SlideShare a Scribd company logo

Risk Thinking for Cloud-Based Application Services

E
Eric Bauer

Techniques for identifying , analyzing and treating risks to user service quality of software applications executing on cloud computing platforms.

Software
1 of 12
Download to read offline
© 2017 Nokia1 Risk Thinking for Cloud- Based Application Services Public Eric Bauer
© 2017 Nokia2 The Cloud Operator’s Risk Management Challenge …and those organizations seek to avoid unacceptable downside consequences, especially Impaired service reliability Impaired service latency Impaired service availability Risk Management is “coordinated activities to direct and control an organization with regard to risk” meaning activity to reduce the uncertainties of achieving desired upside benefits without unacceptable downside consequences Organizations invest in cloud in pursuit of two benefits: 1. Deliver new services and value faster  grow top line 2. Improve operational efficiency  boost bottom line
© 2017 Nokia3 Cloud Service Providers (CSPs) Primary Cloud Operator Roles CSP: Management and Orchestration as-a-Service CSP: Functional Component offered as-a-Service Cloud Service Customer (CSC) CSP: Infrastructure as-a-Service Application Software CSP: Network Provider Provider Role Customer Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Functional Component as-a-Service Virtual Compute, Memory, Storage & Networking Service Automated Lifecycle Management Cloud Service User Application Software Integrator Role Transport Service Application Service Cloud Service Customers (CSCs) operate application services hosted on public or private clouds Cloud Service Providers (CSPs) own and operate the physical infrastructure equipment, etc, that serve the virtual resources, automated lifecycle management and functional components to CSCs Considering risks facing the cloud service customer organization Roles based on ISO/IEC 17788:2014 Cloud Computing Overview & Vocabulary
© 2017 Nokia4 Deliver new services and value faster to grow the top line, especially via: 1. Enhanced Service Value Chains…rapidly leverage off-the-shelf service components 2. Agile/DevOps and Accelerated Application Service Lifecycle Improve operational efficiency to grow the bottom line, especially via: 1. Aggressive automation and self service 2. DevOps and application lifecycle changes 3. Perfect capacity management 4. Transparency and continuous improvement 5. Aggressive cost management Expected Cloud Service Customer Benefits of Cloud Deployment Service Lifecycle ServiceTransitionPlan & Code Service OperationTest Build Development Lifecycle Cloud Service Customer (CSC’s) Service Production Costs CSC General & Administrative Overheads Maintenance & Support Fees CSC Labor Staffing Loaded Salary CSC Operations & Business Support Systems Application & Software Components Usage Usage-based pricing Infrastructure Usage Usage-based pricing Functional Component as-a-Service Usage Usage-based pricing Cloud Management & Orchestration Usage Usage-based pricing 1.Aggressive automation, including selfservice 5.Aggressive cost management 3. Perfectcapacity management 4. Transparencyand ContinuousImprovement 2. DevOps and application Lifecycle Changes
© 2017 Nokia5 Cloud User Service Quality Risk Fishbone Diagram Virtual Network Risks  Packet Loss  Packet Delay  Packet Jitter  Network Delivered Throughput  Network Outage  VN Diversity Compliance Violation VNF Product Risks  Faulty VNF Configuration Specifications  Defective VNF Lifecycle Management Scripts  Residual Product Defect Virtualized Application Latency Risks  TAIL Application Latency  TYPICAL Application Latency Service Integration Risks  Wrong Element Used  Integration Defect  Element Operational Conditions Violated  Faulty Service Delivery Architecture  Faulty Service Control Architecture  Faulty Service Workflow Lifecycle Management (Execution) Risks  VNF Lifecycle Management  Network Service Lifecycle Mgmt  Forwarding Graph Service Lifecycle Mgmt  Virtual Link Service Lifecycle MgmtAccountability Risks  Incomplete Accountability  Conflicting Accountability  Ambiguous Demarcation  Ambiguous Service Level Objective  Inadequate/Ambiguous Data Cloud Service Provider Catastrophe Risks  (Semi?) Permanent loss of cloud service  (Semi?) Permanent loss of CSC data Human and Organizational Risks  Organization and Incentive Design  (Human) Process Risks  Human Error Unknown-Unknown Risks  Fundamental Disruption  Emerging Technology  Technical Debt  Flawed Standards  Faulty IaaS CapEx Reduction  Faulty CSP OpEx Reduction Virtual Machine Risks  VM Dead on Arrival  VM Failure  VM Stall  VM Scheduling Latency  VM Clock Error  VM Placement Policy Violation User Service Quality Risk Virtual Storage Risks  Storage access latency  Storage access reliability  Volume capacity  Volume outage  Volume throughput Service Policy Risks  Insufficient Spare Capacity (Target)  Faulty Resource Placement Policy  Faulty Scaling Decision Criteria  Inaccurate Demand Forecast Functional-Component-as-a- Service Quality Risks  FCaaS Outage Downtime  FCaaS Reliability  FCaaS Latency Visibility Risks  Obstructed Vision  Poor Resolution  Stale Vision  Mirage Graphic from Risk Thinking for Cloud-Based Application Services, by Eric Bauer, CRC Press, April 2017
