Académique Documents
Professionnel Documents
Culture Documents
The candidate confirms that the work submitted is their own and the appropriate credit has been given where reference has been made to the work of others. I understand that failure to attribute material which is obtained from another source may be considered as plagiarism.
Acknowledgements
I would like to take this opportunity to express my thanks to the following people who have helped me a lot in completing this project. I want to give my appreciation to my supervisor, Dr Karim Djemame. I am really grateful for his support and guidance during last several months. I also want to thank my assessor, Professor Jie Xu, for his feedback for my interim report and suggestions given in the progress meeting. Thanks to Owen Johnson, Paul Townend and Natasha Shakhlevich for helping me to choose a project. Thanks to my friends, Zhipeng Huang and Jing Ma to help proof reading for me. Finally, I would like to thank to my family members for their ongoing support.
Abstract
Cloud Computing which is a buzzword nowadays is applied to many industries at present. For instance, there has been a new trend for e-commerce companies to adopt Cloud Computing. Most organizations are attracted by Cloud Computing because Cloud can save time and money for them in investing in IT infrastructure. There is no doubt that this may be the biggest benefit brought by Cloud Computing, but Cloud Computing also brings a number of other benefits. For e-commerce companies, Cloud Computing provides some specific benefits. For example, it is quite important for e-commerce companies to keep their customers information secure. Cloud Computing helps to improve the security performance in e-commerce by providing a safer way to store the information. This report will address other benefits that offered to e-commerce companies by Cloud Computing. Although Cloud Computing can bring lots of opportunities for e-commerce companies, there still have some issues that should be paid attention to before moving to it. For examples, there is no unified Cloud standards yet which may cause trouble to use Cloud Computing; the quality of Cloud service cannot be guaranteed; migration effort should be considered, etc. These issues will be discussed in this report. In addition, it should be noted that, while Cloud Computing can help e-commerce achieve competitive advantages, it intensifies the competition in e-commerce market since it gives chances for more small business to do e-commerce. I will utilise Porter s Five Forces Model to do analysis to support this argument. This project will reach the conclusion by evaluating this project and giving suggestions on significant aspects required to be improved.
ii
List of Acronyms
API: Application Programming Interface AWS: Amazon Web Service BI: Business Intelligence B2B: Business to Business B2C: Business to Consumer CAMM: Common Assurance Maturity Model CPU: Central Processing Unit CSA: Cloud Security Alliance CSP: Cloud Service Provider C2C: Consumer to Consumer DMTF: Distributed Management Task Force DNS: Domain Name Server DOS: Disk Operating System EDIElectronic Data Interchange EFTElectronic Funds Transfer ENISA: European Network and Information Security Agency IaaS: Infrastructure as a Service IEEE: Institute of Electrical and Electronics Engineers
iii
OS: Operating System OVF: Open Virtualization Format PaaS: Platform as a Service PKI: Public Key Infrastructure QoS: Quality of Service SaaS: Software as a Service SCM: Supply Chain Management SLA: Service Level Agreement SNIA: Storage Networking Industry Association SOAP: Simple Object Access Protocol SOE: Sony Online Entertainment SSL: Security Socket Layer TOC: Total Cost of Ownership VM: Virtual Machine WSDL: Web Service Description Language W3C: World Wide Web Consortium
iv
List of Figures
Fig 1.1: Four-layer Architecture for Cloud Computing ..................................................................................... 2 Fig 1.2: High-level Market-oriented Cloud Architecture .................................................................................. 3 Fig 1.3: Key Cloud Services Attributes ........................................................................................................... 3 Fig 1.4: Emerging Technologies Hype Cycle 2009 ........................................................................................... 8 Fig 2.1: The Development of E-commerce ...................................................................................................... 11 Fig 2.2: Major Differences between E-commerce and E-business ................................................................... 11 Fig 2.3: E-commerce Activity Participants after adopting Cloud .................................................................... 13 Fig 2.4: Concern about Personal Details Accessing by Others........................................................................ 14 Fig 2.5: Retail E-commerce Growth Rates ...................................................................................................... 16 Fig 3.1: World Internet Users and Population Stats......................................................................................... 20 Fig 3.2: Growth in Internet Host Computers and Major E-commerce Developments .................................... 21 Fig 3.3: 2010 Q1-2012 Q2 Mobile Internet Market Size ................................................................................ 22 Fig 3.4: 2012 Q2 The Composition of Chinas Mobile Internet Industry ....................................................... 23 Fig 3.5: Usage Model of Amazon Elastic Compute Cloud ............................................................................. 27 Fig 3.6: Top 500k Sites by Cloud Provider-May 2010 .................................................................................... 27 Fig 3.7: The Usage Report of Amazon S3 ....................................................................................................... 28 Fig 3.8: Bandwidth Consumed by Amazons Global Websites ....................................................................... 29 Fig 3.9: AWS Simple Monthly Calculator ....................................................................................................... 33 Fig 3.10: Capacity vs. Usage Comparison ...................................................................................................... 34 Fig 3.11: The Composition of Alibaba Group ................................................................................................. 35 Fig 3.12: Example of a Supply Chain.............................................................................................................. 39 Fig 3.13: Cloud Data Storage Architecture ..................................................................................................... 40 Fig 3.14: Specific Customer Concerns Related to Security ............................................................................ 43 Fig 3.15: AWS Price Announcement ............................................................................................................... 46 Fig 3.16: Porters Five Forces Model .............................................................................................................. 51
List of Tables
Table 1: Big Events during the Development of Cloud Computing .................................................................. 9 Table 2: Comparing Public Clouds and Private Data Centres ......................................................................... 25 Table 3: Top 10 Obstacles and Opportunities for Cloud Computing ............................................................. 26 Table 4: E-commerce Security: Goals, Approaches and Standards ................................................................. 30 Table 5: Comparison of Amazon and Alibaba ............................................................................................... 37 Table 6: Ten Interrupts of Cloud Servers ......................................................................................................... 47 Table 7: Porter s Five Forces Analysis for Cloud-ecommerce Market............................................................ 53
vi
Contents
Acknowledgements ................................................................................................................................................... i Abstract ..................................................................................................................................................................... ii List of Acronyms ...................................................................................................................................................... iii List of Figures ........................................................................................................................................................... v List of Tables ............................................................................................................................................................ vi Contents ................................................................................................................................................................... vii Chapter 1: Cloud Computing ................................................................................................................................... 1 1.1 Definition of Cloud Computing ................................................................................................................... 1 1.2 Cloud Architecture ....................................................................................................................................... 2 1.3 Cloud services.............................................................................................................................................. 3 1.4 Virtualization ............................................................................................................................................... 4 1.5 Cloud Models .............................................................................................................................................. 5 1.6 Cloud Standards ........................................................................................................................................... 6 1.7 Developing of Cloud Computing ................................................................................................................. 7 Chapter 2: E-commerce ..........................................................................................................................................11 2.1 Definition of E-commerce ..........................................................................................................................11 2.2 Categories of E-commerce......................................................................................................................... 13 2.3 Security of E-commerce ............................................................................................................................ 14 2.4 Current Situation of E-commerce .............................................................................................................. 15 2.5 Benefits of E-commerce ............................................................................................................................ 17 2.5.1 Benefits to consumers .................................................................................................................. 17 2.5.2 Benefits to businesses................................................................................................................... 18 2.5.3 Benefits to society ......................................................................................................................... 18 Chapter 3: Cloud Computing in E-commerce ....................................................................................................... 19 3.1 PEST analysis for E-commerce industry ................................................................................................... 19 3.2 Current situation of Cloud adoption in Chinese E-commerce market ....................................................... 21 3.3 Why Cloud? ............................................................................................................................................... 23 3.3.1 Benefits for Cloud providers ........................................................................................................ 23 3.3.2 Benefits for Cloud consumers ...................................................................................................... 24 3.3.3 Benefits for end-users................................................................................................................... 25 3.3.4 Limitations of Cloud ...................................................................................................................... 25 3.4 Case studies: Cloud Providers ................................................................................................................... 26 3.4.1 Methodology .................................................................................................................................. 26 3.4.2 Amazon Cloud service .................................................................................................................. 26 3.4.2.1 Introduction of Amazon Web Service .................................................................................. 26 3.4.2.2 Amazon Web Service: a choice for e-commerce security .................................................... 29 3.4.2.3 Amazon Web Service: an economical choice for e-commerce companies .......................... 32 3.4.3 Alibabas Cloud service ................................................................................................................. 34 3.4.4 Cloud Service: Amazon VS Alibaba .............................................................................................. 36 3.5 Why e-commerce companies want to adopt Cloud? .................................................................................. 38 3.5.1 The problems e-commerce companies are facing ...................................................................... 38 3.5.2 The solutions brought by Cloud ................................................................................................... 39
vii
3.6 Success stories: how Cloud Computing benefits e-commerce companies ................................................ 41 3.6.1 Easy payment methods ................................................................................................................. 41 3.6.2 Reduce the time to market ........................................................................................................... 41 3.6.3 Auto-scaling feature ...................................................................................................................... 42 3.6.4 Differentiate services .................................................................................................................... 42 3.6.5 Improve relationship with customers ......................................................................................... 43 3.7 Issues to consider prior to Cloud adoption ................................................................................................ 43 3.7.1 Security .......................................................................................................................................... 43 3.7.2 Privacy Protection ......................................................................................................................... 45 3.7.3 Cost................................................................................................................................................. 45 3.7.4 Quality ............................................................................................................................................ 46 3.7.5 Migration ....................................................................................................................................... 48 3.8 Issues that need to be solved ...................................................................................................................... 49 3.8.1 Cloud Standards ............................................................................................................................ 49 3.8.2 Legislation and Regulatory Issues of CSPs .................................................................................. 50 3.9 Porters Five Forces: How Cloud influences e-commerce industry .......................................................... 50 3.10 Future trend of Cloud adoption in E-commerce ...................................................................................... 53 Chapter 4: Evaluation............................................................................................................................................. 54 4.1 Introduction ............................................................................................................................................... 54 4.2 Evaluation according to minimum requirement ........................................................................................ 54 4.3 Comparing with published work................................................................................................................ 57 4.3.1 PEST analysis for e-commerce industry ...................................................................................... 57 4.3.2 Opportunities that provided by Cloud Computing to e-commerce companies ........................ 57 4.3.3 Important issues to consider before moving to Cloud Computing............................................ 58 4.4 Limitations and suggestions for future work ............................................................................................. 59 4.5 Conclusion ................................................................................................................................................. 60 References .............................................................................................................................................................. 61 Appendices ............................................................................................................................................................. 66 Appendix A: Reflection on the project ............................................................................................................ 66 Appendix B: Time plan .................................................................................................................................... 68 Appendix C: Interim report ............................................................................................................................. 69 Appendix D: Top threats to Cloud Computing ................................................................................................ 71 Appendix E: Opportunities provided by Cloud Computing in terms of security ............................................ 73 Appendix F: Cloud customers vs. Cloud Services........................................................................................... 74
viii
This definition sees Cloud as a type of system, but some other people treat Cloud as resources. For example, Vaquero et al. defined Cloud as a large pool of easily usable and accessible virtualized resources which could be hardware, development platforms and/or services. All of these resources can be reconfigured to adjust to a variable load dynamically, allowing also for optimum resource utilization. And, these resources are typically exploited by a pay-per-use model in which guarantees are offered by the Infrastructure Provider by means of customized Service-Level Agreements[4]. Although there are various definitions for Cloud, most of them mention virtualization and scalability, pay-per-use business model. Among these, virtualization and scalability are very often seen as the most important two properties of Cloud [4]. Cloud Computing is a new style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet[5].
