Outline of Domain 13:“The use of virtualization technology in Cloud Computing. The
domain addresses items such as risks associated with multi-tenancy, VM isolation, VM co- residence, hypervisor vulnerabilities, etc. This domain focuses on the security issues surrounding system/hardware virtualization, rather than a more general survey of all forms of virtualization.”255256
Orientation In The Cloud Computing Jungle
Although several if not most contributors to the CSA guidance are members of the cloud
computing industry, an industry nota bene which wants to sell cloud services. Nonetheless, the author assumes that the CSA guidance from the Cloud Security Alliance is a honest piece of work in order to help the cloud computing market to mature.
The maturity transformation will take several years because due to the complex nature of cloud computing the friction surface is naturally spacious. Regarding not loosing the orientation while assessing cloud computing solutions, there can be excepted a wide range of literature; from application-oriented to the point of fundamental and anticipatory scientific considerations. Several definitions, models and quasi- standards are about to emerge that are guiding and illuminating the risks and chances. Subsequently, these lists are further elaborated in order to give a cloud computing status quo overview with recommendable information sources.257
Definitions about cloud computing:
! Widely accepted cloud computing definition from NIST (ibid.)
255Ibid., 28. 256cf. Ibid., 68-70.
Maturity of the cloud computing industry:
! Major vendors make some efforts toward inter-compatible, open clouds (ibid. Market) ! Total size and diversified composition of the market (ibid. Defining Cloud Computing)
Literature with “How To” character:
! Cloud Computing Architectures by George Reese
! Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance by Tim Mather et al.
! Cloud Computing Use Cases by the Cloud Computing Use Case Discussion Group ! Cloud Computing: Implementation, Management and Security by John Rittinghouse
Scientific considerations which have an effect on the market:
! A Berkeley View of Cloud Computing as a much cited reference document258
! Research challenges for Enterprise Cloud Computing as a much cited reference document259 ! Cloud Computing and Information Policy: Computing in a Policy Cloud? is one of a few
sources about policy and cloud computing260
White papers, presentations and reports from official organisations:
! Cloud Computing: Benefits, Risks and Recommendations for Information Security from the ENISA which represents a reputable multistakeholder view261
! Briefing Paper on Cloud Computing and Public Policy on behalf of the OECD262
Cloud Computing Architecture and Risk Management Model:
! Cloud Computing Architectural Framework by the Cloud Security Alliance that offers a reference model, standardized, architectural requirements and and challenges (ibid. siehe
practical part)
258cf. Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing .
259cf. Khajeh-Hosseini, Sommerville, and Sriram, “Research Challenges for Enterprise Cloud Computing.” 260cf. Jaeger, Lin, and Grimes, “Cloud Computing and Information Policy: Computing in a Policy Cloud?.” 261cf. Catteddu and Hogben, Cloud Computing: Benefits, Risks and Recommendations for Information Security . 262cf. Nelson, Briefing Paper on Cloud Computing and Public Policy .
These recommendations are an excerpt of convenient information that were also used as research source for this thesis. Further information can be found in the bibliography. It may help the reader to orientate and draw conclusions for the benefit of his own projects.
Significance: Evaluation Guide
For startups, entrepreneurs and small companies, the following aspects in the field of legal, regulatory and standards may be of special interest:
! Technologically speaking is cloud computing secure ! Security is inherently risk management
! An assessment framework such as CSA Guidance is specialized on cloud computing ! Assessing cloud computing solutions needs enough management attention
Conclusion: Cloud Computing Information Systems For Startups
While concluding the significant findings from the four main chapters Defining cloud computing ,
Political implications and standardization , Market, economics and trends and Evaluation guide, it is
evident that cloud computing has an immense potential, not only for startups and small businesses, but also for global society. As sophisticated information systems are becoming available as a service, it liberates companies from having to build up and operate their own infrastructure. This is especially welcomed by entrepreneurs in developing countries as well as by startups and small businesses. It allows them to benefit from higher service levels and lower costs which the cloud service provider can offer due to economies of scale.
On the opposite side, enterprise cooperations usually stick to their conventional, long standing solutions or, on the other hand, avoid public clouds, preferring private clouds which they can run on their own systems. This way they are able to avoid risks that could occur through the handing of their mission-critical data to third-parties such as cloud services providers. The risks consist mainly of legal nature, lack of standardization, and are not classical security risks.
Although cloud computing is politically desired, it will take time until the national legal systems have adopted to the internet realities of today, such as transborder data flow. On the standardization side, countless efforts from non-profit organizations and the industry are taken towards open, inter- compatible cloud standards which would foster innovation and lower costs.
