copyright 2009-12 1 roger clarke xamax consultancy, canberra visiting professor in computer science,...
TRANSCRIPT
Copyright2009-12
1
Roger ClarkeXamax Consultancy, Canberra
Visiting Professor in Computer Science, ANUand in Cyberspace Law & Policy, UNSW
25th Bled eConference19 June 2012
http://www.rogerclarke.com/EC/CCEF {.html,.ppt}
A Framework for the Analysisof Cloudsourcing Proposals
Copyright2009-12
2
Framework for Analysis of Cloudsourcing ProposalsAGENDA
1. Cloud Computing2. Research Approach3. Cloudsourcing Theory4. Info & IT Security Theory
• Operational Disbenefits and Risks• Contingent Risks• Security Risks (Security in the Less
Broad)• Commercial Disbenefits and Risks• Compliance Disbenefits and Risks
5. Preliminary Field Reports
Copyright2009-12
3
The Gartner Hype-Cycle for Emerging Technologies
" ... a snapshot of the relative maturity of technologies ... "They highlight overhyped areas against those that are high impact, estimate how long they will take to reach maturity, and help organizations decide when to adopt"
Copyright2009-12
4http://www.lostinthemagicforest.com/blog/......wp-content/uploads/2007/10/gartner2007.jpg
2007
??
Copyright2009-12
5
http://adverlab.blogspot.com/2008/08/...
...media-history-through-gartner-hype.html
2008
Copyright2009-12
6http://www.gartner.com/it/page.jsp?id=1124212
2009
Copyright2009-12
7
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
http://www.gartner.com/it/page.jsp?id=1447613
2010
Copyright2009-12
8
http://cgiorgi.tumblr.com/post/8732569499/gartner-hype-cycle-2011
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
2011
Copyright2009-12
9
The MotivationFind Answers to These Questions
• Is each of the various forms of cloud computing ready for 'prime time'?
• Is it appropriate for organisations to rely on
IaaS, PaaS and SaaS providers?
• On what basis can judgements be made as to whether cloud computing is sufficiently reliable?
• What complementary actions are needed by organisations that adopt it?
Copyright2009-12
10
2. Research Approach
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Copyright2009-12
11
3. Categories of Outsourcing
• Domestic / Within-Nationcf. Cross-Border / 'Off-Shore'
• Hostingcf. 'Utility Computing'cf. Application Service Provision (ASP)
• IT (e.g. equipment hosting) cf. Business Process (e.g. call centres)
Copyright2009-12
12
A 'Primary Drivers' Theme• Cost Reduction• Access to technological expertise• Enabling focus on core competence, rather
than sustaining and managing technical capabilities
• Few Demonstrated Cost-Savings• Little Focus on Impact on Service-Quality• Mis-fit, Lock-in, Lack of Adaptability
And then the Myths Literature
Copyright2009-12
13
Cloud Computing is a Form of Outsourcing
How is it different from earlier forms?• Scalability ('there when it's needed)• Flexible Contractual Arrangements ('pay per
use')• Opaqueness ('let someone else worry about
details')• which means less user control:
• of the application, through commoditisation• of service levels, through SLA dependence
(assuming there's an SLA, and it's negotiable)• of host location, through resource-virtualisation
Copyright2009-12
14
From Insourcing to Cloudsourcing
Off-Site Hosting
Outsourced Facility
Copyright2009-12
15
From Insourcing to Cloudsourcing
Off-Site Hosting
Outsourced Facility
Multiple Outsourced Facilities
Copyright2009-12
16
From Insourcing to Cloudsourcing
Integrated Multi-Site Outsourced Facilities
Copyright2009-12
17
From Insourcing to Cloudsourcing
CloudSourced Facilities
Copyright2009-12
18
From Insourcing to Cloudsourcing
CloudSourced Facilities
Copyright2009-12
19
Levels of Cloudsourcing• Infrastructure as a Service (IaaS)
Amazon EC2, Rackspace, ...
• Platform as a Service (PaaS)MS Azure, Sware Dev Environments, ...
