2012 45th Hawaii International Conference on System Sciences
A Reference Guide to Cloud Computing Dimensions:
Infrastructure as a Service Classification Framework
Jonas Repschlaeger
Technical University of
Berlin
j.repschlaeger@tuberlin.de
Ruediger Zarnekow
Technical University of
Berlin
ruediger.zarnekow@tuberlin.de
Stefan Wind
University Augsburg
stefan.wind@wiwi.uniaugsburg.de
pressure - of governments will only serve to
accelerate the adoption of Cloud Computing in the
public sector [5].
So far e-Government has changed the way the
public administration operates and delivers its
services and progressed to the point where it is now a
question of efficiency (how well it’s done) and not if
it’s done [6], [7]. The associated benefits with eGovernment include among others: improving
internal cost and management efficiencies,
encouraging citizen participation - through high
service usability - and improving overall governance
[8], [9]. It is likely that e-Government will be
increasingly dependent upon Cloud Computing for
deployment of its services which in the very essence
are online provisioned in a cost-effective and scalable
manner [1].
By now Cloud Computing has become a fast
growing and non-transparent market with many small
and large providers, each of them having their
specific service model [10], [11], [12]. Unfortunately,
that makes it difficult to compare the providers as
such and their service offerings. In the majority of
cases the service portfolios are heterogeneous and
combined with complex pricing models and service
features. Furthermore, the fact that interoperability
between providers hasn’t been achieved makes a
provider selection often irreversible or requires much
effort [11], [13]. This difficulty, known as “provider
lock-in”, is discussed extensively and is an important
topic in many companies and international research
activity e.g. Open Grid Forum (OGF) [14], [15].
Consequently, the customer is confronted with the
situation to select an appropriate provider to realize
his specific requirements mostly based on diffuse
classification criteria. Due to the lack of adequate
possibilities of comparing a Cloud provider,
especially on the infrastructure level, this paper
focuses on developing a classification framework for
IaaS providers. In this context the following research
question needs to be answered:
Abstract
Recently, a growing development and use of
Cloud computing services has been observed
generally and also in the area of government. Despite
initial positive results, it is challenging in theory and
practice to find an appropriate provider matching the
individual requirements of a company or a
government. Moreover, the number of new entrants
as well as non-transparent service offers, which
sometimes differ significantly, make it difficult to
migrate into the Cloud.
Due to the lack of adequate possibilities to
compare and classify Cloud providers we are
presenting in this paper a provider independent
classification framework for Infrastructure as a
Service (IaaS) which can be used in e-Government.
For this purpose, the target dimensions for Cloud
Computing from a customer perspective were
defined, based on expert interviews and an
international literature review. The relevance of the
target dimensions was evaluated with an additional
survey conducted among IT managers. Extended by a
provider market analysis the classification
framework was designed and finally checked for
applicability and can be used to create concrete
cloud procurement processes, refine Cloud strategies
or develop migration requirements for governments.
1. Motivation
For several years Cloud Computing has been
influencing the IT landscape and has been attractive
to governments around the world as well as to
corporations [1], [2]. The U.S. government estimates
its IT spending on migration to cloud computing
solutions for 2010 at $20 billion [3]. In 2009 Japan’s
Ministry of Internal Affairs and Communications
revealed plans to build a massive cloud computing
infrastructure the Kasumigaseki Cloud to support all
of the government’s IT systems [4]. Many analysts
believe that the economic situation - e.g. cost cutting
978-0-7695-4525-7/12 $26.00 © 2012 IEEE
DOI 10.1109/HICSS.2012.76
Klaus Turowski
University Magdeburg
klaus.turowski@ovgu.de
2178
What
are
appropriate
classification
characteristics for Cloud providers and what should
an Infrastructure as a Service (IaaS) classification
framework look like?
At a certain stage of e-Government evolution, the
problem of interoperability arises and it is inevitable
to focus on compatible IT structures [16]. In this
context the comparison of different Cloud services
and their providers will become of high relevance to
the government. To reduce entry barriers and support
the migration into the Cloud this paper starts with
examining Cloud Computing characteristics and the
IaaS provider’s market. Based on a literature review
and interviews conducted with experts we have
derived six customer target dimensions valid for
Cloud Computing (see chapter 4). These target
dimensions serve as strategic objectives regarding
Cloud Computing and provide a structure for Cloud
characteristics in the first place and were evaluated
by 30 IT managers (see chapter 5). Next we gathered
all requirements and appropriate classification criteria
for Cloud providers available and reviewed them in
cooperation with the experts. On this basis we have
developed a classification framework by assigning
relevant provider and service requirements to the
target dimensions using a four level hierarchy (see
chapter 6). Finally, we defined 19 classification
criteria on the 2nd level and 51 criteria on the 3rd
level.
resources (e.g. networks, servers, storage,
applications and services) are offered in a scalable
way via the Internet without the need for any longterm capital expenditures and specific IT knowledge
on the customer side [16]. It is possible to obtain
complete software applications or the underlying IT
infrastructure in the form of virtual machine images.
Basically Cloud Computing is composed of the
characteristics above described and consists of three
levels, software as a service (SaaS), platform as a
service (PaaS) and infrastructure as a service (IaaS)
[19]. The ACT-IAC (American Council for
Technology - Industry Advisory Council) expands it
by defining security and access requirements
especially for governmental use [20].
On the infrastructure level customers have the
possibility to obtain on demand resources from a
Cloud provider with no need to operate the required
IT infrastructure. On the one hand, the customer can
extend his existing IT infrastructure by renting
additional capacity from the Cloud to compensate
load peaks, preventing the customer from having
much capacity available. On the other hand, the
complete infrastructure and respective services can
be obtained from the Cloud. This decreases the IT
maintenance effort and creates value especially for
small businesses with fluctuating demand, e.g. due to
seasonal activities. Alongside the benefits of Cloud
Computing, several challenges emerge on the
management level regarding different technological
components
and
modules,
integration
of
heterogeneous
interfaces,
usage
dependent
provisioning and billing of resources as well as
ensuring data privacy and data security [21], [22],
[23].
