Date post: | 07-Apr-2018 |
Category: |
Documents |
Upload: | nguyen-tuan-anh |
View: | 213 times |
Download: | 0 times |
of 28
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
1/28
World Economic Forum
In partnership with Accenture2011
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
2/28
About this Report
This World Economic Forum report was developed
by the Forums IT Industry Partnership in
collaboration with Accenture, with input from a
group of experts and a dedicated Steering Board.
World Economic Forum
The World Economic Forum is an independentinternational organization committed to improvingthe state of the world by engaging business, political,academic and other leaders of society to shape global,regional and industry agendas.
Incorporated as a not-for-prot foundation in 1971, andheadquartered in Geneva, Switzerland, the Forum is tiedto no political, partisan or national interests.
(www.weforum.org)
Accenture
Accenture is a global management consulting,technology services and outsourcing company, withmore than 215,000 people serving clients in more than120 countries. Combining unparalleled experience,comprehensive capabilities across all industries andbusiness functions, and extensive research on the worldsmost successful companies, Accenture collaborateswith clients to help them become high-performancebusinesses and governments. (www.accenture.com)
About the Forums Information TechnologyIndustry Partnership
The Information Technology Industry Partnership (IP)programme of the World Economic Forum provides chiefexecutives and senior executives of the worlds leading ITcompanies with the opportunity to engage with peers todene and address critical industry issues throughout theyear. Identifying, developing and acting on these industryissues is fundamental to the Forums commitment todeliver sustainable social development founded on
economic progress.
World Economic Forum91-93 route de la CapiteCH-1223 Cologny/GenevaSwitzerlandTel.: 41 (0)22 869 1212Fax: 41 (0)22 786 2744E-mail: [email protected]
Phase I of the World Economic Forums Exploringthe Future of Cloud Computing project culminated ina report on the benets of cloud computing entitledExploring the Future of Cloud Computing: Riding
the Next Wave of Technology-driven Transformation,published in the spring of 2010.
The objective of Phase II was to develop
recommendations for actions that governments andindustry can take to accelerate the deployment andadoption of public cloud technologies, which resultedin this publication.
The Future of Cloud Computing Steering
Board
Guidance was provided by an actively involved steeringboard of experts, which included representatives from:
Akamai Technologies (Paul Sagan, Chief ExecutiveOfcer)
BT Group
CA Technologies (Ajei Gopal, Executive Vice-President)
Google (Nelson Mattos, Vice-President, Engineering,EMEA)
Microsoft Corporation (Craig Mundie, Chief Researchand Strategy Ofcer)
Salesforce.com (Marc R. Benioff, Chairman and Chief
Executive Ofcer; and JP Rangaswami, Chief Scientist)
Project Team Contributors
From the World Economic Forum:
Joanna Gordon
Associate Director, Information Technology Industry
Chiemi Hayashi
Associate Director, Deputy Head of Risks in Depth,Risk Initiatives
Stephan Mergenthaler
Project Manager, Strategic Risk Foresight
From Accenture:
Dan Elron
Managing Partner, Strategy and Corporate Development
Amelia P. Schaffner
Manager, Strategy and Corporate Development
Bojana Bellamy
Director of Data Privacy
Many individuals contributed ideas to this report throughsurveys, workshops and interviews. The project teamthanks all participants for so generously sharing theirtime, energy and insights. Without their dedication,guidance and support we would not have been able todevelop this report.
2011 World Economic Forum2011 AccentureAll rights reserved. No part of this publication maybe reproduced or transmitted in any form or by anymeans, including photocopying and recording, or by anyinformation storage and retrieval system.
About the Project
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
3/28
Contents
Executive Summary 1
The Clouds about the Cloud 5
A. Data Governance
B. Security
C. Business Environment
What to Do Now? Eight Action Areas 13
1. Explore and Facilitate the Realization of the Benets of Cloud
2. Advance Understanding and Management of Cloud-related Risks
3. Promote Service Transparency
4. Clarify and Enhance Accountability across All Relevant Parties
5. Ensure Data Portability
6. Facilitate Interoperability
7. Accelerate Adaptation and Harmonization of Regulatory Frameworks Related to Cloud
8. Provide Sufcient Network Connectivity to Cloud Services
Project Outcomes: What Is Next? 19
About the Research 21
References 24
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
4/28
$55 billion (1)forecasted worldwide revenue from
public IT cloud services by 2014
33%(2)of global companies have deployed or
are piloting the more mature layer of
clouds, SaaS. 23% of high performing
IT companies have already deployed
SaaS
25%(3)of global companies will be deploying
cloud computing for critical
applications within 2 years
44% (3)of executives from global companies
who believe cloud computing can
provide their company with a lasting
competitive advantage
2.1%(4)the average improvement in
efciency of an average employee
because of cloud
2.3 million jobs(4)
the net new jobs created by cloud
on a cumulative basis over the
period 2010 to 2015 across the top
ve EU economies
30%(1)the rate at which cloud
computing will grow in 2011, or
more than 5 times the rate of IT
industry as a whole
Source: 1IDC [Worldwide and Regional Public IT Cloud Services 2010 2014 Forecast, June 2010].2Accenture [Mind the Gap Insights from the 3rd global High Performance IT research study, Nov, 2010]. 3Accenture [Cloudrise:
Rewards and Risk at the Dawn of Cloud Computing Nov, 2010], 4Center for Economics and Business Research
[The cloud dividend, Dec, 2010]
Figure 1. Cloud by the numbers
1
Executive summary
The potential benets of cloudcomputing include promotingeconomic growth, creating
employment and enablinginnovation and collaboration.These were described inthe projects rst report,Exploring the Future of Cloud
Computing: Riding the Next
Wave of Technology-driven
Transformation, published inthe spring of 2010. While recognizing the many benetsof cloud, however, stakeholders also expressed seriousconcerns about its widespread adoption.
In the second phase of the project, the Forum and itsPartners investigated and prioritized these concerns in
further detail. This report presents eight action areas forproviders of cloud computing services and governmentagencies. It is intended to set the agenda for furtherengagement among all stakeholders, ensuring the healthyfuture development of the cloud computing industry.
Clouds about the Cloud
Many of the concerns about thepublic cloud, which are outlined
on page 5 of this report, havelong been discussed in relation tothe Internet without satisfactoryresolution. As cloud computingtechnologies signicantlyexacerbate these issues, theindustry and government mustaddress them at a relatively earlystage in the evolution of cloud services.
Project participants already feel that the currentregulatory environment has slowed the progress ofcloud technologies (in 2010). Further divergence andfragmentation in how the public cloud evolves couldfurther delay potential benets.
These issues include difculties faced by customers inunderstanding who can access the data that they put inthe cloud, how it is protected and how they can be sureit has been deleted when they want it to be. They alsoinclude a growing desire by many national governments todirect the evolution of the digital realm within their physicalborders, with major implications for where cloud providerscan locate the servers that process data.
Cloud is rapidly
changing the world.
It is enabling new
business models andcreating tension in the
system.
Industry Participant,Washington DC Workshop,November 2010
All the infrastructure
in the cloud is no
longer under your
control: with cloud,there is a shift in
responsibility.
