wef it advanced cloud computing report 2011

8/6/2019 WEF IT Advanced Cloud Computing Report 2011

1/28

World Economic Forum

In partnership with Accenture2011


2/28

About this Report

This World Economic Forum report was developed

by the Forums IT Industry Partnership in

collaboration with Accenture, with input from a

group of experts and a dedicated Steering Board.

World Economic Forum

The World Economic Forum is an independentinternational organization committed to improvingthe state of the world by engaging business, political,academic and other leaders of society to shape global,regional and industry agendas.

Incorporated as a not-for-prot foundation in 1971, andheadquartered in Geneva, Switzerland, the Forum is tiedto no political, partisan or national interests.

(www.weforum.org)

Accenture

Accenture is a global management consulting,technology services and outsourcing company, withmore than 215,000 people serving clients in more than120 countries. Combining unparalleled experience,comprehensive capabilities across all industries andbusiness functions, and extensive research on the worldsmost successful companies, Accenture collaborateswith clients to help them become high-performancebusinesses and governments. (www.accenture.com)

About the Forums Information TechnologyIndustry Partnership

The Information Technology Industry Partnership (IP)programme of the World Economic Forum provides chiefexecutives and senior executives of the worlds leading ITcompanies with the opportunity to engage with peers todene and address critical industry issues throughout theyear. Identifying, developing and acting on these industryissues is fundamental to the Forums commitment todeliver sustainable social development founded on

economic progress.

World Economic Forum91-93 route de la CapiteCH-1223 Cologny/GenevaSwitzerlandTel.: 41 (0)22 869 1212Fax: 41 (0)22 786 2744E-mail: [email protected]

Phase I of the World Economic Forums Exploringthe Future of Cloud Computing project culminated ina report on the benets of cloud computing entitledExploring the Future of Cloud Computing: Riding

the Next Wave of Technology-driven Transformation,published in the spring of 2010.

The objective of Phase II was to develop

recommendations for actions that governments andindustry can take to accelerate the deployment andadoption of public cloud technologies, which resultedin this publication.

The Future of Cloud Computing Steering

Board

Guidance was provided by an actively involved steeringboard of experts, which included representatives from:

Akamai Technologies (Paul Sagan, Chief ExecutiveOfcer)

BT Group

CA Technologies (Ajei Gopal, Executive Vice-President)

Google (Nelson Mattos, Vice-President, Engineering,EMEA)

Microsoft Corporation (Craig Mundie, Chief Researchand Strategy Ofcer)

Salesforce.com (Marc R. Benioff, Chairman and Chief

Executive Ofcer; and JP Rangaswami, Chief Scientist)

Project Team Contributors

From the World Economic Forum:

Joanna Gordon

Associate Director, Information Technology Industry

Chiemi Hayashi

Associate Director, Deputy Head of Risks in Depth,Risk Initiatives

Stephan Mergenthaler

Project Manager, Strategic Risk Foresight

From Accenture:

Dan Elron

Managing Partner, Strategy and Corporate Development

Amelia P. Schaffner

Manager, Strategy and Corporate Development

Bojana Bellamy

Director of Data Privacy

Many individuals contributed ideas to this report throughsurveys, workshops and interviews. The project teamthanks all participants for so generously sharing theirtime, energy and insights. Without their dedication,guidance and support we would not have been able todevelop this report.

2011 World Economic Forum2011 AccentureAll rights reserved. No part of this publication maybe reproduced or transmitted in any form or by anymeans, including photocopying and recording, or by anyinformation storage and retrieval system.

About the Project


3/28

Contents

Executive Summary 1

The Clouds about the Cloud 5

A. Data Governance

B. Security

C. Business Environment

What to Do Now? Eight Action Areas 13

1. Explore and Facilitate the Realization of the Benets of Cloud

2. Advance Understanding and Management of Cloud-related Risks

3. Promote Service Transparency

4. Clarify and Enhance Accountability across All Relevant Parties

5. Ensure Data Portability

6. Facilitate Interoperability

7. Accelerate Adaptation and Harmonization of Regulatory Frameworks Related to Cloud

8. Provide Sufcient Network Connectivity to Cloud Services

Project Outcomes: What Is Next? 19

About the Research 21

References 24


4/28

$55 billion (1)forecasted worldwide revenue from

public IT cloud services by 2014

33%(2)of global companies have deployed or

are piloting the more mature layer of

clouds, SaaS. 23% of high performing

IT companies have already deployed

SaaS

25%(3)of global companies will be deploying

cloud computing for critical

applications within 2 years

44% (3)of executives from global companies

who believe cloud computing can

provide their company with a lasting

competitive advantage

2.1%(4)the average improvement in

efciency of an average employee

because of cloud

2.3 million jobs(4)

the net new jobs created by cloud

on a cumulative basis over the

period 2010 to 2015 across the top

ve EU economies

30%(1)the rate at which cloud

computing will grow in 2011, or

more than 5 times the rate of IT

industry as a whole

Source: 1IDC [Worldwide and Regional Public IT Cloud Services 2010 2014 Forecast, June 2010].2Accenture [Mind the Gap Insights from the 3rd global High Performance IT research study, Nov, 2010]. 3Accenture [Cloudrise:

Rewards and Risk at the Dawn of Cloud Computing Nov, 2010], 4Center for Economics and Business Research

[The cloud dividend, Dec, 2010]

Figure 1. Cloud by the numbers

1

Executive summary

The potential benets of cloudcomputing include promotingeconomic growth, creating

employment and enablinginnovation and collaboration.These were described inthe projects rst report,Exploring the Future of Cloud

Computing: Riding the Next

Wave of Technology-driven

Transformation, published inthe spring of 2010. While recognizing the many benetsof cloud, however, stakeholders also expressed seriousconcerns about its widespread adoption.

In the second phase of the project, the Forum and itsPartners investigated and prioritized these concerns in

further detail. This report presents eight action areas forproviders of cloud computing services and governmentagencies. It is intended to set the agenda for furtherengagement among all stakeholders, ensuring the healthyfuture development of the cloud computing industry.

Clouds about the Cloud

Many of the concerns about thepublic cloud, which are outlined

on page 5 of this report, havelong been discussed in relation tothe Internet without satisfactoryresolution. As cloud computingtechnologies signicantlyexacerbate these issues, theindustry and government mustaddress them at a relatively earlystage in the evolution of cloud services.

Project participants already feel that the currentregulatory environment has slowed the progress ofcloud technologies (in 2010). Further divergence andfragmentation in how the public cloud evolves couldfurther delay potential benets.

These issues include difculties faced by customers inunderstanding who can access the data that they put inthe cloud, how it is protected and how they can be sureit has been deleted when they want it to be. They alsoinclude a growing desire by many national governments todirect the evolution of the digital realm within their physicalborders, with major implications for where cloud providerscan locate the servers that process data.

Cloud is rapidly

changing the world.

It is enabling new

business models andcreating tension in the

system.

Industry Participant,Washington DC Workshop,November 2010

All the infrastructure

in the cloud is no

longer under your

control: with cloud,there is a shift in

responsibility.

