Digital Capital and Cloud Computing's Asymmetric Risks
London, UK - 27th December 2009, 11:00 GMT
Dear ATCA Open & Philanthropia Friends
[Please note that the views presented by individual contributors are not necessarily representative of the views of ATCA, which is neutral. ATCA conducts collective Socratic dialogue on global opportunities and threats.]
In the 21st century, what is the most valuable capital we have, beyond our prized human relationships? We are conditioned to believe that the most valuable capital is financial in nature or manifest as physical assets with monetary value. Witness the somewhat irrational rush for gold assets in recent years or a frenzied craze for owning multiple residential and commercial properties across the world! The truth is that as we have been evolving rapidly as a global civilisation, the most valuable capital we possess right now is increasingly non physical. Digital Capital's value per gram can be infinite because it is weightless! The more creative the Digital Capital, the more infinitely valuable it becomes!
This Digital Capital adds value when it is innovative, dynamic and flowing. When we buy most new products, services and solutions -- tangible or intangible -- what we are paying for in terms of utility, design and functionality, is primarily a manifestation of Digital Capital -- a type of concentrated human intellectual creativity -- and not financial capital. Although, finance may have had some part to play in its creation as catalyst. Such is the power, reach and richness of Digital Capital, that most of the time old-fashioned finance and money also manifest as Digital Capital. All our bank accounts, no longer have physical ledgers beneath them, they simply exist by virtue of a digital data entry against our name. The same with most bonds, shares and other financial instruments.
The chief characteristic of Digital Capital is that it is useful, and adds value, if it is capable of being in motion. If any Digital Capital goes into hibernation, remains dormant, stagnant or cannot be accessed, it diminishes in value and tends towards zero value very fast. Live Digital Capital is much more prized than dormant, corrupted or dead Digital Capital, just like human beings. If Digital Capital falls into the wrong hands, it can appear as if humans have been kidnapped and are being held to ransom! Digital Capital is not the same as money, gold or other physical assets falling into the wrong hands, which are all replaceable. Digital Capital carries unique attributes and qualities that render human-like personality to it and this makes Digital Capital fundamentally irreplaceable.
If we look back a few years -- any time one wanted to type a letter, create a spreadsheet, edit a photo, or play a game, one had to go to the computer vendor, buy the software, and install it on one's computer, which was either standalone or part of an internal network. Nowadays, if one wants to look up restaurants on a search engine; find directions to a location; listen to music; watch a video; or sell product; all one needs is a computer with an Internet connection. Although these activities just require a computer, none of the content one is accessing or the applications one is running are actually stored on that local device -- instead they are stored at a giant data centre somewhere in the 'Computing Cloud'. And we don't give any of it a second thought! Just like we do not think twice about where the electricity is coming from when we plug an appliance into the wall. However, does the comparison between Digital Capital and electricity hold up to close scrutiny? No, not at all!
There is no question: the Personal Computer is giving way to a new era, the Utility Computing Age. However, it is naive to assume that Cloud Computing is like an electricity or gas utility. It is much more complex and risk prone because the outsourcing of sensitive Digital Capital is involved. Each electron or gas molecule is similar in utility to the next one, but this is not true for every byte of Digital Capital at all. Each Digital Capital byte may have unique characteristics. Digital Capital is the life blood of almost all organisations in the 21st century and is the crucial carrier of creativity, intellectual property, risk transfer as well as trust between parties. Contrary to popular myth, propagated in the context of cutting costs drastically, the reliability, availability, scalability and maintainability of Cloud Computing infrastructure and applications is still far from perfect. This leaves gaping holes, asymmetric threats and security risks in the areas of confidentiality, integrity, authentication and non-repudiation of outsourced Digital Capital storage, exchange and its transactions. Unless there is a code of conduct for handling Digital Capital by Cloud Computing vendors similar to bankers taking money deposits with independent regulatory oversight, we are setting ourselves up for huge national and corporate vulnerability in the 21st century. The strength of our organisations, manifest as brand value, is compromised by the weakest link. What if that weak link handles our Digital Capital and operates outside the control of our organisation and jurisdiction?
Cloud Computing is fraught with asymmetric security risks, which can cause havoc when manifest. A brand name built up over a century or more may lose credibility within a day. Why? Because the personal data of a million customer profiles with names, addresses, family member details, purchasing habits, has fallen into the wrong hands. Sound familiar? Digital Capital has unique and, in some cases, unquantifiable risk attributes. Hence, Cloud Computing requires risk assessment in critical areas such as data integrity, recovery, and privacy including identity management; and an evaluation of legal issues in areas such as electronic discovery, regulatory compliance and auditing.
