Cloud Standards Coordination Phase 2; Identification of Cloud user needs

DSR/NTECH-00030

General Information

Status
Published
Publication Date
04-Feb-2016
Technical Committee
Current Stage
12 - Completion
Due Date
12-Feb-2016
Completion Date
05-Feb-2016
Ref Project

Buy Standard

Standard
ETSI SR 003 381 V2.1.1 (2016-02) - Cloud Standards Coordination Phase 2; Identification of Cloud user needs
English language
77 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

ETSI SR 003 381 V2.1.1 (2016-02)






SPECIAL REPORT
Cloud Standards Coordination Phase 2;
Identification of Cloud user needs

---------------------- Page: 1 ----------------------
2 ETSI SR 003 381 V2.1.1 (2016-02)



Reference
DSR/NTECH-00030
Keywords
cloud, requirements, user
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2016.
All rights reserved.

TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI SR 003 381 V2.1.1 (2016-02)
Contents
Intellectual Property Rights . 6
Foreword . 6
Modal verbs terminology . 6
Introduction . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 7
3 Abbreviations . 8
4 The rationale for the survey . 9
4.1 Survey goals and objectives . 9
4.2 Content of the report. 9
5 Survey presentation . 10
5.1 Survey goal and structure . 10
5.2 Survey methodology & main target areas . 10
5.3 Survey distribution . 10
5.4 Survey achievements and limitations . 11
5.5 Other lessons learned . 11
6 Survey analysis . 11
6.1 Significant findings . 11
6.2 Trends and patterns . 12
6.3 Detailed findings . 13
6.3.1 Adoption of Cloud Computing . 13
6.3.2 Interoperability . 14
6.3.3 Security - Privacy and Integrity . 15
6.3.4 Standards . 17
6.3.5 Certification . 18
6.4 Impact on other Cloud Standards Coordination Phase 2 reports . 20
6.5 Relationship to other activities . 21
7 Conclusions and recommendations . 22
8 Areas for further study . 23
Annex A: Survey Responses and Charts . 25
A.1 Presentation of results . 25
A.2 Background information. 26
A.3 General purpose information . 26
A.4 Moving to Cloud Computing: expected benefits and challenges to face . 28
A.5 Adoption of Cloud Computing in your organization . 32
A.6 Cloud Computing adoption: preparing your organization . 34
A.7 Cloud Computing: Deployment models and Service categories . 39
A.8 Emerging Cloud Service Categories . 42
A.9 Cloud Computing and Standards . 44
A.10 Cloud Computing Standards: a detailed view . 46
A.11 Cloud Computing Certification Standards . 51
ETSI

---------------------- Page: 3 ----------------------
4 ETSI SR 003 381 V2.1.1 (2016-02)
A.12 Information on the person replying to the survey . 56
Annex B: List of the survey distribution channels . 58
Annex C: Full text of the survey . 61
Annex D: Change History . 76
History . 77


ETSI

---------------------- Page: 4 ----------------------
5 ETSI SR 003 381 V2.1.1 (2016-02)
List of figures
Figure 1: Expectations on potential Cloud Computing benefits (Question 7) .13
Figure 2: Maturity of Cloud Computing: critical issues (Question 11) .15
Figure 3: Maturity of your organization: critical challenges (Question 9) .15
Figure 4: Cloud Computing Standards impact on organization concerns (Question 34) .17
Figure 5: To which degree are Cloud Computing Standards considered or used (Question 35) .18
Figure 6: Adoption and use of CC standards: Data protection (Question 40) .18
Figure 7: Is Cloud Certification a possibility to improve confidence in Cloud (Question 47) .19
Figure 8: Ranking Cloud Certification areas according to their importance (Question 48) .19
Figure 9: Awareness of CCSL, the Cloud Certification Schemes List (Question 51) .20
Figure 10: Awareness of some Cloud Certification Schemes listed in CCSL (Question 52) .20
Figure 11: A summary of Cloud Users concerns .22
Figure 12: Use of Cloud Computing in enterprises in Europe (source: Eurostat) .23