Government Participant,Brussels Workshop,May 2010


5/28

Action areas

1. Explore cloud benets

2. Understand & manage cloud risks

3. Promote service transparency

4. Clarify & enhance accountability

5. Ensure data portability

6. Faciliate interoperability

7. Adapt & harmonize regulation

8. Provide sufcient connectivity

Accelerate innovation

Better serve customers

Lower organizational expenses

Improve IT efciency & exibility

Bring socio-economic improvements

Level the playing eld

Data governance issuesData location and jurisdiction; Privacy & condentiality;Data ownership

Security issuesInteroperability & portability; Reliability; Service level commitment;Ecosystem maturity

Business Environment issuesAuthorized access; Integrity & availability; Data loss;Data destruction

Benets

Issue areas

Figure 2. Generating the action areas

2

Key Opportunities

for Multistakeholder

Collaboration

In response to these concerns,the Forum and its Partnershave prioritized a set of eightaction areas to be addressed byindustry and governments, eitherseparately or collaboratively.Through extensive consultationsin Europe, the United Statesand Asia, the project has soughtways to reconcile the naturalconict between letting aninnovative set of technologiesmature and the need to protect

users and citizens.

Presented on page 13, the actionareas cover topics such as:

Improving transparency on howservices are provided, who hasaccountability for what, how datais protected and which legislativeregimes apply; addressing thesetopics is seen as a critical steptowards the broader need,identied by stakeholders, tobuild trust in the cloud

The global community

has come together

before to address

key issues and policyconsiderations in

other industries

such as banking,

transportation, and

telecommunications.

We must now do

the same for cloud

computing. The

journey to cloud

computing will not

happen overnight, but

in the months andyears ahead we have

the opportunity, as a

global community, to

shape the future of

cloud computing and

take the rst steps

together towards

a new, more inter-

connected world.

Vivek Kundra, rst ChiefInformation Ofcer (CIO)of the United States of

America, March 2011

Conducting further research to clarify and spreadawareness of the benets of cloud, and ensure a balancedunderstanding of the nature of the risks and our current

abilities to manage them; this is seen as helpful forenabling informed decision-making by both potential usersand regulators

Facilitating system interoperability, enabling users tocustomize their own cloud solutions across multipleproviders, and data portability to ease user fears of vendorlock-in and government fears about lack of competition

Guaranteeing sufcient network connectivity so thatusers who entrust their data to the cloud can be condentof being able to access it on demand

While complex and sometimes contentious, the eightaction areas set out in this report received strong and

essentially unanimous support from the companiesparticipating in the private session about cloud computingat the World Economic Forum Annual Meeting 2011including many of the largest cloud providers andfrom several ofcial representatives of governments andsupranational organizations.

With the support of leading providers and governments,we encourage individual companies, governments andexisting collaborative initiatives to move quickly to furtherdene and implement the necessary actions that willaccelerate the ability of cloud technologies to generatethe economic and social benets they promise. In todaysturbulent world, these benets are more critical than ever.


6/28

3

The ability to tap into computer applications and other software via the cloud freesorganizations, ranging from companies to government institutions and universities, fromhaving to build and manage their own technology infrastructure. The double-digit growthenjoyed by some cloud providers during the recent economic downturn demonstratesthat many organizations nd this attractive.

According to research conducted by the World Economic Forum and Accenture in2009 and 2010, the benets of cloud computing technologies go beyond reducing ITcosts most participants see facilitating innovation as an even more compelling benet.In the long term, cloud is seen as a way to gain competitive advantage, not only fororganizations but also for whole industries and economies.

While empirical evidence is still at an early stage, studies have associated cloudcomputing with many types of benets, including:

Dramatically accelerating the way companies create new products and services,through enabling innovative new business models, faster research, wider information sharing and more effectivecollaboration between product development professionals around the world

Helping organizations serve their customers better through mining and analysing data to spot emerging trends, suchas changing customer needs and competitors market moves

Lowering organizational expenditures on data centres, servers, software licenses and maintenance fees andreplacing capital expenses with lower pay-for-use operating expenses

Enabling innovation and job creation at a macro level, with the playing eld between large and small companiesbeing levelled as companies of all sizes gain access to information technology that previously was affordable for onlythe largest companies

Helping emerging economies leapfrog to higher levels of technological development by providing more immediateand affordable access to next-generation applications, tools and infrastructure

Empowering governments and citizens to more effectively address such socio-economic issues as deliveringhealthcare and education, improving access to nancial services (insurance, bank accounts, micro-payments) inemerging economies and disaster management provision

Reducing the environmental impact of computing as economies of scale lead to less consumption of energy

Afrming the benets described in the projects rst report, most participants in the private session about cloudcomputing during the World Economic Forum Annual Meeting 2011 agreed that cloud computing is likely to have anoticeable impact on GNP growth during the coming ve years. Many believe that the impact of cloud computing willequal or exceed the impact of mobile technologies.

People are used to

scarce resources,

and the idea of

virtualization of

resources is forcing

a change from a

paradigm of scarcity

to one of abundance.

Its like nding a

substitute for oil.

Industry Participant,Brussels Workshop,

May 2010

Cloud: The Upside


7/28


8/28

1. Data Location constraints

3. Clarity about data ownership

2. Regulatory protection of privacy and condentiality

5. Ensuring integrity and availability (& addressing data loss)

4. Ensuring only authorized access (identity mgmt.)

6. Ensuring data is destroyed as needed

B. Security

7. Ensuring Interoperability

11. Relative immaturity of the cloud ecosystem

8. Ensuring Portability (& avoiding vendor lock-in)

9. Insufcient reliability of cloud

10. Insufcient commitments to service levels

C. BusinessEnvironment

A. DataGovernance

Figure 3. Key categories of issues identied

5

The Clouds about the Cloud

A. Data Governance

Who owns data, who has

the right to access it andunder what circumstances?

What rules apply to the

use and sharing of data?

Such questions tend to

be more complicated

when data is stored in a

shared infrastructure managed by a third party.

Stakeholders expressed differing views about the

appropriateness and feasibility of regulation alone

as opposed to industry self-regulation to specify

frameworks that govern data and its use in the

cloud. The issues raised under the heading of data

governance were:

Data location constraints

It is not always clear underwhich legal jurisdiction data inthe cloud falls especially if,as many cloud architecturesrequire, the data is splitup and stored in multiplelocations. In some cases, itis impossible to determinewhere a particular piece of

data is physically at a particular moment. Even if thiswere possible, data often falls under more than one legaljurisdiction, and it is unclear how inconsistencies amongthose jurisdictions would be resolved.

Given the legal

complexity created by

cloud environments,

industry players are

forced to infringe laws

all the time.

Industry Participant,London Workshop,December 2010

Stakeholders Issues and Priorities

With the pace of development of the cloud computingindustry increasingly raising questions about regulation,

a group of high-level IT industry participants at the WorldEconomic Forum Annual Meeting 2009 mandated therst phase of the Future of Cloud Computing project.Senior decision-makers in the public and private sectorsexplored the benets that could be derived from theuse of cloud computing for society, the economy andindividual businesses. They also identied barriers to theachievement of such benets and mandated that theForum pursue the identication of a series of collaborativeactions that could steer the healthy development of cloudcomputing.1

In response to the output of the projects rst phase,industry leaders at the Annual Meeting 2010 mandatedthe second phase of the project, to identify action areasin further detail. The scope of the project remains focusedon the use of public clouds primarily for businesses andgovernments, although many of the issues identied applyto the consumer domain as well.

Through a series of initial workshops, surveys, one-to-one and group interviews and using a structured issuetool, multiple issues of concern to key stakeholders fromindustry, government and academia were identied. Theywere grouped into three issue areas data governance,security and business environment and analysed indetail. Figure 3 illustrates the issues associated with eachof these three areas.