However, it can be assumed that these legal and standardization issues will not hinder cloud computing from its successful procession. These issues can be mastered by seriously assessing the business and service-level requirements as a starting point in order to compare the various offerings that are available for most industries. Assessment frameworks and guidances which are adjusted to the characteristics of cloud computing are publicly available.
With all factors taken into account, cloud computing is a secure, affordable, lawful option for startups and small businesses from all over the world a secure, affordable, lawful option that is becoming more and more available for most industries and can help them concentrate on business innovation. The writer of this thesis strongly recommends considering cloud computing, but points out the need for a serious assessment in order to avoid losing control of the data whilst being locked with a specific cloud computing provider.
Table Of Tables
Table a: Application of methodological approaches. Annotations: (H) main questions and
assumptions hypothesized / * Without results from “Consulting Experts” and completely derived and supported by literature / ** Includes results from “Consulting Experts” and extensively derived and supported by literature / *** Includes results from “Consulting Experts” and enhanced with derived opinions from the author of this thesis / **** Setting in context Assumptions & Findings with own experiences ... vi Table b: Conventional IT concept (old paradigm) compared with the cloud computing model (new
paradigm). Source: Own comparison based on literature according bibliographic footnote, 2010... 34 Table c: Service-oriented architecture (SOA) is primarily the domain of IT analysts, BPM is the
domain of business analysts. The bottom-up approach of HIM makes it possible for business people to define the processes, in other words providing support for the way humans work and interact with each other. Source: Own conclusion based on Fingar, 2009; Rayport and Heyward 2009... 43 Table d: Collection of aspects that need to be considered while assessing cloud computing solutions.
Table Of Illustrations
Illustration a: Visual Model of the NIST Working Definition of Cloud Computing. Source:
Reproduced according original source by NIST, 2009. ... 3 Illustration b: Hybrid Cloud. Source: Cloud Computing Use Case Discussion Group, 2010. ...10 Illustration c: The various offerings of cloud computing covers different levels of abstraction, the
focus on consuming applications by the end user / business man is provided by SaaS.
Source: Reproduced according original source by LSE Research Online, 2009. ...33 Illustration d: Overview of some cloud offerings assigned to different services/taxonomies. Source:
OpenCrowd, 2009... 38 Illustration e: Business Process Spectrum: Information systems need to comply with the soaring
demand for relationship and communication. Source: Harrison-Broninski, 2009. ... 40 Illustration f: Human Interaction Management - An Evolution of Process Management. Source:
Reproduced according original source by Korhonen, 2006. ... 41 Illustration g: Cloud Security Reference Model. Source: Reproduced according original source by
Bibliography
Abdennadher, Nabil. Advances in Grid and Pervasive Computing: 4th International Conference,
GPC 2009. 1st ed. Berlin; New York: Springer, 2009.
Adair, John. How to grow Leaders: The seven Key Principles of effective Leadership Development . 1st ed. London; Philadelphia: Kogan Page, 2007.
Alfred P. Sloan Foundation. “Information Systems Overview.” Sloan Career Cornerstone Center, April 19, 2009. http://www.careercornerstone.org/pdf/infosys/infosys.pdf .
Anderson, Janna, Andie Diemer, Eugene Daniel, Shelley Russel, Drew Smith, and Dan Anderson. “Workshop: Privacy, Security Implications of Cloud Computing.” Sharm El Sheikh, Egypt: Elon University, 2009. http://www.elon.edu/e-web/predictions/igf_egypt/cloud_computing.xhtml .
Armbrust, Michael, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy H. Katz, Andrew Konwinski, Gunho Lee, et al. Above the Clouds: A Berkeley View of Cloud Computing . Berkeley: Electrical Engineering and Computer Sciences (EECS), University of California, February 10, 2009. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf .
Asay, Matt. “Open source: The money is in the cloud,” December 3, 2009. http://news.cnet.com/8301- 13505_3-10408562-16.html.
Avgerou, Chrisanthi. Information systems and the economics of innovation . 1st ed. Cheltenham; Northhampton: Edward Elgar Pub., 2003.
Balachandran, Bala V. “The Messiah of marketing,” July 17, 2006.
http://www.thehindubusinessline.com/manager/2006/07/17/stories/2006071702171100.htm.
Baun, Christian, Marcel Kunze, Jens Nimis, and Stefan Tai. Cloud computing: Web-basierte
dynamische IT-Services . 1st ed. Informatik im Fokus. Berlin; Heidelberg: Springer, 2009.
Bellomo, Michael. How to sell anything on Amazon ... and make a fortune! 1st ed. New York: McGraw-Hill, 2006.
