What is a Cloud?
There has been much “hype” about cloud and a lot of confusion, especially regarding risk management and security concerns. The groundwork is quietly being laid for security and privacy services in public cloud ecosystems. The collaboration and harmonization activities are currently underway at the international level between the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the Telecommunication Standardization Sector (ITU-T) of the International Telecommunications Union (ITU).
Most well-versed Information Technology (IT) practitioners are no doubt familiar with the cloud computing definition and the three cloud service models developed by the U.S. National Institute of Standards and Technology (NIST): Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS). These models turned out not to be mutually exclusive. It was hard to tell them apart. Moreover, the NIST definitions conflicted with those of the ITU-T which focused on Communications as a Service (CaaS) and Network as a Service (NaaS). It was obvious that a new paradigm was needed.
In response, the ISO/IEC Joint Technical Committee 1/Subcommittee 38 (Distributed application platforms and services, or DAPS) and the ITU-T/Study Group 13 (Future Networks) formed two collaborative teams for Cloud Computing (CT-CC) to address vocabulary (CT-CCV) and architecture (CT-CCRA). Draft Standard ISO/IEC 17788, is working on a cloud-computing vocabulary, to help cloud computing users communicate in a common and clearly understood way. Draft Standard ISO/IEC17789 will produce a reference architecture to help cloud computing users understand the overall capabilities of a cloud computing service and the pieces within it.
At the April 2013 ISO/IEC Plenary, held in Madrid, the CT-CC teams agreed on core cloud computing terminology and a new cloud computing definition (still in draft). To reconcile the conflicting SC 38 and ITU-T Stu Group 13 models, the CT-CC defined three cloud service categories which correspond closely to the NIST cloud models and then cross-indexed it with cloud service “types.” These include: Application Capabilities Type, Platform Capabilities Type and Infrastructure Capabilities Type. This new matrix can accommodate existing and future cloud service/platform combinations.
The cloud marketing around the NIST-defined cloud platforms (IaaS, PaaS and SaaS) has made it nearly impossible to abandon these terms even though precise definitions have been hard to come by.
At the Madrid meeting of the CT-CCV, the term cloud computing was defined as: “paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with on-demand self-service provisioning and administration.” So there you have it, we now know what cloud computing is for the moment, subject to reconsideration between now and the next CT-CCVmeeting in Kobe, Japan in September, 2013.
Cloud-based Security and Privacy Services
ISO/IEC JTC1 SC 27 is also working to standardize privacy and security services, as seen in the publication of ISO/IEC privacy and security standards:
SC 27 has also produced the widely-used ISO/IEC 27000 Information technology- Security techniques series of standards that help organizations develop and maintain information security management systems (ISMS). SC 27 is now working on a cloud-specific security and privacy standards:
As subject matter experts that have helped the National Institute of Standards and Technology (NIST) co-author and support multiple security standards and guidelines that act as pillars for FISMA and FedRAMP, coupled with our accreditation as a FedRAMP approved Third Party Assessor Organization (3PAO), Electrosoft Services Inc. can help guide/assist your organization through the challenges associated with the FedRAMP process. By employing structured, well-defined procedures, Electrosoft can help your organization get through the ATO process as quickly and cost-efficiently as possible.
For more information regarding the FedRAMP services that Electrosoft can provide for your organization, please Click Here.
For more information regarding this article or any other services that Electrosoft supports, please Click Here.
 Source: http://blogs.hds.com/hdsblog/2013/04/isoiec-and-itu-t-converge-on-cloud-computing-terminology.html (Eric Hibbard, 4/17/2013) - Website visited 5/26/2013
http://www.mondaq.com/x/238848/data+protection/Application+Of+The+New+European+Data+Protection+Regulation+To+US+Companies (Website visited 5/27/2013)