Cloud Computing Consumer Protocol



Similar documents
Cloud Computing Consumer Protocol. ACS Cloud Discussion Paper July 2013

Cloud Computing Consumer Protocol

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA

AARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper. James Sankar, Alex Reid August 2013

Cloud Computing and Records Management

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

COMMUNICATIONS ALLIANCE LTD

AUSTRALIAN INDUSTRY GROUP SUBMISSION to. Australian Computer Society. Discussion paper on the Cloud Computing Consumer Protocol

Securing The Cloud With Confidence. Opinion Piece

Supplementary Policy on Data Breach Notification Legislation

HARNESSING THE POWER OF THE CLOUD

Quick guide: Using the Cloud to support your business


Draft Australian Privacy Principles (APP) Guidelines first tranche

Orchestrating the New Paradigm Cloud Assurance

Cloud Computing Technology

Contracting for Cloud Computing

Data Protection Act Guidance on the use of cloud computing

Microsoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Cloud Computing An Elephant In The Dark

Cloud Computing. What is Cloud Computing?

FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS

Cloud Computing Services and its Application

Cloud Computing: The Next Computing Paradigm

ACCC/ASIC 'Debt collection guideline for collectors and creditors' publication review

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Higher National Unit specification: general information

DISCLOSURE STATEMENT PREPARED BY

CLOUD COMPUTING An Overview

Teaching the Business Management Study Design

Design of Cloud Services for Cloud Based IT Education

NCTA Cloud Architecture

Security Considerations for Public Mobile Cloud Computing

The Magazine for IT Security. May issue 3. sör alex / photocase.com

How To Understand Cloud Computing

Cloud Computing - Starting Points for Privacy and Transparency

(a) the kind of data and the harm that could result if any of those things should occur;

Disclosure Requirements of CloudCode Software

XIT CLOUD SOLUTIONS LIMITED

Pharma CloudAdoption. and Qualification Trends

Cloud Computing in Higher Education: A Guide to Evaluation and Adoption

Cloud Computing. Technologies and Types

Cloud Computing. Key Considerations for Adoption. Abstract. Ramkumar Dargha

Architectural Implications of Cloud Computing

Cloud computing an insight

15 April Mr Ian Taylor Chair Tax Practitioners Board PO Box 126 Hurstville BC NSW

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

Submissions should be evidence based, provide examples where possible, and address the consultation questions.

CSUSB Cloud Computing Standard CSUSB, Information Security Office

Certified Cloud Computing Professional VS-1067

Cloud Computing in the Enterprise: A Question of Control.. And who has it. INF5210 Ben Eaton 12/11/2013

Security in the Cloud

Digital Forensics. Lab 10: Cloud Computing & the Future of Digital Forensics

Submission in response to the Life Insurance and Advice Working Group Interim Report on Retail Life Insurance

Carrier Cloud Services

Charities Bill 2013 and the Charities (Consequential Amendments and Transitional Provisions) Bill 2013

Clearing the Legal fog:

MISCELLANEOUS CONSULTANTS PROFESSIONAL INDEMNITY PROPOSAL FORM

Cloud computing: the state of the art and challenges. Jānis Kampars Riga Technical University

Tales of Empirically Understanding and Providing Process Support for Migrating to Clouds

Our Commitment to Information Security

CPA Australia Professional Indemnity Policy For members providing pro-bono or voluntary accounting services in the community

The cloud - ULTIMATE GAME CHANGER ===========================================

Cloud Computing: Making the right choices

National Cloud Computing Strategy

Cloud Computing in the Victorian Public Sector

NSW Government. Cloud Services Policy and Guidelines

How To Understand Cloud Computing

So#ware to Data model

Security Awareness and Training

Cloud Workload Migration

UniversalSoft Limited

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Optimizing Service Levels in Public Cloud Deployments

IJRSET 2015 SPL Volume 2, Issue 11 Pages: 29-33

Cloud Computing INTRODUCTION

Cloud Workload Migration

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Storm Clouds Ahead? A risk analysis of Cloud Computing

Cloud Courses Description

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Cloud Computing in Higher Education: Impact and Challenges