ETSI

---------------------- Page: 5 ----------------------
6 ETSI SR 003 381 V2.1.1 (2016-02)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Special Report (SR) has been produced by ETSI Technical Committee Network Technologies (NTECH).
The present document is approved by the NTECH Technical Committee and for publication on the Cloud Standards
Coordination website (http://csc.etsi.org).
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
Cloud Computing is increasingly used as the platform for ICT infrastructure provisioning, application/systems
development and end user support of a wide range of core services and applications for businesses and organizations.
Cloud Computing is drastically changing the way ICT is delivered and used. However, many challenges remain to be
tackled. Concerns such as security, vendor lock-in, interoperability and accessibility, service level agreements more
oriented towards users are examples of issues that need to be addressed. The survey discussed in the present report aims
at collecting information on the respondents' awareness of those concerns.
Standards and certification programs play an important role in terms of increasing the market confidence in Cloud
Computing. The promotion of Cloud Computing standards and certification schemes that address current concerns is
necessary in order to ensure that both customers/users as well as providers will regard Cloud Computing with the same
level of reliability, trust and maturity as traditional ICT.
In February 2015, the Cloud Standards Coordination Phase 2 (CSC-2) was launched by ETSI to address issues left open
after the initial Cloud Standards Coordination work was completed at the end of 2013. Cloud Standards Coordination
Phase 2 is investigating some specific aspects of the Cloud Computing standardization landscape, in particular from the
point of view of the Cloud Computing users (e.g. SMEs, Administrations). It will also generate a new snapshot
regarding the state of standards and investigate the interaction and relation between standardization and open source
based software and solutions.
The present document presents the results of the web survey conducted in April - September 2015.

ETSI

---------------------- Page: 6 ----------------------
7 ETSI SR 003 381 V2.1.1 (2016-02)
1 Scope
The present document presents the results of the web survey conducted in April - September 2015.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
Not applicable.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] Recommendation ITU-T Y.3500: "Information technology - Cloud computing - Overview and
vocabulary".
NOTE: Same as [i.5].
[i.2] Gartner, G00271282: "Budgeting for the SaaS Security Gap", January 28, 2015.
[i.3] Skyhigh: "Cloud Adoption & Risk Report", Q1 2015.
[i.4] Statistical Classification of Economic Activities in the European Community, Rev. 2 (2008).
NOTE: See:
http://ec.europa.eu/eurostat/ramon/nomenclatures/index.cfm?TargetUrl=LST_NOM_DTL&StrNom=NA
CE_REV2.
[i.5] ISO/IEC 17788: "Information technology -- Cloud computing -- Overview and vocabulary".
[i.6] ISO/IEC 17789: "Information technology -- Cloud computing -- Reference architecture".
[i.7] Recommendation ITU-T Y.3502: "Information technology - Cloud computing - Reference
architecture".
NOTE: Same as [i.6].
[i.8] ISO/IEC 27001: "Information technology-- Security techniques -- Information security
management systems - Requirements".
[i.9] ISO/IEC 19086-1:"Information technology -- Cloud computing -- Service level agreement (SLA)
framework and technology Part 1: Overview and concepts".
ETSI

---------------------- Page: 7 ----------------------
8 ETSI SR 003 381 V2.1.1 (2016-02)
[i.10] ISO/IEC 19941: "Cloud Computing Interoperability & Portability".
[i.11] ISO/IEC 27018: "Information technology -- Security techniques -- Code of practice for protection
of personally identifiable information (PII) in public clouds acting as PII processors".
[i.12] ETSI SR 003 382: "Cloud Computing Standards and Open Source".
[i.13] ETSI SR 003 391: "Interoperability and Security in Cloud Computing".
[i.14] ETSI SR 003 392: "Cloud Computing Standards Maturity Assessment".
3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AICPA American Institute of Certified Public Accountants
API Application Programming Interface
CaaS Communications as a Service
CAPEX CAPital EXpenditures
CC Cloud Computing
CCSL Cloud Certification Schemes List
CEF Connecting Europe Facility
CompaaS Compute as a Service
CRM Customer Relationship Management
CSA Cloud Security Alliance
CSC Cloud Service Customer
CSC-1 Cloud Standards Coordination Phase 1
CSC-2 Cloud Standards Coordination Phase 2
DsaaS Data Storage as a Service
DSI Digital Service Infrastructure
EGI European Grid Infrastructure
ENISA European Union Agency for Network and Information Security
ERP Enterprise Resource Planning
HR Human Resources
IaaS Infrastructure as a Service
IAM Identity and Access Management
ICT Information and Communications Technology
IEC International Electrotechnical Commission
ISO International Organization for Standardization
ITIL Information Technology Infrastructure Library
ITU International Telecommunication Union
ITU-T ITU Telecommunication Standardization Sector
NaaS Network as a Service
NIST National Institute of Science and Technology
OASIS Organization for the Advancement of Structured Information Standards
OCCI Open Cloud Computing Interface
OCF Open Certification Framework
OGF Open Grid Forum
PaaS Platform as a Service
PII Personally Identifiable Information
SaaS Software as a Service
SDO Standards Development Organization
SIG Special Interest Group
SLA Service Level Agreement
SME Small or Medium Enterprise
SOA Service Oriented Architecture
SSO Standards Setting Organization
STF Specialist Task Force (an ETSI structure for internal projects)
WP Work Package
ETSI

