In the news…
november 2009
OV ontregeld
door
landelijke
storin
g
mobiel
netwerk
HD Traffic service
onbruikbaar na
netwerkstoring
maart 2009
Kapotte router
oorzaak
urenlange
landelijke storing
betaalautomaten
September 2011DigiNotar-hackers blijken 531 certificaten te hebben vervalst
September 2011, Computerworld
Dutch struggle to
revoke DigiNotar
SSL certificates
SaaS and Cloud: new possibilities
and new vulnerabilities
(1 − z3 / 6) / (z − z2 / 2)2 + c
Simple variables, complex
consequences
The basics
• (Unlimited) Scalability– IT becomes a scalable cost
• (Ubiquitous) Communication• Transactions in milliseconds
• (Seamless) Cooperation– Opening up internal systems for partners
• Anytime, Anywhere– Instantaneous as well as a-synchronous
• (Maximum)Transparency– Digital trust through access to data and certificates
Double edged
• New possiblities– Opportunities– Disruptive innovation
• Complexity– Risks– Chaos in prediction outcomes
opportunities
800 million Digital Friends
Digital marketplace
Digital hardware
Buildingblocks
of the Internet
12
Convergence
SoftwareproducerSoftwareproducer
ServiceproducerService
producer
Productquality
Servicequality
Combination of services ad
software creates new added value
13
BasisregistratiesCombination leads to new added values
PAAS Research Questions
• Convergence– “What is the business
convergence phenomenon?”
– “What is a appropriate business model to gain substantial competitive advantages?”
• Multi-Tenancy– “How to support
variability in a multi-tenant software-as-a-service environment?”
– “How to organize hybrid product and service organisation”
Risks
Buildingblocks
of the Internet
Buildingblocks
of the Internet
Mashup
In mashup normally more than 80% is reuse of existing services and less than 20% is new software
Testability
No clear test environment
for full application
19
BasisregistratiesCombination leads to new single points
of failure
“Hidden” relations between
environments
Lazy use of security
Centralised De-CentralisedDistributed
Rand
In a distributed environment control can not be imposed from the top
Trust
as·sur·ance
A statement or indication that inspires confidence
Level of proof to build confidenceTrustworthy > adequate proof of trust
Confidence in the capabilities to realize promises …
TTISC Research questions
• Q1: What are the risk elements
• Q2: What are the risk control patterns
• Q3: What is the integrated model of risk and controls
• Q4: How to achieve assurance in SaaS chains
26
MacromyopiaWe overestimatethe short term resultsof technologyand underestimatethe long term results
Jaron Lanier
Top Related