Application
Platform
Unified Resource
Fabric
Customers require specific Quality of Service (QoS) to be maintained by providers. Cloud service providers (CSPs) have to consider and meet different QoS parameters of each individual customer. Market-oriented resource management is therefore needed to manage the supply and demand of Cloud resources, provide feedback for both customers and providers. Thus, market-oriented Cloud architecture is suggested. There are four main entities involved in this architecture: Users/Brokers, SLA Resource Allocator, Virtual Machines (VMs) and Physical Machines [3]. Users/Brokers submit requests to the data centre and Cloud from anywhere in the world. SLA Resource Allocator acts as the interface between service provider and users/brokers. 2
VMs provide maximum flexibility to configure different partitions of resources to various specific requirements of service requests on the same physical machine. Physical Machines refer to the data centre contains multiple computing servers that offer resources to fulfil service demands.
Fig 1.3: Key Cloud Services Attributes. Adapted from Gens, 2008[7]
Amazon[8] is a leader of Cloud services providers, Amazon Simple Storage Service (Amazon S3)[9] and 3
Amazon Elastic Compute Cloud (Amazon EC2) [10] are two typical Cloud services. They will be discussed in the following sections.
1.4 Virtualization
Virtualization and scalability are two key properties of Cloud Computing. They make Cloud Computing different from traditional distributed systems. Cloud services and computing platforms could be scaled across geographical locations, software configuration and hardware performance. In other words, companies can scale up or down the IT infrastructure depending on their needs. Moreover, the time to start a business process is not contingent on IT infrastructure establishment time any more through virtualization [11]. Virtualization technology, which is the footstone of todays Cloud, has been proposed and developed over a long period. Christopher Strachey published a paper titled Time Sharing in Large Fast Computers in which gives the concept of virtualization in the International Conference on Information Processing in June 1959[12]. The idea of virtualization is to partition or divide resources of a single server into multiple segregated virtual machines. Robert P. Goldberg argued in 1974:Virtual machine systems were originally developed to correct some of the shortcomings of the typical third generation architectures and multiprogramming operating systems. In recent years, the rapid development of IT infrastructure makes
virtualization becoming unprecedented popular[13]. Virtualization is the capability that can create a virtual version of physical resources both in the computing and network environment. The virtual resources can be a virtual circuit, a disk partition or a virtual computer. These resources are usually created by segmenting a physical resource and tailored to various needs, sometimes even moved from a virtualization-aware platform to another [14]. There are five categories of virtualization: full virtualisation, hardware assisted virtualisation, partial virtualisation, paravirtualisation, hybrid virtualisation and operation system-level virtualisation[15]. Full virtualisation, paravirtualisation and operation system-level virtualisation are three commonly using virtualisation techniques. Briefly speaking, full virtualisation refers to the technique in which any operating system is used as the host Operation System (host OS) and guest Operation Systems (guest OS). Operation system-level virtualisation is the most popular virtualisation technique which is performed based on a single host operating system. The difference between operation system-level virtualisation and paravirtualisation is, 4
with the former technique, only the same instances of the host Operating System can be used on the virtual Servers as guest Operating Systems. However, it is possible to use different guest Operating Systems like Microsoft XP and Linux on the virtual servers with paravirtualisation. Virtualization brings many benefits, such as increase utilization, energy saving, rapid deployment, improved maintenance capability, isolation and encapsulation. Also, applications can migrate from one server to another while they are still running without downtime through virtualization. This provides flexible workload management[13]. Whats more, virtualization enables greater decoupling between physical computing resources and software applications which makes distribute computing concepts such as Grid and Cloud adopted by more industries [16].
A public Cloud is a service delivery model which provides massively scalable IT resources available to the general public through the Internet. It is usually based on a usage-based model. Amazon EC2, Google App Engine and Force.com are best known examples of public Cloud service providers. It sounds like public Cloud is a good choice for companies, especially for small companies as they do not need to invest too much on the IT infrastructures. But the truth is, many organizations hesitate to use public Cloud due to security issues. This debate will be further addressed in the following sections. Private Cloud
In contrast, private Cloud represents a deployment model that offer Cloud service to the internal users within the corporate network. It is relatively secure compare with public Cloud. But meanwhile, it brings another problem: capital to build private Cloud. Hybrid Cloud
Hybrid Cloud is a composition of public and private Cloud. Organizations provide and manage some 5
resources in-house and at the same time, have others provided externally. It allows a business to take advantages both of public Cloud and private Cloud. Thus, hybrid Cloud is considered as the next wave in Cloud Computing. In addition to these three types of Cloud, Mell and Grance proposed one more type which called community Cloud. They define public Cloud, private Cloud, hybrid Cloud and community Cloud as Deployment Model of Cloud Computing. This type of Cloud infrastructure is shared by several organizations and managed by organizations or a third party. And, it supports a specific community that shared concerns, such as mission, security and policy. Mell and Grance also suggested a Service Model for Cloud Computing in terms of three different kinds of Cloud services[17]. Infrastructure as a Service refers to computing resources as a service. The resource could be virtualized computers with guaranteed processing power and reserved bandwidth for storage and Internet access. Platform as a Service can be thought as IaaS with a custom software stack for the given application. But the difference between them is PaaS also includes operating systems and required services for a particular application. Software as a Service is based on licensing software use on demand that is installed and running on a Cloud platform already. It reduces the users physical equipment deployment and management cost. In addition, SaaS also allows users to compose their existing services to meet their requirements.
organizations, such as, Open Virtualization Format (OVF), X.509, WS-* Standards and Common Assurance Maturity Model (CAMM). Since both Cloud and E-commerce have security problems, standards that relevant to security seem to be more important. CSA (Cloud Security Alliance)[18] and the IEEE (Institute of Electrical and Electronics Engineers)[19] conducted a survey about the need for Cloud security standards. 93% respondents thought that security standards for Cloud are important, and 82% of them said the need is urgent. CSA is an organization whose mission is to provide security assurance within Cloud. Whats more, to provide education on the uses of Cloud Computing is an essential part of their work. ENISA (European Network and Information Security Agency) [20] is working on information security as well. Their objective is to create a hub for exchange of information, best practices and knowledge. There are also other organizations which are contributing to Cloud security standardization, such as FG Cloud (Focus Group on Cloud Computing)[21], Cloud Computing Use Case Discussion Group[22] and DMTF (Distributed Management Task Force) [23]. From the year of 2009, organizations began to pay attention to Cloud standards. But most of them are just started, and not very mature. DMTF is the one which has more achievements on virtualization section. SNIA (Storage Networking Industry Association) [24] is a relatively mature organization in the storage in Cloud Computing area.
Fig 1.4: Emerging Technologies Hype Cycle 2009. Source: Gartner, 2008
IBM unveiled its plan for Blue Cloud which offers a platform for customers paying as they used in November of 2007. It consists of a series of automatic, self-managing and self-repairing virtualized software. Rod Adkins, the Senior Vice President, Development and Manufacturing for IBM Systems & Technology Group said, Blue Cloud will help our customers quickly establish a Cloud Computing environment to test and prototype Web 2.0 applications within their enterprise environment. Over time, this approach could help IT managers dramatically reduce the complexities and costs of managing scale-out infrastructures whose demands fluctuate. [25] In the subsequent year, IBM set up its ninth Cloud Computing centre in Tokyo, Japan. In 2009, IBM Cloud Academy which is a global forum for educators, researchers and IT personnel from the education industry was launched. The purpose of this academy is to pursue Cloud Computing initiatives, develop skills and share best practices for reducing operating costs while improving quality and access to education[26]. In the year of 2010 and 2011, IBM continues to improve their Cloud services. For example, they opened a Cloud Computing laboratory [27] and launched the new IBM Cloud Computing Specialty[28]. IBM never stops to create a better Cloud. Another successful story of Cloud is Googles Cloud service. Google search, Google Earth, Google Map, 8
Gmail and Google Doc and some other functions are based on their own Cloud platform[29]. Apple, the well-known consumer electronics company has joined Cloud family in June, 2011. iCloud, the Cloud service they provide, makes it easier to access everything on customers Apple devices such as iPod, iPhone and iPad. It keeps users email, calendars and contacts up to date across all their devices. When users sign up for iCloud, they will get 5GB of free storage automatically. Thats plenty of room as the music, apps and books purchased are not count against free storage [30]. There are also a lot of other big events during the development of Cloud Computing from the very first. The following table is a brief list of them.
Year 1959
Event Christopher Strachey published his paper titled Time Sharing in Large Fast Computers which raised the concept of virtualization[31].
J.C.R.Licklider came up with the assumption of global computer network[32]. Globus, the open source platform of Grid Computing was established[33]. The professor of The University of Southern California, Ramnath K.Chellappa, gave the first academic definition of Cloud [2].
1998
VMware (company name) established, and introduced a virtual technique called X86[34].
1999
LoudCloud, which is the first commercialized platform of IaaS was established by MarcAndreessen.
2000 2004
SaaS began to spring up. The conference of Web2.0 held, the development of Internet had an absolutely new look[35].
2005 2006
Amazon claimed to build Amazon Web Service---a Cloud Computing platform [36]. The project in the view of Cloud theory called BlackBox was launched by 9
Sun[37]. 2007 Dell offered Large-Scale Data Centre Design Service and provided Cloud infrastructure for WindowsAzureFacebook and Ask.com[38]. 2008 2008 2008 Google App Engine[39] is published. Gartner deem that Cloud Computing represents the trend of computing[40]. HP, Intel and Yahoo set up OpenCirrus which is a test bed for Cloud Computing together[41]. 2008 Microsoft released their public Cloud Computing platform--- Windows Azure Platform [42]. This indicates that Microsoft branched into Cloud market. 2009 2010 Cisco released Unified Computing System and Cloud Service Platform[43]. HP and Microsoft offered the whole solution of Cloud Computing.
