SlideShare une entreprise Scribd logo

Risk Thinking for Cloud-Based Application Services

E
Eric Bauer

Techniques for identifying , analyzing and treating risks to user service quality of software applications executing on cloud computing platforms.

Logiciels
1  sur  12
Télécharger pour lire hors ligne
© 2017 Nokia1 Risk Thinking for Cloud- Based Application Services Public Eric Bauer
© 2017 Nokia2 The Cloud Operator’s Risk Management Challenge …and those organizations seek to avoid unacceptable downside consequences, especially Impaired service reliability Impaired service latency Impaired service availability Risk Management is “coordinated activities to direct and control an organization with regard to risk” meaning activity to reduce the uncertainties of achieving desired upside benefits without unacceptable downside consequences Organizations invest in cloud in pursuit of two benefits: 1. Deliver new services and value faster  grow top line 2. Improve operational efficiency  boost bottom line
© 2017 Nokia3 Cloud Service Providers (CSPs) Primary Cloud Operator Roles CSP: Management and Orchestration as-a-Service CSP: Functional Component offered as-a-Service Cloud Service Customer (CSC) CSP: Infrastructure as-a-Service Application Software CSP: Network Provider Provider Role Customer Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Functional Component as-a-Service Virtual Compute, Memory, Storage & Networking Service Automated Lifecycle Management Cloud Service User Application Software Integrator Role Transport Service Application Service Cloud Service Customers (CSCs) operate application services hosted on public or private clouds Cloud Service Providers (CSPs) own and operate the physical infrastructure equipment, etc, that serve the virtual resources, automated lifecycle management and functional components to CSCs Considering risks facing the cloud service customer organization Roles based on ISO/IEC 17788:2014 Cloud Computing Overview & Vocabulary
© 2017 Nokia4 Deliver new services and value faster to grow the top line, especially via: 1. Enhanced Service Value Chains…rapidly leverage off-the-shelf service components 2. Agile/DevOps and Accelerated Application Service Lifecycle Improve operational efficiency to grow the bottom line, especially via: 1. Aggressive automation and self service 2. DevOps and application lifecycle changes 3. Perfect capacity management 4. Transparency and continuous improvement 5. Aggressive cost management Expected Cloud Service Customer Benefits of Cloud Deployment Service Lifecycle ServiceTransitionPlan & Code Service OperationTest Build Development Lifecycle Cloud Service Customer (CSC’s) Service Production Costs CSC General & Administrative Overheads Maintenance & Support Fees CSC Labor Staffing Loaded Salary CSC Operations & Business Support Systems Application & Software Components Usage Usage-based pricing Infrastructure Usage Usage-based pricing Functional Component as-a-Service Usage Usage-based pricing Cloud Management & Orchestration Usage Usage-based pricing 1.Aggressive automation, including selfservice 5.Aggressive cost management 3. Perfectcapacity management 4. Transparencyand ContinuousImprovement 2. DevOps and application Lifecycle Changes
© 2017 Nokia5 Cloud User Service Quality Risk Fishbone Diagram Virtual Network Risks  Packet Loss  Packet Delay  Packet Jitter  Network Delivered Throughput  Network Outage  VN Diversity Compliance Violation VNF Product Risks  Faulty VNF Configuration Specifications  Defective VNF Lifecycle Management Scripts  Residual Product Defect Virtualized Application Latency Risks  TAIL Application Latency  TYPICAL Application Latency Service Integration Risks  Wrong Element Used  Integration Defect  Element Operational Conditions Violated  Faulty Service Delivery Architecture  Faulty Service Control Architecture  Faulty Service Workflow Lifecycle Management (Execution) Risks  VNF Lifecycle Management  Network Service Lifecycle Mgmt  Forwarding Graph Service Lifecycle Mgmt  Virtual Link Service Lifecycle MgmtAccountability Risks  Incomplete Accountability  Conflicting Accountability  Ambiguous Demarcation  Ambiguous Service Level Objective  Inadequate/Ambiguous Data Cloud Service Provider Catastrophe Risks  (Semi?) Permanent loss of cloud service  (Semi?) Permanent loss of CSC data Human and Organizational Risks  Organization and Incentive Design  (Human) Process Risks  Human Error Unknown-Unknown Risks  Fundamental Disruption  Emerging Technology  Technical Debt  Flawed Standards  Faulty IaaS CapEx Reduction  Faulty CSP OpEx Reduction Virtual Machine Risks  VM Dead on Arrival  VM Failure  VM Stall  VM Scheduling Latency  VM Clock Error  VM Placement Policy Violation User Service Quality Risk Virtual Storage Risks  Storage access latency  Storage access reliability  Volume capacity  Volume outage  Volume throughput Service Policy Risks  Insufficient Spare Capacity (Target)  Faulty Resource Placement Policy  Faulty Scaling Decision Criteria  Inaccurate Demand Forecast Functional-Component-as-a- Service Quality Risks  FCaaS Outage Downtime  FCaaS Reliability  FCaaS Latency Visibility Risks  Obstructed Vision  Poor Resolution  Stale Vision  Mirage Graphic from Risk Thinking for Cloud-Based Application Services, by Eric Bauer, CRC Press, April 2017