Government Participant,Brussels Workshop,May 2010
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
5/28
Action areas
1. Explore cloud benets
2. Understand & manage cloud risks
3. Promote service transparency
4. Clarify & enhance accountability
5. Ensure data portability
6. Faciliate interoperability
7. Adapt & harmonize regulation
8. Provide sufcient connectivity
Accelerate innovation
Better serve customers
Lower organizational expenses
Improve IT efciency & exibility
Bring socio-economic improvements
Level the playing eld
Data governance issuesData location and jurisdiction; Privacy & condentiality;Data ownership
Security issuesInteroperability & portability; Reliability; Service level commitment;Ecosystem maturity
Business Environment issuesAuthorized access; Integrity & availability; Data loss;Data destruction
Benets
Issue areas
Figure 2. Generating the action areas
2
Key Opportunities
for Multistakeholder
Collaboration
In response to these concerns,the Forum and its Partnershave prioritized a set of eightaction areas to be addressed byindustry and governments, eitherseparately or collaboratively.Through extensive consultationsin Europe, the United Statesand Asia, the project has soughtways to reconcile the naturalconict between letting aninnovative set of technologiesmature and the need to protect
users and citizens.
Presented on page 13, the actionareas cover topics such as:
Improving transparency on howservices are provided, who hasaccountability for what, how datais protected and which legislativeregimes apply; addressing thesetopics is seen as a critical steptowards the broader need,identied by stakeholders, tobuild trust in the cloud
The global community
has come together
before to address
key issues and policyconsiderations in
other industries
such as banking,
transportation, and
telecommunications.
We must now do
the same for cloud
computing. The
journey to cloud
computing will not
happen overnight, but
in the months andyears ahead we have
the opportunity, as a
global community, to
shape the future of
cloud computing and
take the rst steps
together towards
a new, more inter-
connected world.
Vivek Kundra, rst ChiefInformation Ofcer (CIO)of the United States of
America, March 2011
Conducting further research to clarify and spreadawareness of the benets of cloud, and ensure a balancedunderstanding of the nature of the risks and our current
abilities to manage them; this is seen as helpful forenabling informed decision-making by both potential usersand regulators
Facilitating system interoperability, enabling users tocustomize their own cloud solutions across multipleproviders, and data portability to ease user fears of vendorlock-in and government fears about lack of competition
Guaranteeing sufcient network connectivity so thatusers who entrust their data to the cloud can be condentof being able to access it on demand
While complex and sometimes contentious, the eightaction areas set out in this report received strong and
essentially unanimous support from the companiesparticipating in the private session about cloud computingat the World Economic Forum Annual Meeting 2011including many of the largest cloud providers andfrom several ofcial representatives of governments andsupranational organizations.
With the support of leading providers and governments,we encourage individual companies, governments andexisting collaborative initiatives to move quickly to furtherdene and implement the necessary actions that willaccelerate the ability of cloud technologies to generatethe economic and social benets they promise. In todaysturbulent world, these benets are more critical than ever.
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
6/28
3
The ability to tap into computer applications and other software via the cloud freesorganizations, ranging from companies to government institutions and universities, fromhaving to build and manage their own technology infrastructure. The double-digit growthenjoyed by some cloud providers during the recent economic downturn demonstratesthat many organizations nd this attractive.
According to research conducted by the World Economic Forum and Accenture in2009 and 2010, the benets of cloud computing technologies go beyond reducing ITcosts most participants see facilitating innovation as an even more compelling benet.In the long term, cloud is seen as a way to gain competitive advantage, not only fororganizations but also for whole industries and economies.
While empirical evidence is still at an early stage, studies have associated cloudcomputing with many types of benets, including:
Dramatically accelerating the way companies create new products and services,through enabling innovative new business models, faster research, wider information sharing and more effectivecollaboration between product development professionals around the world
Helping organizations serve their customers better through mining and analysing data to spot emerging trends, suchas changing customer needs and competitors market moves
Lowering organizational expenditures on data centres, servers, software licenses and maintenance fees andreplacing capital expenses with lower pay-for-use operating expenses
Enabling innovation and job creation at a macro level, with the playing eld between large and small companiesbeing levelled as companies of all sizes gain access to information technology that previously was affordable for onlythe largest companies
Helping emerging economies leapfrog to higher levels of technological development by providing more immediateand affordable access to next-generation applications, tools and infrastructure
Empowering governments and citizens to more effectively address such socio-economic issues as deliveringhealthcare and education, improving access to nancial services (insurance, bank accounts, micro-payments) inemerging economies and disaster management provision
Reducing the environmental impact of computing as economies of scale lead to less consumption of energy
Afrming the benets described in the projects rst report, most participants in the private session about cloudcomputing during the World Economic Forum Annual Meeting 2011 agreed that cloud computing is likely to have anoticeable impact on GNP growth during the coming ve years. Many believe that the impact of cloud computing willequal or exceed the impact of mobile technologies.
People are used to
scarce resources,
and the idea of
virtualization of
resources is forcing
a change from a
paradigm of scarcity
to one of abundance.
Its like nding a
substitute for oil.
Industry Participant,Brussels Workshop,
May 2010
Cloud: The Upside
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
7/28
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
8/28
1. Data Location constraints
3. Clarity about data ownership
2. Regulatory protection of privacy and condentiality
5. Ensuring integrity and availability (& addressing data loss)
4. Ensuring only authorized access (identity mgmt.)
6. Ensuring data is destroyed as needed
B. Security
7. Ensuring Interoperability
11. Relative immaturity of the cloud ecosystem
8. Ensuring Portability (& avoiding vendor lock-in)
9. Insufcient reliability of cloud
10. Insufcient commitments to service levels
C. BusinessEnvironment
A. DataGovernance
Figure 3. Key categories of issues identied
5
The Clouds about the Cloud
A. Data Governance
Who owns data, who has
the right to access it andunder what circumstances?
What rules apply to the
use and sharing of data?
Such questions tend to
be more complicated
when data is stored in a
shared infrastructure managed by a third party.
Stakeholders expressed differing views about the
appropriateness and feasibility of regulation alone
as opposed to industry self-regulation to specify
frameworks that govern data and its use in the
cloud. The issues raised under the heading of data
governance were:
Data location constraints
It is not always clear underwhich legal jurisdiction data inthe cloud falls especially if,as many cloud architecturesrequire, the data is splitup and stored in multiplelocations. In some cases, itis impossible to determinewhere a particular piece of
data is physically at a particular moment. Even if thiswere possible, data often falls under more than one legaljurisdiction, and it is unclear how inconsistencies amongthose jurisdictions would be resolved.
Given the legal
complexity created by
cloud environments,
industry players are
forced to infringe laws
all the time.
Industry Participant,London Workshop,December 2010
Stakeholders Issues and Priorities
With the pace of development of the cloud computingindustry increasingly raising questions about regulation,
a group of high-level IT industry participants at the WorldEconomic Forum Annual Meeting 2009 mandated therst phase of the Future of Cloud Computing project.Senior decision-makers in the public and private sectorsexplored the benets that could be derived from theuse of cloud computing for society, the economy andindividual businesses. They also identied barriers to theachievement of such benets and mandated that theForum pursue the identication of a series of collaborativeactions that could steer the healthy development of cloudcomputing.1
In response to the output of the projects rst phase,industry leaders at the Annual Meeting 2010 mandatedthe second phase of the project, to identify action areasin further detail. The scope of the project remains focusedon the use of public clouds primarily for businesses andgovernments, although many of the issues identied applyto the consumer domain as well.
Through a series of initial workshops, surveys, one-to-one and group interviews and using a structured issuetool, multiple issues of concern to key stakeholders fromindustry, government and academia were identied. Theywere grouped into three issue areas data governance,security and business environment and analysed indetail. Figure 3 illustrates the issues associated with eachof these three areas.
