You are on page 1of 218

Towards a Healthy Cloud

Cloud Computing Solutions for the Dutch Healthcare Sector

Master Thesis Business Informatics

Juan Hernández Colomina
June 2009 - February 2010

Ronald Batenburg & Slinger Roijackers

Kor Tops & Ronald van den Heuvel
Table of Contents
Introduc*on  .....................................................................................................4
Research  Descrip*on  ........................................................................................5
Research  Problem  and  Scope  ........................................................................................5
Research  Goal  and  Ques7ons  .......................................................................................5
Research  Paradigm  ........................................................................................................7
Research  Approach  .......................................................................................................8
Research  Methodology  .................................................................................................10
Prac7cal  and  Scien7fic  Contribu7on  .............................................................................21
Research  Validity  ...........................................................................................................25
Research  Phase  1:  Defini*on  of  Cloud  Compu*ng  .............................................26
Context  and  Enabling  Factors  ........................................................................................28
Cloud  Compu7ng  Defini7on  ..........................................................................................34
Taxonomy  of  Cloud  Solu7ons  ........................................................................................48
Common  Use  PaOerns  ..................................................................................................55
Cloudnomics:  Cloud  Compu7ng  Economics  ..................................................................61
Risks  of  Cloud  Compu7ng  ..............................................................................................65
Cloud  Security  ...............................................................................................................72
The  Cloud  Compu7ng  Marketplace  ...............................................................................76
Selec7ng  a  Cloud  Provider  ............................................................................................90
Answers  to  Research  Ques7ons  Phase  1  .......................................................................95
Conclusion  Phase  1  .......................................................................................................99
Research  Phase  2:  ICT  in  the  Dutch  Healthcare  Sector  .......................................102
Context  and  Scope  .........................................................................................................102
The  Role  of  Technology  in  Healthcare  ...........................................................................114
ICT  in  the  Dutch  Healthcare  sector  ...............................................................................123
Electronic  Pa7ent  Records  in  The  Netherlands  .............................................................126
Answers  to  Research  Ques7ons  Phase  2  .......................................................................150
Conclusion  Phase  2  .......................................................................................................154
Phase  3:  Cloud  Compu*ng  in  the  EPD  context  ...................................................160
Design  Science  Research  Approach  ...............................................................................160
Ar7fact  Crea7on  ............................................................................................................163
Ar7fact  Evalua7on  .........................................................................................................166

Towards a Healthy Cloud Page 2 of 218 Juan Hernández Colomina

Answers  to  Research  Ques7ons  Phase  3  .......................................................................168
Research  Conclusion  .........................................................................................180
Bibliography  .....................................................................................................186
Appendix  A:  General  Thesis  Informa*on  ...........................................................194
Appendix  B:  Process  Deliverable  Diagram  .........................................................195
Appendix  C:  Project  Planning  and  Deliverables  .................................................196
Appendix  D:  TwiRer’s  cloud  compu*ng  community  ..........................................197
Appendix  E:  Cloud  Compu*ng  Outages  During  2008   .........................................198
Appendix  F:  Gartner’s  2009  overview  of  IaaS  providers  .....................................199
Appendix  G:  Healthcare  Strategic  Principles  of  the  EU  .......................................206
Appendix  H:  Enabling  Technologies  for  Pa*ent  Safety  .......................................207
Appendix  I:  Enabling  Technologies  for  Quality  of  Care  .......................................208
Appendix  J:  Enabling  Technologies  for  Availability  ............................................209
Appendix  K:  Enabling  Technologies  for  Empowerment  ......................................210
Appendix  L:  General  eHealth  related  defini*ons  ...............................................211
Appendix  M:  NICTIZ’s  ZSP  Cer*fica*on  Requirements  .......................................213
Appendix  N:  NICTIZ’s  GBZ  Requirements  Overview  ...........................................216

Towards a Healthy Cloud Page 3 of 218 Juan Hernández Colomina

  This   thesis   report   describes   the   findings   of   the   research   performed   by   Juan   Hernández  
Colomina  as  part  of  the  Master  in  Business  Informa7cs  program  at  Utrecht   University.  The  main   goal  
of   the  research   is  to  analyze   the  challenges  and   opportuni7es  to   adopt   (current)  Cloud   Compu7ng  
solu7ons  in  the  Dutch  healthcare  sector.  For  this  purpose,  this  research  has  been  conducted  from  June  
2009   to   January   2010   in   collabora7on   with   E.Nova7on   B.V.   a   firm   specialized   in   communica7on  
systems  and  integra7on  services  for  the  healthcare  and  logis7c  sectors  in  The  Netherlands.  

  In   accordance   with  the  different   research  steps  performed,   the  report   is  structured  in   four  
main  sec7ons:  Research  Descrip7on,   Research  Phase  1,  Research  Phase  2  and  Research  Conclusion.  In  
the  first   sec7on  (Research  Descrip7on)  the  main  research  goal,   (sub)ques7ons,   methodology,   scope  
and  scien7fic  and   social  relevance  are  introduced.  The  second  sec7on   of  this  report  (Research  Phase  
1)  elaborates  the  results  of  the  first  part   of   our  research  which  focuses  on  Cloud  Compu7ng  solu7ons.  
This  sec7on   includes   not   a  defini7on   of   the   concept   as  well  as  a   taxonomy   of   current   solu7ons,  
common  use  paOerns,   a  brief   vendor   analysis  and  a  descrip7on   of  the  associated  risks  compared  to  
other  alterna7ves.  

  The  third  part   of   this  report   (Research   Phase  2)   focuses   on  analyzing   the  Dutch  healthcare  
sector  and  the  role  of  informa7on  and  communica7on  technology  (ICT)  in  that  sector.  For  this  purpose  
we  have  selected  one  of  the  most  significant  ICT  projects  currently  being  deployed  in  The  Netherlands,  
the  introduc7on  of  Electronic   Pa7ents  Records  (EPR  or  EPD  in  Dutch).  In  the  fourth  and  last  sec7on  of  
this  report   (Research  Conclusion)   we  combine  the  results  of  the  previous  two  phases  in  analyzing  the  
opportuni7es  and  challenges  for  deploying   Cloud  Compu7ng  solu7ons  within  the  EPR  context  in  The  
Netherlands.   We   conclude   the   report   with   some   recommenda7ons   for   healthcare   providers,   ICT  
providers  and  Government  bodies  as  well  as  some  issues  that  could  be  subject  of  future  research.  

Towards a Healthy Cloud Page 4 of 218 Juan Hernández Colomina

Research  Descrip*on
  We   begin   this   sec7on   by   introducing   the   research   problem   and   scope   that   delimit   our  
research.   In   order   to   achieve   this  goal,   we   present   the  research   ques7on   and  sub-­‐ques7ons  to   be  
answered   as  well  as  the   methodology  applied  in  that   process.   The  last  part  of  this  sec7on  describes  
the  scien7fic  and  prac7cal  contribu7on  of  the  research.

1. Research  Problem  and  Scope

  Cloud  Compu7ng   represents  a   new   technological   delivery   model  that   is   expected   to   highly  
influence  organiza7ons  and  their  use  of  technology  in  the  near  future.  During  2009  we  have  observed  
an  increasing  interest  for  Cloud  Compu7ng  solu7ons  as  viable  alterna7ve  models  to  reduce  costs  and  
improve   performance.   However,   there   are   certain   considera7ons  to   be   taken   into   account   when  
implemen7ng   technological  solu7ons  in  specific   na7onal  sectors  like  the  Dutch   healthcare  sector.  For  
this  reason,   it   is  not   only   important   to  obtain  a   clear   defini7on   of   this  new   paradigm   but   also   to  
understand  what   are  the   specific   implica7ons  in  the  adop7on  of  ICT   solu7ons  by   Dutch  Healthcare  

  Hitherto  there  are  few   scien7fic  publica7ons  on  Cloud  Compu7ng  and  they  focus  primarily   on  
providing  the  grounding  step   stones  (e.g.  defini7ons,  actors,  etc.)  of   this  emerging   field.  However,  in  
commercial  publica7ons  (e.g.  New  York  Times,,  The  Economist,   CNN,  etc.)  several  ar7cles  can  
be  found  on  the  benefits  and  risks  of  this  new  delivery   model.  The  rapid  evolu7on  of  Cloud  Compu7ng  
offerings  and  the  lack   of   a  broadly   accepted  defini7on  have  resulted  in  a  hype  where  almost  every  
vendor   affirms  they   provide  this  type  of   solu7on.  As  a  direct   consequence  of  this  blurred  situa7on  
customers  cannot  evaluate  and  compare  solu7ons  accurately.  

  Due   to   the   increasing   popularity   of   the   cloud   compu7ng   delivery   model   and   the   lack   of  
previous  scien7fic   research  in  this  area  it  is  necessary  to  create  a   defini7on  of  the  concept  that  can  
then  be  further  analyzed  in  a  specific   context.   For  this  reason,   the  scope  of  this  research  is  delimited  
on   one  hand  by  the  crea7on  of  a  general  Cloud  Compu7ng  defini7on,  and  on  the  other  hand  by   the  
risks  and   opportuni7es  of  this  new  paradigm  for   Dutch  healthcare  organiza7ons  and  policy   makers.  
For   this  reason,   the   problem   that   we  aim   to  solve  in   this  research  is  the  lack   of   understanding   of  
current  opportuni7es  and  barriers  for  using  Cloud  Compu7ng  solu7ons  in  the  Dutch  healthcare  sector.  
By   solving  this  problem,  we  aim  to   support  policy  makers,   healthcare  organiza7ons  and  ICT  providers  
when  considering  this  paradigm  in  the  Dutch  healthcare  context.  

2. Research  Goal  and  Ques*ons

  The   main   goal   of   this   research   is  to   provide  a  set   of   recommenda7ons  for   policy   makers,  
healthcare  organiza7ons  and  technology  providers  to  support  on  one  hand  the  development  of  future  
legisla7ons  and  on  the  other   hand  the  adop7on  and  development  of  Cloud  Compu7ng  solu7ons  in  the  

Towards a Healthy Cloud Page 5 of 218 Juan Hernández Colomina

Dutch  Healthcare  sector.   By   taking   into  account   the   current   opportuni7es,   challenges  and   policies  
influencing   the  adop7on   of  ICT  solu7ons  in  the  Dutch  Healthcare  sector   as  well  as  the  characteris7cs  
of   this  new   delivery   model   we   aim   to   achieve   three   goals:   (A)   to   support   policy   makers   in   the  
development   of   new   ICT   related   policies  and   regula7ons,   (B)   to   facilitate   the   adop7on   of   Cloud  
Compu7ng  by  Dutch  healthcare  organiza7ons  and  (C)  to  support  ICT  service  providers  in  developing  
cloud  solu7ons  that  fit  this  context.

  In  order   to  achieve  our   research   goal,   a   number   of  sub-­‐steps  have  been  accomplished  first  
where  each  step  solves  part   of  the  research  problem.  For   this  purpose,  we  have  divided  our  research  
ques7ons  in  three  groups:

Research  Ques*ons  Group  1:  Defini*on  of  Cloud  Compu*ng  

What  is   Cloud  Compu7ng?  How  is  it   defined  by   scien7sts,  ICT   vendors,   consultants,  analysts  
and   commercial   publica7ons?   What   types   of   solu7ons   are   available?   What   are   its   main  
benefits  and  risks?  What  type  of  cloud  solu7ons  are  being  currently  offered  in  the  market?  

Research  Ques*ons  Group  2:  The  Dutch  Healthcare  Sector  

What  are  the  current   trends,  challenges   and  opportuni7es   in  the  Dutch   Healthcare  sector?  
What  is  the  current   role  of  ICT  in  the  Dutch  Healthcare  sector?  What  are  the  main  policies  and  
legisla7ons  affec7ng  the  use  of  ICT  in  Dutch  Healthcare  organiza7ons?

Research  Ques*ons  Group  3:  Cloud  Compu*ng  in  Dutch  Healthcare  

What   are  the  most   relevant   opportuni7es  and  challenges  for   adop7ng  Cloud   Compu7ng   in  
the  Dutch  Healthcare  sector?  Which  type  of  Cloud  Compu7ng  solu7ons  fit  within  the  current  
legisla7ve  context   and   poli7cal  agenda?   How   do  current   regula7ons  facilitate  or   difficult  the  
adop7on  of  Cloud  Compu7ng?

  The  first   two  groups  of  ques7ons  are  answered  independently  from  each  other  while  the  third  
group  elaborates  on  the  answers  found  on   those  two   groups.   By   answering  these  research  ques7ons  
we   have  generate  a  set  of   recommenda7on  to  be  taken   into  account  when   evalua7ng   current  Cloud  
Compu7ng  solu7ons   for   the  Dutch   Healthcare   sector   and   when  developing  new  cloud  products  for  
that  specific  industry.  Moreover,  the  recommenda7ons  can  also  be  applied  in  the  development  of  new  
laws  and   regula7ons  by   policy   makers.   The   answers   to   these   three   groups   of   research   ques7ons  
provides  us  with  the  answer  to  our  main  research  ques*on:  how  can   a  Dutch   healthcare  organiza*on  
select   cloud   compu*ng   solu*ons  taking   into   account   the   requirements   needed   to   connect   to   the  
na*onal  pa*ent  records  system?

Towards a Healthy Cloud Page 6 of 218 Juan Hernández Colomina

3. Research  Paradigm
  The  main   purpose  of  IS   scien7fic   research   is  to  describe,  explain,  predict   and   control  reality  
(Jenkins,  1985).  Our  research  is  primarily  concerned  with  describing  two  parts  of  reality  (e.g.  defini7on  
of  cloud   compu7ng  and  IT  in  Dutch  healthcare)   and   explaining  how  an  organiza7on  can  deploy   such  
solu7ons  in  that  context.   As  we  focus  on  studying  a  new  phenomenon  our  research  is  exploratory   by  
nature.   This  is   also   reflected   in   the   type   of   research   ques7ons  we   try   to   answer   (e.g.   "What..."  
ques7ons)  (Järvinen,  2003).  

  There  are  several  research  paradigms  applied  in  contemporary  social  research  each  having   its  
corresponding   assump7ons,   methodologies  and   suppor7ng   theories.   This  diversity   of   approaches  
enables  the   analysis   of   phenomena  from   different   frames   of   reference,   improving   its  validity   and  
accoun7ng  for  possible  biases  (e.g.  methodology  related  biases)   (Hirschheim  &  Klein,  1989).  However,  
on   Informa7on   Science  (IS)  research  this  is  not   always  the  case  as  the   posi7vist   and  interpreta7ve  
approaches  have  been  the  dominant  approaches  for  many  years  (Orlikowski  &  Baroudi,  1991).  

