Cloud providers viability
- 265 Downloads
A major part of the commercial Internet is moving toward the cloud paradigm. This phenomenon has a drastic impact on the organizational structures of enterprizes and introduces new challenges that must be properly addressed to avoid major setbacks. One such challenge is that of cloud provider viability, that is, the reasonable certainty that the Cloud Service Provider (CSP) will not go out of business, either by filing for bankruptcy or by simply shutting down operations, thus leaving its customers stranded without an infrastructure and, depending on the type of cloud service used, even without their applications or data. This article attempts to address the issue of cloud provider viability, defining a possible way of modeling viability as a non-functional requirement and proposing some approaches that can be used to mitigate the problem, both from a technical and from a legal perspective. By introducing a structured perspective into the topic of cloud viability, describing the risks, factors and possible mitigators, the contribution of this work is twofold: it gives the customer a better understanding to determine when it can rely on the cloud infrastructure on the long term and what precautions it should take in any case, and provides the CSP with means to address some of the viability issues and thus increase its customers’ trust.
KeywordsCloud Viability Standardization Service Level Agreement (SLA) Software escrow
JEL ClassificationG3 K
The present work is an invited extension of (Bartolini et al. 2015).
- Abrahao, B., Almeida, V., Almeida, J., Zhang, A., Beyer, D., Safai, F. (2006). Self-adaptive SLA-driven capacity management for internet services. In Proceedings of the 10th IEEE/IFIP network operations and management symposium (NOMS) (pp. 557–568). IEEE. ISBN: 1-4244-0142-9. https://doi.org/10.1109/NOMS.2006.1687584.
- Andrieux, A., Czajkowski, K., Dan, A., Keahey, K., Ludwig, H., Nakata, T., Pruyne, J., Rofrano, J., Tuecke, S., Xu, M. (2007). Web services agreement specification (WS-Agreement). Open Grid Forum (OGF). http://www.ogf.org/documents/GFD.107.pdf (Accessed 3 Nov 2016).
- Anthony, S. (2012). Megaupload’s demise: what happens to your files when a cloud service dies? http://www.extremetech.com/computing/114803-megauploads-demise-what-happens-toyour-files-when-a-cloud-service-dies (Accessed 3 Nov 2016).
- Aubert, B.A., Patry, M., Rivard, S. (2002). Managing IT outsourcing risk: lessons learned. In R. Hirschheim, A. Heinzl, & J. Dibbern III (Eds.), Information systems outsourcing. Enduring themes, emergent patterns and future directions (Vol. 155 p. 176). Berlin: Springer. ISBN: 978-3-662-04756-9. https://doi.org/10.1007/978-3-662-04754-5_7.CrossRefGoogle Scholar
- Bauer, E., & Adams, R. (2012). Reliability and availability of cloud computing, 1st edn. Wiley-IEEE Press.Google Scholar
- Bartolini, C., El Kateb, D., Le Traon, Y., Hagen, D. (2015). Cloud providers viability: how to address it from an IT and legal perspective? In Proceedings of the 12th international conference on economics of grids, clouds, systems and services (GECON). Springer.Google Scholar
- Bocciarelli, P., & D’Ambrogio, A. (2011). A BPMN extension for modeling non functional properties of business processes. In Proceedings of the symposium on theory of modeling & simulation (TMS/DEVS) (pp. 160–168). Society for Computer Simulation International.Google Scholar
- Brodkin, J. (2008). Gartner: seven cloud-computing security risks. Tech. rep. Gartner.Google Scholar
- Butler, B. (2014). The best time to prepare for getting data out of the cloud is before you put it in there. http://www.networkworld.com/article/2173255/cloud-computing/cloud-s-worst-case-scenario-what-to-do-if-your-provider-goes-belly-up.html (Accessed 3 Nov 2016).
