AdvAncing cloud computing: WhAt to do noW?

priorities for industry And governments

World Economic Forum In partnership with Accenture 2011

About this Report
This World Economic Forum report was developed by the Forum’s IT Industry Partnership in collaboration with Accenture, with input from a group of experts and a dedicated Steering Board.

The Future of Cloud Computing Steering Board
Guidance was provided by an actively involved steering board of experts, which included representatives from: • Akamai Technologies (Paul Sagan, Chief Executive Officer) • BT Group • CA Technologies (Ajei Gopal, Executive Vice-President) • Google (Nelson Mattos, Vice-President, Engineering, EMEA) • Microsoft Corporation (Craig Mundie, Chief Research and Strategy Officer) • Salesforce.com (Marc R. Benioff, Chairman and Chief Executive Officer; and JP Rangaswami, Chief Scientist)

World Economic Forum
The World Economic Forum is an independent international organization committed to improving the state of the world by engaging business, political, academic and other leaders of society to shape global, regional and industry agendas. Incorporated as a not-for-profit foundation in 1971, and headquartered in Geneva, Switzerland, the Forum is tied to no political, partisan or national interests. (www.weforum.org)

Accenture
Accenture is a global management consulting, technology services and outsourcing company, with more than 215,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the world’s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. (www.accenture.com)

Project Team Contributors
From the World Economic Forum: Joanna Gordon Associate Director, Information Technology Industry Chiemi Hayashi Associate Director, Deputy Head of Risks in Depth, Risk Initiatives Stephan Mergenthaler Project Manager, Strategic Risk Foresight From Accenture: Dan Elron Managing Partner, Strategy and Corporate Development Amelia P. Schaffner Manager, Strategy and Corporate Development Bojana Bellamy Director of Data Privacy Many individuals contributed ideas to this report through surveys, workshops and interviews. The project team thanks all participants for so generously sharing their time, energy and insights. Without their dedication, guidance and support we would not have been able to develop this report. World Economic Forum 91-93 route de la Capite CH-1223 Cologny/Geneva Switzerland Tel.: 41 (0)22 869 1212 Fax: 41 (0)22 786 2744 E-mail: contact@weforum.org www.weforum.org ©2011 World Economic Forum ©2011 Accenture All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including photocopying and recording, or by any information storage and retrieval system.

About the Forum’s Information Technology Industry Partnership
The Information Technology Industry Partnership (IP) programme of the World Economic Forum provides chief executives and senior executives of the world’s leading IT companies with the opportunity to engage with peers to define and address critical industry issues throughout the year. Identifying, developing and acting on these industry issues is fundamental to the Forum’s commitment to deliver sustainable social development founded on economic progress.

About the Project
Phase I of the World Economic Forum’s Exploring the Future of Cloud Computing project culminated in a report on the benefits of cloud computing entitled Exploring the Future of Cloud Computing: Riding the Next Wave of Technology-driven Transformation, published in the spring of 2010. The objective of Phase II was to develop recommendations for actions that governments and industry can take to accelerate the deployment and adoption of public cloud technologies, which resulted in this publication.

Ensure Data Portability 6. Accelerate Adaptation and Harmonization of Regulatory Frameworks Related to Cloud 8. Facilitate Interoperability 7.Contents Executive Summary The Clouds about the Cloud A. Promote Service Transparency 4. Security C. Business Environment 1 5 What to Do Now? Eight Action Areas 1. Advance Understanding and Management of Cloud-related Risks 3. Explore and Facilitate the Realization of the Benefits of Cloud 2. Clarify and Enhance Accountability across All Relevant Parties 5. Provide Sufficient Network Connectivity to Cloud Services 13 Project Outcomes: What Is Next? About the Research References 19 21 24 . Data Governance B.

stakeholders also expressed serious concerns about its widespread adoption. This report presents eight action areas for providers of cloud computing services and government agencies. creating employment and enabling innovation and collaboration. 4Center for Economics and Business Research [The cloud dividend. June 2010]. It is enabling new business models and creating tension in the system. 2010] 1 . SaaS. the Forum and its Partners investigated and prioritized these concerns in further detail. Industry Participant. 2010].1% (4) of executives from global companies who believe cloud computing can provide their company with a lasting competitive advantage the average improvement in ef ciency of an average employee because of cloud Source: 1IDC [Worldwide and Regional Public IT Cloud Services 2010 – 2014 Forecast. 3Accenture [Cloudrise: Rewards and Risk at the Dawn of Cloud Computing” Nov. there is a shift in responsibility.Executive summary “Cloud is rapidly changing the world. These were described in the project’s first report. ensuring the healthy future development of the cloud computing industry. Dec. have long been discussed in relation to the Internet without satisfactory resolution. Further divergence and fragmentation in how the public cloud evolves could further delay potential benefits. Nov. Clouds about the Cloud Many of the concerns about the public cloud. exacerbate these issues. technologies significantly Brussels Workshop. with major implications for where cloud providers can locate the servers that process data. or more than 5 times the rate of IT industry as a whole 2.” The potential benefits of cloud computing include promoting economic growth. how it is protected and how they can be sure it has been deleted when they want it to be. Computing: Riding the Next November 2010 Wave of Technology-driven Transformation. “All the infrastructure in the cloud is no longer under your control: with cloud. Cloud by the numbers $55 billion 33% (2) (1) forecasted worldwide revenue from public IT cloud services by 2014 30% (1) of global companies have deployed or are piloting the more mature layer of clouds.3 million jobs (4) 25% (3) of global companies will be deploying cloud computing for critical applications within 2 years the net new jobs created by cloud on a cumulative basis over the period 2010 to 2015 across the top ve EU economies 44% (3) 2. Exploring the Future of Cloud Washington DC Workshop. While recognizing the many benefits of cloud. These issues include difficulties faced by customers in understanding who can access the data that they put in the cloud.” Figure 1. It is intended to set the agenda for further engagement among all stakeholders. published in the spring of 2010. 2 Accenture [“Mind the Gap – Insights from the 3rd global High Performance IT research study. Project participants already feel that the current regulatory environment has slowed the progress of cloud technologies (in 2010). They also include a growing desire by many national governments to direct the evolution of the digital realm within their physical borders. In the second phase of the project. the May 2010 industry and government must address them at a relatively early stage in the evolution of cloud services. 23% of high performing IT companies have already deployed SaaS the rate at which cloud computing will grow in 2011. As cloud computing Government Participant. 2010]. which are outlined on page 5 of this report. however.