Biddick, Michael. “Why You Need A SaaS Strategy.” Why You Need A SaaS Strategy, January 16, 2010. http://intelligent-
enterprise.informationweek.com/showArticle.jhtml;jsessionid=5FTQXL0YBW3KVQE1GHPSKHWATMY32JV N?articleID=222301340.
Bittmann, Thomas. “Building a Private Cloud: Are We There Yet?,” February 17, 2009.
Bourassa, Richard. “20th APEC Electronic Commerce Steering Group Meeting.” Singapore: Electronic Commerce Steering Group (ECSG), 2009.
http://aimp.apec.org/Documents/2009/ECSG/ECSG2/09_ecsg2_summary.pdf.
Briscoe, Gerard, and Alexandros Marinos. “Community Cloud Computing.” Beijing: LSE Research Online, 2010. http://eprints.lse.ac.uk/26516/1/community_cloud_computing_%28LSERO_version%29.pdf.
Buyya, Rajkumar, Chee Shin Yeo, Srikumar Venugopal, James Broberg, and Ivona Brandic. “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility.” Future Generation Computer Systems 25, no. 6 (December 11, 2008): 599- 616.
Catteddu, Daniele, and Giles Hogben. An SME perspective on Cloud Computing. Heraklion [Crete]: European Network and Information Security Agency (ENISA), November 20, 2009.
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-sme-survey/at_download/fullReport. ———. Cloud Computing: Benefits, Risks and Recommendations for Information Security .
Heraklion [Crete]: European Network and Information Security Agency (ENISA), November 20, 2009. http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-
assessment/at_download/fullReport.
Cerf, Vinton G., Sha Zukang, Hamadoun I. Touré, Koichiro Matsuura, Markus Kummer, Nitin Desai, Michalis Liapsis, et al. Internet Governance Forum (IGF): The First Two Years . 1st ed. Geneva: World Summit on the Information Society (WSIS), 2008.
http://www.intgovforum.org/cms/hydera/IGFBook_the_first_two_years.pdf.
Chen, Lei, Chengfei Liu, and Xiao Zhang. Advances in Web and Network Technologies and
Information Management. Vol. 5731. 2009th ed. Lecture Notes in Computer Science. New
York; Berlin; Heidelberg: Springer, 2009.
Chen, Yanpei, Vern Paxson, and Randy H. Katz. What’s new about Cloud Computing Security? Berkeley: Electrical Engineering and Computer Sciences (EECS), University of California, January 20, 2010. http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.pdf .
Cloud Computing Use Case Discussion Group. “Cloud Computing Use Cases White paper - Version 3.0.” Cloud Computing Use Case Discussion Group, February 2, 2010. http://cloud-computing- use-cases.googlegroups.com/web/Cloud_Computing_Use_Cases_Whitepaper-3_0.pdf?
gda=iwLqyV8AAAAPGXgkJ5fi30lYg4awQpoEqWScDsHoVk5f48r18wRWOvRsmgvNFNvJoZZD7r3PzEf2eH jnTEKAfBvfYgf3pCOm2Nl_xKuxFIy3-WR9Ezn4SpxzIUqf6s0oL53Wkz8h1XQ.
Cloud Security Alliance (CSA). Security Guidance for Critical Areas of Focus in Cloud Computing
6) and does not have a location because it is purely located in the internet: Cloud Security Alliance, December 22, 2009. http://www.cloudsecurityalliance.org/csaguide.pdf.
Cohen, Reuven. “ISO Forms Group for Cloud Computing Standards,” November 6, 2009.
http://www.elasticvapor.com/2009/11/iso-forms-group-for-cloud-computing.html.
———. “The Future of Cloud Computing Belongs to Asia,” November 12, 2009.
http://cloudcomputing.sys-con.com/node/1184360.
———. “The United Nations of Cloud Computing,” June 16, 2009.
http://www.elasticvapor.com/2009/06/united-nations-of-cloud-computing.html .
Copenhagen University College of Engineering. “JTC1/SC22/WG9 - Welcome to the ISO home of Ada Standards,” October 14, 2009. http://www.open-std.org/jtc1/sc22/WG9/organize.htm#jtc1.
Depena, Ray. “The Beauty of the Cloud,” August 18, 2009. http://dotnet.sys-con.com/node/1072760. Ebert, Christof. Systematisches Requirements-Engineering und Management Anforderungen
ermitteln, spezifizieren, analysieren und verwalten . 2nd ed. Heidelberg: dpunkt.verlag, 2008.