1. http://www3.weforum.org/docs/WEF_ITTC_FutureCloudComputing_Report_2010.pdf
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
9/28
6
No matter how much
we invest, data is
going to escape
internationally; thatis just a fact of the
Internet.
Industry Participant,Washington DC Workshop,November 2010
Users are concerned aboutthe potential for foreigngovernments to demand
access to their data.Governments worry aboutlosing the legal ability tooversee data in the cloud andapply their laws to the cloud.These concerns can resultin data location constraintsbeing imposed for example,
requiring cloud providers to locate data within nationalborders, or subjecting transfers of data outside a givenjurisdiction to additional legal hurdles and authorizations.Some stakeholders, however, see these concerns as thinlyveiled excuses for protectionism.
For their part, some cloud providers indicate that, ifcountries insist on data being stored within nationalboundaries, they will be unwilling to build new datacentres in smaller markets. They point out that thefreedom to move data across borders helps to achievethe economies of scale that are a key benet of cloudcomputing, as there is a signicant cost involved in usingarchitectures that keep a customers data in a particularcountry or geographical block, potentially giving thelargest providers an unfair advantage.
Data Privacy and Condentiality
Many users say that concerns about data privacy andcondentiality restrict their willingness to use cloudservices for sensitive data. In the cloud, data is stored onremote machines that are shared with other users. Thismakes many users concerned about the potential forbusiness competitors or government authorities to accesstheir data in the cloud without their awareness or consent.
Governments would like to mandate and apply nationallegal requirements for data stored in the cloud, and manyalready have. Given the cross-border nature of the cloud,though, national measures to protect data privacy andcondentiality have only limited capacity to reassure users.
There is a desire for greater global consistency indata privacy requirements applying to the cloud but
government stakeholders note that fundamental differencesin their approaches make comprehensive internationalagreements less likely. For example, the United States hasa stricter regulatory regime for specic sectors, such ashealthcare, where privacy and condentiality issues areespecially sensitive, while the European Union has blanketdata privacy laws covering all data.
Some stakeholders feel that, given these regulatorychallenges, users concerned about data privacy andcondentiality will ultimately have to rely on market
mechanisms to assess the trustworthiness of providersin the cloud. Nonetheless, there is no guarantee thatadequate market mechanisms will emerge in a timelyfashion.
Clarity about Data Ownership
When a user moves data to the cloud, it is not alwaysclear what rights the cloud service provider gains toaccess, modify or distribute that data. Some users areconcerned that certain types of legal protection associatedwith data they entrust to the cloud will be compromised ifdata is moved through the cloud to other jurisdictions forexample, they may be exposed to insufcient or conictingregimes with regard to their intellectual property.
Ownership of meta-data is often raised as a concern.Meta-data is created from connections between separateindividual items of data, or from the context of when andhow those individual items of data were provided. Meta-data can be extremely sensitive and valuable, even whenthe individual items of data are not. Who should have whatrights to use meta-data and capture the value that arises?
There is a lack of agreement on these issues, andregulation is not always conclusive. EU data privacy laws,for example, distinguish between data controllers and dataprocessors but, in the cloud, it is not always obviouswhat the respective roles and responsibilities are. There
are scenarios in which users and providers could ndthemselves in a legal limbo, where the law provides noclear answer as to who is responsible for the data if, forexample, security is breached or a provider fails.
While regulators say they would like to improve bothregulations and user awareness of the issues surroundingdata ownership, industry stakeholders express concernthat over-regulation of data ownership at this point in theclouds evolution could prevent them from meeting userneeds and improving services.
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
10/28
7
By Jonathan L. Zittrain, Professor of Law and Professor of Computer Science at Harvard University and
Member of the Project Working Group
In 2010, cloud provider Amazon.com elected to shut down its hosted version of the WikiLeaks website. Amazon,like many such vendors, offers hosting to all comers but under terms of service that give it broad latitude in decidingultimately whom to serve. Given the public controversy over WikiLeaks, Amazons action crystallized somethingalready known about cloud computing: when ones data or software is hosted far away and under the care of a thirdparty, there are new risks and complications that can offset the ways such hosting can make life simpler and safer.
Some of these risks can be managed: businesses can shop carefully for an enterprise-level cloud provider, andpay more for those that can persuasively claim more reliable service, or for contracts that penalize unanticipated orunjustied takedowns or interruptions. (For consumers, who plan and bargain less, the equation can be particularlydangerous: a lifetimes worth of e-mail or photos, or a social network comprising hundreds or thousands of hard-won
relationships, can have its rules changed, or even evaporate, in an instant.)
However, not all risks can be easily mitigated. For example, network trouble or government-mandated ltering cancome between a business and its cloud processes. And, as events in Egypt and Libya demonstrated, there areoccasions in which an entire nations Internet access can be threatened. The solution is not likely to involve retreat toones own basement servers. Basements arent fail-safe either, and another marker thrown down by the WikiLeaksepisode is the prevalence and power of denial of service attacks: all but the most bunkerized homes for data andcode are vulnerable to compromise or attack.
We do not want to see the move to cloud computing, which can offer so many benets, slowed if the fears broughtinto focus by the WikiLeaks episode remain unaddressed. Yet we also do not want to nd ourselves continuing amarch to cloud computing that entails clustering under only a handful of powerful umbrella service providers, leadingto limited competition and a handful of points of control.
Solutions may lie not as much in centralization as in its opposite: creating protocols and processes by which data
is voluntarily mirrored among otherwise-independent sites. Then if one is disrupted, other copies remain. And at thenetworks physical layer, we may see projects such as mesh networking -- creating connectivity without relying uponInternet service providers -- move from the interesting to the downright vital. While the approaches and examplescan vary, answers to these very new problems may be inspired from the oldest of human instincts and politicalorganization: mutual aid.
As cloud computing accelerates, our creativity and sociability will be tested as we seek to realize its gains withoutcreating undue vulnerabilities.
Building a Secure Cloud without Undue Points of Control
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
11/28
8
B. Security
Users want to be condent
that their services and dataare secure in the cloud
that is, always available to
them and never available
to unauthorized others.
They also demand recourse
mechanisms if something
goes wrong. Industry
stakeholders point out that
greater security involves
trade-offs with cost and
usability, and that technical
solutions can never fully
protect against security breaches originating from
users themselves.
Security-related issues raised by stakeholders
include:
Ensuring Only Authorized
Access
Users are concerned thatdata in the cloud is more
susceptible to cyber-attacks,as aggregating multipleusers data and serviceson a single platform makesit a more attractive target.Providers point out that no
security mechanisms are foolproof, and all come withtrade-offs: using encryption can be expensive, and usinghypervisors to virtually isolate a users applications anddata can still leave vulnerabilities.
More broadly, both industry and government stakeholdersexpressed concern that technical security mechanismssuch as encryption could give users a false sense of
security. Encryption is only as effective as the userscontrol of who has the key, and does not solve theproblems of a malicious insider or of users beingmanipulated into giving access. These concerns arebound up with wider questions of how to manage andverify identities.
Ensuring Integrity and Availability (and Addressing
Data Loss)
When users store their data on their premises, it is clear
who is accountable if the data is corrupted, lost ortemporarily inaccessible. This is not necessarily the casewhen the data is stored in the cloud. When it is unclearwhether a problem lies with the cloud provider or withthe networks the user is using to access the cloud, usersare concerned that they will be unable to establish who isliable, and to seek redress.
