cloud computing 10 things a know about cloud...
TRANSCRIPT
February 2010Deloitte Consulting
Cloud computing10 things a CxO should know about cloud computing
2
3 Introduction 5 Why is it called ‘Cloud’ computing? 6 Corporate strategy needs to take Cloud computing into account 7 Cloud computing allows to adjust IT spending through operational expenditures 8 Business agility and IT flexibility 10 Business users are put into the information technology driver seat 11 The market is not yet mature 12 Uptime 13 Integration with the cloud 15 Considerable security and audit challenges 16 Cloud computing puts privacy compliance at risk 17 For further information 18 Disclaimer
Contents
Cloud computing10ThingsaCxOShouldKnowAboutCloudcomputing3
Todaymorethanever,organizationsneedtosecuretheircompetitiveadvantageandtocopewiththevolatilityandtheeverincreasingglobalizationofthemarkets.Whilefacingthesechallenges,CxOsshouldconsiderITasanenablerfortheirstrategy.ThisisespeciallythecaseasatechnologicalshiftisoccurringintheITspace:Cloudcomputing.
TheCloudallowsforimprovedITresourcesoptimization,virtuallyunlimitedscalabilityandgreaterflexibility,allatacontainedcost.Asaresult,Cloudadoptionisspreadingrapidlyandrepresentsanewopportunitythatcompaniesshouldnotignoregivenitsprofoundimpact.
Althoughnotnewasaconcept,CloudcomputingisnewinitsgeneralizedapplicationtoallITservicesandisthenextstepintherelentlessjourneyofcorporateIT.However,expectationsaboutthemeritsandimplicationsofCloudcomputingaredifferentfromorganizationtoorganization.Withthisinmind,wewillhighlight10keyaspectsofCloudcomputing,rangingfromitsimpactoncorporatestrategytowhatitmeanstoyourcapitalexpenditureandoperationalexpense,includingorganizational,securityandintegrationchallenges.
Notonlydowelookatmainadvantagesandexistingsolutions,butaswellwewillunderlinetherisksthatCloudcomputingtechnologyentailsandwhatcanbedonetoaddressthese.
PatrickCallewaert ChristianCombesCustomerPracticeLeadEMEA PartnerTechnologyandIntegration
Introduction
4
Cloud computing10ThingsaCxOShouldKnowAboutCloudcomputing5
Inthe1960s,engineersdesigningcomputernetworksdrewdiagramswhichincludedcloudoutlinestoindicatethefactthatinformationsentthroughthenetworkisroutedinvaryingways.Muchlikegasparticlesinacloud,theprecisepathofapacketofinformationcomingoutattheotherenddoesnotreallymatter.
Similarly,Cloudcomputingresources(suchasrawcomputingpower,datastorage,orcompleteapplica-tionspresentedinabrowser),areavailabletotheuser,buttheexactlocationoftheseservicesisofnoconcerntotheuser.
Infact,usersofCloudcomputingresourcesshouldnotcareabouthardwaremanagement,softwaremain-tenanceoranythingelseunderlyingtheserviceitself.JustasthewordcloudhasbecomeshorthandfortheInternet,‘Cloudcomputing’istheprovisioningofcomputingservicesovertheInternet.Usersarebilledforasubscriptionoronlypayforusage,muchlikepayingforelectricitybythekilowatthourinsteadofproducingitthemselves.
Therearethreemainadvantagesofdeliveryofserviceswithouthavingtoworryabouthardwaremanage-mentorsoftwaremaintenance:thefirstisscalability.Scalabilitymeansgoingfrom1usertothousandsormillions.Externalprovidersallocatecapacityamongmanyclients,whichallowthemtoapportionresourcesmoreorlessinstantlytoaclientasusageincreases.
Thesecondisinnovationandagility.Typically,ITsystemsareslowtoevolve.Majorfeatureupgradesareonlypushedthrougheverycoupleofyears,whichthenrequirecomplicatedsystem-widechanges.Instead,deliveryofsoftwareapplicationsthroughthebrowserallowsacontinuousstreamofimprovements,allowingforafasterinnovationcycle.
