The Carnegie Endowment for International Peace has published a research report, Cloud Reassurance: A Framework to Enhance Resilience and Trust, following an inquiry into the challenges associated with using cloud services managed by hyperscale providers. Hyperscale providers have arisen due to the concentration of cloud-based solutions provided by just a few providers. This concentration of services poses a potential risk for users. The report outlines the nature of these risks, including single-point failure potential, and the subsequent impacts arising from systemic economic and societal dependence on this concentrated hyperscale supply chain.
The report presents and recommends the adoption of a four-part cloud resilience framework for private sector organisations. This includes (1) foundational commitments: public commitments to security, resilience and harm minimisation, (2) direct actions by providers to increase the resilience of the cloud system and services, (3) working with stakeholders to develop a standards-based resilience maturity model to increase customer resilience, and (4) scenario-based exercising and stress testing for validation and assurance of contingency planning and capabilities.
The report additionally offers guidance for government policymakers, highlighting the role and influence of regulation and the need to balance both positive and negative regulatory impacts with stakeholder collaboration with industry. Overall, it emphasises the potential role of government in catalysing cloud resilience for societal benefit as a shared goal in resilience-building activities.