enabling users to customize their own cloud solutions across multiple providers. and telecommunications. Reliability. Integrity & availability. Data loss. the project has sought ways to reconcile the natural conflict between letting an innovative set of technologies mature and the need to protect users and citizens.” Vivek Kundra. the Forum and its Partners have prioritized a set of eight action areas to be addressed by industry and governments. the United States and Asia. With the support of leading providers and governments. we encourage individual companies. Service level commitment. 8. identified by stakeholders.“The global community has come together before to address key issues and policy considerations in other industries such as banking. to shape the future of cloud computing and take the first steps together towards a new. the eight action areas set out in this report received strong and essentially unanimous support from the companies participating in the private session about cloud computing at the World Economic Forum Annual Meeting 2011– including many of the largest cloud providers – and from several official representatives of governments and supranational organizations. the action areas cover topics such as: • Improving transparency on how services are provided. 2. how data is protected and which legislative regimes apply. We must now do the same for cloud computing. Presented on page 13. Ecosystem maturity Business Environment issues Authorized access. more interconnected world. governments and existing collaborative initiatives to move quickly to further define and implement the necessary actions that will accelerate the ability of cloud technologies to generate the economic and social benefits they promise. to build trust in the cloud • Conducting further research to clarify and spread awareness of the benefits of cloud. first Chief Information Officer (CIO) of the United States of America. 7. Generating the action areas Benefits • Accelerate innovation • Better serve customers • Lower organizational expenses • Improve IT efficiency & flexibility • Bring socio-economic improvements • Level the playing field Action areas 1. transportation. Figure 2. Data destruction 2 . 4. and data portability to ease user fears of vendor lock-in and government fears about lack of competition • Guaranteeing sufficient network connectivity so that users who entrust their data to the cloud can be confident of being able to access it on demand While complex and sometimes contentious. Through extensive consultations in Europe. March 2011 Key Opportunities for Multistakeholder Collaboration In response to these concerns. as a global community. 6. 3. In today’s turbulent world. Data ownership Interoperability & portability. The journey to cloud computing will not happen overnight. either separately or collaboratively. and ensure a balanced understanding of the nature of the risks and our current abilities to manage them. addressing these topics is seen as a critical step towards the broader need. Explore cloud benefits Understand & manage cloud risks Promote service transparency Clarify & enhance accountability Ensure data portability Faciliate interoperability Adapt & harmonize regulation Provide sufficient connectivity Issue areas Data governance issues Security issues Data location and jurisdiction. 5. but in the months and years ahead we have the opportunity. this is seen as helpful for enabling informed decision-making by both potential users and regulators • Facilitating system interoperability. who has accountability for what. these benefits are more critical than ever. Privacy & confidentiality.

According to research conducted by the World Economic Forum and Accenture in 2009 and 2010. with the playing field between large and small companies being levelled as companies of all sizes gain access to information technology that previously was affordable for only the largest companies • Helping emerging economies leapfrog to higher levels of technological development by providing more immediate and affordable access to next-generation applications. faster research. It’s like finding a substitute for oil. from having to build and manage their own technology infrastructure. software licenses and maintenance fees and replacing capital expenses with lower pay-for-use operating expenses • Enabling innovation and job creation at a macro level.” Industry Participant. improving access to financial services (insurance. wider information sharing and more effective collaboration between product development professionals around the world • Helping organizations serve their customers better through mining and analysing data to spot emerging trends. bank accounts. In the long term. cloud is seen as a way to gain competitive advantage. tools and infrastructure • Empowering governments and citizens to more effectively address such socio-economic issues as delivering healthcare and education. not only for organizations but also for whole industries and economies. the benefits of cloud computing technologies go beyond reducing IT costs – most participants see facilitating innovation as an even more compelling benefit. ranging from companies to government institutions and universities. Many believe that the impact of cloud computing will equal or exceed the impact of mobile technologies. such as changing customer needs and competitors’ market moves • Lowering organizational expenditures on data centres. micro-payments) in emerging economies and disaster management provision • Reducing the environmental impact of computing as economies of scale lead to less consumption of energy Affirming the benefits described in the project’s first report. May 2010 The ability to tap into computer applications and other software via the cloud frees organizations. The double-digit growth enjoyed by some cloud providers during the recent economic downturn demonstrates that many organizations find this attractive.Cloud: The Upside “People are used to scarce resources. most participants in the private session about cloud computing during the World Economic Forum Annual Meeting 2011 agreed that cloud computing is likely to have a noticeable impact on GNP growth during the coming five years. Brussels Workshop. 3 . While empirical evidence is still at an early stage. through enabling innovative new business models. including: • Dramatically accelerating the way companies create new products and services. studies have associated cloud computing with many types of benefits. and the idea of virtualization of resources is forcing a change from a paradigm of scarcity to one of abundance. servers.

4 .

to identify action areas in further detail. multiple issues of concern to key stakeholders from industry. be more complicated December 2010 when data is stored in a shared infrastructure managed by a third party. who has complexity created by the right to access it and cloud environments. They were grouped into three issue areas – data governance. In some cases. Ensuring Interoperability 8. industry leaders at the Annual Meeting 2010 mandated the second phase of the project. The issues raised under the heading of data governance were: Data location constraints It is not always clear under which legal jurisdiction data in the cloud falls – especially if. They also identified barriers to the achievement of such benefits and mandated that the Forum pursue the identification of a series of collaborative actions that could steer the healthy development of cloud computing. the data is split up and stored in multiple locations. a group of high-level IT industry participants at the World Economic Forum Annual Meeting 2009 mandated the first phase of the Future of Cloud Computing project. under what circumstances? industry players are What rules apply to the forced to infringe laws all the time.” use and sharing of data? Industry Participant. Clarity about data ownership 4. Such questions tend to London Workshop. surveys. Stakeholders expressed differing views about the appropriateness and feasibility of regulation alone – as opposed to industry self-regulation – to specify frameworks that govern data and its use in the cloud.weforum. Senior decision-makers in the public and private sectors explored the benefits that could be derived from the use of cloud computing for society. the economy and individual businesses.The Clouds about the Cloud Stakeholders’ Issues and Priorities With the pace of development of the cloud computing industry increasingly raising questions about regulation. Data Governance 2. Data Location constraints A. security and business environment – and analysed in detail.1 In response to the output of the project’s first phase. Ensuring integrity and availability (& addressing data loss) 6. Even if this were possible. one-toone and group interviews and using a structured “issue tool”. Figure 3 illustrates the issues associated with each of these three areas. Security 5. Ensuring Portability (& avoiding vendor lock-in) C. Insuf cient reliability of cloud 10.) B. http://www3. although many of the issues identified apply to the consumer domain as well. Business Environment 9. A. Data Governance “Given the legal Who owns data.pdf . data often falls under more than one legal jurisdiction. it is impossible to determine where a particular piece of data is physically at a particular moment. Regulatory protection of privacy and con dentiality 3. The scope of the project remains focused on the use of public clouds primarily for businesses and governments. Key categories of issues identified 1. Figure 3. government and academia were identified. Relative immaturity of the cloud ecosystem 5 1. Ensuring data is destroyed as needed 7. and it is unclear how inconsistencies among those jurisdictions would be resolved. as many cloud architectures require. Ensuring only authorized access (identity mgmt. Through a series of initial workshops. Insuf cient commitments to service levels 11.org/docs/WEF_ITTC_FutureCloudComputing_Report_2010.