Recently, the Chief Information Officer, of a major transnational group decided not to rely entirely on business software from a long-established software vendor and IT integrator that would have let their group own the technology. Instead, the CIO rented these indispensable digital products from a Search Engine vendor via an unconventional approach called 'Cloud Computing'. The incentive to do so was clear: cut costs drastically given the global economic downturn. After lengthy internal testing, the CIO became convinced that the Search Engine vendor could be trusted to provide critical software programs. However, the CIO wrote an internal memo to the CEO -- at the request of the compliance department -- that should the data fall into the wrong hands, the inherent risk of Cloud Computing will boomerang swiftly on the share price of the listed company amongst other unintended consequences! When we label the CIO as Chief Information Officer, we have put him in charge of Information and associated technology in our mind, which we treat as similar to the handling of electricity, gas, telecom or other utilities. However, when we recognise that the CIO is actually handling the crown jewels of our enterprise, then we may be minded to call him CDC or Chief of Digital Capital!
Cloud Computing is picking up significant traction, but before organisations jump on to the Cloud Computing bandwagon, they should consider the unique security risks this entails for their Digital Capital. The Cloud Computing wave is the most dramatic and critical change the mi2g Intelligence Unit's (mIU) Bespoke Security Architecture (BSA) team and the ATCA Research and Analysis Wing (A-RAW) have observed in the global business landscape since the original wave of the world wide web via the Internet in the mid-1990s. The original wave was about information dissemination, exchange and cyber transactions. However, Cloud Computing is going much further and significantly changing global business models by causing Digital Capital to be stored outside. In fact, the Cloud Computing wave is not just a wave, it has been compared to a Tsunami. What is causing this Cloud Computing Tsunami to unleash at such an accelerated pace despite the inherent asymmetric risks to an organisation's survival? Ask yourself this, what happens as in 2010 and beyond, organisations desperate to cut costs drastically:
. Forgo capital expenditures and instead purchase almost half of their IT infrastructure as an outsourced service; and
. Carry out at least half of the application software spending as a service subscription at a much reduced cost, instead of as a product license.
Thanks to the thousands of miles of fibre-optic cable laid down during the late 1990s, the speed of computer networks has finally caught up with the speed of computer processors. What the fibre-optic Internet does for computing is exactly what the Alternating-Current (AC) network did for electricity. Suddenly, computers that were once incompatible and isolated are now linked in a grid-like giant network or 'Cloud'. As a result, computing is fast becoming a utility in much the same way that the electricity grid did at the start of the last century. Rendered obsolete, the traditional Personal Computer is replaced by a simple terminal -- a 'Thin Client' that is little more than a monitor hooked up to the Internet. While that may sound far-fetched, in the corporate market, sales of these 'Thin Clients' have been growing at over 20% per year -- far outpacing that of conventional PCs. The simple truth is that Cloud Computing is becoming as big a part of our daily lives as much as mobile telephony and satellite navigation, albeit with unintended consequences for all forms of Digital Capital, identity management, corporate resilience, stakeholders' safety and security hazard.
In 2010, many ATCA decision makers expect Cloud Computing to become much more attractive and loom ever larger on their board-of-directors' horizon. In contrast with software which requires installing programs on disparate computers, Cloud Computing lets organisations have someone else run their software remotely for a monthly or annual fee, with users accessing the programs over live Internet connections. Cloud Computing isn't just a modern convenience -- it is becoming an enormous industry. This technology is cutting billions in costs whilst showering billions in revenues on companies that purvey it. The question is: who are the winners and who are the losers? New players and the incumbents or other unknown actors? Everyone from individuals to government agencies and multinational corporations can now simply tap into the 'Cloud' to get all the things they used to have to supply and maintain themselves. As computing moves online, the sources of power and money are increasingly manifest as enormous Computing Clouds of Digital Capital! Who is going to secure them?
We welcome your thoughts, observations and views. To reflect further on this subject and others, please respond within Twitter, Facebook and LinkedIn's ATCA Open and related discussion platform of HQR. Should you wish to connect directly with real time Twitter feeds, please click as appropriate:
. ATCA Open
. mi2g Intelligence Unit
. Open HQR
. DK Matai