BRINGING CLOUD COMPUTING DOWN TO EARTH

Transcription

1 BRINGING CLOUD COMPUTING DOWN TO EARTH WEBINAR: ISM SERVICES GROUP MARCH 14, Prof. Christina L. Kunz Wm. Mitchell College of Law St. Paul, Minnesota

2 CLOUD COMPUTING: ITS PREDECESSORS 2 Why does this sound familiar?

3 PREDECESSORS TO CLOUD COMPUTING Remember EDI? ( electronic data interchange in the early 1990s) Required a value-added network (VAN) between the two parties, to Mediate platform & software differences between parties Store data until cheaper sending times Back up data (disaster recovery partner) Remember ASPs? (application service providers, in the late 1990s to early 2000s) Provided a wide range of online services to customers: Data processing Financial services (payroll, accounts payable and receivable, etc. Rental of software run by ASP leading to

4 MORE PREDECESSORS TO CLOUD COMPUTING Remember SaaS? (software as a service) Vendors who essentially rent their software to customers, saving them from Maintenance, updates, and IT repairs Licenses and royalties Capital expenditures (because the fee is an operating expense) Longer-term commitments to licensed software Which then diversified into SaaS (software as a service) IaaS (infrastructure as a service) PaaS (platform as a service) And became hosting All of which now operate on

5 THE CLOUD 5 But what is it really?

6 THE CLOUD IS REALLY JUST NETWORKS, SERVERS, STORAGE, APPLICATIONS, AND SERVICES, OPERATING ON EARTH 6

7 TODAY S COVERAGE: What is the cloud? How to choose a vendor Crucial clauses in the contract 7

8 A DEFINITION OF CLOUD COMPUTING a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. US Nat l Institute of Standards and Technology (NIST) (search for cloud computing ) 8

9 TYPICAL CHARACTERISTICS OF CLOUD COMPUTING (NIST) Essential characteristics: On-demand self-service Broad network access Resource pooling Rapid elasticity (scalability) Measured service Key enabling technologies include: Fast wide-area networks, Powerful, inexpensive server computers, and High-performance virtualization for commodity hardware. 9

10 DETAILED CHARACTERISTICS OF CLOUD COMPUTING (ACCORDING TO WIKI) Empowerment of end-users of computing resources by putting the provisioning of those resources in their own control, as opposed to the control of a centralized IT service (for example) Agility improves with users' ability to re-provision technological infrastructure resources. Application programming interface (API) accessibility to software that enables machines to interact with cloud software in the same way the user interface facilitates interaction between humans and computers. Cloud computing systems typically use REST-based APIs. 10

11 DETAILED CHARACTERISTICS OF CLOUD COMPUTING (ACCORDING TO WIKI) Cost is claimed to be reduced and in a public cloud delivery model capital expenditure is converted to operational expenditure. This lowers barriers to entry, as infrastructure is typically provided by a third-party and need not be purchased for one-time or infrequent intensive computing tasks. Pricing on a utility computing basis is fine-grained with usage-based options and fewer IT skills are required for implementation (in-house). Device and location independence enable users to access systems using a web browser regardless of the location or device (e.g., PC, mobile phone). As infrastructure is off-site (typically provided by a thirdparty) and accessed via the Internet, users can connect from anywhere. 11

12 DETAILED CHARACTERISTICS OF CLOUD COMPUTING (ACCORDING TO WIKI) Virtualization technology allows servers and storage devices to be shared and utilization be increased. Applications can be easily migrated from one physical server to another. Multi-tenancy enables sharing of resources and costs across a large pool of users thus allowing for: Centralization of infrastructure in locations with lower costs (such as real estate, electricity, etc.) Peak-load capacity increases (users need not engineer for highest possible load-levels) Utilization and efficiency improvements for systems that are often only 10 20% utilized. Reliability is improved if multiple redundant sites are used, which makes well-designed cloud computing suitable for business continuity and disaster recovery. 12