As many users data may be shared on one machine,users are concerned about the possibility of problemswith one users services affecting anothers. Governmentstakeholders express concern about the resilience ofcloud providers to distributed denial-of-service (DDoS)attacks, and note there is an inherent disincentive for
providers to report on breaches and problems. Someindustry stakeholders, however, believe they are alreadybeing transparent enough, especially given that a greatmajority of client agreements require the service providerto notify the client of any breaches or data loss.
Ensuring that Data Is Destroyed as Needed
Most computer users are aware that even when theydelete data, it can still be recovered from their hard drives additional steps are needed to make sure data cannever be retrieved. True data deletion is more challengingin the cloud, because cloud providers are the only oneswith access to the physical infrastructure on which users
data is stored, and often data may be mirrored on multiplemachines. Without any way of verifying if their data hasbeen destroyed, users have no option but to trust theprovider.
Government stakeholders are especially concerned thatsensitive data, such as healthcare records, should notbe recoverable once deleted. Industry stakeholders note,however, the signicant technical difculties involved inguaranteeing data deletion.
Overall, many cloud providers are keen to stress that theabove concerns about security in the cloud should not beoverstated. By their nature, cloud solutions aggregate thesecurity requirements of many clients, often to the higheststandard, and they are frequently monitored and stringentlyaudited. As a result, security protections in the cloud aremore extensive than in many, perhaps most, private datacentres.
No-one will
unequivocally declarethat cloud is 100%
safe just as no one
will declare airplanes
are 100% safe. Let
not security become
the bogey thatll stop
the whole thing be
pragmatic, solve the
problems as they
come along, and be
open.
Academia Participant,New Delhi Workshop,November 2010
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
12/28
9
The change created
by the cloud
ecosystem will be
manifested 20% in the
realm of technology
and the remainder
through social
change.
Industry Participant,New Delhi Workshop,November 2010
The World Economic Forum held a workshop in New Delhi on 23 November 2010,convening over 30 leading Indian decision-makers, including service providers, users,government representatives and academia. The goals of the workshop were toidentify the potential benets and opportunities of cloud computing in India and otheremerging economies; address the unique challenges to its implementation in emergingmarkets; and explore in which areas emerging markets could take the lead in clouddevelopment.
Market Potential
Small and medium-sized companies with limited resources and access to IT are expected tobe the greatest beneciaries in India from the efciency gains promised by cloud computing.For these companies, participants expect cloud to facilitate more efcient delivery of services
to bottom of the pyramid consumers one of the key future market potentials in emerging economies.Similar efciency gains could also improve public services in India. Some government representatives argued thatcloud service models could, in fact, be the only means of delivering certain essential services (such as micro-transaction banking, micro-insurance and healthcare) given the vastness of the country, with large remote and poorpopulations. Other areas of public service that could benet from the cloud include disaster management and theagricultural sector.
More broadly, providing access to data and computing power to people who would normally be deprived of suchresources could unleash signicant new innovation.
Specic Challenges in India
The lack of economic returns represents one of the key challenges for the development of the domestic cloud marketin India. While many IT companies are engaged in the cloud business, they feel that currently there are insufcient
incentives to offer economically sensible cloud models and services to the domestic market, particularly thosetargeting micro, small and medium-sized enterprises. Hurdles to the adoption of cloud include the limited availabilityof digitized data and the need to deal with requirements of 28 different states.
In addition, limited and/or unreliable wired and wireless broadband infrastructure hinders access to, and hencedevelopment of, cloud services in India. This calls for greater engagement from the government to provide a fertileenvironment for domestic cloud markets and to engage in public-private partnerships on cloud development.
In terms of regulation, while privacy and personal data protection are not widely established in Indian law, ITcompanies that export services are keen to have Indian regulation align with European and US data protectionframeworks. The development of such a framework in India would assist the industry in competing on aninternational scale.
Additional implications for Emerging Markets
Overcoming connectivity challenges is critical. The development of mobile-based access in India and other emergingmarkets will drive the adoption and growth of cloud computing.
Access management is another area in which India is developing promising initiatives. Given the large populationbase and the huge number of potential cloud users, identication and access management poses uniquechallenges. Indias Unique Identication Card (UID Card) project, which relies on cloud technologies, could be seenas a model case.
Cloud Computing in India and Emerging Markets
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
13/28
10
C. Business Environment
Cloud services and business models are still at
an early stage of development, but several areashave been identied that are of concern to key
stakeholders. They include:
Ensuring Interoperability
Interoperability is the ability ofdifferent systems to seamlesslycommunicate with eachother. Users favour greaterinteroperability as it allowsthem to customise their ownsolutions by purchasingbest of breed services from
multiple cloud providers andto move more easily between providers. Governmentsalso favour interoperability as a way of driving competitionand increasing the resilience of the cloud system as awhole, especially where the market consists of only a fewproviders.
However, industry stakeholders are concerned thata premature focus on standardization to promoteinteroperability could hold back innovation and theevolution of better solutions.
Ensuring Data Portability
Closely related to interoperability is the question of data
portability that is, users being able to move data (oreven complete application stacks) easily among cloudproviders. Many users express the fear of being lockedin to a single cloud provider if it turns out to be inefcient,time consuming, expensive or impossible to transfer datato a different cloud, or back to their premises. Governmentstakeholders are also concerned about portability fromthe perspective of encouraging competition and buildingsystemic resilience.
However, as with interoperability, industry stakeholdersare concerned that an excessive focus on ensuringdata portability will limit their incentive to innovate bymaking it harder for them to differentiate themselves
through different architectures and offerings. Concernsabout meta-data also complicate efforts to ensure dataportability.
Insufcient Reliability of Cloud
Many users perceive that the reliability of cloud solutionsis not yet sufcient for them to trust the cloud with theirmission-critical needs. They are concerned about beingalerted to planned downtime and having accurate reportsabout unplanned downtime; having access to theirdata slowed by other users creating contention for theproviders resources; and the need for backup strategiesin the event of unanticipated crises or a provider going outof business.
Industry stakeholders generally feel that, as the cloudmatures, market mechanisms will evolve that allowusers to assess providers reputation and reliability.
Nonetheless, there is no consensus among cloudproviders on how much information about their reliabilitythey are willing to disclose, and government agencies arenot satised with the status quo.
Insufcient Commitments to Service Levels
Related to reliability concerns, users note that the kindof SLAs (service level agreements) they rely on fromproviders of their on-premises IT solutions do not tendto be offered by cloud providers, or that what is offeredis insufcient for important applications. Potential usersof cloud computing are held back by the lack of clearcommitments from providers on such issues as uptime,response times, bandwidth, reliability and security or by
the lack of stipulated penalties if these commitments arenot met.
Users also note that the lack of standardized SLAs makesit difcult for them to compare competing services. Therewere, however, mixed views among industry stakeholderson the feasibility of working towards standardized SLAs,given the great diversity of architectures and users needsand circumstances.
Relative Maturity of the Cloud Ecosystem
While cloud services are evolving rapidly, manystakeholders express concern about the speed at whichother necessary aspects of the ecosystem in which public
clouds operate are evolving. Common concerns include:
The still-widespread lack of understanding about cloud,as potential users do not feel sufciently informed aboutthe risks and benets and are nervous about committingto relatively new business models such as pay-as-you-goaccess to IT
Future speed, reliability and global availability of thenetwork access required to use public clouds
Availability of expertise, as there are still relatively few ITprofessionals globally who are trained to architect cloudsolutions
Current underdevelopment of insurance solutions, whichcould protect users against problems with the cloud
Threats to intellectual property from using cloudsolutions outside a rewall, as more information andapproaches to running a business are externally exposed
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
14/28
11
Brussels
Economic and social impacts of cloud
Interoperability and vendor lock-in
3rd party validation & certication
Secure access & network security
Industry-led standardization
Growth-enhancing initiatives
Clarify (roles, relationships, data location andownership of data)
Clarication on application of regulation
Data privacy & condentiality
U.K.