  In  IS  research  we  can  find  previous  scien7fic  work  on  how  different   world  views  determine  the  
research   paradigm  followed  the  researcher  (Orlikowski  &  Baroudi,  1991).  Researcher’s  believes  about  
physical  and   social  reality,   knowledge   and   the   rela7onship   between   knowledge  and   the  empirical  
world   determine   his/her   research   philosophy   (e.g.   posi7vist,  interpreta7ve,     etc.)  and  consequently  
influence   his/her   selec7on   of   research   approach   and   methods   (Orlikowski   &   Baroudi,   1991).   Our  
believes  are  described  in  the  following  list:

★ Physical   and   social   reality:   Our   perspec7ves  on   the   empirical  world   is  that   it   is   subjec7ve   and  
therefore   created   by   human   ac7ons.   We   assume   therefore   that   humans   (re)create   the   world  
applying   high   levels   of   ra7onality   on   their   percep7ons   and   interac7ons   with   other   humans.  
Moreover,   we  believe  that   social   rela7ons  are   dynamic   and   in   some  cases   conflicts  arise  from  
differences  in  created  "reali7es"  .  
★ Epistemology   /   Knowledge:   We   believe   that   knowledge   is   created   and   evaluated   by   human  
ra7onality  and  it  is  valid  once  it  has  been  empirically  proven  true  several  7mes.  
★ Rela*onship   between   knowledge   and   the   empirical   world:   In   our   research   we   believe   that  
knowledge  is  primarily  created  to  solve  specific  problems  in  prac7ce.  

  Analyzing   our   perspec7ves   on   these   three   areas   we   have   to   conclude   that   we   follow   a  
interpreta7ve   research   philosophy.   It   differs   from   the   posi7vist   view   in   the   assump7on   of   social  
construc7onism,  the  believe  that   reality  and  our  knowledge  about  it  are  social  products  and  therefore  
depend  on  humans  to   be  constructed   and   make   sense  of  it   (Orlikowski  &   Baroudi,   1991)   (Chen  &  
Hirschheim,  2004)  (Myers,  1997).  Applied  to  the  IS  research  field,  the  interpreta7ve  research  paradigm  
aims  to  understand  “the  context  of   the   informa7on  system,  and  the  process  whereby  the  informa7on  
system  influences  and  is  influenced  by  the  context"  (Myers,  1997).

Towards a Healthy Cloud Page 7 of 218 Juan Hernández Colomina

  The  interpreta7ve  perspec7ve  assumes  that   the  world  is  not   given   but   instead   a  subjec7ve  
crea7on   of   human  ac7ons  (Chen  &   Hirschheim,   2004)   (Myers,   1997).   For   this  reason,  interpreta7ve  
researchers  focus  more  on  making  sense  of  reality  rather  than  discovering  it   as  posi7vists  do.  Reality,  
and   therefore   the   interpreta7ons   of   meanings   (e.g.defini7ons,   concepts,     etc.)   are   formed,  
transferred,   used   and   (re)nego7ated   by   humans   over   7me  as   the   context   where  they   are  created  
changes  (Orlikowski  &  Baroudi,  1991).  For   this  reason,   previous  publica7ons  recommend  the  use  of  
qualita7ve  methods  when  conduc7ng  research  from  a  interpreta7ve  perspec7ve  (Chen  &  Hirschheim,  
2004)  (Myers,  1997).

  Although   many   other   research   paradigms   can   be   found   in   previous   publica7ons  

(e.g.   posi7vism,  post-­‐posi7vism,  cri7cal  theory,   neohumanism,   pluralists,     etc.)  (Hirschheim  &   Klein,  
1989)   (Chen  &   Hirschheim,   2004)  we  believe  that   the  interpreta7ve  perspec7ve  is  a  valid  research  
paradigm   as  it   represents   more  accurately   our   world  view  and  it   has   been   applied  already   several  
7mes  during  the  last  decade  of  IS  research   and  (Chen  &  Hirschheim,   2004).  The  main  advantages  of  
the  interpreta7ve  research  approach  is  that  it  provides  a  view  on  the  underlying  connec7ons  in  social  
groups  and  how  they   construct  reality.  However,  some  of  the  limita7ons  of  this  approach  are   that  it  
does   not   consider   external   condi7ons,   unintended   consequences   of   ac7ons   and   social   conflicts  
(Orlikowski  &  Baroudi,  1991).

  When  aiming   to   achieve  replicability   and   generalizability   of   research   findings  some   authors  
believe   that   the   posi7vist   paradigm   might   be   the   most   appropriate   (Chen   &   Hirschheim,   2004).  
However,   when   the  researchers  goal  is   to   provide  an   in-­‐depth   understanding   of   the  phenomenon  
under   study   the   interpreta7ve   paradigm   is   recommended   as  it   enhances   research   from   different  
perspec7ves  (Chen  &  Hirschheim,  2004).  The  interpreta7ve  research  paradigm  is  considered  by   some  
authors  as  the  only  real  alterna7ve  to  the  dominant  posi7vism  stream  (Chen  &  Hirschheim,  2004).

  Although  the  posi7vism  view  is   the  dominant   research   perspec7ve  in  IS  research  it   requires  
that   the   phenomenon   under   study   is   single,   tangible,   fragment-­‐able   and   with   a   clear   an   unique  
defini7on   (Orlikowski   &   Baroudi,   1991).   This   last   requirement   is   not   found   in   the  context   of   our  
research  as  there  is  not  yet  a  clear   and  unique  defini7on  of  cloud   compu7ng.  For   this  reason  we  will  
try  to  achieve  this  during  the  first  phase  of  our  research.

4. Research  Approach
  A   research  approach  can  be   defined  as  "the  set  of  research  methods  that  can  be   applied  to  
similar   research  objects  and  research  ques7ons"  (Järvinen,  2000).   A  research  approach  encompasses  
therefore  a  group  of  research  methods  that  are  applied  for  the  same  goal  and  on  the  same  object.  We  
have  divided  our  research  in  three  different  phases  aiming  to  answer  three  different  types  of  research  
ques7ons.   For   this   reason   we   have   selected   different   approaches   and   methods   in   each   phase  
depending  on  the  type  of  research  ques7ons  that  we  aim  to  answer.

Towards a Healthy Cloud Page 8 of 218 Juan Hernández Colomina

  Previous  work   on   research   approaches  has  demonstrated   how   a   researcher   can  select   the  
appropriate   research  methods  based   on  the  research  ques7ons  and  the  characteris7cs  of  the  object  
being   inves7gated   (Järvinen,   2000)   (Järvinen,   2003).   Applying   Järvinen’s   taxonomy   of   research  
approaches  to  our   research  ques7ons  we  have  selected  a  non-­‐mathema7cal  research  approach  with  a  
focus  on   studying   reality.   Our   selec7on   is   based   on   the  facts  that   cloud  compu7ng   is   a  emerging  
delivery   model  being  studied  in   few  scien7fic   publica7ons  so  we  believe  this  part  of   reality   needs  to  
be  explored  in  a  specific   context.   A  mathema7cal  approach   was   considered  at   the  beginning  of  our  
research  (e.g.  survey)  but  due  to  the  lack  of  experiences  with  cloud  compu7ng  in  the  Dutch  healthcare  
sector  we  have  selected  a  non-­‐mathema7cal  approach.

  The  first   two  phase  our   research   follow   a  conceptual-­‐analy7cal  approach  to   fully   understand  
cloud  compu7ng  and  the  ICT  in  the  Dutch  healthcare  sector   context.  Once  we  have  deeply  understood  
these  two  parts  of  reality   we  con7nue  our  research   in  the  third  phase  by   applying  a  design  science’s  
innova7on   building   research   approach   that   focuses   on   the   crea7on   of   an   ar7fact   (e.g.   matching-­‐
model)  based  on  the  results  from  the  previous  two  phases  (Järvinen,  2000).  

  Within   the   conceptual-­‐analy7cal   research   approach   we   can   observe   two   research   trends  
(Järvinen,  2000).   Some  researchers  focus  on  research  ques7ons  as  "Which  kind  of  theory   concerning  a  
certain  part   of   reality   could   be  derived,   if   certain   assump;ons  and   premises  are  valid?"   while  other  
researchers  aim  to  answer  ques7ons  like  "Is  there  any   common  theory,   which  describes  and  explains  
those  phenomena?".  Our  research  corresponds  primarily  with   the  first  research  stream  as  we  aim  to  
derive  theory   (e.g.  our   matching-­‐model)  concerning   a  part  of  reality   (e.g.   cloud  compu7ng  and  IT  in  
Dutch  Healthcare)  from  certain  assump7ons  and  premises  (e.g.  our  own  defini7on  of  cloud  compu7ng  
and  our  interpreta7on  of  NICTIZ  requirements).  

  In   the   ar7fact   building   research   approach   the   researcher   inves7gates   if   a   certain   ar7fact  
(abstract  or  concrete)  can  be  constructed  (Järvinen,  2000).  The  corresponding  research  ques7on  that  
this  approach   aims  to  answer  is  “Is  it   possible  to  build  a   certain  ar;fact?"  (Järvinen,  2000).  In  phase  
three   of   our   research   we  have  followed   this   research   approach   to   elaborate  a  meta-­‐ar7fact   (e.g.    
matching-­‐model).   With   our   meta-­‐ar7fact   we  try   to   demonstrate  not   only   that   this  abstract   ar7fact    
can  be  build  but   also   that   following  our   matching-­‐model  a  prac77oner   can  select   a   concrete  cloud  
compu7ng  ar7fact  to  be  used  in  the  EPD  context.

  In   the   IS  research   field  we  can  find   several  other  taxonomies  that  are  oren   applied   to   select  
the  most  appropriate  research  approach.  Some  examples  are  Nunamaker’s  et  al,  Galliers  &  Land’s  and  
March  &   Smith’s  frameworks  (Järvinen,  2000)  (Hevner,  March,   Park,   &   Ram,   2004)   (Galliers  &   Land,  
1987).   According   to   Nunamaker’s  taxonomy,   our   mix   of   conceptual-­‐analy7cal  and   ar7fact   building  
approaches   is   considered   as   a   theory   building   approach   with   a   focus   on   delivering   conceptual  
frameworks.  In   Galliers  &   Land’s  framework  our   research  is  regarded  as  descrip7ve  interpreta7ve  in  
phase  one  and  two  as  we  focus  mainly  on  understanding  the  nature  of  IT  (Järvinen,   2008).  Moreover,  
applying  March  and  Smith's  framework  (see  table  1)  our  research  can  be  classified  as  theory  research  

Towards a Healthy Cloud Page 9 of 218 Juan Hernández Colomina

under  the  natural  science  approach  for  phase  one  and  two,   and  as  building  approach  under  the  design  
science  approach  for  phase  three.

Table  1:  March  &  Smith  framework  (Järvinen,  2000)

Design  Science Natural  Science

Build Evaluate Theorize Jus*fy
Constructs Phase  1  &  2
Model Phase  3

  As  the  research  methods  depend  on  the  research  approach  followed  we  will  discuss  them   per  
phase  of  our  research  in  the  following  sec7on.

5. Research  Methodology  
  One  of  the  key  factors  to  select   an  appropriate  research  methodology   is  to  recognize  available  
methodologies  and  understand   their   challenges   and   opportuni7es   (Järvinen,   2008)   (Jenkins,   1985)  
(Chen   &   Hirschheim,   2004).   Although   surveys,   laboratory   experiments   and   case   studies  research  
methods   have   been   dominant   in   the   IS   research   field   (Orlikowski   &   Baroudi,   1991),   qualita7ve  
methods   and   longitudinal   studies  are  gaining   popularity   as  the   interpreta7ve   approach   is  gaining  
popularity  (Chen  &  Hirschheim,  2004).  

  Experienced  IS  researchers  recommend   to   select   the   most   appropriate  methodology   within  
the  context   of  the  research  objec7ve,  an  individual's  research  paradigm,  his/her  integrity,  the  available  
knowledge  on  the  IS  field  and  the  opera7ng  paradigms  available  (Jenkins,  1985).  Our   research  can  be  
in  general  considered  as  a  interpreta7ve  case   study   because  it   aims  to  capture  and  communicate   (a  
part   of)  reality   in  a  par7cular   context   7me  (e.g.   feasibility   of  cloud  compu7ng   in  the  current   Dutch  
healthcare  system)  (Jenkins,  1985).  

  One  of  the  most  significant  barriers  that   we   encounter  when  selec7ng  our   research  methods  
was   the   lack   of   available   knowledge  about   cloud   compu7ng   in   a  Dutch   healthcare   seung.   Other  
barriers   that   we   encountered   when   selec7ng   our   methods   are   the   high   costs   and   feasibility   of  
alterna7ve  methods  (e.g.   survey,   lab   experiment,     etc.),   the   low   level  of  control  we  have   over   the  
variables  and  the  lack  of  applicable  ar7facts  (e.g.  defini7ons,  methods,  models,    etc.)  

  When  performing   IS  research  is  oren  very  difficult  to   reproduce  the  research  environment  in  
experimental  designs  and  only  a  limited  number  of  factors  can  be  studied  on  such  a  seung  (Galliers  &  
Land,   1987).   Moreover,   for   this  type  of  method  the  researcher   should  have  control  over   behavioral  
events.   Due  to  the  fact  that  we  cannot  reproduce  the  EPD  context   in  an  experiment  and  that  we  have  
low  control  over  the  events  we  have  discarded  lab  experiments  as  a  viable  method  in  our  situa7on.  A  
survey   was  considered  during   the  first  months  of  the  research  but  was  discarded  due  to  the  fact  that  

Towards a Healthy Cloud Page 10 of 218 Juan Hernández Colomina

there  is  almost  no  knowledge  about  cloud  compu7ng  within  the  research  popula7on  (e.g.  healthcare  
IT  decision  makers  in  The  Netherlands).

  Previous  work  on  selec7ng  the  appropriate  IS  research  methodologies  has  shown  that  applying  
only   empirical-­‐analy7cal   methods   (e.g.   sta7s7cal   methods)   the   research   would   have   serious  
limita7ons  as  it  should  also  include  behavioral  and  organiza7onal  considera7ons.  IT  is  defined  by  some  
authors  as  "technology   used   to   acquire   and   process   informa7on   in   support   of   human   purposes,  
typically   within  some   organiza7onal  seung"  (March   &   Smith,  1995).  Qualita7ve   methods  (e.g.   field  
work,  interviews,     etc.)  are  therefore  appropriate  for  IS  research  as  IT  is  oren  studied  in  organiza;ons  
and  used  by  humans  (Galliers  &  Land,  1987)  (Myers,  1997).  