10
Chapter 2: E-commerce
EDI-based E-commerce
Internet-based E-commerce
Many people consider e-commerce and e-business as the same thing. In fact, this is a common misunderstanding. E-commerce, in some sense, can be regarded as part of e-business which only deals with the transactions and selling products online. It refers to all electronically mediated transactions between organizations and any third party it deals with[45].
Fig 2.2: Major Differences between E-commerce and E-business. Adapted from Tassabehji, 2003
11
As with Cloud Computing, there is no one unique definition for e-commerce. Different people and associations proposed different definitions from various perspectives. Kalakota and Whinston gave the several different perspectives for e-commerce in 1997 which is broadly well known and universally acknowledged[46]. A communications perspective --- the delivery of information, products or services or payment by electronic means. A business process perspective --- the application of technology towards the automation of business transactions and workflows. A service perspective --- enabling cost cutting at the same time as increasing the speed and quality of service delivery. An online perspective --- the buying and selling of products and information online.
Some corporations also give their own definition for e-commerce. For instance [47]: Intel: E-commerce= electronic market + electronic trade + electronic service IBM: E-commerce= information technology + web+ business HP: E-commerce is to accomplish commercial business by electronic means. E-business, however, involves much more activities than e-commerce. It includes servicing customers, collaborating with business partners, and conducting electronic transactions within an organization [48]. In this report, we could simplify the e-commerce activity participants in the Cloud. And, we do not need to care too much about the differences between e-commerce and e-business since the problem we want to discuss is how Cloud Computing will help e-business companies to be successful. E-business companies, as we discussed above, will obviously involve e-commerce activities.
12
E-commerce company
Suppliers
Bank billing
Business-to-consumer companies tend to sell directly to consumers while consumer-to-business e-commerce involves people selling products and services to businesses. Amazon.com is a typical business-to-consumer company. Consumer-to-consumer refers to business transactions between users, for instance, consumers selling products to other consumers via Internet[49]. EBay and Taobao (a subcompany of Alibaba Group) provide the platform for consumer-to-consumer e-commerce. Take Taobao as an example, both buyers and sellers are the customers of Taobao. They need to register on the website as buyers or sellers. Sellers can open virtual shops on Taobaos website and put their products there to sell. If a buyer wants to buy something from a seller, he/she can communicate with the seller via instant message. After the buyer deciding to buy the product, they pay the money to a third-party company which called Zhifubao using Internet banking. And the payment will be paid to the sellers account as soon as the buyer confirming he/she has received the product. Goel define e-commerce categories as e-commerce market models, and he explained one more model in 13
addition to the four models above which is B2G (business-to-government). This is a new trend in e-commerce, as Goel argue, which is used by government departments to directly reach to the citizens by setting-up websites[50]. There are also several other types of e-commerce model which have been suggested, such as B2E (business-to-employee) and G2C (government-to-citizen). In essence, they are similar with the types mentioned above. And, as this industry keeps growing, there may be more and more e-commerce types that will come into our sight.
Fig 2.4: Concern about Personal Details Accessing by Others. Source: FDS International, 2010
Consumers are uncomfortable to accept e-commerce because the Internet is not able to offer much security,
14
hackers are relatively easy to eavesdrop and steal data. There are five typical attacks which threaten the security of e-commerce: DOS Attacks; Eavesdroppers; DNS Attacks; Input Validation Attacks; Script Attacks[52]. As e-commerce industry is growing, more secure technologies are being improved and developed every day. The security defences involved in e-commerce are firewalls, authentication schemes, and encryption [52]. To keep secure in e-commerce, it is not enough to only rely on technical solutions, consumers awareness for security is also essential. Some users are not aware of the threats and risks when they are doing online transaction. Hence, enhancing the understanding of e-commerce security is indispensable.
15
Now, the developed countries, such as US, are still in the lead position of e-commerce industry. In Europe, the United Kingdom and the Nordic countries are the leaders at current time [56]. Developing countries like China are becoming an important force in the market. At present, with the support of all levels of government, various activities of e-commerce are developed all over China. Third party network service platforms such as Alibaba.com and Taobao.com are the giants in Chinese e-commerce market which promote internationalization of Chinese e-commerce. The 13th China International E-commerce Conference was held in December of 2010. The statistics from the conference indicate that, Chinas e-commerce transactions amounted to 2.83 trillion in 2009 which increased 21.7% comparing to 2008. And, there is a 105.8% growth in that year of online retails sales which is 258.6 billion. iReaserch (a consulting group)[57] report shows that, in the first three quarters of 2010, the total e-commerce transaction amount reaches 3.3 trillion. By the end of September in 2010, the international export bandwidth is close to 1000G in China. The usage percentage of online retail, online payment and online banking are 33.8%, 30.5% and 29.1% respectively, which means there are about 124 million, 148 million and 122 million people use these three online transactions. Furthermore, the conference released a 16
serious of numbers: there are more than 5300 B2B companies and more than 7000 B2C and C2C companies in China at that time. As Qin argues, current situation of e-commerce in China now has following features[47]: E-commerce in China is still in an early stage. E-commerce applications in China are still at its primary level. Majority of enterprises in China hasnt got Internet connected. And, most of medium and small enterprises have not adopted e-commerce, either as a small fraction of large and medium enterprises. In a word, enterprises are less information-based, and, they havent become the main force of e-commerce. Minority of e-commerce enterprises make e-transaction, e-shopping or e-payment online. Most of the e-commerce websites are making electronic information research, e-catalog, e-inquiry or electronic information research. There are few enterprises adopt e-shopping and e-payment. Various strategies should be adopted due to the following factors: the weakness of information foundation of national economy, the low-level business automation, the coexistence of e-commerce and traditional business, and the coexistence of online market and traditional market. To sum up, the China E-commerce market is still in its initial stage, and, has huge opportunities and the development prospect is quite broad.
17
Customers can visit multiple vendors from around the global online, compare prices and make purchases without leaving their houses or offices at any time.
As e-commerce allowing people working at home, it enhances the quality of life for people in the society. It is not only more convenient for people but also reduces environmental pollution potentially because fewer people have to travel to work regularly.
People in rural areas are enabled to access and enjoy products, services and information by e-commerce. E-commerce facilitates the delivery of public services such as health services. It is popular to consult doctors or nurses online nowadays.
18
Cloud Computing and e-commerce are two buzzwords nowadays. They are popular because both of them are cost-effective. Cloud Computing saves organizations the cost of IT infrastructure while e-commerce allows merchants to do business without renting or buying an entity shop. At present, more and more e-commerce companies moves to Cloud. Cloud provides positive opportunities for e-commerce, but before adopting it, companies should have a trade-off. This chapter will focus on investigating the intersection of Cloud Computing and e-commerce. It should be stated here, since this report aims to discuss about the relationship between Cloud Computing and e-commerce, the customer, consumer, user alike are referring to e-commerce companies as they are customers of CSPs. I will use the word end-user to specify the end-users of Cloud service (e.g., customers of e-commerce companies) where necessary.
Political
Support from government. EU encourages the developing of e-commerce[60]. General office of the State Council of China has released a series of documents to accelerate the developing of e-commerce these years.
19
Economic
The rapid growth of the world economy accelerates the developing of online transaction. The increase of average income enables more and more people to access to computers and the Internet
[58]. Fig3.1 below shows the world Internet users and population stats.
The reduction of hardware and software costs. Cost of access to telecommunications infrastructure is reduced [58].
Fig 3.1: World Internet Users and Population Stats. Source: InternetWorld Stats, 2011
Sociological
Online shopping is becoming a new trend as it is more convenient comparing to traditional shopping. The level of education and IT skills of consumers have been improved [58]. Especially in the developing countries like China, the education of IT skills has been improved greatly in recent years. Users willingness and ability to adopt new technology.
Technological
The developing of telecommunications infrastructure accelerates the development of e-commerce industry [58]. The rapid developing of graphical design technology enables website developers to design more 20
attractive and user-friendly websites for customers. The information security technologies are developing fast. The advent of service oriented computing, Web services and Web 2.0 technologies [61]. Cloud Computing gives the chances for small-sized and middle-sized companies to move to the Internet with less effort. More and more technological achievements in e-commerce have been gained (Fig3.2).
Fig 3.2: Growth in Internet Host Computers and Major E-commerce Developments. Source: Network Wizards.
21
Other software companies, such as Ufida[62], Kingdee[63] and eAbax[64], have promoted their whole journey e-commerce and built service platforms in China. Their actions accelerate the developing of Cloud-ecommerce (e-commerce activities in the Cloud). Moreover, the developing of mobile e-commerce also increases the demand for Cloud Computing in China. According to iResearch [56], in the second quarter of 2011, China mobile Internet market size reaches to 7.79 billion. The year-on-year growth is 93.8% while the annulus comparing growth is 20.9%[65].
Among all the segments of Mobile Internet Market, mobile e-commerce is the one which grows fastest. Its year-on-year growth rate is 404.4%. Mobile e-commerce combines the Internet, mobile communication and short-distance communication technologies. It enables users to do transactions online at anytime from anywhere. Since mobile e-commerce needs more background data analysis and there are too many mobile users, the system needs to process much more data at a same time. So Cloud Computing is especially useful in the industry.
22
Fig 3.4: 2012 Q2 The Composition of Chinas Mobile Internet Industry. Source: iResearch, 2011
Make money. Profit is always the most attractive thing for business people. Greenberg et al.[67] has done a research by converting everything into a monthly charge, and it shows a large company act as a Cloud provider could make a tidy profit when they leverage their economies of scale to offer a service.
Leverage existing investment. Using existing idle IT infrastructure to provide Cloud service enable companies to have a new revenue stream. For example, Amazon and Google extended their private Clouds and offered to the public.
Defend a franchise. Since many of enterprise applications begin to make use of Cloud Computing, vendors would be motivated to provide a Cloud option of their own if they already established franchise
23
in those applications. Attack an incumbent. Companies with software resource and requisite data centre always want to establish a beachhead in this space. Leverage customer relationship. Companies can get extensive customer relationship via their service offerings, including Cloud service. Become a platform. Sometimes, organizations want to provide Cloud service in order to become a platform. The indeed infrastructure provider of Facebook plug-in application is a Cloud provider called Joyent. And, Facebooks motivation was to make their application to be a new development platform.