2. Cloud Computing basics
With Cloud Computing a paradigm shift to
standardization and service orientation in the
information and communication industry emerges
and marks the industrialization of IT [17]. Cloud
Computing allows companies to rent IT services on
demand to support their business processes. As a new
part of IT sourcing, the effort of operation and
maintenance is completely managed by the provider.
The customer only rents the service in a pay-per-use
manner like a commodity similar to the energy or
water market.
Considering the extensive usage of on demand
services, mobile applications and interactive
elements, transactions and workloads will rise
significantly and require scalable IT structures [18].
This growing acceptance will result in an increasing
demand for IT resources. At this point the Cloud
Computing model is essential. It makes on demand
network access to a shared pool of configurable
computing resources possible, that can be rapidly
provisioned and released with minimal management
effort or service provider interaction [19]. The
3. Research approach
Cloud Computing is characterized by various
factors and a common definition of this term doesn’t
exist [24], [25], [26]. Thus Cloud Computing was
examined from different perspectives (technological,
business issues, applications and general aspects)
[27]. According to this, we attempted to develop an
IaaS classification framework which would be valid
for all research fields without limitation.
Prior to the literature review seven experts were
interviewed on common objectives in Cloud
Computing. As a result four target dimensions for the
Cloud could be derived. The expert interviews were
conducted with seven experts from six companies, all
holding different positions within their companies.
Care was taken that those respondents were
representative of all perspectives (provider, customer
and mediator/consultant) being important for the
2179
selection process (see Table 1). The interviews with
the experts were structured and conducted referring
to Glaeser and Laudel [28].
Publication
type
Publisher
Journals
ACMSIG, CACM, CAIS, CompDcsn, DATABASE, DSI, DSS,
EJIS, I&M, I&O, IBMSJ, IEEEComp, IEEESw, IEEEIC,
IEEETC, IEEETKDE, IEEETrans, IEEETSE, IEEETSMC, IJEC,
IJHCS, InfoS ys, ISF, ISJ, ISM, ISR, IT&M, IT&P, JACM, JAIS,
JCIS, JComp, JCSS, JIM, JITTA, JMIS, JSIS, KBS, MISQ,
MS, SMR, WIRT
Conferences
AMCIS, ECIS, ICIS, HICSS, IEEE Conferences, LNI, LNCS,
MKWI, PACIS, WI
Associations,
Organizations,
Companies
Cloud Security Alliance (CS A), EuroCloud, Bitkom,
Bundesamt für Sicherheit in der Inform ationstechnik (BSI),
Securing Europe's Information Society (ENISA), Center for
Experimental Researchin Computer Systems (CE RCS),
Fraunhofer SIT, Distributed Managem ent Task Force
(DMTF), The European Telecommunications Standards
Institute (ETSI), National Institute of Standards and
Technology (NIST), Open Grid Forum (OGF), Object
Managem ent Group (OMG), Open Cloud Consortium (OCC),
Organization for the Advancement of Structured
Information Standards (OASIS), Storage Networking
Industry Association (SNIA), The Open Group, TM Forum,
SaaS EcoSystem, OpenCloudMani festo, Experton Group, TSystems
Table 1. Type of experts interviewed
(Expert from)
Company type
Company data
IT service provider
170.000 employees,
Global IT service
offerings, 10-15% revenue
based on Cloud
Computing, Innovative
solutions in IaaS
Government IT
service provider
300 employees
16.000 clients of the
public sector
Software provider
SME software company
11 employees
Development of
standardized components
for web-based services
Position
within
company
Director of
IaaS division
CEO
CIO
Software
architect
Consulting
company
International consulting
company, 500 consultants
worldwide, Cloud
Computing as one
consultancy topic
Partner
Customer / Client
(industry)
Automotive sector,
ca. 95.000 employees
Divisional
director IT
Customer / Client
(public /
government)
Health sector, hospital,
1.100 employees
CIO
Cloud experience
Deep understanding
of IaaS services and
infrastructure
Experience in
governmental IT
demands and Cloud
Computing
- Expert know-how
in SaaS and general
Cloud approaches - Expert knowledge
in IaaS and PaaS
especially in the
implementation
In a subsequent step, we chose topic related
papers from the selected literature sources. An initial
list of papers was generated by using key words such
as “Cloud Provider”, “Cloud Vendor”, “Cloud
Characteristics”, “Cloud Classification”, “Cloud
Selection”,
“Cloud
Taxonomy”,
“IaaS”,
“Infrastructure as a Service”, “Platform as a
Service”, “Software as a Service”, “PaaS” and
“SaaS” to search for titles, abstracts and keywords.
We only scanned the directories of the journals and
conference proceedings manually if no electronic
search was possible. Furthermore, we expanded our
scientific foundation by reviewing the citations in the
papers identified in the first cycle of literature
exploration to determine previous papers that should
be considered for an analysis in a subsequent cycle of
literature exploration.
We identified 55 papers all dealing with the
comparison of Cloud providers or at least containing
related keywords. In order to identify the final set of
publications we subjected these papers to a detailed
(content-related) review. Therefore, we manually
reviewed the papers of the initial list and selected
only those papers which primarily dealt with the
comparison of Cloud providers. Thus, 38 articles
were selected which dealt primarily with the
classification or selection of Cloud providers and
distinguishing criteria of Cloud offerings. It is
surprising that almost the entire set of finally selected
papers consists of conference papers and there is just
a small amount of high-quality journal papers
available. This probably shows that there is a lack of
research regarding the classification of Cloud
services and distinguishing criteria of Cloud
offerings.
Complementary to the literature review the
provider market of IaaS and hosting were
investigated. This analysis was based on an extensive
internet research where the websites of relevant
Current consulting
focus; Cloud market
appreciation
Experience in
selecting,
implementing and
operating IaaS
Concrete IT
demands and
requirements within
possible Cloud
scenarios
Next, in order to describe, synthesize, evaluate
and integrate the results of existing scientific work in
comparison of Cloud providers and distinguishing
criteria of Cloud offerings, we conducted a
systematic literature review following the approach
of Webster and Watson [29]. This research method
ensures that an extensive number of relevant papers
is considered. During the literature review we
attempted to match each criterion gathered to a
representative target dimension. The necessity
emerged to define two more target dimensions in
order to allocate all relevant criteria. Afterwards the
additional dimensions were discussed and evaluated
with the experts as well. The outcomes were six
target dimensions, each including a group of relevant
classification criteria.
