On Heels of SAPIBM ISO Debuts International Cloud Standards

On Heels of SAP-IBM, ISO Debuts International Cloud Standards

4 minute read
Dom Nicastro avatar

Just a day after the SAP-IBM cloud partnership news broke, an international standard setting body issued two standards related to cloud computing.

Perhaps CEOs Ginni Rometty of IBM and Bill McDermott of SAP should take note.

ISO (the International Organization for Standardization) today released what officials there call "ground-breaking standards" that "lay down the basic terminology and architectural framework" for cloud computing.

The cloud "poses many issues, chiefly related to compatibility," ISO's Vivienne Rojas blogged today. "With more and more providers offering cloud-based services, the technology has suffered from chaotic development, making it almost impossible for companies to ascertain the quality of services offered."

Breaking Down Standards

The ISO released two standards designed to "put some order in the chaos" of cloud computing.

Overview and vocabulary, ISO/IEC 17788. Provides definitions of common cloud computing terms, related to categories like Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS). Distinguishes between public and private clouds.

Reference architecture, ISO/IEC 17789. Contains diagrams and descriptions of how the various aspects of cloud computing relate to one another.

The ISO worked with the International Electrotechnical Commission (IEC) on these standards. 

“Cloud computing is a shift in the paradigm for providing IT capabilities to users that may impact a great deal of future IT products, systems and services,” Donald Deutsch, chair of an ISO/IEC committee, noted in a statement. “These first international cloud computing standards provide a sound foundation for follow-on standards as needs become more clear in this area.” 

Rojas admitted the "sky’s the limit "for cloud computing. But, she added, many enterprises that opt for these services end up with "complicated multi-cloud deployments that become unmanageable." The new ISO/IEC standards on cloud computing "lay down the basic terminology and architectural framework for this expanding industry."

Addressing Issues

Of course, we know of the potential problems with the cloud, not the first of which is potential downtime and security issues.

Just Tuesday night, the same day it announced its partnership with IBM, SAP reported on its website a vulnerability in certain versions of SAP Cryptographic Libraries used by SAP NetWeaver ABAP and SAP HANA applications "which might enable an attacker to spoof system digital signatures."

"We have thoroughly investigated the deficiency," according to the SAP post. "The Cryptographic Libraries of SAP Java applications are not affected by the deficiency. The issue impacts applications that use SAP NetWeaver ABAP or SAP HANA system generated digital signatures."

Mariano Nunez, CEO of Onapsis, which provides business application security software, told CMSWire that vulnerability doesn't affect the IBM partnership specifically.

Learning Opportunities

"But," he added, "it is in fact an example of how critical it is to ensure SAP implementations are protected against cyber-attacks, regardless of whether they are in the cloud or on-premise."

Nunez suggested users should obtain the SAP Security Note and implement the recommended solution. 

SAP, IBM Undeterred

Naturally, SAP and IBM see the upside in cloud computing.

IBM's been expanding its cloud portfolio, and the announcement that SAP HANA Enterprise Cloud will expand to major markets with the addition of the IBM cloud data centers only makes its investments more worthy.

Officials at the company say the partnership:

  • Allows customers can take advantage of SAP HANA Enterprise Cloud with the global footprint of IBM Cloud
  • Provides an open-standards-based approach that allows integration of existing technology investments with new workloads
  • Includes visibility and control to enable enterprises to apply and extend their security best practices into a cloud environment
  • Ability to scale to start locally and scale globally with cloud capabilities and also comply with data residency and other regulatory mandates

Not a New Relationship

Kevin Ichhpurani, senior vice president and SAP's head of business development and strategic ecosystem, told CMSWire SAP and IBM have a 40-plus year relationship and have been actively collaborating in hosted and cloud environments in the last decade. 

"Our enterprise customers can all benefit from this, as this radically increases the scale and availability of Hana Enterprise Cloud (HEC)," Ichhpurani said. "Additionally, if customers have to adhere to specific data privacy, data sovereignty regulations, or industry-specific regulations, this could provide them with an excellent option."

For SAP, the IBM cloud partnership helps them accelerate the adoption of cloud and the HANA platform, "and helps us meet the exponentially growing demand for such a solution. This helps us accelerate the realization of the HEC vision, for which we have experienced exponential demand."

The offering is now available to customers (on a limited scale), and will be available at full-scale in Q1 2015.