13 DETAILED CHARACTERISTICS OF CLOUD COMPUTING (ACCORDING TO WIKI) Scalability and Elasticity via dynamic ("ondemand") provisioning of resources on a finegrained, self-service basis near real-time, without users having to engineer for peak loads. Performance is monitored, and consistent and loosely coupled architectures are constructed using web services as the system interface. Maintenance of cloud computing applications is easier, because they do not need to be installed on each user's computer and can be accessed from different places. 13

14 DETAILED CHARACTERISTICS OF CLOUD COMPUTING (ACCORDING TO WIKI) Security could improve due to centralization of data, increased security-focused resources, etc. Security is often as good as or better than other traditional systems, in part because providers are able to devote resources to solving security issues that many customers cannot afford. However, concerns persist about loss of control over certain sensitive data, and the lack of security for stored kernels. The complexity of security is greatly increased when data is distributed over a wider area or greater number of devices and in multi-tenant systems being shared by unrelated users. User access to security audit logs may be difficult or impossible. Private cloud installations are in part motivated by users' desire to retain control over the infrastructure and avoid losing control of information security. 14

15 15

16 MAJOR ACTORS IN CLOUD COMPUTING 16

17 MAJOR ACTORS IN CLOUD COMPUTING (NIST TERMINOLOGY) Cloud consumer Cloud provider Cloud auditor Optional but recommended Cloud carrier Cloud broker Optional but recommended 17

18 18

19 CLOUD CONSUMER A cloud consumer maintains a business relationship with a cloud provider by Browsing the service catalog from a cloud provider, Requesting the appropriate service, Setting up service contracts with the cloud provider, and Using the service. 19

20 CLOUD PROVIDER o A cloud provider o Is responsible for making a service available to interested parties, By way of service deployment, service orchestration, cloud service management, security, and privacy; Acquires and manages the computing infrastructure required for providing the services; Runs the cloud software that provides the services; and Arranges to deliver the cloud services to cloud consumers through network access. 20

21 SERVICE ORCHESTRATION BY CLOUD PROVIDER 21

22 CLOUD AUDITOR A cloud auditor can (if requested by the consumer) perform independent examinations of cloud service controls to verify conformance to standards through an objective review A performance audit can measure the provider s actual performance against the agreed-upon standards A security audit can assess Whether security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to the security requirements for the system, and Compliance with applicable laws and the cloud consumer s security policy. A privacy impact audit can ensure Compliance with applicable privacy laws, and Confidentiality, integrity, and availability of an individual s personal information at every stage of development and operation. 22

23 CLOUD BROKER A cloud broker can (if requested by the cloud consumer) negotiate the relationships between cloud providers and a cloud consumer, if contacted by the cloud consumer, and manage the use, performance, and delivery of cloud services. Service Intermediation: A cloud broker enhances a given service by improving some specific capability and providing value-added services to cloud consumers. The improvement can be managing access to cloud services, identity management, performance reporting, enhanced security, etc. Service Aggregation: A cloud broker combines and integrates multiple services into one or more new services. The broker provides data integration and ensures the secure data movement between the cloud consumer and multiple cloud providers. Service Arbitrage: Similar to service aggregation except that the services being aggregated are not fixed. The broker can choose services from multiple providers. 23

24 CLOUD CARRIER A cloud carrier is an intermediary that provides connectivity and transport of cloud services between cloud consumers and cloud providers, and access to consumers through network, telecommunication, and other access devices. For example, cloud consumers can obtain cloud services through network access devices, such as desktop computers, laptops, mobile phones, and other mobile Internet devices (MIDs). The distribution of cloud services is normally provided by network and telecommunication carriers or a transport agent. A transport agent is a business organization that provides physical transport of storage media, such as high-capacity hard drives. 24