The first step in the literature selection process
was conducted to identify a comprehensive list of
literature sources. We started off by taking the top
journals based on the VHB-JOURQUAL2 [30] and
Saunders’s journal ranking [31]. To complete the
analysis, publications of renowned national and
international organizations and associations (e.g.
Bitkom) were included. Table 2 lists all literature
sources that were examined to identify relevant
papers.
Table 2. Journals and conferences investigated for
the literature review
2180
companies were examined regarding their pricing
model, IaaS service offering, company data and
customer segment. By means of market studies and
business publications on the Cloud market we
detected over 60 relevant providers in the IaaS and
hosting business [12], [32], [33]. Based on this
analysis we compiled a feature catalog for IaaS
providers.
In order to develop a detailed proposal for an IaaS
classification framework the target dimensions
including the related criteria from the literature
review were matched with the features of the
provider catalog supported by the experts. Thereby, a
design-oriented approach was used.
Finally, the target dimensions were weighted by
30 IT managers and CIOs from over 25 different
companies and governments [13]. The respondents
were selected in the same way the experts were
chosen. 45% of the respondents work in the internal
IT or business department (customer’s perspective),
37% represent IT service providers or software
companies (provider’s perspective) and 18% offering
consulting
services
(mediator’s/consultant’s
perspective). The surveyed companies range from
small (1-199 employees) over medium (200-5000
employees) to large firms (> 5000 employees),
covering various sectors (et al. finance, insurance,
telecommunications,
commerce,
automotive,
government).
performance criteria of Cloud providers. Also
relevant is the IT security but not as important as the
other dimensions. Largely unnoticed is the service
and Cloud management which deals with
characteristics and challenges on the operative level.
Both, researchers and companies, take into
consideration the flexibility opportunities.
Table 3. Results of the literature review
IT Security &
Compliance
Service & Cloud
Management
Source
Reliability &
Trusttworthines
Scope &
Performance
Costs
Flexibility
Target
Dimension
30
29
14
27
18
Academic Publications
Günther et al. (2001)
Hilley (2009)
Hoefer and
Karagiannis (2010)
Li et al. (2010)
Prodan and Ostermann
(2009)
Annecy (2010)
Vaquero et al. (2009)
Peng et al. (2009)
Weinhardt et al. (2009)
Hay et al. (2011)
Martens et al. (2010)
(2011)
Christmann et al.
(2010)
Tsvihun et al. (2010)
Armbrust et al. (2010)
Iyer und Henderson
(2010)
Anandasivam and
Premm (2009)
Lehmann et al. (2009)
Rimal et al. (2009)
Schwarz et al. (2009)
4. Target dimensions in Cloud Computing
Talukder et al. (2010)
Koehler et al. (2010)
(2010)
In this contribution six target dimensions - such as
cost savings or increasing flexibility - were defined to
group and structure the Cloud characteristics. Each
target dimension represents a general objective which
the customer pursues and which characterizes his
Cloud or IT strategy. Four target dimensions (costs,
IT security & compliance, scope & performance,
reliability & trustworthiness) were defined together
with the experts prior to our analysis. Through our
literature review and market research we validated
these four dimensions and simultaneously discovered
two additional dimensions (flexibility, service &
Cloud management), which were evaluated
subsequently by the experts as well.
Table 3 shows the relevant sources assigned to
these target dimensions. In this context we
discovered that practitioners mainly deal with
questions
about
security,
reliability
and
manageability of Cloud Computing. However, the
performance as well as the cost/price models have
remained largely unnoticed so far. Scientific
approaches contrary to industry activity are exploring
mostly effects on flexibility, emerging costs and
Saya et al. (2010)
Narasimhan et al.
(2011)
Russell et al. (2010)
Popularity
36
41
35
Industry Publications
BITKOM (2010)
BSI (2010)
EuroCloud (2010)
ENISA (2009)
CSA (2009)
SaaS EcoSystem
(2011)
DMTF (2009) (2010)
OpenCloudManifesto
(2009)
T-Systems (2008)
Experton Group (2010)
The Open Group
(2009)
Popularity
Low priority
21
6
1
24
Average priority
High priority
4.1. Target dimension: flexibility
A relative advantage of Cloud Computing,
identified in science and industry, is the gain in
flexibility compared to traditional solutions [24].
Flexibility describes the ability to respond quickly to
changing capacity requirements. Resources, for
2181
4.5. Target dimension: reliability &
trustworthiness
instance, can be allocated and de-allocated as
required, whereas requirements can sometimes vary
greatly. Also the provisioning time is shorter
compared to traditional outsourcing such as
Application Service Provider (ASP) and comes with
short duration of the contract with the vendor [10].
Besides, other aspects such as standardization (e.g.
APIs), the traceability of data, the short-term
contracts or a demand driven and scalable resource
recovery have to be considered.
This target dimension is responsible for ensuring
the obtained services are up and available for use
according to the conditions of the Service Level
Agreements (SLAs) [36]. The commitment by the
provider, especially the guaranteed availability, is
very important. Moreover, the reliability which these
commitments are kept with is of great importance. In
contrast to the commitment the trustworthiness
describes the provider's infrastructural features,
which may be the evidence of a high reliability.
These include disaster recovery, redundant sites or
certifications.
4.2. Target dimension: costs
The decision to choose Cloud Computing and a
particular provider is often guided by monetary
considerations and linked with the slogan "pay-asyou-use" [34]. Customers who decide to use Cloud
services mostly benefit by small capital commitment,
low acquisition costs for required servers, licenses or
necessary hardware space and reduced complexity of
IT operations. Despite similar services on the IaaS
level the pricing and billing models often
differentiate between each provider [13].
4.6. Target dimension: service & Cloud
management
The service & Cloud management includes
features of the provider that are substantial for
appropriate Cloud service operations. These include
the offered support and functions for controlling and
monitoring as well as the individualization of the web
interface [26]. The manageability (usability) of
services, especially in a distributed IT architecture,
and the Cloud governance, dealing with requirements
and responsibilities by the customer, are essential
features of this target dimension.