- Buyya, R., Pandey, S., Vecchiola, C. (2009). Cloudbus toolkit for market-oriented cloud computing. In M.G. Jaatun, G. Zhao, C. Rong (Eds.), Cloud computing. Lecture Notes in computer science (Vol. 5931, pp. 24–44). Berlin: Springer.Google Scholar
- C-SIG SLA. (2014). Cloud service level agreement standardisation guidelines. Cloud Select Industry Group on Service Level Agreements (C-SIG SLA). Brussels. http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?action=display&doc_id=6138 (Accessed 3 Nov 2016).
- Caplan, D.S. (2010). Bankruptcy in the cloud: effects of bankruptcy by a cloud services provider. Tech. rep. 1289. Chapel Hill: Law Offices of David S. Caplan. http://ftp.documation.com/references/ABA10a/PDfs/3_3.pdf (Accessed 3 Nov 2016).
- Conley, J.M., & Bryan, R.M. (1985). Software escrow in bankruptcy: an international perspective. North Carolina Journal of International Law and Commercial Regulation, 10(3), 579–607. ISSN: 0743-1759.Google Scholar
- Dalpiaz, F., Paja, E., Giorgini, P. (2011). Security requirements engineering via commitments. In Proceedings of the 1st socio- technical aspects in security and trust (STAST). IEEE.Google Scholar
- Dowell, S., Barreto, A. III, Michael, J.B., Shing, M.-T. (2011). Cloud to cloud interoperability. In Proceedings of the 6th international conference on system of systems engineering (SoSE). Albuquerque: IEEE (pp. 258–263).Google Scholar
- Fry, M. (2004). Service-continuity goals important. Communications News, 41(10), –48.Google Scholar
- Gebregiorgis, S.A., & Altmann, J. (2015). IT service platforms: their value creation model and the impact of their level of openness on their adoption. In K. Jeffery, D. Kyriazis (Eds.), Procedia computer science. 1st international conference on cloud forward: from distributed to complete computing (Vol. 68, pp. 173–187). ISSN: 1877-0509. https://doi.org/10.1016/j.procs.2015.09.233.CrossRefGoogle Scholar
- Glinz, M. (2005). Rethinking the notion of non-functional requirements. In Proceedings of the 3rd world congress for software quality (WSCQ) (pp. II–55–II–64).Google Scholar
- Glinz, M. (2007). On non-functional requirements. In Proceedings of the 15th IEEE international requirements engineering conference (RE) (pp. 21–26). IEEE.Google Scholar
- Gnedenko, B.V., Belyayev, Y.K., Solovyev, A.D. (1969). Mathematical methods of reliability theory. In Z.W. Birnbaum, E. Lukacs (Eds.), Probability and mathematical statistics: a series of monographs and textbooks (518 pp.). Academic Press. ISBN: 978-1-4832-3053-5.Google Scholar
- Guo, Q., Zhan, Z., Wang, T., Zhao, X. (2012). Risk assessment and optimal proactive measure selection for IT service continuity management. In Proceedings of the network operations and management symposium (NOMS) (pp. 1386–1391). ISBN: 978-1- 4673-0267-8. https://doi.org/10.1109/NOMS.2012.6212080.
- Haile, N., & Altmann, J. (2013). Estimating the value obtained from using a software service platform. In K. Vanmechelen, J. Altmann, O. F. Rana (Eds.), Economics of grids, clouds, systems, and services. 10th international conference, GECON 2013, Zaragoza, Spain, September 18–20, 2013. Proceedings. Lecture notes in computer science (Vol. 8193, pp. 244–255). Berlin: Springer International Publishing. ISBN: 978-3-319-02413-4. https://doi.org/10.1007/978-3-319-02414-1_18.CrossRefGoogle Scholar
- Harsh, P., Dudouet, F., Cascella, R.G., Jegou, Y., Morin, C. (2012). Using open standards for interoperability - issues, solutions, and challenges facing cloud computing. In Proceedings of the 8th international conference on network and service management (CNSM) and 6th international DMTF academic alliance workshop on systems and virtualization management: standards and the cloud (SVM) (pp. 435–440). Las Vegas: IEEE.Google Scholar
- Hiles, A. (2000). Service level agreements: winning a competitive edge for support & supply services, 2nd Edn. Rothstein Catalog on Service Level Books. Brookfield: Rothstein Associates Inc.Google Scholar
- ISO. (2010). Systems and software engineering – Vocabulary. Tech. rep. International Organization for Standardization. https://doi.org/10.1109/IEEESTD.2010.5733835.
