What are the different types of Cloud Standards?

Mimecast Chief Scientist Nathaniel Borenstein was in London a couple of weeks ago- and I took the opportunity to interview him about Cloud standards- since he knows a thing or two about standards.

One of the benefits of experience is perspective- and being an industry veteran gives Nathaniel a fair amount of it- certainly more than a young whipper-snapper like me. I was interested- were any applications waiting for Standards? He went on to turn my question on it's head and ask- what type of standard was I talking about. I'm ashamed to say I didn't know the difference- I do now.

The second of a two part series- the first is here.


Justin Pirie: Hi. This is Justin Pirie. I’m here with Nathaniel Borenstein, Chief Scientist of Mimecast. Nathaniel, you've been here in the UK this week talking about the standards, I was wondering, are there any potential cloud applications that might be moved to the cloud that might be stuck waiting for standards.

Nathaniel Borenstein: I suspect there are but I'm actually not aware of any. I can cite a couple of examples where specific applications where standards would really help. So for example there's a lot of Cloud services now that provide virtual machines, on which you can run your own applications and so there's a growing business in moving from one of those vendor's to one another and it would help it there were better standards for encapsulating those virtual machines and making them portable.

Having said that the fact that it’s a thriving business now sort of indicates that while those would be nice their not essential and I think that is true for most applications, precisely because the Cloud... the big difference between a Cloud application and a pre-Cloud application is that the data centres are being centralized with a third party, but the actual technology behind that differs from the classic client server only in the multi- tenancy approach really.

Only in the fact that a given vendor is handling and keeping separate multiple customer's data and keeping them insulated from each other and so on. So you don't need very many formats, you don't need very many protocols.

Justin Pirie: So turning this on its head are there any standards that would be helpful for applications that are currently on the Cloud that maybe would help differentiate vendors and give some confidence to people going to the cloud for stuff that's already there.

Nathaniel Borenstein: Well there's two parts in my answer there because yes they absolutely are I'll mention a couple of examples but it’s very hard in general for vendors to strongly differentiate themselves with standards. The whole idea of a standard is that you want everybody to do it, and if everybody's doing it the standards aren't differentiating them very much. Although, one of the grand old men of the internet and one of my mentors Einar Stefferud used to say that the rallying cry  of the future would be “We inter operate with everyone else better that anyone else” and I think that's a reasonable approach here.

In terms of what standards would help, the biggest ones that come to mind are those related to management. You have complex systems that you need to manage and we have a lot of protocols that have already been derived for that in the pre-Cloud world, things like SNMP. In the Cloud world it gets more complicated with the multi-tenancy and things like that so there are extensions to those standards and perhaps some new ones that will make it easier for customers to monitor their applications at these remote sites. Those can be very helpful but again things are mostly working pretty well without them.

Justin Pirie: And I think I would add security to that list.

Nathaniel Borenstein: Well it’s yeah.... you mentioned that. This brings up a whole question of what are standards and I think there is some confusion because there are two types of standards or really two things are called standards that are barely the same thing at all. I've been mostly talking about what I would call definitional standards and perhaps that shows a bias that comes from my having worked on definitional standards from most of my career. Things like defining the MIME protocol or the DKIM protocol for signing email messages. A definitional standard defines a protocol or a data format or basically tells people how to do things in an inter-operable way. They’re very essential and they’re very detailed. The other kind of standard is what you might call an evaluative standard and this is something like ISO 9000 where you investigate a service and you score it on a couple of hundred dimensions sometimes and say oh they doing pretty well, they're doing badly and this is really much less precise.

You try to make it precise but each person doing the evaluation might slightly differently. It’s still useful. It’s very useful in developing the ability to compare vendors in being able to say that vendor is 90% secure and that vendor is 60% secure. So when you mean evaluative standards then yes, they’re extremely useful and security is one of the biggest things they're useful, for but with ISO 9000 you can also evaluate reliability for example, up time stuff like that and that's equally important.

Justin Pirie: Well thank you very much that's been really enlightening. You can check us out on the blog: blog.mimecast.com or @mimecast on twitter. Thank you Nathaniel.

Nathaniel Borenstein: Thank you.