Major release of CloudCode v2.0 today|
by IITP CloudCode Team
Back in 2011, a number of New Zealand's major Cloud Providers met to discuss the creation of a Code of Practice for Cloud Computing. This led to broader consultation facilitated by IITP and the eventual creation of the "CloudCode".
Fast-forward to today and IITP is delighted to announce the release of v2.0 of the CloudCode this morning. This release is a significant milestone and puts New Zealand's cloud industry at the forefront globally, while paving the way for international adoption. CloudCode v2.0 also prepares for the Register of CloudCode Signatories, establishes a complaints process and much more.
So what's changed and what will the CloudCode mean for our industry?
An introduction: What is the CloudCode and why?
"Trust" is one of the most cited reasons companies choose not to move to the Cloud. To hand over your precious data and systems to someone else you have to be able to trust that they know what they're doing, have proper systems in place and aren't just taking you for a ride.
New Zealand's Cloud Computing Code of Practice, or CloudCode as it is now known, was established to build trust in the Cloud industry by identifying a broad range of disclosures that "good" Cloud Computing providers should make to their users to allow for informed consent.
Signatories to the CloudCode take their responsibilities seriously and make two key commitments:
- They won't say an offering is "Cloud Computing" unless it really is (ie. no "Cloudwashing"). There are specific and significant benefits from genuine Cloud products or services but unfortunately some unscrupulous providers try to pass non-Cloud products or services off as Cloud Computing.
- They will disclose important details about their Cloud products and services - upfront - to allow potential customers to make informed decisions. No surprises, no hiding behind sales pitches, and no obfuscation. Just the facts. And to be sure, the CloudCode sets these disclosures out in detail.
The CloudCode is voluntary and doesn't prescribe what Cloud Providers must have in place; but does require that signatories are open and transparent about it with their customers - as all good providers should be.
The development of the CloudCode
The CloudCode has been developed by the Cloud Computing industry and other stakeholders; in fact over 250 Cloud companies, individuals and others have contributed to its development. The Institute of IT Professionals NZ (formerly the NZ Computer Society) facilitated the development of the Code.
The initial development of the CloudCode was funded by industry, with Equinox IT, Gen-i, Xero, OneNet, Webdrive, the NZ Computer Society (now the Institute of IT Professionals NZ Inc), Salesforce.com, Google, EOSS Online, InternetNZ, NZRise and Systems Advisory Services all contributing financially to its development.
Following broad consultation, Version 1.0 of the CloudCode was released by NZCS (now IITP) at the NZ Cloud Computing Summit in 2012, New Zealand's premiere Cloud Computing event. Version 1.0 outlined the CloudCode disclosures providers should make and signalled the intention to develop a Register of CloudCode Signatories so Disclosures could be reviewed and signatories could promote their involvement in the Code.
A full history of the CloudCode is outlined on the CloudCode website.
Release of Version 2.0: What's changed?
Version 2.0 is a major update and provides for a number of changes including:
- Preparing for the release of the Register of CloudCode Signatories next month, including the new Complaints process, CloudCode Signatory logo and branding and other supporting material;
- In preparation for international adoption of the CloudCode, New Zealand-specific requirements have been moved to a specific New Zealand schedule and references removed from the rest of the CloudCode;
- Following consultation, changes around the Security section to move registration on the CSA STAR Register to a disclosure (in line with the rest of the CloudCode) rather than a mandatory requirement;
- Given the emerging nature of standards in this space, we've moved away from maintaining a list of recognised standards (other than CSA STAR). Some will be in the guidance to the Code. Providers may now list other standards;
- This update also introduces the new CloudCode branding in both the document, logos and website;
- A rewritten introduction to make the core requirements clear, and other wording and structural improvements throughout the document.
As outlined below, a number of other countries have expressed an interest in adopting the CloudCode. Consultation on this is currently occuring in Australia.
Xero has a great blog piece on the changes here.
Reaction from Cloud industry to Version 2.0
From the Press Release:
Xero chief executive Rod Drury says: "It's great to see New Zealand leading the world in the transition to the cloud. The interest from overseas parties in what we're doing here has been great for our local industry which is leading the charge in responsible cloud practices."
Web Drive general manager Robin Dickie says: "We plan to distribute CloudCode to our 25,000 customers to help educate the marketplace on what Cloud Infrastructure as a Service (IaaS) is all about. Many competitors have their own definitions of Cloud services, however we are excited to join the Institute of IT Professionals in creating an industry-wide standard."
OneNet managing director Michael Snowden says: "I am delighted that the CloudCode has come to fruition. Cloud computing has enormous potential to lower IT costs, increase security and provide a powerful platform for innovation. The CloudCode will go a long way towards lowering user risk and encouraging the deployment of cloud services."
Privacy Commissioner Marie Shroff also welcomed the latest release of the Code, saying "It's important for consumers looking into cloud computing to understand and assess the risks involved and make sound judgments. By setting a standard for local cloud providers to follow, the code makes sure that participating providers will give the right information to consumers to help them make good decisions. This is a very positive initiative from the IITP and I hope it will be widely adopted."
A significant number of Cloud providers have indicated they intend to become formal signatories to the CloudCode when the Register of CloudCode Signatories launches next month.
Potential Australian adoption of CloudCode
A number of countries have expressed significant interest in adopting the CloudCode and consultation began last week in Australia. IITP has been in discussions with representatives of the Australian Federal Government and is working with our Australian kindred body, the Australian Computer Society (ACS), who are conducting consultation on behalf of their Government.
From this morning's Press Release, ACS chief executive Alan Patterson said:
"As vendor neutral, independent, member-based professional societies, the ACS and the IITP are uniquely placed to provide policy guidance in the national interest and have been instrumental in driving the awareness of cloud issues in the region.
With the explosion in consumer use of the cloud over the last two years, establishing a protocol which better supports government, business and consumers is an essential part of securing our digital future and ensuring the growing use of Cloud technology delivers the best possible outcome for all."
We're looking forward to continuing to work with our Australian cousins to work through the best option for Australia.
CloudCode Register opening next month
Version 2.0 of the CloudCode also prepares for the release of the Register of CloudCode Signatories next month. The Register is launching at the New Zealand Cloud Computing Conference in August. (Remember: IITP members receive 10% Discount to the Cloud Computing conference).
As well as providing for the Register, Version 2.0 provides for the Cloudcode Signatory logo (a quality mark that Cloud providers can use to promote their involvement in the CloudCode), and a complaints and disputes process.
Want to know more? Check out www.thecloudcode.org or email firstname.lastname@example.org.
Next Article (ICT procurement and Emergency Social Media) »« Return to Contents
Contributed content is the opinion of the author only, and not necessarily the view of IITP.