• Software as a Service (SAAS) Google Gmail, Google Docs / AppsMS Live and Office 365DropboxSalesforceMYOB LiveAccounts, Intuit Online
Copyright2009-12
20
Levels of Cloudsourcing• Infrastructure as a Service (IaaS)
1960s on – Remote Application Hosting
• Platform as a Service (PaaS)1990s on – Remote Servers
• Software as a Service (SAAS) 1980s – Application Service Providers (ASPs)1990s – Hotmail => Webmail2004 – Gmail2005 – Zoho2006 – GDocs
Copyright2009-12
21
Levels of Cloudsourcingand What is and isn't Outsourced
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright2009-12
22
The Cloudsourcing Provider• A Commercial Enterprise• A Community Provider
• A Government Business Enterprise
• A Central Government Agency• The User Organisation Itself
The Location(s)• Provider's Choice• User Organisation's Choice• User Organisation's Own Premises
Copyright2009-12
23
Cloudsourcing from the User Perspective
A service that satisfies all of the following conditions:
1. It is delivered over a telecommunications network
2. The service depends on virtualised resourcesi.e. the user has no technical need to be aware which server(s) running on which host(s) is/are delivering the service, nor where the host(s) is/are located
3. The service is acquired under a relatively flexible contractual arrangement, at least re the quantum used
Copyright2009-12
24
Cloudsourcing from the User Perspective
A service that satisfies all of the following conditions:1. It is delivered over a telecommunications network2. The service depends on virtualised resources
i.e. the user does not know which server(s) running on which host(s) is/are delivering the service, nor where the host(s) is/are located
3. The service is acquired under a relatively flexible contractual arrangement, at least re the quantum used
4. The user organisation places reliance on the service for data access and/or data processing
5. The user organisation has legal responsibilities
Copyright2009-12
25
4. Information Security
• Data SecrecyPrevent access by those who should not see
it
• Data Quality / Data IntegrityPrevent inappropriate change and deletion
• Data AccessibilityEnable access by those who should have it
Copyright2009-12
26
IT Security• Security of Service
• Integrity• Reliability• Robustness• Resilience• Accessibility• Usability
• Security of Investment
• Assets• The Business
Copyright2009-12
27
The Conventional IT Security ModelThreats impinge on Vulnerabilities, resulting in
Harm
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Copyright2009-12
28
From Insourcing to CloudsourcingChanges in Risk-Exposure
Sourcing Phases• Insourcing• Outsourced Site• Outsourced Facility• Outsourced Facilities
in Multiple Locations• Integrated Multi-Site
Outsourced Facilities• Cloudsourced
Facilities
Copyright2009-12
29
From Insourcing to CloudsourcingChanges in Risk-Exposure
Sourcing Phases• Insourcing• Outsourced Site• Outsourced Facility• Outsourced Facilities
in Multiple Locations• Integrated Multi-Site
Outsourced Facilities• Cloudsourced
Facilities
Increasing:• Component-Count• Location-Count• Complexity• Dependencies• FragilityDecreasing:• Internal Expertise• Internal
Knowability('set and forget')
Copyright2009-12
30
2. Potential Benefits
• Technical
• Business
• Financial
• Enhanced Service Accessibility
Copyright2009-12
31
Potential BenefitsTechnical
• Scalability
• Professionalised Backup and Recovery
• Copyright Convenience
• Collaboration Convenience
• ...
Copyright2009-12
32
Potential BenefitsBusiness
• Rapid Prototyping
• Rapid Launch of New Services
• Rapid Scalability of Services that have Variable or Uncertain Demand
• Operational Costs that Reflect Usage
• ...
Copyright2009-12
33
Potential BenefitsFinancial
• Lower Investment / Up-Front Cost
• Lower Operational Costs
• Lower IT Staff Costs
• From Capital Budget (CAPEX)to Recurrent Budget (OPEX)?
• Escape from 'Whole of Life' Costing?
• ...
