Cloud computing

Status :  Under development

ICS : 35.210 Cloud computing

This standard defines topology, functions, and governance for cloud-to-cloud interoperability and federation.
Topological elements include clouds, roots, exchanges (which mediate governance between clouds), and gateways (which mediate data exchange between clouds).
Functional elements include name spaces, presence, messaging, resource ontologies (including standardized units of measurement), and trust infrastructure.
Governance elements include registration, geo-independence, trust anchor, and potentially compliance and audit.
The standard does not address intra-cloud (within cloud) operation, as this is cloud implementation-specific, nor does it address proprietary hybrid-cloud implementations.
 
Under development
Working documents can be found here (prior registration required): https://ieee-sa.imeetcentral.com/2302/home

ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:

• additional implementation guidance for relevant controls specified in ISO/IEC 27002;
• additional controls with implementation guidance that specifically relate to cloud services.

This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.
 
The standard can be bought here: https://www.iso.org/standard/43757.html
The informative sections of this standard are publicly available here: https://www.iso.org/obp/ui/#iso:std:iso-iec:27017:ed-1:v1:en

This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
The guidelines in this document can also be relevant to organizations acting as PII controllers. However, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. This document is not intended to cover such additional obligations.
 
The standard can be bought here: https://www.iso.org/standard/76559.html
The informative sections of this standard are publicly available here: https://www.iso.org/obp/ui/#iso:std:iso-iec:27018:ed-2:v1:en

This document specifies security and protection of personally identifiable information components, SLOs and SQOs for cloud service level agreements (cloud SLA) including requirements and guidance.
This document is for the benefit and use of both CSPs and CSCs.
 
The standard can be bought here: https://www.iso.org/standard/68242.html
The informative sections of standards are publicly available https://www.iso.org/obp/ui/#iso:std:iso-iec:19086:-4:ed-1:v1:en

ISO/IEC 27036-4 provides cloud service customers and cloud service providers with guidance on
a) gaining visibility into the information security risks associated with the use of cloud services and managing those risks effectively, and
b) responding to risks specific to the acquisition or provision of cloud services that can have an information security impact on organizations using these services.
ISO/IEC 27036-4 does not include business continuity management/resiliency issues involved with the cloud service. ISO/IEC 27031 addresses business continuity.
ISO/IEC 27036-4 does not provide guidance on how a cloud service provider should implement, manage and operate information security. Guidance on those can be found in ISO/IEC 27002 and ISO/IEC 27017.
The scope of ISO/IEC 27036-4 is to define guidelines supporting the implementation of information security management for the use of cloud services.

The Open Virtualization Format (OVF) standard provides the industry with a standard packaging format for software solutions based on virtual systems, solving critical business needs for software vendors and cloud computing service providers. 
OVF has been developed by the DMTF (see also the DMTF OVF Standards Watch link).
 
The standard can be bought here: https://www.iso.org/standard/72081.html
The informative sections of this standard are publicly available here: https://www.iso.org/obp/ui/#iso:std:iso-iec:17203:ed-2:v1:en

ISO/IEC 17788 provides an overview of cloud computing along with a set of terms and definitions. It is a terminology foundation for cloud computing standards.
ISO/IEC 17788 is applicable to all types of organizations (e.g., commercial enterprises, government agencies, not-for-profit organizations).

ISO/IEC 17789 specifies the cloud computing reference architecture (CCRA). The reference architecture includes the cloud computing roles, cloud computing activities, and the cloud computing functional components and their relationships.

This document provides a consolidate set of concepts, terms, terminology and definitions extracted from the ISO/IEC cloud computing standards, including, but not limited to, ISO/IEC 17788, ISO/IEC 17789, ISO/IEC 19086, ISO/IEC 19941 and ISO/IEC 19944. In addition, relevant and stable terminology from non-cloud computing ISO sources (e.g., Information technology -- Security techniques) and external organization are also included.
This document also contains terms and definitions that are not necessarily contained in other works.
This document also addresses discrepancies and inconsistencies that have been identified in the consolidated terms and definitions to further enhance the usability of the ISO cloud computing terminology.
This document includes additional descriptions and clarifications of cloud computing vocabulary terms, concepts, and their inter-relationships.
 
Under development

The Trusted Cloud Initiative helps cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations, and practices. The Trusted Cloud Initiative will develop reference models and education in a vendor-neutral manner, inclusive of all CSA members and affiliates who wish to participate. The Trusted Cloud Initiative Reference Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

The acute need of the multitude of smart, end-user IoT devices and near-user edge devices to carry out, with minimal latency, a substantial amount of data processing and to collaborate in a distributed way, triggered technology advancements towards adaptive, decentralized computational paradigms that complement the centralized cloud computing model serving IoT networks.
Researchers, computer scientists, system and network engineers developed innovative solutions to fill the technological gaps. These solutions provide faster approaches that gain better situational awareness in a far more timely manner. Such solutions or computational paradigms are referred to as fog computing, mist computing, cloudlets4, or edge computing5,6. Since no consensus exists on distinction among these concepts at the time this document was created, the authors considered it imperative to provide a conceptual model that can be used by practitioners and researchers to facilitate meaningful conversations on the topic.
This document provides the conceptual model of fog computing and its subsidiary mist computing, and aims to place these concepts in relation to cloud computing7 and edge computing.
Additionally, the document introduces the notion of a fog node and the nodes federation model composed of both, distributed and centralized, often hierarhical clusters of fog nodes operating in harmony. This model is introduced as a building-block architectural approach for constructing, enhancing or expanding the fog and mist computing layers.
Furthermore, the document characterizes important aspects of fog computing and is intended to serve as a means for broad comparisons of fog computing capabilities, service models and deployment strategies, and to provide a baseline for discussion of what fog computing is and the way it may be used.
The capabilities, service types and deployment models form a simple taxonomy that is not intended to prescribe or constrain any particular method of deployment, service delivery, or business operation.