"I am aware that in one of the worst cases, a cloud service user has lost its data completely as a result of vendor lock-in," said Antony Ma (pictured, right), chairman of Cloud Security Alliance (CSA) Hong Kong and Macau Chapter. "Therefore, when companies use cloud services that are new in the market, which offers a free video encoding platform, for example, the user has the responsibility of looking after the its data."
Developing and adopting industry standards
"When it comes to testing and assurance, cloud users would want to know how it can test the cloud services. This includes stress test, disaster recovery and business continuity planning," Yung said.
The IT industry often discusses the need to develop and adopt cloud standards. Standardization of the cloud will involve the areas of governance, audit and product and data interoperability, and some commonly adopted standards include COBIT, OCF (Open Certification Framework developed by Cloud Security Alliance) and ISO27001 on information security.
"As cloud services continue to evolve, it is critical that we work together as an industry to provide insights and recommendations on these issues so that service and solution providers can look to innovate and deliver what the cloud services market needs to advance and what enterprises need to succeed," Yung said.
In Hong Kong, the Office of Government Chief Information Officer (OGCIO) has in April formed the Working Group on Cloud Computing Interoperability Standards (WGCCIS), under the Expert Group on Cloud Computing Services and Standards announced in March. WGCCIS carries the aim of developing the best practices on interoperability and portability in cloud computing, and contributing to the development of cloud standards by governmental and standardization organizations in China, among many others.
There have also been industry efforts to drive standardization of cloud computing. In April, six local ICT bodies and quasi-government ICT bodies in Hong Kong found the Hong Kong Cloud Standards Alliance. The Alliance aims to develop "the best and the most appropriate practices scheme, and promotes cloud computing connectivity standards across the different industry sectors and regions."
Further business buy-in needed
While there are many positive indicators that support the planned adoption and perceived use and value of cloud services in the years ahead, there remains much progress to be made to engage and gain the buy-in among business leaders.
"As a first step, we as an industry must still work to provide a clearer definition of what cloud is and how the many innovative and secure services can help positively impact today's businesses," said Antony Ma, chairman of Cloud Security Alliance (CSA) Hong Kong and Macau Chapter. "But, we need to start at the top and engage senior management. Cloud needs can no longer be thought of as a technical issue to address, but rather a business asset to embrace."
Sign up for CIO Asia eNewsletters.