4.3. Target dimension: scope & performance
This target dimension describes the scope of
services and the performance of a Cloud provider. To
select the appropriate provider which meets the
requirements best, knowledge about their service and
performance is of crucial importance [15]. Hence it is
essential to consider features regarding performance
(latency or transaction speed), capacity limits (e.g.
maximum number of accounts or storage space),
service complexity (how many functions are
available) and degree of customization (to which
extent the service can be adapted).
5. Target dimension relevance
Each target dimension consists of different positive or negative correlated - classification criteria.
Depending on the use case and customer strategy at
least one target dimension has to be chosen as the
starting point for a provider classification and as
many relevant and available criteria as possible
should be considered. Currently the impact of Cloud
Computing regarding the IT infrastructure is
discussed extensively among IT managers [10], [37].
Most of the IT managers (over 70%) interviewed are
planning to obtain services from the Cloud [10], [13].
Besides, the customer’s need for standardization and
uniform service interfaces in the Cloud, the
transparency of the Cloud providers and their
services are strongly requested [13].
On the basis of 30 IT managers surveyed the six
developed target dimensions were weighted. The
results are shown in Figure 1. Around 83% of the IT
managers attach high importance to the “IT Security
and Compliance” in the Cloud. Over 53% rated the
“Reliability and Trustworthiness” dimension as the
second most important one. The result of the
4.4. Target dimension: IT security &
compliance
The decision on selecting a provider in the Cloud
is often influenced by company and government
requirements in the areas of security, compliance and
privacy [14], [23] [35], [36]. Both companies and
governments have to be certain that their data and
applications, even operated in the Cloud, meet both
compliance guidelines required and are adequately
protected against unauthorized access. That is why
the decision criteria are rather referring to the
infrastructure of the provider itself than on the
service provided.
2182
weighted dimensions reflects the common sense of
Cloud topics [22], [23], [38]. The dimensions “Scope
& Performance” and “Service & Cloud
Management” are relatively unimportant compared to
the other four dimensions. One explanation could be
a low relevance of these two dimensions for the
management level or that they are not directly related
to strategic objectives. Based on the expert interviews
we assume that the IT department and responsible
operators are more interested in these dimensions.
Especially if service requirements are defined which
require a certain performance level.
unimportant (1)
Target dimension: Flexibility
2
4
0%
2
3
4
11
10%
20%
30%
40%
30%
40%
in our opinion the services are particularly convenient
due to a certain degree of consistency. With the
purpose of developing a classification framework we
summarized and mapped similar characteristics and
requirements regarding their target dimension into
four hierarchical levels (see Figure 2). Thereby,
abstract and operational classification criteria were
identified. The abstract classification criteria are used
for further structuring and differentiation purposes.
On the third level of the classification scheme criteria
have been operationalized, so that they can be
weighted and compared (e.g. pricing options,
delivery time). The level below finally defines
figures and measurable requirements (key
performance indicators KPIs). Each operative
criterion (3rd level) consists of various 4th level
requirements. Furthermore, the requirements can be
divided into provider requirements and service
requirements (see Figure 2). Provider requirements
describe the features of the Cloud provider
independently from any service, e.g. existing
certifications, IT infrastructure characteristics or key
figures of the company. Service requirements in
contrast deal with characteristics directly referring to
the usage of a service, e.g. service availability,
scalability or interface features.
Classification scheme example: The target
dimension “Flexibility” (1st level) consists of “service
dynamics” among other things, an abstract
classification criterion (2nd level) which is
characterized through the provisioning time (3rd
level). The “provisioning time” is measured among
other things by the required time to start up an
instance (4th level; KPI). For instance, if the
deployment time is less than five minutes, the
provisioning time is rated as low, assuming the other
requirements will be rated similarly.
very important (5)
13
50%
60%
70%
80%
90%
100%
50%
60%
70%
80%
90%
100%
60%
70%
80%
90%
100%
60%
70%
80%
90%
100%
60%
70%
80%
90%
100%
60%
70%
80%
90%
100%
Target dimension: Costs
1
5
0%
14
10%
20%
10
Target dimension: Scope & Performance
1
8
0%
10%
12
20%
30%
40%
50%
9
Target dimension: IT Security & Compliance
3
0%
2
25
10%
20%
30%
40%
50%
Target dimension: Reliability & Trustwothiness
1
0%
3
10
10%
20%
30%
16
40%
50%
Target dimension: Service & Cloud Management
9
0%
10%
13
20%
30%
40%
50%
8
Figure 1. Relevance of target dimensions (survey
results)
6. Classification framework for
Infrastructure as a Service (IaaS)
The aim of this paper is to develop a framework
for supporting a Cloud provider or service
classification on the infrastructure level. The
framework may help companies in their selection
process and creates a greater transparency in the
Cloud market. For that purpose, different target
dimensions were elaborated (see chapter 4). These
dimensions cover the Cloud Computing in its entirety
and aren’t limited to one level (SaaS, PaaS, IaaS).
Next, these dimensions have to be broken down into
classification criteria that are measureable and
comparable. Based on the fact that all three Cloud
levels target different customer needs it wasn’t
possible to define classification criteria valid for all
levels at once. At this point we limited our
examination to the infrastructure level (IaaS) because
1st level
target dimensions
2nd level
general objectives of
Cloud Computing (customer objectives)
abstract classification
criteria
3rd level
specific classification of
Infrastructure as a Service
(provider criteria)
operative
classification criteria
service requirements
4th level
requirements / KPI
provider requirements
Figure 2. Classification scheme
The result of this paper is a classification
framework with six target dimensions, 19 abstract
classification criteria (2nd level) and 53 operative
classification criteria (3rd level) (see Figure 3).