© 2017 Nokia6 Risk Treatment Techniques Enterprises can treat risks via one or more of the following techniques  Replace or remove the risk source, e.g., replace risky service component with a higher quality alternative  Change the risk likelihood, e.g., more testing to find (and then fix) residual defects  Change the risk consequences, e.g., redundancy or high availability architectures to minimize duration of impact from failures  Share the risk with external parties, e.g., service level agreements with remedies, such as liquidated damages  Retain the risk (default option), e.g., business retains the risk that customers will demand their product or service offering  Reject accountability, e.g., for misuse or abuse of the product or service  Avoid the risk, e.g., delaying or declining to bring a product or service to market
© 2017 Nokia7 Primary Risk Identification Techniques Influence Diagrams Cause and Effect Analysis Failure Mode Effect Analysis Structured Interviewing and Brainstorming Structured what-if technique (SWIFT) Fault Tree Analysis Risk Identification and Analysis Techniques Virtual Network Risks  Packet Loss  Packet Delay  Packet Jitter  Network Delivered Throughput  Network Outage  VN Diversity Compliance Violation VNF Product Risks  Faulty VNF Configuration Specifications  Defective VNF Lifecycle Management Scripts  Residual Product Defect VirtualizedApplication LatencyRisks  TAIL Application Latency  TYPICAL Application Latency Service IntegrationRisks  Wrong Element Used  Integration Defect  Element Operational Conditions Violated  Faulty Service Delivery Architecture  Faulty Service Control Architecture  Faulty Service Workflow Lifecycle Management (Execution) Risks  VNF Lifecycle Management  Network Service Lifecycle Mgmt  Forwarding Graph Service Lifecycle Mgmt  Virtual Link Service Lifecycle Mgmt AccountabilityRisks  Incomplete Accountability  Conflicting Accountability  Ambiguous Demarcation  Ambiguous Service Level Objective  Inadequate/Ambiguous Data CloudService Provider Catastrophe Risks  (Semi?) Permanent loss of cloud service  (Semi?) Permanent loss of CSC data HumanandOrganizational Risks  Organization and Incentive Design  (Human) Process Risks  Human Error Unknown-Unknown Risks  Fundamental Disruption  Emerging Technology  Technical Debt  Flawed Standards  Faulty IaaS CapEx Reduction  Faulty CSP OpEx Reduction Virtual Machine Risks  VM Dead on Arrival  VM Failure  VM Stall  VM Scheduling Latency  VM Clock Error  VM Placement Policy Violation User Service Reliability Risk Virtual Storage Risks  Storage access latency  Storage access reliability  Volume capacity  Volume outage  Volume throughput Service Policy Risks  Insufficient Spare Capacity (Target)  Faulty Resource Placement Policy  Faulty Scaling Decision Criteria  Inaccurate Demand Forecast Functional-Component-as-a- Service QualityRisks  FCaaS Outage Downtime  FCaaS Reliability  FCaaS Latency VisibilityRisks  Obstructed Vision  Poor Resolution  Stale Vision  Mirage
© 2017 Nokia8 Primary Risk Control Analysis Techniques Layers of Protection Analysis Critical Control Point Analysis Event Tree Analysis Bow Tie Analysis Risk Control Analysis Techniques
© 2017 Nokia9 0 1 2 3 4 5 Virtual Machine Risks Virtual Network Risks Virtual Storage Risks Virtualized Application Latency Risks Functional Component-as-a- Service Quality Risks Lifecycle Management (Execution) Risks Volatile Risk Vector Index Risk Evaluation Techniques Primary Risk Evaluation Techniques Failure Mode Effects and Criticality Analysis Dose-Response (Toxicity) Assessment Consequence/Probability matrix FN Curves Risk indices Decision tree Cost/benefit analysis
© 2017 Nokia10 Reconsidering Quality and Risk Frequency Magnitude Opportunity (very low risk) Acceptable Tolerable Unacceptable Canonical Risk Map Opportunity Acceptable Unacceptable Tolerable Level of Cloud Service Impairment User Service Quality (Defective Operations per Million) Target Opportunity to soften cloud service level objective (SLO) 10-9 10-8 10-7 10-6 10-5 10-4 10-3 10-2 10 DPM 1 DPM 0.1 DPM 0.01 DPM Unacceptable cloud service level objective Tolerable Hypothetical Dose-Response Chart Super acceptable service quality may be an opportunity reduce resource allocation to increase operational efficiency and save money
© 2017 Nokia11 Quality and Risk-Based Thinking • ISO 9001:2015 “Quality Management Systems - Requirements” Clause 0.3.3 – “To conform to the requirements of this International Standard, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the quality management system, achieving improved results and preventing negative effects.” Available April 2017 Methodically identifying, analyzing, treating and monitoring uncertainties for desired benefits and undesirable consequences is a best practice for service, risk and quality management
Risk Thinking for Cloud-Based Application Services