data is stored on remote machines that are shared with other users. national measures to protect data privacy and confidentiality have only limited capacity to reassure users. or from the context of when and how those individual items of data were provided. For their part. In the cloud. security is breached or a provider fails. Some users are concerned that certain types of legal protection associated with data they entrust to the cloud will be compromised if data is moved through the cloud to other jurisdictions – for example. and many already have. for example. Meta-data is created from connections between separate individual items of data. it is not always clear what rights the cloud service provider gains to access. apply their laws to the cloud. there is no guarantee that adequate market mechanisms will emerge in a timely fashion. some cloud providers indicate that. if countries insist on data being stored within national boundaries. Some stakeholders feel that. Data Privacy and Confidentiality Many users say that concerns about data privacy and confidentiality restrict their willingness to use cloud services for sensitive data.” Users are concerned about the potential for foreign governments to demand access to their data. 6 . For example. even when the individual items of data are not. These concerns can result November 2010 in data location constraints being imposed – for example. they may be exposed to insufficient or conflicting regimes with regard to their intellectual property. This makes many users concerned about the potential for business competitors or government authorities to access their data in the cloud without their awareness or consent. Governments would like to mandate and apply national legal requirements for data stored in the cloud. requiring cloud providers to locate data within national borders.“No matter how much we invest. Metadata can be extremely sensitive and valuable. in the cloud. given these regulatory challenges. users concerned about data privacy and confidentiality will ultimately have to rely on market mechanisms to assess the trustworthiness of providers in the cloud. the United States has a stricter regulatory regime for specific sectors. modify or distribute that data. that is just a fact of the Internet. however. though. it is not always obvious what the respective roles and responsibilities are. see these concerns as thinly veiled excuses for protectionism. for example. There are scenarios in which users and providers could find themselves in a legal limbo. potentially giving the largest providers an unfair advantage. where the law provides no clear answer as to who is responsible for the data if. Who should have what rights to use meta-data and capture the value that arises? There is a lack of agreement on these issues. There is a desire for greater global consistency in data privacy requirements applying to the cloud – but government stakeholders note that fundamental differences in their approaches make comprehensive international agreements less likely. and regulation is not always conclusive. While regulators say they would like to improve both regulations and user awareness of the issues surrounding data ownership. Clarity about Data Ownership When a user moves data to the cloud. industry stakeholders express concern that over-regulation of data ownership at this point in the cloud’s evolution could prevent them from meeting user needs and improving services. Some stakeholders. Governments worry about losing the legal ability to “oversee” data in the cloud and Industry Participant. Nonetheless. where privacy and confidentiality issues are especially sensitive. or subjecting transfers of data outside a given jurisdiction to additional legal hurdles and authorizations. they will be unwilling to build new data centres in smaller markets. while the European Union has blanket data privacy laws covering all data. distinguish between data controllers and data processors – but. Ownership of meta-data is often raised as a concern. data is going to escape internationally. Given the cross-border nature of the cloud. EU data privacy laws. such as healthcare. Washington DC Workshop. They point out that the freedom to move data across borders helps to achieve the economies of scale that are a key benefit of cloud computing. as there is a significant cost involved in using architectures that keep a customer’s data in a particular country or geographical block.

can have its rules changed. or a social network comprising hundreds or thousands of hard-won relationships. like many such vendors. and another marker thrown down by the WikiLeaks episode is the prevalence and power of denial of service attacks: all but the most bunkerized homes for data and code are vulnerable to compromise or attack. Amazon. and pay more for those that can persuasively claim more reliable service. or even evaporate. slowed if the fears brought into focus by the WikiLeaks episode remain unaddressed. Zittrain. Amazon’s action crystallized something already known about cloud computing: when one’s data or software is hosted far away and under the care of a third party. 7 . leading to limited competition and a handful of points of control. Yet we also do not want to find ourselves continuing a march to cloud computing that entails clustering under only a handful of powerful umbrella service providers. As cloud computing accelerates.com elected to shut down its hosted version of the WikiLeaks website. in an instant. our creativity and sociability will be tested as we seek to realize its gains without creating undue vulnerabilities.move from the interesting to the downright vital. who plan and bargain less. Basements aren’t fail-safe either. there are new risks and complications that can offset the ways such hosting can make life simpler and safer. offers hosting to all comers but under terms of service that give it broad latitude in deciding ultimately whom to serve. as events in Egypt and Libya demonstrated. The solution is not likely to involve retreat to one’s own basement servers. Then if one is disrupted. (For consumers. While the approaches and examples can vary. cloud provider Amazon. Given the public controversy over WikiLeaks. which can offer so many benefits. not all risks can be easily mitigated. answers to these very new problems may be inspired from the oldest of human instincts and political organization: mutual aid. other copies remain. And. Some of these risks can be managed: businesses can shop carefully for an enterprise-level cloud provider. network trouble or government-mandated filtering can come between a business and its cloud processes. For example. We do not want to see the move to cloud computing. or for contracts that penalize unanticipated or unjustified takedowns or interruptions.) However. the equation can be particularly dangerous: a lifetime’s worth of e-mail or photos.Building a Secure Cloud without Undue Points of Control By Jonathan L. there are occasions in which an entire nation’s Internet access can be threatened.creating connectivity without relying upon Internet service providers -. Solutions may lie not as much in centralization as in its opposite: creating protocols and processes by which data is voluntarily mirrored among otherwise-independent sites. Professor of Law and Professor of Computer Science at Harvard University and Member of the Project Working Group In 2010. And at the network’s physical layer. we may see projects such as mesh networking -.

” Users want to be confident that their services and data are secure in the cloud – that is. Government stakeholders express concern about the resilience of cloud providers to distributed denial-of-service (DDoS) attacks. They also demand recourse mechanisms if something goes wrong. the significant technical difficulties involved in guaranteeing data deletion. By their nature. Security “No-one will unequivocally declare that cloud is 100% safe – just as no one will declare airplanes are 100% safe. always available to them and never available to unauthorized others. True data deletion is more challenging in the cloud. and be open. Industry stakeholders note. and using “hypervisors” to virtually isolate a user’s applications and data can still leave vulnerabilities. especially given that a great majority of client agreements require the service provider to notify the client of any breaches or data loss. private data centres. As many users’ data may be shared on one machine. users are concerned about the possibility of problems with one user’s services affecting another’s. Overall. and that technical November 2010 solutions can never fully protect against security breaches originating from users themselves. such as healthcare records. 8 .B. and to seek redress. and note there is an inherent disincentive for providers to report on breaches and problems. More broadly. Encryption is only as effective as the user’s control of who has the key. cloud solutions aggregate the security requirements of many clients. solve the problems as they come along. and does not solve the problems of a “malicious insider” or of users being manipulated into giving access. believe they are already being transparent enough. lost or temporarily inaccessible. These concerns are bound up with wider questions of how to manage and verify identities. This is not necessarily the case when the data is stored in the cloud. however. and often data may be mirrored on multiple machines. both industry and government stakeholders expressed concern that technical security mechanisms such as encryption could give users a false sense of security. it can still be recovered from their hard drives – additional steps are needed to make sure data can never be retrieved. it is clear who is accountable if the data is corrupted. Some industry stakeholders. often to the highest standard. Ensuring Integrity and Availability (and Addressing Data Loss) When users store their data on their premises. as aggregating multiple users’ data and services on a single platform makes it a more attractive target. Government stakeholders are especially concerned that sensitive data. Ensuring that Data Is Destroyed as Needed Most computer users are aware that even when they delete data. Let not security become the bogey that’ll stop the whole thing – be pragmatic. Without any way of verifying if their data has been destroyed. perhaps most. should not be recoverable once deleted. security protections in the cloud are more extensive than in many. Providers point out that no security mechanisms are foolproof. many cloud providers are keen to stress that the above concerns about security in the cloud should not be overstated. users have no option but to trust the provider. As a result. and they are frequently monitored and stringently audited. Industry stakeholders point out that greater security involves trade-offs with cost and Academia Participant. When it is unclear whether a problem lies with the cloud provider or with the networks the user is using to access the cloud. and all come with trade-offs: using encryption can be expensive. however. New Delhi Workshop. users are concerned that they will be unable to establish who is liable. because cloud providers are the only ones with access to the physical infrastructure on which users’ data is stored. usability. Security-related issues raised by stakeholders include: Ensuring Only Authorized Access Users are concerned that data in the cloud is more susceptible to cyber-attacks.

