Matthew Gardiner writes: Why is it that everyone loves standards in concept, including those for security, but often standards definition and deployment is less than speedy? Why doesn’t everyone involved just pull together and solve this obvious problem now, instead of waiting until we are all suffering from lack of standards? While this is a general issue with standards, let’s look at this issue through the lens of the emerging public cloud-based services (public IaaS, PaaS, & SaaS). There are both rational and less rational reasons why standards are developed and used at a rate slower than they should be for maximum benefit...While no vendor will come out explicitly against standards (remember that everybody loves them), when pressed on the issue, they will come back with answers such as, "existing standards are too immature" or the "market is moving too fast to standardize yet" to explain why they are not moving more quickly to standardize their interfaces. Of course they might be partially right, but these are not objections that generally hold up under explicit and consistent customer demand for standardization. See the broad adoption of SAML by cloud providers as an example of what this pressure can accomplish...

Read the complete article in Infosecurity.