Macro-regulatory framework
Transparency & trust
Co-regulation model
Integrity & reliability
Accountability
Concrete security measures
Interoperability & portability
Number of actors
Washington, DC
Education & awareness raising
Government access to data
Interoperability & portability
"Privacy by Design"
R&D needs
Quantifying ROI
Harmonization & Transparency
Addressing risk
India
Economically sensible cloud models
Government-Industry partnership
Government incentive
Enabling cost (e.g. Infrastructure, utility) of delivery inemerging markets
Compliance with int'l regulations on data
Social change
India's youth
Lower concerns about data sensitivity
Focus on small, micro businesses
Some of the fundamental issues identied by the project illustrate how sensitive and complex cloud technologies havebecome at this relatively early stage in their development.
Many stakeholders are concerned by the current dominance of cloud providers based in the United States, becauseof the potential loss of competitiveness and decreased ability to inuence how the cloud operates. This may explainthe development of individual clouds in countries such as China.
Some ofcials are worried that jobs may be lost in private data centres as companies move to the cloud, althoughmost stakeholders agree that, in the longer term, the clouds net effect on jobs is likely to be positive. The skills issuealso comes into play a countrys capacity for innovation could be compromised if its citizens are not sufcientlyaware of how to utilize cloud technologies, especially if no local cloud providers exist and if local R&D is limited.
There are also questions about whether national identities, autonomy and sovereignty could be compromised if rmsincreasingly rely on the same few foreign cloud providers. This reliance is seen by some as potentially a new form of
colonization.
Finally, it is still far from clear how principles of free trade should be applied in the cloud whether countries that hostcloud data centres have an obligation to provide open access to these centres to customers from other countries,under what terms and with what protections.
The Cloud in Context: Geopolitics and Economics
Figure 4. Key topics that emerged at the 2010 workshops
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
15/28
12
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
16/28
13
What to Do Now? Eight Action Areas
Working from the major issues described in the previoussection, the project set out to develop recommendationsand identify actions that governments and industry can
undertake to accelerate the deployment and adoption ofpublic cloud technologies. While the underlying issues arecomplex and contentious, eight critical action areas wereselected by government representatives and companies including many of the largest cloud providers and regulatorsfrom Europe and North America and then conrmed inthe private session about cloud computing held during theWorld Economic Forum Annual Meeting 2011.
1. Explore and facilitate the realization of the benets ofcloud
2. Advance understanding and management of cloud-related risks
3. Promote service transparency
4. Clarify and enhance accountability across all relevantparties
5. Ensure data portability
6. Facilitate interoperability
7. Accelerate adaptation and harmonization of regulatoryframeworks related to cloud
8. Provide sufcient network connectivity to cloud services
As described below, these action areas are put forward as
a charter for further engagement among key stakeholders.They are intended to form a cohesive agenda, bringingtogether several areas in which there are existing butdisparate initiatives. We hope this step will lead to industryand government collaboration to further dene andimplement the necessary actions to move the agendaforward and accelerate the uptake of cloud technologies.
Cloud ecosystem participants should dedicateadditional resources to understanding the benets
of cloud and accelerating the adoption of innovative
applications of cloud technology. Topics include
product and process innovation and job creation,
collaboration, broad delivery of IP, government
effectiveness and efciency, and other economic
benets.
Underlying many of the issuesdiscussed in the previoussection is a sense that thebenets of cloud computing beyond those related toIT efciencies are not wellunderstood. This manifestsitself as a problem in twomain ways. First, users maybe held back from moving to
the cloud if they perceive the risks more clearly than thebenets. Second, regulators nd it hard to make balanceddecisions that are in line with the European legal principleof proportionality if they lack a clear sense of how theirdecisions could potentially impact the macroeconomicand societal benets of the cloud as well as the risks. The
principle of proportionality argues, among other provisions,that regulation should detract as little as possible from thebenets of what is being regulated.
It is normal enough for any new technology thatindependent, objective research on its benets is difcultto nd. However, a balanced view of the potential benetsis especially necessary for cloud, given the uniqueconcerns it raises. It would be useful, for example, to haveindependent and objective research into the potential forcloud computing to facilitate collaboration among multipleand diverse participants in industries such as healthcare,education and complex supply chains, or to delivercross-border protection of intellectual property rights. In
particular, it has been expected for some time that cloudwould signicantly advance healthcare and education,and it is important to understand why this has not yethappened.
During the past decade, there has been extensiveresearch on the benets of broadband, particularly itsability to accelerate GNP growth. This may providea model for similar research into the cloud, given itscomplementarity with broadband access. Such researchshould focus on the potential for job creation (and loss),looking especially at how small and medium-sizedbusinesses could benet from access to best in classcomputing solutions.
1. Explore and Facilitate the Realization of
the Benets of Cloud
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
17/28
14
There is a need
to be transparent
with regard to
roles, relationships,locations and
ownership of data.
Industry Participant,Brussels Workshop,May 2010
Transparency is
one of the key
requirements: we
need to learn to trust
cloud services.
Industry Participant,London Workshop,December 2010
For the moment,
there is very little
information on what
is going on behind
the scenes in terms of
security managementin the cloud.
Industry Participant,London Workshop,December 2010
Providers of cloud services should make available to
customers information about how their services areprovided and how they perform. This includes letting
customers know how data is secured, where data
is stored and/or what jurisdictional provisions apply,
how and by whom it can be accessed, and how it
can be deleted.
In addition to further researchinto the benets and risks,greater transparency (i.e.public disclosure) about cloudcomputing would go a long
way towards addressing manyof the stakeholder issuesdetailed above notablyprivacy and condentiality,data ownership, security,
liability and reliability. Clearer and more easily accessibleinformation about cloud service delivery models andoffers would accelerate the development of the market byimproving levels of user trust and facilitating the creation ofaggregated services provided by multiple providers.
Greater transparency shouldalso reduce the risk of excessiveregulation that could hinder the
industrys evolution. Governmentstakeholders indicate that asmore consistent and comparableinformation on cloud performanceand security becomes availableto customers, the less they willbe concerned about the needto protect less-sophisticatedcustomers through regulation.
There is an opportunity for cloudproviders to take the lead ontransparency through developingcodes based on shared good
practices. Efforts to improveand standardize reporting areunderway, and there is scopefor them to be consolidated.Voluntary certication schemescould also play a role, with cloudproviders asking a third party agency to audit, certify orrate them. Such a move could help to build trust in thecloud and reduce the need for further regulation.
3. Promote Service Transparency
Relevant stakeholders (providers and government)should encourage research into the unique risk
drivers in cloud computing and identify potential
solutions.
The ipside of clearlyunderstanding the potentialbenets of cloud is ensuringthat perceptions of risk arealso grounded in reality. Itis arguable that several ofthe stakeholder concernsdescribed in the previous
section apply just as much tothe public Internet as to the
cloud, where data centres may be protected by securitymechanisms that are so sophisticated they actuallyreduce risk rather than exacerbate it. If concerns areindeed overstated, the development of the cloud would beneedlessly held back.
However, authoritative researchis lacking on how serious therisks are for different types ofapplications and data; howwell they can be managed;and how they relate to broaderglobal risks such as politicalissues affecting the movementof information across borders.Collaboration among industryand regulators on conductingand publicizing such research
could educate and reassure users, and help to ensure thatgovernment regulation is appropriately targeted.
