Leveraging Human-Computer Cloud Architecture for Business Trip Resilience Alexander Smirnov and Andrew Ponomarev[0000-0002-9380-5064] St.Petersburg Institute for Informatics and Automation of the RAS, St.Petersburg, 14 th Line 39, 199178, Russia {smir, ponomarev}@iias.spb.su Abstract. During business trips company employees being in a dynamic, unfa- miliar environment are exposed to various threats (both to well-being, and to ef- fectiveness in performing their business responsibilities), therefore, business trip risk management is one of the integral parts of the overall business process resilience. This paper proposes an approach of leveraging a novel human- computer cloud concept to perform some of typical tasks required to implement organization’s travel risk management policy. In particular, it is proposed to use human-based application deployed in human-computer cloud (1) to assist in pre-trip investigation required to assess travel risks and develop trip instruc- tions, (2) to support travelling employees in case of unexpected incidents. Keywords: Human-Computer Cloud, Crowdsourcing, Travel Risk Manage- ment, Human-in-the-Loop, Human Factors. 1 Introduction Business process resilience is generally defined as the ability to adjust easily to change (caused by economic factors, natural disasters, government decisions etc.) [1]. For organizations whose business processes significantly rely on business trips of their employees, business trip resilience and business trip risk management are im- portant parts of a holistic approach to business process resilience [2]. It means that an organization should be able to react to any changes in the environment (possibly in countries/regions where there even no regular offices of that organization) that may influence well-being of the employees and their effectiveness in performing business responsibilities. Increasing importance of this problem is supported by various analytical reports. E.g., according to Ipsos MORI Global Business Resilience Trends Watch 2018, 63% of business decision-makers perceive travel risks to have increased in 2017. At the same time, only 9% of organizations updated their sustainability program to include travel risk policy [3]. This paper proposes an approach to address some of the business resilience prob- lems (specifically, business trip resilience) that is based on human-computer cloud (HCC) concept. The key of reaching resilience is identification of influences and quickly adapting to them. In the technological sense, one important perspective of changes is availability of computing infrastructure and variation of computing re- source utilization (that can be caused by different external factors). These changes can be addressed with a help of conventional cloud computing technology, which pro- vides means to elastically manage the computing capacity consumed by business processes [4] and various redundancy schemes allowing to minimize negative effects of hardware outage. However, there is much more in business resilience than flexible computational resource scaling in response to the environment. Another significant aspect of adaptability and resilience is human resource capacity limitations, which may in some situations restrict the possible profit (e.g., may simply lack required human resources to quickly react to some change in the environment and make profit of it). In the previous work, the authors developed the original architecture of human- computer cloud [5–7] that (similarly to conventional cloud environments) allows to decouple application logics from resource management issues. However, unlike con- ventional clouds, HCC treats human contributors as a special kind of resource and supports the execution of human-based applications. Earlier research has also shown that there are multiple applications of human-computer cloud paradigm in e-tourism [5, 7]. This paper adapts earlier proposed solutions to the problem of employee trav- el/security risk management. Crowdsourcing is usually defined as a way of outsourcing, where tasks traditional- ly performed by company’s employees or other companies are forwarded to members of an undefined large group of people (called “crowd”) by means of internet (e.g., [8- 10]). In this sense, HCC provides technological means for crowdsourcing. An im- portant question regarding to using crowd for solving some tasks is “what are the factors that influence the decision of whether it is possible to use crowdsourcing and crowd computing to perform some part(s) of the company’s business process?” Though business process crowdsourcing (originally introduced by Vecchia and Cisternino [11] as a model allowing organizations to crowdsource their internal busi- ness processes) has already been paid some attention, it is still at an early stage of development [12]. It was recognised by the scientific community that making a deci- sion whether to crowdsource or not requires a comprehensive analysis in which mul- tiple factors should be examined in a systematic way [13]. By examining the charac- teristics of crowdsourcing in practice, Schenk and Guittard [8] have stressed task complexity as the first important dimension. Taking into account limitations of crowdsourcing applicability (e.g., requirement of some specific expertise, sensitive data processing) and factors influencing the pos- sibility of crowdsourcing, first, a set of particular tasks of travel risk management that were implemented as human-based applications was mostly limited to information- collection tasks, second, the private-public human-computer cloud approach was pro- posed. 