  Taking  into  the  limita7ons  previously   stated,  we  have  applied  Järvinen's  taxonomy   to  link  our  
research   ques7ons  to   the  most   appropriate  (and   feasible)   research  methods  (Järvinen,   2008).   The  
results  of  our  selec7on  process  is  depicted  in  table  2.

Table  2:  Linking  Research  Ques*ons  to  Research  Methods

Phase   Type  of   Research  

Research  Methods Deliverables
# Ques*ons Approach

-­‐ Literature  Study

• Defini7on  of  Cloud  Compu7ng

1 What  is  ...?

-­‐ Online  Field  Study
• Overview  of  characteris7cs
-­‐ Expert  Reviews • Overview  of  main  vendor  solu7ons
• Expert  review  valida7on

• Descrip7on  of  the  Dutch  Healthcare  sector

• Current   trends,  challenges  and  opportuni7es  in  the  Dutch  
Healthcare  sector  
Conceptual-­‐ -­‐ Literature  Study
2 What  is  ...?
Analy7cal -­‐ Expert  Reviews
• The  role  of  ICT  in  the  Dutch  Healthcare  sector
• Policies   and   regula7ons   governing   the   use   of   ICT   in   the  
Dutch  Healthcare  sector
• Expert  review  valida7on

• Matching-­‐model   linking   requirements   with   cloud  

-­‐ Ar7fact  building  /   compu7ng  features
3 How  does...?
instrument   • Opportuni7es   and   barriers   for   Cloud   Compu7ng   in   the  
development Dutch  Healthcare  sector
• Recommenda7ons  for  stakeholders

  For  clarifying  purposes,   we  have  depicted  the  main  research  ques7on  and  sub-­‐ques7ons,  the  
corresponding   research   methodology,   the  research   deliverables  and   their   rela7onships  in   figure  1.  
Moreover,   based  on  the  meta  modeling  technique  developed  by  Professor  Brinkkemper  (Brinkkemper,  
Saeki,   &   Harmse,   1999)   we   have   elaborated   the   research   phases   and   deliverables   in   a   Process  
Deliverable  Diagram  (PDD)  which  is  depicted   in  appendix   B.   In  appendix  C   we  have  also  included  the  
GANTT  diagram  for  the  planning  of  each  research  phase.

Towards a Healthy Cloud Page 11 of 218 Juan Hernández Colomina

Figure  1:  Research  Ques*ons  and  Deliverables  

  Our  research  methodology  is  designed  per  phase  due  to  the  significant  differences  in  research  
subjects  in  phase  one  and   two,   and  the  differences  in  the  research  goal  of  phase  three.  The  first  two  
phases  focusing   on  describing  reality   to   understand  the  nature   of   two  different  parts  of  reality   (e.g.  
cloud  compu7ng   and  Dutch  healthcare)   while  the  third  phase  goal  is  to  elaborate  a  meta-­‐ar7fact   (e.g.  

  During  the  first  two  phases  of  our  research  we  conduct  descrip7ve  literature  studies  following  
the   archival   research   methodology   (Jenkins,   1985).   Addi7onally,   due   to   emerging   and   evolving  
character  of  the  concept  of  cloud  compu7ng,  we  conduct  an  online  field  study  in  the  cloud  compu7ng  
community   to   define   the   term   from   a   interpreta7ve   perspec7ve.   Field   study   methods   are  
recommended   when   the   researcher   adopts   an   interpreta7ve   research   paradigm   (Orlikowski   &  
Baroudi,  1991).  In  the  field  study  research  method  the  researcher  does  not  manipulate  any  variable  as  
he/she  only   inves7gates  a  part   of   reality   within  a  human   interac7on   context  (Jenkins,  1985).   In  the  
third  phase  of  our  research  we  follow   the  design  science  research  to  create  an  ar7fact  that   connects  
the  results  of  the  previous  two  phases.

  In  order   to   validate  the  results  of   the   first   two  phases  we  have  conducted  a  series  of   expert  
reviews  which  include  not  only   the  coordinators  of  these  thesis  but  also  several  other  experts  in  each  
of   the   two  fields.   A   descrip7on  of   these  reviews   can  be  found  further   in   this  thesis  in  the  sec7on  
discussing  the  research  methods  of  each  phase.

Towards a Healthy Cloud Page 12 of 218 Juan Hernández Colomina

5.1. Phase  1  Approach  and  Methodology
  There  has  been  few   scien7fic   research  performed  on  Cloud   Compu7ng   un7l  now   while  the  
media  is  offering  almost  on  a  daily   basis  new  and  some7mes  contradictory   defini7ons.  It  is  therefore  
crucial  to  obtain  first  a  delimited  defini7on  of  this  new  phenomenon  by  analyzing  Cloud  Compu7ng  
vendor   solu7ons  and   scien7fic   literature  as  well   as  consultants’   and   analysts'   perspec7ves.   Besides  
developing  a  defini7on,  it  is  also  important  to  be  aware  of   the  poten7al  benefits  and  risks  associated  
with  this  new  delivery  model.  

  As  we  men7oned  earlier   on  this   thesis  the  first   phase  of  our   research  follows  a   conceptual-­‐
analy7cal  research  approach  to   create  theory  (e.g.   our  defini7on  of  cloud  compu7ng)  about  a  certain  
part   of   reality   based   on   certain   valid   assump7ons  and   premises  (Järvinen,   2003).   As  we  follow   a  
interpreta7ve  paradigm  we  assume  that  the  defini7on  of  cloud  compu7ng  is  created  and  recreated  by  
humans  when   they   apply   high  levels  of   ra7onality   to  their   empirical  percep7on.   For   this  reason   we  
consider  not  only  several  publica7ons  from  relevant  human  actors  (e.g.  science,  vendors,  consultants,    
etc.)   but   also   how   the   meaning   of   the   term   is   (re)created   by   human   interac7ons   on   online  

  Our  research  is  more  concerned  with  crea7ng  theory  than  with  tes7ng  theory.  The  reason  for  
this  approach  is  that   cloud   compu7ng  is  an   emerging   paradigm   and  therefore  there  is  almost  none  
previous   scien7fic   work   available.   As   this   emerging   paradigm   is   expected   to   have   significant  
implica7ons  in   the  near   future,   it   is  first   necessary   to  create  cloud   theory   (e.g.   defini7on   of  cloud  
compu7ng)  that  can  then  be  used  in  this  thesis  as  well  as  in  future  research.  In  this  phase  we  create  
analysis   theory   due   to   the   fact   that   we   aim   to   answer   the   ques7on   “what   is   cloud  
compu7ng?”  (Gregor,  2006).  

  In   a   conceptual  analy7cal   research   approach,   proposi7ons  are   created   from   collec7ng   and  
integra7ng  exis7ng  research  results.   Theory   then  is  created  arer  observa7on  by  inducing  basic  clauses  
and  deduc7ng  proposi7ons  from  them  (Jenkins,   1985).  In  our  research   we  perform  first   an  extensive  
literature   review   on   term   cloud   compu7ng   to   complement   it   with   findings   from   our   observa7ons  
during  our   online  field  study.  We  integrate  our   finding  in  a  set  of  common  features  that  we  further  
analyze  in  detail.   Applying  deduc7ve  reasoning  we  exclude  some  of  the  features  and  include  the  rest  
in   our   research   defini7on   of   cloud   compu7ng.   Once   we   have   created   our   defini7on   of   cloud  
compu7ng  we  validate  it  with  community  reviews  and  expert  reviews.

  (A)  Literature  Study

  As  a  literature  review  is  an  essen7al  feature  of  every  scien7fic  work  we  can  find  several  papers  
on  conduc7ng  an  accurate  literature  review  in  IT  research  seungs  (Webster  &  Watson,  2002).  In  order  
to  iden7fy   the   relevant   literature,   previous  work  suggests  that   the   researcher   should  focus   on   the  
concepts  rather   than  specific   journals,   methodologies  or  geographical  loca7ons.   For   this   reason,   we  
have  applied  mainly   a  concept-­‐centric  method  in  our  search  for   relevant   ar7cles  (Webster  &  Watson,  

Towards a Healthy Cloud Page 13 of 218 Juan Hernández Colomina

2002).  Furthermore,  we  have  extended  our   literature  list  with   an  author-­‐centric   approach  to   explore  
more  ar7cles  wriOen  by  recognized  field  experts  (e.g.  Nicholas  Carr  on  cloud  compu7ng).  

  In   our   concept-­‐centric   search   process   we   have   searched   for   the   terms   “cloud”,   “cloud  
compu7ng”,   “u7lity   compu7ng”,   “HPC”,   “IaaS”,   “PaaS”,   “SaaS”,   “as-­‐a-­‐service”   among   others.   In  our  
author-­‐centric   approach  we  have  searched  for   ar7cles   wriOen  by   field  experts  (e.g.   “Nicholas  Carr”,  
“Daryl  Plummer”)   as   well  as   by   leading   IT   organiza7ons.   The   tools  that   we  used  more  intensively  
during   our  search  process  are  Utrecht  University’s  Omega  search   engine  (hOp://,  
The  ACM  digital  library  (hOp://,  IEEE  Xplore  digital  library   (hOp://,  
the   Web   of   Science   website   (hOp://   and   Google   Scholar   (hOp://   We  have  evaluated   the   ar7cles   found   by   a  backward   analysis  to   analyze   the  
cita7ons  included  in  the  paper  as  well  as  by   a  forward  analysis  to  analyzing  the  cita7ons  to  that   paper  
from  other  papers  found  in  the  Web  of  Science  website  and  Google  Scholar.  

  (B)  Online  Field  Study

  Following   an   interpreta7ve  research  paradigm   we  have   taken  into   account   not   only   a  large  
number  of  publica7ons  from  diverse  actors  (e.g.  scien7fic,  consultants,  vendor,    etc.)  but  also  how  the  
defini7on  of  cloud  compu7ng  is  (re)constructed  in  the  cloud  compu7ng   community.  For   this  reason,  
we  have  par7cipated  in  several  online  communi7es  to  observe  and  interact   with  relevant   humans  in  
crea7ng  our  own  part  of  reality  (e.g.  defini7on  of  cloud  compu7ng).  

  From   the   begging   stages   of   our   thesis   we   have   par7cipated   on   Google   Group’s   cloud  
compu7ng  Community  (hOp://­‐compu7ng),  on  several  Linkedin  cloud  
compu7ng   groups   (The   Cloud   Talk   Community   Forum,   cloud   compu7ng   Standards   Forum,   Cloud  
Storage,    etc.)  and  on  our  TwiOer  group  of  cloud   compu7ng  experts  (hOp://
cloud-­‐compu7ng/).  It  is  important  to  note  that  Google  Group  and  Linked  communi7es  focus  more  on  
formal  discussions  and  deliverables  (cloud  specifica7ons,  standards,     etc.)  while  TwiOer’s  community   is  
more  dynamic  and  includes  a  significant  larger  number   of  individual’s  contribu7ons  and  discussions.  
From  our  experience  TwiOer  was  the  most  valuable  social  network  to  obtain  and  validate  knowledge.

  Our   par7cipa7on  in  these   online  cloud  compu7ng  communi7es  can  be  regarded  as  an   online  
field   study   as  we   do   not   manipulate  any   variable  but   instead   we   just   measure  it   within  a  human  
context   (Jenkins,  1985).  Applying  field  study  techniques  on  social  networks  we  were  able  to  observe  
several   discussions   between   cloud   experts   on   the   different   features   that   the   cloud   compu7ng  
defini7on  should  include  and  which  types  of  models  are  available.  

  These  online  communi7es  have  all  a  large  number   of  members  where  some  contribute  more  
than  others  to  the  community.  In  our  TwiOer  group  of  cloud  compu7ng  experts  we  have  selected  the  
members  that  are  more  ac7ve   in  collabora7ng  and   sharing  informa7on.  The  most  ac7ve  community  
members  are  depicted  in  appendix  D  Each  community   member  has  its  own  exper7se.  Joe  Weinman  is  
for   example   considered   an   expert   in   cloud   compu7ng   economics,   Christofer   Hoff   is  a  recognized  

Towards a Healthy Cloud Page 14 of 218 Juan Hernández Colomina

security   expert   and  Simon  Wardley   is  a  regarded  as  an  Open   Source  expert   worldwide.   This  mix   of  
knowledge  and  exper7se  has  supported  us  in  our  analysis  on  which  features  should  be  included  in  the  
defini7on  of  cloud  compu7ng  and  which  not.    

  From  our  observa7ons  we  can  interpret  that  individual’s  argumenta7ons  are  oren  in  line  with  
their   employer’s  interests.   For   example   community   members  working   at   hardware  producers   (e.g.  
Cisco,  NEC,    etc.)   are  more  in  favor   of   private  cloud  models   while  individuals  working  at   web  based  
companies   focus   more   on   public   cloud   models   (e.g.   Google,   Amazon,     etc.).   We   have   carefully  
considered  this  possible  bias  in  their  opinions  when  evalua7ng  their  argumenta7ons.

  A   clear   advantage   of   this   method   is   the   large   number   of   relevant   ar7cles   that   we   have  
discovered  through  community  member’s  contribu7ons.  For   example,  through  twiOer  we  were  able  to  
obtain   recent   published   documents   just   hours   arer   they   were   available   online.   Without   our  
par7cipa7on  on  this  online  communi7es  our  literature  study   would  have  been   limited  to  the  ar7cles  
found  through  search  engines,  with  the  corresponding  crawling  delay.  Moreover,  these  plaxorms  have  
enabled  us  to  interact   with   several  cloud  compu7ng   experts  around  the  globe.   For   this  reason,   we  
highly   recommend   this  method   in   future   research,   specially   to   analyze   emerging   and/or   dynamic  
concepts  from  an  interpreta7ve  perspec7ve.  

  For  crea7ng   our  defini7on  of  cloud  compu7ng  we  analyze  first  the  basic  constructs  individually  
(e.g.   features)   to   apply   logical   reasoning   based   on   our   percep7on   (e.g.   literature   study)   and   our  
observa7ons  from  online  cloud  compu7ng   communi7es  (e.g.  online  field  study).  From  exis7ng  papers  
and  community  contribu7ons  we  have  derived  a  set  of  features  that  are  regarded  as  possible  features  
of  cloud  compu7ng  solu7ons.  Applying  the  formism  research  method  (Jenkins,  1985)  we  group  similar  
features  into  categories  and  select  those  categories  that  (1)  are  men7oned  by   several  relevant  actors  
and  (2)  they  are  corroborated  or  rejected  by  cases  in  prac7ce.  