ThethirdisthereductioninupfrontITcapitalexpendi-turesforusers–betheyinhardwareorsoftware–byshiftingthesecoststovendorswhocanspreadthemacrosstheirclientbase.Indeed,insteadofpayingforhardwareandlicensesupfront,andhavingtowaitforthecustomizationofanonpremisesolution,Cloudconsumerspayaperiodicsubscriptionorutilizationfeewithminimalupfrontcostscoveringashorteneddeploy-menteffort.
Why is it called ‘Cloud’ computing?
Key points
•TheCloudisacollectionofInternet-basedorprivate-networkservicesprovidinguserswithscalable,abstractedITcapabilities,includingsoftware,developmentplatformsandvirtualizedservers&storage
•Cloudcomputingisdisruptiveduetoitsfourkeycharacteristics: -Highlyabstracted -Variableexpense -Multi-tenant -Immediatelyscalable
6
Manylargecorporations,suchasVisa,GeneralElectricandVerizonhavealreadyoutsourcedlargepartsoftheirIToperationstocountrieslikeIndiaandChina.UsingCloudcomputing,thesecompaniesmightnotonlyrelinquishoperationalcontrolbutalsotheownershipoftheirITresources.
Theabilitytorelyonutilitystylecomputinghasalreadyhadsignificantimpactonsmalltomidsizecompaniesincertainindustries.Takeaccountingasanexample.Intheearly2000s,atypicalaccountancycompanyoperatedmuchlikeintheearly1950s.Accountantswerelikelytohavelocalclients,whowouldsendfilestotheaccountantatregularintervals.Inthelate2000s,theadventofthirdpartyaccountingsoftware-as-a-serviceallowedaccountancycompaniestoconnectwithclientsusinginternetbasedplatforms,whichmeantdeepshiftsfortheprofession.
Theseplatformsallowedtoworkwithprofessionaltalentanywhereandtodivideclientworkinnewways.Accountantsnowhavethetimetofocusmoreonhighervalueadvisoryservices,whileoutsourcingmanyroutinetaskssuchastaxpreparation.Similarly,theabilitytorelyonutilitystylecomputingcouldhaveanimpactforlargerorganizationsaswell.
Thereisalagbetweentheavailabilityofacertaintech-nologyandtheensuingriseinproductivity.Ahistoricalparallelinthisregardistheelectrificationoffactoriesaroundthe1900s.Factoriesatfirstwerenotanymoreefficientwhenusingelectricityinsteadofusingcrank-shaftstodrivethemachines.Thereasonisthatfactorieswerestillbuiltas4or5storywarehouseseventhoughmachineswerepoweredontheirown,withoutmechan-icalenergy.Ittookalongtime,perhaps30years,beforefactorieswerebuiltonwidergroundlevelspaces,unlockingtheproductivitygainsfromtheeasierflowofgoodsandmaterials.
DetermininghowCloudcomputingtechnologycapa-bilitiescanhelpachievecorporategoalsisofkeyimportanceasbusinessusersbecomeempoweredtopulltogethercomputingresourcesondemand.AsthecorporateITlandscapechanges,aligningbusinessstrategywithITtotakeadvantageofnewcapabilitiesbecomesapriority.Servicesbecometheprimefocusratherthanhavingtoworryabouthardwaremanage-mentandsoftwaremaintenance.Thisfocusonserviceswillimposefewerbutdifferentconstraintscomparedtoon-premisecapabilitiesandwillpresentauniquesetofopportunitiesandchallenges.
Corporate strategy needs to take Cloud computing into account
Key points
•Duetoitsbenefits,Cloudadoptionisalreadyhighinsmallandmidsizecompanies
•UsingCloud,companiescanconcentrateontheircorebusinessandrelinquishoperationalcontrolandownershipoftheirITresources
Cloud computing10ThingsaCxOShouldKnowAboutCloudcomputing7
Whileitisunclearatthispointintimehowandatwhatspeedutilitystylecomputingwilldevelop,corporateITisinvestigatingCloudcomputingatanacceleratingpace.Oneofthemaindriversforthisinterestisthereductionofcapitalcosts.Usually,companieswillfundoperationalcoststhroughrevenuesandpayforcapitalexpensesthroughequityanddebt.Growingthecompanyfasterthanthecostofcapitalcreatesvalue.