- ISO. (2011). Systems and software engineering– systems and software Quality Requirements and Evaluation (SQuaRE) – system and software quality models. Tech. rep. International Organization for Standardization.Google Scholar
- ISO. (2012). Societal security – business continuity management systems – requirements. Tech. rep. International Organization for Standardization.Google Scholar
- ISO. (2013). Information technology – security techniques – Code of practice for information security controls. Tech. rep. International Organization for Standardization.Google Scholar
- Jeffery, K., Kousiouris, G., Kyriazis, D., Altmann, J., Ciuffoletti, A., Maglogiannis, I., Nesi, P., Suzic, B., Zhao, Z. (2015). Challenges emerging from future cloud application scenarios. In K. Jeffery, D. Kyriazis (Eds.), Procedia computer science. 1st international conference on cloud forward: from distributed to complete computing (Vol. 68, pp. 227–237). ISSN: 1877-0509. https://doi.org/10.1016/j.procs.2015.09.238.CrossRefGoogle Scholar
- Kandukuri, B.R.,R. Paturi, V., Rakshit, A. (2009). Cloud security issues. In IEEE international conference on services computing (SCC) (pp. 517–520). IEEE. ISBN: 978-1-4244-5183-8. https://doi.org/10.1109/SCC.2009.84.
- Kauffman, R.J., Ma, D., Yu, M. (2014). A metrics suite for firm- level cloud computing adoption readiness. In K. Vanmechelen, J. Altmann, and O.F. Rana (Eds.), Economics of grids, clouds, systems, and services. 11th international conference, GECON 2014, Cardiff, UK, September 16–18, 2014. Revised Selected Papers (Vol. 8914, pp. 19–35). Lecture Notes in Computer Science. Springer International Publishing. ISBN: 978-3-319-14608-9. https://doi.org/10.1007/978-3-319-14609-6_2.Google Scholar
- Khajeh-Hosseini, A., Greenwood, D., Sommerville, I. (2010). Cloud migration: a case study of migrating an enterprise IT system to IaaS. In IEEE 3rd international conference on cloud computing (CLOUD) (pp. 450–457). IEEE. ISBN: 978-1-4244-8207-8. https://doi.org/10.1109/CLOUD.2010.37.
- Kharb, L. (2016). Automated deployment of software containers using dockers. International Journal of Emerging Technologies in Engineering Research (IJETER), 4(10), 1–3. ISSN: 2454- 6410.Google Scholar
- Klass, A.B. (2006). Modern public trust principles: recognizing rights and integrating standards. Notre Dame Law Review, 82(2), 699–754. ISSN: 0745-3515.Google Scholar
- Koch, F., de Assunção, M.D., Netto, M.A.S. (2012). A cost analysis of cloud computing for education. In K. Vanmechelen, J. Altmann, O.F. Rana (Eds.), International conference on grid economic and business models. 9th international conference, GECON 2012, Berlin, Germany, November 27–28, 2012. Proceedings. Lecture notes in computer science (Vol. 7714, pp. 182–196). Berlin: Springer. ISBN: 978-3-642-35193-8. https://doi.org/10.1007/978-3-642-35194-5_14.CrossRefGoogle Scholar
- Kozina, M. (2009). COBIT - ITIL mapping for business process continuity management. In B. Auer, M. Bača, K. Rabuzin (Eds.), Proceedings of the 20th central European conference on information and intelligent systems (pp. 113–119). Varaždin: University of Zagreb, Faculty of Organization and Informatics.Google Scholar
- Kuyoro, S.O., Ibikunle, F.A., Awodele, O. (2011). Cloud computing security issues and challenges. International Journal of Computer Networks, 3(5), 247–255.Google Scholar