2183
Target dimension: Flexibility
Target dimension: IT Security & Compliance
Target dimension: Reliability and Trustworthiness
interoperability & portability
automatization degree
standardization
resource provisioning
reliability
disaster recovery
redundancy
(datacenter)
service dynamics
provisioning time
contract length
set-up time
scalability
trustworthiness
redundancy
(network)
provider
reporting
provider
profile
service
transparency
auditing
data center security
network security
hardware security
connection security
software security
connection
opportunities
IT compliance
service level agreements
availability
instance customizing
liability and
penalties
Resources
guarantee
data security
datacenter location
data privacy
access security
Target dimension: Scope & Performance
service characteristics
instance type
network access
service configuration
hardware
add-on services
messaging
service
Virtual private
Cloud
server type
processor type
performance
storage service
computing time
database service
connection bandwidth
instance capacity
network service
Target dimension: Service & Cloud Management
Target dimension: Costs
incident and service management
web portal
service operations
price class
contact and consulting services
usability
price level
time of payment
support
customizing options
system management /
self services
price resilience
payment method
reporting and
monitoring
payment
price transparency
service charging
assessment basis
cost transparency
charging type
charging
granularity
Figure 3. Classification framework for IaaS
In the following, the classification criteria of the
framework related to the target dimensions will be
explained briefly. The KPIs were intentionally not
discussed due to the generic claim of our framework.
For classification purposes the three classification
levels (target dimension, abstract and operative
criteria) are sufficient and make a general provider
assessment possible.
interaction. The user is able to configure the settings
like maximum budget or latency in advance. These
presets will be considered during the operation and
automatically be executed by the system (e.g. boot up
a virtual instance, installing regularly updates).
Service dynamics. On the one hand, it
represents the commitment between the customer and
the provider (contract length) and on the other hand,
it comprises all features regarding the flexibility of
service use, like provisioning time or the number of
simultaneously
operated
virtual
instances
(scalability). Service dynamics criteria can help
government agencies which are in various stages of
development and are looking for ways to improve
their service provisioning [42].
The target dimension “flexibility” is divided into
three abstract classification criteria: “interoperability
& portability”, “automatization degree” and “service
dynamics”:
Interoperability and portability. This criterion
describes how easily Cloud services can be integrated
into an existing IT landscape. The provision of an
application programming interface (API) and the
communication via standard protocols like REST
(Representational State Transfer) or SOAP (Simple
Object Access Protocol) are necessary for
interoperability [26], [39]. Also virtualization formats,
standardized management interfaces and data export
schemes are of high relevance. Especially for eGovernment the interoperability becomes the most
important [7],[16]. Due to many different agencies
and heterogeneous IT landscapes in the public sector
the shift to standardized services via Cloud can offer
new opportunities for the government [40],[41].
Public sector information management is clearly
dominated by a “silo” model where most government
organizations
operating
largely
stand-alone
information systems [41].
Automatization degree. The automatization
degree characterizes the capability to control and
manage Cloud services without the need of manual
The target dimension “Costs” consists of three
abstract classification criteria: “price class”,
“payment” and “service charging”:
Price class. This classification criterion includes
all factors affecting the resulting costs directly, like
the actual price level. Even the provided information
about price options and resilience belongs to this
criterion. The price class and the interrelated costs are
one of the prime challenges in e-Government systems
[43]. Governments pay too much for ICT and realize
fewer benefits than they could due to
“overprotection” of budgets/resources or inadequate
design of funding and governance arrangements [41].
On the other side governments can achieve cost
savings due to lower operations cost when they
thoughtful migrate into the Cloud [44]
Payment. The payment opportunities are
subsumed including the possible payment method of
2184
a credit card or bank transfer and the time of payment
(pre-paid or post-paid).
Service charging. How the service is charged
(pay-per-use or subscription fee [45]) and which level
of granularity is priced (e.g. 1 MB, 100 MB or 1 GB
steps) are elements of this classification criterion.
medium enterprises have to cope with highly
formalized and slow process structures, which make
it necessary to rely on a trustworthy provider
regarding confidentiality and consistency.
Service level agreements. This criterion focuses
on the commitments the provider makes and which
efforts are guaranteed in form of SLAs (e.g.
availability of 99,995%).
The target dimension “IT security &
compliance” is composed of three abstract
classification criteria: “data center security”,
“network security” and “IT compliance”:
Data center security. The provided security
regarding to the data center is independent from the
Cloud services the customer uses and represents a
classification criterion referring only to the provider.
It includes building protection, access control, virus
protection or intrusion detection.
Network security. This criterion only refers to
the provided infrastructure. Especially the
communication protection via SSL, dedicated
firewall or virtual private network (VPN) is relevant.
IT compliance. Existing requirements for
privacy (encryption of data) and compliance (e.g.
location of data center) characterize this criterion.
Even standards, identity management and other data
privacy requirements are considered. Like the other
two criteria this one specifies only provider
requirements as well. It is not unusually that
especially in the public sector the authority has to
deal with stricter limitations and statutory
requirements.
The target dimension “scope & performance”
consists of four abstract classification criteria:
“service characteristics”, “hardware”, “add-on
services” and “performance”:
Hardware. The processor type (32 or 64 bit),
hardware based functionalities like sleep mode and
the server type (dedicated server or shared instances)
represent this abstract classification criterion.
Service characteristics. This criterion describes
relevant service features. These include predefined
templates, range of available operating systems,
customizing opportunities or their own static IP
addresses.
Add-on services. Additionally bookable services
like storage, database, messaging or the possibility to
obtain a virtual private Cloud. A virtual private
Cloud, for instance, is an isolated section within the
public Cloud with a wide range of individual network
setting options.
Performance.
This
criterion
describes
performance limits like the max. CPU, RAM, hard
drive space, transfer volumes and transfer speed as
well as the actual computing time needed to solve
required tasks. Even the latency or the quality of
service belongs to this criterion.
The
target
dimension
“reliability
&
trustworthiness” is divided in three abstract
classification criteria: “reliability”, “trustworthiness”
and “service level agreements”:
Reliability. This criterion describes the
probability that service commitments and promises
can be met by the provider. Based on indicators like a
provided disaster recovery plan, redundant data
center locations or accessibility to several internet
service providers the degree of reliability can be
defined. Data specific to the individual is of high
priority for safety measures. Governments can benefit
from accurate backup cycles, snapshot concepts and
strong redundancy system (various data centers and
network connections from different internet service
providers) which can enhance existing e-Government
systems and services.