Risk mitigation strategies need to address the different riskproles of different types of data, such as personal dataand trade secrets. Innovative approaches to managingrisk could include industry players developing codes
of conduct and mutual assistance schemes wherebyproviders agree to assume responsibility for each othersservice commitments in the event of outages or breaches.A better understanding of risks would also facilitate thedevelopment of nascent cloud insurance models to offercompensation to customers in the event of losses causedby the cloud.
2. Advance Understanding and Management
of Cloud-related Risks
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
18/28
15
4. Clarify and Enhance Accountability across
All Relevant Parties
Industry, regulatory bodies and third parties shouldcollaborate to create and implement more consistent
and comprehensive approaches to accountability for
how cloud services are provided.
Complementing greatertransparency, greater clarityabout accountability wouldaccelerate uptake of cloudcomputing among potentialusers, who are currentlyreluctant to entrust mission-critical services to the cloud.
Users want to know who isaccountable if service levels are unsatisfactory, if theyare unable to access data they put in the cloud or if itis accessed by unauthorized persons or governmentagencies. In particular, users want clarity aboutaccountability for service delivery in situations whereproviders leverage sub-contractors, get acquired or go outof business.
Efforts to clarify accountability for legal compliance such as the development of data privacy and securitycompliance programmes by cloud users or providers are hindered by unclear and sometimes inconsistentregulation. It is therefore important to achieve clarity onwhether cloud providers are considered data processorsor data controllers, what the respective obligations of bothparties are, and which countrys laws apply to data whena cloud provider has data centres in multiple jurisdictions.Possible technology approaches to the third point includetagging data with a specic jurisdiction code or encryptingall data before it moves to the cloud (although this isexpensive and not foolproof).
As with transparency, government stakeholders indicatethat voluntary industry moves to clarify accountabilityand establish corporate compliance programmes couldreduce the need for regulatory intervention. There isan opportunity for third-party certication schemes toplay an important role, and potential for further industryinvolvement in existing initiatives such as the Data PrivacyAccountability Model, Privacy-by-Design and BindingCorporate Rules. Industry players and governmentstakeholders need to agree on the extent to which itis possible to establish general principles regardingaccountability, as some cloud providers expressed theview that accountability needs to be negotiated only withindividual clients.
Cloud service providers should provide ways for
users to easily retrieve data they have input toclouds, without an onerous fee and in a timely
manner.
5. Ensure Data Portability
The fear of vendor lock-in holdsback many potential users of cloud,while many government stakeholdersare concerned about maintainingcompetitiveness in the cloud market.These concerns are lessened ifit becomes quicker, easier andcheaper for users to move data,and perhaps applications, between
different cloud providers and betweenuser premises and the cloud. Usersshould be aware, however, that dueto economies of scale in the cloud
and particular cloud architectures, it may be economicallyinfeasible to roll back from the cloud to an on-premisessolution.
There is potential to achieve greater consistencyand rationalization in the data portability standardscurrently being advanced by multiple bodies, includingthe Distributed Management Task Force; over time,the ambition could be to develop minimum portabilitystandards and common approaches for all cloud
providers. Governments have a role in minimizing anyregulatory barriers that are faced by efforts to standardizeportability.
Work on facilitating data portability also needs to bealigned with work on common approaches to dataownership and protection, law enforcement access andliability. Providing meta-data and context information,in addition to the actual data entered, can signicantlyincrease the options available to customers.
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
19/28
16
In addition to the eight action areas detailed in this report, several additional actions were discussed but did notreceive sufciently widespread support to be included in the nal list of action areas. These are:
Foster education for cloud users
Governments, the cloud computing industry (and other industries that can benet from cloud), academia andinstitutions of higher education, and small businesses share an interest in fostering education and awareness amongpotential users of cloud services on ways to leverage cloud technologies. Use cases could illustrate more complexscenarios. Familiarizing labour pools with cloud technologies should enhance national economic competitiveness byensuring that industries that stand to benet from the cloud do not fall behind in taking advantage of it.
Promote R&D for privacy and security enhancing technologies
Providers of cloud services should collaborate with each other and with government stakeholders to invest in
research to advance the protection of privacy for users through the reinforcement of existing procedures and creationof new architectures and systems. This applies in particular to identity and access management, data encryption,data deletion, and addressing causes of failure and security loopholes.
Improve SLAs
By working to evolve clearer and more standardized service level agreements, industry players can address userconcerns about being unable to make informed decisions. As governments are also concerned that users of cloudshould be able to understand and take responsibility for their choices, industry action could pre-empt regulatoryintervention. More stringent SLAs will also allay user concerns about entrusting mission-critical solutions to the cloud.
Adopt Cloud
Governments can continue to support the use of public cloud and play a signicant role in the general adoption of
cloud by driving the need for industry to create government-ready solutions. The adoption of cloud by governmentsalso increases user condence and may facilitate regulatory processes and harmonization. For example, US FederalChief Information Ofcer Vivek Kundra has released the Federal Cloud Computing Strategy in 2011, which calls forabout one-quarter of federal IT spending, or US$ 20 billion, to be committed to cloud systems. Additionally, under theUS Cloud First programme, agencies will be required to move three services to the cloud within 18 months; adopt acloud model wherever feasible; and evaluate cloud options before making investments.
Pursue new approaches to regulatory harmonization
Additional suggestions mentioned in this context that did not achieve broad agreement, included:
Adapt WTO frameworks to create a cloud trade body to address data policies and help stakeholders formulateand agree upon policies needed for digital services
Create a broader, voluntary safe harbour programme with the understanding that, once a company commits to it,
the commitment will be legally binding
Create a Cyberpol or world court that would act as a central, global body to pursue non-compliant providers,criminals and, possibly, rogue states
Additional Action Areas
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
20/28
17
6. Facilitate Interoperability 7. Accelerate Adaptation and Harmonizationof Regulatory Frameworks Related to Cloud
Industry players should pursue the evolution of cloud
offerings with the goal of facilitating interoperabilityamong multiple (private and public) clouds. This
will accelerate the growth of the overall cloud
ecosystem.
There has been notableprogress recently in developingofferings that allow usersto customize their ownsolutions by simultaneouslyusing services from multiplecloud providers. As with dataportability, every step towardsgreater interoperability helps toaddress stakeholder concernsabout competitiveness and
lock-in. It may also accelerate innovation and help addresschallenges related to data privacy and security.
As the cloud industry matures over the coming years,interoperability will need to be accompanied by theevolution of clear accountability frameworks, commitmentsto commonly dened service levels and broad adoptionof standards. Large industry players, including savvy anddemanding customers such as governments, can helpaccelerate this maturation process for example, throughencouraging visible research and pilot projects.
Fostering cloud interoperability will also likely extend to abroad range of ecosystem players, including providers ofconnectivity and application developers, who will need toadopt relevant architectures and provide enabling servicessuch as highly reliable cross-cloud connectivity.
Governments worldwide should adapt andharmonize regulations relevant to cloud with the
aim of improving their applicability and reducing
divergence across jurisdictions, while considering
the maturity of the overall industry.
There is widespreadfrustration amongstakeholders about theregulatory environmentfor cloud computing,especially in the areasof data privacy andsecurity. Regulationsare often inconsistent,conicting and difcultto apply for users andproviders operatingglobally. This holds back
users from moving to the cloud, as they fear regulatoryprovisions are insufcient to protect their data from beingunduly accessed by law enforcement or retained byproviders. And when regulations effectively force data toremain within national borders either directly by imposingrestrictions on data transfers outside the jurisdiction,or indirectly through a lack of cross-jurisdictional
alignment they hold back cloud providers from realizingimprovements that come from achieving scale throughmultiple locations.