Copyright2009-12
34
Potential BenefitsEnhanced Service Accessibility
Access to Services that are otherwise unavailable
• from any location• from multiple desktop devices• from scaled-down devices• from multiple device-types
Copyright2009-12
35
Downsides from the User Perspective(Security in the Broad)
(1) Operational Disbenefits and RisksDependability on a day-to-day basis
(2) Contingent RisksLow likelihood, but highly significant
(3) Security RisksSecurity in the less broad
(4) Commercial Disbenefits and Risks
(5) Compliance Disbenefits and Risks
Copyright2009-12
36
(1) Operational Disbenefits and Risks• Fit – to users' needs, and customisability• Reliability – continuity of operation
• Availability hosts/server/db readiness/reachability
• Accessibility network readiness
• Usability response-time, and consistency
• Robustness frequency of un/planned unavailability (97% uptime = 5 hr per week offline)
• Resilience speed of resumption after outages
• Recoverability service readiness after resumption
• Integrity – sustained correctness of the service, and the data
• Maintainability – fit, reliability, integrity after bug-fixes & mods
Copyright2009-12
37
(1) Operational Disbenefits and Risks• Fit – to users' needs, and customisability• Reliability – continuity of operation
• Availability hosts/server/db readiness/reachability
• Accessibility network readiness
• Usability response-time, and consistency
• Robustness frequency of un/planned unavailability (97% uptime = 5 hr per week offline)
• Resilience speed of resumption after outages
• Recoverability service readiness after resumption
• Integrity – sustained correctness of the service, and the data
• Maintainability – fit, reliability, integrity after bug-fixes & mods
Copyright2009-12
38
(1) Operational Disbenefits and Risks• Fit – to users' needs, and customisability• Reliability – continuity of operation
• Availability hosts/server/db readiness/reachability
• Accessibility network readiness
• Usability response-time, and consistency
• Robustness frequency of un/planned unavailability (97% uptime = 5 hr per week offline)
• Resilience speed of resumption after outages
• Recoverability service readiness after resumption
• Integrity – sustained correctness of the service, and the data
• Maintainability – fit, reliability, integrity after bug-fixes & mods
Copyright2009-12
39
(2) Contingent Risks• Major Service Interruptions• Service Survival – supplier collapse or withdrawal
Safeguards include software escrow; escrow inspection; proven recovery procedures; rights that are proof against actions by receivers
• Data Survival – data backup/mirroring/synch, accessibility
• Data Acessibility – blockage by opponents or a foreign power
• Compatibility – software, versions, protocols, data formats
• FlexibilityCustomisationForward-Compatibility to migrate to new levelsBackward-Compatibility to protect legacy systemsLateral Compatibility to enable dual-sourcing and escape
Copyright2009-12
40
(2) Contingent Risks• Major Service Interruptions• Service Survival – supplier collapse or withdrawal
Safeguards include software escrow; escrow inspection; proven recovery procedures; rights that are proof against actions by receivers
• Data Survival – data backup/mirroring/synch, accessibility
• Data Acessibility – blockage by opponents or a foreign power
• Compatibility – software, versions, protocols, data formats
• FlexibilityCustomisationForward-Compatibility to migrate to new levelsBackward-Compatibility to protect legacy systemsLateral Compatibility to enable dual-sourcing and escape
Copyright2009-12
41
(3) Security Risks
• Service Security Environmental, second-party and third-party threats to any aspect of reliability or integrity
• Data SecurityEnvironmental, second-party and third-party threats to content, both in remote storage and in transit
• Authentication and AuthorisationHow to provide clients with convenient access to data and processes in the cloud, while denying access to imposters?
• Susceptibility to DDOSMultiple, separate servers; but choke-points will exist
Copyright2009-12
42
(3) Security Risks
• Service Security Environmental, second-party and third-party threats to any aspect of reliability or integrity
• Data SecurityEnvironmental, second-party and third-party threats to content, both in remote storage and in transit
• Authentication and AuthorisationHow to provide clients with convenient access to data and processes in the cloud, while denying access to imposters?
• Susceptibility to DDOSMultiple, separate servers; but choke-points will exist
Copyright2009-12
43
(4) Commercial Disbenefits and Risks• Acquisition
• Lack of information• Non-Negotiability of Terms and SLA
• Ongoing• Loss of Corporate Expertise
re apps, IT services, costs to deliver• Inherent Lock-In Effect
from high switching costs, formats, protocols• High-volume Data Transfers
from large datasets, replication/synchronisation
• Service Levels to the Organisation's Customers
Copyright2009-12
44
(4) Commercial Disbenefits and Risks• Acquisition
• Lack of information• Non-Negotiability of Terms and SLA
• Ongoing• Loss of Corporate Expertise