1. http://www3.weforum.org/docs/WEF_ITTC_FutureCloudComputing_Report_2010.pdf


9/28

6

No matter how much

we invest, data is

going to escape

internationally; thatis just a fact of the

Internet.


Users are concerned aboutthe potential for foreigngovernments to demand

access to their data.Governments worry aboutlosing the legal ability tooversee data in the cloud andapply their laws to the cloud.These concerns can resultin data location constraintsbeing imposed for example,

requiring cloud providers to locate data within nationalborders, or subjecting transfers of data outside a givenjurisdiction to additional legal hurdles and authorizations.Some stakeholders, however, see these concerns as thinlyveiled excuses for protectionism.

For their part, some cloud providers indicate that, ifcountries insist on data being stored within nationalboundaries, they will be unwilling to build new datacentres in smaller markets. They point out that thefreedom to move data across borders helps to achievethe economies of scale that are a key benet of cloudcomputing, as there is a signicant cost involved in usingarchitectures that keep a customers data in a particularcountry or geographical block, potentially giving thelargest providers an unfair advantage.

Data Privacy and Condentiality

Many users say that concerns about data privacy andcondentiality restrict their willingness to use cloudservices for sensitive data. In the cloud, data is stored onremote machines that are shared with other users. Thismakes many users concerned about the potential forbusiness competitors or government authorities to accesstheir data in the cloud without their awareness or consent.

Governments would like to mandate and apply nationallegal requirements for data stored in the cloud, and manyalready have. Given the cross-border nature of the cloud,though, national measures to protect data privacy andcondentiality have only limited capacity to reassure users.

There is a desire for greater global consistency indata privacy requirements applying to the cloud but

government stakeholders note that fundamental differencesin their approaches make comprehensive internationalagreements less likely. For example, the United States hasa stricter regulatory regime for specic sectors, such ashealthcare, where privacy and condentiality issues areespecially sensitive, while the European Union has blanketdata privacy laws covering all data.

Some stakeholders feel that, given these regulatorychallenges, users concerned about data privacy andcondentiality will ultimately have to rely on market

mechanisms to assess the trustworthiness of providersin the cloud. Nonetheless, there is no guarantee thatadequate market mechanisms will emerge in a timelyfashion.

Clarity about Data Ownership

When a user moves data to the cloud, it is not alwaysclear what rights the cloud service provider gains toaccess, modify or distribute that data. Some users areconcerned that certain types of legal protection associatedwith data they entrust to the cloud will be compromised ifdata is moved through the cloud to other jurisdictions forexample, they may be exposed to insufcient or conictingregimes with regard to their intellectual property.

Ownership of meta-data is often raised as a concern.Meta-data is created from connections between separateindividual items of data, or from the context of when andhow those individual items of data were provided. Meta-data can be extremely sensitive and valuable, even whenthe individual items of data are not. Who should have whatrights to use meta-data and capture the value that arises?

There is a lack of agreement on these issues, andregulation is not always conclusive. EU data privacy laws,for example, distinguish between data controllers and dataprocessors but, in the cloud, it is not always obviouswhat the respective roles and responsibilities are. There

are scenarios in which users and providers could ndthemselves in a legal limbo, where the law provides noclear answer as to who is responsible for the data if, forexample, security is breached or a provider fails.

While regulators say they would like to improve bothregulations and user awareness of the issues surroundingdata ownership, industry stakeholders express concernthat over-regulation of data ownership at this point in theclouds evolution could prevent them from meeting userneeds and improving services.


10/28

7

By Jonathan L. Zittrain, Professor of Law and Professor of Computer Science at Harvard University and

Member of the Project Working Group

In 2010, cloud provider Amazon.com elected to shut down its hosted version of the WikiLeaks website. Amazon,like many such vendors, offers hosting to all comers but under terms of service that give it broad latitude in decidingultimately whom to serve. Given the public controversy over WikiLeaks, Amazons action crystallized somethingalready known about cloud computing: when ones data or software is hosted far away and under the care of a thirdparty, there are new risks and complications that can offset the ways such hosting can make life simpler and safer.

Some of these risks can be managed: businesses can shop carefully for an enterprise-level cloud provider, andpay more for those that can persuasively claim more reliable service, or for contracts that penalize unanticipated orunjustied takedowns or interruptions. (For consumers, who plan and bargain less, the equation can be particularlydangerous: a lifetimes worth of e-mail or photos, or a social network comprising hundreds or thousands of hard-won

relationships, can have its rules changed, or even evaporate, in an instant.)

However, not all risks can be easily mitigated. For example, network trouble or government-mandated ltering cancome between a business and its cloud processes. And, as events in Egypt and Libya demonstrated, there areoccasions in which an entire nations Internet access can be threatened. The solution is not likely to involve retreat toones own basement servers. Basements arent fail-safe either, and another marker thrown down by the WikiLeaksepisode is the prevalence and power of denial of service attacks: all but the most bunkerized homes for data andcode are vulnerable to compromise or attack.

We do not want to see the move to cloud computing, which can offer so many benets, slowed if the fears broughtinto focus by the WikiLeaks episode remain unaddressed. Yet we also do not want to nd ourselves continuing amarch to cloud computing that entails clustering under only a handful of powerful umbrella service providers, leadingto limited competition and a handful of points of control.

Solutions may lie not as much in centralization as in its opposite: creating protocols and processes by which data

is voluntarily mirrored among otherwise-independent sites. Then if one is disrupted, other copies remain. And at thenetworks physical layer, we may see projects such as mesh networking -- creating connectivity without relying uponInternet service providers -- move from the interesting to the downright vital. While the approaches and examplescan vary, answers to these very new problems may be inspired from the oldest of human instincts and politicalorganization: mutual aid.

As cloud computing accelerates, our creativity and sociability will be tested as we seek to realize its gains withoutcreating undue vulnerabilities.

Building a Secure Cloud without Undue Points of Control


11/28

8

B. Security

Users want to be condent

that their services and dataare secure in the cloud

that is, always available to

them and never available

to unauthorized others.

They also demand recourse

mechanisms if something

goes wrong. Industry

stakeholders point out that

greater security involves

trade-offs with cost and

usability, and that technical

solutions can never fully

protect against security breaches originating from

users themselves.

Security-related issues raised by stakeholders

include:

Ensuring Only Authorized

Access

Users are concerned thatdata in the cloud is more

susceptible to cyber-attacks,as aggregating multipleusers data and serviceson a single platform makesit a more attractive target.Providers point out that no

security mechanisms are foolproof, and all come withtrade-offs: using encryption can be expensive, and usinghypervisors to virtually isolate a users applications anddata can still leave vulnerabilities.

More broadly, both industry and government stakeholdersexpressed concern that technical security mechanismssuch as encryption could give users a false sense of

security. Encryption is only as effective as the userscontrol of who has the key, and does not solve theproblems of a malicious insider or of users beingmanipulated into giving access. These concerns arebound up with wider questions of how to manage andverify identities.

Ensuring Integrity and Availability (and Addressing

Data Loss)

When users store their data on their premises, it is clear

who is accountable if the data is corrupted, lost ortemporarily inaccessible. This is not necessarily the casewhen the data is stored in the cloud. When it is unclearwhether a problem lies with the cloud provider or withthe networks the user is using to access the cloud, usersare concerned that they will be unable to establish who isliable, and to seek redress.