46 The proposed approach touches Risk monitoring (RMON) and Risk assessment (RA) process areas of Travel Risk Management Maturity Model (TRM3) [14] devel- oped by Global Business Travel Association (GBTA) partnered with iJET Intelligent Risk Systems. Specifically, the proposed solution will help to reach Level 3 according to this maturity model in the process area of Risk monitoring. The rest of the paper is structured as follows. Section 2 contains some basic infor- mation about human-computer cloud concept and an approach to implementing it. Section 3 introduces the hybrid human-computer cloud environment that allows to partially sidestep pitfalls of crowdsourcing applicability by creating private cloud (connected with a public one). Section 4 discusses some of the trip management tasks that can be implemented on top of the cloud. 2 Human-Computer Cloud This section briefly describes HCC concept in its historical evolution and the particu- lar approach to implementation of this concept taken by the authors. While this sec- tion should be enough to get most ideas behind the proposed platform, more details can be found in previous publications [5–7]. Although, typical capabilities provided by cloud are storage, processing, network- ing and software, cloud computing recently is perceived as a more general concept resulting to various attempts of applying elastic on-demand resource management principles (sometimes called XaaS or *aaS). This includes several developments where human information processing abilities were treated and provided in a cloud- like way. One example of this kind of systems was described in [15], where a cloud architecture for mobile crowdsensing MCSaaS (Mobile CrowdSensing as a Service) was proposed. MCSaaS defined a unified interface allowing any smartphone user to become a part of a cloud and allow to use his/her smartphone sensors in some way that he/she finds acceptable in exchange for some monetary reward or even voluntary. Other examples are ClouT (Cloud+IoT) project [16] aimed on providing enhanced solutions for smart cities by using cloud computing in the IoT domain. While men- tioned projects involve humans mostly as owners of mobile sensing infrastructure (able to activate a sensor and collect some data), there are also projects aimed on ab- stracting human processing capabilities. E.g., in [17] and [18] the cloud consisting of human-based services provided by human computing units is discussed. Further, a concept of social computing unit is also introduced representing several “human com- puting units” working together on one problem. While in our work we adopt the ideas of the cited publications, namely, using cloud-inspired resource management approach for human-based applications, we extend it by two distinguishing features. That are ontologies and digital contracts. Ontological mechanisms (ability to precisely define semantics and use inference to find related terms) are used to find and allocate human resources required by software services. While digital contracts are used to achieve predictability required by cloud users (application developers). These digital contracts specify terms on which a con- 47 tributor agrees to provide his/her competencies to the cloud application developer, rewarding and possible penalties. Cloud environment uses these contracts both to allocate service’s task and to inform users about possible capacity. Software Application Services Dynamic workflow service Platform Deployment service Ontologies Information Storage & Data Human Work- Exchange Services Processing flow Services Services Infrastructure Management Infrastructure Ontology-based resource discovery Resource Virtualization Computing/Storage Sensing Human Fig. 1. Human-computer cloud general architecture 2.1 Actors Although NIST recommendation document [4] identifies five types of actors, this paper adopts two most important of them (i.e., Cloud Consumer and Cloud Provider) and adds one new specific actor for humans who provide their resources via cloud environment. Therefore, following actors are identified: Cloud consumers, who use the applications and services deployed in the cloud environment (and provided by Cloud providers). Further, this category of actors can be divided into End users and Service developers. This division is mostly determined by the kind (and a level) of services a consumer deals with. For example, when using the cloud for business trip resilience, possible end users are traveling employees or business trip managers, because they use cloud services (mostly, on the SaaS layer) to solve domain specific tasks. Service developers use the services of the platform layer to create application services for end users. Contributors, i.e., citizens, who are available to serve as human resources in a HCC environment. 