Fingar, Peter. Dot.cloud: The 21st Century Business Platform . 1st ed. Tampa: Meghan-Kiffer Press, 2009.
Foley, Mary Jo. “Microsoft's Azure cloud is officially open for business,” February 1, 2010.
http://blogs.zdnet.com/microsoft/?p=5085.
Geeknet, Inc. “SourceForge - Find and Develop Open Source Software,” February 13, 2010.
http://sourceforge.net/softwaremap/trove_list.php?form_cat=576 .
Golden, Bernard. “Capex vs. Opex: Most People Miss the Point About Cloud Economics,” March 13, 2009.
http://www.cio.com/article/484429/Capex_vs._Opex_Most_People_Miss_the_Point_About_Cloud_Economics .
Goldenberg, Barton. CRM in Real-time: Empowering Customer Relationships . 1st ed. Medford: CyberAge Books, 2008.
Goodman, Jason. “The CIO’s Guide To Cloud Computing.” GlassHouse Technologies, Inc., 2009.
http://www.scribd.com/doc/26327785/The-CIO-s-Guide-to-Cloud-Computing.
Gunasekaran, Angappa. Global Implications of Modern Enterprise Information Systems:
Harrison-Broninski, Keith. “Human Interaction Management.” A BPTrends Column, November 30, 2008. http://www.bptrends.com/publicationfiles/ONE%2012-08-COL-HumanProcesses-Harrison-Broninski- 20081104-proofed-corrected.pdf.
———. Human interactions: The heart and soul of business process management . 1st ed. Tampa FL: Meghan-Kiffer Press, 2005.
———. “The Future of BPM” presented at the SOLEA 2009 - International Symposium on Service- Oriented Locally adapted Enterprise Architecture, Espoo [Finnland], April 23, 2009.
http://www.uku.fi/solea/symposium2009/pres/Solea09-Harrison-Broninski.pdf .
Hayden, Mary, Jeff Thompson, and Jack Levy. The SAGE handbook of research in international
education. 1st ed. London: SAGE Publications, 2007.
Hayes-Weier, Mary. “Alternative IT Software is New Reality.” InformationWeek, October 16, 2009.
http://www.scribd.com/doc/22676189/Alternative-It-Software-s-New-Reality-Information-Week? secret_password=1wniolqlkz65sm5gp0iu.
Hummeltberg, Wilhelm. Informationsmanagement. Hamburg: Universität Hamburg, Faculty of Mathematics, Informatics und Natural Sciences, January 15, 2007. https://uni.uni-
hamburg.de/fachbereiche-einrichtungen/fb03/iwi-ii/IM_Gliederung.pdf .
Hunton & Williams LLP. “APEC Forum Discusses International Privacy Legislation Developments,” July 28, 2009. http://www.huntonprivacyblog.com/2009/07/articles/international/apec-forum-discusses- international-privacy-legislation-developments/ .
Information Today, Inc. “What Is CRM?,” February 21, 2002. http://www.destinationcrm.com/Articles/CRM- News/Daily-News/What-Is-CRM-46033.aspx.
International Telecommunication Union (ITU). “ITU Telecommunication Standardization Sector (ITU-T) - MoU on electronic business between IEC, ISO, ITU, and UN/ECE,” March 5, 2008. http://www.itu.int/ITU-T/e-business/mou/mou.html .
Internet Society. Advisory Council (AC) Consultation
on Cloud Computing for OECD Foresight Forum October 2009 . Geneva: Internet Society,
October 29, 2009. http://www.isoc.org/pubpolpillar/docs/cloudcomputing_200910.pdf .
Jaatun, Martin, Gansen Zhao, and Rong Chunming. Cloud Computing: First International
Conference, CloudCom 2009, Beijing, China, December 1-4, 2009, Proceedings . 5931 vols.
1st ed. Computer Communication Networks and Telecommunications. Berlin; Heidelberg; New York: Springer, 2009.
Jaeger, Paul T., Jimmy Lin, and Justin Grimes. “Cloud Computing and Information Policy:
Computing in a Policy Cloud?.” Journal of Information Technology & Politics 5, no. 3 (10, 2008): 269-283.
Johnson, Bobbie. “Cloud computing is a trap, warns GNU founder.” The Guardian. London, September 29, 2008. http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman .
Joint Technical Committee 1. Report of JTC 1/SWG-P on possible future work on Cloud Computing
in JTC 1 - ISO/IEC JTC 1 N9687. Geneva: International Organization for Standardization
(ISO) and International Electrotechnical Commission (IEC), September 11, 2009.
http://isotc.iso.org/livelink/livelink/fetch/2000/2489/Ittf_Home/MoU-MG/Moumg396.pdf.