As many users data may be shared on one machine,users are concerned about the possibility of problemswith one users services affecting anothers. Governmentstakeholders express concern about the resilience ofcloud providers to distributed denial-of-service (DDoS)attacks, and note there is an inherent disincentive for

providers to report on breaches and problems. Someindustry stakeholders, however, believe they are alreadybeing transparent enough, especially given that a greatmajority of client agreements require the service providerto notify the client of any breaches or data loss.

Ensuring that Data Is Destroyed as Needed

Most computer users are aware that even when theydelete data, it can still be recovered from their hard drives additional steps are needed to make sure data cannever be retrieved. True data deletion is more challengingin the cloud, because cloud providers are the only oneswith access to the physical infrastructure on which users

data is stored, and often data may be mirrored on multiplemachines. Without any way of verifying if their data hasbeen destroyed, users have no option but to trust theprovider.

Government stakeholders are especially concerned thatsensitive data, such as healthcare records, should notbe recoverable once deleted. Industry stakeholders note,however, the signicant technical difculties involved inguaranteeing data deletion.

Overall, many cloud providers are keen to stress that theabove concerns about security in the cloud should not beoverstated. By their nature, cloud solutions aggregate thesecurity requirements of many clients, often to the higheststandard, and they are frequently monitored and stringentlyaudited. As a result, security protections in the cloud aremore extensive than in many, perhaps most, private datacentres.

No-one will

unequivocally declarethat cloud is 100%

safe just as no one

will declare airplanes

are 100% safe. Let

not security become

the bogey thatll stop

the whole thing be

pragmatic, solve the

problems as they

come along, and be

open.

Academia Participant,New Delhi Workshop,November 2010


12/28

9

The change created

by the cloud

ecosystem will be

manifested 20% in the

realm of technology

and the remainder

through social

change.

Industry Participant,New Delhi Workshop,November 2010

The World Economic Forum held a workshop in New Delhi on 23 November 2010,convening over 30 leading Indian decision-makers, including service providers, users,government representatives and academia. The goals of the workshop were toidentify the potential benets and opportunities of cloud computing in India and otheremerging economies; address the unique challenges to its implementation in emergingmarkets; and explore in which areas emerging markets could take the lead in clouddevelopment.

Market Potential

Small and medium-sized companies with limited resources and access to IT are expected tobe the greatest beneciaries in India from the efciency gains promised by cloud computing.For these companies, participants expect cloud to facilitate more efcient delivery of services

to bottom of the pyramid consumers one of the key future market potentials in emerging economies.Similar efciency gains could also improve public services in India. Some government representatives argued thatcloud service models could, in fact, be the only means of delivering certain essential services (such as micro-transaction banking, micro-insurance and healthcare) given the vastness of the country, with large remote and poorpopulations. Other areas of public service that could benet from the cloud include disaster management and theagricultural sector.

More broadly, providing access to data and computing power to people who would normally be deprived of suchresources could unleash signicant new innovation.

Specic Challenges in India

The lack of economic returns represents one of the key challenges for the development of the domestic cloud marketin India. While many IT companies are engaged in the cloud business, they feel that currently there are insufcient

incentives to offer economically sensible cloud models and services to the domestic market, particularly thosetargeting micro, small and medium-sized enterprises. Hurdles to the adoption of cloud include the limited availabilityof digitized data and the need to deal with requirements of 28 different states.

In addition, limited and/or unreliable wired and wireless broadband infrastructure hinders access to, and hencedevelopment of, cloud services in India. This calls for greater engagement from the government to provide a fertileenvironment for domestic cloud markets and to engage in public-private partnerships on cloud development.

In terms of regulation, while privacy and personal data protection are not widely established in Indian law, ITcompanies that export services are keen to have Indian regulation align with European and US data protectionframeworks. The development of such a framework in India would assist the industry in competing on aninternational scale.

Additional implications for Emerging Markets

Overcoming connectivity challenges is critical. The development of mobile-based access in India and other emergingmarkets will drive the adoption and growth of cloud computing.

Access management is another area in which India is developing promising initiatives. Given the large populationbase and the huge number of potential cloud users, identication and access management poses uniquechallenges. Indias Unique Identication Card (UID Card) project, which relies on cloud technologies, could be seenas a model case.

Cloud Computing in India and Emerging Markets


13/28

10

C. Business Environment

Cloud services and business models are still at

an early stage of development, but several areashave been identied that are of concern to key

stakeholders. They include:

Ensuring Interoperability

Interoperability is the ability ofdifferent systems to seamlesslycommunicate with eachother. Users favour greaterinteroperability as it allowsthem to customise their ownsolutions by purchasingbest of breed services from

multiple cloud providers andto move more easily between providers. Governmentsalso favour interoperability as a way of driving competitionand increasing the resilience of the cloud system as awhole, especially where the market consists of only a fewproviders.

However, industry stakeholders are concerned thata premature focus on standardization to promoteinteroperability could hold back innovation and theevolution of better solutions.

Ensuring Data Portability

Closely related to interoperability is the question of data

portability that is, users being able to move data (oreven complete application stacks) easily among cloudproviders. Many users express the fear of being lockedin to a single cloud provider if it turns out to be inefcient,time consuming, expensive or impossible to transfer datato a different cloud, or back to their premises. Governmentstakeholders are also concerned about portability fromthe perspective of encouraging competition and buildingsystemic resilience.

However, as with interoperability, industry stakeholdersare concerned that an excessive focus on ensuringdata portability will limit their incentive to innovate bymaking it harder for them to differentiate themselves

through different architectures and offerings. Concernsabout meta-data also complicate efforts to ensure dataportability.

Insufcient Reliability of Cloud

Many users perceive that the reliability of cloud solutionsis not yet sufcient for them to trust the cloud with theirmission-critical needs. They are concerned about beingalerted to planned downtime and having accurate reportsabout unplanned downtime; having access to theirdata slowed by other users creating contention for theproviders resources; and the need for backup strategiesin the event of unanticipated crises or a provider going outof business.

Industry stakeholders generally feel that, as the cloudmatures, market mechanisms will evolve that allowusers to assess providers reputation and reliability.

Nonetheless, there is no consensus among cloudproviders on how much information about their reliabilitythey are willing to disclose, and government agencies arenot satised with the status quo.

Insufcient Commitments to Service Levels

Related to reliability concerns, users note that the kindof SLAs (service level agreements) they rely on fromproviders of their on-premises IT solutions do not tendto be offered by cloud providers, or that what is offeredis insufcient for important applications. Potential usersof cloud computing are held back by the lack of clearcommitments from providers on such issues as uptime,response times, bandwidth, reliability and security or by

the lack of stipulated penalties if these commitments arenot met.

Users also note that the lack of standardized SLAs makesit difcult for them to compare competing services. Therewere, however, mixed views among industry stakeholderson the feasibility of working towards standardized SLAs,given the great diversity of architectures and users needsand circumstances.

Relative Maturity of the Cloud Ecosystem

While cloud services are evolving rapidly, manystakeholders express concern about the speed at whichother necessary aspects of the ecosystem in which public

clouds operate are evolving. Common concerns include:

The still-widespread lack of understanding about cloud,as potential users do not feel sufciently informed aboutthe risks and benets and are nervous about committingto relatively new business models such as pay-as-you-goaccess to IT

Future speed, reliability and global availability of thenetwork access required to use public clouds

Availability of expertise, as there are still relatively few ITprofessionals globally who are trained to architect cloudsolutions

Current underdevelopment of insurance solutions, whichcould protect users against problems with the cloud

Threats to intellectual property from using cloudsolutions outside a rewall, as more information andapproaches to running a business are externally exposed


14/28

11

Brussels

Economic and social impacts of cloud

Interoperability and vendor lock-in

3rd party validation & certication

Secure access & network security

Industry-led standardization

Growth-enhancing initiatives

Clarify (roles, relationships, data location andownership of data)

Clarication on application of regulation

Data privacy & condentiality

U.K.