- Laprie, J.-C., & Kanoun, K. (1996). Software reliability and system reliability. In M.R. Lyu (Ed.), Handbook of software reliability engineering, Chap. 2 (pp. 27–69). New York: McGraw-Hill.Google Scholar
- Lee, J.Y., Lee, J.W., Cheun, D.W., Kim, S.D. (2009). A quality model for evaluating software-as-a-service in cloud computing. In Proceedings of the 7th ACIS international conference on software engineering research, management and applications (SERA) (pp. 261–266). IEEE.Google Scholar
- Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D. (2011). NIST cloud computing reference architecture. Recommendations of the National Institute of Standards and Technology SP 500-292. Gaithersburg: National Institute of Standards and Technology.Google Scholar
- Louwers, E.-J. (2013). Continuity in the Cloud: new practical solutions required. ITechLaw 2013 European Conference.Google Scholar
- Ludwig, H., Keller, A., Dan, A., King, R. P., & Franck, R. (2003). Web Service Level Agreement (WSLA) language specification. 1.0. IBM Corporation, New York http://www.research.ibm.com/people/a/akeller/Data/WSLASpecV1-20030128.pdf (Accessed 3 Nov 2016).
- Lyu, M.R. (Ed.). (1996). Handbook of software reliability engineering. Hightstown: McGraw-Hill. ISBN: 0-07-039400-8.Google Scholar
- Machado, G.S., Hausheer, D., Stiller, B. (2009). Considerations on the interoperability of and between cloud computing standards. In: 27th open grid forum (OGF27), G2C-Net workshop: from grid to cloud networks. Banff: OGF.Google Scholar
- McKendrick, J. (2013). What to do in case your cloud provider falls off the grid. http://www.forbes.com/sites/joemckendrick/2013/11/04/what-to-do-in-case-your-cloud-provider-fallsoff-the-grid/#6c2fb6da3c53 (Accessed 3 Nov 2016).
- Mezrich, J L. (2001). Source code escrow: an exercise in futility? In Marquette intellectual propetry law review 5 (pp. 117–131). ISSN: 1092-5899.Google Scholar
- Mills, L.H. (2009). Legal issues associated with cloud computing. http://www.secureit.com/resources/Cloud%5C%20Computing%5C%20Mills%5C%20Nixon%5C%20Peabody%5C%205-09.pdf (Accessed 3 Nov 2016).
- Năstase, P., Năstase, F., Ionescu, C. (2009). Challenges generated by the implementation of the IT standards COBIT 4.1, ITIL V3 and ISO/IEC 27002 in Enterprises. In Economic computation & economic cybernetics studies & research (Vol. 3, pp. 5–20). ISSN: 1842-3264.Google Scholar
- Paja, E., Dalpiaz, F., Giorgini, P. (2014). STS-Tool: security requirements engineering for socio-technical systems. In M. Heisel, W. Joosen, J. Lopez, & F. Martinelli (Eds.), Engineering secure future internet services and systems. Lecture Notes in Computer Science (Vol. 8431, pp. 65–96). Berlin: Springer International Publishing.CrossRefGoogle Scholar
- Pandey, R.S., & Chaudhary, B. (2008). A cost model for participating roles based on choreography semantics. In Proceedings of the IEEE Asia-pacific services computing conference (APSCC) (pp. 277–283). IEEE. ISBN: 978-0-7695-3473-2. https://doi.org/10.1109/APSCC.2008.117.
- Pappous, P.A. (1985). The software escrow: the court favorite and bankruptcy law. Santa Clara High Technology Law Journal, 1(2), 309–326.Google Scholar
- Pettey, C., & van der Meulen, R. (2009). Gartner says cloud consumers need brokerages to unlock the potential of cloud services. http://www.gartner.com/newsroom/id/1064712 (Accessed 3 November 2016).