ISSN: (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies

Re: Guidelines for Hosting State Government Data Outside NSW Borders

Recommendations for companies planning to use Cloud computing services

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

Cloud Computing - Overview of Information Assurance Concerns and Opportunities

Abstract 1. INTRODUCTION

Securing Your Data In The Cloud: an insiders perspective

Teaching cloud computing: a software engineering perspective

Transcription:

78 Sidaway St Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 Roger.Clarke@xamax.com.au.. http://www.xamax.com.au/ 12 August 2013 Mr A. Redman Head of Policy and External Affairs Australian Computer Society Inc. Dear Adam Re: Cloud Computing Consumer Protocol Thank you for your time on 30 July. As presaged, I attach my company's submission on the above matter. Much of it is intended to clarify the Protocol's purpose and audience, and ensure effective communication to that audience. However, I draw particular attention to several of the specific Submissions. Unless they are addressed, the Protocol will be of no benefit to anyone. The three critical Submissions are: (13) The section on disbenefits and risks needs to: identify and calmly and soberly explain all of the many factors that give rise to a lack of trust and confidence identify and analyse existing safeguards identify additional safeguards that are needed in order to solve the remaining problems, and phrase the additional safeguards in ways that generate momentum among serviceproviders, industry associations, policy agencies and regulators towards the delivery of solutions (15) The Protocol needs to contain substantive Undertakings by service-providers, well beyond disclosures, in respect of the 13 factors listed on pp. 11-14 of the Discussion Paper (16) The Undertakings need to be comprehensive, such that all factors that represent significant disbenefits, risks, and trust and confidence barriers are the subject of substantive Undertakings by service-providers If any clarifications are needed, I would of course be pleased to provide them. Thank you for your consideration. Yours sincerely Roger Clarke FACS Director Xamax Consultancy Pty Ltd

Submission to the Australian Computer Society Cloud Computing Consumer Protocol Xamax Consultancy Pty Ltd 78 Sidaway St Chapman ACT 2611 AUSTRALIA http://www.xamax.com.au Roger.Clarke@xamax.com.au 12 August 2013 Xamax Consultancy Pty Ltd, 2013

Submission re Cloud Computing Consumer Protocol Executive Summary It is not appropriate for the Protocol to be prepared in the form envisaged in the Discussion Paper. It is not appropriate for the Protocol to adopt or reflect the NZ CloudCode v.2.0. It is submitted that the following matters need to be addressed: (1) The scope of the Protocol needs to be clarified, in particular in relation to the market segment(s) whose interests are being addressed (2) The content and expression need to be aligned with the scope and purpose (3) The title of the document needs to communicate its purpose (4) The content needs to reflect the needs of the relevant market segment(s) (5) The expression needs to avoid marketing style, and speak to the target audience (6) The definition of cloud computing needs to be accessible, but also of sufficient depth, and consistent with industry norms (7) The information provided about the various categories of service model needs to be accessible, but also consistent with industry norms (8) The Protocol needs to make clear whether it is applicable to all of the various categories of service-model, or to what extent it applies to each of them (9) The potential benefits of cloud computing need to be presented in a balanced manner, avoid marketing-speak, and include complementary discussion of the conditions that must exist for each benefit to actually be achieved (10) The list of potential benefits needs to be reviewed to ensure comprehensiveness (11) The notion of 'barriers' needs to be replaced with notions such as 'disbenefits' and 'risks' (12) The list of disbenefits and risks needs to be reviewed to ensure comprehensiveness (13) The section on disbenefits and risks needs to identify and calmly and soberly explain all of the many factors that give rise to a lack of trust and confidence, identify and analyse existing safeguards, identify additional safeguards that are needed in order to solve the remaining problems, and phrase the additional safeguards in ways that generate momentum among service-providers, industry associations, policy agencies and regulators towards the delivery of solutions (14) The Protocol needs to contain an outline of a process for the assessment by users of their requirements, an outline of a process for the evaluation by users of cloudsourcing proposals, checklists of factors to be considered, circumstances in which each factor is of particular importance, and an indication of categories of application for which cloudsourcing may be appropriate, even where disbenefits and risks are not satisfactorily addressed by safeguards (15) The Protocol needs to contain substantive Undertakings by service-providers, well beyond disclosures, in respect of the 13 factors listed on pp. 11-14 of the Discussion Paper (16) The Undertakings need to be comprehensive, such that all factors that represent significant disbenefits, risks, and trust and confidence barriers are the subject of substantive Undertakings by service-providers (17) The Protocol needs to include an undertaking by service-providers to operate a complaintshandling scheme that is consistent with relevant Standards, including AS ISO 10002-2006, and good industry practices, provide for an independent complaints-handler that operates a scheme that is also consistent with such Standards and practices, and provide that complaints must first be submitted to the relevant service-provider (18) Adoption of the NZ Cloud Code would not satisfy the aims of the present initiative Xamax Consultancy Pty Ltd, 2013 12 August 2013