Other areas of public service that could benefit from the cloud include disaster management and the agricultural sector. 9 . Hurdles to the adoption of cloud include the limited availability of digitized data and the need to deal with requirements of 28 different states. Additional implications for Emerging Markets Overcoming connectivity challenges is critical. users. IT companies that export services are keen to have Indian regulation align with European and US data protection frameworks. government representatives and academia. be the only means of delivering certain essential services (such as microtransaction banking. limited and/or unreliable wired and wireless broadband infrastructure hinders access to. while privacy and personal data protection are not widely established in Indian law. cloud services in India. Similar efficiency gains could also improve public services in India. New Delhi Workshop. with large remote and poor populations. In terms of regulation.Cloud Computing in India and Emerging Markets “The change created by the cloud ecosystem will be manifested 20% in the realm of technology and the remainder through social change. Some government representatives argued that cloud service models could.” Industry Participant. and hence development of. For these companies. in fact. More broadly. and explore in which areas emerging markets could take the lead in cloud development. India’s Unique Identification Card (UID Card) project. Specific Challenges in India The lack of economic returns represents one of the key challenges for the development of the domestic cloud market in India. Given the large population base and the huge number of potential cloud users. micro-insurance and healthcare) given the vastness of the country. Access management is another area in which India is developing promising initiatives. including service providers. The goals of the workshop were to identify the potential benefits and opportunities of cloud computing in India and other emerging economies. providing access to data and computing power to people who would normally be deprived of such resources could unleash significant new innovation. November 2010 The World Economic Forum held a workshop in New Delhi on 23 November 2010. Market Potential Small and medium-sized companies with limited resources and access to IT are expected to be the greatest beneficiaries in India from the efficiency gains promised by cloud computing. which relies on cloud technologies. address the unique challenges to its implementation in emerging markets. While many IT companies are engaged in the cloud business. they feel that currently there are insufficient incentives to offer economically sensible cloud models and services to the domestic market. In addition. identification and access management poses unique challenges. small and medium-sized enterprises. convening over 30 leading Indian decision-makers. could be seen as a model case. participants expect cloud to facilitate more efficient delivery of services to “bottom of the pyramid” consumers – one of the key future market potentials in emerging economies. The development of mobile-based access in India and other emerging markets will drive the adoption and growth of cloud computing. particularly those targeting micro. The development of such a framework in India would assist the industry in competing on an international scale. This calls for greater engagement from the government to provide a fertile environment for domestic cloud markets and to engage in public-private partnerships on cloud development.

as more information and approaches to running a business are externally exposed 10 . There were. They are concerned about being alerted to planned downtime and having accurate reports about unplanned downtime. mixed views among industry stakeholders on the feasibility of working towards standardized SLAs. Business Environment Cloud services and business models are still at an early stage of development. Common concerns include: • The still-widespread lack of understanding about cloud. Insufficient Commitments to Service Levels Related to reliability concerns. Nonetheless. there is no consensus among cloud providers on how much information about their reliability they are willing to disclose. expensive or impossible to transfer data to a different cloud. as with interoperability. or back to their premises. and the need for backup strategies in the event of unanticipated crises or a provider going out of business. however. Relative Maturity of the Cloud Ecosystem While cloud services are evolving rapidly. market mechanisms will evolve that allow users to assess providers’ reputation and reliability. response times. given the great diversity of architectures and users’ needs and circumstances. industry stakeholders are concerned that an excessive focus on ensuring data portability will limit their incentive to innovate by making it harder for them to differentiate themselves through different architectures and offerings. or that what is offered is insufficient for important applications. reliability and security – or by the lack of stipulated penalties if these commitments are not met. Industry stakeholders generally feel that. time consuming. industry stakeholders are concerned that a premature focus on standardization to promote interoperability could hold back innovation and the evolution of better solutions. Potential users of cloud computing are held back by the lack of clear commitments from providers on such issues as uptime. Government stakeholders are also concerned about portability from the perspective of encouraging competition and building systemic resilience. as potential users do not feel sufficiently informed about the risks and benefits and are nervous about committing to relatively new business models such as pay-as-you-go access to IT • Future speed. users being able to move data (or even complete application stacks) easily among cloud providers. which could protect users against problems with the cloud • Threats to intellectual property from using cloud solutions outside a firewall. as there are still relatively few IT professionals globally who are trained to architect cloud solutions • Current underdevelopment of insurance solutions. Users also note that the lack of standardized SLAs makes it difficult for them to compare competing services. Governments also favour interoperability as a way of driving competition and increasing the resilience of the cloud system as a whole. Many users express the fear of being “locked in” to a single cloud provider if it turns out to be inefficient. Concerns about meta-data also complicate efforts to ensure data portability. and government agencies are not satisfied with the status quo. users note that the kind of SLAs (service level agreements) they rely on from providers of their on-premises IT solutions do not tend to be offered by cloud providers. having access to their data slowed by other users creating contention for the provider’s resources. especially where the market consists of only a few providers. but several areas have been identified that are of concern to key stakeholders. They include: Ensuring Interoperability Interoperability is the ability of different systems to seamlessly communicate with each other. Ensuring Data Portability Closely related to interoperability is the question of data portability – that is.C. many stakeholders express concern about the speed at which other necessary aspects of the ecosystem in which public clouds operate are evolving. reliability and global availability of the network access required to use public clouds • Availability of expertise. Insufficient Reliability of Cloud Many users perceive that the reliability of cloud solutions is not yet sufficient for them to trust the cloud with their mission-critical needs. However. bandwidth. Users favour greater interoperability as it allows them to customise their own solutions by purchasing “best of breed” services from multiple cloud providers and to move more easily between providers. However. as the cloud matures.