Macro-regulatory framework

Transparency & trust

Co-regulation model

Integrity & reliability

Accountability

Concrete security measures

Interoperability & portability

Number of actors

Washington, DC

Education & awareness raising

Government access to data

Interoperability & portability

"Privacy by Design"

R&D needs

Quantifying ROI

Harmonization & Transparency

Addressing risk

India

Economically sensible cloud models

Government-Industry partnership

Government incentive

Enabling cost (e.g. Infrastructure, utility) of delivery inemerging markets

Compliance with int'l regulations on data

Social change

India's youth

Lower concerns about data sensitivity

Focus on small, micro businesses

Some of the fundamental issues identied by the project illustrate how sensitive and complex cloud technologies havebecome at this relatively early stage in their development.

Many stakeholders are concerned by the current dominance of cloud providers based in the United States, becauseof the potential loss of competitiveness and decreased ability to inuence how the cloud operates. This may explainthe development of individual clouds in countries such as China.

Some ofcials are worried that jobs may be lost in private data centres as companies move to the cloud, althoughmost stakeholders agree that, in the longer term, the clouds net effect on jobs is likely to be positive. The skills issuealso comes into play a countrys capacity for innovation could be compromised if its citizens are not sufcientlyaware of how to utilize cloud technologies, especially if no local cloud providers exist and if local R&D is limited.

There are also questions about whether national identities, autonomy and sovereignty could be compromised if rmsincreasingly rely on the same few foreign cloud providers. This reliance is seen by some as potentially a new form of

colonization.

Finally, it is still far from clear how principles of free trade should be applied in the cloud whether countries that hostcloud data centres have an obligation to provide open access to these centres to customers from other countries,under what terms and with what protections.

The Cloud in Context: Geopolitics and Economics

Figure 4. Key topics that emerged at the 2010 workshops


15/28

12


16/28

13

What to Do Now? Eight Action Areas

Working from the major issues described in the previoussection, the project set out to develop recommendationsand identify actions that governments and industry can

undertake to accelerate the deployment and adoption ofpublic cloud technologies. While the underlying issues arecomplex and contentious, eight critical action areas wereselected by government representatives and companies including many of the largest cloud providers and regulatorsfrom Europe and North America and then conrmed inthe private session about cloud computing held during theWorld Economic Forum Annual Meeting 2011.

1. Explore and facilitate the realization of the benets ofcloud

2. Advance understanding and management of cloud-related risks


4. Clarify and enhance accountability across all relevantparties


6. Facilitate interoperability

7. Accelerate adaptation and harmonization of regulatoryframeworks related to cloud

8. Provide sufcient network connectivity to cloud services

As described below, these action areas are put forward as

a charter for further engagement among key stakeholders.They are intended to form a cohesive agenda, bringingtogether several areas in which there are existing butdisparate initiatives. We hope this step will lead to industryand government collaboration to further dene andimplement the necessary actions to move the agendaforward and accelerate the uptake of cloud technologies.

Cloud ecosystem participants should dedicateadditional resources to understanding the benets

of cloud and accelerating the adoption of innovative

applications of cloud technology. Topics include

product and process innovation and job creation,

collaboration, broad delivery of IP, government

effectiveness and efciency, and other economic

benets.

Underlying many of the issuesdiscussed in the previoussection is a sense that thebenets of cloud computing beyond those related toIT efciencies are not wellunderstood. This manifestsitself as a problem in twomain ways. First, users maybe held back from moving to

the cloud if they perceive the risks more clearly than thebenets. Second, regulators nd it hard to make balanceddecisions that are in line with the European legal principleof proportionality if they lack a clear sense of how theirdecisions could potentially impact the macroeconomicand societal benets of the cloud as well as the risks. The

principle of proportionality argues, among other provisions,that regulation should detract as little as possible from thebenets of what is being regulated.

It is normal enough for any new technology thatindependent, objective research on its benets is difcultto nd. However, a balanced view of the potential benetsis especially necessary for cloud, given the uniqueconcerns it raises. It would be useful, for example, to haveindependent and objective research into the potential forcloud computing to facilitate collaboration among multipleand diverse participants in industries such as healthcare,education and complex supply chains, or to delivercross-border protection of intellectual property rights. In

particular, it has been expected for some time that cloudwould signicantly advance healthcare and education,and it is important to understand why this has not yethappened.

During the past decade, there has been extensiveresearch on the benets of broadband, particularly itsability to accelerate GNP growth. This may providea model for similar research into the cloud, given itscomplementarity with broadband access. Such researchshould focus on the potential for job creation (and loss),looking especially at how small and medium-sizedbusinesses could benet from access to best in classcomputing solutions.

1. Explore and Facilitate the Realization of

the Benets of Cloud


17/28

14

There is a need

to be transparent

with regard to

roles, relationships,locations and

ownership of data.

Industry Participant,Brussels Workshop,May 2010

Transparency is

one of the key

requirements: we

need to learn to trust

cloud services.


For the moment,

there is very little

information on what

is going on behind

the scenes in terms of

security managementin the cloud.


Providers of cloud services should make available to

customers information about how their services areprovided and how they perform. This includes letting

customers know how data is secured, where data

is stored and/or what jurisdictional provisions apply,

how and by whom it can be accessed, and how it

can be deleted.

In addition to further researchinto the benets and risks,greater transparency (i.e.public disclosure) about cloudcomputing would go a long

way towards addressing manyof the stakeholder issuesdetailed above notablyprivacy and condentiality,data ownership, security,

liability and reliability. Clearer and more easily accessibleinformation about cloud service delivery models andoffers would accelerate the development of the market byimproving levels of user trust and facilitating the creation ofaggregated services provided by multiple providers.

Greater transparency shouldalso reduce the risk of excessiveregulation that could hinder the

industrys evolution. Governmentstakeholders indicate that asmore consistent and comparableinformation on cloud performanceand security becomes availableto customers, the less they willbe concerned about the needto protect less-sophisticatedcustomers through regulation.

There is an opportunity for cloudproviders to take the lead ontransparency through developingcodes based on shared good

practices. Efforts to improveand standardize reporting areunderway, and there is scopefor them to be consolidated.Voluntary certication schemescould also play a role, with cloudproviders asking a third party agency to audit, certify orrate them. Such a move could help to build trust in thecloud and reduce the need for further regulation.

3. Promote Service Transparency

Relevant stakeholders (providers and government)should encourage research into the unique risk

drivers in cloud computing and identify potential

solutions.

The ipside of clearlyunderstanding the potentialbenets of cloud is ensuringthat perceptions of risk arealso grounded in reality. Itis arguable that several ofthe stakeholder concernsdescribed in the previous

section apply just as much tothe public Internet as to the

cloud, where data centres may be protected by securitymechanisms that are so sophisticated they actuallyreduce risk rather than exacerbate it. If concerns areindeed overstated, the development of the cloud would beneedlessly held back.