Submission 1. Introduction Cloudsourcing is claimed by its proponents to offer considerable advantages over both insourcing and more conventional forms of outsourcing. Its use is growing, but there is considerable evidence of reticence, in government, among small and medium business enterprises, and among consumers. The Australian Government has a National Cloud Computing Strategy, which includes the development of a voluntary 'cloud computing consumer protocol', intended to be operational by January 2014. The Protocol is intended to document undertakings by service-providers, in order to overcome the lack of trust and confidence that is holding back adoption of cloud computing. The Australian Computer Society (ACS) has carriage of the matter, and issued a Discussion Paper in July 2013, for response by 5 August 2013. This document is a response to that Discussion Paper. It draws heavily on the author's prior consultancy and research work, which are reflected in a series of published papers listed in the Appendix to this document. 2. Design Criteria for a Protocol In order to achieve its purpose, such a Protocol needs to satisfy a number of criteria. A Protocol of this nature needs to: be oriented to the needs of the relevant market segments be informative for, and accessible by, the relevant individuals in those market segments be realistic and balanced in its content and presentation provide guidance on the evaluation process that adopters need to undertake reflect the insights of the risk assessment and risk management disciplines clearly identify problems, and generate momentum towards solutions to them 3. The Framing of the Project This section considers generic aspects of the project to prepare a Protocol. 3.1 Scope There is a lack of clarity about the market segment(s) whose interests are to be addressed: the Protocol's working title includes the word 'consumer' the introductory text on p. 3 refers to "users... particularly small businesses, not-for-profits (NFPs) and consumers", which appears from a passage on p. 5 to have been adopted from the government's National Cloud Computing Strategy the purpose statement on p. 3 refers to "users" the section 5 heading refers to "SMEs", and the discussion of benefits on pp. 8-9 is couched in terms of relevance to small businesses ('lower time to market', 'global competition', 'competitive edge', 'barriers to capital'), and to a small extent NFPs ('productivity'), but in most cases not to consumers Xamax Consultancy Pty Ltd, 2013 1 Version of 12 August 2013

(1) The scope of the Protocol needs to be clarified, in particular in relation to the market segment(s) whose interests are being addressed (2) The content and expression need to be aligned with the scope and purpose The Protocol is intended to embody undertakings by cloud computing service-providers, for the benefit of organisations and/or individuals in some market segment or segments. It is confusing for the Protocol to carry the name of a market segment (currently 'Consumer'). It would be much clearer if the Protocol were called something like a 'Cloud Computing Service-Provider Protocol', perhaps with a short, alternative name such as the 'CloudCode' term adopted in NZ. The market segment whose interests the Protocol addresses would then be spelt out in the opening lines of the document. (3) The title of the document needs to communicate its purpose 3.2 Balance The Discussion Paper reads as though the Protocol is to be written for service-providers. The text is imbued with marketing-driven statements that 'pump' or 'boost' cloud computing. (4) The content needs to reflect the needs of the relevant market segment(s) (5) The expression needs to avoid marketing style, and speak to the target audience 4. The Information Provided Within the Protocol This section considers the information that the Discussion Paper envisages the Protocol will contain. 4.1 Definitions The definition of cloud computing on p. 7, although suitably comprehensible, does not convey the difference between cloudsourcing and conventional forms of outsourcing. An approach along the lines of the following extracts from Clarke (2013) is suggested instead: In conventional outsourcing, a service-provider hosts equipment that supports a relevant stack of software, and stores and maintains data. In cloud computing, the service-provider changes the focus of the offer from the equipment to the processes. Those processes may be run in any of a wide range of devices, and the location of those devices is determined by the needs of the service-provider, not those of the customer. The service-provider scales the number of processes and storage capacity to meet the customer's varying needs over hourly, daily, monthly and/or annual cycles, to reflect growth and decay factors, and in the face of demand uncertainty. The service-provider may offer a tariff based on usage, because instead of unused capacity being locked up in hosts that have been pre-allocated to a customer, the service-provider can make more efficient use of the available computing resources. Xamax Consultancy Pty Ltd, 2013 2 Version of 12 August 2013