The skills issue also comes into play – a country’s capacity for innovation could be compromised if its citizens are not sufficiently aware of how to utilize cloud technologies. relationships. autonomy and sovereignty could be compromised if firms increasingly rely on the same few foreign cloud providers. data location and ownership of data) • Clarification on application of regulation • Data privacy & confidentiality Washington. There are also questions about whether national identities. although most stakeholders agree that. Many stakeholders are concerned by the current dominance of cloud providers based in the United States. Finally. under what terms and with what protections. especially if no local cloud providers exist and if local R&D is limited. This reliance is seen by some as potentially a new form of “colonization”. micro businesses U.g. because of the potential loss of competitiveness and decreased ability to influence how the cloud operates. the cloud’s net effect on jobs is likely to be positive. Infrastructure.The Cloud in Context: Geopolitics and Economics Some of the fundamental issues identified by the project illustrate how sensitive and complex cloud technologies have become at this relatively early stage in their development. Figure 4. Key topics that emerged at the 2010 workshops Brussels • Economic and social impacts of cloud • Interoperability and vendor lock-in • 3rd party validation & certification • Secure access & network security • Industry-led standardization • Growth-enhancing initiatives • Clarify (roles. DC • Education & awareness raising • Government access to data • Interoperability & portability • "Privacy by Design" • R&D needs • Quantifying ROI • Harmonization & Transparency • Addressing risk India • Economically sensible cloud models • Government-Industry partnership • Government incentive • Enabling cost (e. in the longer term. utility) of delivery in emerging markets • Compliance with int'l regulations on data • Social change • India's youth • Lower concerns about data sensitivity • Focus on small. This may explain the development of individual clouds in countries such as China. Some officials are worried that jobs may be lost in private data centres as companies move to the cloud.K. it is still far from clear how principles of free trade should be applied in the cloud – whether countries that host cloud data centres have an obligation to provide open access to these centres to customers from other countries. • Macro-regulatory framework • Transparency & trust • Co-regulation model • Integrity & reliability • Accountability • Concrete security measures • Interoperability & portability • Number of actors 11 .

12 .

Facilitate interoperability 7. bringing together several areas in which there are existing but disparate initiatives. objective research on its benefits is difficult to find. First. Promote service transparency 4. these action areas are put forward as a charter for further engagement among key stakeholders.What to Do Now? Eight Action Areas Working from the major issues described in the previous section. broad delivery of IP. to have independent and objective research into the potential for cloud computing to facilitate collaboration among multiple and diverse participants in industries such as healthcare. Second. 1. the project set out to develop recommendations and identify actions that governments and industry can undertake to accelerate the deployment and adoption of public cloud technologies. users may be held back from moving to the cloud if they perceive the risks more clearly than the benefits. 1. that regulation should detract as little as possible from the benefits of what is being regulated. government effectiveness and efficiency. a balanced view of the potential benefits is especially necessary for cloud. Such research should focus on the potential for job creation (and loss). We hope this step will lead to industry and government collaboration to further define and implement the necessary actions to move the agenda forward and accelerate the uptake of cloud technologies. Clarify and enhance accountability across all relevant parties 5. given its complementarity with broadband access. there has been extensive research on the benefits of broadband. for example. Accelerate adaptation and harmonization of regulatory frameworks related to cloud 8. eight critical action areas were selected by government representatives and companies – including many of the largest cloud providers and regulators from Europe and North America – and then confirmed in the private session about cloud computing held during the World Economic Forum Annual Meeting 2011. It is normal enough for any new technology that independent. it has been expected for some time that cloud would significantly advance healthcare and education. and other economic benefits. looking especially at how small and medium-sized businesses could benefit from access to “best in class” computing solutions. and it is important to understand why this has not yet happened. However. Topics include product and process innovation and job creation. given the unique concerns it raises. 13 . They are intended to form a cohesive agenda. Ensure data portability 6. Provide sufficient network connectivity to cloud services As described below. In particular. regulators find it hard to make balanced decisions that are in line with the European legal principle of proportionality if they lack a clear sense of how their decisions could potentially impact the macroeconomic and societal benefits of the cloud as well as the risks. or to deliver cross-border protection of intellectual property rights. Underlying many of the issues discussed in the previous section is a sense that the benefits of cloud computing – beyond those related to IT efficiencies – are not well understood. Explore and facilitate the realization of the benefits of cloud 2. collaboration. particularly its ability to accelerate GNP growth. education and complex supply chains. While the underlying issues are complex and contentious. Advance understanding and management of cloudrelated risks 3. It would be useful. During the past decade. This manifests itself as a problem in two main ways. among other provisions. Explore and Facilitate the Realization of the Benefits of Cloud Cloud ecosystem participants should dedicate additional resources to understanding the benefits of cloud and accelerating the adoption of innovative applications of cloud technology. The principle of proportionality argues. This may provide a model for similar research into the cloud.

security. where data centres may be protected by security mechanisms that are so sophisticated they actually reduce risk rather than exacerbate it. the development of the cloud would be needlessly held back. how well they can be managed. and there is scope London Workshop. and how they relate to broader global risks such as political issues affecting the movement Industry Participant.” and standardize reporting are Industry Participant. Greater transparency should also reduce the risk of excessive regulation that could hinder the industry’s evolution. It is arguable that several of the stakeholder concerns described in the previous section apply just as much to the public Internet as to the cloud. This includes letting customers know how data is secured. liability and reliability. underway. London Workshop. the less they will be concerned about the need to protect less-sophisticated customers through regulation. where data is stored and/or what jurisdictional provisions apply. Clearer and more easily accessible information about cloud service delivery models and offers would accelerate the development of the market by improving levels of user trust and facilitating the creation of aggregated services provided by multiple providers. If concerns are indeed overstated. Such a move could help to build trust in the cloud and reduce the need for further regulation. relationships. with cloud providers asking a third party agency to audit. such as personal data and trade secrets.e. Government stakeholders indicate that as more consistent and comparable information on cloud performance and security becomes available to customers. Risk mitigation strategies need to address the different risk profiles of different types of data. for them to be consolidated. Efforts to improve cloud services. Advance Understanding and Management of Cloud-related Risks Relevant stakeholders (providers and government) should encourage research into the unique risk drivers in cloud computing and identify potential solutions. authoritative research is lacking on how serious the risks are for different types of applications and data. and help to ensure that government regulation is appropriately targeted. certify or rate them. A better understanding of risks would also facilitate the development of nascent cloud insurance models to offer compensation to customers in the event of losses caused by the cloud. Innovative approaches to managing risk could include industry players developing codes of conduct and mutual assistance schemes whereby providers agree to assume responsibility for each other’s service commitments in the event of outages or breaches. Brussels Workshop. locations and ownership of data. December 2010 Voluntary certification schemes could also play a role. there is very little information on what is going on behind the scenes in terms of security management in the cloud. Collaboration among industry December 2010 and regulators on conducting and publicizing such research could educate and reassure users. 14 . greater transparency (i. 3. public disclosure) about cloud computing would go a long way towards addressing many of the stakeholder issues detailed above – notably privacy and confidentiality. “There is a need to be transparent with regard to roles.” Industry Participant. how and by whom it can be accessed.2. The flipside of clearly understanding the potential benefits of cloud is ensuring that perceptions of risk are also grounded in reality. Promote Service Transparency Providers of cloud services should make available to customers information about how their services are provided and how they perform. data ownership. In addition to further research into the benefits and risks. and how it can be deleted. “For the moment. of information across borders.” However. May 2010 There is an opportunity for cloud “Transparency is providers to take the lead on one of the key transparency through developing requirements: we codes based on shared good need to learn to trust practices.