25 25 DEPLOYMENT MODELS

26 DEPLOYMENT MODELS Public cloud Private cloud Private cloud rental Community cloud Hybrid cloud 26

27 DEPLOYMENT MODELS, COMPARED Public cloud (Google, Microsoft, etc.) Resources are made available to the general public Free or pay-per-usage (usually low cost) No negotiation on terms Greater danger of another cloud user hacking into your data Private cloud Operated solely for a single organization Usually more negotiability on terms Consumers have to buy, build, and manage them, so they might not result in less hands-on management and less cost 27

28 DEPLOYMENT MODELS, COMPARED Private Cloud Rental Rent a modular data center Then (using Virtual Machine concepts) move the running applications from the existing data center to the leased equipment without any disruption to customers. Then remove obsolete data center equipment and replace it with new hardware. Then move the applications from the leased equipment onto the new hardware. Then return the leased equipment. Or keep it on site as a backup, so it can be powered up and used when demand increases. Cost-effective option to consider when security is a concern. Especially when moving critical company private data off-site to a public cloud is not an option 28

29 DEPLOYMENT MODELS, COMPARED Community cloud Shared infrastructure between several organizations from a specific community with common concerns (security, compliance, etc.) Fewer consumers than a public cloud (but more than a private cloud), so only some of the cost savings of cloud computing are realized Hybrid cloud Composition of two or more clouds (private, community or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability Ex.: Company s private cloud can talk to same company s public cloud, but not vice versa 29

30 30

31 31 SERVICE MODELS

32 SERVICE MODELS Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) NIST US Govt. Cloud Computing Technology Roadmap, Release 1.0, vol. 2 32

33 33

34 34

35 SOFTWARE AS A SERVICE (SAAS) The provider deploys, configures, maintains, and updates the operation of the software applications on a cloud infrastructure. The consumer can use the provider s applications that are running on a cloud infrastructure, accessible from various client devices through a thin client interface such as a Web browser (e.g., Web-based ). These applications are not installed locally in the consumer s server. Rather, they re installed elsewhere and made available on a network. So the consumer doesn t need a license from software licensors for the applications it uses. The cloud provider is responsible for managing the applications, security, and the cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, Except that the consumer may have limited administrative 35 control over some user-specific configuration settings on the applications.

36 SAAS SERVICE MODEL The consumers of SaaS can be organizations that provide their members with access to software applications, end users who directly use software applications, or software application administrators who configure applications for end users. SaaS consumers can be billed based on the number of end users, the time of use, the network bandwidth consumed, the amount of data stored, or the duration of stored data. 36

37 PLATFORM AS A SERVICE (PAAS) The provider Manages the computing infrastructure for the platform, Runs the cloud software that provides the components of the platform, Such as runtime software execution stack, databases, and other middleware components, and Typically also supports the development, deployment, and management process of the consumer, by providing tools Such as integrated development environments (IDEs), development versions of cloud software, software development kits (SDKs), and deployment and management tools. The consumer Outsources its operating systems, database and other applications and programs to the provider, So the consumer doesn t need to manage them locally. Does not manage or control the underlying cloud infrastructure (network, servers, operating systems, or storage) Except for possibly some of the hosting environment settings, and Can deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. 37

38 PAAS SERVICE MODEL PaaS consumers can be application developers who design and implement application software, application testers who run and test applications in a cloud-based environment, application deployers who publish applications into the cloud, or application administrators who configure, monitor, and manage applications deployed in a cloud. PaaS consumers can be billed according to the number of PaaS users, the processing, storage, and network resources consumed by the PaaS application, or the duration of the platform usage. 38

39 INFRASTRUCTURE AS A SERVICE (IAAS) The provider acquires the physical computing resources underlying the service, including the servers, networks, storage, and hosting infrastructure, runs the cloud software necessary to render the necessary computing resources to the consumer through a set of service interfaces and computing resource abstractions, such as virtual machines and virtual network interfaces. The provider furnishes the consumer with a virtual computer, network-accessible storage, network infrastructure components, and other fundamental computing resources, on which IaaS consumers can deploy and run arbitrary software. The consumer has control over the operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls), The provider controls the underlying cloud infrastructure the physical hardware and cloud software that make the provisioning of these infrastructure services possible, for example, the physical servers, network equipment, storage devices, host OS, and hypervisor software for virtualization. 39

