Consistent Auditing in the Cloud Era

With the growth of cloud computing and the increase of customers deploying workloads in hybrid clouds, having the ability to audit information in a standard way across multiple cloud platforms has come to the forefront. The good news is that a lot of work has already been done in this area. The DMTF addressed this need with a new initiative launched last year that looks at the ability to create open standards to federate and expose auditing data for cloud consumers. While it’s still early, I expect that over time this direction will give cloud consumers more confidence that their data is safe and that they’re getting what they paid for.

In addition, the DMTF released a whitepaper earlier this year that presents several use cases that could benefit from standards interfaces and data formats. These uses cases explore a variety of scenarios that highlight the need for interoperability, including the need for cross-platform tools to validate compliance controls and security procedures adherence. Other use cases looked at the ability to verify controls around geo-location. I encourage you to read through this whitepaper, to see if you agree with the scenarios and decide if they reflect your current IT environment.

Following the whitepaper, the DMTF recently published a draft of a new specification called “Cloud Auditing Data Federation (CADF) – Data Format and Interface Definitions Specification.” This specification provides a data format and interface definitions that support the federation of normative audit event data along with domain specific identifiers and standardized event classifications to and from public clouds and / or hybrid clouds. This data can then be used to create customized reports and logs. Today there are many logs and other interfaces from which you need to understand and decode to find the needed information and there are many different codes and messages that must be understood to get a true picture. With this new standard, there is hope that over time cloud providers will be able to report information in a consistent way through a standard REST-based interface. This will enable better verification and contractual commitments by cloud consumers.

Adoption of the CADF specification as well as other open standards from cloud providers’ management platforms such as Cloud Infrastructure Management Interface (CIMI) and the Open Virtualization Format (OVF) would also go far to instill greater trust in “cloud hosted applications.” Cloud consumers rely on their service provider to deliver specific services along with associated service levels – however, once this specification is implemented, consumers will be able to have complete confidence in the provider to deliver without fail. This would be a significant step forward in fulfilling the promise of an open cloud marketplace, which I know customers are ultimately after.

What do you think about the DMTF’s whitepaper and new specification? Will these efforts help you on your cloud journey? I welcome your feedback and comments.

Other posts by

New Activity in App Standards

There has been a lot of activity on improved app management standards lately. And it has been happening on several fronts, all at the same time. Many years ago I co-authored a book, which is no longer in print, called the Foundations of Application Management, published by John Wiley and Sons. In that book I […]

Open Standards and Open Source in the Mobile-Cloud Era

Having been a part of industry standards for over 20 years, I am able to see the changing landscape of Open Standards and Open Source in the new Mobile-Cloud era. The shifts in the role standards and open source are playing today are much different from what it was 20 years ago. They have been […]

The Open Software-Defined Data Center Incubator

As I’ve shared before, the Distributed Management Task Force (DMTF) has been engaged for many years in the development of IT infrastructure management standards. In fact, these standards have become the underpinnings of today’s systems management infrastructure and also enable the scalability of current data centers. Beyond this activity, the DMTF also developed standards for […]