The definition in the NZ CloudCode v.2.0 of July 2013 is technically clear and appropriate, but may not communicate as effectively with the intended readers as an approach such as that suggested above. (6) The definition of cloud computing needs to be accessible, but also of sufficient depth, and consistent with industry norms The definitions of PaaS and SaaS on p. 7 are not consistent with my understanding of industry norms. My understanding is as follows (Clarke 2013): Infrastructure as a Service (IaaS) refers to the provision of a bare (but virtualised) machine, without software or with little more than a specific operating system and version. Amazon's EC2 and Rackspace were early movers in a marketspace that is becoming densely populated Platform as a Service (PaaS) offers a configured platform on which organisations can develop and/or install their applications. Sub-categories include: proprietary platforms, such as Microsoft Windows Azure standards-based services that provide specific application development and/or execution environments, such as Ruby or PHP extensibility and customisation features in SaaS offerings such as Salesforce Software as a Service (SaaS) makes specific application software available. SaaS is targeted at organisations of all sizes as an alternative to applications running on the organisation's own hosts, or on their employees' workstations. Examples include Salesforce, Google Gmail, Zoho, Google Apps, MS Office 365, Dropbox and MYOB LiveAccounts. SaaS is also offered directly to consumers, e.g. Zoho, Gmail, Google Docs, Dropbox. (7) The information provided about the various categories of service model needs to be accessible, but also consistent with industry norms (8) The Protocol needs to make clear whether it is applicable to all of the various categories of service-model, or to what extent it applies to each of them 4.2 Benefits The section on Benefits on pp. 8-9 is written with a rose-coloured hue. (9) The potential benefits of cloud computing need to: be presented in a balanced manner avoid marketing-speak, and include complementary discussion of the conditions that must exist for each benefit to actually be achieved The section on Benefits on pp. 8-9 omits some benefits that are identified in Clarke (2012) at http://www.rogerclarke.com/ec/ccef.html#exh1. (10) The list of potential benefits needs to be reviewed to ensure comprehensiveness 4.3 Barriers The section on Barriers on pp. 9-11 is wrongly pitched. Service-providers are interested in barriers to adoption. But these are not terms of relevance to small organisations and consumers, who are instead concerned about Disbenefits (or 'Financial and Other Costs') and Risks. Xamax Consultancy Pty Ltd, 2013 3 Version of 12 August 2013