Largeportionsofacompany’scapitalexpensebudgetareinvestedininformationtechnology.TheU.S.DepartmentofCommerceestimatesthatITspendingaccountsonaveragefor50percentofcapitalexpensebudgets.Formostcompanies,ITusuallyhasabroadsupportfunction,whichisnottieddirectlytorevenuegeneratingoperations.Intheclouddeliverymodel,companiespayforbothhardwareandsoftwareasoperationalexpenditures.
Whilethereisnoinherentbenefitinshiftingcapitalexpenditurestooperationalexpenditures,reducingcapitalexpendituresallowscompanies(especiallyincyclicalindustries)topayforwhattheyneed,whentheyneedit.Managedservicesinfrastructuresandthecloudareattractivetocompaniesbecausetheylargelyeliminateinitialcapitalinvestmentsandotherup-frontcosts.Thecloudhastheaddedadvantageoftyingyourcoststoexactlywhatyouareusing;meaningthatyouareabletoconnectITcoststorevenueinsteadoftreatingthemasoverhead.
PreservingcapitalisimportantespeciallyinsituationswherehighelasticityisneededinprovidingITresources.Oftencompaniesneedtoprovisionforpeakloads,requiringmorecapitalinvestmentthanneeded.Realworldestimatesofserverutilizationindatacentresrangefrom5%to20%.CompaniesembracingCloudcomputingcanreducetheopportunitycostofcapitalinvestments,forexamplewhentheyarefacedwithhighlyfluctuatingneedsduetoseasonaldemandintheirbusiness.
Cloud computing allows to adjust IT spending through operational expenditures
Key points
•Cloudeliminatesinitialcapitalinvestmentsandotherup-frontcosts
•Cloudcomputingtiesyourcoststoexactlywhatyouareusing,withoutneedtoprovisionforpeakloadsandfluctuatingdemand
8
Cloudcomputingisallaboutusingtechnologywhenyouneedit,foraslongasyouneedit.Thereisnoneedtoinstallanything,andnoneedtopayforthetech-nologywhenitisnotinuse.
CloudcomputingeliminatesthelagthatoftenexistsbetweenbusinessandIT,thusensuringorganizationalagility.Asbusinesscyclesaccelerate,manybusinessesrequirealmostimmediatedeployment,adaptationordecommissioningofapplications.Whileitwasnotenvisagablewithtraditionalonpremisesolutions,Cloudcomputingenablesaccelerateddeploymentandgreaterflexibility.Cloudrepresentsanopportunityfororganiza-tiontofocusontheircorecompetenciesandtosolvetheirbusinessproblemsinwaysthatwereimpossible.
Somecompaniesencourageresponsivenessbyhavingsmallteams.Google,forexample,hascreatedacorporateorganismthattacklesmostbigprojectsinsmall,tightlyfocusedteams,settingthemupinaninstantandbreakingthemdownweekslaterwithoutremorse.Theabilitytodrawonon-demandsupportingtechnologyfacilitatestheworkenvironmentofsuchteams.
Business agility and IT flexibility
Cloud computing10ThingsaCxOShouldKnowAboutCloudcomputing9
The Evolution of Strategic Management
Thetableaboveshowsthedominantthemesandmainissuescompaniesdealtwithfromthe1950stothe2000s.Reconcilingsizewithflexibilityandresponsive-nessisakeystrategicdrivertoday,supportingthedeploymentofflexiblecloudcomputingsolutions.
Asbusinessusersdecidetolaunchnewproductsandventureintonewmarkets,on-demandinformationcapabilitiescanbeselected,assembledandscaledouttomeetorganizationalandgeographicaldemandsasrequired.ItisfairtosaythatCloudcomputingtech-nologiescanbekeyelementsinbusinessenvironmentsthatincreaseagilityanddecreasetimetomarket.ThereasonisthatCloudcomputingishighlydemanddriven,meaningahighdegreeofuserselfserviceispossibleinthedeploymentofservicesandresources.