Recommended

Command Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/IxiaCommand Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/IxiaNetwork Performance Channel GmbH
 
Resume ujjwal
Resume ujjwalResume ujjwal
Resume ujjwalUjjwal chatterjee
 
Apq Qms Project Plan
Apq Qms Project PlanApq Qms Project Plan
Apq Qms Project PlanEng-Mohammad
 
Advanced resource allocation and service level monitoring for container orche...
Advanced resource allocation and service level monitoring for container orche...Advanced resource allocation and service level monitoring for container orche...
Advanced resource allocation and service level monitoring for container orche...Conference Papers
 
C3DNA-Presentation
C3DNA-PresentationC3DNA-Presentation
C3DNA-Presentationrmikkilineni
 
An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014David J Rosenthal
 
ChadKillinger2016
ChadKillinger2016ChadKillinger2016
ChadKillinger2016Chad Killinger
 
Evaluating Risks of Cloud Based Services
Evaluating Risks of Cloud Based ServicesEvaluating Risks of Cloud Based Services
Evaluating Risks of Cloud Based ServicesSymantec
 

Recommended

Command Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/IxiaCommand Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/IxiaNetwork Performance Channel GmbH
 
Resume ujjwal
Resume ujjwalResume ujjwal
Resume ujjwalUjjwal chatterjee
 
Apq Qms Project Plan
Apq Qms Project PlanApq Qms Project Plan
Apq Qms Project PlanEng-Mohammad
 
Advanced resource allocation and service level monitoring for container orche...
Advanced resource allocation and service level monitoring for container orche...Advanced resource allocation and service level monitoring for container orche...
Advanced resource allocation and service level monitoring for container orche...Conference Papers
 
C3DNA-Presentation
C3DNA-PresentationC3DNA-Presentation
C3DNA-Presentationrmikkilineni
 
An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014An Introduction to Designing Reliable Cloud Services January 2014
An Introduction to Designing Reliable Cloud Services January 2014David J Rosenthal
 
ChadKillinger2016
ChadKillinger2016ChadKillinger2016
ChadKillinger2016Chad Killinger
 
Evaluating Risks of Cloud Based Services
Evaluating Risks of Cloud Based ServicesEvaluating Risks of Cloud Based Services
Evaluating Risks of Cloud Based ServicesSymantec
 
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...white paper
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaSftculotta27
 
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.neeravkubavat
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
Sachin Shanbhag CV
Sachin Shanbhag CVSachin Shanbhag CV
Sachin Shanbhag CVSachin Shanbhag
 
Compliane software-solutions
Compliane software-solutionsCompliane software-solutions
Compliane software-solutionsMetricStream Inc
 
Hpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admHpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admJeffrey Nunn
 
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSMAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSIJCNCJournal
 
PCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to knowPCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to knowPureSec
 
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise Kasun Indrasiri
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsSBWebinars
 
Brian moore
Brian mooreBrian moore
Brian mooreZeenat Jahan
 
5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based Solutions5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based SolutionsAsigra
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE OverviewJoshua L. Davis
 
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld
 
Darren Johnson CV
Darren Johnson CVDarren Johnson CV
Darren Johnson CVDarren Johnson
 
Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015F5 Networks
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Middleware Basics
Middleware BasicsMiddleware Basics
Middleware BasicsVarun Arora
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 

More Related Content

What's hot

Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...white paper
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaSftculotta27
 
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.neeravkubavat
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
Compliane software-solutions
Compliane software-solutionsCompliane software-solutions
Compliane software-solutionsMetricStream Inc
 
Hpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admHpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admJeffrey Nunn
 
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSMAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSIJCNCJournal
 
PCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to knowPCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to knowPureSec
 
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise Kasun Indrasiri
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsSBWebinars
 
5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based Solutions5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based SolutionsAsigra
 
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld
 
Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015F5 Networks
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Middleware Basics
Middleware BasicsMiddleware Basics
Middleware BasicsVarun Arora
 

What's hot (20)

Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaS
 
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
CACMAN COMPARISION WITH MOCA USING PKI ON MANET.
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the Cloud
 
Sachin Shanbhag CV
Sachin Shanbhag CVSachin Shanbhag CV
Sachin Shanbhag CV
 
Compliane software-solutions
Compliane software-solutionsCompliane software-solutions
Compliane software-solutions
 
Hpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago admHpe service virtualization 3.8 what's new chicago adm
Hpe service virtualization 3.8 what's new chicago adm
 
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSMAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
 
PCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to knowPCI & Serverless - Everything you need to know
PCI & Serverless - Everything you need to know
 
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
 
Brian moore
Brian mooreBrian moore
Brian moore
 
5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based Solutions5 Pitfalls of Agent Based Solutions
5 Pitfalls of Agent Based Solutions
 
SOSCOE Overview
SOSCOE OverviewSOSCOE Overview
SOSCOE Overview
 
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
 
Darren Johnson CV
Darren Johnson CVDarren Johnson CV
Darren Johnson CV
 
Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015Key Findings from the State of Application Delivery 2015
Key Findings from the State of Application Delivery 2015
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
 
Middleware Basics
Middleware BasicsMiddleware Basics
Middleware Basics
 

Similar to Risk Thinking for Cloud-Based Application Services

Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
Making Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark RivingtonMaking Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark RivingtonCA Nimsoft
 
SV Training Intro - 20181129 4.pptx
SV Training Intro - 20181129 4.pptxSV Training Intro - 20181129 4.pptx
SV Training Intro - 20181129 4.pptxCAIKYPALLETAMOURALIM
 
Kevin Jackson - DoDIIS Worldwide 2010
Kevin Jackson - DoDIIS Worldwide 2010Kevin Jackson - DoDIIS Worldwide 2010
Kevin Jackson - DoDIIS Worldwide 2010GovCloud Network
 
Mindshare Hosting Presentation
Mindshare Hosting PresentationMindshare Hosting Presentation
Mindshare Hosting PresentationChristian_A_Breaux
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioInho Kang
 
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클Oracle Korea
 
Cloudy with a Chance of Failure - Novosco
Cloudy with a Chance of Failure - NovoscoCloudy with a Chance of Failure - Novosco
Cloudy with a Chance of Failure - NovoscoNovosco
 
Managed Services Marketing
Managed Services MarketingManaged Services Marketing
Managed Services MarketingShahzad Khan
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application ModernisationAjay Kumar Uppal
 
Service Virtualization 101
Service Virtualization 101Service Virtualization 101
Service Virtualization 101Stefana Muller
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSIRJET Journal
 
Moving Multimedia Applications to the Cloud
Moving Multimedia Applications to the CloudMoving Multimedia Applications to the Cloud
Moving Multimedia Applications to the CloudDialogic Inc.
 