Efforts to clarify accountability for legal compliance – such as the development of data privacy and security compliance programmes by cloud users or providers – are hindered by unclear and sometimes inconsistent regulation. It is therefore important to achieve clarity on whether cloud providers are considered data processors or data controllers. The fear of vendor lock-in holds back many potential users of cloud. who are currently reluctant to entrust missioncritical services to the cloud. These concerns are lessened if it becomes quicker. Possible technology approaches to the third point include tagging data with a specific jurisdiction code or encrypting all data before it moves to the cloud (although this is expensive and not foolproof). between different cloud providers and between user premises and the cloud. users want clarity about accountability for service delivery in situations where providers leverage sub-contractors. in addition to the actual data entered. There is potential to achieve greater consistency and rationalization in the data portability standards currently being advanced by multiple bodies. over time. Users should be aware. easier and cheaper for users to move data. Clarify and Enhance Accountability across All Relevant Parties Industry. without an onerous fee and in a timely manner. 15 . law enforcement access and liability. Governments have a role in minimizing any regulatory barriers that are faced by efforts to standardize portability. can significantly increase the options available to customers. government stakeholders indicate that voluntary industry moves to clarify accountability and establish corporate compliance programmes could reduce the need for regulatory intervention. There is an opportunity for third-party certification schemes to play an important role. Industry players and government stakeholders need to agree on the extent to which it is possible to establish general principles regarding accountability. what the respective obligations of both parties are. that due to economies of scale in the cloud and particular cloud architectures. 5. it may be economically infeasible to roll back from the cloud to an on-premises solution. greater clarity about accountability would accelerate uptake of cloud computing among potential users. as some cloud providers expressed the view that accountability needs to be negotiated only with individual clients. however. including the Distributed Management Task Force. the ambition could be to develop minimum portability standards and common approaches for all cloud providers. Work on facilitating data portability also needs to be aligned with work on common approaches to data ownership and protection. and potential for further industry involvement in existing initiatives such as the Data Privacy Accountability Model. Privacy-by-Design and Binding Corporate Rules.4. and which country’s laws apply to data when a cloud provider has data centres in multiple jurisdictions. In particular. Users want to know who is accountable if service levels are unsatisfactory. Providing meta-data and context information. and perhaps applications. As with transparency. Ensure Data Portability Cloud service providers should provide ways for users to easily retrieve data they have input to clouds. Complementing greater transparency. while many government stakeholders are concerned about maintaining competitiveness in the cloud market. regulatory bodies and third parties should collaborate to create and implement more consistent and comprehensive approaches to accountability for how cloud services are provided. if they are unable to access data they put in the cloud or if it is accessed by unauthorized persons or government agencies. get acquired or go out of business.

voluntary “safe harbour” programme with the understanding that. Familiarizing labour pools with cloud technologies should enhance national economic competitiveness by ensuring that industries that stand to benefit from the cloud do not fall behind in taking advantage of it. several additional actions were discussed but did not receive sufficiently widespread support to be included in the final list of action areas. and small businesses share an interest in fostering education and awareness among potential users of cloud services on ways to leverage cloud technologies. and evaluate cloud options before making investments. As governments are also concerned that users of cloud should be able to understand and take responsibility for their choices. the cloud computing industry (and other industries that can benefit from cloud). included: • Adapt WTO frameworks to create a cloud “trade body” to address data policies and help stakeholders formulate and agree upon policies needed for digital services • Create a broader. possibly. or US$ 20 billion. which calls for about one-quarter of federal IT spending. These are: Foster education for cloud users Governments. Pursue new approaches to regulatory harmonization Additional suggestions mentioned in this context that did not achieve broad agreement. data encryption. Improve SLAs By working to evolve clearer and more standardized service level agreements. global body to pursue non-compliant providers. once a company commits to it. criminals and. rogue states 16 . data deletion. agencies will be required to move three services to the cloud within 18 months. This applies in particular to identity and access management. adopt a cloud model wherever feasible. to be committed to cloud systems. academia and institutions of higher education. industry action could pre-empt regulatory intervention. The adoption of cloud by governments also increases user confidence and may facilitate regulatory processes and harmonization. the commitment will be legally binding • Create a “Cyberpol” or world court that would act as a central. More stringent SLAs will also allay user concerns about entrusting mission-critical solutions to the cloud. Additionally. “Use cases” could illustrate more complex scenarios. under the US Cloud First programme. industry players can address user concerns about being unable to make informed decisions.Additional Action Areas In addition to the eight action areas detailed in this report. Adopt Cloud Governments can continue to support the use of public cloud and play a significant role in the general adoption of cloud by driving the need for industry to create government-ready solutions. Promote R&D for privacy and security enhancing technologies Providers of cloud services should collaborate with each other and with government stakeholders to invest in research to advance the protection of privacy for users through the reinforcement of existing procedures and creation of new architectures and systems. For example. and addressing causes of failure and security loopholes. US Federal Chief Information Officer Vivek Kundra has released the Federal Cloud Computing Strategy in 2011.

As the cloud industry matures over the coming years. This would imply achieving a harmonized approach to the underlying principles that guide regulation. which currently differ among jurisdictions – notably through the US’s sectoral approach to data privacy regulation and the EU’s more universal one. the protections accorded to them. This holds back users from moving to the cloud. This will accelerate the growth of the overall cloud ecosystem. as they do not stop countries from introducing additional provisions. commitments to commonly defined service levels and broad adoption of standards. Fostering cloud interoperability will also likely extend to a broad range of ecosystem players.6. while considering the maturity of the overall industry. whereby industry Representative. review it. interoperability will need to be accompanied by the evolution of clear accountability frameworks. Minimum regulatory standards are not a solution – they are often not sufficient to reduce complexity. Large industry players. Data protection authorities can play an important role in interpreting and harmonizing legal frameworks to more effectively meet user and provider needs for clearly understandable and authoritative guidance about their respective responsibilities. including providers of connectivity and application developers. And when regulations effectively force data to remain within national borders – either directly by imposing restrictions on data transfers outside the jurisdiction. through encouraging visible research and pilot projects. as they fear regulatory provisions are insufficient to protect their data from being unduly accessed by law enforcement or retained by providers. 17 . There is widespread frustration among stakeholders about the regulatory environment for cloud computing. every step towards greater interoperability helps to address stakeholder concerns about competitiveness and lock-in. takes the lead in identifying World Economic Forum necessary provisions and Annual Meeting 2011 governments take a policy and oversight role. As a long-term goal. and the recourse available in the event of breaches.” Options include a “co-regulation” Government approach. It may also accelerate innovation and help address challenges related to data privacy and security. Facilitate Interoperability Industry players should pursue the evolution of cloud offerings with the goal of facilitating interoperability among multiple (private and public) clouds. There has been notable progress recently in developing offerings that allow users to customize their own solutions by simultaneously using services from multiple cloud providers. including savvy and demanding customers such as governments. As a step in this direction. can help accelerate this maturation process – for example. “Industry could governments may wish to take the initiative explore a “macro-regulatory for a cloud ‘code framework” that will be more of conduct’ and adept at keeping pace with regulators could then rapid technological change. or indirectly through a lack of cross-jurisdictional alignment – they hold back cloud providers from realizing improvements that come from achieving scale through multiple locations. governments should continue to dialogue with providers to better understand the impact of regulatory interventions. conflicting and difficult to apply for users and providers operating globally. who will need to adopt relevant architectures and provide enabling services such as highly reliable cross-cloud connectivity. As with data portability. Regulations are often inconsistent. Accelerate Adaptation and Harmonization of Regulatory Frameworks Related to Cloud Governments worldwide should adapt and harmonize regulations relevant to cloud with the aim of improving their applicability and reducing divergence across jurisdictions. 7. especially in the areas of data privacy and security.