CloudcomputingeliminatesthelagthatoftenexistsbetweenbusinessandIT,thusensuringorganizationalagility.Asbusinesscyclesaccelerateinaweb-enabledworld,manybusinessesrequirealmostimmediatedeploymentoradaptationoftheirsupportingITenviron-mentwhichcanonlybeachievedatscalebyleveragingoutoftheboxsolutionsbenefitingfromoptimizedprocurement,set-up,andmigrationtime,aswellasrelativelyhighstandardization.
Key points
•Reconcilingsizewithflexibilityandresponsivenessremainsanimportantissuetoday
•Cloudcomputingoffershighdegreeofuserselfserviceinthedeploymentofservicesandresources
•Cloudcomputingenablescompaniestoleveragetheircorecompetenciesandbeagileenoughtoevolvewiththischallengingenvironment,especiallyinIT
Adaptedfrom:RobertGrant,ContemporaryStrategyAnalysis,2006
Period 1950s 1960s – Early 1970s
Late 1970s – Mid 1980s
Late 1980s – 1990s 2000s
Dominant theme
Budgetaryplanningandcontrol
Corporateplanning Positioning Competitiveadvantage Strategicandorganizationalinnovation
Main issues FinancialControl Planninggrowthespeciallydiversificationandportfolioplanning
SelectingindustriesandmarketsPositioningformarketleadership
FocussingstrategyaroundsourcesofcompetitiveadvantageNewbusinessdevelopment
Reconcilingsizewithflexibilityandresponsiveness
Principal concepts and techniques
FinancialbudgetingProjectappraisal
ForecastingCorporateplanningtechniques
IndustryanalysisSegmentationExperiencecurves
ResourcesandcapabilitiesShareholdervalueKnowledgemanagementInformationtechnology
CompetingforstandardsComplexityandself-organization
Organizational implications
Systemsofoperationalandcapitalbudgetingbecomekeymechanismsofcoordinationandcontrol
CorporateplanningdepartmentsMergersandAcquisitions
Multidivisionalandmultinationalstructures
RestructuringandreengineeringOutsourcingE-business
AlliancesandnetworksInformalstructuresLessrelianceondirection,moreonemergence
10
IfthepromiseofCloudcomputingisfulfilled,businessuserswillselectandarrangeservicesasneeded,bypassingthetraditionalrelianceontheITdepartmentwhosetaskistoallocateITresourcesandmanagetechnicalconstraints.
Today,asmuchas10percentto20percentofITspendingoccursoutsidetheITdepartmentinbusinessunitbudgets.ThisoccursbecauseineffectiveITdepart-mentsbecomeabottleneckforprojectsandtechnologyinvestments.BusinessunitsgoaroundITtocompletetheircriticalinitiatives,oftencreatingminiatureITdepartmentswithinthebusinessunit,resultinginadditionalITvendorspend,aswellasinvestmentsinhardwareandsoftwarethatdonotshowupintheITbudget.
Allowingbusinessunitstocompleteprojectswithoutwaitingforalengthyupgradetoprovideadditionalfunctionalitiesortoaccommodatemoreuserscouldbeakeyadvantage.CIOsurveysfromavarietyofresearchorganisations,includingGartnerandForresterunivocallyshowthatITleadersexpectCloudcomputingtoprovidesignificantlymoreflexibilityindeliveringITresources.
Therearerisksinvolvedinacompletelydemanddrivenapproachtoserviceprovisioning.TheITdepart-mentlosingcontrolcouldleadtodecreasedstrategyalignment,aswellastheriskofhavingmoretechnologysilosinsteadofconnectingpeopleanddata.ItisakeytaskforITManagementtoensuretheappropriategovernancestructuresareinplacetodealwiththeserisks.