24
Advantage Appearance of infinite computing resources on demand Elimination of an up-front commitment by Cloud users Ability to pay for use of computing resources on a short-term basis as needed Economies of scale due to very large data centers Higher utilization by multiplexing workloads from different organizations of
Table 2: Comparing Public Clouds and Private Data Centers. Adapted from Armbrust et al., 2010[68]
25
Obstacle 1 2 3 4 5 6 7 8 9 10 Availability of Service Data Lock-In Data Confidentiality and Auditability Data Transfer Bottlenecks Performance Unpredictability Scalable Storage Bugs in Large-Scale Distributed Systems Scaling Quickly Reputation Fate Sharing Software Licensing
Opportunity Use Multiple Cloud Providers to provide Business continuity; Use Elasticity to Defend Against DDOS attacks Standardize APIs; Make compatible software available to enable Surge Computing Deploy Encryption, VLANs, and Firewalls; Accommodate National Laws via Geographical Data Storage FedExing Disks; Data Backup/Archival; Lower WAN Router Costs; Higher Bandwidth LAN Switches Improved Virtual Machine Support; Flash Memory; Gang Scheduling VMs for HPC apps Invent Scalable Store Invent Debugger that relies on Distributed VMs Invent Auto-Scaler that relies on Machine Learning; Snapshots to encourage Cloud Computing Conservationism Offer reputation-guarding services like those for email Pay-for-use licenses; Bulk use sales
Source: Armbrust et al., 2009[66]
AWS, which is short for Amazon Web Service [35], was launched in early 2006. Its aim is to provide companies with an infrastructural web service platform in the Cloud. Amazon EC2 and Amazon S3 are two
26
important members in AWS. They are thought as the first widely accessible Cloud infrastructure services. EC2 provides resizable compute capacity in the Cloud, and, makes web-scale computing easier for developers. It is welcomed and widely adopted by users. Customers can use SOAP (Simple Object Access Protocol) message to interact with the EC2 instances. Amazon EC2 provides a virtual clustered environment for developers and customers. Each instance represents a virtual machine [7]. In essence, what the customers rent is the virtual compute ability.
The Co-Founder & CEO of Onavo, Guy Rosen has done a research on the amount of Cloud-hosted sites and presented his finding using the following image[71].
27
Amazon S3 provides users a simple web service interface that can be used to retrieve an amount of data from anywhere at any time on the web. It tries to give developers the chance to access to highly scalable, reliable, secure, fast and relatively cheap infrastructure that Amazon uses to run its network [8]. AWS Blog released the usage report of S3 in 2011. According to the report, at the end of the second quarter of 2011, Amazon S3 has more than 449 billion objects and processes up to 290,000 requests per second for them at peak times[72].
Besides EC2 and S3, Amazon offers another web service which mainly targets e-businessAmazon Fulfillment Web Service (Amazon FWS). It allows merchants to send order information to Amazon with instructions to physically fulfil customer orders on their behalf programmatically. FWS is designed for small-sized and middle-sized e-commerce companies in some sense. It has two main web services: Inbound Service and Outbound Service. Inbound Service enables merchants to create and send inbound shipments of inventory to Amazons fulfilment centres. Outbound Service allows merchants to use Amazons fulfilment processing for orders sold on their own channels or other non-Amazon channels. Furthermore, there is no charge to use this service at present [73]. Other service, such as Fulfillment by Amazon (FBA) is charged when orders are processed or the inventory is stored by Amazon warehouses. This service is quite suitable for small-sized companies which cannot afford the fees for storing and transportation. They can use FWS to virtualize these parts of their businesses. And, after their company becoming larger and stronger, they can consider to establish their own infrastructures [74]. Apart from quality, Amazons Web Service is welcomed due to its price. All the prices of their service are 28
following the principle ---pay as used. And, the price is relatively low. AWS also provides new customers the service called AWSs Free Usage Tier which allows new users to run a free Amazon EC2 Micro Instance for a year. RJ Hottovy, who is an equity analyst at Morningstar, believed AWS has the potential to be very large. Bernard Golden, the chief executive of Cloud consulting firm HyperStratus, also said I am amazed by how fast it's growing and its clearly accelerating. Companies are building around whole businesses around AWS[75]. Within two years after AWS was founded, it had consumed more bandwidth than the entire global network of Amazon.com retail sites did.
Fig 3.8: Bandwidth Consumed by Amazons Global Websites. Source: Amazon Web Service Blog, 2008
Vishik, the security and privacy standards and policy manager at Intel Corporation in the United Kingdom gave a lecture in ENISA-FORTH Summer School. She pointed out that there are five goals need to be achieved in order to assure the security in e-commerce. She also suggested some approaches and standards to achieve each of those goals[76].
29
Backend OS Hardening, virtualization Hardware security Transport encryption Encryption for data at rest Authentication Firewalls, IDS, extrusion detection systems Increase resilience Response and remediation Indentify management Strong authentication Training Usability Anonymity Vertification, not identification Strict privacy policies Privacy-friendly design
PKI,
ebXML,
SOAP,
Protect Networks
Protect Users
Ensure Privacy
P3P, DAA
Table 4: E-commerce Security: Goals, Approaches and Standards. Adapted from Vishik, 2008
After studying AWS security whitepaper, I found that AWS provides solutions to help e-commerce companies to reach these goals[77].
30
Virtualization is provided by AWS. AWS data centres are housed in nondescript facilities. Physical access is strictly controlled.
The issues of virtualization and hardware protection are the same with protect client devices. Amazon EC2 allows API calls to be encrypted in transit with Security Socket Layer (SSL) in order to maintain confidentiality.
Users can encrypt their personal and business data within AWS Cloud.
In addition, two standards can be used here to protect backend systems: IETF X.509 [78] and WS-* Standards[79]. IETF X.509 standard is developed by the International Telecommunication Union (ITU). It is created by the Internet Engineering Task Force [80]. This standard described the requirements for Internet Public Key Infrastructure (PKI). For example, Amazon API calls are all signed by X.509 or the customer s Amazon Secret Access Key. API calls cannot be made without access to X.509 certificate or customers Secret Access Key. Whats more, the firewall of AWS also requires customer s X.509 certificate and key to authorize changes. Thus, adding an extra layer of security[77]. WS-* Standards are most common used in SOAP, WS-I Basic Profile, WSDL, WS-Addressing, WS-Policy, WS-Reliable Messaging, WS-Security. It is a suite of standards for Web-services with SOAP/WSDL developed at the World Wide Web Consortium (W3C). WS-* Standards can be used in protecting network, protecting users and ensuring privacy as well [81].
Protect Networks
AWS has a complete solution for firewall. The mandatory inbound firewall is configured in a default deny mode and the Amazon EC2 customer must explicitly open any ports to allow inbound traffic.
There is an additional layer of security called AWS Multi-Factor Authentication that provides 31
advanced control over AWS accounts settings and the AWS resources and services that the account is subscribed to. Whats more, it is easy to obtain an authentication device from a participating third party provider and set it up for use via AWS website.
Protect Users
AWS Multi-Factor Authentication function can help to provide strong authentication. Identify and Access Management of AWS allows users to create multiple users and manage the permission for each user within AWS account. The user here, as AWS claims, is an identity which has a unique security credential which can be used to access AWS resources.
Ensure Privacy
AWS guarantees one customer s data never exposing to another by wiping every block of storage used by the customer.
Each service within AWS Cloud is designed to be secure. A number of capabilities that restrict unauthorized usage or access without affecting the flexibility that customers need.
Moreover, AWS Security Centre provides links to technical tools, information and prescriptive guidance to help AWSs customers to build and manage secure applications in AWS Cloud. E-commerce companies, especially the new ones who do not have the experience on security management can get great help from Amazon Cloud service. 3.4.2.3 Amazon Web Service: an economical choice for e-commerce companies
In Amazon Economic Centre [82], customers can find information, tool and resources to compare the costs of Amazon Web Service with IT infrastructure alternatives. Amazon EC2 and S3 offer computational and storage resources which can be used on-demand for a fee by compute and data-intensive applications. The cost to use the Cloud depends on the compute, storage and communication resources it consumes [8, 9].
32
Fig 3.9: AWS Simple Monthly Calculator. Source: Amazon Web Service
Amazon is an outstanding performer in e-commerce industry. It has a wealth of experience in how to operate e-commerce activities. It knows clearly what kind of difficulties e-commerce companies are facing and what kind of service they really want. AWS, an experienced Cloud service provider which is established by Amazon, can provide the following benefits that e-commerce companies need [81].
Applications designed specific for e-commerce companies
Amazon provides a serious of e-commerce applications which helps e-commerce companies deliver effective e-commerce solutions: checkout by Amazon, Amazon Simple Pay, Fulfilment by Amazon, Amazon WebStore, Amazon Advertising Services and Amazon Mechanical Turk. These applications are cost-effective and easy to use for companies.
Reduce costs and improve cash flow
Since AWS provides customers a scalable and elastic infrastructure platform, e-commerce companies can add or remove resources as they needed based on the real-time demands of their applications. E-commerce companies can lower their cost in IT operating and avoid the upfront costs of establishing infrastructure.
33
Owning too many servers will increase the financial risk for companies, including e-commerce companies. AWS is supported by multiple programming languages and operating systems, and it is available without contracts or long-term commitments. Companies can retain maximum flexibility from AWS. For e-commerce companies, security and reliability are quite essential. AWS offers a more secure and reliable platform than most e-commerce companies could develop affordably on their own.
Maximize revenue opportunities
Instead of focusing on building and maintaining IT infrastructures, AWS allows companies to give more time and resources for their customers. AWS also provides a low-cost test environment to sample new business models perform experiments and one-time projects. Thus, e-commerce companies can maximize their revenue opportunities.
Fig 3.10: Capacity vs. Usage Comparison. Source: Amazon Web Service
AliCloud has three main Cloud businesses at present: mobile Cloud, Cloud for entrepreneurs, and Cloud for developers. Here in this report, Cloud for entrepreneurs should be the point that I need to focus on. In this section, AliCloud has several subsections [84]. Cloud for Community Websitesthe Cloud service for the entrepreneurs of small-sized and middle-sized community website. Cloud for Rendering--- Completing rendering task for films, images and cartoon efficiently by making use of the computing and storage ability of Cloud Computing. Cloud for E-businessthis section is about to be released. The service aims to offer one stop solution for e-business companies, including various methods for storing and computing. At present, AliCloud has a subsection under Cloud for Community Website which offers a basic platform for individuals and small companies to do e-commerce. It should be noted that, e-commerce can not only be done by companies, individuals can run a business online as well. People who are teachers, doctors or drivers, can sell their products online after their work by registering an account on an e-commerce website, such as Amazon and Alibaba. The amount of products they sell may be a small volume. The varieties are limited too. In this case, it is not reasonable and essential for them to establish a formal e-commerce company. This kind of platform offers all the functions they need without initial investment on the facilities and IT infrastructures.
35
The community e-commerce platform offered by AliCloud has three main functions. Tao Lianjie (Lianjie means link in Chinese)
Tao Lianjie provides merchants the information of their transaction records each day. It also can help merchants to analyse how many orders are made. Furthermore, it enables merchants to get an idea on who has bought their products. All of these functions are done by transferring the links in TaoBao website (a subcompany of Alibaba which does ebusiness) to Taobaoke (a platform owned by Taobao) links. Tao Manyi (Manyi means satisfaction in Chinese)
Tao Manyi is an online promotion platform. Vendors put their products on this platform, and take different forms of sales promotion (group purchase, auction, etc.). Then the webmaster select promotion products from the platform and finally published to customers in various forms. Mei Ri Tuan Gou (Chinese meaning: group purchasing everyday)
Users can use this service to establish their own group purchase website easily. They do not need to consider about technical problems to use this service.
