Copyright2009-12

1

Roger ClarkeXamax Consultancy, Canberra

Visiting Professor in Computer Science, ANUand in Cyberspace Law & Policy, UNSW

25th Bled eConference19 June 2012

http://www.rogerclarke.com/EC/CCEF {.html,.ppt}

A Framework for the Analysisof Cloudsourcing Proposals

Copyright2009-12

2

Framework for Analysis of Cloudsourcing ProposalsAGENDA

1. Cloud Computing2. Research Approach3. Cloudsourcing Theory4. Info & IT Security Theory

• Operational Disbenefits and Risks• Contingent Risks• Security Risks (Security in the Less

Broad)• Commercial Disbenefits and Risks• Compliance Disbenefits and Risks

5. Preliminary Field Reports

Copyright2009-12

3

The Gartner Hype-Cycle for Emerging Technologies

" ... a snapshot of the relative maturity of technologies ... "They highlight overhyped areas against those that are high impact, estimate how long they will take to reach maturity, and help organizations decide when to adopt"

Copyright2009-12

4http://www.lostinthemagicforest.com/blog/......wp-content/uploads/2007/10/gartner2007.jpg

2007

??

Copyright2009-12

5

http://adverlab.blogspot.com/2008/08/...

...media-history-through-gartner-hype.html

2008

Copyright2009-12

6http://www.gartner.com/it/page.jsp?id=1124212

2009

Copyright2009-12

7

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

http://www.gartner.com/it/page.jsp?id=1447613

2010

Copyright2009-12

8

http://cgiorgi.tumblr.com/post/8732569499/gartner-hype-cycle-2011

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

2011

Copyright2009-12

9

The MotivationFind Answers to These Questions

• Is each of the various forms of cloud computing ready for 'prime time'?

• Is it appropriate for organisations to rely on

IaaS, PaaS and SaaS providers?

• On what basis can judgements be made as to whether cloud computing is sufficiently reliable?

• What complementary actions are needed by organisations that adopt it?

Copyright2009-12

10

2. Research Approach

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

Copyright2009-12

11

3. Categories of Outsourcing

• Domestic / Within-Nationcf. Cross-Border / 'Off-Shore'

• Hostingcf. 'Utility Computing'cf. Application Service Provision (ASP)

• IT (e.g. equipment hosting) cf. Business Process (e.g. call centres)

Copyright2009-12

12

A 'Primary Drivers' Theme• Cost Reduction• Access to technological expertise• Enabling focus on core competence, rather

than sustaining and managing technical capabilities

• Few Demonstrated Cost-Savings• Little Focus on Impact on Service-Quality• Mis-fit, Lock-in, Lack of Adaptability

And then the Myths Literature

Copyright2009-12

13

Cloud Computing is a Form of Outsourcing

How is it different from earlier forms?• Scalability ('there when it's needed)• Flexible Contractual Arrangements ('pay per

use')• Opaqueness ('let someone else worry about

details')• which means less user control:

• of the application, through commoditisation• of service levels, through SLA dependence

(assuming there's an SLA, and it's negotiable)• of host location, through resource-virtualisation

Copyright2009-12

14

From Insourcing to Cloudsourcing

Off-Site Hosting

Outsourced Facility

Copyright2009-12

15

From Insourcing to Cloudsourcing

Off-Site Hosting

Outsourced Facility

Multiple Outsourced Facilities

Copyright2009-12

16

From Insourcing to Cloudsourcing

Integrated Multi-Site Outsourced Facilities

Copyright2009-12

17

From Insourcing to Cloudsourcing

CloudSourced Facilities

Copyright2009-12

18

From Insourcing to Cloudsourcing

CloudSourced Facilities

Copyright2009-12

19

Levels of Cloudsourcing• Infrastructure as a Service (IaaS)

Amazon EC2, Rackspace, ...

• Platform as a Service (PaaS)MS Azure, Sware Dev Environments, ...

• Software as a Service (SAAS) Google Gmail, Google Docs / AppsMS Live and Office 365DropboxSalesforceMYOB LiveAccounts, Intuit Online

Copyright2009-12

20

Levels of Cloudsourcing• Infrastructure as a Service (IaaS)

1960s on – Remote Application Hosting

• Platform as a Service (PaaS)1990s on – Remote Servers

• Software as a Service (SAAS) 1980s – Application Service Providers (ASPs)1990s – Hotmail => Webmail2004 – Gmail2005 – Zoho2006 – GDocs

Copyright2009-12

21

Levels of Cloudsourcingand What is and isn't Outsourced

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.