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...EuroCloud
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingIRJET Journal
 
Managed Cloud Services CIO Conference Oil Gas
Managed Cloud Services CIO Conference Oil GasManaged Cloud Services CIO Conference Oil Gas
Managed Cloud Services CIO Conference Oil GasJeff Holden
 
Transform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTransform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTechWell
 

Similar to Risk Thinking for Cloud-Based Application Services (20)

Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_final
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
Making Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark RivingtonMaking Sense Of Cloud Computing - by Mark Rivington
Making Sense Of Cloud Computing - by Mark Rivington
 
Logicalis Cloud Briefing
Logicalis Cloud BriefingLogicalis Cloud Briefing
Logicalis Cloud Briefing
 
SV Training Intro - 20181129 4.pptx
SV Training Intro - 20181129 4.pptxSV Training Intro - 20181129 4.pptx
SV Training Intro - 20181129 4.pptx
 
Kevin Jackson - DoDIIS Worldwide 2010
Kevin Jackson - DoDIIS Worldwide 2010Kevin Jackson - DoDIIS Worldwide 2010
Kevin Jackson - DoDIIS Worldwide 2010
 
Mindshare Hosting Presentation
Mindshare Hosting PresentationMindshare Hosting Presentation
Mindshare Hosting Presentation
 
Ramkumar Bapanapally Resume
Ramkumar Bapanapally ResumeRamkumar Bapanapally Resume
Ramkumar Bapanapally Resume
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istio
 
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
12월 16일 Meetup [Deep Dive] Microservice 트래픽 관리를 위한 Istio 알아보기 | 강인호 컨설턴트, 오라클
 
Cloudy with a Chance of Failure - Novosco
Cloudy with a Chance of Failure - NovoscoCloudy with a Chance of Failure - Novosco
Cloudy with a Chance of Failure - Novosco
 
Managed Services Marketing
Managed Services MarketingManaged Services Marketing
Managed Services Marketing
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application Modernisation
 
Service Virtualization 101
Service Virtualization 101Service Virtualization 101
Service Virtualization 101
 
Effective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaSEffective Information Flow Control as a Service: EIFCaaS
Effective Information Flow Control as a Service: EIFCaaS
 
Moving Multimedia Applications to the Cloud
Moving Multimedia Applications to the CloudMoving Multimedia Applications to the Cloud
Moving Multimedia Applications to the Cloud
 
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
 
Managed Cloud Services CIO Conference Oil Gas
Managed Cloud Services CIO Conference Oil GasManaged Cloud Services CIO Conference Oil Gas
Managed Cloud Services CIO Conference Oil Gas
 
Transform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTransform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to Clear
 

Recently uploaded

Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutionsmonugehlot87
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 

Recently uploaded (20)

Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutions
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 