© 2017 Nokia6 Risk Treatment Techniques Enterprises can treat risks via one or more of the following techniques  Replace or remove the risk source, e.g., replace risky service component with a higher quality alternative  Change the risk likelihood, e.g., more testing to find (and then fix) residual defects  Change the risk consequences, e.g., redundancy or high availability architectures to minimize duration of impact from failures  Share the risk with external parties, e.g., service level agreements with remedies, such as liquidated damages  Retain the risk (default option), e.g., business retains the risk that customers will demand their product or service offering  Reject accountability, e.g., for misuse or abuse of the product or service  Avoid the risk, e.g., delaying or declining to bring a product or service to market
© 2017 Nokia7 Primary Risk Identification Techniques Influence Diagrams Cause and Effect Analysis Failure Mode Effect Analysis Structured Interviewing and Brainstorming Structured what-if technique (SWIFT) Fault Tree Analysis Risk Identification and Analysis Techniques Virtual Network Risks  Packet Loss  Packet Delay  Packet Jitter  Network Delivered Throughput  Network Outage  VN Diversity Compliance Violation VNF Product Risks  Faulty VNF Configuration Specifications  Defective VNF Lifecycle Management Scripts  Residual Product Defect VirtualizedApplication LatencyRisks  TAIL Application Latency  TYPICAL Application Latency Service IntegrationRisks  Wrong Element Used  Integration Defect  Element Operational Conditions Violated  Faulty Service Delivery Architecture  Faulty Service Control Architecture  Faulty Service Workflow Lifecycle Management (Execution) Risks  VNF Lifecycle Management  Network Service Lifecycle Mgmt  Forwarding Graph Service Lifecycle Mgmt  Virtual Link Service Lifecycle Mgmt AccountabilityRisks  Incomplete Accountability  Conflicting Accountability  Ambiguous Demarcation  Ambiguous Service Level Objective  Inadequate/Ambiguous Data CloudService Provider Catastrophe Risks  (Semi?) Permanent loss of cloud service  (Semi?) Permanent loss of CSC data HumanandOrganizational Risks  Organization and Incentive Design  (Human) Process Risks  Human Error Unknown-Unknown Risks  Fundamental Disruption  Emerging Technology  Technical Debt  Flawed Standards  Faulty IaaS CapEx Reduction  Faulty CSP OpEx Reduction Virtual Machine Risks  VM Dead on Arrival  VM Failure  VM Stall  VM Scheduling Latency  VM Clock Error  VM Placement Policy Violation User Service Reliability Risk Virtual Storage Risks  Storage access latency  Storage access reliability  Volume capacity  Volume outage  Volume throughput Service Policy Risks  Insufficient Spare Capacity (Target)  Faulty Resource Placement Policy  Faulty Scaling Decision Criteria  Inaccurate Demand Forecast Functional-Component-as-a- Service QualityRisks  FCaaS Outage Downtime  FCaaS Reliability  FCaaS Latency VisibilityRisks  Obstructed Vision  Poor Resolution  Stale Vision  Mirage
© 2017 Nokia8 Primary Risk Control Analysis Techniques Layers of Protection Analysis Critical Control Point Analysis Event Tree Analysis Bow Tie Analysis Risk Control Analysis Techniques
© 2017 Nokia9 0 1 2 3 4 5 Virtual Machine Risks Virtual Network Risks Virtual Storage Risks Virtualized Application Latency Risks Functional Component-as-a- Service Quality Risks Lifecycle Management (Execution) Risks Volatile Risk Vector Index Risk Evaluation Techniques Primary Risk Evaluation Techniques Failure Mode Effects and Criticality Analysis Dose-Response (Toxicity) Assessment Consequence/Probability matrix FN Curves Risk indices Decision tree Cost/benefit analysis
© 2017 Nokia10 Reconsidering Quality and Risk Frequency Magnitude Opportunity (very low risk) Acceptable Tolerable Unacceptable Canonical Risk Map Opportunity Acceptable Unacceptable Tolerable Level of Cloud Service Impairment User Service Quality (Defective Operations per Million) Target Opportunity to soften cloud service level objective (SLO) 10-9 10-8 10-7 10-6 10-5 10-4 10-3 10-2 10 DPM 1 DPM 0.1 DPM 0.01 DPM Unacceptable cloud service level objective Tolerable Hypothetical Dose-Response Chart Super acceptable service quality may be an opportunity reduce resource allocation to increase operational efficiency and save money
© 2017 Nokia11 Quality and Risk-Based Thinking • ISO 9001:2015 “Quality Management Systems - Requirements” Clause 0.3.3 – “To conform to the requirements of this International Standard, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the quality management system, achieving improved results and preventing negative effects.” Available April 2017 Methodically identifying, analyzing, treating and monitoring uncertainties for desired benefits and undesirable consequences is a best practice for service, risk and quality management
Risk Thinking for Cloud-Based Application Services