48 Cloud providers, individuals or organization who own and maintain the required hardware and software infrastructure provided to Cloud Consumers. This includes, for example, system administrators. 2.2 Cloud Layers and Services All the three models of cloud computing (IaaS, PaaS, SaaS) can be adapted to include human resources (Fig. 1). Infrastructure layer: Infrastructure layer unifies different types of capabilities: traditional computing and storage capabilities, sensing capabilities and human exper- tise capabilities. Contributors can join HCC and define the resources they can pro- vide, time and load restrictions, a type of tasks they may participate. In the infrastruc- ture layer resources (including human resources, or contributors) are not locked to some particular domain. Instead, they describe their competencies and possible kinds of activities using some of the available ontologies to leverage the resource identifica- tion phase that happens when some application that require human participation is deployed in the cloud environment. Ontology-based resource discovery service per- forms ontology search involving ontology matching techniques as necessary. Infra- structure layer management monitors contributor connections and disconnections, collects information about effectiveness of each contributor (separately for each skill a contributor is allocated by) and uses it in further allocation requests. Platform layer: This layer consists of a set of multi-purpose utility services that can be leveraged for building applications relying on human expertise, and develop- ment tools, that are used to deploy and run human-in-the-loop services in the cloud environment. Development tools of the platform layer allow to deploy services in cloud envi- ronment and to monitor them. Each service being deployed includes an ontology- based descriptor, specifying: - building/configuration instructions; - hardware and software requirements of the service (what platform services it re- lies on, e.g., database service, human workflow service, etc.); - human resource requirements (if any), specifying what human skills and compe- tencies this service need to function. These requirements are also resolved during the service deployment, but as (1) resolving these requirements employs ontology match- ing which may result in some tradeoffs, (2) human resources are much more limited than hardware/software, the status and details of the requirements resolution are available to the developer and can be browsed via the management console; - description of the service functions and entry points to be published in the appli- cation domain service repository and used by the ad hoc dynamic workflow service. Typical interoperability scenario that is initiated in the platform layer during de- ployment is the following: the human resources connected to the cloud environment describe their capabilities using some problem-specific dictionaries. Each applica- tion/service that is deployed in this cloud environment contains a description of its requirements (including the requirements to the resources), which is expressed in terms of the most appropriate ontology selected (or even designed) by the application 49 developers. It is very unlikely that human resources have used this exact ontology to describe their capabilities when connecting to the system. However, the advantage in using ontologies here is that due to the formal semantics inherent to them different ontologies can be matched. Hence, in the process of service deployment, human re- sources that are potentially able to fulfill the human requirements of the service are identified (despite the fact that they are not described initially in terms of the applica- tion ontology). Later, during the functioning of the service, the participants’ descrip- tion can evolve, because his/her performance in the capabilities required by the ser- vice (and expressed in terms of service’s ontology) is recorded and processed. For each further service that is deployed in this environment, the process of aligning re- quirements with the capabilities of human resources becomes easier, as human re- sources definition becomes more and more detailed. Software layer: This layer consists of a suite of (potentially human-based) ser- vices and applications designed for a particular problem area. E.g., in the area of tour- ism there are various services like itinerary planning, feedback collection and many others [5, 19]. 