Trustworthiness. Trustworthiness describing
the provider, its infrastructure and its business
activities, including performance and service
transparency (e.g. reports, service description),
market experience, the number of customers or the
annual revenue. Governments compared to small and
The target dimension “service & cloud
management” can be differentiated according to three
abstract classification criteria: “incident & service
management”, “service operations” and “web
portal”:
Incident & service management. This criterion
considers all facts regarding support and customer
service, e.g. what support is offered and under which
conditions.
Service operations. All activities necessary to
control and manage the obtained Cloud services are
subsumed in this criterion, e.g. monitoring of
services, volume control via APIs, update and release
management or reporting functionality. In eGovernment system the replacement and updating of
all the involved software and hardware are very much
required and moreover maintaining datacenter in
every city is very big challenges [43].
Web portal. This criterion is not easy to
measure but it refers to the usability and adaptability
2185
of the surface of the web portal the user interacts
with.
comparison
and
assist
governments
with
transformation into the cloud.
Future research could concentrate on the
classification requirements (KPIs) of our framework.
These KPIs can serve for applications as decision
parameters to enable a dynamic resource allocation or
a mostly automatic provider selection based on predefined customer objectives. Furthermore a
weighting should be implemented to differ between
diverse government’s areas and departments. Future
research will aim at testing the framework in a real
case study in the area of governments.
Based on the presented 3-level criteria
framework it is possible to assess different providers
and examine the best correlation between customer’s
target dimension and provider characteristics. All
criteria (abstract and operative) are mostly “soft”
non-measurable factors and applicable for common
use (e.g. private companies, governments). The
framework doesn’t claim to find the best Cloud
provider, because this may only be possible with
weighted criteria and measurable KPIs. But the
framework offers a structure and basis for a selection
and decision process. The organization itself must
define individual specifications and limitations
according to the presented framework. The KPI-level
is not mandatory for using the framework but it might
provide a more detailed way for measuring and
benchmarking Cloud providers.
8. References
[1]
[2]
7. Conclusion and future research
[3]
The presented framework supports governments
as well as companies in classifying Cloud providers
and considering relevant requirements depending on
their own strategy. From our point of view, by means
of this framework, companies and governments are
able to support their decision process and simplify
the provider comparison. The classification criteria of
our framework can be taken as a decision basis and
simultaneously help by operationalizing the
objectives related with the cloud migration. As an
important advantage of our approach regarding
public administration application spaces is that it can
be used to create concrete Cloud procurement
processes, refine Cloud strategies or develop
migration requirements. Furthermore for the specific
area of government a lot more dimensions than costs
and security are relevant. We addressed this through
our approach with six target dimensions, 19 abstract
classification criteria (2nd level), 51 operative
classification criteria (3rd level) and much more KPIs.
On first sight this wide range could be a disadvantage
against other approaches. But we believe that
especially in the area of e-Government this level of
detail is of great relevance. Furthermore, several
barriers in the cloud market are lowered and more
transparency is achieved by the classification
framework. For now our framework is limited to the
infrastructure level and will be extended to the PaaS
and SaaS level as well. We believe that the developed
and evaluated IaaS classification framework is fit to
provide first insights into the cloud provider
[4]
[5]
[6]
[7]
[8]
[9]
2186
Clemons, E.K., Chen, Y., “Making the Decision to
Contract for Cloud Services: Managing the Risk of
an Extreme Form of IT Outsourcing,” Proceedings
of the 44th Hawaii International Conference on
System Sciences, 2011.
Wyld, D.C., “The Cloudy Future Of Government IT:
Cloud Computing and the Public Sector around the
World,” International Journal of Web & Semantic
Technology (IJWesT), Vol 1, Num 1, January 2010.
Kundra, V., “Federal Cloud Computing Strategy,”
position paper of the CIO of the U.S. government,
2011.
http://www.cio.gov/documents/FederalCloud-Computing-Strategy.pdf
Ministry of Internal Affairs and Communications,
“Digital Japan Creation Project (ICT Hatoyama
Plan),“ Japan’s Ministry of Internal Affairs and
Communications,
2009.
http://www.soumu.go.jp/main
sosiki/joho_tsusin/eng/Releases/Topics/pdf/090406_
1.pdf
Wyld, D.C, “Moving to the Cloud: An Introduction
to Cloud Computing in Government,” EGovernment Series, IBM Center for the Business of
Government, 2009.
United Nation Department of Economic and Social
Affairs, Division for Public Administration and
Development Management,” UN E-Government
Survey 2010: Leveraging e-government at a time of
financial and economic crisis, “ New York, 2010.
Available
at:
http://unpan1.un.org/intradoc/groups/public/docume
nts/un/unpan038851.pdf
Lampathaki, F., Kroustalias, N., Koussouris, S.,
Charalabidis, Y., Psarras, J., “Implementing
Interoperability
Infrastructures:
Issues
and
Challenges from the Citizens’ Base Registry in
Greece,” Proceedings of the 43rd Hawaii
International Conference on System Sciences, 2010.
Lee, S. M., Tan, X. and Trimi, S. “Current Practices
of
leading
E-government
countries”,
Communications of the ACM, 2005, 48(10), pp. 99104.
Weerakkody, V. and Dhillon, G. “Moving from EGovernment to T-Government: A Study of
Process Reengineering Challenges in a UK Local
Authority Context”, International Journal of
Electronic Government Research, 2008, 4(4), pp. 116.
[10] J.
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
Repschlaeger, and R. Zarnekow, „Cloud
Computing in der IKT-Branche: Status-quo und
Entwicklung des Cloud Sourcing von KMUs in der
Informations- und Kommunikationsbranche in der
Region Berlin Brandenburg,“ survey by the
informations and communication chair from the
technical university Berlin in cooperation with
Verband der Software-, Informations- und
Kommunikations-Industrie
in
Berlin
and
Brandenburg (SIBB e.V.), 2011.
C.N. Hoefer, and G. Karagiannis, “Taxonomy of
cloud computing services,” IEEE Globecom 2010
Workshop on Enabling the Future Service-Oriented
Internet, 2010.
