Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2013
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Notes for a Presentation at the
Realm Hotel, Canberra, 24 February 2011
Roger Clarke **
© Xamax Consultancy Pty Ltd, 2011
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/EC/CCSec.html
The accompanying slide-set is at http://www.rogerclarke.com/EC/CCSec.ppt
The organisers of the Forum requested an address on 'Security in the Cloud'. The event was held in the national capital, and was oriented towards government agencies and government business enterprises.Cloudsourcing is subject to a wide range of interpretations. But two important factors are often omitted when the term is defined:
A gradual change has occurred over several decades in the manner in which organisations gain access to applications software. What began as self-sufficency (and now can be thought of as 'insourcing'), moved to outsourced sites, then to outsourced facilities, and then to integrated multi-site outsourced facilities, which are now migrating into the cloud. This has greatly increased component-count, location-count, complexity, dependencies and hence fragility, and decreased internal expertise and internal knowability. [8 slides]
To appreciate 'security in the broad', it's necessary to consider the downsides of cloudsourcing under a number of headings [13 slides]:
Several approaches to risk management strategy are available, including business processes, legal aspects, ongoing due diligence and multi-sourcing. A new digital security model is emerging [10 slides].
Several categories of use-profile need to be identified. Because of the immaturity of cloud service-providers, user organisations must do the aerial equivalent of 'putting their toe in the water' very carefully indeed. A set of questions is proposed that user organisations need cloud computing tenders to be able to convincingly answer [11 slides].
Various aspects of this thread of work have been presented in a number of previous documents and presentations, including:
Clarke R. (2010a) 'User Requirements for Cloud Computing Architecture' Proc. 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing, Melbourne, Australia, 17-20 May 2010 (eds. Parashar M. & Buyya R.), pp. 625-630, PrePrint at http://www.rogerclarke.com/II/CCSA.html, also presented in the ANU School of Computer Science on 28 May 2010
Clarke R. (2010b) 'Computing Clouds on the Horizon? Benefits and Risks from the User's Perspective' Proc. 23rd Bled eConference, 21-23 June 2010, at http://www.rogerclarke.com/II/CCBR.html
Clarke R. (2010c) 'Cloud Computing: Managing for Benefits and Managing the Risks' Cutter series on Sourcing & Vendor Relationships 11, 1 (July 2010), Cutter Consortium, Arlington MA (10,000 pp.)
Clarke R. (2011) 'The Cloudy Future of Consumer Computing' Submitted to the Bled eConference, June 2011, which includes Streams on Cloud Computing and eDependency, at http://www.rogerclarke.com/EC/CCC.html
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Department of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 40 million by the end of 2012.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916
Created: 19 February 2011 - Last Amended: 19 February 2011 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/CCSec.html