As a long-term goal,governments may wish toexplore a macro-regulatoryframework that will be moreadept at keeping pace withrapid technological change.Options include a co-regulationapproach, whereby industrytakes the lead in identifyingnecessary provisions and
governments take a policy andoversight role. This would implyachieving a harmonized approach to the underlyingprinciples that guide regulation, which currently differamong jurisdictions notably through the USs sectoralapproach to data privacy regulation and the EUsmore universal one. Minimum regulatory standardsare not a solution they are often not sufcient toreduce complexity, as they do not stop countries fromintroducing additional provisions.
As a step in this direction, governments should continueto dialogue with providers to better understand the impactof regulatory interventions. Data protection authorities can
play an important role in interpreting and harmonizing legalframeworks to more effectively meet user and providerneeds for clearly understandable and authoritative guidanceabout their respective responsibilities, the protectionsaccorded to them, and the recourse available in the eventof breaches.
Industry could
take the initiative
for a cloud code
of conduct and
regulators could then
review it.
GovernmentRepresentative,World Economic Forum
Annual Meeting 2011
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
21/28
18
Large businesses
do not have a
strong grasp of
their dependence
on Internet-based
services, which will
increase with cloud.
Many of the issues
around access to
the cloud relate to
maintaining continuity
of the network.
Industry Participant,Washington DC Workshop,November 2010
8. Provide Sufcient Network Connectivityto Cloud Services
Industry, government and relevant agencies shouldidentify connectivity requirements for cloud services
(wired and wireless) and promote the commensurate
deployment of networks across the world.
To be able to usecloud computing withcondence, usersneed easy access tothe cloud. They needguarantees about thespeed, reliability and
robustness of networks,both xed and mobile.In particular, in anenvironment where
market needs maybe moving faster than the technology,users need to be condent that current telecominvestments will be sufcient to support future services.
Governments have a role in promoting better connectivityin all markets, especially in emerging and developingcountries where the issue may be more acute. Policyinitiatives that could serve as examples include the Europe2020 broadband targets and the European CommissionsDigital Agenda pillar on ultra-fast broadband.
Given that cloud computinguses data centres that needto be able to handle massiveamounts of trafc, the planningof networks and data centresneeds to be coordinated.Developing a frameworkdescribing what services canbe provided with various levelsof connectivity could also helpnational governments promoteand prioritize investmentsthat will sustain future growth
opportunities. Not muchresearch currently exists on thistopic.
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
22/28
1. Explore cloud benets
2. Understand & manage cloud risks
3. Promote service transparency
4. Clarify & enhance accountability
5. Ensure data portability
6. Faciliate interoperability
7. Adapt & harmonize regulation
8. Provide sufcient connectivity
Figure 5. Action areas
19
Cloud computing is at apivotal point of development.As it becomes a critical
element of the IT landscape,there is much expectationthat its potential economicand social benets couldrival those of the Internet ormobile technologies, but alsomuch uncertainty. Experienceof previous waves oftechnological change suggeststhat now is the window ofopportunity for industry andpolicy-makers to collaborate,encourage business adoptionand nd ways to reconcile
the natural conict betweenletting an innovative set oftechnologies mature andprotecting users and citizens.
This report set out to identify the issues that needto be addressed to move the agenda forward andareas of action that all agree could enable the healthydevelopment of cloud technologies. While valuablework is underway on many of these issues (such asstandards and security) the project aims to addressmore cohesively the bigger picture and the possibilityfor a broader common agenda. To do this, the projecthas brought together key stakeholders from industry,governments, international organizations and academia toprioritize their concerns and explore potential solutions.
The eight action areasdescribed in this reportencompass broadeningawareness and understandingof the benets and risksof cloud, promotingservice transparency,harmonizing regulatoryframeworks, clarifyingaccountability, facilitating
system interoperabilityand data portability, and ensuring sufcient networkconnectivity. They received broad support fromindustry and government leaders taking part in aprivate session on cloud computing at the WorldEconomic Forum Annual Meeting 2011.
The aim of these action areas is not to offer prescriptivesolutions, but to suggest a charter for furtherengagement among industry and governments. Theeight action areas are already being used as the basis formultistakeholder collaboration in multiple contexts, suchas feeding into a series of meetings between industryleaders and EU Commissioner for the Digital AgendaNeelie Kroes on cloud regulation and harmonization,announced at the Forums Annual Meeting.2
An especially promising avenue for government-industrycollaboration could be the initiation of experimentalpilot deployment programmes to generate anddocument empirical evidence on the positive social andeconomic impacts of the cloud. Such studies couldhelp counterbalance concerns about cloud computing,which are magnied by their overlap with broadercontemporary worries such as national sovereignty,cybersecurity and the health of the Internet.
Other potential collaborative actions could include:
Industry investing in research into systemicsecurity risks and costs and how tocollaborate on areas such as encryption
Service providers reaching agreement oncommon best practices for transparency
Telecoms providers working to identify connectivityrequirements and investment needs by geography
Cloud computing is set for rapid acceleration aroundthe world. We hope that the framework described in thisreport has provided a common language and a sharedset of priorities for industry and governments to continueto address common issues in a constructive way, leadingto a wider and more effective uptake of cloud solutions.
Project Outcomes: What Is Next?
After two years of
intensive work on
cloud issues, the
World EconomicForum has done
a great job in
bringing together a
lot of expertise and
experience. And it
is a timely exercise
indeed.
Neelie Kroes, Vice-President of the EuropeanCommission responsiblefor the Digital Agenda
Towards a EuropeanCloud Computing Strategy,World Economic Forum
Annual Meeting 2011
Stakeholders
willingness to
overcome the barriers
depends on their
assessment of cloud-
related benets.
Industry Participant,London Workshop,December 2010
2. http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/50
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
23/28
20
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
24/28
2009 Annual Meeting, Davos
San Francisco workshop
Europe Summit, Brussels workshop
Industry/ government consultation & issue tool
Washington DC workshop
New Delhi workshop
Slough (UK) workshop
Industry/ government consultation
AMNC Dalian workshop
Tokyo workshop
IES New Delhi workshop
Brussels workshop
Cross-government call
2010 Annual Meeting, Davos
2011 Annual Meeting, Davos
Phase 2Phase 1
Figure 6. Project timeline
21
About the Research
Project Background
This report is part of the World Economic Forumsresearch study, Exploring the Future of Cloud Computing.
It was mandated by the IT Governors at the WorldEconomic Forum Annual Meeting 2009 in Davos-Klosters,Switzerland.
Two objectives for the research were dened:
Develop an understanding of what is needed to steer thehealthy development of both public and private cloudcomputing environments
Develop a set of industry and public policy action areasthat could help mitigate the uncertainties and acceleratethe benets of cloud computing
Consequently, the project was divided into two phases:
I. The rst phase focused on consulting with a wide rangeof relevant stakeholders (IT industry, corporate buyers
of IT, government regulators, investors, academics,journalists and others) through workshops, surveys andinterviews to obtain their views on the potential impacts
of cloud computing on business, society and theglobal economy. A key research tool was an extensivesurvey that Accenture designed and developed on cloudcomputing. Collecting a wide range of highly informedviews enabled us to identify the key drivers, enablers andbarriers in cloud computing.