Recommandé

Command Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/IxiaCommand Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/IxiaNetwork Performance Channel GmbH
 
Resume ujjwal
Resume ujjwalResume ujjwal
Resume ujjwalUjjwal chatterjee
 
Apq Qms Project Plan
Apq Qms Project PlanApq Qms Project Plan
Apq Qms Project PlanEng-Mohammad
 
Advanced resource allocation and service level monitoring for container orche...
Advanced resource allocation and service level monitoring for container orche...Advanced resource allocation and service level monitoring for container orche...
Advanced resource allocation and service level monitoring for container orche...Conference Papers
 
C3DNA-Presentation
C3DNA-PresentationC3DNA-Presentation
C3DNA-Presentationrmikkilineni
 
An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014David J Rosenthal
 
ChadKillinger2016
ChadKillinger2016ChadKillinger2016
ChadKillinger2016Chad Killinger
 
Evaluating Risks of Cloud Based Services
Evaluating Risks of Cloud Based ServicesEvaluating Risks of Cloud Based Services
Evaluating Risks of Cloud Based ServicesSymantec
 

Recommandé

Command Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/IxiaCommand Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/IxiaNetwork Performance Channel GmbH
 
Resume ujjwal
Resume ujjwalResume ujjwal
Resume ujjwalUjjwal chatterjee
 
Apq Qms Project Plan
Apq Qms Project PlanApq Qms Project Plan
Apq Qms Project PlanEng-Mohammad
 
Advanced resource allocation and service level monitoring for container orche...
Advanced resource allocation and service level monitoring for container orche...Advanced resource allocation and service level monitoring for container orche...
Advanced resource allocation and service level monitoring for container orche...Conference Papers
 
C3DNA-Presentation
C3DNA-PresentationC3DNA-Presentation
C3DNA-Presentationrmikkilineni
 
An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014David J Rosenthal
 
ChadKillinger2016
ChadKillinger2016ChadKillinger2016
ChadKillinger2016Chad Killinger
 
Evaluating Risks of Cloud Based Services
Evaluating Risks of Cloud Based ServicesEvaluating Risks of Cloud Based Services
Evaluating Risks of Cloud Based ServicesSymantec
 
