Cloud computing

ITU-T Study Group 11 (SG11) is responsible for 'signalling', producing international standards (ITU-T Recommendations) that define how telephone calls and other calls (such as data calls) are handled in the network.
 
SG11 is home to Signaling System 7 (SS7), the set of signalling protocols that underpins telephone calls in both fixed and mobile networks, without which telecom systems around the world would not interoperate. All telephone switching systems need signalling. It provides the means for monitoring the status of a line to see if it is busy or idle, the alerts that indicate the arrival of a call, and the addressing system that routes calls. Before SS7's implementation, not all nations were party to the standards agreements enabling international telephone calls. SS7's implementation thus paved the way for the efficient operation of international telecommunication networks.
 
SG11 is tasked with developing signalling requirements and protocols for Software-defined Networking (SDN), and this work aligns with the functional requirements and architectures developed by ITU-T Study Group 13 (Future networks). Considered a major shift in networking technology, SDN will give network operators the ability to establish and manage new virtualized resources and networks without deploying new hardware technologies. ICT market players see SDN and network virtualization as critical to countering the increases in network complexity, management and operational costs traditionally associated with the introduction of new services or technologies.
 
SG11 is also responsible for the development of test specifications. This work focuses on global interoperability testing and covers technical means, services, quality of service (QoS) and testing parameters. Activities encompass establishing benchmark testing procedures and investigating the testing of next-generation networks (NGN), ubiquitous sensor networks (USN) and emerging technologies such as the internet of things (IoT), distributed service network (DSN), home networking (HN), etc.
 
SG11 leads ITU’s work on conformance and interoperability (C&I) testing and is responsible for coordinating ITU’s C&I programme. Conformance with international standards is one of the core principles underlying the global interoperability of ICT networks and devices. The C&I programme was initiated at the request of ITU’s membership in light of the challenges faced by developing countries in improving interoperability. The programme rests on four central pillars: conformance assessment; interoperability events; human resource and capacity building; and assistance in the establishment of test facilities in developing countries. SG11 is also investigating whether the ITU C&I programme could play a role in battling counterfeit goods.
 
When meeting at ITU headquarters in Geneva, SG11 holds its meetings in collocation with SG13.

The rapid adoption of virtual infrastructure has highlighted the need for a standard, portable metadata format for the distribution of virtual systems onto and between virtualization platforms. The DMTF’s Open Virtualization Format (OVF) Working Group produces the OVF standard, which provides the industry with a standard packaging format for software solutions based on virtual systems. OVF has been adopted and published by the International Organization for Standardization (ISO) as ISO 17203.
 
In the modern cloud computing era, OVF provides a platform independent, efficient, open and extensible packaging and distribution format that facilitates the mobility of virtual machines and gives customers platform independence. This group’s work is also utilized in the DMTF’s Cloud Management Initiative.

The Cloud Auditing Data Federation Working Group (CADF) sets out to resolve major problems with the inconsistency, incompatibility, and even inability of existing cloud and service audit interfaces, technologies, and tools. The group focuses on standardizing audit events across all cloud and service providers, and on making audit events comprehensible, consistent, shareable, and merge-able.
 
The CADF Working Group develops the DMTF’s CADF standard. More than a format, the CADF standard defines a full event model anyone can use to fill in the essential data needed to certify, self-manage and self-audit application security in cloud environments.
 
CADF is part of the DMTF’s Cloud Management Initiative, which is focused on developing interoperable cloud infrastructure management standards and promoting the adoption of those standards in the industry.

Terms of Reference:

1. Standardization in the area of data in cloud computing, distributed platforms, connected devices and related technologies
2. Establish liaisons and collaborate with other entities within and external to JTC 1 as appropriate

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics (On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured Service); three service models (Cloud Software as a Service (SaaS), Cloud Platform as a Service (PaaS), Cloud Infrastructure as a Service (IaaS)); and, four deployment models (Private cloud, Community cloud, Public cloud, Hybrid cloud). Key enabling technologies include: (1) fast wide-area networks, (2) powerful, inexpensive server computers, and (3) high-performance virtualization for commodity hardware.
 