  (C)  Expert  Reviews

  For  valida7ng  the  results  of  phase  one  we  have  followed  two  approaches.  First  we  conduct  two  
expert   reviews  with   IT   managers  to  discuss  the  possible   features   of   our  cloud  compu7ng  defini7on.  
Second  we  evaluate  our  defini7on  by  observing  several  experts  discussions  on  online  cloud  compu7ng  

  We  interview  Mr.   Gerard  Persoon,   Business  Consultancy   Manager   at   E.nova7on   and  Mr.   Kor  
Tops,  Engineering   Manager   at  the  same  organiza7on.  Mr.  Persoon  has  more  than  20   years  experience  
in  IT   having  worked  previously  for  Ernst  &   Young  for  several  years.  His  exper7se  areas  are  informa7on  
security,   IT   audits,   ITIL,   ISO   9001   and   func7onal   design.   Mr.   Tops   has   also   more   than   20   years  
experience  in   IT   and   his   exper7se   includes   among   others  IT   infrastructure   management   and   SAN  
storage  architectures.

Towards a Healthy Cloud Page 15 of 218 Juan Hernández Colomina

  The  interviews  were  unstructured  in-­‐depth  interviews  focusing  on  the  features  to   be  included  
or   excluded   on   the   defini7on.   Unstructured   in-­‐depth   interviews   are   common   in   social   sciences  
research  to  gain  deep  understanding  of  a  single  concept.  As  experts  received  the  results  of   our  first  
phase   several  weeks  before  the   interviews  took   place   we   could   directly   discuss  these  features  in  
depth.  With  the  results  of   our   expert   reviews  we  restructured  some  part  of  our   work  but   no  major  
modifica7ons  were  made  to  our  defini7on  of  cloud  compu7ng.  

  Following  our   interpreta7ve  research  paradigm  we  cannot   only  rely  on  wriOen  defini7ons  and  
a  few  expert   reviews  but   we  have  to  consider  also  how  the  meaning   of   the  term  “cloud  compu7ng”   is  
currently   (re)nego7ated  between  the   most  relevant   human  actors.   For   this  reason  we  have  further  
validated  our   defini7on  by   analyzing  relevant  discussions  on  the  most   relevant  online  communi7es.  
Due  to   the  emerging   character   of   cloud   compu7ng,   each   of   the   features   of   our   cloud   compu7ng  
defini7on   was   at   a   certain   moment   in   7me   subject   of   discussion   between   the   members   of   the  
community.  Although  we  are  aware  of  possible  biases  in  their   opinions,   several  argumenta7ons  were  
found  that  helped  us  in  our  logical  reasoning  when  including  or  excluding   features  from  our  defini7on  
of  cloud  compu7ng.  We  decide  to  include  or  exclude  a  feature  based  on:   (1)  how  many   community  
members  agree  (or  disagree)  (2)  how  many  prac7cal  cases  confirm  or  rejects  its  feasibility.  

5.2. Phase  2  Approach  and  Methodology

  The   second   phase   of   this   research   aims   to   iden7fy   the   current   trends,   challenges   and  
opportuni7es  in  the  Dutch  Healthcare  sector.  Among   others,   the  current   poli7cal  agenda,   the  role  of  
ICT   in  this  sector   and   the  policies  and  legisla7on  governing   it   are  taken   into  account.   By   analyzing  
scien7fic  and  commercial  literature  as  well  as  the  applicable  laws  and  regula7ons  this  phase  aims  to  
describe  the  current  barriers  and  opportuni7es  in  Dutch  healthcare  and  the  role  of  ICT  in  that   context.  
We   delimit   our   analysis  in   this   phase   by   focusing   on   one   of   the  largest   and   most   significant   ICT  
projects  in  The  Netherlands,  the  introduc7on  of  a  na7onal  EPR  infrastructure  (the  EPD  infrastructure).  

  In  this  phase  we  con7nue  applying  a  conceptual-­‐analy7cal  approach   to  create  theory  about  a  
certain  part  of  reality   (e.g.  IT  in  Dutch   healthcare)  based  on  certain  valid   assump7ons  and  premises  
(Järvinen,   2003).  We  start  by   crea7ng  analysis  theory  when  exploring  the  Dutch   healthcare  sector  in  
general.  We  then  con7nue  our  research  by   crea7ng  explana7on  theory   aiming  to  answer  why,  when,  
how  and  where  to   use  IT   in  the  Dutch   healthcare  context  (Gregor,  2006).   In  order  to   achieve  this  we  
apply  the  literature  study  research  method.

  Moreover,   we   follow   a   top-­‐down   approach   exploring   first   the   current   situa7on   of   the  
healthcare  sector   in  Europe  and  in  The  Netherlands  in   order   to   iden7fy   the  main   challenges  and  
opportuni7es  in  this  context.  We  con7nue  then  by   focusing  on  IT   in  the  Dutch  healthcare  sector   with  
further   explora7on  of  the  Dutch  electronic  pa7ent  records  system  EPD,   one  of  the  most  significant  IT  
infrastructures  in  that  sector.   In  order  to  facilitate  the  construc7on  of  our  matching-­‐model  in  the  next  
phase  of  our  research  we  have  focused  further  on  the  EPD  cer7fica7on  requirements.

Towards a Healthy Cloud Page 16 of 218 Juan Hernández Colomina

  (A)  Literature  Study
  As  a  literature  review  is  an  essen7al  feature  of  every  scien7fic  work  we  can  find  several  papers  
on  conduc7ng  an  accurate  literature  review  in  IT  research  seungs  (Webster  &  Watson,  2002).  In  order  
to  iden7fy   the   relevant   literature,   previous  work  suggests  that   the   researcher   should  focus   on   the  
concepts  rather   than  specific   journals,   methodologies  or  geographical  loca7ons.   For   this   reason,   we  
have  applied  mainly   a  concept-­‐centric  method  in  our  search  for   relevant   ar7cles  (Webster  &  Watson,  
2002).  Furthermore,  we  have  extended  our   literature  list  with   an  author-­‐centric   approach  to   explore  
more  ar7cles  wriOen  by  recognized  field  experts  or  very  significant  organiza7ons.  

  In   our   concept-­‐centric   search   process  we  have   searched   for   the   terms  “healthcare   IT”,   “e-­‐
Health”  and  “Dutch  healthcare  IT”   among  others.  In  our   author-­‐centric  approach  we  have  searched  for  
ar7cles  wriOen  by  field  experts  (e.g.  “Stroetmann”)  as  well  as  by   relevant  public  bodies  and  relevant  
organiza7ons  (e.g.  “European  Commission”,  “Dutch  Ministry  of  Healthcare”,  “NICTIZ”,    etc.)

  The  tools   that   we  used  more  intensively   during   our   search   process  are  Utrecht   University’s  
Omega  search  engine  (hOp://,   The  ACM  digital  library  (hOp://,  IEEE  
Xplore   digital   library   (hOp://,   the   Web   of   Science   website   (hOp://   and   Google   Scholar   (hOp://   We   have   evaluated   the  
ar7cles   found  by   a  backward  analysis  to  analyze  the  cita7ons  included  in  the   paper  as  well  as  by   a  
forward   analysis  to   analyzing   the   cita7ons  to   that   paper   from   other   papers   found   in   the   Web   of  
Science  website  and  Google  Scholar.  

  (B)  Expert  Reviews

  Our  analysis  of  the  (Dutch)  healthcare  sector,  the  role  of  IT   in  that  sector  and  our  selec7on  of  
the  EPD  as  the  most   significant   current   IT   project   in  The  Netherlands   were  further   validated  by   an  
expert   review   with  Mr   Bert  Kabbes.  Mr   Kabbes  is  Senior   Business  Consultant  at  E.Nova7on  and  has  
more  than   20   years  experience  as   interim  director   of   several  Dutch  hospitals.   The   unstructured  in-­‐
depth   interview   confirmed   our   percep7on   of   the   challenges   and   opportuni7es   in   the   (Dutch)  
healthcare  sector  as  well  as  the  role  of  IT  in  the  EPD  context.   We  did  not   perform  addi7onal  valida7on  
on  this  phase  as  the  main  deliverable  to   be  used  in  the  next  phase  are  the  EPD   requirements  which  
are  explicitly  described  by  NICTIZ  and  therefore  easy  to  verify  by  anyone.

5.3. Phase  3  Approach  and  Methodology

  In  the  third  phase  of  our  research  we  shir  our  approach  from  conceptual-­‐analy7cal  to  ar7fact  
building   (Järvinen,   2008).   For   this   reason,   in   this   phase   we   have   applied   the   design   science  
methodology  to  construct  a  meta-­‐ar7fact   (e.g.   matching-­‐model)  based  on  our   previous  two  research  
phases  that   support   Dutch   healthcare  organiza7ons  when   deploying   cloud   compu7ng   solu7ons  to  
connect  to  the  EPD.   The  design  science  approach  is  one  of  the  most  popular   research  approaches  in  

Towards a Healthy Cloud Page 17 of 218 Juan Hernández Colomina

the  IS   field  and  it  has  already   been   applied  from  an  interpreta7ve  perspec7ve  like  ours  (Iivari,  2007)  
(Hevner  et  al.,  2004).  

  Design   science   can   be   defined   in   general   as   crea7ng   innova7ons   that   improve   humans  
capabili7es  (March  &   Smith,  1995)   (Hevner  et  al.,  2004).   In  prac7ce  we  can  observe  that  most  of  the  
work  carried  out   by   IS  prac77oners  focuses  on  designing  the  purposeful  alloca7on  of  resources  to  
accomplish  an  organiza7onal  goal  (Hevner  et  al.,   2004).  For  this  reason  most  IT  projects  are  designed  
to   improve  opera7onal  efficiency   and   effec7veness.   This  is   also   the  essence  of   the  design  science  
approach   as   it   is   a   problem-­‐solving   paradigm   that   focuses  on   crea7ng   ar7facts   that   support   the  
effec7ve  and   efficient  use  of  informa7on  systems  in  organiza7ons  (Hevner  et  al.,   2004).   The  goal  of  
our  matching-­‐model  is  therefore  to  support  prac77oners  in  the  deployment  of  solu7ons  following  the  
cloud  compu7ng   model  that  could  improve  organiza7onal  performance  of  healthcare  organiza7ons  in  
the  na7onal  pa7ent  system  context.

  According   to   Iivary's   ontology   of   design   science   the   third   phase   of   our   research   can   be  
classified  as  World  3,  this  means  that  the  explana7on  to  reality  is  achieved  by  meta  IT  ar7facts  as  we  
aim  to  develop  "new   types  of  theories  made  possible  by  IT  ar7facts"  (Iivari,  2007).   The  theory   we  aim  
to  create  is  found  in  our  matching-­‐model  where  we  aim  to  explore  the  challenges  and  opportuni7es  of  
cloud  compu7ng  in  Dutch  healthcare.

  Within   the   design   science  research   approach   we  can   observe   two   main   ac7vi7es:   ar7fact  
building  and  ar7fact  evalua7on  (Hevner   et  al.,  2004)  (March  &  Smith,  1995)  (Iivari,  2007).  The  purpose  
of   this   research   approach   can   be   therefore   found   in   two   dimensions:   crea7ng   an   ar7fact   to  
demonstrate  that  such  an  ar7fact  can  be  build  and  evalua7ng  its  performance  against  specific  criteria.  

  (A)  Ar*fact  Building

  According  to  previous  research   there   are  four   types   of  design   science  products:   constructs,  
models,  methods   and  implementa7ons  (March  &   Smith,   1995).   Our   research  aims  to  build  a  meta-­‐
ar7fact  (e.g.  matching-­‐model)  to  evaluate  the  applicability  of  cloud  compu7ng  in  the  Dutch  healthcare  
context  by  analyzing  the  support  (or  delimita7on)  of  cloud  compu7ng  features  in  EPD  requirements.  

  The  crea7on  of   knowledge  in  design  science  is  based  on  a  set   of   basic  assump7ons  (e.g.  kernel  
theories)   that   are   applied   and   modified   by   the   researcher's   experience,   crea7vity,   intui7on   and  
problem-­‐solving   capabili7es  (Hevner  et  al.,  2004).  We  have  elaborated   our  kernel  theories  during  the  
first  research  phases  that   have  resulted  in  two  basic  constructs:  our  defini7on  of  cloud  compu7ng  and  
the  lists  of  requirements  to  connect  to  the  Dutch  na7onal  pa7ent  infrastructure  (EPD).  

  Previous  work  on   design   science  has  iden7fied  eight   main   components   of   a  design   theory  
(Gregor  &  Jones,  2007).  The  design  theory  must  state  its  purpose  and  scope  as  well  as  the  principles  of  
form   and   func7on  for   the  use   of   constructs.   The  validity   of   the  theory   is  improved  by   addressing  
ar7fact   mutability,  tes7ng    proposi7ons  and  jus7fying  knowledge  through  kernel  theories.  The  theory  

Towards a Healthy Cloud Page 18 of 218 Juan Hernández Colomina

is   finally   put   into   prac7ce  by   following   principles  of   implementa7on  and  developing  an  expository  

  The   purpose   of   our   design   science   theory   is  to   explore   the  feasibility   of   cloud   compu7ng  
solu7ons  in  an  specific   scope  determined   by   the  characteris7cs  of  the  Dutch   healthcare   sector.   We  
provide  a  extensive  descrip7on  in  phase  one   and  two  about  how  we  build  our   two  basic   constructs  
and  the  kernel  theories  applied  in  the  process.   To  reduce  the  risk  of  ar7fact  mutability   we  validate  our  
two  basic  constructs  before  including  them  in  our  matching-­‐model.   Due  to  the  innova7ve  character  of  
our  research  subject   (e.g.  cloud  compu7ng)  we  could  not  perform  any  implementa7on  or  instan7a7on  
of  the  matching-­‐model.  However,  these  does  not   represent   a  cri7cal  shortcoming   in  our  research   as  
these  components  are  regarded  in  previous  work  as  addi7onal  non-­‐core  components  (Gregor  &  Jones,  

  Transparency   on   the   construc7on   of   meta-­‐ar7facts  in   design   science   is   regarded   by   some  

authors  as  an  important  requirement  (Iivari,   2007).   For  this  reason,  in  the  first  two  phases   we  have  
described   in  detail  the  process  of  crea7ng  and  the  basic   elements  of  our  matching-­‐model:  our  cloud  
compu7ng  defini7on  and  the  requirements  to  connect  to  the  EPD.  