36
Amazon
Alibaba
To solve the problems that e-commerce companies are facing. IaaS International market-oriented Established in the USA Mainly focus on Chinese market Established in China
More explanations according to some of the criteria are stated as follow. Cloud Model
The Cloud model Amazon EC2 and Alicloud use is IaaS. Both of them allow customers to choose CPU type, disk size, operating system type, etc. A virtual machine will be generated in this way. Users can access to their data and software by logging on Remote Desktop. Target customer group
Amazon and AliCloud have similar ideas about their target customer: middle-sized and small-sized Internet-based companies. The main difference is, AliCloud focuses on Chinese market while Amazon serves the world market. However, at present, Amazon does not offer Cloud service for Chinese enterprises. Due to this, Alicloud has more opportunities in Chinese market. Business environment
Amazon is an American enterprise while AliCloud is a Chinese enterprise. The government policies and competition environment are quite different in these two countries. In the USA, no matter e-commerce or Cloud industry is more mature. China, a developing country, has just taken off in Cloud industry. But, AliCloud has its advantage since Cloud and e-commerce are promoted vigorously by Chinese government at current time. There are many policies to support the development of them in China.
37
Security is one of the most significant barriers for the development of e-commerce. In recent years, there are numerous reports about websites and databases being hacked into, and security holes in software [58]. The security problem in e-commerce is stated in section 3.3. Lack of capital
Large amount of computer hardware are required to support e-business activities. With the expanding of customer group and increasing of data flow, enterprises need to update their hardware and improve their management of these infrastructures. Many of the enterprises cannot afford the cost for purchasing and maintaining the equipment. Not to say they have to spare capital to keep the company running smoothly. Lack of technology and technical people
E-commerce is a business activity that based on IT and web technology. The ability to develop, maintain and manage e-commerce website is required to do e-business. With the rapid development of e-business industry, the related technical problems such as data mining, data integration, information security and data storage etc. are challenging for enterprises, especially middle-sized and small-sized e-business companies. The implementation of e-commerce leads to higher requirements for specific skills and techniques[85]. Bottleneck of supply chain management
Supply chain management (SCM) is an essential part when doing business. A good relationship with upstream and downstream organizations is extremely important for a successful enterprise. Christopher defines SCM as the management of upstream and downstream relationships with suppliers and customers to deliver superior customer value at less cost to the supply chain as a whole[12]. Middle-sized and small-sized e-business companies are always hindered by capital, decision ability and technical support etc. which make them cannot perform well in supply chain management.
38
As the era of 3G is coming, mobile e-commerce steps into our lives. According to latest statistics from the Ministry of Industry and Information Technology, the number of 3G mobile users in China now exceeds 80 million that accounts for 9.5% of all mobile users nationwide [87]. Since mobile phones have already become daily necessities, they will become one of the most used terminals for e-commerce in the near future. The promoting and applying of 3G will bring new opportunities for e-commerce. However, mobile terminals have many limitations on, for example, information processing and information security.
Cloud-ecommerce includes information technology, marketing, management and other issues. It offers a synthetic platform for e-commerce transactions and e-commerce services. The enterprises do not need to worry about setting up the software and hardware environment any more with the IaaS or SaaS model of Cloud. And, they do not need to invest labour and capital to construct the system. All of the work can be passed to Cloud provider. Thus, enterprises can focus on their core business. A safer way for data storage
Although Cloud Computing has security problems itself, it still brings opportunities to information security. Data is stored concentrated in the Cloud. This method of data storage brings at least two benefits to data security. First, it reduces the possibility of data theft, leakage and damage. Before the emergence of Cloud, data can be leaked easily, such as laptop theft. With Cloud Computing, users can store their data on Clouds. 39
In this way, even the user s computer is lost or damaged, the data still can be found on Clouds. Secondly, data safety monitoring will be more easily. Since data is stored in data centres, managers of the data centres can implement the centralized management such as security control, software deployment and resource allocation[88]. Hence, enterprises do not need to worry about data security too much.
Business Intelligence (BI)[90] provides valuable knowledge and information for decision makers by leveraging a variety source of data as well as structured and unstructured information. Nowadays, the main difficulties in BI that most e-business companies are facing are as follow. First, with the continuous growing number of users, the volume of data is becoming larger and larger. Thus, higher capabilities in data storage, mining and management are required. Second, the constant change of demand requires high real time property of BI. This asks for faster and more efficient running performance of e-commerce companies. Meanwhile, good extensibility is also needed. Third, high cost is a main factor that hinders the development of BI in e-business companies, especially middle-sized and small-sized ones. The data centre provided by Cloud Computing offers good basis and conditions for e-business companies to develop BI. Break the bottleneck of Mobile Terminal
Mobile e-commerce has high requirement on computing ability, information transferring and information processing. If mobile devices and mobile communication network cannot work efficiently and dependably, mobile e-commerce would not be realised successfully. Cloud Computing would solve the problems that 40
mobile e-commerce is facing if the mobile terminal can be connected to the Cloud. AliCloud unveiled its internally developed Cloud-based mobile device operating system on 28th July of 2011. The first mobile phone powered by the Cloud OS, was also unveiled on the same day by AliCloud. A distinguishing feature of Cloud OS is its support for web-based apps. Users could have an Internet-like experience and do not need to download or install application software on their mobile devices. Cloud OS also allows users to store back-up data such as contact information, call logs, text messages, notes and photos to AliCloud's remote data centre, access and update their data across all their PC and mobile devices. AliCloud is planning to provide each Cloud OS user with a total of 100 gigabytes of data storage initially, with plans to expand according to user needs[87].
time to the market for the company, meanwhile, lowered its capital expenditure. Paul Casarin, Head of New Business, MIH e-commerce Africa says, AWS has allowed us to rapidly deploy a new business without having to wait for co-location hosting servers or commit to a fixed number of servers for a year or more. This has saved us significant time and money in launching a new venture. [95]
42
Protection of intellectual property and data Ability to enforce regulatory or contractual obligations Unauthorized use of data Confidentiality of data Availability of data Integrity of data Ability to test or audit a providers environment Other
Fig 3.14: Specific Customer Concerns Related to Security. Source: Waidner, 2010[101]
43
Since both Cloud Computing and e-commerce have security problems, this issue may be the most serious one that makes customers hesitate to implement Cloud E-commerce. Customers are concerning about security because they feel they lose control of their data, and most of them do not have the experience of using Cloud before. As this report stated before, e-commerce has several security issues. However, after e-commerce moving to the Cloud, all of the e-commerce activities would be done on Cloud. The security of Cloud will be the most urgent one to be noticed. Before moving to Cloud Computing, Foster et al. suggested to discuss following issues with vendors in terms of security[6]. Privileged user access: sensitive data that processed outside the enterprise need to be assured that they are only accessible to privileged users. Regulatory compliance: Cloud consumers must verify if a Cloud provider has external audits and security certifications. And, they need to know if their infrastructure complies with some regulatory security requirements. Data location: it is important that the Cloud providers commit to storing and processing data in specific jurisdictions since customers will not know where their data will be stored. Data segregation: one customer s data must be fully segregated from another customer s data. Recovery: Cloud customers must ensure their Cloud provider has an efficient replication and recovery mechanism to restore data. Investigate support: Cloud service is difficult to investigate. Such support needs to be ensured if it is important for a customer. Long-term viability: Cloud customer must assure their data would be viable even their Cloud provider is acquired by another company. When everyone concerns about the security problems Cloud brings, IBM Distinguished Engineer Dr. Michael Waidner argues, from a technical perspective, Cloud provides opportunities to simplify security controls and defenses which is provided in Appendix E [102]. 44
3.7.3 Cost
Profit is always the most important objective which business people are pursuing. Cloud Computing is attractive as it can save them millions of dollars to build their own servers and storage environment. The cost of Cloud service matters a lot to e-commerce companies and other consumers. At present, price of Cloud service is relatively low. Cloud service providers, such as Google and Amazon, are trying to make the price more transparent to customers. They also make efforts to enhance their competitiveness by reducing their service cost. Amazon has made changes on some parts of its service ten times from March 2009 to September 2010[105].
45
There is a series of cost for using Cloud Computing. Enterprises pay for the Total Cost of Ownership (TOC) which is calculated from the pricing models of Cloud providers. Software development cost, integration and customization cost, subscription cost (for SaaS Clouds), hardware and middleware cost, data IO transfer cost, etc. are covered in TCO[100]. Organizations need to estimate Cloud Computing costs and compare these costs with conventional IT solutions. Cost and benefit analysis is important for an IT managers to evaluate whether the benefits outweighs the costs of an IT investments. Different execution plans may result in significantly different costs[107]. Hence, to have a precise estimate and plan of usage will reduce the cost of adopting Cloud.
3.7.4 Quality
QoS is a broad topic in distributed system. It is mostly referred to the resource reservation control mechanism to guarantee a certain level of performance and availability of a service [15].It is a crucial factor for the success of Cloud providers as it may destroy a providers reputation. Computing services need to be highly reliable, scalable, and autonomic to support ubiquitous access, composability and dynamic discovery. Cloud service providers such as Amazon, Google, IBM, Microsoft and Salesforce have established their data centers for hosting Cloud applications in various locations around the world in order to provide redundancy and ensure reliability in case of site failures[108]. SLAs assure end-users that they are receiving the services they have paid for by providing a facility to agree upon QoS between end-users and providers and define end-user resource requirements and provider 46
guarantees [15]. It typically includes error rate, max response time and throughput. Also, it may include non-functional requirements such as scalability, availability[109]. In the past few years, crashes of Cloud servers took place frequently. I organize a table which lists ten interrupts which have severe impact.
Year 2011
2009
Sidekick, a company which is owned by Microsoft, suffered a service interrupt which lasted for nearly one week.
Gmail
2008
One hundred fifteen thousand users cannot find any emails after they logged into their Gmail. This interrupt lasted for 4 days.
Hotmail
2010
Tens of thousands email inboxes were cleared when entering into the year of 2011. Microsoft spent three days to recover majority of users account.
Intuit
2010
Intuit suffered two interrupts in 2010. Its services that based on Cloud, including TurboTax, Quicken and QuickBooks had two downtimes within one month.
2011
BPOS service worked on and off from 10th of May, and lasted for a few days. Some emails delayed due to the interruption.
2010
Salesforce.com reported an interruption in the early 2010. The whole set of service and backup has been interrupted.
Terremark
2010
Their data center of vCloudExpress service in Miami was off network for about 7 hours. During that period, users couldnt visit the data they stored in that data center.