Many of the issues around access to the cloud relate to maintaining continuity of the network. both fixed and mobile. Governments have a role in promoting better connectivity in all markets. “Large businesses do not have a strong grasp of their dependence on Internet-based services. in an environment where market needs maybe moving faster than the technology. which will increase with cloud. Provide Sufficient Network Connectivity to Cloud Services Industry. especially in emerging and developing countries where the issue may be more acute. the planning of networks and data centres needs to be coordinated. To be able to use cloud computing with confidence. 18 . In particular. Not much research currently exists on this topic. Washington DC Workshop. reliability and robustness of networks. November 2010 Given that cloud computing uses data centres that need to be able to handle massive amounts of traffic.8. Policy initiatives that could serve as examples include the Europe 2020 broadband targets and the European Commission’s Digital Agenda pillar on ultra-fast broadband.” Industry Participant. users need to be confident that current telecom investments will be sufficient to support future services. Developing a framework describing what services can be provided with various levels of connectivity could also help national governments promote and prioritize investments that will sustain future growth opportunities. They need guarantees about the speed. government and relevant agencies should identify connectivity requirements for cloud services (wired and wireless) and promote the commensurate deployment of networks across the world. users need easy access to the cloud.

announced at the Forum’s Annual Meeting. encourage business adoption and find ways to reconcile the natural conflict between letting an innovative set of technologies mature and protecting users and citizens. As it becomes a critical element of the IT landscape. there is much expectation that its potential economic and social benefits could rival those of the Internet or mobile technologies. 3. leading to a wider and more effective uptake of cloud solutions. Experience of previous waves of technological change suggests that now is the window of opportunity for industry and policy-makers to collaborate. 6. We hope that the framework described in this report has provided a common language and a shared set of priorities for industry and governments to continue to address common issues in a constructive way. 8. VicePresident of the European Commission responsible for the Digital Agenda Towards a European Cloud Computing Strategy. Industry Participant. governments. Figure 5. international organizations and academia to prioritize their concerns and explore potential solutions. 4.do?reference=SPEECH/11/50 . cybersecurity and the health of the Internet. To do this. the project has brought together key stakeholders from industry.2 An especially promising avenue for government-industry collaboration could be the initiation of experimental pilot deployment programmes to generate and document empirical evidence on the positive social and economic impacts of the cloud. harmonizing regulatory London Workshop. While valuable work is underway on many of these issues (such as standards and security) the project aims to address more cohesively the bigger picture and the possibility for a broader common agenda. World Economic Forum Annual Meeting 2011 Cloud computing is at a pivotal point of development. 7. which are magnified by their overlap with broader contemporary worries such as national sovereignty. http://europa. but also much uncertainty. Other potential collaborative actions could include: • Industry investing in research into systemic security risks and costs and how to collaborate on areas such as encryption • Service providers reaching agreement on common best practices for transparency • Telecoms providers working to identify connectivity requirements and investment needs by geography Cloud computing is set for rapid acceleration around the world. The eight action areas are already being used as the basis for multistakeholder collaboration in multiple contexts. The aim of these action areas is not to offer prescriptive solutions. 19 2. such as feeding into a series of meetings between industry leaders and EU Commissioner for the Digital Agenda Neelie Kroes on cloud regulation and harmonization. Action areas 1. And it is a timely exercise indeed.eu/rapid/pressReleasesAction. the World Economic Forum has done a great job in bringing together a lot of expertise and experience.” The eight action areas described in this report encompass broadening awareness and understanding of the benefits and risks of cloud.Project Outcomes: What Is Next? “After two years of intensive work on cloud issues. 2.” Neelie Kroes. clarifying December 2010 accountability. Such studies could help counterbalance concerns about cloud computing. but to suggest a charter for further engagement among industry and governments. frameworks. promoting service transparency. They received broad support from industry and government leaders taking part in a private session on cloud computing at the World Economic Forum Annual Meeting 2011. Explore cloud benefits Understand & manage cloud risks Promote service transparency Clarify & enhance accountability Ensure data portability Faciliate interoperability Adapt & harmonize regulation Provide sufficient connectivity This report set out to identify the issues that need to be addressed to move the agenda forward and areas of action that all agree could enable the healthy development of cloud technologies. and ensuring sufficient network connectivity. “Stakeholders’ willingness to overcome the barriers depends on their assessment of cloudrelated benefits. facilitating system interoperability and data portability. 5.

20 .

Project timeline 2011 Annual Meeting. A key research tool was an extensive survey that Accenture designed and developed on cloud computing. Based on the findings of the phase I report. surveys and interviews to obtain their views on the potential impacts of cloud computing – on business. Brussels workshop 2010 Annual Meeting.com/wef-2010report Video: http://tinyurl. Davos Cross-government call Brussels workshop IES New Delhi workshop AMNC Dalian workshop Tokyo workshop San Francisco workshop 2009 Annual Meeting. government regulators.About the Research Project Background This report is part of the World Economic Forum’s research study. corporate buyers of IT. the project was divided into two phases: I.com/wef-2010video II. Exploring the Future of Cloud Computing. Collecting a wide range of highly informed views enabled us to identify the key drivers. Phase I outcomes: Report: http://tinyurl. academics. It was mandated by the IT Governors at the World Economic Forum Annual Meeting 2009 in Davos-Klosters. enablers and barriers in cloud computing. The first phase focused on consulting with a wide range of relevant stakeholders (IT industry. Figure 6. Two objectives for the research were defined: • Develop an understanding of what is needed to steer the healthy development of both public and private cloud computing environments • Develop a set of industry and public policy action areas that could help mitigate the uncertainties and accelerate the benefits of cloud computing Consequently. Switzerland. Davos Industry/ government consultation Slough (UK) workshop New Delhi workshop Washington DC workshop Industry/ government consultation & issue tool Europe Summit. Davos Phase 1 Phase 2 21 . investors. phase II focused on developing action areas and identifying actions that governments and industry can undertake to accelerate the deployment and adoption of public cloud technologies (this report). society and the global economy. journalists and others) through workshops.