---------------------- Page: 8 ----------------------
9 ETSI SR 003 381 V2.1.1 (2016-02)
4 The rationale for the survey
4.1 Survey goals and objectives
The Cloud Standards Coordination project (CSC)
Cloud Standards Coordination Phase 1 (CSC-1) took place in 2013 as a community effort supported by ETSI and
primarily addressed the Cloud Computing standards roadmap. In December 2013 the results were publicly presented in
a workshop organized by the European Commission (EC), the CSC-1 Final Report being available at:
http://ec.europa.eu/digital-agenda/en/news/cloud-standards-coordination-final-report
The report provided a maturity assessment "snapshot" on the Cloud Computing standardization landscape at the end of
2013. Important gaps in the Cloud Computing standards landscape were identified such as in the domains of
interoperability, security, privacy, service level agreement and regulation, legal and governance aspects.
Cloud Standards Coordination Phase 2
Given the dynamics of the Cloud Computing market and standardization, Cloud Standards Coordination Phase 2
(CSC-2) was launched in February 2015 with the objective of producing an updated version of the "snapshot" of the
Cloud Computing standardization landscape.
The main involved stakeholders for the preparation of the CSC-1 snapshot were from the Cloud Computing industry, in
particular Cloud Computing providers. On the other hand, CSC-2 aims to better take into account the needs of Cloud
Computing customers on their Cloud related requirements and priorities. This has helped CSC-2 to further assess the
maturity of Cloud Computing standards and evaluate how standards can support the Cloud Computing customers'
priorities.
Cloud Standards Coordination Phase 2 survey
To support these objectives, CSC-2 has created a survey for collecting feedback from the Cloud Computing community
in terms of needs, benefits, challenges and areas of concerns regarding the adoption of Cloud Computing. The outcome
of the survey will be the primary material for evaluating the perceived maturity of Cloud Computing standards. The
results will also help to understand the interest and requirements of Cloud Computing stakeholders regarding
certification.The survey is therefore targeting current and future Cloud Customers in the private and public sectors,
SMEs as well as large organizations in all vertical sectors. Other stakeholders from the entire Cloud Computing
eco-system (e.g. Cloud Computing providers) were also invited to answer.
4.2 Content of the report
Clause 5 of the present document presents the content of the survey, the methodology used for its preparation and
distribution, information about the collected feedback as well as lessons learnt through the execution of the survey.
Clause 6 provides details resulting from the analysis of the collected survey feedback allowing to understand the needs
of the Cloud Computing community on a more granular scale and to derive main trends and patterns as a result.
Clause 7 highlights conclusions and recommendations from the survey. This includes an identification of the cloud
stakeholders' highest priorities leading to possible refinements of the CSC Phase 1 report conclusions.
Clause 8 suggests some areas for further work.
Annex A contains a detailed presentation of the survey results, including charts and tables.
Annex B lists the channels through which the survey has been distributed.
Annex C shows the survey as it has been proposed on the CSC web site (at http://csc.etsi.org).
ETSI