re apps, IT services, costs to deliver• Inherent Lock-In Effect
from high switching costs, formats, protocols• High-volume Data Transfers
from large datasets, replication/synchronisation
• Service Levels to the Organisation's Customers
Copyright2009-12
45
(5) Compliance Disbenefits and Risks• General Statutory & Common Law Obligations
• Evidence Discovery Law• Financial Regulations• Company Directors' obligations re asset protection,
due diligence, business continuity, risk management• Security Treaty Obligations
• Confidentiality – incl. against foreign governments• Strategic• Commercial• Governmental
• Privacy – particularly Unauthorised Use and DisclosureSecond-Party (service-provider abuse), Third-Party ('data breach','unauthorised disclosure'), Storage in Data Havens (India, Arkansas)
Copyright2009-12
46
(5) Compliance Disbenefits and Risks• General Statutory & Common Law Obligations
• Evidence Discovery Law• Financial Regulations• Company Directors' obligations re asset protection,
due diligence, business continuity, risk management• Security Treaty Obligations
• Confidentiality – incl. against foreign governments• Strategic• Commercial• Governmental
• Privacy – particularly Unauthorised Use and DisclosureSecond-Party (service-provider abuse), Third-Party ('data breach','unauthorised disclosure'), Storage in Data Havens (India, Arkansas)
Copyright2009-12
47
(5) Compliance Disbenefits and Risks• General Statutory & Common Law Obligations
• Evidence Discovery Law• Financial Regulations• Company Directors' obligations re asset protection,
due diligence, business continuity, risk management• Security Treaty Obligations
• Confidentiality – incl. against foreign governments• Strategic• Commercial• Governmental
• Privacy – particularly Unauthorised Use and DisclosureSecond-Party (service-provider abuse), Third-Party ('data breach','unauthorised disclosure'), Storage in Data Havens (India, Arkansas)
Copyright2009-12
48
(5) Compliance Disbenefits and Risks• General Statutory & Common Law Obligations
• Evidence Discovery Law• Financial Services Regulations• Company Directors' obligations re asset protection,
due diligence, business continuity, risk management• Security Treaty Obligations
• Confidentiality – incl. against foreign governments
• Strategic• Commercial• Governmental
• Privacy – particularly Unauthorised Use and DisclosureSecond-Party (service-provider abuse), Third-Party ('data breach','unauthorised disclosure'), Storage in Data Havens (India, Arkansas)
Copyright2009-12
49
Risk Management Strategies
Processes• Risk Assessment
=> Risk Management
Legal Aspects• Service Level
Agreement (SLA)• Contract Terms
Ongoing Due Diligence• Audit and Certification
Multi-Sourcing• Several Suppliers
Of necessity compatible• Parallel, In-House
• Redundancy – Multiple and Independent
• Processing Facilities
• Hot/Warm-Site• Data Storage
Copyright2009-12
50
Testing Needed
• Is this Framework relevant, understandable, practicable and comprehensive?
• Approaches• Review of its Rationale• Pilot-Testing in various settings• Deep case studies
• A Preliminary Test of the Checklist• Media Reports of Cloud Outages
Copyright2009-12
51
5. Preliminary Field Reports105 relevant articles49 relevant events:
• 26 related to 10 SaaS providers• 7 events related to 5 PaaS providers• 16 events related to 5 IaaS providers
Clarke R. (2012) 'How Reliable is Cloudsourcing?A Review of Articles in the Technical Media 2005-11' Comp. Law & Security Review 28, 1 (Feb 2012) 90-95, http://www.rogerclarke.com/EC/CCEF-CO.html
Copyright2009-12
52
Inferences from the Reports(1) Outages are not Uncommon(2) Outages Arise from Multiple Causes(3) Providers' Safeguards are Sometimes Ineffective(4) Failure Cascades are Prevalent(5) Providers have had to be Forced to be Responsive(6) Providers have often been Uninformative(7) Outages may Affect Important Ancillary Services(8) The Direct Impacts have sometimes been Significant(9) Indirect Impacts have often been Even More
Significant(10) Few Customers are Recompensed
Copyright2009-12
53
Conclusions• Cloudsourcing can be better understood and better
managed, by drawing on prior knowledge of:• Outsourcing• Security and Risk Management
• Theoretical Risks have been identified• Evidence shows that they are real, and even common• Organisation often adopt services without evaluation• Directors have legal responsibilities
re business risk assessment and management• The framework provides a basis for executives to
assist Directors in fulfilling their responsibilities
Copyright2009-12
54
Framework for Analysis of Cloudsourcing ProposalsAGENDA
1. Cloud Computing2. Potential Benefits3. Cloudsourcing Theory4. Info & IT Security Theory
• Operational Disbenefits and Risks• Contingent Risks• Security Risks (Security in the Less
Broad)• Commercial Disbenefits and Risks• Compliance Disbenefits and Risks
5. Preliminary Field Reports
Copyright2009-12
55
Roger ClarkeXamax Consultancy, Canberra
Visiting Professor in Computer Science, ANUand in Cyberspace Law & Policy, UNSW
25th Bled eConference19 June 2012
http://www.rogerclarke.com/EC/CCEF {.html,.ppt}
A Framework for the Analysisof Cloudsourcing Proposals