal report (WP2Report, 2015) by end of Novem-

ber 2015.

7.2.2 Evaluation of Cloud Security Work

Two of the early trends clearly identiﬁed by the survey

(and that could be fully conﬁrmed at the time of ﬁnal

publication of results) are: (i) the continuing crucial

role of security and privacy for creating trust in Cloud

Computing, and (ii) the need for most of the users

to rely on proven, useful and affordable certiﬁcation

Survey of the Cloud Computing Standards Landscape 2015

237

schemes. The second task of CSC Phase 2 analyses

the relationship between those two aspects and pro-

vides a set of recommendations. A draft version of the

report was published in July 2015 as a draft for public

comments. as with the other reports the comments re-

ceived have been discussed in a public workshop and

the feedback from the users’ community allowed for

the publication of the ﬁnal report (WP3Report, 2015)

by end of November 2015.

7.2.3 Update of CSC Phase 1 Cloud Standards

Snapshot

The ﬁnal task of CSC Phase 2 is more precisely linked

to the current status of the Cloud Computing stan-

dards landscape. The survey has provided indica-

tions on users expectations vis--vis standards. The

work done in the ”snapshot” was an analysis based

on the identiﬁcation of the current set of standards

(Cloud Computing standards or related ones) and the

mapping of user needs on this set of standards. As

expected we found areas of stabilisation, areas of

progress as well as areas of insufﬁcient maturity and

possibly remaining gaps. A draft version of the report

was published August 2015 as a draft for public com-

ments. The comments received have been discussed

in a public workshop and the feedback from the users’

community allowed for the publication of the ﬁnal re-

port (WP4Report, 2015) by end of November 2015.

The four reports are available on the CSC webpages

7.3 Future Work

The work of CSC Phase 2 on the survey that we have

described also is, as already mentioned, a foundation

for the global approach of the rest of the work. The

three other tasks have been accomplished by October

2015: (i) interplay between Open Source and Stan-

dards, (ii) evaluation of Cloud security work, and (iii)

update of the CSC Phase 1 Cloud standards snapshot.

These tasks in CSC Phase 2 have been, to a large ex-

tent, relying on the main results of the survey, and on

the identiﬁcation of users needs, challenges and ex-

pectations. After a feedback phase the ﬁnal versions

have been published by end of November 2015. The

next step starting negotiations with the EC LATER

2016 on a possible continuation according to the rec-

ommendations described in Section 6.

http://csc.etsi.org

ACKNOWLEDGEMENTS

The work reported in this paper has been funded by

the European Commission to be undertaken by ETSI,

under grant SA/ETSI/ENTR/000/2014-03 of 30-Oct-

2014.

REFERENCES

ECTCES (2014). Trusted Cloud Europe Survey.

Website. Online at https://ec.europa.eu/digital-

agenda /en/news/trusted-cloud-europe-survey, visited

6 November 2015.

ECTCESeval (2014). Trusted Cloud Europe Survey -

Assessment of Survey Responses. Website. Online at

http://ec.europa.eu/information

society/newsroom/cf/

dae/document.cfm?doc id=6608, visited 6 November

2015.

ETSI (2013). CSC-Deliverable-008-Final Report-V1.0.

Technical report. Online at http://ec.europa.eu/digital

-agenda/en/news/cloud-standards-coordination-ﬁnal-

report, visited 6 November 2015.

Sill, A. (2015). Emerging standards and organizational pat-

terns in cloud computing. IEEE Cloud Computing,

2(4):72–76.

WP1Report (2015). Cloud Computing Users Needs.

Website. Online at http://csc.etsi.org/resources/WP1-

Report/STF 486 WP1 Report-v2.0.0.pdf, visited 6

February 2016.

WP2Report (2015). Cloud Computing Stan-

dards and Open Source. Website. Online

at http://csc.etsi.org/resources/WP2-Report/

STF 486 WP2 Report-v2.0.0.pdff, visited 6 February

2016.

WP3Report (2015). Interoperability and Secu-

rity in Cloud Computing. Website. On-

line at http://csc.etsi.org/resources/WP3-Report/

STF 486 WP3 Report-v2.0.0.pdf, visited 6 February

2016.

WP4Report (2015). Cloud Computing Stan-

dards Maturity Assessment. Website. On-

line at http://csc.etsi.org/resources/WP4-Report/

STF 486 WP4 Report-v2.0.0.pdf, visited 6 February

2015.

CLOSER 2016 - 6th International Conference on Cloud Computing and Services Science

238