40 IAAS SERVICE MODEL Compared to SaaS and PaaS consumers, an IaaS consumer has access to more fundamental forms of computing resources and thus has control over more software components in an application stack, including the OS. IaaS can be used by system developers, system administrators, and IT managers who are interested in creating, installing, monitoring, and managing services and applications deployed in an IaaS cloud. IaaS consumers can be billed according to the amount or duration of the resources consumed, such as CPU hours used by virtual computers, volume and duration of data stored, network bandwidth consumed, or the number of IP addresses used for certain intervals. 40

41 NOTE THE DIFFERING AMOUNTS OF CONTROL BETWEEN PROVIDER AND CONSUMER, DEPENDING ON THE SERVICE MODEL (NIST) 41

42 USING DUE DILIGENCE TO CHOOSE A CLOUD PROVIDER 42

43 CHECKING OUT THE PROVIDER Ask the provider: How long it s been in business, and in what forms Past security breaches and service interruptions And the provider s responses What kinds of background screening requirements for operator staff? What kind of training to ensure that operator employees (including contractors and third-party users) understand responsibilities related to specific consumers? Which personnel have access to consumers confidential information? What means of monitoring malicious insiders? Is the provider running its own hardware and software? If not, under what leases, licenses, and service agreements? Does the provider have any ISO or SAS certifications? Third-party audit reports? 43

44 CHECKING OUT THE PROVIDER Check publicly available information: Search for published accounts of provider s history and service interruptions For instance, Google searches, Wall St. J., trade journals, etc. Check EDGAR for contracts involving publicly traded companies (SEC records) List of security breaches: eaches.htm Talk to other customers about provider s reputation 44 and trustworthiness

45 CHECKING OUT THE PROVIDER Ask your IT staff Some applications and programs are too complex to run in the cloud Instead of doing that, you may need local servers installed in your office for this programs to run smoothly. Also consider support, availability, service levels and other technical issues Check the provider s service level agreement, to see The promised levels of reliability of service The promised speed and adequacy of responses to problems 45

46 CHECKING OUT THE PROVIDER Look at pricing Will you save more money if you enter an agreement with a pay-as-you-go provider? On what metric(s) will you be billed? Would all of your business s employees require access to the same applications and software? Would it be best that you have these software installed locally on a server instead of being in the cloud? 46

47 CHECKING OUT THE PROVIDER Which deployment model and service model do you need? SaaS? PaaS? IaaS? Public? Private? Hybrid? Community? Is the provider large enough to handle your volume needs? How many and what kind of applications does your business need to run smoothly? How much volume of data and files? How much backup volume? 47 What bandwidth of internet service?

48 SELECTED CLAUSES IN A CLOUD CONTRACT 48

49 SELECTED CLAUSES IN A CLOUD CONTRACT Scope of services Acceptable use policy Service-level agreement Possible reps & warranties Interoperability Portability E-discovery concerns Data Ownership & preservation Location Security Encryption Data retention Disaster recovery Jurisdiction Privacy Governing law Term & termination Other clauses Modification Confidentiality Subcontractors Pricing, payments Remedies, etc. Indemnification, duty to defend, exclusive remedies, remedy limitations, etc. Migration, including transition assistance Duration, termination Alternative dispute resolution Assignability/delegability 49

50 50 LET S LOOK AT EACH CLAUSE

51 SCOPE OF SERVICES Exactly which services will the vendor furnish? With help from subcontractors or third parties? Any duty to maintain & update its technology? To what standards? Which services won t the vendor furnish? Note similarity to licensing of intellectual property Words of grant Exact scope of rights granted 51