Experton Group, „Cloud Vendor Benchmark 2010
Cloud Computing Anbieter im Vergleich
Deutschland,“ C. Velton and S. Janata, Experton
Group AG, 2010.
J. Repschlaeger, and R. Zarnekow, „Umfrage zur
Anbieterauswahl und Markttransparenz in der
Cloud,“ survey from the technical university Berlin
within the IT Operations Day, 2011.
D. Catteddu, and G. Hogben, “Cloud Computing Benefits, risks and recommendations for information
security,” European Network and Information
Security Agency (ENISA), 2009.
M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.H.
Katz, A. Konwinski, G. Lee, D.A. Patterson, A.
Rabkin, I. Stoica, and M. Zaharia, “Above the
Clouds: A Berkeley View of Cloud Computing,”
UC Berkeley Reliable Adaptive Distributed Systems
Laboratory, 2009.
Cellary, W., Strykowski, S., “E-Government Based
on Cloud Computing and Service-Oriented
Architecture,” The 3rd International Conference on
Theory and Practice of Electronic Governance
(ICEGOV), 2009.
S. Leimeister, M. Böhm, C. Riedl, and H. Krcmar,
“The Business Perspective of Cloud Computing:
Actors, Roles, And Value Networks,” 18th
European Conference on Information Systems
ECIS, 2010.
G. Lackermair, S. Strahringer, and P. Mandl,
“Dynamically Scalable Architectures for ECommerce;” MKWI 2010 – E-Commerce und EBusiness, 2010.
T. Grance, and P. Mell, “The NIST definition of
Cloud Computing,” National Institute of Standards
and Technology (NIST), 2009.
American Council for Technology (ACT) Industry
Advisory Council (IAC), “Cloud Computing
Security Considerations and Recommendations Usage Scenario: Software as a Service (SaaS)
Electronic Mail,” Cloud Computing Security
Working Group of the ACT-IAC Pacific, 2011.
B. Iyer, and J.C. Henderson, “Preparing for the
future: Understanding the seven capabilities of
Cloud Computing,” MIS Quarterly Executive Vol.
9, No. 2, 2010.
BITKOM „Cloud Computing – Was Entscheider
wissen müssen,“ BITKOM Leitfaden, 2010.
Cloud Security Alliance, “Security Guidance for
Critical Areas of Focus in Cloud Computing V2.1,”
Cloud Security Alliance (CSA), 2009.
C. Weinhardt, A. Anandasivam, B. Blau, N.
Borissov, T. Meinl, W. Michalk, and J. Stößer,
„Cloud-Computing
–
Eine
Abgrenzung,
[25]
[26]
[27]
[28]
[29]
[30]
[31]
[32]
[33]
[34]
[35]
[36]
[37]
[38]
[39]
[40]
[41]
2187
Geschäftsmodelle
und
Forschungsgebiete,“
Wirtschaftsinformatik, No. 5:453-462, 2009.
L. Wang, and G.v. Laszewski, “Scientific Cloud
Computing: Early Definition and Experience,” in
IEEE
International
Conference
on
High
Performance Computing and Communications,
Dalian, China, 2008.
L.M. Vaquero, L.M. Merino, J. Caceres, and M.
Lindner, “A Break in the Clouds: Towards a Cloud
Definition,”
ACM
SIGCOMM
Computer
Communication Review Volume 39, Nr. 1, 2009.
H. Yang, and M. Tate, “Where are we at with Cloud
Computing?: A Descriptive Literature Review,” 20.
Australasian Conference on Information Systems,
2009.
J. Glaeser, and G. Laudel, „Experteninterviews und
qualitative
Inhaltsanalyse:
als
Instrumente
rekonstruierender Untersuchungen,“ Vs Verlag; 4.
Auflage., 2010.
J. Webster, and R.T. Watson, “Analyzing the past to
prepare for the future: Writing a literature review,”
MIS Quarterly, 26(2):13–2, 2002.
U.
Schrader,
and
T.
Hennig-Thurau,
“VHBJOURQUAL2,” Business Research 2(2):180–
204, 2009.
C. Saunders, „MIS Journal rankings,“ 2009.
L. Leong, and T. Chamberlin, „Magic Quadrant for
Cloud Infrastructure as a Service and Web Hosting“.
Gartner RAS Core Research, December 2010.
D.J. Hoch, and U. Freking, „Cloud Computing, SaaS
und SOA als Bausteine im Outsourcing der
Zukunft,“ McKinsey on the 7. Entscheiderforum
Outsourcing Bad Homburg v.d.Höhe, November
2009.
D. Hilley, “Cloud Computing: A Taxonomy of
Platform and Infrastructure-level Offerings,”
CERCS Technical Report, 2009.
I. Tsvihun, P. Stephanow, and W. Streitberger,
„Vergleich der Sicherheit traditioneller IT-Systeme
und Public Cloud Computing Systeme,“ FraunhoferInstitut für sichere Informationstechnologie (SIT),
2010.
P.T. Jaeger, J. Lin, J.M. Grimes, “Cloud Computing
and Information Policy: Computing in a Policy
Cloud?,” Journal of Information Technology &
Politics, Vol. 5(3), 2008.
B. Martens, F. Teuteberg, and M. Gräuler, “Design
and Implementation of a Community Platform for
the Evaluation and Selection of Cloud Computing
Services: A Market Analysis,” in Proceedings of the
19th European Conference on Information Systems,
Helsinki, 2011.
IDC “Cloud Computing und Services – Status quo
und Trends in Deutschland,” IDC Central Europe
GmbH, 2009.
R. Buyya, C.S. Yeo, S. Venugopal, J. Broberg, and
I. Brandic, “Cloud computing and emerging IT
platforms: Vision, hype, and reality for delivering
computing as the 5th utility,” Future Generation
Computer Systems, Vol 25:599-616, 2009.
Zhang, W., Chen, Q., “From E-government to Cgovernment via Cloud Computing,” International
Conference on E-Business and E-Government
(ICEE), 2010.
Craig, R.; Frazier, J.; Jacknis, N,; Murphy, S.;
Purcell, C.; Spencer, P.; Stanley, J.D., “Cloud
[42]
[43]
[44]
[45]
[46]
[47]
[48]
[49]
[50]
[51]
[52]
[53]
[54]
[55]
[56]
[57]
[58]
Computing in the Public Sector: Public Manager’s
Guide to Evaluating and Adopting Cloud
Computing,” CISCO Whitepaper, 2009.