mega-scale infrastructure (e.g. November 2011 4. The definition we used in this project came from the University of California at Berkeley: “Cloud computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the data centres that provide those services. Cloud Constraints and Barriers Initial Prioritization Issues That Affect Cloud Deployment In The Next 3 Years Issue Tool Collation of Skateholder Priority Issues Input Figure 8. “The NIST Definition of Cloud Computing”. Amazon. enumerating some characteristics4 often associated with cloud computing may help to clarify how the term is commonly used and understood: • On-demand self-service • Broad network access • Resource pooling • Rapid elasticity • Measured service • Massive scale • Virtualization • Resilient computing • Low-cost software • Geographic distribution covering multiple jurisdictions • Multiple accountabilities • Service orientation • Advanced security technologies 3.Examples of types of cloud computing:3 Figure 7. Deployment models relevant to this project: • Public cloud – sold to the public. access to applications and business processes. “Cloudrise: Rewards and Risks at the Dawn of Cloud Computing”. Project process and outcome • Process/Industry clouds • Application clouds (SaaS) • Platform clouds (PaaS) • Infrastructure clouds (IaaS) Phase I Input and Report. A possible hierarchy of cloudbased offerings Process/ Industry Clouds Analysis & Solution Development Draft Action Areas Application Clouds (SaaS) Davos Governors Gession Platform Clouds (PaaS) Action Areas and World Economic Forum Report Output Definition of Cloud Computing There are probably as many definitions of cloud computing as there are opinions about its future. Harris and Allan E. Alter. there is no definition that is agreed upon in most quarters. storage. Peter Mell and Tim Grance. To date. October 2009 22 . Google) • Hybrid cloud – composition of two or more clouds where one might abstract applications or services through a combination of in-house infrastructure and/or reaching out to multiple clouds • Community cloud – a shared infrastructure for a specific community (e. healthcare) Note: Private clouds (ones that an enterprise owns or leases) are not included in the scope of phase II of our project Infrastructure Clouds (IaaS) Characteristics of Cloud Computing In the absence of a commonly accepted definition of cloud computing.” Clarifications: Access to the cloud can be provided via multiple technologies (Internet or other) and services can include processing. Jeanne G.g. Accenture.

. USA Centre for Commercial Law Studies. Harvard University.com SAP SAS Telefonica Tibco Wipro 23 Governments and Agencies European Commission European Data Protection Supervisor (EDPS) European Network and Information Security Agency (ENISA) Confederation of Indian Industry (CII) French Data Protection Authority (CNIL) German Ministry of Economics and Technology German Ministry of the Interior Indian Department of Information Technology Indian Department of Micro. USA Brookings Institution. Small and Medium Enterprises NASSCOM India Japan Ministry of Internal Affairs and Communications Organisation for Economic Co-operation and Development (OECD) UK Cabinet Office UK Department for Business. Andrew Wright. Belgium An additional thank you goes to the Accenture Australia creative services team. Queen Mary. Belgium Complutense University of Madrid. FUNDP Namur. USA International Institute of Information Technology Bangalore Rand Europe Research Center on IT and Law. to the Forum editing team and to the writer. Innovation and Skills (BIS) UK Office of Cyber Security and Information Assurance US Department of Commerce US Federal Communications Commission US Federal Trade Commission US General Service Administration US Office of Management and Budget Academia Berkman Center for Internet and Society.Acknowledgments: Partners and Contributing Organizations Industry Accenture Akamai Alcatel Lucent AT&T Bitcurrent BMC Software BT Group CA Technologies Capgemini Cisco Colt ComScore CSC Cyber Risk Partners Dell Deutsche Telekom EMC Forrester Fujitsu Google HCL Technologies HP Huawei Technologies Infosys Technologies Intel Juniper Kudelski Lenovo Lockheed Martin McAfee Mahindra Satyam Microsoft Nasdaq NCR Corp. Spain Georgetown University. Nivio Orange Business Services Polycom Salesforce. University of London Centre of Excellence in Information and Communication Technologies.

Harris and Allan E. IX. “Worldwide and Regional Public IT Cloud Services. Friedman and Darrell M. Watching Cloud Contracts Take Shape”. pp. November 2011 6. “Federal Cloud Computing Strategy”. 2009 17. Accenture. Jeanne G. European Commission. IDC. March 2011 13. West. speaking at the World Economic Forum Annual Meeting 2011. 179-208. Christopher Millard and Ian Walden.. The Brookings Institution. Center for Technology Innovation at Brookings. EU Data Protection Directive 95/46/EC. 2010-2014 Forecast”. March 2011 7. “Cloudrise: Rewards and Risks at the Dawn of Cloud Computing”. IUP Journal of Managerial Economics. Peter Mell and Tim Grance. Employment and Output in Europe”. Accenture. “Exploring the Future of Cloud Computing”. 1-16 21. Simon Bradshaw. authored by 11 members of UC Berkeley’s division of Electrical Engineering and Computer Sciences. Article 29 Data Protection Working Party of the EU Directive 16. November 2010 5. May 2010 14. February 2009 2. Federico Etro. “Mind the Gap – Insights from Accenture’s Third Global High Performance IT Research Study. 20. November 2009 10. Neelie Kroes. Ministry of Internal Affairs and Communications of Japan. February 2011. 2. October 1995 15. May 2010 3. pp. 54. “The NIST Definition of Cloud Computing”. “The Cloud Dividend”. ENISA. “Digital Japan Creation Project (ICT Hatoyama Plan)”. October 2010 19. Vice-President and Commissioner for the Digital Agenda of the European Commission. January 2011 11. “Information Assurance Framework”. Review of Business and Economics. “The Economic Impact of Cloud Computing on Business Creation. “Privacy and Security in Cloud Computing”. “The Economics of Cloud Computing”.. ENISA. Vivek Kundra. Alter. World Economic Forum. “Above the Clouds: A Berkeley View of Cloud Computing”. December 2010 8. Allan A.References 1. “Where the Cloud Meets Reality: Operationally Enabling the Growth of New Business Models”. June 2009. Center for Economics and Business Research. “Cloud Computing Security Risk Assessment”. 2. “A Digital Agenda for Europe”. Vol. February 2011 12. “The Terms They Are A-Changin'. October 2009 24 . June 2010 4. Prof. Vol. March 2009 18. Unique Identification Authority of India (UIDAI) Volunteer Guidelines. “Towards a European Cloud Computing Strategy”. November 2009 9.

The World Economic Forum is an independent international organization committed to improving the state of the world by engaging leaders in partnerships to shape global. Switzerland. (www. the World Economic Forum is impartial and not-for-profit.org) .weforum. regional and industry agendas. it is tied to no political. and based in Geneva. Incorporated as a foundation in 1971. partisan or national interests.

Sign up to vote on this title
UsefulNot useful