---------------------- Page: 9 ----------------------
10 ETSI SR 003 381 V2.1.1 (2016-02)
5 Survey presentation
5.1 Survey goal and structure
To create the basis for the analysis, a survey has been designed and conducted from April to September 2015. Even
though the survey is targeting a specific set of users (SMEs, etc.), it is also using the input from larger actors. The
survey has also been distributed to as many industry sectors as possible, in order to identify any industry specific
aspects and concerns that might exist.
The survey comprises 59 questions grouped in 14 pages stretching from general questions regarding the respondent's
company and Cloud Computing experience, through increasingly specialized questions regarding Cloud Computing
standards, to a final block of questions regarding certification. Taking the entire survey would approximately require
20-30 minutes. Apart from a number of core questions for most questions answers were not mandatory. The individual
answers are treated confidentially and only aggregated results will be published.
th
Per September 25 2015, at the closure of the web survey, 376 respondents have completed it.
5.2 Survey methodology & main target areas
The survey collects responses to questions such as:
• What are the typical use cases that users want to implement in the short to medium term?
• What are their expectations and perceived concerns that limits the adoption of Cloud Computing?
• What are the assets and possible investments made in Cloud Computing?
• How are they going to deal with existing investments (legacy)?
• Which role are they expecting to play in the Cloud Computing value chain?
• To which extent individual Cloud Computing standards are known and have already been used?
• What support from standards are they expecting?
• What is the significance of certification schemes and what is the intended use?
5.3 Survey distribution
The main target group for the survey is end users in SMEs in the private sector, but any potential and existing cloud
customer is welcome to complete the survey.
th
The survey was launched on March 30 , 2015. A distribution letter has been made available to all organizations that
were willing and able to use it for promoting the survey. Over 120 different channels have been contacted to relay the
survey and have distributed the survey URL.
A wide range of different distribution channels have been used like:
• European Commission DGs web sites and distribution list (emails, Twitter, etc.).
• Standards Setting Organizations, global, regional or national.
• ETSI membership (750 organizations from various industry sectors).
• Industry Associations (e.g. Eurocloud).
• Public Administrations (across Europe, but predominantly in countries where the experts of the CSC reside).
®
• LinkedIn groups.
• Open Source projects.
• European projects (e.g. CloudWatch, Cloud4Europe, CloudingSME).
ETSI

---------------------- Page: 10 ----------------------
11 ETSI SR 003 381 V2.1.1 (2016-02)
• Cloudscape.
• European Grid Infrastructure (EGI).
To ensure the largest possible number of answers, the survey has been left open as long as possible, i.e. up to
th
September 25 , the last day of the public commenting phase for the four CSC-2 reports.
A list of contacted individuals and organizations is presented in Annex B.
5.4 Survey achievements and limitations
As pointed out earlier in the present document, the number of responses (376 per 25/09/2015) is deemed sufficient
enough in order to identify high-level trends and patterns. The results are also assessed as sufficient in order to do
high-level comparisons between CSC -1 and CSC-2. In this respect, it can be argued that the output resulting from the
Work Package 1 of STF 486 (the web survey and related activities) is considered successful. As presented in the below
sections, responses in many parts of the survey are encouraging in terms of awareness of the importance of standards
and certification schemes among many of the survey respondents.
However, the present survey is based on the voluntary contribution of a sample of respondents on which the promoters
of the survey had little capacity to anticipate and no control. Only best effort attempts have been made to collect the
largest number of answers possible, with the largest possible span of organization sizes, countries, sectors, etc.
Therefore, the number of responses may not be significant enough to allow in-depth and conclusive analysis at a
detailed level for all of the questions of the survey. Any reader of the present document should therefore be cautious
about making any decisive conclusion based on the materials of this report.
Another aspect when assessing the results of the survey that needs to be acknowledged is that the benefits, concerns and
challenges chosen by the respondents might vary based on the organization (in terms of size), on the sector (private or
public) in which it operates, etc. It is important to keep in mind that some of the issues presented as major in a certain
user category might very well be seen as insignificant or even non-existent in another: this may be addressed in some
significant cases (see clause 8).
5.5 Other lessons learned
Designing a survey is a complex task. The main objective has been to cover a number of different topics in order to
encompass the target areas identified as relevant for the query, while attempting to keep the survey's length and
complexity at a minimum. Keeping the questions relevant and unambiguous has been another important task.
Depending on the role of the respondent in the Cloud Computing eco-system, the questions might in some circumstance
be interpreted differently. To overcome the identified challenges, two important elements have been helpful. The most
important element to mitigate the issues identified was the feedback from reviewers of the draft survey text. Another
positive element was the existence and use of clear definitions of the roles in Cloud Computing: a significant maturation
from the CSC-1 to CSC-2 was recognized in this respect. Where applicable in the survey, t
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.