PayPal
2009
In the summer of 2009, PayPal suffered a hardware failure. Selling function was unavailable for an hour.
Rackspace
2009
Rackspaces service was cut off from the Internet for four times in 2009 which disappointed users a lot.
47
The interruptions of Cloud service have had negative effects among users. Cloud service providers need to improve their service quality to enhance the confidence of users to use their Cloud service. Before purchasing Cloud service, to sign a SLA is essential for consumers. The success of adopting Cloud Computing depends largely on the service quality provided by Cloud provider. Hopefully, more advanced and customizable SLAs are being supported or implemented[4].
3.7.5 Migration
The four factors discussed above (security, privacy, cost and quality) are the issues which all e-commerce companies should consider about before moving to Cloud. For companies which already have their own infrastructure, they should think about migration effort. This effort is due to the discrepancies between the environment provided by a Cloud platform and a traditional platform. In other words, there might be differences in the version of various infrastructures, the libraries available, the programming models, even the semantics of data access [110]. Tran et al. [110] summarized migration influential cost factors. Some of them are similar to traditional software development cost factors; some are specific for migration to Cloud. The following are the factors relevant to migration to Cloud. Existing knowledge and experience on Cloud providers and technologies: If the project team already have some prior knowledge and experiences of Cloud and available tools, less effort is required since the learning curve can be improved significantly. Selecting the correct Cloud platforms and services (IaaS or PaaS): This factor affects the effort and cost required for the rest of migration activities greatly. Less effort is required for modification if the selected Cloud platform is highly similar to the applications environment in the local server. Compatibility issues: This factor is affected by the similarity of Cloud platforms and local servers as well. Compatibility issue can be eliminated when the similarity is high. Library dependency: If an application relies on a library to function in local server, it requires a similar library in the Cloud platform. Thus, if there is such a library for Cloud existing, less effort would be required to rewrite that library. 48
Contextualization mechanism, which is proposed by Armstrong et al., could help to save the effort of rewrite the library. The mechanism operates in two stages. The first stage is contextualization of VM images prior to service deployment (PaaS level). This stage involves mounting a template VM image which will be converted to a specific hypervisor and installing proper software packages to support a particular service, such as a database. In this stage, context data is generated for every envisaged VM instance as an ISO CD image. The second is self-contextualization of VM instances created from such a VM image (IaaS level). During this stage, entails reading in context data at run time when the VM image is instantiated. Then the data will be used to configure the installed packages and software in the VM image. Then a single image will be able to spawn multiple instances of the same software component forming a multi-VM service[111]. Connection issues: In the Cloud migration cases that only some components of the system are migrated to Cloud while the rest is kept in house, the connection between two parts of the system (one in house and the other one in Cloud) may face different issues such as security, latency, etc. Moreover, the companies which already have their own existing facilities should consider one more factor in migration: cost. They cannot avoid the additional costs for giving up their established infrastructures. There will be a trade-off when making decisions. If an e-commerce company wants to move to Cloud from their existing infrastructure, they must have a complete plan of migration. Otherwise, they may encounter some unexpected difficulties in the adoption of Cloud.
markets said in one of his keynote presentations[112]. At present, many organizations have established their own Cloud platforms and provided Cloud services. And some of them have developed their own standards. Different standards of different platforms cause difficulties for Clouds to communicate. In other words, the interoperability is low. The lacking of Cloud standards impedes the acceptation of Clouds. Users are worrying about data migration between Cloud servers. Furthermore, they are afraid that Cloud service providers may use this flaw to restrict them. It's a valid concern, because if one company relies highly on a CSP, then the CSP increase their service price. The company will face a dilemma since the migration to other Cloud may cost more. They will lose their bargaining power. To eliminate the concerns of potential Cloud consumers, including e-commerce companies, Cloud providers should provide better and more reasonable standards.
50
competitors probable reaction to the array of industry changes and broader environmental shifts that might occur[113].
I will analyse Cloud-e-commerce industry based on Porters Five Forces model, and investigate how Cloud Computing influence e-commerce industry. Johnson, Scholes & Whittington proposed the major barriers of each force, my analysis are made according to some of the barriers that related to Cloud-ecommerce market-the special market which combines e-commerce and Cloud market together, in other words, market for e-commerce companies that already adopted Cloud Computing. This analysis aims to discuss Cloud-ecommerce market environment to help e-commerce companies which want to adopt Cloud Computing to have a general understanding of the market. There are three levels of the forces: high, medium and low. The lower level it is, the more chances the company gets to win in the industry[114].
51
Forces
Major barriers
Cloud-e-commerce market High -E-commerce company do not have scale limitation. It can be a very large one or a small one. -E-commerce companies can easily access to Cloud suppliers. -In many countries, such as China, governments are promoting Cloud Computing now. -The differentiation among e-commerce companies is relatively low. Some of them may provide similar products and services. Medium - There are more and more Cloud providers, so the supplier concentration is becoming lower. - Because of the lacking of Cloud standards, the switching cost from one Cloud to another will be high. -At this moment, the competition between Cloud providers is fierce. For instance, Google and Amazon have cut their price of Cloud storage several times in recent years.
and The threats of -Scale experience new entrants -Access to supply or distribution channels -Expected retaliation -Legislation or government action -Differentiation [114] The bargaining -Concentrated suppliers of suppliers -High switching cost -Supplier competition threat [114]
The bargaining -Concentrated buyers Medium -Low switching cost -The concentration of Cloud service buyer is low since a of buyers -Buyer competition Cloud provider may have lots of e-commerce companies as costs[114] their customer. -As discussed before, the switching cost may be high. -At present, there rarely exists competition in adopting Cloud between e-commerce companies. Companies can get access to Cloud service after purchasing it. They do not need to compete with other companies for Cloud service. High Threat of -The price/performance -Cloud Computing provides chances for more companies to substitutes ratio is critical to do e-commerce, some of them offer similar products or substitution threats services which increase the risks for customers move to -Extra-industry other vendors. That is why price wars are easy to be seen on effects are the core e-commerce market. of the substitution concept[114] Competitive rivalry -Competitor balance -Industry growth rate -High fixed costs -High exit barriers -Low differentiation [114] High -Cloud Computing enables start-up companies to establish themselves in a short time without significant investment, this disrupts the competitive landscape. -As stated in 3.4 (current situation of e-commerce), the e-commerce industry growth rate is quite high.
52
-Most e-commerce companies are small-scale and middle-scale ones, and the products they are selling are not produced by themselves. They act as agents. Furthermore, after the companies adopting Cloud, they do not need to invest on their IT infrastructure. So the fixed cost is not very high. -Since the fixed costs of e-commerce companies are relatively low, the exit barrier is low, too. -Most of the companies have their specialized products or services, such as a furnish company and an electronic company. The differentiation between them is high.
Table 7: Porter s Five Forces Analysis for Cloud-e-commerce Market
From the analysis above, we can see that although Cloud brings lots of good news for e-commerce companies, it also enhance the competitive rivalry of e-commerce industry. The competitive rivalry in Cloud-e-commerce is quite intense. It can be concluded that adopting Cloud in e-commerce is just one brick in the establishment of its business. In order to achieve sustainable competitive advantages, e-commerce companies have to take other actions after adopting Cloud. Various methods can be used to foster or simulate standalone e-commerce stickiness. Stickiness is the process of converting visitors to customers and retaining prior customers. This can be done by creating memberships, registering users, signing visitors up for email notices[115]. It proved to be true that these methods can attract customers for a period. But, companies must know that, quality of products and services is the fundamental factor to retain customers. Only if they provide customers with good quality of products and services, can they win in their industry.
53
Chapter 4: Evaluation
4.1 Introduction
The aim of this project is to investigate the how Cloud Computing affects e-commerce industry. Since there is no software or prototypes produced in this project, it cannot be evaluated with the output accuracy or users operating experience. Hence, I plan to have three evaluation stages. Evaluating the report according to minimum requirements Comparing my findings with published work Limitations and future work
After finishing the background reading of Cloud Computing, I decided to have seven sections in the literature review part of Cloud Computing in this report: definition of Cloud; Cloud architecture; Cloud services; virtualization; Cloud models; Cloud standards; developing of Cloud Computing. This has been demonstrated in chapter one. To understand the issues of e-commerce, such as the categories, the current situation, security, etc.
After finishing the background reading of e-commerce, I decided to have five sections in the literature review part of e-commerce in this report: definition of e-commerce; categories of e-commerce; security of e-commerce; current situation of e-commerce; benefits of e-commerce. This has been demonstrated in chapter two. Take two e-commerce companies which became Cloud service providers as case studies and introduce their Cloud services. 54
I have taken Amazon and Alibaba as case studies. These two companies are representative since Amazon is a leader both in e-commerce and Cloud Computing industry, while Alibaba is a major player in Chinese e-commerce market which has stepped into Cloud industry. I introduced the Cloud service they provided and try to investigate the usage of their Cloud service. Amazon is an experienced Cloud service provider and it has set up an official blog for its Cloud service (AWS blog). I have got lots of useful information in this blog which are very helpful for my research. However, Alibaba is a green hand in Cloud market; it still has several flaws in its Cloud service. Firstly, the types of its Cloud services are limited. Some of its service is still under development, such as Cloud for E-business. Secondly, it does not have an official channel to make announcement for its Cloud service. Due to this, I cannot find much official information on AliClouds usage and performance records. Hence, in this part, I focus more on Amazon. I introduced two widely used Amazons Cloud services, Amazon S3 and EC2, by giving a brief description of them first. I also introduced Amazon Fulfillment Web Service which is designed for e-commerce companies. Then I investigated on how Amazon Web Service helps to solve security problems in e-commerce activities. Moreover, I listed some benefits offered by AWS for e-commerce companies. In the part of Alibabas Cloud service, due to the relatively limited information, I have less content on it. I also made a short comparison of Amazon and Alibabas Cloud service in terms of aim, Cloud model, target customer group and business environment to help getting a clearer understanding of these two companies. Investigate how Cloud Computing benefits e-commerce industry.
In order to meet this requirement, I studied the difficulties that many e-commerce companies are facing and listed five of them which are security, capital, technical support, supply chain management and mobile terminals. These five factors, as I consider, can be solved by Cloud Computing to some extent. There is no controversy that security is one of the most discussed factors in e-commerce. Although Cloud Computing cannot guarantee 100% safety of data, it provides a safer way for e-commerce companies. As to capital and supply chain management, there are relatively fewer people consider about them comparing to security. Most of the material I found was from Internet pages and blogs. This is the difficulty that I faced in finishing this part. These two issues are identified very much from business perspectives.
