A guide to implementing cloud services

The Australian Government’s policy on cloud computing is that agencies may choose to use cloud computing services where they provide value for money and adequate security, as stated in the April 2011 Australian Government Cloud Computing Strategic Direction Paper1 (the Strategic Direction Paper).   Readers new to cloud computing should read the Strategic Direction Paper which provides an introduction to cloud computing, a definition and an overview of its associated risks and benefits as they apply to Australian Government agencies. The guide supports the Strategic Direction Paper and provides an overarching risk-based approach for agencies to develop an organisational cloud strategy and implement cloud-based services. It is designed as an aid for experienced business strategists, architects, project managers, business analysts and IT staff to realise the benefits of cloud computing technology while managing risks

Review of the environmental and organisational implications of cloud computing: final report.

Cloud computing – where elastic computing resources are delivered over the Internet by external service providers – is generating significant interest within HE and FE. In the cloud computing business model, organisations or individuals contract with a cloud computing service provider on a pay-per-use basis to access data centres, application software or web services from any location. This provides an elasticity of provision which the customer can scale up or down to meet demand. This form of utility computing potentially opens up a new paradigm in the provision of IT to support administrative and educational functions within HE and FE. Further, the economies of scale and increasingly energy efficient data centre technologies which underpin cloud services means that cloud solutions may also have a positive impact on carbon footprints. In response to the growing interest in cloud computing within UK HE and FE, JISC commissioned the University of Strathclyde to undertake a Review of the Environmental and Organisational Implications of Cloud Computing in Higher and Further Education [19]

Role assigning and taking in cloud computing

The widespread use of cloud computing (CC) has brought to the forefront information technology (IT) governance issues, rendering the lack of expertise in handling CC-based IT controls a major challenge for business enterprises and other societal organizations. In the cloud-computing context, this study identifies and ranks the determinants of role assigning and taking by IT people. The study’s integrative research links CC and IT governance to humane arrangements, as it validates and ranks role assigning and taking components through in-depth interviews with twelve IT decision-makers and forty-four Information Systems Audit and Control Association (ISACA) members, engaged as panelists in a Delphi technique implementation. The empirical results recognize skills and competencies as prioritized determinants of IT controls, while IT security, risk and compliance emerge as capabilities crucial to evaluate and manage CC service providers. Despite the study’s generalizability limitations, its findings highlight future research paths and provide practical guidelines toward the high technology of open-market IT self-governance. The latter entails the humane flows of collegial control and responsibility, as opposed to the inhumane flows of authority and power, under the sequestered technique of the bureaucratically-hierarchized IT hetero-governanc

A Reference Model to Support Risk Identification in Cloud Networks

The rising adoption of cloud computing and increasing interconnections among its actors lead to the emergence of network-like structures and new associated risks. A major obstacle for addressing these risks is the lack of transparency concerning the underlying network structure and the dissemination of risks therein. Existing research does not consider the risk perspective in a cloud network’s context. We address this research gap with the construction of a reference model that can display such networks and therefore supports risk identification. We evaluate the reference model through real-world examples and interviews with industry experts and demonstrate its applicability. The model provides a better understanding of cloud networks and causalities between related risks. These insights can be used to develop appropriate risk management strategies in cloud networks. The reference model sets a basis for future risk quantification approaches as well as for the design of (IT) tools for risk analysis

IT controls in the public cloud : success factors for allocation of roles and responsibilities

The rapid adoption of cloud computing by organizations has resulted in the transformation of the roles and responsibilities of staff in managing the information technology (IT) resources (via IT governance controls) that have migrated to the cloud. Hence, the objective of this research is to provide a set of success factors that can assist IT managers to allocate the roles and responsibilities of IT controls appropriately to staff to manage the migrated IT resources. Accordingly, we generated a set of success factors from behavioral and information systems (IS) literature. These success factors were verified using in-depth interviews of executives from the United Arab Emirates (UAE). The empirical intervention suggests that the role allocation is driven predominantly by people’s skills, competencies, organizational strategy, structures, and policies. In addition, the research made clear that the most significant competency and skill for a person allocated to IT controls is to be able to evaluate and manage a cloud service provider, especially in terms of risks, compliance, and security issues related to public cloud technology. The findings of this study not only offer new insights for scholars and practitioners involved in assigning responsibilities but also provide extensions for IT governance framework authorities to align their guidelines to the emerging cloud technology

Managing the outsourcing of information security processes: the 'cloud' solution

Information security processes and systems are relevant for any organization and involve medium-to-high investment; however, the current economic downturn is causing a dramatic reduction in spending on Information Technology (IT). Cloud computing (i.e., externalization of one or more IT services) might be a solution for organizations keen to maintain a good level of security. In this paper we discuss whether cloud computing is a valid alternative to in-house security processes and systems drawing on four mini-case studies of higher education institutions in New England, US. Our findings show that the organization’s IT spending capacity affects the choice to move to the cloud; however, the perceived security of the cloud and the perceived in-house capacity to provide high quality IT (and security) services moderate this relationship. Moreover, other variables such as (low) quality of technical support, relatively incomplete contracts, poor defined Service License Agreements (SLA), and ambiguities over data ownership affect the choice to outsource IT (and security) using the cloud. We suggest that, while cloud computing could be a useful means of IT outsourcing, there needs to be a number of changes and improvements to how the service is currently delivered