  The   main   goal   of   the  ar7fact   building   research   approach   is  to   explore   if   a  certain   ar7fact  
(abstract   or   concrete)   can   be   constructed   (Järvinen,   2000).   By   building   our   matching-­‐model   we  
demonstrate  therefore  that  such  meta-­‐ar7fact  can  be  build  based  on  our   assump7ons  and  premises.  
Moreover,  our  matching-­‐model  can  be  used  as  an  intellectual  tool  to  support  human  problem-­‐solving  
and  improve  organiza7onal  capabili7es  in  the  Dutch  healthcare  context  which  is  a  common  goal  found  
in  design  science  research  (Hevner  et  al.,  2004).    

  When   execu7ng   the  third   phase   of   our   research   we  have  followed  Hevner's  guidelines  for  
design  science  in  IS  research  (Hevner  et   al.,  2004).  This  guidelines  are  based   on  the  assump7on  that  
knowledge   over   a   design   problem   and   its   solu7on   is   created   when   building   and   applying   an  
ar7fact.   According   to   Hevner,   design   science   research   focuses   on   the   crea7on   of   an   innova7ve  
purposeful   ar7facts   for   a  specific   problem   domain   where   the   ar7fact   aims   to   solve   an   unsolved  
problem  or  a  known  problem  in  a  more  efficient  or  effec7ve  way.  For  this  reason,  the  ar7fact  must  be  
rigorously   defined,   formally   represented,   coherent,   internally   consistent   and   evaluated.   Hevner's  
guidelines  for  design  science  research  are  depicted  in  table  3.

Towards a Healthy Cloud Page 19 of 218 Juan Hernández Colomina

Table  3:  Hevner’s  design  science  research  guidelines  (Hevner  et  al.,  2004)

Guideline Descrip*on

Design-­‐science  research  must  produce  a  viable  ar7fact  in  the  form  of  a  construct,  a  
(1)  Design  as  an  ar7fact
model,  a  method,  or  an  instan7a7on.
The  objec7ve  of  design-­‐science  research  is  to  develop  technology-­‐based  solu7ons  
(2)  Problem  Relevance
to  important  and  relevant  business  problems.
The  u7lity,  quality,  and  efficacy  of  a  design  ar7fact  must  be  rigorously  demonstrated  
(3)  Design  Evalua7on
via  well-­‐executed  evalua7on  methods.
Effec7ve  design-­‐science  research  must  provide  clear  and  verifiable  contribu7ons  in  
(4)  Research  Contribu7ons
the  areas  of  the  design  ar7fact,  design  founda7ons,  and/or  design  methodologies.
Design-­‐science  research  relies  upon  the  applica7on  of  rigorous  methods  in  both  the  
(5)  Research  Rigor
construc7on  and  evalua7on  of  the  design  ar7fact.
The  search  for  an  effec7ve  ar7fact  requires  u7lizing  available  means  to  reach  
(6)  Design  as  a  Search  Process
desired  ends  while  sa7sfying  laws  in  the  problem  environment.
Design-­‐science  research  must  be  presented  effec7vely  both  to  technology-­‐oriented  
(7)  Communica7on  of  Research
as  well  as  management-­‐oriented  audiences.

  It   is   important   to   note   that   this   guidelines   should   not   be   considered   mandatory   as   the  
researcher  must  use  his/her   crea7ve  skills  and  judgment   to  determine  when,  where  and  how  to  apply  
each  guideline  in  an  specific  research  (Hevner   et  al.,   2004).  The  applica7on  of  these  guidelines  in  our  
ar7fact  building  process  is  described  further   in  this  research  when  describing   the   elabora7on  of  our  
matching-­‐model  in  the  third  phase  of  our  research.

  (B)  Ar*fact  Evalua*on

  The   field  of  design  science  in  IS   research  is  regarded  in  previous  work  as  an  applied  science  
discipline  reflec7ng  the  importance  of   IT  (meta-­‐)ar7facts  that  enable  the  development  of  concrete  IT  
applica7ons  (Iivari,  2007).   This  is  also   the   main  goal  of  our  research,  to  develop   a  meta-­‐ar7fact   (our  
matching-­‐model)   to   facilitate  the   deployment   of   cloud   compu7ng   solu7ons  in   an   specific   context  
(healthcare  in  The  Netherlands).  A  design  science  ar7fact  can  therefore  be  evaluated  by  analyzing  how  
that   ar7fact   achieves  its  goal   in  prac7ce  (u7lity   and  quality)   and  how   efficient   it   is  in   achieving   it  
(Hevner  et  al.,  2004).  However,  there  are  significant  barriers  for  evalua7ng  ar7facts  as  they  are  related  
to  the  environment  where  they  operate  (March  &  Smith,  1995).

  According  to  previous  work,   the  resul7ng  meta-­‐ar7facts  must   include  knowledge  that  enables  
product   and  process  design   (Iivari,   2007).  We   believe  that   our   matching-­‐model  contains  knowledge  
that   can  support  prac77oners  in  the  design  of  new  (or   modified)  cloud  products  and  as  well  as  in  the  
design  of  cloud  related  processes.  By  matching  a  poten7al  solu7on  with  our  cloud  compu7ng  features  
and  evalua7ng  the  requirements  enforced  by  NICTIZ  an  organiza7on  can   select  the  solu7on  that  best  
fits  their  needs  in  that  context.

Towards a Healthy Cloud Page 20 of 218 Juan Hernández Colomina

  It   is  important   to  note  that   although  we  could  not   create  an   instan7a7on  of   the  matching-­‐
model  in  prac7ce  we  validated  its  completeness  and  accuracy   with  expert  reviews  and  es7mated   its  
usability,  func7onality   and  consistency  with  the  same  method.  More  details  on  the  expert  reviews  of  
our  matching-­‐model  can  be  found  in  the  sec7on  describing  the  third  phase  of  our  research.

  A  final  remark  should  be  made  on  the  fact  that  the  quality  of  design  science  ar7facts  improves  
when   subsequent   evalua7ons   are   performed   as   they   oren   result   in   incremental   improvements  
(Hevner  et  al.,  2004)  (Gregor  &  Jones,  2007).   However,  we  could  not  improve  any  exis7ng  model  as  we  
could  not  find  any   similar  meta-­‐ar7fact  in  previous  literature.  For   this  reason  we  had  to  create  a  new  
meta-­‐ar7fact  that  can  be  evaluated  and  improved  in  further   research.  This  is  a  typical  situa7on  when  
applying   design   science   to   build   new   or   innova7ve  ar7facts  as   theories  over   the   applica7on   and  
impact  of  these  ar7facts  can  be  created  once  the  ar7facts  are  applied  in  prac7ce  (Hevner  et  al.,  2004).

6. Prac*cal  and  Scien*fic  Contribu*on

(A) Prac*cal  Contribu*on
  The   prac7cal  contribu7on  of  this  research   can   be  found  in  current  ICT   trends  and  the  actual  
economic  environment.   The  current  global  economic  malaise  triggered   by   the  credit  crisis  during  the  
last  quarter   of   2008   has  affected  all  kinds  of  companies  around   the   world.   Due  to  the  lack  of  credit  
and  credibility  in  financial  markets,  informa7on  and  communica7on  (ICT)  firms  and  departments  must  
carefully  evaluate  every   new   project  to  make  sure  it  provides  the  business  value  needed  under  these  
circumstances.   Specially  during  7mes  of  economic   recession,   IT   managers  are  increasingly  required  to  
be  crea7ve  in   finding  solu7ons  that   would  reduce   their   IT  budgets  (Molenaar,   2009).  In  this  context,  
ICT  companies  and  departments  are  trying  to  evaluate  all  possible  ways  to  reduce  costs  or  to  increase  
performance.  One  of  these  approaches  is  ‘Lean  IT’  (Zaal,  2009)  which  aims  to  solve  the  problem  of  ICT  
“overweight”   and   avoid   overspending.   Other   increasingly   popular   approaches   are   Sorware   as   a  
Service  (SaaS),  Infrastructure  as  a  Service  (IaaS)  and  Cloud  Compu7ng.  

  According   to   some  authors,   the   way   companies   make  use   of   ICT   is  recently   changing   to  a  
paradigm  where  infrastructures  and  applica7ons  become  u7li7es  and  will  simply  come  out  off  the  wall  
like  common  u7li7es  do  (e.g.   electricity).  In  his  books  “Does  IT  maOer”  and  “ The  Big  Switch”   Nicholas  
Carr   predicts   the   end   of   corporate   ICT   departments   due   to   the   increasing   standardiza7on   and  
availability  of  technological  infrastructures  and  applica7ons  (Molenaar,   2009).  Mr   Carr  affirms  that  this  
situa7on  will  realize  savings  of  unused  server  and  storage  capacity  as  well  as  on  human  resources.

  However,   not   all   ICT   experts   agree   fully   with   Carr’s   predic7ons.   Mr   Ron   Tolido   (CTO   of  
Capgemini  in  The  Netherlands)  notes  that   applica7ons  that   can  be  standardized   (the  great   majority)  
should  be  contracted  off  the  wall,   realloca7ng  their  costs  to  those  essen7al  applica7ons  (the  minority)  
that  contribute  to   an  organiza7on’s  compe77ve  advantage  (Molenaar,  2009).   Other  experts,  like  Prof.  
dr.   Chris  Verhoef   of   Vrije  Universiteit   Amsterdam,   affirms  that   ICT   s7ll  provides  companies  with  a  

Towards a Healthy Cloud Page 21 of 218 Juan Hernández Colomina

compe77ve  edge  to  differen7ate  themselves  from  their   compe7tors  by   applying  infrastructures  and  
applica7ons  designed  according  to  specific  business  processes  and  by  solving  specific  business  needs.  

  The  growing   popularity  and  adop7on  of  SaaS  and  IaaS  technologies  are  clear  examples  of  the  
switch  that  ICT  is  experiencing  towards  a  service  model  delivered  through  internet  technologies.   Some  
important   players  in  the  ICT   industry   (e.g.  HP,  Microsor,     etc.)  are  using   terms  like  ‘everything  as  a  
service'   where   the   internet   is   extended   to   the   enterprise   instead   of   the   enterprise   being   just  
connected   to   the   internet.   This   new   vision   requires   new   forms   of   understanding   and   organizing  
enterprises  and  their  value  chains.  

  In  their   2008  predic7ons  (Plummer  &  McGee,  2008)  Gartner   research  an7cipated  the  growing  
popularity   of   SaaS   and  Cloud   Compu7ng   as  viable   op7ons  to   internal  systems  and  outsourcing.   In  
accordance  with  Gartner’s  predic7ons,   web  technologies  had   become  the  main  trigger  for  business  
innova7on.  It  is  clear  that  in  the  context   of  these  new  emerging  delivery  models,  IT   capabili7es  will  
evolve  significantly   due  to  disrup7ve  changes  in  what  end  users  will  buy  and   how  they  will  pay  for  it.  
Network   services   and   service   orchestra7on   will   therefore   become   more   cri7cal   to   business  
performance  because  they  enable  the  use  of  other  sorware  and  hardware.

  In  the  annual  Gartner’s  CIO  survey  (McGee  et  al.,  2008),  strategic  ICT  focus,  the  use  of  specific  
business  metrics  to  quan7fy  ICT’s  value  and  the  priori7za7on  of  ICT  projects  are  believed  to  create  the  
greatest  growth  opportuni7es  for   enterprises  during  the  coming  years.  CIOs  around  the  world  believe  
their   department   can   play   a   crucial   role   in   the   short   term   by   improving   business   processes   and  
workforce  performance  while  controlling   costs.   On  the  long   term   technology   can  also   enable  new  
strategic  capabili7es  for  organiza7ons.    

  This  switch   in  CIOs’  agendas  and  the  increasingly   popular   concept  of   compu7ng  u7li7es  have  
inspired   this   research.   Although   tradi7onal   strategies   (e.g.   opera7onal   efficiency,   product  
differen7a7on,     etc.)   remain   essen7al  requirements  for   success,   an  enterprise   needs   nowadays  to  
dynamically  adapt  its  ICT  organiza7on  to  rapidly  changing  business  needs  in  order  to  aOract  and  retain  
customers  (McGee  et  al.,  2008).  The  focus  is  nowadays  not  strictly   on  technological  management  but    
on   7mely   changing  the  firm’s  capabili7es  to  enforce  its  compe77veness.  Not   reac7ng   or   reac7ng  too  
late  to  customer’s  demand  can  have  direct  consequences  for  organiza7onal  performance.

  It  is  also  important  to  note  that  “Delivering  projects  that  enable  business  growth”  and  “Linking  
business  and  IT  strategies  and  plans”  have  been  CIOs’   top  two  priori7es  during    the  last  years  (2005  to  
2007)   (McGee  et   al.,   2008).   These  two  main   priori7es   are   followed  by   “Improving   the  quality   of  IT  
service  delivery”   and   “Demonstra7ng  the  business  value  of  IT”  among   others.   A   business  driven  ICT  
organiza7on  has  therefore  become  one  of  the  most  important  objec7ves  of  current  CIOs.

Towards a Healthy Cloud Page 22 of 218 Juan Hernández Colomina

  The   growing   popularity   of   Cloud   Compu7ng   contributes   to   the   realiza7on   of   ‘real-­‐7me  
infrastructure’   (RTI)   which   results  in   substan7ally   lower   costs,   higher   service   levels  and   improved  
agility   (McGee   et   al.,   2008).   This  approach   facilitates  the  automa7on   and  dynamic   adjustment  of  an  
organiza7on’s  technological  infrastructure  to  fulfill  cri7cal  business  needs  at  a  par7cular   point  in  7me  
and  their  rapid  changes  in  the  future.  

  Another   important   trend   no7ced   by   Gartner   is  the   idea  that   Service   Oriented   Architecture  
(SOA)  will  become  the  standard  design  for  more  than  80%  of  new  and  mission-­‐cri7cal  applica7ons  and  
business  processes  by   2010.   Consequently   redundant  and  irrelevant  applica7ons  will  be  phaced  out.  
According  to  Gartner  (McGee  et   al.,  2008),  “the  future  applica7on  environment  will  be  more  granular,  
inclusive  and  fluid  to  enable  rapid  composi7on,  integra7on,  orchestra7on  and  reuse.”