55
Lack of technical people slows down the expansion of some e-commerce companies. This is a common agreement among e-commerce industry. Cloud Computing brings a perfect solution to this problem by shifting technical tasks to CSPs. I was inspired by the release of AliCloud OS and then I discussed the bottleneck of mobile terminal. As a new transaction channel in e-commerce, this technique is immature. And, references of this topic are limited, so my discussion does not have a strong theory support. Besides the theory support, I also found five success stories to illustrate what benefits e-commerce companies get from using Cloud Computing. From the five real cases, we can find that Cloud Computing provides an easy payment method and auto-scaling feature which are essential in online transaction. Also, it helps e-commerce companies to reduce the time to market and differentiate services. In addition, Cloud Computing is also useful in improving relationship with customers. A research on the issues which should be paid attention to in the adoption of Cloud Computing in e-commerce companies, such as the security, price and service quality. I described five issues which I think are most important in order to fulfil this requirement. The five issues are security, privacy, cost, quality, Cloud standards, and migration effort. Information security and privacy protection attract peoples attention in both e-commerce and Cloud Computing market. Hence, the research on this topic is relatively easy as there are many documents and data can be found to support my idea. The cost issue is not easy to explain. The Total Cost of Ownership includes various costs according to different Cloud providers pricing model. I introduced Amazons Cloud service price and discussed this issue in general. The quality of Cloud service is a hotly debated subject, especially after the occurrence of several Cloud server crashes these years. I organized a table of some severe interruptions to emphasise the importance of Cloud service quality. As to Cloud standards, I have a general discussion about it without looking into the details. The purpose of having this part is to illustrate the importance of unified Cloud standards. 56
Migration issue is specific to the existing e-commerce companies which already have their own infrastructures. I investigated this issue by reading papers and articles. I discussed the migration influential cost factors and found solutions for some of them.
business in which most or all of its functions are outsourced to online services. They did a research on how advanced in Cloud Computing impact the processes of doing businesses over the Internet[61]. Motahari-Nezhad et al. use an exemplary scenario to illustrate how Cloud Computing affects a business called CloudRetail. They explained the details of how this company moves to Cloud Computing and then summarized the benefits and potential risks of using Cloud services. In contrast, I use a general case study to demonstrate the benefits that e-commerce companies can get from Cloud Computing. I listed five real stories of e-commerce companies to illustrate five different competitive advantages they gained by using Cloud Computing. In the work of Motahari-Nezhad et al.s, they proclaim there are five benefits of using Cloud Computing in their exemplary scenario: avoiding investment on IT infrastructure; reducing operation cost on upgrading and maintaining the infrastructure; on-demand cost of scaling up and down hardware, and network capacity; higher availability compared to in-house solution; access to varieties of software applications and features. These benefits are quite general as they fit with all the businesses which use Cloud Computing. I gave several examples of benefits which are specific to e-commerce companies. Such as, improvement of payment method, and auto-scaling feature which is quite useful especially when there are large numbers of customers rushing to buy at the same time before inventory runs out.
I also discussed the three questions in 3.7.5 Migration. And, I found a potential solution for the second problem the CloudRetail faced by reading Armstrong et al.s paper Towards a Contextualization Solution for Cloud Platform Services [111]. Whats more, I proposed three unsolved problems which are Cloud standards, legislation and regulatory issues of CSPs. These problems, as I consider, also need to be deal with. Besides, I mentioned cost factor in 3.7.3, and Armbrust et al. discussed this issue in detail in their work[66]. I had a general discussion about the factor for all the companies, including new companies and companies who already have their own infrastructures, while Armbrust et al. listed three main costs for existing companies that already has its own data-centre. First, they discussed the cost for resources by calculating the cost for WAN bandwidth, CPU hours and disk storage. Then, they talked about the costs for power, cooling and physical plant costs. Last, they mentioned operation costs. All of these factors could be considered and improved in the future work of this project. However, as I consider, these costs could be thought as migration efforts.
suppliers of e-commerce companies, banks, e-commerce companies and Cloud service provider. This report mainly discussed the benefits that e-commerce companies can get from Cloud Computing. There is little discussion on whether the customers and suppliers of e-commerce companies can have a better experience after the e-commerce company adopting Cloud Computing. The report can be improved in terms of this limitation. The comparison of Amazon and Alibabas Cloud services could be improved by adding new criteria such as market share. After the comparison, there could be some comments, for example, is that possible for Alibaba to follow Amazon, or it should have their own development plan; are there any lessons can be learned from Amazon by Alibaba? This can be improved in future work. There must be other aspects that I didnt notice as to the difficulties that current e-commerce companies are facing and how Cloud Computing helps to solve them, so are the issues which should be paid attention when applying Cloud Computing. These two parts can be improved in the future work. The suggestions based on Porter s five forces analysis can be improved. More specific suggestions could be made for e-commerce companies in terms of how to win in a more competitive environment with the help of Cloud Computing.
4.5 Conclusion
This project aims to investigate the relationship between Cloud Computing and Ecommerce. It looks at the background knowledge of Cloud Computing and Ecommerce first, and then a further discussion about how they related to each other is achieved. Finally, the evaluation part helps to evaluate the project. Overall, the minimum requirements are achieved to varying degrees. Some enhancements in addition to minimum requirement have been obtained as well. However, there still has big margin of improvement in future work.
60
References
1. 2.
3.
4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26.
Nein, W., ANALYSIS OF CONVERSION FROM LEGACY CLIENT-BASED SOLUTIONS TO A CLOUD COMPUTING MODEL. Yusuf, L.O., et al., Visualizing and Assessing a Compositional Approach to Service-Oriented Business Process Design Using Unified Modelling Language (UML). Computer and Information Science, 2011. 4(3): p. p43. Buyya, R., et al., Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation computer systems, 2009. 25(6): p. 599-616. Vaquero, L.M., et al., A break in the clouds: towards a cloud definition. ACM SIGCOMM Computer Communication Review, 2008. 39(1): p. 50-55. Furht, B. and A. Escalante, Handbook of cloud computing2010: Springer-Verlag New York Inc. Foster, I., et al. Cloud computing and grid computing 360-degree compared. 2008. Ieee. Gens, F., Defining Cloud Services and Cloud Computing. IDC eXchangeIDC, 2008. Amazon.http://www.amazon.co.uk/ Amazon Simple Storage Service.2011.http://aws.amazon.com/s3/ Amazon Elastic Compute Cloud.2011.http://aws.amazon.com/ec2/ Wang, L., et al., Cloud computing: a perspective study. New Generation Computing, 2010. 28(2): p. 137-146. Christopher, M., Logistics and supply chain management: creating value-added networks2005: Pearson education. Gillam, L., Cloud Computing: Principles, Systems and Applications2010: Springer-Verlag New York Inc. Diaz, M., Cloud Computing: First International Conference, CloudComp 2009, Munich, Germany, October 19-21, 2009, Revised Selected Papers. Vol. 34. 2010: Springer-Verlag New York Inc. Django Armstrong, K.D., Towards Quality of Service in the Cloud. 2009. Stanoevska-Slabeva, K., Grid and cloud computing: a business perspective on technology and applications2009: Springer Verlag. Mell, P. and T. Grance, The NIST definition of cloud computing. National Institute of Standards and Technology, 2009. 53(6). Cloud Security Alliance.https://cloudsecurityalliance.org/ Institute of Electrical and Electronics Engineers.http://www.ieee.org/index.html European Network and Information Security Agency.http://www.enisa.europa.eu/ Focus Group on Cloud Computing. http://www.itu.int/en/ITU-T/focusgroups/cloud/Pages/default.aspx Cloud Computing Use Case Discussion Group.http://cloudusecases.org/ Distributed Management Task Force.http://www.dmtf.org/ Storage Networking Industry Association.http://www.snia.org/ IBM:Blue Cloud.http://www-03.ibm.com/press/us/en/photo/22615.wss IBM Launches Cloud Computing Center in Tokyo. 61
27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39.
44. 45. 46. 47. 48. 49. 50. 51. 52. 53.
http://www-03.ibm.com/press/us/en/pressrelease/24787.wss IBM Opens Cloud Computing Laboratory in Singapore. http://www-03.ibm.com/press/us/en/pressrelease/30803.wss IBM Cloud Computing Specialty. https://www-304.ibm.com/partnerworld/wps/servlet/ContentHandler/isv_com_spe_cloud_index Google Cloud. http://www.google.com/apps/intl/en/business/officeconnect.html iCloud.http://www.apple.com/uk/icloud/?cid=mc-uk-g-clb-icloud&sissr=1 Strachey, C. Time sharing in large fast computers. 1959. Leiner, B.M., et al., A brief history of the Internet. Arxiv preprint cs/9901011, 1999. Foster, I. and C. Kesselman, The grid: blueprint for a new computing infrastructure2004: Morgan Kaufmann. Liu, Q., W. Zheng, and Y. Song. Parallel Simulated Annealing Based Time-Lapse Seismic Inversion with VMware Virtual Machine Technology. 2008. IEEE. O reilly, T., What is Web 2.0: Design patterns and business models for the next generation of software. Communications and Strategies, 2007. 65: p. 17. Amazon Web Service. http://aws.amazon.com/ Stokes, J. Sun unveils Project Blackbox. 18th October,2006 [cited 2011 10th June]; Available from: http://arstechnica.com/hardware/news/2006/10/8019.ars. Morgan, T.P. Dell Offers Large-Scale Data Center Design Service. 28th March, 2007 [cited 2011 10th June]; Available from: http://www.itjungle.com/two/two032807-story09.html. Google App Engine. https://www.google.com/accounts/ServiceLogin?service=ah&passive=true&continue=https://appengi ne.google.com/_ah/conflogin%3Fcontinue%3Dhttps://appengine.google.com/<mpl=ae Fenn, J., Inside the Hype Cycle: Whats Hot and Whats Not in 2009. Gartner Webinar, 2009. Banerjee, P., R. Friedrich, and L. Morell, Open Innovation at HP Labs. Computer, 2010. 43(11): p. 88-90. Windows Azure Platform.http://www.microsoft.com/download/en/details.aspx?id=8396 Duffy, J. Cisco unveils cloud computing platform for service providers. 12th May, 2009 [cited 2011 10th June]; Available from: http://www.infoworld.com/d/cloud-computing/cisco-unveils-cloud-computing-platform-service-prov iders-113. Mann, R., et al., B2B E-Commerce: Why it business should incorporate e-commerce. 2008. Chaffey, D., E-business and E-commerce Management: Strategy, Implementation and Practice2006: Financial Times/Prentice Hall. Kalakota, R. and A.B. Whinston, Electronic commerce: a manager's guide1997: Addison-Wesley Professional. Qin, Z., Introduction to E-commerce2009: Springer Verlag. Li, F., What is e-business?: how the Internet transforms organizations2007: Wiley-Blackwell. Bidgoli, H., MIS 20102010: Course Technology Ptr. Goel, R., E-commerce2007: New Age International. FDS International, Attitudes to Online Markets, August,2010. Gehling, B. and D. Stankard. eCommerce security. 2005. ACM. InformationWeek. E-Retail Sales Up 25%. 1th March, 2004 [cited 2011 11th June]; Available from: http://www.informationweek.com/news/18201011. 62
61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86.