Copyright2009-12

22

The Cloudsourcing Provider• A Commercial Enterprise• A Community Provider

• A Government Business Enterprise

• A Central Government Agency• The User Organisation Itself

The Location(s)• Provider's Choice• User Organisation's Choice• User Organisation's Own Premises

Copyright2009-12

23

Cloudsourcing from the User Perspective

A service that satisfies all of the following conditions:

1. It is delivered over a telecommunications network

2. The service depends on virtualised resourcesi.e. the user has no technical need to be aware which server(s) running on which host(s) is/are delivering the service, nor where the host(s) is/are located

3. The service is acquired under a relatively flexible contractual arrangement, at least re the quantum used

Copyright2009-12

24

Cloudsourcing from the User Perspective

A service that satisfies all of the following conditions:1. It is delivered over a telecommunications network2. The service depends on virtualised resources

i.e. the user does not know which server(s) running on which host(s) is/are delivering the service, nor where the host(s) is/are located

3. The service is acquired under a relatively flexible contractual arrangement, at least re the quantum used

4. The user organisation places reliance on the service for data access and/or data processing

5. The user organisation has legal responsibilities

Copyright2009-12

25

4. Information Security

• Data SecrecyPrevent access by those who should not see

it

• Data Quality / Data IntegrityPrevent inappropriate change and deletion

• Data AccessibilityEnable access by those who should have it

Copyright2009-12

26

IT Security• Security of Service

• Integrity• Reliability• Robustness• Resilience• Accessibility• Usability

• Security of Investment

• Assets• The Business

Copyright2009-12

27

The Conventional IT Security ModelThreats impinge on Vulnerabilities, resulting in

Harm

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

Copyright2009-12

28

From Insourcing to CloudsourcingChanges in Risk-Exposure

Sourcing Phases• Insourcing• Outsourced Site• Outsourced Facility• Outsourced Facilities

in Multiple Locations• Integrated Multi-Site

Outsourced Facilities• Cloudsourced

Facilities

Copyright2009-12

29

From Insourcing to CloudsourcingChanges in Risk-Exposure

Sourcing Phases• Insourcing• Outsourced Site• Outsourced Facility• Outsourced Facilities

in Multiple Locations• Integrated Multi-Site

Outsourced Facilities• Cloudsourced

Facilities

Increasing:• Component-Count• Location-Count• Complexity• Dependencies• FragilityDecreasing:• Internal Expertise• Internal

Knowability('set and forget')

Copyright2009-12

30

2. Potential Benefits

• Technical

• Business

• Financial

• Enhanced Service Accessibility

Copyright2009-12

31

Potential BenefitsTechnical

• Scalability

• Professionalised Backup and Recovery

• Copyright Convenience

• Collaboration Convenience

• ...

Copyright2009-12

32

Potential BenefitsBusiness

• Rapid Prototyping

• Rapid Launch of New Services

• Rapid Scalability of Services that have Variable or Uncertain Demand

• Operational Costs that Reflect Usage

• ...

Copyright2009-12

33

Potential BenefitsFinancial

• Lower Investment / Up-Front Cost

• Lower Operational Costs

• Lower IT Staff Costs

• From Capital Budget (CAPEX)to Recurrent Budget (OPEX)?

• Escape from 'Whole of Life' Costing?

• ...

Copyright2009-12

34

Potential BenefitsEnhanced Service Accessibility

Access to Services that are otherwise unavailable

• from any location• from multiple desktop devices• from scaled-down devices• from multiple device-types

Copyright2009-12

35

Downsides from the User Perspective(Security in the Broad)

(1) Operational Disbenefits and RisksDependability on a day-to-day basis

(2) Contingent RisksLow likelihood, but highly significant

(3) Security RisksSecurity in the less broad

(4) Commercial Disbenefits and Risks

(5) Compliance Disbenefits and Risks

Copyright2009-12

36

(1) Operational Disbenefits and Risks• Fit – to users' needs, and customisability• Reliability – continuity of operation

• Availability hosts/server/db readiness/reachability

• Accessibility network readiness

• Usability response-time, and consistency

• Robustness frequency of un/planned unavailability (97% uptime = 5 hr per week offline)

• Resilience speed of resumption after outages

• Recoverability service readiness after resumption

• Integrity – sustained correctness of the service, and the data

• Maintainability – fit, reliability, integrity after bug-fixes & mods

Copyright2009-12

37

(1) Operational Disbenefits and Risks• Fit – to users' needs, and customisability• Reliability – continuity of operation