Business users are put into the information technology driver seat
Key points
•CompaniesareshiftingawayfrombuyingandmaintainingtheirownIThardwareandsoftwareandareinsteadtappingintotheInternetforthecomputingservicestheyrequiretoruntheirbusinesses
Cloud Computing
Cloud Computing
PC
Mobile
Code
AppServer
Database
1010101
Cloud computing10ThingsaCxOShouldKnowAboutCloudcomputing11
ImportantprovidersofCloudcomputingserviceshavejustbegunenteringthemarket.EnterprisefriendlyservicessuchastheMicrosoftAzureplatformandtheSuncloudareforthemostpartnascentefforts.Consequently,theecosystemofthirdpartyserviceprovidersaroundsuchservicesisgrowingrapidlybutisstilllimitedatthispointintime.
Althoughmajorvendorshavepledgedtomaintainopenstandardstoenabledataportability(toavoidvendorlockin),thereisariskthatdatawillnotmoveeasilybetweenvendors.Similarly,seamlessinteroperabilitywithon-premiseserverbasedsystemshasjustbegunbeingaddressedbythirdpartyITindustryproviders.Thisisimportantasmanyissuessuchasintegrationwithon-premisecapabilitieswillbealleviatedthroughthirdpartyservicesproviders.
GartnerandForresterforeseevastlyincreasedspendingonCloudcomputingtechnologyinthecomingyears.Gartnerestimatesthatthecurrentmarketforcloudservicesaccountsfor$46.4billionandthatitwillreach$150.1billionby2013.Thecompoundannualgrowthrate(CAGR)varieswidelybetweendifferenttypesofservices,andthekeyleadingsegmentsareInfrastructure-as-a-Service(computingpowerandstorage,50%),Content,CommunicationsandCollaboration(19%),CustomerRelationshipManagement(17%),SupplyChainManagement(espe-ciallyprocurementandlogistics)(17%)andHumanCapitalManagement(7%).
The market is not yet mature
Key points
•EcosystemofCloudprovidersisgrowingrapidlybutremainslimitedatthispointintime
•Analystsestimateacompoundannualgrowthrateof26.5%inCloudinvestmentduringthe2008-2013period
•Thefivemostgrowingareasare-Infrastructure-as-a-Service
(computingpowerandstorage) -Content,Communications,andCollaboration
-CustomerRelationshipManagement-SupplyChainManagement-HumanCapitalManagement
12
Cloudcomputingproviderscurrentlyprovidelessuptimeguaranteesthananumberofcriticalbusinessapplica-tionsrequire.Forexample,Amazon'scloud-basedSimpleStorageServiceonlypromises99.9%uptime.Thismaybebelowwhatiscurrentlyofferedbyin-housecapabilities.
Additionally,Cloudprovidersofrawcomputingresourcescurrentlyprovideonlylimitedhighavailabilityfunctionalities.Intheeventofinfrastructurefailure,enterpriselevelsystemsprovideforautomatedfailovermechanismstowardsotherlocations.Often,failoverfunctionalitiesmustbeaddedbycustomersthemselves.
Cloudcomputinguptimeandautomatedfailoverfunc-tionalitieswillimproveovertimeandwilllikelyexceedwhatbusinessescanprovidethemselves.Economiesofscaleinbuildingservicesallowproviderstoshareuptimecostsamongmanyclients,enablingmoreinvest-mentsinhardeningsystemsandbuildinginresilience.However,atthistime,anyenterprisesystemsarchitec-turemusttakeintoaccounttherequirementsofcriticalcomponents.
Criticalcomponentsarenotreadytobemovedtoacloudenvironment,asavailabilityofdataandapplica-tionsisaprimaryconcern.Insteadofa‘Whatcouldpossiblygowrong?’mindset,smallscaleCloudcomputinginitiativesshouldbesetupfirsttoevaluatethetechnology’smeritsbasedonapracticalapproach,focussedonachievingmeasurablebusinessgoals.Increasedinternaluseoftechnologiessuchasvirtualisa-tioncouldimprovethecosteffectivenessofITinvest-mentsandtheavailabilityofdata.
Recentmarketdevelopmentsshowatrendtowardsanincreaseduseofservicelevelagreements,althoughisitnotyetclearifaconvergencewilltakeplacetowardsindustrystandardservicelevels.ComparisonovertimeofwhatCloudcomputingvendorsdeliverencouragestheexpectationthatservicelevelsingeneralwilltrendupwards(someprovidersoffer100%uptime)asanimportantdifferentiatingfeatureamongproviders.
