Software Development Risk Assessment for Clouds

1. National Technical University of Ukraine “Kiev Polytechnic Institute” Heat and energy design faculty Department of automation design of energy processes and systems (ADEPS) Software Development Risk Assessment for Clouds Students of 6th department group TI-41mHanna Shvedova Pavlo Seredin VІI scientific and practical seminar with international participation “Economic security of the state and scientific and technological aspects of its provision". October 21-22, 2015, Kyiv, Ukraine

2. What is a risk? • effect of uncertainty on objectives, which may or may not happen and caused by ambiguity or a lack of information (ISO 31000 (2009) / ISO Guide 73:2002) • any future uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, or quality (PMBOK, 5th Edition) VІI “Economic security of the state and scientific and technological aspects of its provision“ 2

3. Technology Risks It includes delays arising out of software & hardware defects or the failure of an underlying service or a platform.  External Risks All uncertain risks are outside. It can be: running out of fund, market development, changing customer’s priority, government rule changes. Resources Risks Resource issues such as turnover and learning curves are common project risks.  Types of risks Schedule Risk Software development, given the intangible nature and uniqueness of software, is inherently difficult to estimate and schedule. Budget Risk Wrong budget estimation or cost overruns or project scope expansion. Operational Risks The prospect of loss resulting from inadequate or failed procedures, systems or policies.  VІI “Economic security of the state and scientific and technological aspects of its provision“ 3

4. Risk mitigation - follow the typical ways to manage the risk: avoidance (eliminate), reduction, sharing (transfer), retention (accept) Define the environment, understand the context. Risk identification is an iterative process. New risks will be identified as the project progresses through the life cycle. Determination of quantitative or qualitative value of risk and a recognized threat enables the organization to understand the business context of their overall vulnerabilities - and prepare for and mitigate loss. Review and monitoring - keep this process and iterate during the project Risk management process VІI “Economic security of the state and scientific and technological aspects of its provision“ 4

5. Cloud computingis a computing resource deployment and procurement model that enables an organization to obtain its computing resources and applications from any location via an Internet connection.

6. Usage of clouds • One in every five enterprises in the EU use cloud computing services. • The information and communications sector is the largest adopter of cloud computing services at forty-five percent. • Finland is the leading country for cloud computing in the EU. It is well above the EU average with one in every two enterprises using a form of cloud computing service there. VІI “Economic security of the state and scientific and technological aspects of its provision“ 6

7. Service models of clouds Infrastructure as a service (IaaS) provides access to server hardware, storage, network capacity, and other fundamental computing resources. Software as a service (SaaS) provides integrated access to a provider’s software applications. Platform as a service (PaaS) provides access to basic operating software and services to develop and use customer-created software applications. VІI “Economic security of the state and scientific and technological aspects of its provision“ 7

8. Typical risks for clouds Network Dependency Of even bigger concern are the few instances in which customers have lost data, either due to an issue with the cloud provider or with malicious attackers. Ownership Many public cloud providers, including the largest and best known, have clauses in their contracts that explicitly states that the data stored is the provider's - not the customer's. VІI “Economic security of the state and scientific and technological aspects of its provision“ 8

9. Typical risks for clouds Lack of transparency cloud customers have little insight into the storage location(s) of data, algorithms used by the CSP to provision or allocate computing resources, the specific controls used to secure components of the cloud computing architecture, or how customer data is segregated within the cloud. Security and compliance concernsdata is located on hardware outside of the organization’s direct control. Depending on the cloud solution used, a cloud customer organization may be unable to obtain and review network operations or security incident logs because they are in the possession of the CSP. IT organizational changes If cloud computing is adopted to a significant degree, an organization needs fewer internal IT personnel in the areas of infrastructure management, technology deployment, application development, and maintenance. The morale and dedication of remaining IT staff members could be at risk as a result. VІI “Economic security of the state and scientific and technological aspects of its provision“ 9

10. Web resources: http://www.clei.org/cleiej/papers/v16i1p10.pdf http://www.softwaretestinghelp.com/types-of-risks-in-software-projects/ https://www.bia.ca/articles/rm-risk-management.htm http://strikingprojectmanagement.com/qualitative-risk-analysis/ http://johnmuldoon.ie/2015/08/top-ten-cloud-computing-countries-in-the-eu/ http://www.coso.org/documents/Cloud20Computing20Thought20Paper.pdf http://www.brighthub.com/environment/green-computing/articles/10026.aspx VІI “Economic security of the state and scientific and technological aspects of its provision“ 10

11. Any questions ? You can find me at a.shvedova@yahoo.com Thanks!