However, authoritative researchis lacking on how serious therisks are for different types ofapplications and data; howwell they can be managed;and how they relate to broaderglobal risks such as politicalissues affecting the movementof information across borders.Collaboration among industryand regulators on conductingand publicizing such research

could educate and reassure users, and help to ensure thatgovernment regulation is appropriately targeted.

Risk mitigation strategies need to address the different riskproles of different types of data, such as personal dataand trade secrets. Innovative approaches to managingrisk could include industry players developing codes

of conduct and mutual assistance schemes wherebyproviders agree to assume responsibility for each othersservice commitments in the event of outages or breaches.A better understanding of risks would also facilitate thedevelopment of nascent cloud insurance models to offercompensation to customers in the event of losses causedby the cloud.

2. Advance Understanding and Management

of Cloud-related Risks


18/28

15

4. Clarify and Enhance Accountability across

All Relevant Parties

Industry, regulatory bodies and third parties shouldcollaborate to create and implement more consistent

and comprehensive approaches to accountability for

how cloud services are provided.

Complementing greatertransparency, greater clarityabout accountability wouldaccelerate uptake of cloudcomputing among potentialusers, who are currentlyreluctant to entrust mission-critical services to the cloud.

Users want to know who isaccountable if service levels are unsatisfactory, if theyare unable to access data they put in the cloud or if itis accessed by unauthorized persons or governmentagencies. In particular, users want clarity aboutaccountability for service delivery in situations whereproviders leverage sub-contractors, get acquired or go outof business.

Efforts to clarify accountability for legal compliance such as the development of data privacy and securitycompliance programmes by cloud users or providers are hindered by unclear and sometimes inconsistentregulation. It is therefore important to achieve clarity onwhether cloud providers are considered data processorsor data controllers, what the respective obligations of bothparties are, and which countrys laws apply to data whena cloud provider has data centres in multiple jurisdictions.Possible technology approaches to the third point includetagging data with a specic jurisdiction code or encryptingall data before it moves to the cloud (although this isexpensive and not foolproof).

As with transparency, government stakeholders indicatethat voluntary industry moves to clarify accountabilityand establish corporate compliance programmes couldreduce the need for regulatory intervention. There isan opportunity for third-party certication schemes toplay an important role, and potential for further industryinvolvement in existing initiatives such as the Data PrivacyAccountability Model, Privacy-by-Design and BindingCorporate Rules. Industry players and governmentstakeholders need to agree on the extent to which itis possible to establish general principles regardingaccountability, as some cloud providers expressed theview that accountability needs to be negotiated only withindividual clients.

Cloud service providers should provide ways for

users to easily retrieve data they have input toclouds, without an onerous fee and in a timely

manner.

5. Ensure Data Portability

The fear of vendor lock-in holdsback many potential users of cloud,while many government stakeholdersare concerned about maintainingcompetitiveness in the cloud market.These concerns are lessened ifit becomes quicker, easier andcheaper for users to move data,and perhaps applications, between

different cloud providers and betweenuser premises and the cloud. Usersshould be aware, however, that dueto economies of scale in the cloud

and particular cloud architectures, it may be economicallyinfeasible to roll back from the cloud to an on-premisessolution.

There is potential to achieve greater consistencyand rationalization in the data portability standardscurrently being advanced by multiple bodies, includingthe Distributed Management Task Force; over time,the ambition could be to develop minimum portabilitystandards and common approaches for all cloud

providers. Governments have a role in minimizing anyregulatory barriers that are faced by efforts to standardizeportability.

Work on facilitating data portability also needs to bealigned with work on common approaches to dataownership and protection, law enforcement access andliability. Providing meta-data and context information,in addition to the actual data entered, can signicantlyincrease the options available to customers.


19/28

16

In addition to the eight action areas detailed in this report, several additional actions were discussed but did notreceive sufciently widespread support to be included in the nal list of action areas. These are:

Foster education for cloud users

Governments, the cloud computing industry (and other industries that can benet from cloud), academia andinstitutions of higher education, and small businesses share an interest in fostering education and awareness amongpotential users of cloud services on ways to leverage cloud technologies. Use cases could illustrate more complexscenarios. Familiarizing labour pools with cloud technologies should enhance national economic competitiveness byensuring that industries that stand to benet from the cloud do not fall behind in taking advantage of it.

Promote R&D for privacy and security enhancing technologies

Providers of cloud services should collaborate with each other and with government stakeholders to invest in

research to advance the protection of privacy for users through the reinforcement of existing procedures and creationof new architectures and systems. This applies in particular to identity and access management, data encryption,data deletion, and addressing causes of failure and security loopholes.

Improve SLAs

By working to evolve clearer and more standardized service level agreements, industry players can address userconcerns about being unable to make informed decisions. As governments are also concerned that users of cloudshould be able to understand and take responsibility for their choices, industry action could pre-empt regulatoryintervention. More stringent SLAs will also allay user concerns about entrusting mission-critical solutions to the cloud.

Adopt Cloud

Governments can continue to support the use of public cloud and play a signicant role in the general adoption of

cloud by driving the need for industry to create government-ready solutions. The adoption of cloud by governmentsalso increases user condence and may facilitate regulatory processes and harmonization. For example, US FederalChief Information Ofcer Vivek Kundra has released the Federal Cloud Computing Strategy in 2011, which calls forabout one-quarter of federal IT spending, or US$ 20 billion, to be committed to cloud systems. Additionally, under theUS Cloud First programme, agencies will be required to move three services to the cloud within 18 months; adopt acloud model wherever feasible; and evaluate cloud options before making investments.

Pursue new approaches to regulatory harmonization

Additional suggestions mentioned in this context that did not achieve broad agreement, included:

Adapt WTO frameworks to create a cloud trade body to address data policies and help stakeholders formulateand agree upon policies needed for digital services

Create a broader, voluntary safe harbour programme with the understanding that, once a company commits to it,

the commitment will be legally binding

Create a Cyberpol or world court that would act as a central, global body to pursue non-compliant providers,criminals and, possibly, rogue states

Additional Action Areas


20/28

17

6. Facilitate Interoperability 7. Accelerate Adaptation and Harmonizationof Regulatory Frameworks Related to Cloud

Industry players should pursue the evolution of cloud

offerings with the goal of facilitating interoperabilityamong multiple (private and public) clouds. This

will accelerate the growth of the overall cloud

ecosystem.

There has been notableprogress recently in developingofferings that allow usersto customize their ownsolutions by simultaneouslyusing services from multiplecloud providers. As with dataportability, every step towardsgreater interoperability helps toaddress stakeholder concernsabout competitiveness and

lock-in. It may also accelerate innovation and help addresschallenges related to data privacy and security.

As the cloud industry matures over the coming years,interoperability will need to be accompanied by theevolution of clear accountability frameworks, commitmentsto commonly dened service levels and broad adoptionof standards. Large industry players, including savvy anddemanding customers such as governments, can helpaccelerate this maturation process for example, throughencouraging visible research and pilot projects.

Fostering cloud interoperability will also likely extend to abroad range of ecosystem players, including providers ofconnectivity and application developers, who will need toadopt relevant architectures and provide enabling servicessuch as highly reliable cross-cloud connectivity.

Governments worldwide should adapt andharmonize regulations relevant to cloud with the

aim of improving their applicability and reducing

divergence across jurisdictions, while considering

the maturity of the overall industry.