Uptime
Key points
•AnalystsbelievethatClouduptimewillimprovefromthe99,9%standardtodayandwillexceedwhatbusinessescanprovideforthemselves
Cloud computing10ThingsaCxOShouldKnowAboutCloudcomputing13
Intoday’sworld,Cloudcomputingisexperiencingstrongadoptioninthemarketandthistrendisexpectedtocontinue.AccordingtoForrester,integrationisoneofthetopconcernspeoplehaveaboutCloudcomputing.IntegrationwillplayakeyroleintheuseradoptionforCloudcomputing.AsnewapplicationsappearontheCloudmarket,integrationvendorsareproposingnewintegrationsolutionsmostcommonlyknownasIntegrationasService.
Organisationsarefindingthatmanagementofintegra-tionstillisaresponsibilityoftheITorganization.EvenasSaaShasproveditcanhandlecriticalrolesatlargecompanies,integrationremainsfarfromadrag-and-dropjob.
Thekeychallengesaroundintegrationarethefollowing:•Integration Cost and Duration:Inanyimplementa-
tion,integrationremainscriticalintermofbudgetanddurationbutalsointermofskillsrequiredduetothediversityoftheapplicationstointegrateandthetech-nologyusedbehind.Simplifyingintegrationinordertoreducethesecostsrepresentarealchallenge.
•Integrating SaaS and traditional applications:Theroleofintegrationistoconnectdifferentapplicationinordertosharedatabetweentheseapplications.WiththeCloudcomputingandtheSaaSapplica-tionscominguponthemarket,integrationneedstobeabletoprovideaneasywaytointegratethesedifferentapplicationstogether.
•Managing and Monitoring Integration Interfaces:Duetothefactcompaniesareintegratingmoreandmoreapplications,eachapplicationhavingitsownspecifityandtechnology,managingandmonitoringthedifferentinterfacesisnoteasy.Havingagoodvisibilityaroundthedifferentintegrationinterfacesisfundamentalandrepresentsachallengeforthecompanies.
Integration with the cloud
“Integration as a Service is expected to reach maturity and mainstream adoption in 2-5 years”Gartner(June2008)
Europe (N=148) North America (N=429)
40%35%30%25%20%15%10%5%0%
Other reason
Complicated pricing models
We are currently lockedwith our current vendor
Application performance(i.e., downtime speed)
Lack of customization
Integration issues
We can’t find the specificapplication we need
Security concerns
Total cost concerns (i.e., total cost of ownership)
12%
12%
11%
15%
16%
15%
14%
17%
14%
18%
17%
22%
18%
26%
25%
29%
33%
35%
14
TorespondtothesekeychallengesaroundIntegration,vendorsaredevelopingandmarketingSaaSIntegrationsolutions.ThesesolutionsofferaneasywaytointegratesystemscomparedtothetraditionalapproachusingEAIToolsorcustomcode.Thecapabilitiesofthesenewsolutionsareatleasttothetraditional,on-premisesones.
TheSaaSIntegrationsolutionsareactinglikeanOrchestratormanagingthedifferentintegrationinter-facesdefined.Thekeyelementsofsuchsolutionsarethefollowing:•Providesdifferentdeploymentoptions:allowing
adeploymentontheCloudbutalsobehindthecompanies’firewall.
•ConfigurationBasedapproach:TheIntegrationisimplementedthroughagraphicalUIandcustomcodeisavoidedasmuchaspossible.
•Integrateswith“on-premise”applicationandwith“on-demand”applications.
•Providesacentralplacetomonitorandmanagetheintegration.
IntegratingsystemsthroughIntegrationasaServicesolutionswillhelptoeasetheintegrationandreducecostsbutintegrationremainsinmostofthecasescomplexandcriticaltoanyimplementation.
ItisexpectedthatmarketoftheIntegrationasaServicetogrowinthecomingyears,offeringevenmoreadvancedandsophisticatedsolutionsforintegratingcloudcomputingapplications.