(11) The notion of 'barriers' needs to be replaced with notions such as 'disbenefits' and 'risks' The section on Barriers on pp. 9-11 omits a great many important Disbenefits and Risks. See the comprehensive list published in Clarke (2010, 2012), and specifically at http://www.rogerclarke.com/ec/ccef.html#exh2. (12) The list of disbenefits and risks needs to be reviewed to ensure comprehensiveness The section on Barriers on pp. 9-11 reads as an excusatory piece, and is focussed on allaying fears, rather than on providing useful information for small organisations and consumers. (13) The section on disbenefits and risks needs to: identify and calmly and soberly explain all of the many factors that give rise to a lack of trust and confidence identify and analyse existing safeguards identify additional safeguards that are needed in order to solve the remaining problems, and phrase the additional safeguards in ways that generate momentum among service-providers, industry associations, policy agencies and regulators towards the delivery of solutions 4.4 Guidance The text as it stands could be seen to be irresponsibly goading small organisations and consumers into adopting cloudsourcing, whether or not it is appropriate for them to do so. The Directors of incorporated organisations have a legal obligation to their shareholders or members to make reasoned decisions, and hence to identify and evaluate options. Clarke (2012) provides a framework for evaluation, and Clarke (2013) specifically examines data risks. Even consumers owe it to themselves, but sometimes also to their families and householders, to take at least a modicum of care with such things as their address books, financial and taxation information, family history and scans of family photographs. Clarke (2011) provides a framework for the assessment of consumer needs and the evaluation of particular services. As presently contemplated, the document fails to communicate this need, and fails to provide guidance. (14) The Protocol needs to contain: an outline of a process for the assessment by users of their requirements an outline of a process for the evaluation by users of cloudsourcing proposals checklists of factors to be considered circumstances in which each factor is of particular importance, and an indication of categories of application for which cloudsourcing may be appropriate, even where disbenefits and risks are not satisfactorily addressed by safeguards Xamax Consultancy Pty Ltd, 2013 4 Version of 12 August 2013

5. The Undertakings For an instrument of this nature to have much impact, it has to be not merely a glossy document released with a fanfare. It must provide, and be seen to provide, concrete assurances to the relevant market segments, which address the impediments to adoption, and thereby generate confidence. The undertakings that the Discussion Paper contemplates service-providers giving to small organisations and consumers are expressed within a section headed 'Disclosures' rather than 'Undertakings' (pp. 11-14). And 10 of the 13 heads are indeed limited to disclosure. Disclosure is of value. On the other hand, some of the disclosures are required by law, and many are little more than statements that 'there's a problem here'. This will not achieve confidence or trust. For only 3 of the 13 heads are substantive undertakings contemplated. These are: 3. Security: "a good set of standards and practice" and "security standards and platforms... accredited to or [complied] with" 7. SLA and Support: "standard support mechanisms and SLAs" 9. Data Portability: "data portability is a prerequisite for users..." However, the wording is hedged in ways that reduce them from an undertaking to a mere aspiration: 3. Security is undermined by the use of the qualifier 'could' 7. SLA and Support is undermined by the use of the qualifier 'could' 9. Data Portability contains no actual commitment (15) The Protocol needs to contain substantive Undertakings by service-providers, well beyond disclosures, in respect of the 13 factors listed on pp. 11-14 of the Discussion Paper Further, there are many disbenefits and risks that are omitted from the list on pp. 11-14. A cursory scan of Clarke (2012) identifies the following further heads: Reliability (Availability, Accessibility, Robustness, Resilience, Recoverability) Accessibility Data Survival Forward-, Backward- and Lateral Compatibility Warranties and Indemnities in relation to the Service Legal Jurisdiction Changes to the Service Auditability Management of Incidents and Complaints A cursory scan of ACCAN (2012) identifies the following further heads: Accessibility for All Consumers Privacy (e.g. the current list omits at least Collection, and Subject Access and Correction) Redress Simplicity of Presentation of the Service Consumer Protection Standards Xamax Consultancy Pty Ltd, 2013 5 Version of 12 August 2013

