Towards a discipline of mission-aware cloud computing

Even as cloud computing gains rapid traction in the commercial marketplace the twin concerns of availability and security remain paramount to potential customers, especially in the enterprise. Concurrently the vision of what cyber security means is itself changing. The US Department of Defense (henceforth DoD) has recently promulgated a new doctrine of mission assurance in contrast to the earlier approach of information assurance. We argue that this concept of mission assurance is equally applicable to the commercial sector, and has high relevance to the availability and security concerns of cloud computing. While the business community may prefer alternate terms such as "business application assurance," "business function assurance" or "mission effectiveness" we propose to stay with established DoD terminology. Our basic position is that in order to achieve mission assurance in the new paradigm of cloud computing we need to instrument the cloud with hooks and supporting protocols and mechanisms to enable deployment of mission-driven performance, resilience and security policies into the computing and communication infrastructure. The cloud must therefore evolve from its current mission-oblivious state to become mission-aware. This position paper speculates on the research challenges in making this happen.