52 PROVIDER S LIMITATIONS ON YOUR USE; ACCEPTABLE USE POLICY What uses does the provider limit or bar? May be based on provider s upstream licenses for its software, etc. May be due to exclusive arrangement with third party Who can use? Employees? Subcontractors? Other vendors? Whole supply chain? Customers only? Public? Anyone with password? Where Particular location, terminal, or password? Within U.S. only? When 24/7/365? What Any limit on trade or business? 52

53 SERVICE-LEVEL AGREEMENT (SLA) Even if vendor has no SLA, you can sometimes append an SLA onto the vendor s agreement Often confidential Microsoft? Amazon? Same issues as in other SLAs with online service providers: Speed/responsiveness Accuracy/lack of defects Security Chosen times for vendor s maintenance & updates Back-up plans in case of shut-down or either party s disaster Remedies for performance failures (usually tailored to the seriousness of the defect) How quickly? Remote or in-person assistance? 24/7/365 or less? Technological skill level of assistance personnel English language skills A cloud provider may also list in the SLAs a set of restrictions or limitations, and obligations that cloud consumers must accept. 53

54 GENERIC SLA (NIST) 54

55 CLOUD-SPECIFIC SLA 55

56 POSSIBLE REPS AND WARRANTIES Where and how the services will be provided Qualifications of the individuals performing the services Reliability of the technology used to perform the services Ownership of intellectual property, or validly licensed rights to that IP Etc. etc. 56

57 INTEROPERABILITY Integrated Mobile Device Support The provider should provide support for heterogeneous clients, configurable through a standard policy management interface. A single interface used to configure all devices eliminates the need to swap between programs when configuring different devices. Integration in Cloud Services The provider should provide a means of integrating cloud application capabilities with the consumer s systems. There should be no need to separately define users within the cloud application; the appropriate information should be received through the bulk provisioning interface. Ensuring that is appropriately configured and relayed provides the consumer with the traceability required for complying with e- discovery laws. 57

58 INTEROPERABILITY Help Desk and Trouble Ticketing Management The provider should provide a standard interface for opening trouble tickets, enabling consumers to open trouble tickets using automated tools or to route trouble tickets from any general ticketing solutions that the consumer may be using. Complexity is decreased for a consumer using multiple cloud services if there is a single point for the creation, update, and monitoring of trouble tickets. provide a standard interface for receiving updates on tickets that are not closed so that automated tools or general ticketing solutions could be updated. Consumers that have automated reporting of problems and outages through their ticketing systems need to integrate cloud provider ticketing with their systems. allow the consumer to update trouble tickets using for those individuals without access to a primary interface. notify the consumer's event management system when appropriate through a standard interface, updating status as appropriate. Monitoring of all system event information through a single interface is necessary for a unified view of important events throughout all applications that are used by the consumer. 58 Moving a particular system to the cloud does not remove the responsibility of the consumer to monitor and understand events in their systems.

59 INTEROPERABILITY Collaboration standards Standard document formats are needed for portability and interoperability. Metadata such as privileges, creation and modification dates, etc., are needed to ensure that privileges, traceability, and information needed to meet e- discovery requirements are retained. The cloud provider shall provide the ability to bulk convert files, including metadata, from old or obsolete formats to current formats. The consumer is responsible for the actual conversion. The cloud provider shall provide a means for cloud subscriber users to not only collaborate internally, but also to collaborate with external partners. The sharing of documents in a secure and compliant way with external organizations is frequently cited as a requirement for a collaboration solution. 59

60 INTEROPERABILITY Billing and Reporting Interoperability Billing and usage reporting should be standardized across systems to enable cloud consumers to make meaningful comparisons of costs and benefits across multiple cloud implementations. VM Management Interoperability Virtual machine management interoperability is required so that platforms running in services provided by multiple cloud providers can be stopped, started, terminated, and maintained using a single interface. 60