3 Hybrid Human-Computer Cloud for Decision Support Conceptual schema of the proposed approach is presented in Fig. 2. The proposed cloud-based decision support is aimed at the decision points of workflows, which are formalised and ready for implementation representations of business processes. Due to privacy issues and possible presence of sensitive information, usage of ex- ternal human resources (i.e., crowdsourcing as one of the cloud resources) may be limited. However, it doesn’t apply to the internal human resources of the organization. Therefore, decision support cloud follows the so-called hybrid cloud model, were all the resources are divided between private (on-premise) cloud and public (external) cloud. In case of traditional computing resources, directly accessible private cloud reduces time and latency compared to access to public resources, besides, private cloud may cover average workload, retaining the ability to use public resources, when it is needed. Hybrid HCC inherits all those features, but has one more. Private cloud contains a pool of unique human resources that can be used with much less re- strictions then those from the outside. Uniqueness of these resources is due to the fact that members of the private cloud are actually employees of the organization with all legal and practical consequences, e.g., they are enforced to obey non-disclosure agreement, and they may be more familiar with the context of each particular task. It puts human resource scheduler of the private cloud very close to the workflow engine (e.g., BPEL- or BPMN-based), but modelling all the human resources (private and public) as cloud resources allows to build a unified scheduler. I.e., a single scheduler ‘faced’ with some request that contains a sensitive data may allocate resources from the private cloud, but ‘faced’ with some request that doesn’t contain sensitive data may automatically allocate resources from public cloud, automatically resorting to ‘crowdsourcing’. This is only possible if resources of the both clouds are described in the same form and provide aligned APIs. 50 Public human-computer cloud Services and resources (including crowd) Private human- computer cloud Decision support software Business Decision Workflow Human & computer process maker resources Organization boundary Fig. 2. Illustration of the human-computer cloud-based decision support in a business process. The decision support assumes delegation of tasks to a cloud consisting of both (a) IT tools, which can provide information for decision support (decision support systems), provide recommendations (recommendation systems) or even do some decision mak- ing (expert systems); and (b) company (and outer) experts, who can either assist in decision making or make the required decisions. Therefore, all the three cloud layers are present in the architecture. Infrastructure-as-a-Service (IaaS) layer is formed by computing, storage and human resources, that can be used in the process of decision support. Platform-as-a-Service (PaaS) layer is not explicitly depicted in the Fig. 1, but it is formed by the intermediary services allowing to build end-user applications. Fi- nally, the Software-as-a-Service (SaaS) layer that is represented by different forms of decision support software. 4 Business Trip Risk Management This section describes the way human-computer cloud capabilities are utilized for business trip risk management. It analyses some recommended practices for managing 51 business trip risks and shows how these practices can be implemented on the basis of hybrid human-computer cloud. 4.1 Business Process GBTA Europe Risk Committee has recently identified five pillars of travel risk man- agement [20]: 1. A business travel health, safety and security policy. Most companies already have a safety and security policy in place, but every company needs a specific set of poli- cies around business travel. 2. Travel safety and security information. Companies must base their advice off of re- liable travel information, both of which should be relayed to travelers before they embark on a trip. 3. Restrictions on travel to higher risk countries. You must have a plan for controlling travel to high-risk countries. Companies may define high-risk differently based on their corporate risk appetite. 4. Knowing where your people are. In the case of a safety, security or health incident, you must be able to reach out to your travelers to ensure their safety and offer sup- port. 5. An incident and crisis management plan for when things go wrong. The Ipsos Report [3] also confirms that many companies have recently undertaken some steps that go well with the activity areas above:  Introduced pre-trip and during trip advisory emails (39%).  Included travel risk assessment in travel approval process (37%).  Implemented travel safety training and security training (33%).  Provided annual health check-up’s (32%).  Updated travel risk policy (excluding diversity related issues) (31%). To build effective policies around business travel (task 1), prepare safety and security instructions (task 2) as well as an incident and crisis management plans (task 5) the organization (represented by a responsible role) has to have reliable, complete and up- to-date information about possible threats. The proposed roles of HCC-based applica- tions are primarily concentrated around collecting such information from local experts and recent travelers to the destination. On the other hand, Travel Risk Management Maturity Model specifies several activities and processes (e.g. Risk monitoring) that must be done in the recurring basis and also require access to actual information about business trip destination. Besides, in case something unexpected happens while an employee is on the trip, he/she might need information support accounting for the new situation. And that may also be simpler for persons with local knowledge. Therefore, there are basically two scenarios human-based information collection applications are used in business trip management: pre-trip risk assessment and on-trip support. 