(16) The Undertakings need to be comprehensive, such that all factors that represent significant disbenefits, risks, and trust and confidence barriers are the subject of substantive Undertakings by service-providers 6. The Code Complaints Process The Discussion Paper on pp. 15-16 discusses a Complaints process. It is unclear whether these complaints are to be made to the service-provider or to some other party, and if some other party, then: how that other party is to be constituted whether it is required that the complaint first be submitted to the service-provider (17) The Protocol needs to: include an undertaking by service-providers to operate a complaints-handling scheme that is consistent with relevant Standards, including AS ISO 10002-2006, and good industry practices provide for an independent complaints-handler that operates a scheme that is also consistent with such Standards and practices, and provide that complaints must first be submitted to the relevant serviceprovider 7. The NZ CloudCode Based on a brief review of the NZ CloudCode v.2.0 of July 2013, it is clear that the document suffers many of the same deficiencies as an Australian Protocol would if it followed the line of thinking in the Discussion Paper. In particular: the undertakings are about disclosure and nothing more (p. 1, p. 2 at 1.2, p. 3 at 3.1). For example: 5.4 Security does not require adoption of any standard, or certification, or audit 5.9 SLA and Support does not specify a standard, but merely requires disclosure of whatever the service-provider's normal offering is which is a requirement of contract law in any case 5.13 Customer Engagement does not require auditability or the existence of a Privacy Policy Statement, but merely a statement about whether or not they are provided 5.15 Data Breaches does not require notification of data breaches 5.16 Law Enforcement is not merely empty, but also objectionable, because it contemplates compliance with mere 'requests', whether or not accompanied by a legal authority such as a court order or search warrant the Complaints Mechanism is only about false statements, not about breaches of substance, and the Complaints-Handler may suppress reports on breaches the last of the Core Principles undermines the vital function of the Code to generate momentum towards solutions to problems. This is because it places a high value on limiting compliance costs (p. 2); whereas safeguards to overcome significant user disbenefits and risks, and enhance confidence and trust, will inevitably cost money Xamax Consultancy Pty Ltd, 2013 6 Version of 12 August 2013

The NZ CloudCode would have only a very marginal positive impact on confidence and trust, because the obligations entered into by signatories are very limited, and many of them are already legal requirements in any case. (18) Adoption of the NZ Cloud Code would not satisfy the aims of the present initiative 8. The Role of the A.C.S. The issues identified above are serious in their own right. A further consideration is whether it is appropriate for the ACS to adopt positions of the kinds contemplated in the Discussion Paper. It would have been unsurprising if a document of this kind had emanated from an industry association such as AIIA or IIA. ACS, on the other hand, is a professional association not an industry association, and the ACS Code begins with: 1. The Primacy of the Public Interest You will place the interests of the public above those of personal, business or sectional interests. Several of the changes proposed in the above submissions are accordingly of the nature of imperatives rather than optional measures, necessary in order to adjust the ACS's role in this matter to one consistent with its mission. Conclusions It is not appropriate for the Protocol to be prepared in the form envisaged in the Discussion Paper. It is not appropriate for the Protocol to adopt or reflect the NZ CloudCode v.2.0. It is very important that the matters identified in the numbered submissions above be addressed. Xamax Consultancy Pty Ltd, 2013 7 Version of 12 August 2013

Appendix: Resources The analysis in this paper is based on consultancy and research undertaken by the author over the last 5 years, and documented in a series of papers, which are indexed at: http://www.rogerclarke.com/ec/#cc The most relevant of the papers to the question of a Consumer Protocol are these: Clarke R. (2010) 'User Requirements for Cloud Computing Architecture' Proc. 2nd International Symposium on Cloud Computing, Melbourne, May 2010, Published in Parashar M. & Buyya R. (2010) Proc. 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing, Melbourne, Australia, 17-20 May 2010, pp. 625-630, at http://www.rogerclarke.com/ii/ccsa.html Clarke R. (2011) 'The Cloudy Future of Consumer Computing' Proc. 24th Bled econference, June 2011, at http://www.rogerclarke.com/ec/ccc.html Clarke R. (2012) 'A Framework for the Evaluation of CloudSourcing Proposals' Proc. 25th Bled econference, June 2012, at http://www.rogerclarke.com/ec/ccef.html Clarke R. (2013) 'Data Risks in the Cloud Forthcoming, Journal of Theoretical and Applied Electronic Commerce Research 8, 4 (Dec 2013), at http://www.rogerclarke.com/ii/drc.html See also: ACCAN (2012) 'What consumers need from cloud computing' Position Statement, Australian Communications Consumers Action Network, 11 December 2012, at https://accan.org.au/index.php/broadband/broadband-policy-positions/514-position-statement-whatconsumers-need-from-cloud-computing Xamax Consultancy Pty Ltd, 2013 8 Version of 12 August 2013

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information