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...white paper
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaSftculotta27
 
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.neeravkubavat
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
Sachin Shanbhag CV
Sachin Shanbhag CVSachin Shanbhag CV
Sachin Shanbhag CVSachin Shanbhag
 
Compliane software-solutions
Compliane software-solutionsCompliane software-solutions
Compliane software-solutionsMetricStream Inc
 
Hpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admHpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admJeffrey Nunn
 
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSMAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSIJCNCJournal
 
PCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to knowPCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to knowPureSec
 
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise Kasun Indrasiri
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsSBWebinars
 
Brian moore
Brian mooreBrian moore
Brian mooreZeenat Jahan
 
5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based Solutions5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based SolutionsAsigra
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE OverviewJoshua L. Davis
 
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld
 
Darren Johnson CV
Darren Johnson CVDarren Johnson CV
Darren Johnson CVDarren Johnson
 
Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015F5 Networks
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Middleware Basics
Middleware BasicsMiddleware Basics
Middleware BasicsVarun Arora
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 

Contenu connexe

Tendances

Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...white paper
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaSftculotta27
 
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.neeravkubavat
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
Compliane software-solutions
Compliane software-solutionsCompliane software-solutions
Compliane software-solutionsMetricStream Inc
 
Hpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admHpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admJeffrey Nunn
 
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSMAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSIJCNCJournal
 
PCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to knowPCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to knowPureSec
 
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise Kasun Indrasiri
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsSBWebinars
 
5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based Solutions5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based SolutionsAsigra
 
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld
 
Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015F5 Networks
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Middleware Basics
Middleware BasicsMiddleware Basics
Middleware BasicsVarun Arora
 

Tendances (20)

Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaS
 
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the Cloud
 
Sachin Shanbhag CV
Sachin Shanbhag CVSachin Shanbhag CV
Sachin Shanbhag CV
 
Compliane software-solutions
Compliane software-solutionsCompliane software-solutions
Compliane software-solutions
 
Hpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admHpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago adm
 
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSMAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
 
PCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to knowPCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to know
 
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
 
Brian moore
Brian mooreBrian moore
Brian moore
 
5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based Solutions5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based Solutions
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE Overview
 
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
 
Darren Johnson CV
Darren Johnson CVDarren Johnson CV
Darren Johnson CV
 
Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
 
Middleware Basics
Middleware BasicsMiddleware Basics
Middleware Basics
 

Similaire à Risk Thinking for Cloud-Based Application Services

Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
Making Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark RivingtonMaking Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark RivingtonCA Nimsoft
 
SV Training Intro - 20181129 4.pptx
SV Training Intro - 20181129 4.pptxSV Training Intro - 20181129 4.pptx
SV Training Intro - 20181129 4.pptxCAIKYPALLETAMOURALIM
 
Kevin Jackson - DoDIIS Worldwide 2010
Kevin Jackson - DoDIIS Worldwide 2010Kevin Jackson - DoDIIS Worldwide 2010
Kevin Jackson - DoDIIS Worldwide 2010GovCloud Network
 
Mindshare Hosting Presentation
Mindshare Hosting PresentationMindshare Hosting Presentation
Mindshare Hosting PresentationChristian_A_Breaux
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioInho Kang
 
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클Oracle Korea
 
Cloudy with a Chance of Failure - Novosco
Cloudy with a Chance of Failure - NovoscoCloudy with a Chance of Failure - Novosco
Cloudy with a Chance of Failure - NovoscoNovosco
 
Managed Services Marketing
Managed Services MarketingManaged Services Marketing
Managed Services MarketingShahzad Khan
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application ModernisationAjay Kumar Uppal
 
Service Virtualization 101
Service Virtualization 101Service Virtualization 101
Service Virtualization 101Stefana Muller
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSIRJET Journal
 
Moving Multimedia Applications to the Cloud
Moving Multimedia Applications to the CloudMoving Multimedia Applications to the Cloud
Moving Multimedia Applications to the CloudDialogic Inc.
 