Jost, Daniel. “Startup in the Cloud - Consulting Experts - Interview with Daniel Jost from CSS Gruppe about Simplicity.” Online Database Application, January 31, 2010.
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/record- summary/Simplicity_View/363985000000086003/.
Khajeh-Hosseini, Ali, Ian Sommerville, and Ilango Sriram. “Research Challenges for Enterprise Cloud Computing.” Arxiv preprint arXiv:1001.3257 abs/1001.3257 (January 15, 2010). http:// arxiv.org/ftp/arxiv/papers/1001/1001.3257.pdf.
Knipp, Eric, David Smith, David W. Cearley, and Yefim V. Natis. Creating Cloud Solutions: A
Decision Framework. Stamford: Gartner, Inc., December 8, 2009.
http://www.gartner.com/resources/171600/171623/creating_cloud_solutions_a_d_171623.pdf .
Koops, Bert-Jaap, Miriam Lips, Corien Prins, and Maurice Schellekens. Starting points for ICT
regulation: Deconstructing prevalent policy one-liners . 1st ed. The Hague: TMC Asser,
2006.
Kooten, van, Michel, and Balder Verberne. “Enterprise Software Top 10: Salesforce running up the ranks,” September 4, 2009. http://www.softwaretop100.org/software-top-100/enterprise-top-10 .
Korhonen, Janne. “BPM - A Systematic Perspective,” Helsinki, October 3, 2006.
http://www.jannekorhonen.fi/blog/wp-content/BPM_Systemic_Perspective.pdf .
Lasica, Joseph Daniel. Identity in the Age of Cloud Computing: The Next-generation Internet's
impact on Business, Governance and Social Interaction . 17th ed. Annual Aspen Institute
Roundtable on Information Technology. Washington D.C.: Aspen Institute, 2009.
http://www.aspeninstitute.org/sites/default/files/content/docs/pubs/Identity_in_the_Age_of_Cloud_Computing.pd f.
Lawson, Stephen. “PayPal opens door to developers,” July 23, 2009. http://www.infoworld.com/d/cloud- computing/paypal-opens-door-developers-590.
Lucas, Sylvie. Progress made in the Implementation of and Follow-up to the World Summit on the
Information Society outcomes at the Regional and International Levels - Report of the Secretary-General. General Assembly Economic and Social Council. Geneva: United
Nations, March 13, 2009. http://www.unctad.org/en/docs/a64d64_en.pdf.
MacDonald, Neil, and David Mitchell Smith. “Gartner Fellows interview with Microsoft's Ray Ozzie on Cloud Computing,” October 30, 2009. http://www.gartner.com/technology/media-
products/reprints/microsoft/172235.html.
Mack, Eric. Video: David Allen - GTD and Cloud Computing. Adobe Flash on Youtube. Notes on Productivity, 2010. http://www.notesonproductivity.com/ICA/NOP.nsf/dx/video-david-allen-gtd-and-cloud- computing.
Mather, Tim, Subra Kumaraswamy, and Shahed Latif. Cloud Security and Privacy: An Enterprise
Perspective on Risks and Compliance. 1st ed. Beijing; Cambridge [Massachusetts]: O'Reilly,
2009.
Mell, Peter, and Tim Grance. “The NIST Definition of Cloud Computing v15.” Computer Security Division of the US National Institute of Standards and Technology, October 7, 2009.
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc .
Metz, Cade. “Will Google regret the mega data center?,” August 8, 2009.
http://www.theregister.co.uk/2009/08/08/microsoft_azure_migration/ .
Meyer, Dirk. Review: Peter Fingar, Dot.cloud: The 21st century business platform built on cloud
computing. San Jose [California]: Adobe Systems, July 31, 2009.
www.oevermeyer.net/dmeyer/files/dotcloud_reviewdirkmeyer.pdf.
Mittelstaedt, Robert, Dennis Hoffman, Elizabeth Farquhar, Steven Salik, and Sanjay Modi. “IT evolution: Why ERP systems face extinction - [email protected]. Carey,” February 28, 2007.
http://knowledge.wpcarey.asu.edu/article.cfm?articleid=1378.
Nelson, Michael R. Briefing Paper on Cloud Computing and Public Policy. Cloud Computing and Public Policy. Paris: Organisation for Economic Co-operation and Development; Committee for Information, Computer and Communications Policy, September 29, 2009.
http://www.olis.oecd.org/olis/2009doc.nsf/ENGDATCORPLOOK/NT00004FC6/$FILE/JT03270509.PDF.