52 Pre-trip risk assessment Basic workflow of risk information collection is performed by a travel risk manag- er role who is in charge of what kind of information has to be collected to prepare people to business trips and make them safe. In some sense, this role is responsible for resilience in business process of business trip organization. However, in a company that has an intense (or significantly varying) business trip schedule it might be hard to collect all the needed information. On the other hand, this particular information can be collected by local people/agencies. So, the travel risk manager submits the required information to the travel information collection application, these requests are di- rected to contributors with local expertise who provide the required information. Collect long- Web, State foreign term local department recom- information mendations etc. Collect short- Real-time queries to term local people with local information expertise Store infor- mation for Travel risk future uses knowledge base Fig. 3. Pre-trip risk assessment investigation Simplified workflow of pre-trip risk assessment investigation is shown in Fig. 3. When assessing risks of business trip to some new location, travel risk manager col- lects both long-term information about the destination, as well as short-term infor- mation. This information is stored into Travel risk knowledge base so that (1) in the subsequent travels to the same destination pre-trip risk evaluation might reuse large portions of it (depending on the time passed from the collection and classification of the information), (2) this knowledge base is used to send information emails to the employees before the trip and even in the trip. Potentially, in case of working em- ployee travel tracking system, the knowledge base may be also used for online alerts and on-trip information support, however, this is out of scope of this paper. 53 This workflow sidesteps the specific content of the information that need to be col- lected. In fact, the particular list of the information items (or, trip preparation check- list) as well as classification into “long-term” and “short-term” information items is a part of travel risk assessment methodology developed in the particular organization as a result of another process. On-trip support This scenario is activated while an employee is on the trip. However, there are two possible initiators of it. The first one is travel risk manager who monitors general news stream about locations where company employees are currently on the business trip and decides if the situation is changed severely enough that general instructions about the destination might have become obsolete. In this case, travel risk manager initiates a new information collection cycle resulting in the information emails to the employees about new safety and security instruction in the changed situation. However, in some cases a travelling employee might face problems that while are not objectively so significant to be reflected in a news stream, nevertheless create serious threat for efficiency. In this case, an employee may directly access to local experts who can provide the required information. 4.2 Implementation with the Human-Computer Cloud The simplest way to implement these scenarios with the help of HCC is to implement a set of human-based applications (leveraging the intellectual abilities of contributors working with the cloud) and deploy them in the cloud environment. Development of human-based applications is possible with the toolset provided by the PaaS layer of the platform. Due to current limitations of the platform, there applications can only be web applications exposing RESTful API. Therefore, software part of the travel risk management workspace has to consist of a desktop (or web) application (possibly integrated with other enterprise software) providing user interface and human-based application deployed in the HCC. These two applications communicate over HTTP via RESTful interface (Fig. 4). This figure shows a simplified case, when there is no private cloud part and travel risk manager workplace application directly connects to the public Travel information collection application. In a more elaborate case suitable for bigger organizations able to deploy own computing infrastructure and ready to deploy private cloud, the schema transforms roughly to what is shown in Fig. 2, i.e. travel risk manager workplace connects to the application deployed in the private cloud, and if the application fails to collect needed information among private cloud contributors, the request is passed forward to the public cloud. Human-based application deployed in the cloud requires a deployment descriptor defining resource requirements of the application and digital contract templates. During the deployment of this travel risk collection application the ontology con- cepts used for description will be matched to the resource description profiles and notifications of contribution possibility (called advertisements in the terminology of the platform) will be sent out to respective contributors. 