Risk Thinking for Cloud-Based Application Services

  • 1. © 2017 Nokia1 Risk Thinking for Cloud- Based Application Services Public Eric Bauer
  • 2. © 2017 Nokia2 The Cloud Operator’s Risk Management Challenge …and those organizations seek to avoid unacceptable downside consequences, especially Impaired service reliability Impaired service latency Impaired service availability Risk Management is “coordinated activities to direct and control an organization with regard to risk” meaning activity to reduce the uncertainties of achieving desired upside benefits without unacceptable downside consequences Organizations invest in cloud in pursuit of two benefits: 1. Deliver new services and value faster  grow top line 2. Improve operational efficiency  boost bottom line
  • 3. © 2017 Nokia3 Cloud Service Providers (CSPs) Primary Cloud Operator Roles CSP: Management and Orchestration as-a-Service CSP: Functional Component offered as-a-Service Cloud Service Customer (CSC) CSP: Infrastructure as-a-Service Application Software CSP: Network Provider Provider Role Customer Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Customer Role Provider Role Functional Component as-a-Service Virtual Compute, Memory, Storage & Networking Service Automated Lifecycle Management Cloud Service User Application Software Integrator Role Transport Service Application Service Cloud Service Customers (CSCs) operate application services hosted on public or private clouds Cloud Service Providers (CSPs) own and operate the physical infrastructure equipment, etc, that serve the virtual resources, automated lifecycle management and functional components to CSCs Considering risks facing the cloud service customer organization Roles based on ISO/IEC 17788:2014 Cloud Computing Overview & Vocabulary
  • 4. © 2017 Nokia4 Deliver new services and value faster to grow the top line, especially via: 1. Enhanced Service Value Chains…rapidly leverage off-the-shelf service components 2. Agile/DevOps and Accelerated Application Service Lifecycle Improve operational efficiency to grow the bottom line, especially via: 1. Aggressive automation and self service 2. DevOps and application lifecycle changes 3. Perfect capacity management 4. Transparency and continuous improvement 5. Aggressive cost management Expected Cloud Service Customer Benefits of Cloud Deployment Service Lifecycle ServiceTransitionPlan & Code Service OperationTest Build Development Lifecycle Cloud Service Customer (CSC’s) Service Production Costs CSC General & Administrative Overheads Maintenance & Support Fees CSC Labor Staffing Loaded Salary CSC Operations & Business Support Systems Application & Software Components Usage Usage-based pricing Infrastructure Usage Usage-based pricing Functional Component as-a-Service Usage Usage-based pricing Cloud Management & Orchestration Usage Usage-based pricing 1.Aggressive automation, including selfservice 5.Aggressive cost management 3. Perfectcapacity management 4. Transparencyand ContinuousImprovement 2. DevOps and application Lifecycle Changes
  • 5. © 2017 Nokia5 Cloud User Service Quality Risk Fishbone Diagram Virtual Network Risks  Packet Loss  Packet Delay  Packet Jitter  Network Delivered Throughput  Network Outage  VN Diversity Compliance Violation VNF Product Risks  Faulty VNF Configuration Specifications  Defective VNF Lifecycle Management Scripts  Residual Product Defect Virtualized Application Latency Risks  TAIL Application Latency  TYPICAL Application Latency Service Integration Risks  Wrong Element Used  Integration Defect  Element Operational Conditions Violated  Faulty Service Delivery Architecture  Faulty Service Control Architecture  Faulty Service Workflow Lifecycle Management (Execution) Risks  VNF Lifecycle Management  Network Service Lifecycle Mgmt  Forwarding Graph Service Lifecycle Mgmt  Virtual Link Service Lifecycle MgmtAccountability Risks  Incomplete Accountability  Conflicting Accountability  Ambiguous Demarcation  Ambiguous Service Level Objective  Inadequate/Ambiguous Data Cloud Service Provider Catastrophe Risks  (Semi?) Permanent loss of cloud service  (Semi?) Permanent loss of CSC data Human and Organizational Risks  Organization and Incentive Design  (Human) Process Risks  Human Error Unknown-Unknown Risks  Fundamental Disruption  Emerging Technology  Technical Debt  Flawed Standards  Faulty IaaS CapEx Reduction  Faulty CSP OpEx Reduction Virtual Machine Risks  VM Dead on Arrival  VM Failure  VM Stall  VM Scheduling Latency  VM Clock Error  VM Placement Policy Violation User Service Quality Risk Virtual Storage Risks  Storage access latency  Storage access reliability  Volume capacity  Volume outage  Volume throughput Service Policy Risks  Insufficient Spare Capacity (Target)  Faulty Resource Placement Policy  Faulty Scaling Decision Criteria  Inaccurate Demand Forecast Functional-Component-as-a- Service Quality Risks  FCaaS Outage Downtime  FCaaS Reliability  FCaaS Latency Visibility Risks  Obstructed Vision  Poor Resolution  Stale Vision  Mirage Graphic from Risk Thinking for Cloud-Based Application Services, by Eric Bauer, CRC Press, April 2017