TheIntegration-as-a-Servicemarketisinexpansionandwecanexpectasignificantgrowthinthecomingyears.Theaddedvalueandsignificantcostreductionthattheseservicesareprovidingwillhelpintegrationtogotothe“nextlevel”.
Key points
•Torespondtotheintegrationchallengesunderlyingmostimplementations,CloudvendorsarenowproposingSaaSIntegrationsolutionsthatofferaneasywaytointegratesystemscomparedtotraditionalapproachesusingEAIToolsorcustomcode
“We believe that integration appliances will play a critical part in the growth, acceleration & acceptance of Software-as-a-Service”FrankKenney,ResearchDirector,Gartner
Cloud computing10ThingsaCxOShouldKnowAboutCloudcomputing15
Comparedtothestandardmodelofserviceprovision,CloudComputingraisesstrongsecurityconcerns,namely:•AredatasafelystoredandhandledbyCloud
providers?•Howarereliabilityandavailabilityguaranteed?•AreCloudproviderssufficientlyprotectedagainst
cyber-attacks?
ThecorecapabilitiesofCloudcomputingtodayandtomorrowarefoundedontheconvergenceofseveraldifferenttechnologies.Theerosionofthetraditionalboundariesoftrust,onwhichtheservicesprovisionmodelsarebased,bringsaboutnewchallengesintermsofuser’scontrolovertheservices,resourcesorinforma-tionentrustedtotheCloud.
Onemajorsecuritychallengeishowtomanageaccesscontrolandensureconfidentialityofdata.Typically,cloudusershavenocontrolovertheCloudresourcesandthereisaninherentriskofdataexposuretothirdpartiesortheCloudprovideritself.Unauthorizedaccessoracompromisedexternalprovidercouldhavewide-spreadconsequencesforallproviders’clients.
Datacentralisationposesanothersecuritychallenge.InmanyCloudimplementations,thecentralisedmanage-mentandcontrolintroducesseveralso-calledsinglepointsoffailure.ThesecouldthreatentheavailabilityofCloudusers’dataorcomputingcapabilitiesindirectly,asasmallincidentintheCloudcouldhaveanexponentialimpact.
Asageneralrule,thesecuritycontrolsthatCloudusersmaywanttheCloudprovidertoadoptmaygobeyondthecontrolsinherenttotheCloudplatform.Contractuallanguageshallbeusedtoreflectthepreferredsecuritylevels.Clouduserscanalsomitigatesecurityrisksbyconductingauditsandrequestingproviderstoholdsecurityaccreditations.ThemarketalsooffersseveraltoolsparticularlydesignedtoovercomeCloudsecurityconcerns.
Insummary,Cloudproviderswillneedtoofferahigherdegreeofprotectionandtransparencytoreassurecustomers.TheOpenCloudManifesto(www.open-cloudmanifesto.org)ishereapioneeringinitiativetobringtogethertheCloudcommunityandestablishcoreprinciplesfortheadoptionandprovisionofCloudservices.
Considerable security and audit challenges
Key points
•Cloudcomputingisnotsecurebynatureandfaceskeychallengessuchasaccesscontrol,datacentralizationandsecurity
16
TherelationofdatatoageographiclocationhasneverbeenmoreblurredthanwiththeadventofCloudcomputing.However,inmanyjurisdictions,thephysical“location”playsakeyrolefordeterminingwhichprivacyrulesapply.Forexample,datacollectedand“located”withintheEuropeanterritorycanbenefitfromtheprotectionoftheEuropeanprivacyrules.ItisthereforeimportanttotackleregulatoryandauditissuesrelatedtothecrossbordernatureofCloudcomputing.
Fromaprivacyperspective,ifthepersonaldatausedby,orhostedon,theCloudmaychangelocationregularlyormayresideonmultiplelocationsatthesametime,itbecomescomplicatedtowatchoverthedataflowsand,consequently,todeterminetheconditionsthatlegitimisethesetransfers.Personaldatatransferstothirdcountriesoftenrequirecontractualorotherarrange-mentstobeinplace.
