<Insert Picture Here>

Clouds: What’s new is old is new…Joseph Alhadeff, VP Global Public Policy; CPO, Oracle

Cloud Computing, Hard to Define

NIST Definition v15…

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

Characteristics/Deployment models (NIST)

• On-demand self-service

• Broad network access

• Resource pooling

• Rapid elasticity

• Measured Service

• Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.

• Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.

• Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

• Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

Service Models (NIST)

• Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

• Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.

• Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).

Evolution Over The YearsA

do

pti

on

Time

1961

John McCarthy proposed 'computer time-sharing technology' to be sold through utility business model (like electricity) in a lecture at MIT

Mid 90’s

ASP (Application Service Provider) model with single tenant hosting of applications

Early 00’s

SaaS (Software as a Service) model with multi-tenant hosting of applications

Late 00’s

Cloud Computing with pay as you go model, leveraging virtualization for data center efficiencies and faster networks

New?

• Cloud computing is an amalgam of mostly existing technologies and services

• Some use models, coupled with scope of availability and ease of use are part of what’s new

• The access and availability of computing, storage and applications enables individual users to be content creators, publishers and application developers.

• Further developments and roles are expanding in new and innovative ways.

• Are existing regulatory paradigms relevant or applicable?

Virtualization

Virtualization is “separating the computing workload from the hardware.”* Once computers have become more or less disembodied, all sorts of possibilities open up. Virtual machines … can be moved around while running, perhaps to concentrate them on one server to save energy. They can have an identical twin which takes over should the original fail. And they can be sold prepackaged as “virtual appliances”…eventually to turn a data centre—or even several of them—into a single pool of computing, storage and networking resources that can be allocated as needed.

The Economist: Special Report – Where the Cloud Meets the Ground; Oct 23, 2008

*Quoting Paul Maritz of VMware

Cloud Computing Architecture

Web Services

Commodity Hardware

Virtual Machines

Dynamic Application Provisioning

CRM

Database

BI

Email

Virtualization Layer

Cloud Computing – Benefits

• Reduce capital expenditures• Low barrier to entry• Scalable infrastructure• Cost-effective – Pay for what you use• Acquire resources on demand• Release resources when not needed• Virtually infinite compute and storage resources• Turn Organization’s fixed cost into variable cost• May improve security• Patch management/professionally managed services

Cloud Computing Vs. Traditional Hosting – Key Differences

Aspect Traditional Hosting Cloud Computing

Procurement Cycle Weeks/Months Minutes

Deployment Cycle Weeks/Months Minutes

Total Cost Relatively fixed, high Pay per use, low

Flexibility Slow to scale Fast to scale (up or down)

Application Owner Connectivity

Dedicated link/VPN Internet

Physical Deployment Architecture

More transparent, more control

Less transparent, less direct control

Application Performance FastSlow for part-cloud, part-outside applications

Fast for fully cloud based applications

Familiar Questions…

• Cloud? • Abstraction Layer

• Where is my information?• Who controls it?• Who has access?• How is being used?• Who is it being shared with?• Who is looking out for my interests?

Cloud computing – operational concerns: the back end

Performance/availability/Service Level Support Interoperability Audits/Oversight Termination/Lock-in

Less by design and more by inertia… Role of open standards Portability

Cloud computing – legal concerns Privacy

International data transfersConsistent treatmentLawful access issues

Export control Data breach notification laws Data retention laws E-discovery Government regulation Jurisdiction/Conflict of Laws

Cloud computing – contractual concerns

All of the operational/legal issues plus - Data ownership IP Limitation of liability issues SLAs IndemnitiesSubcontracting Dispute resolution AuditsNotice/ consent for transfer, where applicable

Desirable characteristics

• Extended corporate controls• Good security/privacy policies, practices and

controls*• Up-to-date; patched• 24x7x356 service• Mapping to legal requirements• *Tools –

• PIA, Audit reports, Gap Analysis to 27001• Privacy/Security by Design

• Ecosystem Accountability