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...EuroCloud
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingIRJET Journal
 
Managed Cloud Services CIO Conference Oil Gas
Managed Cloud Services CIO Conference Oil GasManaged Cloud Services CIO Conference Oil Gas
Managed Cloud Services CIO Conference Oil GasJeff Holden
 
Transform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTransform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTechWell
 

Similaire à Risk Thinking for Cloud-Based Application Services (20)

Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_final
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
Making Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark RivingtonMaking Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark Rivington
 
Logicalis Cloud Briefing
Logicalis Cloud BriefingLogicalis Cloud Briefing
Logicalis Cloud Briefing
 
SV Training Intro - 20181129 4.pptx
SV Training Intro - 20181129 4.pptxSV Training Intro - 20181129 4.pptx
SV Training Intro - 20181129 4.pptx
 
Kevin Jackson - DoDIIS Worldwide 2010
Kevin Jackson - DoDIIS Worldwide 2010Kevin Jackson - DoDIIS Worldwide 2010
Kevin Jackson - DoDIIS Worldwide 2010
 
Mindshare Hosting Presentation
Mindshare Hosting PresentationMindshare Hosting Presentation
Mindshare Hosting Presentation
 
Ramkumar Bapanapally Resume
Ramkumar Bapanapally ResumeRamkumar Bapanapally Resume
Ramkumar Bapanapally Resume
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istio
 
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
 
Cloudy with a Chance of Failure - Novosco
Cloudy with a Chance of Failure - NovoscoCloudy with a Chance of Failure - Novosco
Cloudy with a Chance of Failure - Novosco
 
Managed Services Marketing
Managed Services MarketingManaged Services Marketing
Managed Services Marketing
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application Modernisation
 
Service Virtualization 101
Service Virtualization 101Service Virtualization 101
Service Virtualization 101
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaS
 
Moving Multimedia Applications to the Cloud
Moving Multimedia Applications to the CloudMoving Multimedia Applications to the Cloud
Moving Multimedia Applications to the Cloud
 
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
 
Managed Cloud Services CIO Conference Oil Gas
Managed Cloud Services CIO Conference Oil GasManaged Cloud Services CIO Conference Oil Gas
Managed Cloud Services CIO Conference Oil Gas
 
Transform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTransform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to Clear
 

Dernier

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 

Dernier (20)