Overall,itiscrucialforclouduserstorequestevidencefromserviceprovidersoftheircompliancewithregula-tions(e.g.Generalcivillawandcontractlaw,Consumerprotectionlaw,“e-commerceregulation”,Fairtradepracticeslaw)andgenerally-acceptedstandards(e.g.PCIDSS,ISO27001).
Cloud computing puts privacy compliance at risk
Key points
•Thecross-bordernatureofCloudcomputingcomplicatesthecontroloverdatalocationandthereforethecompliancewithlocallegalrequirements
•Cloudcomputingvendorsshouldprovideproofofcompliancewithregulators
Cloud computing10ThingsaCxOShouldKnowAboutCloudcomputing17
ShouldyouwishtotalktousaboutCloudcomputing,orhaveanyfeedbackonthispaper,pleasedonothesitatetoreachouttoourdedicatedCloudcomputingteam.
For further information
Patrick CallewaertCustomerPracticeLeadEMEAPartner+3227495743pacallewaert@deloitte.com
Christian CombesDeloitteConsultingTechnologyandIntegrationPartner+3227495858ccombes@deloitte.com
Erik LuysterborgDeloitteEnterpriseRiskServicesPartner+3228002336eluysterborg@deloitte.com
Aleksej ChoukhmanDeloitteConsultingCRMDirector+3227495781alchoukhman@deloitte.com
William AxelssonDeloitteConsultingTechnologyandIntegrationDirector+3227495623waxelsson@deloitte.com
Ward DuchampsDeloitteEnterpriseRiskServicesDirector+3228002442wduchamps@deloitte.com
Geert DefreynDeloitteConsultingCRMDirector+3227495945gdefreyn@deloitte.com
18
Deloitte disclaimerThematerialincludedinthispresentationisintendedasageneralguideonly,anditsapplicationtospecificsituationswilldependonthecircumstancesinvolved.Thisinformationshouldnotberelieduponasfinaladvice.Whileallreasonableattemptshavebeenmadetoensurethattheinformationcontainedhereinisaccurate,DeloitteToucheTohmatsuacceptsnoresponsabilityforanyerrorsoromissionsitmaycontainwhethercausedbynegligenceorotherwise,orforanylosses,howevercaused,sustainedbyanypersonthatreliesuponit.
Gartner disclaimerAllstatementsinthisreportattributabletoGartnerrepresentDeloitteinterpretationofdata,researchopinionorviewpointspublishedaspartofasyndicatedAsofApril2009subscriptionservicebyGartner,Inc.,andhavenotbeenreviewedbyGartner.EachGartnerpublicationspeaksasofitsoriginalpublicationdate(andnotasofthedateofthis[presentation/report]).TheopinionsexpressedinGartnerpublicationsarenotrepresentationsoffact,andaresubjecttochangewithoutnotice.
Disclaimer
Deloitteprovidesaudit,tax,consulting,andfinancialadvisoryservicestopublicandprivateclientsspanningmultipleindustries.Withagloballyconnectednetworkofmemberfirmsin140countries,Deloittebringsworld-classcapabilitiesanddeeplocalexpertisetohelpclientssucceedwherevertheyoperate.Deloitte’s165,000professionalsarecommittedtobecomingthestandardofexcellence.Deloitte’sprofessionalsareunifiedbyacollaborativeculturethatfostersintegrity,outstandingvaluetomarketsandclients,commitmenttoeachother,andstrengthfromculturaldiversity.Theyenjoyanenvironmentofcontinuouslearning,challengingexperiences,andenrichingcareeropportunities.Deloitte’sprofessionalsarededicatedtostrengtheningcorporateresponsibility,buildingpublictrust,andmakingapositiveimpactintheircommunities.
DeloittereferstooneormoreofDeloitteToucheTohmatsu,aSwissVerein,anditsnetworkofmemberfirms,eachofwhichisalegallyseparateandindependententity.Pleaseseewww.deloitte.com/aboutforadetaileddescriptionofthelegalstructureofDeloitteToucheTohmatsuanditsmemberfirms.
©February2010-DeloitteConsulting.MemberofDeloitteToucheTohmatsuDesignedandproducedbytheCreativeStudioatDeloitte,Belgium