(B) Scien*fic  Contribu*on

  A   great  deal  of   previous   IS   research   has   focused  on   the  con7nuos  rela7onships  between   IT,  
individuals   and   organiza7ons   with   a   focus   on   the   social   processes   surrounding   the  
deployment,   development,   use,   misuse   or   disuse   of   IT   (Orlikowski   &   Baroudi,   1991).   Our   work  
con7nues  this  path   by   analyzing   the  feasibility   of  emerging  cloud  compu7ng  solu7ons  in   the  Dutch  
electronic  pa7ent  records  system.  The  rela7onships  between  IT  consumers  and  IT  providers  has  been  
subject   of   several  IS   researches   (Orlikowski   &   Baroudi,   1991).   As   cloud   compu7ng   is  expected   to  
disrup7vely   transform  this  rela7onship,  our  work   can  be  further  applied  in  future  research  related  to  
this  delivery  model  in  Dutch  healthcare  environments.    

  In  previous  scien7fic   papers  we  can  find  six   main  types  of   research  outputs  (descrip7ons  of  
reality,  constructs,  models,  methods,  instan7a7ons  and   proofs)  depending   on  the  research  approach  
followed  (Järvinen,   2000).   During   our   research  we  provide  descrip7ons   of  two  parts  of   reality   (e.g.  
cloud  compu7ng  and  IT  in  Dutch   healthcare)  to  construct  our   defini7on  of  cloud  compu7ng  and  our  
matching-­‐model.  Moreover,  we  cannot   find  the  same  combina7on  of  methods  that  we  have  applied  
during  our  research  which  cons7tutes  an  addi7on  to  the  research  body  of  knowledge.

  The  extensive   analysis  and  descrip7ons  about   parts  of   reality   in  phase  one  and   two   of  our  
thesis  are  specially  valuable  in  research  seung   with  few  knowledge  available  about   some  phenomena  
(Gregor,  2006).  We  create  our  defini7on  of  cloud  compu7ng  from  an  interpreta7ve  perspec7ve  taking  
into   account   how   its   meaning   is   (re)created   by   human   interac7on   on   online   communi7es.   This  
methodology  can  also  be  regarded  as  an  addi7on  to  the  body   of  knowledge  of  research  methods  as  it  
has  not  yet   been  oren  applied  in  previous  research.  Moreover  by  delivering  a  consistent  defini7on  of  
the  concept  we  facilitate  future  cloud  compu7ng  research.

  In   general,   the   design   science  building-­‐ar7fact   approach   applied   in   the   third   phase  of   our  
research   aims  to  create  a   certain  abstract   or   concrete   ar7fact   (e.g.   system,   model,   method,     etc.)  
(Järvinen,   2000).   Following   this  approach   we   have  created   a   matching-­‐model  to   link   the  two   basic  
constructs   created   in   the   first   two   phases.   As   in   previous   design   science   research   the   scien7fic  

Towards a Healthy Cloud Page 23 of 218 Juan Hernández Colomina

contribu7on  of  this  part  of  our  work  can  be  measured  by  examining  the  suitability   of  our  ar7fact  to  an  
specific   context  and  the  addi7ons  to  the  knowledge  base  from  our   research  findings  (Hevner   et   al.,  
2004).  In  our  research   the  suitability   of  our  ar7fact  has  been  es7mated  by   expert  reviews  while  our  
cloud  compu7ng  defini7on  and  our  matching-­‐model  can  be  regarded  as  the  most  significant  addi7ons  
to  the  IS  body  of  knowledge  base.  

  According  to  Gregor's  taxonomy  types  and  research  ques7ons  in  IS  research  the  theory  created  
in   our   research  can   be  classified  as  Analysis  (phase  one),   Analysis   and  Explana7on  (phase  two)   and  
Design   (phase  3)  (Gregor,   2006).  This  classifica7on  is  derived   from   the  type  of  research  ques7on  that  
we  aim  to  answer.   In  our  first  research  phase  we  focus  primarily  on  what  is  cloud  compu7ng  (Analysis  
theory)  while  in  the  second  phase  we  add  also  ques7ons  related  to  why,  when,  how  and  where  to  use  
IT  in  Dutch  healthcare  (Explana7on  theory).  With  our  matching-­‐model  we  create  Design  Theory  as  we  
aim  to  answer  the  ques7on  on  how  to  use  cloud  compu7ng  in  the  EPD  context.

  Theory   that   analyses  some  part  of   reality   is  specially   valuable   when  there  is  few  knowledge  
about   some  phenomena  (Gregor,   2006).   This  is  also   the  case  in  our   research  as  there  is  almost   no  
scien7fic  publica7ons  on  cloud  compu7ng.  Theory   for  explaining  is  oren  concerned  with  how  and  why  
some  phenomena  takes  place  (Gregor,  2006).  This  is  what  we  have  aimed  to  do  in  our  second  research  
phase  where  we  inves7gate  the  requirements  to  use  IT  in  Dutch  healthcare  (how)  and  the  mo7va7on  
to  use  an   specific   system  (why).  In  the  design  type  of   theory   the   focus   lies  on  how  (e.g.   func7ons,  
models,   methods,     etc.)   to  support   IS   development   as  it   the  case   of   our   matching-­‐model(Gregor,  

  The  interconnec7on  between  the  types  of   theories  has  also  been  subject  of  previous  research  
(Gregor,   2006).   Theories  for   Design  are   derived   from   theories  for   Explaining   and  Analyzing   among  
others,   while   theories   for   Explaining   are   strictly   derived   from   theories   for   Analyzing.   These  
interconnec7ons  are  also  reflected  in  our  research  as  we  have  designed  our  matching-­‐model  based  on  
our  previous  analysis  and  explana7on  in  building  our  basic  constructs  in  the  first  two  phases.

  Previous   work   has   shown   how   pluralism   of   paradigms,   approaches   and   methodologies   is  
essen7al  for   a  good   IS   research   agenda  (Chen   &   Hirschheim,   2004).   It   is  therefore  essen7al  that  
researchers  consider  different   approaches  and  methods  (other  than  the  dominant  ones)  to  contribute  
to  the  body   of  knowledge  of  IS  research.  This  is  reflected  on  the  fact  that  the  interpreta7ve  research  
approach  is  gaining  popularity   and   acceptance  by   major  journals  (e.g.  MIS  Quarterly)  during  the  last  
decade  being  applied  by  an   increasingly   number   of  published  researches.  It  is  important   to  note  that  
applying  different  research  perspec7ves  can  poten7ally  lead  to  significant  improvements  in  IS  research  
(Orlikowski  &   Baroudi,   1991).   Our  applica7on  of  the  interpreta7ve  approach  in  an  IS  research   leads  
therefore  to  pluralism  in  IS  research  as  it  is  not  a  dominant  approach  in  that  field.

Towards a Healthy Cloud Page 24 of 218 Juan Hernández Colomina

7. Research  Validity
  In  general,  a  research’s  validity  can  be  measured  by  examining  the  applicability  of  the  results  to  
different   (sub)popula7ons  and  other   seungs   (generaliza7on   and   external  validity),   the  accuracy   of  
those  results  (internal  validity)  and  reliability  through  replicability  (Jenkins,  1985).  

  To  overcome  one  of   the  most  common  mistakes  in  design  science  research  (the  overemphasis  
on   technology)  we  have  also   carefully   considered  the  organiza7onal  embedding  of  IT  in  our  research  
(Hevner   et   al.,   2004).   For   this   reason,   we  have  analyze   not   only   emerging   technology   (e.g.   cloud  
compu7ng  solu7ons)  but  also  how  it  can  be  applied  in  an  specific  context  (e.g.  Dutch  healthcare).  

  As  we  focus   our   research   on  a  specific   sector   and   country,   the  generaliza7on  and  external  
validity   of   our   research   is  limited   to   all  organiza7ons  in  that   country   and  sector.   According   to   the  
expert  reviews  performed,  our  results  can  be  applied  to  all  Dutch  healthcare  organiza7ons  considering  
cloud  compu7ng  solu7ons  to  connect  to  the  electronic  na7onal  records  system.  Although  the  accuracy  
of  our  results  has  been  evaluated  arer   each  phase  of  our  research  we  believe  that  it  should  be  further  
evaluated  applying   our  model  in  a  real  life  situa7on.  Incremental  improvement  of  ar7facts  over  7me  
are  typical  in  design  science  research,  specially  when   inves7ga7ng  evolving   IT  phenomena  (Hevner  et  
al.,   2004).   Taking  into  account   our   research  paradigm,   approach   and   methods  we  believe  that   our  
research  can  be  replicated  leading  to  the  same  results.    

  A   remark   should   be   made   on   the   fact   that   many   previous   design   science   research   was  
accomplished  in  situa7ons  where  the  exis7ng  knowledge  base  was  insufficient  (Hevner  et   al.,  2004).  In  
our   case  we  could  not  find  much  available  knowledge  regarding  cloud  compu7ng  and  its  applicability  
on  a  Dutch  healthcare  seung.  For  this  reason,   we  had   to  rely   on   intui7on,   experience  and  trial-­‐and-­‐
error   methods  to   achieve   our   research   goal   (Hevner   et   al.,   2004).   Nevertheless,   to   improve   the  
internal  validity  of  our  findings  we  have  described  our  research  approach  and  methods  in  each  phase.

  A   final  remark   should   be  made  on   the  fact   in   accordance   with   our   interpreta7ve  research  
perspec7ve   our   findings   are   as   a   part   of   our   human   constructed   reality   also   limited   by   our  
interpreta7on  of  reality  and  our  human  reasoning  capabili7es.


Towards a Healthy Cloud Page 25 of 218 Juan Hernández Colomina

Research  Phase  1:  Defini*on  of  Cloud  Compu*ng
  There  are  a  lot  of  expecta7ons  on  Cloud  Compu7ng  as  it  is  believed  to  disrup7vely  transform  
the  deployment   and  management   of  IT  resources,   minimize  implementa7on   and  opera7onal  costs,  
accelerate   innova7on   and   improve   applica7on’s   7me-­‐to-­‐market   and   scalability   (Spinola,   2009).  
According  to  Capgemini,   Cloud  Compu7ng   represents  a  new  IT  delivery   method   that   is  expected  to  
change  the  way   of  doing  business   in  the  near   future   (Ross,   Payling,   &   Gough,   2008).   As  users  are  
focusing   increasingly   on   the   capabili7es   provided   instead   of   the   underlaying   infrastructure   it   has  
become  more  important  how  services  are  consumed  rather  than  how  they   are  deployed  (Stevens  &  
PeOey,  2008).

  Cloud  Compu7ng  is  expected   to  transform   the  IT   industry   deeply   in  the  coming   years  as  it  
represents  the  first  steps  towards  U7lity  Compu7ng.   This  development  is  a  direct  consequence  of  the  
increasing  standardiza7on  and  consumeriza7on  of  IT  capabili7es.  According  to  The  Wall  Street   Journal  
the  Cloud   Compu7ng  industry   is  es7mated  to   reach  $42  billion   turnover   by   2012   which  represents  
around  half  of  the  current  sorware  industry  worldwide  (Hinchcliffe,  2009)  (McLaughlin,  2009a).

  In   a   recent   research   among   Dutch   ICT   providers,   around   70%   of   them   expect   that   their  
turnover   is  going  to  increase  during   2009   (Wijkstra,   2009).   They   are  experiencing  a  shir   in  focus  of  
their  IT  budgets.   Instead  of   considering   investments  in  networks,  infrastructure  and  storage  they  are  
increasingly   considering  SaaS  and  Cloud  Compu7ng  as  interes7ng  outsourcing  alterna7ves  (Wijkstra,  
2009).   This  is   specially   the  case   in   public,   semi-­‐public   and   Health   Care  organiza7ons.   The   shir   in  
investment  alterna7ves  is  depicted  in  figure  2.

Figure  2:  ICT  Investments  areas  2009  &  2008  (Marquit  Research,  May  2009)

31% 29%
21% 21% 24%
20% 19% 19%
13% 10% 10%

Virtualization SaaS Outsourcing Security Cloud Computing Storage Infrastructure Networks

2008 2009

                         Although  the  concept  of   Cloud  Compu7ng  has  emerged  around  2006   it  has  already  generated  
an  unprecedented  hype  in  the  IT   industry.   Almost   all  major   hardware  and  sorware  manufacturers,  
consultant   organiza7ons,   analysts   and   telecom   providers   have   become   highly   involved   in   Cloud  

Towards a Healthy Cloud Page 26 of 218 Juan Hernández Colomina

Compu7ng   during   2009.   A   great   diversity   of   offerings   has   been   launched   recently   ranging   from  
sorware  and  advise  to  build  clouds,  to  sorware  services  or  on-­‐demand  infrastructures.

  As   almost   all  the  major   ICT   vendors   are  rolling   out   their   Cloud   Compu7ng   solu7ons   during  
2009,   they   try   to   convince   enterprise   users   that   they   are   the   “one   and   only”   Cloud   Compu7ng  
plaxorm  suppor7ng   their   arguments  with   yet   another   defini7on   of  the  cloud   (Golden,   2009).   It   is  
therefore   needed   to   define   the   term   Cloud   Compu7ng   and   facilitate   its   comparison   with   other  
compu7ng  forms  as  well  as  to  iden7fy  its  main  challenges  and  opportuni7es  (Armbrust  et  al.,  2009).

  In  the  following   sec7ons  we   analyze  different   perspec7ves  on  Cloud   Compu7ng  to  combine  
them  into  a  defini7on  to  be  used  further  in  our  research.   We  start  delimi7ng  the  scope  of  our  analysis  
by  describing  the  most  relevant  developments  on  the  business  and  IT  fields  that  can  be  related  to  this  
new  delivery  model.   Once  the  context  has  been  delimited,  we  elaborate  a  research  defini7on  of  Cloud  
Compu7ng  by   analyzing  previous  defini7ons  from  scien7fic  papers,  commercial  media,   ICT  analysts,  
consultants  and  standards  organiza7ons.  

  Based  on  our  defini7on  of  Cloud  Compu7ng,  we  con7nue  this  phase  by   providing  a  taxonomy  
of   cloud   services   and   a   brief   descrip7on   of   its   most   relevant   use   paOerns   and   economic  
considera7ons.  Furthermore,  we  con7nue  our  analysis  by  describing  the  risks  associated  with  this  new  
model  with  a  special  focus  on  security.  We  conclude  this  phase  by   providing  a  vendor  analysis  of  the  
three  most  popular  IaaS  and  PaaS  solu7ons  and  some  models  to  support  the  evalua7on  and  adop7on  
of  current   offerings.  At   the  end   of  this  phase  we  present  the  conclusions  of  this  phase  and  ideas  for  
further  research  in  the  field  of  Cloud  Compu7ng.