The Cloud Computing model offers the promise of massive cost savings combined with increased IT agility. It is considered critical that government and industry begin adoption of this technology in response to difficult economic constraints. However, cloud computing technology challenges many traditional approaches to datacenter and enterprise application design and management. Cloud computing is currently being used; however, security, interoperability, and portability are cited as major barriers to broader adoption.
 
The long term goal is to provide thought leadership and guidance around the cloud computing paradigm to catalyze its use within industry and government. NIST aims to shorten the adoption cycle, which will enable near-term cost savings and increased ability to quickly create and deploy enterprise applications. NIST aims to foster cloud computing systems and practices that support interoperability, portability, and security requirements that are appropriate and achievable for important usage scenarios.

This public working group will focus on developing an approach to advancing the Federated Community Cloud, which falls under Requirement 5 of the U.S. Government Cloud Computing Technology Roadmap, USG-Wide Use of Cloud Computing Standards. Not to be confused with the concept of cloud deployment models, the focus of Federated Community clouds is to develop a framework to support seamless implementations of disparate community cloud environments. The future of cloud computing is where both internal and external cloud resources from multiple providers are deployed and managed in order to meet business needs. To achieve this industry and government will need to work together to develop frameworks, technologies, and methodologies that can support seamless implementation of various cloud computing environments through a focus on interoperability and portability standards.
 
The scope of the project is to fully understand and describe the elements of federated cloud computing. This will involve developing and gaining consensus on a common federated cloud computing vocabulary, as well as developing an underlying conceptual model of what federated cloud computing is, its major components, and users/stakeholders. The Working Group will then use that conceptual model to map out an implementation strategy including a gap analysis to identify the missing technologies and standards needed to cultivate a seamless system of systems. The anticipated results are:

• Federated Cloud Computing Vocabulary;
• Conceptual Model of Federated Clouds; and
• Technology Gap Analysis.

The Working Group will also investigate and identify the needed technologies, tools, and standards to enable these environments. They will use material from NIST’s Cloud Computing Reference Architecture (NIST SP 500-292) and materials located at the group’s public twiki site: http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/RATax_FedCommunity.
 
The Working Group will work in a coordinated effort with the IEEE ICWG/2302 WG – Intercloud Working Group to produce an implementation of this reference material and create a compliant technical standard.

The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.

This working group aims at creating PLA templates that can be a powerful self-regulatory harmonization tool, which is almost impossible to achieve at global level using traditional legislative means. This will provide a clear and effective way to communicate to (potential) customers a CSP’s level of personal data protection, especially when trans-border data flaw is concerned.

The CSA Open Certification WG is an industry initiative to allow global, accredited, trusted certification of cloud providers. It is a program for flexible, incremental and multi-layered cloud provider certification according to the CSA’s industry leading security guidance and control objectives. The program will integrate with popular third-party assessment and attestation statements developed within the public accounting community to avoid duplication of effort and cost.

The Software Defined Perimeter working grouped launched with the goal to develop a solution to stop network attacks against application infrastructure. With the adoption of cloud services the threat of network attacks against application infrastructure increases since servers can not be protected with traditional perimeter defense techniques.

The DMTF’s Cloud Management Working Group models the management of cloud services and the operations and attributes of the cloud service lifecycle through its work on the Cloud Infrastructure Management Interface (CIMI).
 
The CIMI specification describes the model and protocol for management interactions between a cloud Infrastructure as a Service (IaaS) provider and the consumers of an IaaS service. The basic resources of IaaS (machines, storage, and networks) are modeled to provide consumer management access to an implementation of IaaS and facilitate portability between cloud implementations that support the specification.

 
By developing a set of prescriptive specifications and sample implementations that deliver architectural semantics and implementation details, the Cloud Management Working Group helps achieve interoperable management of clouds between service requestors/developers and providers. This work is also utilized in the DMTF’s Cloud Management Initiative.

The formation of NIST Cloud Computing Security Working Group (NCC-SWG) is an integral part of the overall NIST effort to facilitate secure adoption of cloud services for United State Government (USG).