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 

Risk Thinking for Cloud-Based Application Services

  • 1. © 2017 Nokia1 Risk Thinking for Cloud- Based Application Services Public Eric Bauer
  • 2. © 2017 Nokia2 The Cloud Operator’s Risk Management Challenge …and those organizations seek to avoid unacceptable downside consequences, especially Impaired service reliability Impaired service latency Impaired service availability Risk Management is “coordinated activities to direct and control an organization with regard to risk” meaning activity to reduce the uncertainties of achieving desired upside benefits without unacceptable downside consequences Organizations invest in cloud in pursuit of two benefits: 1. Deliver new services and value faster  grow top line 2. Improve operational efficiency  boost bottom line
  • 3. © 2017 Nokia3 Cloud Service Providers (CSPs) Primary Cloud Operator Roles CSP: Management and Orchestration as-a-Service CSP: Functional Component offered as-a-Service Cloud Service Customer (CSC) CSP: Infrastructure as-a-Service Application Software CSP: Network Provider Provider Role Customer Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Functional Component as-a-Service Virtual Compute, Memory, Storage & Networking Service Automated Lifecycle Management Cloud Service User Application Software Integrator Role Transport Service Application Service Cloud Service Customers (CSCs) operate application services hosted on public or private clouds Cloud Service Providers (CSPs) own and operate the physical infrastructure equipment, etc, that serve the virtual resources, automated lifecycle management and functional components to CSCs Considering risks facing the cloud service customer organization Roles based on ISO/IEC 17788:2014 Cloud Computing Overview & Vocabulary
  • 4. © 2017 Nokia4 Deliver new services and value faster to grow the top line, especially via: 1. Enhanced Service Value Chains…rapidly leverage off-the-shelf service components 2. Agile/DevOps and Accelerated Application Service Lifecycle Improve operational efficiency to grow the bottom line, especially via: 1. Aggressive automation and self service 2. DevOps and application lifecycle changes 3. Perfect capacity management 4. Transparency and continuous improvement 5. Aggressive cost management Expected Cloud Service Customer Benefits of Cloud Deployment Service Lifecycle ServiceTransitionPlan & Code Service OperationTest Build Development Lifecycle Cloud Service Customer (CSC’s) Service Production Costs CSC General & Administrative Overheads Maintenance & Support Fees CSC Labor Staffing Loaded Salary CSC Operations & Business Support Systems Application & Software Components Usage Usage-based pricing Infrastructure Usage Usage-based pricing Functional Component as-a-Service Usage Usage-based pricing Cloud Management & Orchestration Usage Usage-based pricing 1.Aggressive automation, including selfservice 5.Aggressive cost management 3. Perfectcapacity management 4. Transparencyand ContinuousImprovement 2. DevOps and application Lifecycle Changes
  • 5. © 2017 Nokia5 Cloud User Service Quality Risk Fishbone Diagram Virtual Network Risks  Packet Loss  Packet Delay  Packet Jitter  Network Delivered Throughput  Network Outage  VN Diversity Compliance Violation VNF Product Risks  Faulty VNF Configuration Specifications  Defective VNF Lifecycle Management Scripts  Residual Product Defect Virtualized Application Latency Risks  TAIL Application Latency  TYPICAL Application Latency Service Integration Risks  Wrong Element Used  Integration Defect  Element Operational Conditions Violated  Faulty Service Delivery Architecture  Faulty Service Control Architecture  Faulty Service Workflow Lifecycle Management (Execution) Risks  VNF Lifecycle Management  Network Service Lifecycle Mgmt  Forwarding Graph Service Lifecycle Mgmt  Virtual Link Service Lifecycle MgmtAccountability Risks  Incomplete Accountability  Conflicting Accountability  Ambiguous Demarcation  Ambiguous Service Level Objective  Inadequate/Ambiguous Data Cloud Service Provider Catastrophe Risks  (Semi?) Permanent loss of cloud service  (Semi?) Permanent loss of CSC data Human and Organizational Risks  Organization and Incentive Design  (Human) Process Risks  Human Error Unknown-Unknown Risks  Fundamental Disruption  Emerging Technology  Technical Debt  Flawed Standards  Faulty IaaS CapEx Reduction  Faulty CSP OpEx Reduction Virtual Machine Risks  VM Dead on Arrival  VM Failure  VM Stall  VM Scheduling Latency  VM Clock Error  VM Placement Policy Violation User Service Quality Risk Virtual Storage Risks  Storage access latency  Storage access reliability  Volume capacity  Volume outage  Volume throughput Service Policy Risks  Insufficient Spare Capacity (Target)  Faulty Resource Placement Policy  Faulty Scaling Decision Criteria  Inaccurate Demand Forecast Functional-Component-as-a- Service Quality Risks  FCaaS Outage Downtime  FCaaS Reliability  FCaaS Latency Visibility Risks  Obstructed Vision  Poor Resolution  Stale Vision  Mirage Graphic from Risk Thinking for Cloud-Based Application Services, by Eric Bauer, CRC Press, April 2017