Janssen, M., Joha, A., “Challenges for Adopting
Cloud-based Software as a Service (SaaS) in the
Public Sector,” ECIS 2011 Proceedings, 2011.
Pokharel, M., Park, J.S., “Cloud Computing: Future
solution for e-Governance,” ICEGOV '09
Proceedings of the 3rd international conference on
Theory and practice of electronic governance, New
York, 2009.
West, Darrell M.: Saving Money Through Cloud
Computing. Governance Studies, The Brookings
Institution, April 2010.
A. Anandasivam, and M. Premm, “Bid price control
and dynamic pricing in Clouds,” in Proceedings of
the European Conference on Information Systems,
Verona, Italy, 2009.
M. Annecy, “XaaS Check 2010 Status Quo und
Trends im Cloud Computing,” S.A.R.L. Martin,
Forschungsgruppe
Service-oriented
Computing,Technische Universität Darmstadt und
IT Research, 2010.
The Open Group, “Cloud Computing Business
Scenario Workshop,” T. Blevins, D. Lounsbury, M.
Kirk, and C. Harding, Report published by the Open
Group, August 2009.
BSI „BSI-Mindestsicherheitsanforderungen
an
Cloud-Computing-Anbieter,“
Bundesamt
für
Sicherheit in der Informationstechnik, 2010.
S. Christmann, H. Hilpert, M. Thöne, S. Hagenhoff,
“Datensicherheit und Datenschutz im Cloud
Computing – Risiken und Kriterien zur
Anbieterauswahl,“
HMDPraxis
der
Wirtschaftsinformatik, Heft 275, Oktober 2010,
S.62-70.
Distributed Management Task Force (DMTF)
“Interoperable Clouds,” Whitepaper from the Open
Cloud Standards Incubator, 2009.
Distributed Management Task Force (DMTF)
“Architecture of Managing Clouds,” Whitepaper
from the Open Cloud Standards Incubator, 2010.
EuroCloud “Cloud Computing, Recht, Datenschutz
& Compliance,” Leitfaden des EuroCloud
Deutschland_eco e. V., 2010.
O. Günther, G. Tamm, L. Hansen, and T. Meseg,
“Application Service Providers: Angebot, Nachfrage
und
langfristige
Perspektiven,”
Wirtschaftsinformatik, No. 6, 2001.
B. Hay, K. Nance, and M. Bishop, “Storm Clouds
Rising: Security Challenges for IaaS Cloud
Computing,” Proceedings of the 44th Hawaii
International Conference on System Sciences, 2011.
P. Koehler, A. Anandasivam, M.A. Dan, C.
Weinhardt, „Customer heterogeneity and tariffs
biases in Cloud Computing“, ICIS, 2010.
P. Koehler, A. Anandasivam, M.A. Dan, C.
Weinhardt, „Cloud Services from a Consumer
Perspective“, AMCIS, 2010.
S. Lehmann, and P. Buxmann, “Pricing Strategies of
Software Vendors,” Business Information Systems
Engineering (1:6), pp. 452-462, 2009.
A. Li, X. Yang, S. Kandula, and M. Zhang,
“CloudCmp: Comparing Public Cloud Providers,”
Internet Measurement Conference, 2010.
[59] B.
[60]
[61]
[62]
[63]
[64]
[65]
[66]
[67]
[68]
[69]
[70]
2188
Martens, F. Teuteberg, and M. Gräuler,
„Datenbank und Reifegradmodell für die Auswahl
und Bewertung von Cloud-Computing-Services,“
HMD-Praxis der Wirtschaftsinformatik, Heft 275,
S.52-61, 2010.
B.Narasimhan, and R. Nichols, “State of Cloud
Applications and Platforms: The Cloud Adopters'
View”, Journal Computer, Vol.44:3, 2011.
Opencloudmanifesto.org „Open Cloud Manifesto Dedicated to the belief that the cloud should be
open,” www.opencloudmanifesto.org, 2009.
J. Peng, X. Zhang, Z. Lei, B. Zhang, W. Zhang, and
Q. Li, “Comparison of Several Cloud Computing
Platforms,” Second International Symposium on
Information Science and Engineering, IEEE, 2009.
R. Prodan, and S. Ostermann, “A Survey and
Taxonomy of Infrastructure as a Service and Web
Hosting Cloud Providers,” IEEE/ACM International
Conference on Grid Computing, 2009.
B. Rimal, E. Choi, and I. Lumb, “A Taxonomy and
Survey of Cloud Computing Systems,” Fifth
International Joint Conference on INC, IMS and
IDC, IEEE, 2009.
S. Russell, V. Yoon, and G. Forgionne, “Cloudbased decision support systems and availability
context: the probability of successful decision
outcomes”, Information Systems and eBusiness
Management, Vol.8, Iss. 3, p.189-205, 2010.
SaaS-EcoSystem “SaaS-EcoSystem Check-Liste,”
SaaS-EcoSystem
e.
V.,
2011.
http://www.saasecosystem.org/trust-incloud/checkliste/, visited: 2011/04/19.
S. Saya, L.G. Pee, and A. Kankanhalli, “The impact
of
insitutional
influrences
on
perceived
technological characteristics and real options in
Cloud Computing adoption”, ICIS, 2010.
Schwarz, A., Jayatilaka, B. Hirschheim, R. and
Goles, T., “A Conjoint Approach to Understanding
IT Application Services Outsourcing,” Journal of the
Association for Information Systems, Vol. 10: Iss.
10, Article 1, 2010.
A.K. Talukder, L. Zimmerman, and H.A. Prahalad,
“Cloud Economics: Principles, Costs, and Benefits,”
in Cloud Computing: Principles, Systems and
Applications, N. Antonopoulos and L. Gillam (eds.),
Springer-Verlag London, pp. 343-360, 2010.
T-Systems „White Paper Cloud Computing.
Alternative sourcing strategy for business ICT,” TSystems Enterprise Services GmbH, 2008.