Towards a Healthy Cloud Page 27 of 218 Juan Hernández Colomina

1. Context  and  Enabling  Factors
  To  delimit   the  context  of  our  research  we  begin  this  sec7on  by  describing  the  current  trends  in  
business  (sec7on  1.1.)   and  technology   (sec7on   1.2.)   with  a  focus  on  those   that   have   contributed  to  
the  emergence  of  the  Cloud  Compu7ng  model.   At  the  end  of  this  sec7on  (sec7on  1.3.)  we  analyze  the  
hype  surrounding  this  new  paradigm.

1.1. Business  Trends

  Based  on  interviews  with  C  level  execu7ves  worldwide,  Gartner  research  has  elaborated  a  list  
of   the  top  ten  business  priori7es   for   2009   (see  table  4).   These  priori7es  aim  to  cover   the  current  
business  trends  that  organiza7ons  come  across  when  doing  business.  In  this  subsec7on  we  will  discuss  
the  main  trends  related  to  the  emergence  of  Cloud  Compu7ng.

Table  4:  Top  10  Business  Priori*es  for  2009  (Gartner,  2009)   Firm’s   IT   infrastructures   have   grown  
significantly   during   the   past   decades.   When  
more   IT   resources   where   needed,   new  
hardware   was  bought   and   placed   in  the  firm’s  
data  center.  This  lack  of   workload  consolida7on  
has   led   to   resource   waste   and   oren   to  
unsustainable   and   inefficient   data   centers  
(Siegele,   2008).   As   data   centers   grow,   more  
resources,   people   and   7me   is   needed   to  
properly   manage   them.   The   current   economic  
recession  will  make  companies  reconsider   this  
situa7on  as  firms  are  reducing  their  (IT)  budgets  
and  therefore  they   are  forced  to  operate   more  
efficiently   (Kirsner,   2009).   In   this  context,   Cloud   Compu7ng   can   be  a  useful  tool   to   reorganize  IT  
resources  while  saving  costs  by  op7mizing  current  and  future  ICT  investments  (Spinola,  2009).  

  Due   to   globaliza7on,   companies   can   now   access   new   markets   and   gain   and   retain   new  
customers   by   accelera7ng   innova7on   to   deliver   new   products   and   services   faster.   The   Internet  
provides  access  to  a  large  amount  of  informa7on  and  it  is  being  widely  used  by  consumers  to  evaluate  
their  purchasing  decisions.  As  consumers  nowadays  have  access  to  large  amounts  of  informa7on  they  
are  oren  categorized  as  prosumers   (professional  consumers).   Organiza7ons  need  to  pull  consumers  
towards  their  products  and  services  (e.g.   fostering  customer  engagement,  branding,    etc.)  instead  of  
pushing   those   products  to   consumers   (as  it   was   done   in   the   past)   by   deploying   large   marke7ng  

Towards a Healthy Cloud Page 28 of 218 Juan Hernández Colomina

1.2. Technology  Trends
  Beside  the  top   ten  business  priori7es,  Gartner   research  also  elaborates  a  yearly  list   of  the  top  
ten  technology  priori7es  (see  table  5).  The  popularity  of  the  SaaS  business  model  for  sorware  delivery  
has   lead   to   several   forms  of   IT   capabili7es   “as-­‐a-­‐service”   like  Infrastructure-­‐as-­‐a-­‐Service   (IaaS)   or  
Plaxorms-­‐as-­‐a-­‐service   (PaaS).   Cloud  Compu7ng   is  a  logical  evolu7on  from   this  point   of  view,   and  in  
this   sense  can  be  considered  as  “compu7ng-­‐as-­‐a-­‐service”   and  it   includes  all   these  exis7ng   models.  
One  of   the   most   important   implica7ons  of   the  Cloud  Compu7ng   model  is  the  disaggrega7on   of  IT  
capabili7es  into  services  (Siegele,  2008).

Table  5:  Top  10  Technology  Priori*es  for  2009  (Gartner,  2009)   Other   trend   triggering   the   emergence   of  
Cloud   Compu7ng   are   the   customiza7on   and  
service   orienta7on   character   of   the   Internet.  
Instead   of   having   few   long   term   supply  
rela7onships   with   high   margins   and   deep  
commitment   levels  between   the   chain   par7es,    
new   forms   of   supply   chains   have   emerged  
focusing  more  on  having  many  short  term  supply  
rela7onships   with   low   margins   and   low  
commitment   between   firms   (Armbrust   et   al.,  

  Computers   have   evolved   significantly  

during  the  past  two  decades.   From  the  mainframe  7mes  where  a  single  computer  required   a  whole  
floor   to   the   client-­‐server   architecture   and   thin   clients,   computers   have   experience   a   process   of  
becoming   an  u7lity   on-­‐demand  where  compu7ng   resources  are  accessible  from  any   place  (Siegele,  
2008).   Computer   capabili7es   are   no   longer   limited   by   physical   loca7ons   or   available   technical  
knowledge   as   anyone   can   launch   nowadays   a   en7re   online   business   without   owning   any  
computa7onal  resources.  

  In  this  context,   ICT   infrastructures   are  evolving   from   distributed  models  towards  centralized  
models  that   are  accessible  from   everywhere  any7me  (Arnold,  2008a)  (Weiss,  2007).   We  are  currently  
living   in   a   networked   era  where   we   must   be   con7nuously   online.   As   a   result,   we  can   observe  a  
growing  number  of  web  enable  devices  (e.g.  Kindle,  iPhone,     etc.)  as  well  as  an  increasing  number  of  
web   based   sorware   applica7ons.   Partly   due   to   these   developments,   hardware   and   sorware   are  
becoming  standard   products  which  drives  prices  down  in  a  process  that  some  prac77oners  call  “the  
consumeriza7on  of  IT”.  

  Sorware  applica7ons  have  also  evolved  significantly  over  the  last  years.  The  popularity   of  rich  
internet   applica7ons   (e.g.   mashups,   web   2.0   tools,     etc.)   implie   also   new   infrastructural   needs.  
Applica7ons  that  need   to  respond  real-­‐7me  to  human-­‐computer   interac7ons  require   a  high  level  of  

Towards a Healthy Cloud Page 29 of 218 Juan Hernández Colomina

availability  and  oren  make  use  of  extensive  data  (Armbrust  et   al.,  2009).  Hos7ng  these  applica7ons  on  
the   cloud   would   decrease   response   and   processing   7me   improving   the   overall   user   experience.  
Specially   in   the   case  of   applica7ons  that   gather   data  from   more   than   one  source   (e.g.   mashups).  
Another  example  is  the  real-­‐7me  web,  where  content  is  gathered  on  the  fly  from  mul7ple  sources  and  
with  almost  no  delay  between  content  genera7on  and  content  indexing  and  presenta7on.  

  As  sorware  becomes  more   complex   and   interconnected,   some  computa7onal  tasks   might  
need  to  process  large  data  sets  concurrently  which  requires  high  processing  power.  These  tasks  cannot  
be  carried   out   on  a  single  computer   but   need  to  be   performed  horizontally   on  supercomputers   or  
grids.  Due  to  the  fact  that  these  high   level  computa7onal  resources  are  not  (financially)  accessible  to  
everyone,  an  op7onal  method  could  be  to  perform  these  tasks  using  Cloud  Compu7ng.  Following  this  
model  one   hour   on  100   cloud   servers   costs  the  same  that   100   hours  on   one  single  cloud   server.  
Therefore  it  might  be  more  economically   interes7ng   to  process  these  tasks  on  the  cloud  (Armbrust  et  
al.,  2009).

  Some  of  the  most  interes7ng  developments  during  2009  were  the  emergence  and  popularity  
of  netbooks  (e.g.  thin  client  laptops),  the  launch  of  Goggle’s  web  based  opera7ng  system  (OS)  Chrome  
OS  and  the   increasing  SaaS   adop7on.   This  developments  indicate  a  shir   to  new  architecture  where  
clients   adopt   an   interface   role   to   a   server   based   compu7ng   plaxorm.   IT   is   becoming   more  
disembodied  as  resources  can  be  consumed  on-­‐demand  just  for  the  task  at   hand  (Siegele,  2008).  If  we  
add  the  advances  in  networking  technologies  resul7ng  in   faster  internet  connec7ons  we  can  observe  
that  ICT  is  transforming  from  a  product  oriented  industry  to  a  service  oriented  market.  

  Collabora7on   in   the   cloud   can   be   best   explained   by   observing   the   popularity   of   mashups  
applica7ons  (Cunningham  &  Wilkins,   2009).  Mashups  are  web  applica7on  on  the  cloud  that  combine  
exi7ng  services  to  create  a  new  service.  This  concept  of  innova7on  trough  reuse  facilitates  the  rapid  
crea7on  of  new  applica7ons  without  reinven7ng  the  wheel  one  more  7me  (Arnold,  2008a).    

  The   majority   of   medium   and   large   enterprises   invest   in   their   own   data   centers.   The   costs  
incurred  in  running  an  on-­‐premises  data  center   include  among  others  real   estate,   hardware,   power,  
cooling   (50%   of   total  energy   expenses)  and  maintenance.   A   firm   needs  however   to   plan  their   data  
centers   to   support   worst-­‐case   scenarios,   resul7ng   in   addi7onal   costs   for   back   up   and   resource  
redundancy.   In  prac7ce,   the  high  peak  situa7ons  accounted   for   when   provisioning   resources  occur  
infrequently   (Weiss,   2007)  (DAuria  &   Nash,  2009)  (Cunningham  &  Wilkins,  2009).  As  a  consequence,  
fully   resource   u7liza7on  is  achieved  only   in  10   percent  of  the  full  7me  the  resource  is  running.   This  
means  that  90  percent  of  7me  resources  are  idle,  consuming  electricity   and  space  but  not   adding  any  
value   to   the   organiza7on   (Leighton,   2009)   (Brown,   2009c).   In   the   current   environmental   context  
where   energy   prices  rise   to   levels   unknown   un7l  now,   the   largest   ICT   organiza7ons  (e.g.   Google,  
Microsor,   IBM,     etc.)   are   building   their   new   data   center   near   cheap   sources   of   energy   (e.g.  
hydroelectric  facili7es)  and  close  to  important   Internet  nodes  to  guarantee  a  good  connec7vity  (Weiss,  

Towards a Healthy Cloud Page 30 of 218 Juan Hernández Colomina

  An  interes7ng  methodology   to  determine  which   technologies  can  be  regarded  as  sources  of  
compe77ve   advantage   is   performed   on   Gartner’s   research   “Technologies   you   can’t   afford   to  
miss”   (Gartner,   2009)   which   is   depicted   in   table   6.   As   shown   in   the   table,   Cloud   Compu7ng   is  
considered  the  number  one  strategic  technology  for  2010   rising  up  from  the  third  posi7on  in  2009  and  
combining  it  with  web-­‐oriented  architectures  (rank  7  in   2009  report)  and  Enterprise  Mashups  (rank  8  
in  2009   report).   Some  of   the  trends   described   in   this  sec7on   are  also  included   as  technologies  of  
strategic  importance  for  2010.

Table  6:  Strategic  Technology  Areas  (Gartner,  2009)

Rank  2010 Technology Evolu*on  from  2009  ranking

1 Cloud  Compu7ng Cloud  Compu7ng  (3)
2 Advanced  Analy7cs Business  Intelligence  (2)
3 Client  Compu7ng Virtualiza7on  (1)
4 IT  for  Green Green  IT  (4)
5 Reshaping  the  Data  Center Virtualiza7on  (1)
6 Social  Compu7ng Social  Sorware  and  Social  Networking  (6)
7 Security  &  Ac7vity  Monitoring new  in  ranking
8 Flash  Memory new  in  ranking
9 Virtualiza7on  for  Availability Virtualiza7on  (1)
10 Mobile  Applica7ons new  in  ranking

  From  the  trends  described   in   the  previous  paragraphs  we  can  consider  some  of   them   as  the  
most   significant   factors  that   have   influenced  the  emergence  of  Cloud  Compu7ng   solu7ons.   Among  
others,   SaaS,  Open  Source,   Web  2.0  applica7ons  (e.g.   web  based  collabora7on,  social   networks  and  
wikis),   the  consumeriza7on  of   technology   are  iden7fied  by   Gartner   research  as  important  enablers
(Fergusson,   2008)   (Cunningham  &   Wilkins,   2009).   Moreover,   the  ubiquity   of   worldwide  broadband  
access,  the  increasing   number  of  Internet  devices  (e.g.  iPhone,  Android,  Netbooks,    etc.),  the  trend  of  
con7nuous   connec7vity   are   also   regarded   as   significant   influencing   factors   (Arnold,   2008b).  
Nevertheless,  it   is   clear   that   Cloud  Compu7ng   represents   a  logical   evolu7on   from  the  popularity   of  
web  services  and  service  oriented  architectures  (SOA)  (Holliday,  2009).

1.3. The  Hype  Around  Cloud  Compu*ng

  When   reading  any   ICT  related  publica7on   it  is  clear   that  Cloud  Compu7ng  is  crea7ng   a  hype  
within   the  IT  industry  (Cunningham  &   Wilkins,  2009)  (Brynko,  2008).  If  we  look   at  the  search  volume  
through   Googles'   search   engine   (provided   by   Google   Trends)   we   can   observe   that   the   term   first  
appeared  on  search  queries  in  the  last  half  of  2007  (see  figure  3).   In  around   a  year  7me,  the  number  
of  search  queries  mul7plied  by  ten  which  represents  the  large  hype  it  created  over  such  a  short  period  
of  7me.

Towards a Healthy Cloud Page 31 of 218 Juan Hernández Colomina

             Figure  3:  Cloud  Compu*ng  Search  Volume  (Google  Trends,  June  2009)

! !

  Another   indicator   of   the   hype   Cloud   Compu7ng   is   crea7ng   is   the   growing   number   of  
companies  launching  Cloud  Compu7ng  solu7ons  during  2009   (Hinchcliffe,   2009).  There  are   however  
significant   differences  among  these  offerings.  Sun  for  example  announced  at   the  beginning  of  2009  his  
new  cloud  service  which  is  API  compa7ble  at  the  storage  level  with   Amazon’s  cloud  storage  solu7on  
S3.  On  the  other   hand,  in  July  2009  Microsor  presented  its  Cloud  Compu7ng  solu7on,  Windows  Azure  
which  will  open  to  the  public  at  the  beginning  of  2010.