  • 6. © 2017 Nokia6 Risk Treatment Techniques Enterprises can treat risks via one or more of the following techniques  Replace or remove the risk source, e.g., replace risky service component with a higher quality alternative  Change the risk likelihood, e.g., more testing to find (and then fix) residual defects  Change the risk consequences, e.g., redundancy or high availability architectures to minimize duration of impact from failures  Share the risk with external parties, e.g., service level agreements with remedies, such as liquidated damages  Retain the risk (default option), e.g., business retains the risk that customers will demand their product or service offering  Reject accountability, e.g., for misuse or abuse of the product or service  Avoid the risk, e.g., delaying or declining to bring a product or service to market
  • 7. © 2017 Nokia7 Primary Risk Identification Techniques Influence Diagrams Cause and Effect Analysis Failure Mode Effect Analysis Structured Interviewing and Brainstorming Structured what-if technique (SWIFT) Fault Tree Analysis Risk Identification and Analysis Techniques Virtual Network Risks  Packet Loss  Packet Delay  Packet Jitter  Network Delivered Throughput  Network Outage  VN Diversity Compliance Violation VNF Product Risks  Faulty VNF Configuration Specifications  Defective VNF Lifecycle Management Scripts  Residual Product Defect VirtualizedApplication LatencyRisks  TAIL Application Latency  TYPICAL Application Latency Service IntegrationRisks  Wrong Element Used  Integration Defect  Element Operational Conditions Violated  Faulty Service Delivery Architecture  Faulty Service Control Architecture  Faulty Service Workflow Lifecycle Management (Execution) Risks  VNF Lifecycle Management  Network Service Lifecycle Mgmt  Forwarding Graph Service Lifecycle Mgmt  Virtual Link Service Lifecycle Mgmt AccountabilityRisks  Incomplete Accountability  Conflicting Accountability  Ambiguous Demarcation  Ambiguous Service Level Objective  Inadequate/Ambiguous Data CloudService Provider Catastrophe Risks  (Semi?) Permanent loss of cloud service  (Semi?) Permanent loss of CSC data HumanandOrganizational Risks  Organization and Incentive Design  (Human) Process Risks  Human Error Unknown-Unknown Risks  Fundamental Disruption  Emerging Technology  Technical Debt  Flawed Standards  Faulty IaaS CapEx Reduction  Faulty CSP OpEx Reduction Virtual Machine Risks  VM Dead on Arrival  VM Failure  VM Stall  VM Scheduling Latency  VM Clock Error  VM Placement Policy Violation User Service Reliability Risk Virtual Storage Risks  Storage access latency  Storage access reliability  Volume capacity  Volume outage  Volume throughput Service Policy Risks  Insufficient Spare Capacity (Target)  Faulty Resource Placement Policy  Faulty Scaling Decision Criteria  Inaccurate Demand Forecast Functional-Component-as-a- Service QualityRisks  FCaaS Outage Downtime  FCaaS Reliability  FCaaS Latency VisibilityRisks  Obstructed Vision  Poor Resolution  Stale Vision  Mirage
  • 8. © 2017 Nokia8 Primary Risk Control Analysis Techniques Layers of Protection Analysis Critical Control Point Analysis Event Tree Analysis Bow Tie Analysis Risk Control Analysis Techniques
  • 9. © 2017 Nokia9 0 1 2 3 4 5 Virtual Machine Risks Virtual Network Risks Virtual Storage Risks Virtualized Application Latency Risks Functional Component-as-a- Service Quality Risks Lifecycle Management (Execution) Risks Volatile Risk Vector Index Risk Evaluation Techniques Primary Risk Evaluation Techniques Failure Mode Effects and Criticality Analysis Dose-Response (Toxicity) Assessment Consequence/Probability matrix FN Curves Risk indices Decision tree Cost/benefit analysis
  • 10. © 2017 Nokia10 Reconsidering Quality and Risk Frequency Magnitude Opportunity (very low risk) Acceptable Tolerable Unacceptable Canonical Risk Map Opportunity Acceptable Unacceptable Tolerable Level of Cloud Service Impairment User Service Quality (Defective Operations per Million) Target Opportunity to soften cloud service level objective (SLO) 10-9 10-8 10-7 10-6 10-5 10-4 10-3 10-2 10 DPM 1 DPM 0.1 DPM 0.01 DPM Unacceptable cloud service level objective Tolerable Hypothetical Dose-Response Chart Super acceptable service quality may be an opportunity reduce resource allocation to increase operational efficiency and save money
  • 11. © 2017 Nokia11 Quality and Risk-Based Thinking • ISO 9001:2015 “Quality Management Systems - Requirements” Clause 0.3.3 – “To conform to the requirements of this International Standard, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the quality management system, achieving improved results and preventing negative effects.” Available April 2017 Methodically identifying, analyzing, treating and monitoring uncertainties for desired benefits and undesirable consequences is a best practice for service, risk and quality management