54 Contributors Enterprise software RESTful Travel risk API Travel management information workplace collection Travel risk manager Human-computer cloud Fig. 4. Implementation schema. 5 Conclusion The paper proposes to use elements of crowdsourcing (implemented via a novel con- cept of human-computer cloud) for information collection activities in the scope of business trip risk management. The approach suggests to route information collection requests issued by organization’s business trip risk manager to local experts whose work for HCC environment is regulated by digital contracts (which allows to reach predictability in resource availability and response time). A hybridization (pri- vate/public) of human-computer cloud was proposed that allows to sidestep some of the pitfalls of external execution of inner organization tasks. The proposed approach goes very well with will Travel Risk Management Maturi- ty Model and may facilitate reaching Level 3 (Proactive) according to this model by an organisation. Acknowledgements. The research is funded by the Russian Science Foundation (project # 16-11-10253). References 1. Proactive Strategies to Position and Protect Your Organisation, http://www.continuitycentral.com/feature055.htm, last accessed 2018/05/15. 2. Dolan, R.: Four Reasons Why Travel Risk Management is a Business Imperative, https://www.concur.com/newsroom/article/four-reasons-why-travel-risk-management-is-a- business-imperative, last accessed 2018/05/15. 55 3. Ipsos MORI Global Business Resilience Trends Watch 2018, https://www.businesswire.com/news/home/20171114005920/en/Organisations-Strides- Planning-Unknown-Risk-Perception-Remains, last accessed 2018/05/15. 4. Mell, P., Grance, T.: The NIST Definition of Cloud Computing. Recommendations of the National Institute of Standards and Technology, Special Publication 800-145 (2011). 5. Smirnov, A., Ponomarev, A., Levashova, T., Teslya, N.: Human-computer cloud for deci- sion support in tourism: Approach and architecture. In: Proceedings of the 19 th Conference of Open Innovations Association (FRUCT), pp. 226-235 (2016). 6. Smirnov, A., Ponomarev, A., Levashova, T., Shilov, N.: Ontology-based Cloud Platform for Human-driven Applications. Proceedings of the 21st Conference of Open Innovations Association FRUCT, pp. 304–310 (2017). 7. Smirnov, A., Ponomarev, A., Shilov, N., Kashevnik, A., Teslya, N.: Ontology-based hu- man-computer cloud for decision support: Architecture and applications in tourism. Int. J. of Embedded and Real-Time Communication Systems, 9(1), pp. 1-19 (2018). 8. Schenk, E., Guittard, C.: Towards a characterization of crowdsourcing practices. Journal of Innovation Economics, 1, pp. 93-107 (2011). 9. Howe, J.: The rise of crowdsourcing. Wired magazine, pp. 1-4 (2006) 10. Howe, J.: Crowdsourcing: A Definition. http://crowdsourcing.typepad.com/cs/ 11. Vecchia, La G., Cisternino, A.: Collaborative Workforce, Business Process Crowdsourcing as an Alternative of BPO. Current Trends in Web Engineering, 10th International Confer- ence on Web Engineering ICWE 2010 Workshops, Revised Selected Papers, LNCS 6385, pp. 425-430. Springer (2010). 12. Thuan, N. H.: To Establish Crowdsourcing as an Organizational Business Process: An Ex- ploratory Study. Phd Research Proposal, School of Information Management, Victoria University of Wellington, New Zealand (2013). 13. Zhao, Y., Zhu, Q.: Evaluation on Crowdsourcing Research: Current status and future di- rection. Information Systems Frontiers, pp. 1-18 (2012). 14. Travel Risk Management Maturity Model (TRM3), https://www.ijet.com/sites/default/files/WP_TRM3_May2012.pdf, last accessed 2018/05/15. 15. Merlino, G., Arkoulis, S., Distefano, S., Papagianni, C., Puliafito, A., Papavassiliou, S.: Mobile crowdsensing as a service: a platform for applications on top of sensing clouds. Fu- ture Generation Computer Systems, vol. 56, pp. 623-639 (2016). 16. Formisano, C., Pavia, D., Gurgen, L. et al.: The advantages of IoT and cloud applied to smart cities. In: 3rd International Conference Future Internet of Things and Cloud, 2015, Rome, pp. 325-332 (2015). 17. Dustdar, S., Bhattacharya, K.: The social compute unit. IEEE Internet Computing, 15(3), pp. 64–69 (2011). 18. Sengupta B., Jain, A., Bhattacharya, K., Truong, H.-L., Dustdar, S.: Collective problem solving using social compute units. International Journal of Cooperative Information Sys- tems, vol. 22, no. 4 (2013). 19. Teslya, N., Ponomarev, A.: Smart Tourism Destination Support Scenario Based on Hu- man-Computer Cloud. Proceedings of the 19th Conference of Open Innovations Associa- tion FRUCT, pp. 242–247. (2016). 20. The Five Pillars of Travel Risk Management, http://blog.gbta.org/2017/06/12/the-five- pillars-of-travel-risk-management/, last accessed 2018/05/15. 56