The universal adoption of cloud-centric operating models is bringing enormous benefits to every sector of the global economy, yet the ubiquity of dependence on common technologies and service providers also creates a new potential for systemic risk. Regulators and policymakers have expressed concern about the possibility of widespread, cascading effects if cloud services are disrupted, yet the nature of the risks, and the balance of responsibilities in addressing them, remain highly uncertain.
In response, the Carnegie Endowment for International Peace has launched the Cloud Reassurance Project—an initiative to create shared understanding among private sector stakeholders of the systemic risks associated with deepening global dependence on cloud technology.
The Cloud Reassurance Project brings together cloud service providers, enabling technology providers and (re)insurers. The project is funded by the participants, who are represented on technical and policy working groups. These groups include independent experts who bring deep knowledge of cloud computing and technology governance. Legal advisors ensure that all activities are compliant with antitrust requirements and, when required, provide guidance regarding confidentiality.
The Technology and International Affairs Program develops insights to address the governance challenges and large-scale risks of new technologies. Our experts identify actionable best practices and incentives for industry and government leaders on artificial intelligence, cyber threats, cloud security, countering influence operations, reducing the risk of biotechnologies, and ensuring global digital inclusion.
The Cloud Reassurance Project brings together cloud service providers, enabling technology providers and (re)insurers. The project is funded by the participants, who are represented on technical and policy working groups. These groups include independent experts who bring deep knowledge of cloud computing and technology governance. Legal advisors ensure that all activities are compliant with antitrust requirements and, when required, provide guidance regarding confidentiality.
The project will run for approximately one year to investigate questions such as:
The project is overseen by a steering group, comprising the following stakeholder participants:
Rachelle Celebrezze
Senior Director of Government Relations and Head of Americas Public Policy
VMware
Edna Conway
Vice President, Security & Risk Officer, Cloud Infrastructure
Microsoft
Scott Kannry
Chief Executive Officer
Axio
Robert Kolasky
Senior Vice President for Critical Infrastructure
Exiger
Jürgen Reinhart
Chief Underwriting Officer – Cyber
Munich Re
Jordana Siegel
Data Protection and Public Policy
Amazon Web Services
Bobbie Stempfley
Board Chair
Center for Internet Security
Phil Venables
Chief Information Security Officer
Google Cloud
Stephan von Watzdorf
Head of Cyber Center of Competence
Swiss Re
The ultimate aim is to develop insights and recommendations that can directly enhance systemic resilience for cloud technology, as well as inform regulatory and policy approaches. The findings, which will be aimed at both technical and nontechnical audiences, will be published on Carnegie’s website and made freely available.
The Carnegie project team comprises Peter Armstrong, Ariel (Eli) Levite, Gabriella Mesce, and John Pendleton. Please contact Samantha Lai at
Samantha.Lai@ceip.org
for further information.The Cloud Reassurance Project brings together cloud service providers, enabling technology providers and (re)insurers. The project is funded by the participants, who are represented on technical and policy working groups. These groups include independent experts who bring deep knowledge of cloud computing and technology governance. Legal advisors ensure that all activities are compliant with antitrust requirements and, when required, provide guidance regarding confidentiality.
The project will run for approximately one year to investigate questions such as:
The project is overseen by a steering group, comprising the following stakeholder participants:
Rachelle Celebrezze
Senior Director of Government Relations and Head of Americas Public Policy
VMware
Edna Conway
Vice President, Security & Risk Officer, Cloud Infrastructure
Microsoft
Scott Kannry
Chief Executive Officer
Axio
Robert Kolasky
Senior Vice President for Critical Infrastructure
Exiger
Jürgen Reinhart
Chief Underwriting Officer – Cyber
Munich Re
Jordana Siegel
Data Protection and Public Policy
Amazon Web Services
Bobbie Stempfley
Board Chair
Center for Internet Security
Phil Venables
Chief Information Security Officer
Google Cloud
Stephan von Watzdorf
Head of Cyber Center of Competence
Swiss Re
The ultimate aim is to develop insights and recommendations that can directly enhance systemic resilience for cloud technology, as well as inform regulatory and policy approaches. The findings, which will be aimed at both technical and nontechnical audiences, will be published on Carnegie’s website and made freely available.
The Carnegie project team comprises Peter Armstrong, Ariel (Eli) Levite, Gabriella Mesce, and John Pendleton. Please contact Samantha Lai at
Samantha.Lai@ceip.org
for further information.
As increasing amounts of information and services are moved to the cloud, a few providers have come to manage the bulk of cloud services. This level of dependence and concentration offers some benefits and risks, but policy action is needed to minimize and manage the risks.