There is widespreadfrustration amongstakeholders about theregulatory environmentfor cloud computing,especially in the areasof data privacy andsecurity. Regulationsare often inconsistent,conicting and difcultto apply for users andproviders operatingglobally. This holds back

users from moving to the cloud, as they fear regulatoryprovisions are insufcient to protect their data from beingunduly accessed by law enforcement or retained byproviders. And when regulations effectively force data toremain within national borders either directly by imposingrestrictions on data transfers outside the jurisdiction,or indirectly through a lack of cross-jurisdictional

alignment they hold back cloud providers from realizingimprovements that come from achieving scale throughmultiple locations.

As a long-term goal,governments may wish toexplore a macro-regulatoryframework that will be moreadept at keeping pace withrapid technological change.Options include a co-regulationapproach, whereby industrytakes the lead in identifyingnecessary provisions and

governments take a policy andoversight role. This would implyachieving a harmonized approach to the underlyingprinciples that guide regulation, which currently differamong jurisdictions notably through the USs sectoralapproach to data privacy regulation and the EUsmore universal one. Minimum regulatory standardsare not a solution they are often not sufcient toreduce complexity, as they do not stop countries fromintroducing additional provisions.

As a step in this direction, governments should continueto dialogue with providers to better understand the impactof regulatory interventions. Data protection authorities can

play an important role in interpreting and harmonizing legalframeworks to more effectively meet user and providerneeds for clearly understandable and authoritative guidanceabout their respective responsibilities, the protectionsaccorded to them, and the recourse available in the eventof breaches.

Industry could

take the initiative

for a cloud code

of conduct and

regulators could then

review it.

GovernmentRepresentative,World Economic Forum

Annual Meeting 2011


21/28

18

Large businesses

do not have a

strong grasp of

their dependence

on Internet-based

services, which will

increase with cloud.

Many of the issues

around access to

the cloud relate to

maintaining continuity

of the network.


8. Provide Sufcient Network Connectivityto Cloud Services

Industry, government and relevant agencies shouldidentify connectivity requirements for cloud services

(wired and wireless) and promote the commensurate

deployment of networks across the world.

To be able to usecloud computing withcondence, usersneed easy access tothe cloud. They needguarantees about thespeed, reliability and

robustness of networks,both xed and mobile.In particular, in anenvironment where

market needs maybe moving faster than the technology,users need to be condent that current telecominvestments will be sufcient to support future services.

Governments have a role in promoting better connectivityin all markets, especially in emerging and developingcountries where the issue may be more acute. Policyinitiatives that could serve as examples include the Europe2020 broadband targets and the European CommissionsDigital Agenda pillar on ultra-fast broadband.

Given that cloud computinguses data centres that needto be able to handle massiveamounts of trafc, the planningof networks and data centresneeds to be coordinated.Developing a frameworkdescribing what services canbe provided with various levelsof connectivity could also helpnational governments promoteand prioritize investmentsthat will sustain future growth

opportunities. Not muchresearch currently exists on thistopic.


22/28

1. Explore cloud benets

2. Understand & manage cloud risks


4. Clarify & enhance accountability


6. Faciliate interoperability

7. Adapt & harmonize regulation

8. Provide sufcient connectivity

Figure 5. Action areas

19

Cloud computing is at apivotal point of development.As it becomes a critical

element of the IT landscape,there is much expectationthat its potential economicand social benets couldrival those of the Internet ormobile technologies, but alsomuch uncertainty. Experienceof previous waves oftechnological change suggeststhat now is the window ofopportunity for industry andpolicy-makers to collaborate,encourage business adoptionand nd ways to reconcile

the natural conict betweenletting an innovative set oftechnologies mature andprotecting users and citizens.

This report set out to identify the issues that needto be addressed to move the agenda forward andareas of action that all agree could enable the healthydevelopment of cloud technologies. While valuablework is underway on many of these issues (such asstandards and security) the project aims to addressmore cohesively the bigger picture and the possibilityfor a broader common agenda. To do this, the projecthas brought together key stakeholders from industry,governments, international organizations and academia toprioritize their concerns and explore potential solutions.

The eight action areasdescribed in this reportencompass broadeningawareness and understandingof the benets and risksof cloud, promotingservice transparency,harmonizing regulatoryframeworks, clarifyingaccountability, facilitating

system interoperabilityand data portability, and ensuring sufcient networkconnectivity. They received broad support fromindustry and government leaders taking part in aprivate session on cloud computing at the WorldEconomic Forum Annual Meeting 2011.

The aim of these action areas is not to offer prescriptivesolutions, but to suggest a charter for furtherengagement among industry and governments. Theeight action areas are already being used as the basis formultistakeholder collaboration in multiple contexts, suchas feeding into a series of meetings between industryleaders and EU Commissioner for the Digital AgendaNeelie Kroes on cloud regulation and harmonization,announced at the Forums Annual Meeting.2

An especially promising avenue for government-industrycollaboration could be the initiation of experimentalpilot deployment programmes to generate anddocument empirical evidence on the positive social andeconomic impacts of the cloud. Such studies couldhelp counterbalance concerns about cloud computing,which are magnied by their overlap with broadercontemporary worries such as national sovereignty,cybersecurity and the health of the Internet.

Other potential collaborative actions could include:

Industry investing in research into systemicsecurity risks and costs and how tocollaborate on areas such as encryption

Service providers reaching agreement oncommon best practices for transparency

Telecoms providers working to identify connectivityrequirements and investment needs by geography

Cloud computing is set for rapid acceleration aroundthe world. We hope that the framework described in thisreport has provided a common language and a sharedset of priorities for industry and governments to continueto address common issues in a constructive way, leadingto a wider and more effective uptake of cloud solutions.

Project Outcomes: What Is Next?

After two years of

intensive work on

cloud issues, the

World EconomicForum has done

a great job in

bringing together a

lot of expertise and

experience. And it

is a timely exercise

indeed.

Neelie Kroes, Vice-President of the EuropeanCommission responsiblefor the Digital Agenda

Towards a EuropeanCloud Computing Strategy,World Economic Forum

Annual Meeting 2011

Stakeholders

willingness to

overcome the barriers

depends on their

assessment of cloud-

related benets.


2. http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/50


23/28

20


24/28

2009 Annual Meeting, Davos

San Francisco workshop

Europe Summit, Brussels workshop

Industry/ government consultation & issue tool

Washington DC workshop

New Delhi workshop

Slough (UK) workshop

Industry/ government consultation

AMNC Dalian workshop

Tokyo workshop

IES New Delhi workshop

Brussels workshop

Cross-government call



Phase 2Phase 1

Figure 6. Project timeline

21

About the Research

Project Background

This report is part of the World Economic Forumsresearch study, Exploring the Future of Cloud Computing.

It was mandated by the IT Governors at the WorldEconomic Forum Annual Meeting 2009 in Davos-Klosters,Switzerland.

Two objectives for the research were dened:

Develop an understanding of what is needed to steer thehealthy development of both public and private cloudcomputing environments

Develop a set of industry and public policy action areasthat could help mitigate the uncertainties and acceleratethe benets of cloud computing

Consequently, the project was divided into two phases:

I. The rst phase focused on consulting with a wide rangeof relevant stakeholders (IT industry, corporate buyers

of IT, government regulators, investors, academics,journalists and others) through workshops, surveys andinterviews to obtain their views on the potential impacts

of cloud computing on business, society and theglobal economy. A key research tool was an extensivesurvey that Accenture designed and developed on cloudcomputing. Collecting a wide range of highly informedviews enabled us to identify the key drivers, enablers andbarriers in cloud computing.