- Rochwerger, B., Breitgand, D., Levy, E., Galis, A., Nagin, K., Llorente, I.M., Montero, R., Wolfsthal, Y., Elmroth, E., Cáceres, J., Ben-Yehuda, M., Emmerich, W., Galán, F. (2009). The reservoir model and architecture for open federated cloud computing. IBM Journal of Research and Development, 53(4), X:1–X:11.CrossRefGoogle Scholar
- Sahai, A., Machiraju, V., Sayal, M., vanMoorsel, A., Casati, F. (2002). Automated SLA monitoring for web services. In M. Feridun, P. Kropf, G. Babin (Eds.), Management technologies for E-commerce and E-business applications. Lecture notes in computer science (Vol. 2506, pp. 28–41). Berlin: Springer.CrossRefGoogle Scholar
- Sahibudin, S., Sharifi, M., Ayat, M. (2008). Combining ITIL, COBIT and ISO/IEC 27002 in order to design a comprehensive IT framework in organizations. In Proceedings of the second asia international conference on modeling & simulation (AICMS) (pp. 749–753). IEEE. ISBN: 978-0-7695-3136-6. https://doi.org/10.1109/AMS.2008.145.
- Sallé, M. (2004). IT service management and IT governance: review, comparative analysis and their impact on utility computing. Tech. rep. HPL-2004-98. Palo Alto: HP Laboratories.Google Scholar
- Secteur Financier (CSSF), C. de Surveillance du (2017). Circular CSSF 17/654. http://www.cssf.lu/fileadmin/files/Lois_reglements/Circulaires/Hors_blanchiment_terrorisme/cssf17_654eng.pdf (Accessed 10 June 2017).
- Thibodeau, P. (2013). One in four cloud providers will be gone by 2015. http://www.computerworld.com/article/2486691/cloudcomputing/one-in-four-cloud-providers-will-be-gone-by-2015.html (Accessed 3 Nov 2016).
- van de Zande, T., & Jansen, S. (2011). Business continuity solutions for SaaS customers. In B. Regnell, I. van de Weerd, O. De Troyer (Eds.), Software business. Lecture Notes in Business Information Processing (Vol. 80, pp. 17–31). Berlin: Springer.Google Scholar
- Van Hoboken, J., Arnbak, A., Van Eijk, N. (2013). Obscured by clouds or how to address governmental access to cloud data from abroad. In Proceedings of the 6th annual privacy law scholars conference (PLSC).Google Scholar
- van Moorsel, A. (2001). Metrics for the internet age: quality of experience and quality of business. In Proceedings of the 5th international workshop on performability modeling of computer and communication systems (PMCCS).Google Scholar
- Venkatraman, A. (2013). 2e2 datacentre administrators hold customers’ data to £ 1m ransom. http://www.computerweekly.com/news/2240177744/2e2-datacentre-administrators-hold-customers-data-to-1m-ransom (Accessed 3 Nov 2016).
- Weber, R.H., & Staiger, D.N. (2014). Cloud computing: a cluster of complex liability issues. Web Journal of Current Legal Issues, 20(1).Google Scholar
- Weitzel, T., Beimborn, D., König, W. (2006). A unified economic model of standard diffusion: the impact of standardization cost, network effects, and network topology. MIS Quarterly (Special Issue on Standard Making), 30, 489–514. ISSN: 2162– 9730.Google Scholar
- Wieder, P., Butler, J.M., Theilmann, W., Yahyapour, R. (Eds.). (2011). Service level agreements for cloud computing. New York: Springer Science+Business Media, LLC.Google Scholar
- Yu, E.S. (1997). Towards modelling and reasoning support for earlyphase requirements engineering. In Proceedings of the 3rd IEEE international symposium on requirements engineering (RE) (pp. 226–235). IEEE.Google Scholar
- Zo, H., Nazareth, D.L., Jain, H.K. (2007). Measuring reliability of applications composed of web services. In Proceedings of the 40th Hawaii international conference on system sciences (HICSS). IEEE.Google Scholar