61 PORTABILITY Data Portability For purposes of e-discovery, standards for importing and exporting data must include metadata for , calendaring, contacts, tasks, and notes, to ensure portability between different vendors. Data Deletion Ensuring that data are completely deleted decreases the likelihood of security breaches in the future, and ensures compliance with security and privacy laws. In the cloud, the cloud consumer must rely on the cloud provider to ensure deletion of data from all appropriate components (such as hard disks and tapes). 61

62 PORTABILITY At the termination of the consumer-provider contract: The provider must return all business data to the consumer, and ensure that the data are irrevocably deleted from all of their systems So that the provider does not have any future obligation to the consumer, and the consumer need not worry about potential security or privacy breaches at their former provider. The provider must delete all usage data from all services that could be traced back to the consumer. This information could provide useful information to third parties about usage patterns and implementation that the consumer may not want released. If the provider decides to or needs to de-support one cloud solution in order to move it to another cloud, the cloud provider must be required to ensure continuity of operations and could be required by contract to put a copy of all of the source code required to re-create the system in escrow. 62

63 PORTABILITY Portability of virtual desktops The consumer may wish to bargain for the provider to provide a means by which to move virtual desktops between vendors and providers. Currently, once a consumer makes a decision to virtualize the desktop environment, the virtualization stack is very difficult to migrate to a different implementation. The provider should make virtual desktops accessible via any device, mobile or non-mobile. Static virtual machine portability Required so that the maintained platform images can be freely migrated between cloud implementations without the need for parallel development or maintenance. 63

64 PORTABILITY Virtualization of legacy software If needed, the consumer may need to bargain for the provider to provide a means of virtualizing legacy software packages. Legacy software is a significant problem for many cloud consumers. For legacy applications used by only a few people, the virtual version might be cheaper and better supported and monitored. Virtualizing these legacy applications removes the dependency on aging hardware platforms and enables organizations to continue to offer this software on modernized computing infrastructure. 64

65 E-DISCOVERY OF CLOUD DATA Cloud provider must be able to comply with valid demands for e-discovery by Identifying electronic records meeting search criteria, Retrieving both the records and their metadata, Generating portable archives of responsive Electronically Stored Information (ESI) such as documents and spreadsheets, Retaining metadata, even as the underlying ESI are migrated from one vendor to another, Searching various messaging, document repositories, and application databases, Coordinating cloud searches with consumer s searches of other data, and Producing ESI in standard formats, such as native, tiff, jpg, and pdf. The format in which responsive ESI is provided to requesting 65 parties is determined through negotiation of the litigating parties.

66 DATA OWNERSHIP AND PRESERVATION You always own your data, no matter what, no exceptions No one has a right to retain your data beyond what you give permission for Back-up copies? Disaster recovery? No one has a right to sell, transfer, or destroy data, even if you re in breach A cloud provider has no right to use a consumer s data (even in aggregated anonymized form) unless the consumer grants that right Even for a price reduction, think carefully about granting this right it may violate a data privacy law or a data protection law 66

67 DATA LOCATION Best case scenario The cloud provider promises to limit the facilities in which the cloud consumer s data reside to the continental United States, To simplify the compliance with local laws regarding data ownership, privacy, and security, and To decrease security risks Next-best scenario Negotiate exactly where (which countries) the consumer s data will reside Before signing, research the laws of all agreed-upon locations as to ownership, privacy, and security, to make sure consumer and provider can live with these choices Be cautious about EU privacy laws! Bottom line: Complete transparency and accuracy re 67 data location(s)

68 DATA SECURITY Technological Organizational Physical 68

69 DATA SECURITY--PHYSICAL Physical security of the facilities housing the equipment and services: Includes all measures whose purpose is to prevent physical access to a building, resource, or stored information. Applies to third parties engaged by cloud brokers. Inspection of premises The cloud provider should make all cloud service facilities available for inspection by the cloud consumer or the cloud auditor. Cloud service implementations using third parties should allow inspection of thirdparty premises. 69