Phase I outcomes:

Report: http://tinyurl.com/wef-2010report

Video: http://tinyurl.com/wef-2010video

II. Based on the ndings of the phase I report, phaseII focused on developing action areas and identifying

actions that governments and industry can undertake toaccelerate the deployment and adoption of public cloudtechnologies (this report).


25/28

Process/

Industry Clouds

Application Clouds

(SaaS)

Platform Clouds

(PaaS)

Infrastructure

Clouds (IaaS)

Initial Prioritization

Issues That Affect Cloud Deployment

In The Next 3 Years

Davos Governors Gession

InputPhase I Input and Report, Cloud Constraints and Barriers

Issue Tool

Collation of Skateholder

Priority Issues

Analysis & Solution

Development

Draft Action Areas

OutputAction Areas and World Economic Forum Report

Figure 8. A possible hierarchy of cloud-

based offerings

22

Denition of Cloud Computing

There are probably as many denitions of cloud computingas there are opinions about its future. To date, there isno denition that is agreed upon in most quarters. Thedenition we used in this project came from the Universityof California at Berkeley: Cloud computing refers to boththe applications delivered as services over the Internet and

the hardware and systems software in the data centres

that provide those services.

Clarications: Access to the cloud can be provided viamultiple technologies (Internet or other) and services caninclude processing, storage, access to applications andbusiness processes.

Deployment models relevant to this project:

Public cloud sold to the public, mega-scaleinfrastructure (e.g. Amazon, Google)

Hybrid cloud composition of two or more clouds whereone might abstract applications or services through acombination of in-house infrastructure and/or reaching outto multiple clouds

Community cloud a shared infrastructure for a speciccommunity (e.g. healthcare)

Note: Private clouds (ones that an enterprise owns orleases) are not included in the scope of phase II of our

project

Examples of types of cloud computing:3

Process/Industry clouds

Application clouds (SaaS) Platform clouds (PaaS)

Infrastructure clouds (IaaS)

Characteristics of Cloud Computing

In the absence of a commonly accepted denition ofcloud computing, enumerating some characteristics4 oftenassociated with cloud computing may help to clarify howthe term is commonly used and understood:

On-demand self-service

Broad network access

Resource pooling

Rapid elasticity

Measured service

Massive scale

Virtualization

Resilient computing

Low-cost software

Geographic distribution covering multiple jurisdictions

Multiple accountabilities

Service orientation

Advanced security technologies

3. Cloudrise: Rewards and Risks at the Dawn of Cloud Computing, Accenture, Jeanne G. Harris and Allan E. Alter, November 2011

4. The NIST Denition of Cloud Computing, Peter Mell and Tim Grance, October 2009

Figure 7. Project process and outcome


26/28

23

Acknowledgments: Partners and

Contributing Organizations

Industry

Accenture

AkamaiAlcatel Lucent

AT&T

Bitcurrent

BMC Software

BT Group

CA Technologies

Capgemini

Cisco

Colt

ComScore

CSC

Cyber Risk Partners

Dell

Deutsche Telekom

EMC

Forrester

Fujitsu

Google

HCL TechnologiesHP

Huawei Technologies

Infosys Technologies

Intel

Juniper

Kudelski

Lenovo

Lockheed Martin

McAfee

Mahindra Satyam

Microsoft

Nasdaq

NCR Corp.

Nivio

Orange Business Services

Polycom

Salesforce.com

SAP

SAS

Telefonica

Tibco

Wipro

Governments and Agencies

European Commission

European Data Protection Supervisor (EDPS)European Network and InformationSecurity Agency (ENISA)

Confederation of Indian Industry (CII)

French Data Protection Authority (CNIL)

German Ministry of Economics and Technology

German Ministry of the Interior

Indian Department of Information Technology

Indian Department of Micro, Smalland Medium Enterprises

NASSCOM India

Japan Ministry of Internal Affairs and Communications

Organisation for Economic Co-operationand Development (OECD)

UK Cabinet Ofce

UK Department for Business, Innovation and Skills (BIS)

UK Ofce of Cyber Security and Information Assurance

US Department of Commerce

US Federal Communications Commission

US Federal Trade Commission

US General Service AdministrationUS Ofce of Management and Budget

Academia

Berkman Center for Internet and Society, HarvardUniversity, USA

Brookings Institution, USA

Centre for Commercial Law Studies, Queen Mary,University of London

Centre of Excellence in Information and CommunicationTechnologies, Belgium

Complutense University of Madrid, SpainGeorgetown University, USA

International Institute of Information Technology Bangalore

Rand Europe

Research Center on IT and Law, FUNDP Namur, Belgium

An additional thank you goes to the Accenture Australia

creative services team, to the Forum editing team and to

the writer, Andrew Wright.


27/28

24

References

1. Above the Clouds: A Berkeley View of CloudComputing, authored by 11 members of UC Berkeleysdivision of Electrical Engineering and Computer

Sciences, February 2009

2. Exploring the Future of Cloud Computing, WorldEconomic Forum, May 2010

3. Worldwide and Regional Public IT Cloud Services,2010-2014 Forecast, IDC, June 2010

4. Mind the Gap Insights from Accentures Third GlobalHigh Performance IT Research Study, November 2010

5. Cloudrise: Rewards and Risks at the Dawn of CloudComputing, Accenture, Jeanne G. Harris and Allan E.

Alter, November 2011

6. Where the Cloud Meets Reality: Operationally Enablingthe Growth of New Business Models, Accenture,March 2011

7. The Cloud Dividend, Center for Economics andBusiness Research, December 2010

8. Information Assurance Framework, ENISA, November2009

9. Cloud Computing Security Risk Assessment, ENISA,November 2009

10. Towards a European Cloud Computing Strategy,Neelie Kroes, Vice-President and Commissioner for

the Digital Agenda of the European Commission,speaking at the World Economic Forum AnnualMeeting 2011, January 2011

11. Federal Cloud Computing Strategy, Vivek Kundra,February 2011

12. The Terms They Are A-Changin'... Watching CloudContracts Take Shape, Simon Bradshaw, ChristopherMillard and Ian Walden, The Brookings Institution,March 2011

13. A Digital Agenda for Europe, European Commission,May 2010

14. EU Data Protection Directive 95/46/EC, October 199515. Article 29 Data Protection Working Party of the EU

Directive

16. Unique Identication Authority of India (UIDAI)Volunteer Guidelines, 2009

17. Digital Japan Creation Project (ICT Hatoyama Plan),Ministry of Internal Affairs and Communications ofJapan, March 2009

18. Privacy and Security in Cloud Computing, Allan A.Friedman and Darrell M. West, Center for TechnologyInnovation at Brookings, October 2010

19. The Economic Impact of Cloud Computing onBusiness Creation, Employment and Output inEurope, Prof. Federico Etro, Review of Business and

Economics, June 2009, Vol. 54, 2, pp. 179-208.

20. The Economics of Cloud Computing, IUP Journal ofManagerial Economics, February 2011, Vol. IX, 2, pp.1-16

21. The NIST Denition of Cloud Computing, Peter Melland Tim Grance, October 2009


28/28

The World Economic Forum is an independentinternational organization committed to improvingthe state of the world by engaging leadersin partnerships to shape global, regional andindustry agendas.

Incorporated as a foundation in 1971, and basedin Geneva, Switzerland, the World EconomicForum is impartial and not-for-prot; it is tiedto no political, partisan or national interests.

(www.weforum.org)

wef it advanced cloud computing report 2011

Documents