Phase I outcomes:
Report: http://tinyurl.com/wef-2010report
Video: http://tinyurl.com/wef-2010video
II. Based on the ndings of the phase I report, phaseII focused on developing action areas and identifying
actions that governments and industry can undertake toaccelerate the deployment and adoption of public cloudtechnologies (this report).
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
25/28
Process/
Industry Clouds
Application Clouds
(SaaS)
Platform Clouds
(PaaS)
Infrastructure
Clouds (IaaS)
Initial Prioritization
Issues That Affect Cloud Deployment
In The Next 3 Years
Davos Governors Gession
InputPhase I Input and Report, Cloud Constraints and Barriers
Issue Tool
Collation of Skateholder
Priority Issues
Analysis & Solution
Development
Draft Action Areas
OutputAction Areas and World Economic Forum Report
Figure 8. A possible hierarchy of cloud-
based offerings
22
Denition of Cloud Computing
There are probably as many denitions of cloud computingas there are opinions about its future. To date, there isno denition that is agreed upon in most quarters. Thedenition we used in this project came from the Universityof California at Berkeley: Cloud computing refers to boththe applications delivered as services over the Internet and
the hardware and systems software in the data centres
that provide those services.
Clarications: Access to the cloud can be provided viamultiple technologies (Internet or other) and services caninclude processing, storage, access to applications andbusiness processes.
Deployment models relevant to this project:
Public cloud sold to the public, mega-scaleinfrastructure (e.g. Amazon, Google)
Hybrid cloud composition of two or more clouds whereone might abstract applications or services through acombination of in-house infrastructure and/or reaching outto multiple clouds
Community cloud a shared infrastructure for a speciccommunity (e.g. healthcare)
Note: Private clouds (ones that an enterprise owns orleases) are not included in the scope of phase II of our
project
Examples of types of cloud computing:3
Process/Industry clouds
Application clouds (SaaS) Platform clouds (PaaS)
Infrastructure clouds (IaaS)
Characteristics of Cloud Computing
In the absence of a commonly accepted denition ofcloud computing, enumerating some characteristics4 oftenassociated with cloud computing may help to clarify howthe term is commonly used and understood:
On-demand self-service
Broad network access
Resource pooling
Rapid elasticity
Measured service
Massive scale
Virtualization
Resilient computing
Low-cost software
Geographic distribution covering multiple jurisdictions
Multiple accountabilities
Service orientation
Advanced security technologies
3. Cloudrise: Rewards and Risks at the Dawn of Cloud Computing, Accenture, Jeanne G. Harris and Allan E. Alter, November 2011
4. The NIST Denition of Cloud Computing, Peter Mell and Tim Grance, October 2009
Figure 7. Project process and outcome
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
26/28
23
Acknowledgments: Partners and
Contributing Organizations
Industry
Accenture
AkamaiAlcatel Lucent
AT&T
Bitcurrent
BMC Software
BT Group
CA Technologies
Capgemini
Cisco
Colt
ComScore
CSC
Cyber Risk Partners
Dell
Deutsche Telekom
EMC
Forrester
Fujitsu
HCL TechnologiesHP
Huawei Technologies
Infosys Technologies
Intel
Juniper
Kudelski
Lenovo
Lockheed Martin
McAfee
Mahindra Satyam
Microsoft
Nasdaq
NCR Corp.
Nivio
Orange Business Services
Polycom
Salesforce.com
SAP
SAS
Telefonica
Tibco
Wipro
Governments and Agencies
European Commission
European Data Protection Supervisor (EDPS)European Network and InformationSecurity Agency (ENISA)
Confederation of Indian Industry (CII)
French Data Protection Authority (CNIL)
German Ministry of Economics and Technology
German Ministry of the Interior
Indian Department of Information Technology
Indian Department of Micro, Smalland Medium Enterprises
NASSCOM India
Japan Ministry of Internal Affairs and Communications
Organisation for Economic Co-operationand Development (OECD)
UK Cabinet Ofce
UK Department for Business, Innovation and Skills (BIS)
UK Ofce of Cyber Security and Information Assurance
US Department of Commerce
US Federal Communications Commission
US Federal Trade Commission
US General Service AdministrationUS Ofce of Management and Budget
Academia
Berkman Center for Internet and Society, HarvardUniversity, USA
Brookings Institution, USA
Centre for Commercial Law Studies, Queen Mary,University of London
Centre of Excellence in Information and CommunicationTechnologies, Belgium
Complutense University of Madrid, SpainGeorgetown University, USA
International Institute of Information Technology Bangalore
Rand Europe
Research Center on IT and Law, FUNDP Namur, Belgium
An additional thank you goes to the Accenture Australia
creative services team, to the Forum editing team and to
the writer, Andrew Wright.
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
27/28
24
References
1. Above the Clouds: A Berkeley View of CloudComputing, authored by 11 members of UC Berkeleysdivision of Electrical Engineering and Computer
Sciences, February 2009
2. Exploring the Future of Cloud Computing, WorldEconomic Forum, May 2010
3. Worldwide and Regional Public IT Cloud Services,2010-2014 Forecast, IDC, June 2010
4. Mind the Gap Insights from Accentures Third GlobalHigh Performance IT Research Study, November 2010
5. Cloudrise: Rewards and Risks at the Dawn of CloudComputing, Accenture, Jeanne G. Harris and Allan E.
Alter, November 2011
6. Where the Cloud Meets Reality: Operationally Enablingthe Growth of New Business Models, Accenture,March 2011
7. The Cloud Dividend, Center for Economics andBusiness Research, December 2010
8. Information Assurance Framework, ENISA, November2009
9. Cloud Computing Security Risk Assessment, ENISA,November 2009
10. Towards a European Cloud Computing Strategy,Neelie Kroes, Vice-President and Commissioner for
the Digital Agenda of the European Commission,speaking at the World Economic Forum AnnualMeeting 2011, January 2011
11. Federal Cloud Computing Strategy, Vivek Kundra,February 2011
12. The Terms They Are A-Changin'... Watching CloudContracts Take Shape, Simon Bradshaw, ChristopherMillard and Ian Walden, The Brookings Institution,March 2011
13. A Digital Agenda for Europe, European Commission,May 2010
14. EU Data Protection Directive 95/46/EC, October 199515. Article 29 Data Protection Working Party of the EU
Directive
16. Unique Identication Authority of India (UIDAI)Volunteer Guidelines, 2009
17. Digital Japan Creation Project (ICT Hatoyama Plan),Ministry of Internal Affairs and Communications ofJapan, March 2009
18. Privacy and Security in Cloud Computing, Allan A.Friedman and Darrell M. West, Center for TechnologyInnovation at Brookings, October 2010
19. The Economic Impact of Cloud Computing onBusiness Creation, Employment and Output inEurope, Prof. Federico Etro, Review of Business and
Economics, June 2009, Vol. 54, 2, pp. 179-208.
20. The Economics of Cloud Computing, IUP Journal ofManagerial Economics, February 2011, Vol. IX, 2, pp.1-16
21. The NIST Denition of Cloud Computing, Peter Melland Tim Grance, October 2009
8/6/2019 WEF IT Advanced Cloud Computing Report 2011
28/28
The World Economic Forum is an independentinternational organization committed to improvingthe state of the world by engaging leadersin partnerships to shape global, regional andindustry agendas.
Incorporated as a foundation in 1971, and basedin Geneva, Switzerland, the World EconomicForum is impartial and not-for-prot; it is tiedto no political, partisan or national interests.
(www.weforum.org)