Dimensions Of Security Threats In Cloud Computing: A Case Study

Even though cloud computing, as a model, is not new, organizations are increasingly implementing it because of its large-scale computation and data storage, flexible scalability, relative reliability, and cost economy of services. However, despite its rapid adoption in some sectors and domains, it is evident from research and statistics, that security-related threats are the most noticeable barrier to its widespread adoption. To investigate the reasons behind these threats, the authors used available literature to identify and aggregate information about IS security threats in cloud computing. Based on this information, the authors explored the dimensions of the nature of threat by interviewing a cloud computing practitioner in an organization that uses both the private and public cloud deployment models. From these findings, the authors found that IS security threats in cloud computing must be defined at different levels; namely, at the business and technical level, as well as from a generic and cloud-specific threat perspective. Based on their findings, the authors developed the Cloud Computing Threat Matrix (CCTM) which provides a two-dimensional definition of threat that enables cloud users to fully comprehend the concerns so that they can make relevant decisions while availing cloud computing services

Cloud computing : developing a cost estimation model for customers

Cloud computing is an essential part of the digital transformation journey. It offers many benefits to organisations, including the advantages of scalability and agility. Cloud customers see cloud computing as a moving train that every organisation needs to catch. This means that adoption decisions are made quickly in order to keep up with the new trend. Such quick decisions have led to many disappointments for cloud customers and have questioned the cost of the cloud. This is also because there is a lack of criteria or guidelines to help cloud customers get a complete picture of what is required of them before they go to the cloud. From another perspective, as new technologies force changes to the organizational structure and business processes, it is important to understand how cloud computing changes the IT and non-IT departments and how can this be translated into costs. Accordingly, this research uses the total cost of ownership approach and transaction cost theory to develop a customer-centric model to estimate the cost of cloud computing. The Research methodology used the Design Science Research approach. Expert interviews were used to develop the model. The model was then validated using four case studies. The model, named Sunny, identifies many costs that need to be estimated, which will help to make the cloud-based digital transformation journey less cloudy. The costs include Meta Services, Continuous Contract management, Monitoring and ITSM Adjustment. From an academic perspective, this research highlights the management efforts required for cloud computing and how misleading the rapid provision potential of the cloud resources can be. From a business perspective, proper estimation of these costs would help customers make informed decisions and vendors make realistic promises.Cloud Computing ist ein wesentlicher Bestandteil der Digitalisierung. Es bietet Unternehmen viele Vorteile, wie Skalierbarkeit und Agilität. Cloud-Kunden sehen Cloud Computing als einen Zug, auf den jedes Unternehmen aufspringen muss. Das bedeutet, dass Einführungsentscheidungen schnell getroffen werden, um mit dem neuen Trend Schritt zu halten. Solche Schnellschüsse haben zu vielen Enttäuschungen bei Cloud-Kunden geführt und die Kosten der Cloud in Frage gestellt. Dies ist auch darauf zurückzuführen, dass es keine Kriterien oder Leitlinien gibt, die den Cloud-Kunden helfen, sich ein vollständiges Bild davon zu machen, was von ihnen erwartet wird, bevor sie in die Cloud gehen. Aus einem anderen Blickwinkel ist es wichtig zu verstehen, wie Cloud Computing IT- und Nicht-IT-Abteilungen verändert und wie sich dies auf die Kosten auswirkt, da neue Technologien Veränderungen in der Organisationsstruktur und den Geschäftsprozessen erzwingen. Dementsprechend werden in dieser Forschungsarbeit der Total Cost of Ownership-Ansatz und die Transaktionskostentheorie verwendet, um ein kundenorientiertes Modell zur Schätzung der Kosten von Cloud Computing zu entwickeln. Die Forschungsmethodik basiert auf dem Design Science Research Ansatz. Zur Entwicklung des Modells wurden Experteninterviews durchgeführt. Anschließend wurde das Modell anhand von vier Fallstudien validiert. Das Modell mit dem Namen Sunny identifiziert viele Kosten, die geschätzt werden müssen, um die Reise zur digitalen Transformation in der Cloud weniger wolkig zu gestalten. Zu diesen Kosten gehören Meta-Services, kontinuierliches Vertragsmanagement, Überwachung und ITSM-Anpassung. Aus akademischer Sicht verdeutlicht diese Forschung, welcher Verwaltungsaufwand für Cloud Computing erforderlich ist und wie irreführend das schnelle Bereitstellungspotenzial von Cloud-Ressourcen sein kann. Aus Unternehmenssicht würde eine korrekte Einschätzung dieser Kosten den Kunden helfen, fundierte Entscheidungen zu treffen, und den Anbietern, realistische Versprechungen zu machen