• Availability hosts/server/db readiness/reachability

• Accessibility network readiness

• Usability response-time, and consistency

• Robustness frequency of un/planned unavailability (97% uptime = 5 hr per week offline)

• Resilience speed of resumption after outages

• Recoverability service readiness after resumption

• Integrity – sustained correctness of the service, and the data

• Maintainability – fit, reliability, integrity after bug-fixes & mods

Copyright2009-12

38

(1) Operational Disbenefits and Risks• Fit – to users' needs, and customisability• Reliability – continuity of operation

• Availability hosts/server/db readiness/reachability

• Accessibility network readiness

• Usability response-time, and consistency

• Robustness frequency of un/planned unavailability (97% uptime = 5 hr per week offline)

• Resilience speed of resumption after outages

• Recoverability service readiness after resumption

• Integrity – sustained correctness of the service, and the data

• Maintainability – fit, reliability, integrity after bug-fixes & mods

Copyright2009-12

39

(2) Contingent Risks• Major Service Interruptions• Service Survival – supplier collapse or withdrawal

Safeguards include software escrow; escrow inspection; proven recovery procedures; rights that are proof against actions by receivers

• Data Survival – data backup/mirroring/synch, accessibility

• Data Acessibility – blockage by opponents or a foreign power

• Compatibility – software, versions, protocols, data formats

• FlexibilityCustomisationForward-Compatibility to migrate to new levelsBackward-Compatibility to protect legacy systemsLateral Compatibility to enable dual-sourcing and escape

Copyright2009-12

40

(2) Contingent Risks• Major Service Interruptions• Service Survival – supplier collapse or withdrawal

Safeguards include software escrow; escrow inspection; proven recovery procedures; rights that are proof against actions by receivers

• Data Survival – data backup/mirroring/synch, accessibility

• Data Acessibility – blockage by opponents or a foreign power

• Compatibility – software, versions, protocols, data formats

• FlexibilityCustomisationForward-Compatibility to migrate to new levelsBackward-Compatibility to protect legacy systemsLateral Compatibility to enable dual-sourcing and escape

Copyright2009-12

41

(3) Security Risks

• Service Security Environmental, second-party and third-party threats to any aspect of reliability or integrity

• Data SecurityEnvironmental, second-party and third-party threats to content, both in remote storage and in transit

• Authentication and AuthorisationHow to provide clients with convenient access to data and processes in the cloud, while denying access to imposters?

• Susceptibility to DDOSMultiple, separate servers; but choke-points will exist

Copyright2009-12

42

(3) Security Risks

• Service Security Environmental, second-party and third-party threats to any aspect of reliability or integrity

• Data SecurityEnvironmental, second-party and third-party threats to content, both in remote storage and in transit

• Authentication and AuthorisationHow to provide clients with convenient access to data and processes in the cloud, while denying access to imposters?

• Susceptibility to DDOSMultiple, separate servers; but choke-points will exist

Copyright2009-12

43

(4) Commercial Disbenefits and Risks• Acquisition

• Lack of information• Non-Negotiability of Terms and SLA

• Ongoing• Loss of Corporate Expertise

re apps, IT services, costs to deliver• Inherent Lock-In Effect

from high switching costs, formats, protocols• High-volume Data Transfers

from large datasets, replication/synchronisation

• Service Levels to the Organisation's Customers

Copyright2009-12

44

(4) Commercial Disbenefits and Risks• Acquisition

• Lack of information• Non-Negotiability of Terms and SLA

• Ongoing• Loss of Corporate Expertise

re apps, IT services, costs to deliver• Inherent Lock-In Effect

from high switching costs, formats, protocols• High-volume Data Transfers

from large datasets, replication/synchronisation

• Service Levels to the Organisation's Customers

Copyright2009-12

45

(5) Compliance Disbenefits and Risks• General Statutory & Common Law Obligations

• Evidence Discovery Law• Financial Regulations• Company Directors' obligations re asset protection,

due diligence, business continuity, risk management• Security Treaty Obligations

• Confidentiality – incl. against foreign governments• Strategic• Commercial• Governmental

• Privacy – particularly Unauthorised Use and DisclosureSecond-Party (service-provider abuse), Third-Party ('data breach','unauthorised disclosure'), Storage in Data Havens (India, Arkansas)