The current situation and development of E-commerce, in China Daily2009. comScore, E-Commerce Spending Accelerates to a 10 Percent Growth vs. Year Ago, 2010. Wyckoff, A. and A. Colecchia, The economic and social impact of electronic commerce: Preliminary findings and research agenda1999: Organization for Economic. iResearch.http://www.iresearchchina.com/ Tassabehji, R., Applying E-commerce in Business2003: Sage Publications Ltd. Williams, T., Green, A., The business approaches to training1997, Aldershot: Gower Publishing Limited. Haitao, L. Hangzhou to build China's first network service provider's cloud platform. 2011 [cited 2011 20th June]; Available from: http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/09/156. Motahari-Nezhad, H.R., B. Stephenson, and S. Singhal, Outsourcing business to cloud computing services: Opportunities and challenges. IEEE Internet Computing, Palo Alto, 2009. 10. Ufida.http://www.ufida.com.cn/ Kingdee.http://www.kingdee.com/en/ eAbax.http://www.eabax.com/ Shen, S., China Mobile Internet market's size reaches 7.79 billion in 2011 Q2, 2011, iResearch. Armbrust, M., et al., Above the clouds: A berkeley view of cloud computing. EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-28, 2009. Greenberg, A., et al., The cost of a cloud: research problems in data center networks. ACM SIGCOMM Computer Communication Review, 2008. 39(1): p. 68-73. Armbrust, M., et al., A view of cloud computing. Communications of the ACM, 2010. 53(4): p. 50-58. Vouk, M.A., Cloud computingIssues, research and implementations. Journal of Computing and Information Technology, 2004. 16(4): p. 235-246. Alibaba.http://www.alibaba.com/ Rosen, G. State of the Cloud. 2010 [cited 2011 12th July]; Available from: http://www.geocities.com/comlaw/hk/ Amazon S3More Than 449 Billion Objects, in Amazon Web Services Blog2011. Amazon Fulfillment Web Service.http://aws.amazon.com/fws/ Fulfillment by Amazon.http://services.amazon.co.uk/services/fulfilment-by-amazon/how-it-works/ Barr, A. Amazons next billion-dollar business eyed. 22th July,2011 [cited 2011 25th July]; Available from: http://profitimes.com/news/amazons-next-billion-dollar-business-eyed. Vishik, C., Building Secure E-Commerce Systems, 2008, ENISA-FORTH Summer School. Amazon, Amazon Web Services:Overview of Security Processes, Semptember,2008. IETF X.509. http://tools.ietf.org/html/rfc3280 WS-*Standards.http://www.w3.org/2002/ws/ Internet Engineering Task Force.http://www.ietf.org/ WS-*Standards.http://www.w3.org/2002/ws/ Amazon Economic Centre.http://aws.amazon.com/economics/ Alibaba Group Research Centre Website.http://www.aliresearch.com/brief/live/579/ AliCloud. http://www.aliyun.com/ Schneider, G.P., Electronic commerce2011, Cambridge: Course Technology. Jespersen, B.D. and T. Skjott-Larsen, Supply chain management: in theory and practice2005: 63
87.
88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103.
104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115.
Copenhagen Business School Pr. Alibaba. Alibaba Cloud Computing Unveils Mobile Cloud Operating System. 28th July,2011 [cited 2011 2th Aug]; Available from: http://news.alibaba.com/article/detail/alibaba/100575603-1-alibaba-cloud-computing-unveils-mobile .html Juncai, S. and Q. Shao, Based on Cloud Computing E-commerce Models and Its Security. Wang, C., et al. Ensuring data storage security in cloud computing. 2009. Ieee. Rajiv Sabherwal, I.B.-F., Business Intelligence: Practices, Technologies, and Management2011, USA: Johns Wiley &Sons, Inc. Talk Market.http://www.talkmarket.com AWS Case Study: The Talk Market.http://aws.amazon.com/solutions/case-studies/the-talk-market/ 36Boutiques. http://www.36Boutiques.com Optaros.http://www.optaros.com AWS Case Study: 36Boutiques and Optaros. http://aws.amazon.com/solutions/case-studies/36boutiques/ Net Application.http://www.netapplications.com/ Alexa Case Study: Net Applications.http://aws.amazon.com/solutions/case-studies/net-applications/ Infobird.http://english.infobird.com/ Infobird.http://www.infobird.com/projecta.html Babar, M.A. and M.A. Chauhan. A tale of migration to cloud computing for sharing experiences and observations. 2011. ACM. Waidner, M., Industry Perspective on Cloud Security, 2010, IBM. Waidne, M., Security and Cloud Computing, 17th April, 2010, IBM. Sony. SONY ONLINE ENTERTAINMENT ANNOUNCES THEFT OF DATA FROM ITS SYSTEMS. 3rd May,2011 [cited 2011 24th July,2011]; Available from: http://www.soe.com/securityupdate/pressrelease.vm. Pearson, S. and A. Benameur. Privacy, security and trust issues arising from cloud computing. 2010. IEEE. Barr, J., Amazon EC2 Price Reduction, 1th Semptember,2010, Amazon Web Services Blog. Andrew, AWS Price Reductions Relentless, 2010. Deelman, E., et al. The cost of doing science on the cloud: the montage example. 2008. IEEE Press. Buyya, R., C.S. Yeo, and S. Venugopal. Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities. 2008. Ieee. Ferretti, S., et al. QoSAware Clouds. IEEE. Tran, V., et al. Application migration to cloud: a taxonomy of critical factors. 2011. ACM. Django Armstrong, K.D., Srijith Nair, Johan Tordsson, Wolfgang Ziegler, Towards a Contextualization Solution for Cloud Platform Services, 2011: Athens. Cloud computing is still at an early stage of stan. 5th May,2011 [cited 2011 6th August]; Available from: http://www.polborn.com/blog.php?user=Edison1087&blogentry_id=7437&lang_id=1. Porter, M.E., Competitive strategy: techniques for analyzing industries and competitors. 1980. New York: Free Pass. Johnson, G., K. Scholes, and R. Whittington, Exploring corporate strategy: text & cases2008: Prentice Hall. Nemzow, M., Ecommerce stickiness for customer retention. Journal of Internet Banking and 64
116.
Commerce, 1999. 4(1): p. 9908-03. Cloud Security Alliance., Top Threats to Cloud Computing V1.0, March 2010.
65
Appendices
of Cloud Computing before exams, and in the early June, I read some background material about e-commerce and began to write chapter one and chapter two. I found the time was a little intense because we need to submit interim report in the middle of June. The progress meeting which is arranged at the end of July is another important milestone for MSc students. You should try to finish your draft or, at least find your solutions of your project before this meeting. Then you will be able to explain your idea to your supervisor and assessor at the meeting and get useful feedback from them. It is quite helpful for your project. If you adopt the plan I suggest, you will have plenty of time to improve your project in August. In a word, make a plan and stick to it. It is better to surpass your time schedule a little bit; contrarily one should avoid any delay since there might be a lot of incidents occurring. Since we have 60 page limit allocated for the report, have an overall plan of your contents is also important. For example, in my project, I had a rough plan of how many pages for PEST analysis and how many pages for Porter s Five Forces analysis. It is quite essential because you may find that 60 page is not enough for your contents. There is another impressive experience that I gained from doing this project: do see your supervisor every week. It is a good opportunity to get feedback and suggestions from your supervisor. It can be demonstrated with an example from my own experience which I mentioned earlier. When I cannot find a company to do case study, my supervisor suggested me to do a general case study. This idea is quite helpful to my project. If you or your supervisor is not able to attend the regular meeting, you must keep in touch with him/her via email. Finally, Id like to say that this has been the most challenging and interesting academic task that I have ever done. I have learnt a lot from this process. Overall, it is a memorable experience in my life.
67
68
69
70
Threat
Remediation
Abuse
Stricter initial registration and validation processes. Enhanced credit card fraud monitoring and coordination. Comprehensive introspection of customer network traffic. Monitoring public blacklists for ones own network blocks Analyze the security model of Cloud provider interfaces. Ensure strong authentication and access controls are implemented in concert with encrypted transmission.
Computing
Understand the dependency chain associated with the API. Enforce strict supply chain management and conduct a
comprehensive supplier assessment. Specify human resource requirements as part of legal contracts. Require transparency into overall information security and
management practices, as well as compliance reporting. Shared Technology Issues IaaS Determine security breach notification processes. Implement security best practices for installation/configuration. Monitor environment for unauthorized changes/activity. Promote strong authentication and access control for administrative access and operations.
71
Conduct vulnerability scanning and configuration audits. Implement strong API access control. Encrypt and protect integrity of data in transit. Analyzes data protection at both design and run time. Implement strong key generation, storage and management, and destruction practices.
Contractually demand providers wipe persistent media before it is released into the pool.
Account Service Hijacking or IaaS, PaaS, SaaS Unknown Risk Profile IaaS, PaaS, SaaS
Contractually specify provider backup and retention strategies. Prohibit the sharing of account credentials between users and services. Leverage strong two-factor authentication techniques where possible. Employ proactive monitoring to detect unauthorized activity. Understand Cloud provider security policies and SLAs. Disclosure of applicable logs and data. Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.).
72
Appendix E: Opportunities provided by Cloud Computing in terms of security Cloud Enabled Control(s)
People Identity and Defined set of Cloud interfaces Centralized repository of Identify and Access Control policies Information and Data Computing services running in isolated domains as defined in service catalogs Default encryption of data motion & at rest Virtualized storage providing better Improved accountability. Reduced risk of data leakage/loss Less likelihood that an attack would propagate
Benefit
Reduced risk of user access to unrelated resources
inventory, control, tracking of master data Process Application & Autonomous procedures Personnel and tools with specialized knowledge of the Cloud ecosystem SLA-backed confidentiality Network Server Endpoint and Autonomous provisioning and Reduced attack surface Improved forensics with ensemble snapshots availability and security policies and Improved protection of assets and increased accountability of
reclamation of hardened runtime images Dynamic allocation of pooled resources to mission-oriented ensembles
Physical Infrastructure
Improved ability to enforce access policy and manage compliance Adapted from Waidner, 2010[101]
73
Customer type
IaaS
DaaS
Configure to store data
SaaS
PaaS
Others
Monitoring as a Service (to setup and monitor SLAs) Integration as a Service
Use to IT administrators deploy images of existing software Software developers May use to deploy software
Store data
N/A
N/A
Mainly to browse and find existing services to reuse and add-ons Occasional users to manage their business
N/A
Business users
N/A
N/A
Main users of SaaS, may perform simple configuration tasks and use add-ons
N/A
74