  • 6. © 2017 Nokia6 Risk Treatment Techniques Enterprises can treat risks via one or more of the following techniques  Replace or remove the risk source, e.g., replace risky service component with a higher quality alternative  Change the risk likelihood, e.g., more testing to find (and then fix) residual defects  Change the risk consequences, e.g., redundancy or high availability architectures to minimize duration of impact from failures  Share the risk with external parties, e.g., service level agreements with remedies, such as liquidated damages  Retain the risk (default option), e.g., business retains the risk that customers will demand their product or service offering  Reject accountability, e.g., for misuse or abuse of the product or service  Avoid the risk, e.g., delaying or declining to bring a product or service to market
  • 7. © 2017 Nokia7 Primary Risk Identification Techniques Influence Diagrams Cause and Effect Analysis Failure Mode Effect Analysis Structured Interviewing and Brainstorming Structured what-if technique (SWIFT) Fault Tree Analysis Risk Identification and Analysis Techniques Virtual Network Risks  Packet Loss  Packet Delay  Packet Jitter  Network Delivered Throughput  Network Outage  VN Diversity Compliance Violation VNF Product Risks  Faulty VNF Configuration Specifications  Defective VNF Lifecycle Management Scripts  Residual Product Defect VirtualizedApplication LatencyRisks  TAIL Application Latency  TYPICAL Application Latency Service IntegrationRisks  Wrong Element Used  Integration Defect  Element Operational Conditions Violated  Faulty Service Delivery Architecture  Faulty Service Control Architecture  Faulty Service Workflow Lifecycle Management (Execution) Risks  VNF Lifecycle Management  Network Service Lifecycle Mgmt  Forwarding Graph Service Lifecycle Mgmt  Virtual Link Service Lifecycle Mgmt AccountabilityRisks  Incomplete Accountability  Conflicting Accountability  Ambiguous Demarcation  Ambiguous Service Level Objective  Inadequate/Ambiguous Data CloudService Provider Catastrophe Risks  (Semi?) Permanent loss of cloud service  (Semi?) Permanent loss of CSC data HumanandOrganizational Risks  Organization and Incentive Design  (Human) Process Risks  Human Error Unknown-Unknown Risks  Fundamental Disruption  Emerging Technology  Technical Debt  Flawed Standards  Faulty IaaS CapEx Reduction  Faulty CSP OpEx Reduction Virtual Machine Risks  VM Dead on Arrival  VM Failure  VM Stall  VM Scheduling Latency  VM Clock Error  VM Placement Policy Violation User Service Reliability Risk Virtual Storage Risks  Storage access latency  Storage access reliability  Volume capacity  Volume outage  Volume throughput Service Policy Risks  Insufficient Spare Capacity (Target)  Faulty Resource Placement Policy  Faulty Scaling Decision Criteria  Inaccurate Demand Forecast Functional-Component-as-a- Service QualityRisks  FCaaS Outage Downtime  FCaaS Reliability  FCaaS Latency VisibilityRisks  Obstructed Vision  Poor Resolution  Stale Vision  Mirage
  • 8. © 2017 Nokia8 Primary Risk Control Analysis Techniques Layers of Protection Analysis Critical Control Point Analysis Event Tree Analysis Bow Tie Analysis Risk Control Analysis Techniques
  • 9. © 2017 Nokia9 0 1 2 3 4 5 Virtual Machine Risks Virtual Network Risks Virtual Storage Risks Virtualized Application Latency Risks Functional Component-as-a- Service Quality Risks Lifecycle Management (Execution) Risks Volatile Risk Vector Index Risk Evaluation Techniques Primary Risk Evaluation Techniques Failure Mode Effects and Criticality Analysis Dose-Response (Toxicity) Assessment Consequence/Probability matrix FN Curves Risk indices Decision tree Cost/benefit analysis
  • 10. © 2017 Nokia10 Reconsidering Quality and Risk Frequency Magnitude Opportunity (very low risk) Acceptable Tolerable Unacceptable Canonical Risk Map Opportunity Acceptable Unacceptable Tolerable Level of Cloud Service Impairment User Service Quality (Defective Operations per Million) Target Opportunity to soften cloud service level objective (SLO) 10-9 10-8 10-7 10-6 10-5 10-4 10-3 10-2 10 DPM 1 DPM 0.1 DPM 0.01 DPM Unacceptable cloud service level objective Tolerable Hypothetical Dose-Response Chart Super acceptable service quality may be an opportunity reduce resource allocation to increase operational efficiency and save money
  • 11. © 2017 Nokia11 Quality and Risk-Based Thinking • ISO 9001:2015 “Quality Management Systems - Requirements” Clause 0.3.3 – “To conform to the requirements of this International Standard, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the quality management system, achieving improved results and preventing negative effects.” Available April 2017 Methodically identifying, analyzing, treating and monitoring uncertainties for desired benefits and undesirable consequences is a best practice for service, risk and quality management