Copyright2009-12

46

(5) Compliance Disbenefits and Risks• General Statutory & Common Law Obligations

• Evidence Discovery Law• Financial Regulations• Company Directors' obligations re asset protection,

due diligence, business continuity, risk management• Security Treaty Obligations

• Confidentiality – incl. against foreign governments• Strategic• Commercial• Governmental

• Privacy – particularly Unauthorised Use and DisclosureSecond-Party (service-provider abuse), Third-Party ('data breach','unauthorised disclosure'), Storage in Data Havens (India, Arkansas)

Copyright2009-12

47

(5) Compliance Disbenefits and Risks• General Statutory & Common Law Obligations

• Evidence Discovery Law• Financial Regulations• Company Directors' obligations re asset protection,

due diligence, business continuity, risk management• Security Treaty Obligations

• Confidentiality – incl. against foreign governments• Strategic• Commercial• Governmental

• Privacy – particularly Unauthorised Use and DisclosureSecond-Party (service-provider abuse), Third-Party ('data breach','unauthorised disclosure'), Storage in Data Havens (India, Arkansas)

Copyright2009-12

48

(5) Compliance Disbenefits and Risks• General Statutory & Common Law Obligations

• Evidence Discovery Law• Financial Services Regulations• Company Directors' obligations re asset protection,

due diligence, business continuity, risk management• Security Treaty Obligations

• Confidentiality – incl. against foreign governments

• Strategic• Commercial• Governmental

• Privacy – particularly Unauthorised Use and DisclosureSecond-Party (service-provider abuse), Third-Party ('data breach','unauthorised disclosure'), Storage in Data Havens (India, Arkansas)

Copyright2009-12

49

Risk Management Strategies

Processes• Risk Assessment

=> Risk Management

Legal Aspects• Service Level

Agreement (SLA)• Contract Terms

Ongoing Due Diligence• Audit and Certification

Multi-Sourcing• Several Suppliers

Of necessity compatible• Parallel, In-House

• Redundancy – Multiple and Independent

• Processing Facilities

• Hot/Warm-Site• Data Storage

Copyright2009-12

50

Testing Needed

• Is this Framework relevant, understandable, practicable and comprehensive?

• Approaches• Review of its Rationale• Pilot-Testing in various settings• Deep case studies

• A Preliminary Test of the Checklist• Media Reports of Cloud Outages

Copyright2009-12

51

5. Preliminary Field Reports105 relevant articles49 relevant events:

• 26 related to 10 SaaS providers• 7 events related to 5 PaaS providers• 16 events related to 5 IaaS providers

Clarke R. (2012) 'How Reliable is Cloudsourcing?A Review of Articles in the Technical Media 2005-11' Comp. Law & Security Review 28, 1 (Feb 2012) 90-95, http://www.rogerclarke.com/EC/CCEF-CO.html

Copyright2009-12

52

Inferences from the Reports(1) Outages are not Uncommon(2) Outages Arise from Multiple Causes(3) Providers' Safeguards are Sometimes Ineffective(4) Failure Cascades are Prevalent(5) Providers have had to be Forced to be Responsive(6) Providers have often been Uninformative(7) Outages may Affect Important Ancillary Services(8) The Direct Impacts have sometimes been Significant(9) Indirect Impacts have often been Even More

Significant(10) Few Customers are Recompensed

Copyright2009-12

53

Conclusions• Cloudsourcing can be better understood and better

managed, by drawing on prior knowledge of:• Outsourcing• Security and Risk Management

• Theoretical Risks have been identified• Evidence shows that they are real, and even common• Organisation often adopt services without evaluation• Directors have legal responsibilities

re business risk assessment and management• The framework provides a basis for executives to

assist Directors in fulfilling their responsibilities

Copyright2009-12

54

Framework for Analysis of Cloudsourcing ProposalsAGENDA

1. Cloud Computing2. Potential Benefits3. Cloudsourcing Theory4. Info & IT Security Theory

• Operational Disbenefits and Risks• Contingent Risks• Security Risks (Security in the Less

Broad)• Commercial Disbenefits and Risks• Compliance Disbenefits and Risks

5. Preliminary Field Reports

Copyright2009-12

55

Roger ClarkeXamax Consultancy, Canberra

Visiting Professor in Computer Science, ANUand in Cyberspace Law & Policy, UNSW

25th Bled eConference19 June 2012

http://www.rogerclarke.com/EC/CCEF {.html,.ppt}

A Framework for the Analysisof Cloudsourcing Proposals