  One  of  the  most  popular  hype  measurement  methods  in  the  IT  industry  is  Gartner’s  Hype  Cycle  
(see   figure  4).   In   their   latest   version   (July   2009)   Gartner   places  Cloud   Compu7ng   at   the  “Peak   of  
Inflated  Expecta7ons”   with   mainstream  adop7on   expected   to  take  place  in  a  period  of   two  to   five  
years.  Based  on  this  model  we  can  assume  that   Cloud  Compu7ng  s7lls  need  to  experience  a  period  of  
disillusionment   (Gartner’s   Trough  of  Disillusionment)  where   “over”   promises  and  misunderstandings  
will  be  filtered  and  therefore  reducing  the  current  hype.  Arer  that  period,  Cloud  Compu7ng  solu7ons  
will  follow  a  gradual  adop7on  process  where  the  real  benefits  become  clearer  as  they   are  proven  in  
vendor’s  offerings  (Gartner’s  Slope  of  Enlightenment  and  Plateau  of  Produc7vity).

Figure  4:  Gartner  Hype  Cycle  (July  2009)

Towards a Healthy Cloud Page 32 of 218 Juan Hernández Colomina

  Although   we   agree   on   the   fact   that   the   term   Cloud   Compu7ng   is   experiencing   a  
dispropor7onate  hype,  we   also  believe  that  it   represents  a  shir   towards  a  new   computer   paradigm  
that   will  have  significant   implica7ons  for   the  delivery   of  IT   capabili7es   in   the  coming   years.   For  this  
reason   it   is  now   7me  for   organiza7ons  of   all  sizes  and   industries  to   carefully   evaluate   it   and   get  
acquainted   with   it.   As   major   vendors   embrace   this   new   form   of   IT   delivery,   enterprises   should  
consider  it  as  a  viable  op7on  to  their  “Make  versus  Buy”  analysis.  Moreover,  we  can  already  find  many  
Fortune   500   enterprises   and   public   organiza7ons   (e.g.   The   Wall   Street   Journal,   BMW,   USA  
government,    etc.)  among  the  early  adopters  of  this  new  model.    

  Due  to   the  hype   surrounding   the   concept   of   Cloud  Compu7ng,   some  prac77oners   tend   to  
consider  it  as  the  new  revolu7on  in  technology.  However,  despite  its  indisputable  disrup7ve  character  
Cloud   Compu7ng   is   rather   an   evolu7on   from   a   technology   perspec7ve   and   a   revolu7on   from   a  
business   perspec7ve.   Cloud   Compu7ng   can   be   considered   as   the   logical   evolu7on   from   service  
orienta7on   (e.g.   SOA,   Web   Services,     etc.),   grid   compu7ng,   server   compu7ng   and   faster   network  
devices   and   speed.   From   a  business  perspec7ve,   Cloud   Compu7ng   represents  innova7ve   ways  to  
reduce  capital  costs,  to   focus  on  core  IT  opera7ons  (e.g.  sources  of  differen7a7on)  and  to  enable  the  
agility  needed  to  react  to  changing  market  condi7ons.  

Towards a Healthy Cloud Page 33 of 218 Juan Hernández Colomina

2. Cloud  Compu*ng  Defini*on
  In  order  to  obtain  a  research  defini7on  of  Cloud  Compu7ng  we  will  first   analyze  the  concept  of  
u7lity   compu7ng  (sec7on  2.1)   to  con7nue  with  the  defini7ons  found  in  scien7fic   literature  (sec7on  
2.2),   commercial   publica7ons   (sec7on   2.3),   IT   consultants  and   analysts   reports   (sec7on   2.4)   and  
standards   organiza7ons   (sec7on   2.5).   Furthermore   we   will   analyze   the   roles   involved   in   Cloud  
Compu7ng  (sec7on  2.6)  to  end  this  sec7on   by   comparing   the  found  defini7ons  and  filtering  out  the  
individual  common  components  that   are  used.   Our   final  research  defini7on   of   Cloud   Compu7ng   is  
presented  in  the  last  sec7on  (sec7on  2.7).

2.1. U*lity  Compu*ng

  The  idea  of  U7lity   Compu7ng   was  first  envisioned  at   MIT's  centennial  celebra7ons  in   1961   by  
John  McCarthy,  a  computer  scien7st  ac7vely   involved  in  Ar7ficial  Intelligence.  The  process  of   “u7lity-­‐
za7on”   where   a   resource  that   once   was  a   key   differen7ator   becomes  an   u7lity   and   therefore   its  
produc7on  is  done  by  third  par7es  in  order  to  achieve  cost  efficiency   has  been  repeatedly  observed  in  
last   decennia's.  Cloud  Compu7ng  is  considered  by   many   experts  to  be  the  logical  evolu7on   towards  
compu7ng  as  an  u7lity  (Baker,  2007).  

  Mr  Nicholas  Carr’s  books  “ The  Big  Switch”  and  “IT   does  not   maOer”  have  been  very  influen7al  
in   the   IT   community.   Mr   Carr   predicts   the   end   of   the   IT   department   as   compu7ng   technology  
undergoes  a  shir   from  a  compe77ve  advantage  enabler   towards  and  u7lity   model  (like  electricity)  
where  IT   infrastructure  and   applica7ons  are   delivered   off   the   wall.   This  vision   is  shared   by   some  
prac77oners  (Kirsner,   2009)   and  regarded   as  incomplete  by   others  (Molenaar,   2009).   Some  experts  
believe  that   standard  IT   resources  (the  great   majority)   are   good   candidates  to  be  contracted  as  an  
u7lity.  However  there  are  a  number  of  IT  resources  (the  minority)  that  are  enablers  of  differen7a7on  
and  should  therefore  not  be  contracted  from  third  par7es  (Molenaar,  2009).  

  In  his  first  book  (“IT  does  not  maOer”)  Mr  Carr   described  a  shir  that  informa7on  technology   is  
experiencing   towards   a   service   model   delivered   through   Internet.   According   to   Mr   Hans   Daniels  
(HewleO  Packard  director  in  The  Netherlands)  this  is  fully  in  line  with  HP’s  vision  (Molenaar,  2009).  HP  
believes  that  ICT   delivery   is  going   to   evolve  in  a  “everything-­‐as-­‐a-­‐sevice”   model   which   implies  deep  
consequences  not  only   for   the  IT  department  but   also  to   the  rest   of   the  organiza7on  (e.g.  business  
processes,  supply  chain  management,    etc.).

  An   example   of   a   resource   that   has   gone   through   this   process   of   becoming   an   u7lity   is  
electricity  (Carr,  2008)  (Baker,   2007)  (Buyya,   Yeo,   Venugopal,  et  al.,   2009).   During  the  second  world  
war   manufacturing  companies  had  to  produce  their   own  electricity  to  be  able  to  manufacture  more  
and   faster  than  their  compe7tors.  However,  soon   arer   the   war   finished  electricity   became  an  u7lity  
and   therefore  all  the  internal’s  electricity   generators   of   firms   became  obsolete.   External  electricity  

Towards a Healthy Cloud Page 34 of 218 Juan Hernández Colomina

providers  could   deliver  it  cheaper  due  to  the  economies  of  scale  and  sta7s7cal  mul7plexing   achieved  
by  delivering  energy  to  various  firms.

  Another   example   of   technology   “u7lity-­‐za7on”   can   be   found   in   the   hardware   industry  

(Armbrust   et   al.,   2009).   Hardware   manufacturers   had   to   invest   in   the   produc7on   of   their   own  
semiconductors  as  a  key   advantage  to  produce  beOer   and  faster  hardware  than  their   compe7tors.  As  
semiconductor’s  manufacturing   equipment   became   more   expensive,   the   economic   advantages   of  
purchasing   such   a   facility   were   minimized,   triggering   a   shir   towards   the   externaliza7on   of   its  
produc7on.  Only  companies  requiring  a  great  number   of  chips  (e.g.   Samsung,   Intel,    etc.)  could  s7ll  
afford   to   produce   their   own   semiconductors.   As   a   consequence,   companies   emerged   that   were  
specialized   in   the   produc7on   of   semiconductors   like   for   example   Taiwan   Semiconductor  
Manufacturing   Company   (TSMC)   (Armbrust   et   al.,   2009).   These   specialized   manufacturers   can   be  
profitable  by  achieving  economies  of  scale  and  mul7plexing   in  their  offerings.  This  externaliza7on  of  
resource  manufacturing  allows  firms  to  conduct  business  without  the  upfront   investment,  opera7onal  
costs   and   associated   risks   of   having   their   own   resource   manufacturing   facili7es   (Buyya,   Yeo,  
Venugopal,  2008).

2.2. Scien*fic  Defini*ons

  Due  to  its  innova7ve  character  there  are  few  scien7fic  defini7ons  of  Cloud  Compu7ng  at  the  
moment   of  wri7ng.   In   this  sec7on   we   analyze   the  most   significant   defini7ons  of   Cloud   Compu7ng  
found   in   scien7fic   journals  and  other   scien7fic   publica7ons.   For   this  purpose  we  will  describe  the  
defini7ons   provided   by   Berkeley’s   Reliable   Adap7ve   Distributed   Systems   Laboratory   (UC   Berkeley  
RADSL),   Telefonica  Research  and  Development,  University  of  Melbourne  and  the  papers  presented  on  
the  1st  IEEE  Interna7onal  Conference  on  Cloud  Compu7ng.

A.  University  of  Berkeley

  UC   Berkeley’s  RADSL  has  been   founded  by   Google,   Microsor   and  Sun  Microsystems.  Among  
others,   their   current   affiliates  are   Amazon  Web  Services,  Cisco  Systems,   Facebook,  HewleO-­‐Packard,  
IBM,  NEC,  Network  Appliance,   Oracle,   Siemens,   and  VMware.   The   organiza7on  is  financed  by   these  
partners  together  with  grant  funds  from  several  public  research  bodies  in  the  USA.

  In   a  recent  white-­‐paper   of   UC   Berkeley  RADSL   (“Above  the  Clouds:   A   Berkeley   View  of  Cloud  
Compu7ng”)   the  authors  try   to  analyze  in  detail  the  concept   of  Cloud   Compu7ng  (Armbrust  et   al.,  
2009).  According   to  Berkeley,  Cloud  Compu7ng  is  expected  to  lay  down  the  first  steps  towards  U7lity  
Compu7ng,  affec7ng  the  way   hardware  and  sorware   is  designed,   purchased  and  used   (Armbrust  et  
al.,  2009).   The  implica7ons  for   sorware  and  hardware  are  important:  on  one  hand,  sorware  in  the  
cloud   is   delivered   as-­‐a-­‐service   in   contrast   to   the   tradi7onal   license   model.   On   the   other   hand,  
hardware  must   be   designed   and   used   to   be   able  to  unfold   the   benefits  of   Cloud   Compu7ng   and  
facilitate  its  service  model.   In  the  UC   Berkeley   RADSL  defini7on  a  clear  dis7nc7on  is  made  between  
the   sorware  services  delivered  to  users  and   the   underlaying  infrastructure   (hardware   and  sorware)  

Towards a Healthy Cloud Page 35 of 218 Juan Hernández Colomina

facilita7ng  them  (Armbrust  et  al.,  2009).  A  Cloud  is  considered  by  Berkeley  RADSL  as  that   underlaying  
hardware  and  sorware  used  to  deliver  services  to  consumers  (e.g.  SaaS).

  UC  Berkeley  RADSL  (Armbrust   et  al.,  2009)  defines  Cloud  Compu7ng  as  applica7ons  delivered  
as  a  service  over   the  Internet   (SaaS)  and  the  infrastructure  that   delivers  them.   The  infrastructure   is  
oren  organized   in  data  centers  and  is  referred  to  by   Berkely   as  the  “Cloud”.   In  a  Public   Cloud  the  
infrastructure  is  publicly   accessible  following   a  pay-­‐for-­‐use  model  offering  what  Berkeley   calls  U7lity  
Compu7ng  (e.g.  Amazon  Web  Services,  Google  AppEngine,  MS  Azure,    etc.).  According  to  Berkeley,  in  
a  Private  Cloud  the  infrastructure  is  organized  in  internal  data  centers  that  are  not  publicly  available.  

B.  Telefonica  Research  &  Development

  Telefonica   is   the   market   leader   telecom   operator   in   Spain   and   in   several   South   American  
countries.  In  their  paper  “A  break  in  the  clouds:   towards  a  cloud  defini7on”  (Vaquero,   Rodero-­‐Merino,  
Caceres,  &  Lindner,   2008)  the  authors  analyzed  twenty-­‐two  scien7fic  defini7ons  of  Cloud  Compu7ng,  
and  grouped  the  main  features  found  into  their  own  concise  defini7on.  According  to  the  authors,  the  
new  paradigm  “shirs  the  loca7on  of  this  infrastructure  to  the  network  to  reduce  the  costs  associated  
with  the  management  of  hardware  and  sorware  resources”.   It  is  important  to  note  that  all  twenty  two  
defini7ons  analyzed  where   found  in  papers  published  during  2008,  which  clearly   shows   the  novelty  
character  of  this  paradigm.

  One  of  the  most  recurrent  defini7ons  found  in   previous  research  is  the  transparent  access  to  
informa7on  technology   resources  on  a  pay-­‐per-­‐use  basis,  which  are  developed  and   maintained  on  an  
almost   infinite  and  instant   scalable   infrastructure  managed   by   third  par7es  (Vaquero   et   al.,   2008).  
Arer   analyzing  all  defini7ons,  the  authors  (Vaquero  et  al.,  2008)  found  these  concepts  in  more  than  
one   ar7cle:   real-­‐7me   infrastructures,   automa7c   resource   alloca7on,   resource   monitoring   and  
op7miza7on,   immediate   scalability,   subscrip7on   model   (pay-­‐as-­‐you-­‐go)   and  pair-­‐wise  Service  Level  
Agreements  (SLAs)  between  cloud  actors.  The  concepts  men7oned  the  most  were  scalability  and  pay-­‐
per-­‐use  (found  in   five  ar7cles  each)  and  virtualiza7on  (found  in  four   ar7cles).  Based  on  this  findings,  
Vaquero  et  al  propose  the  following  defini7on  of  Cloud  Compu7ng:

  “Clouds  are  a  large  pool  of  easily  usable  and  accessible  virtualized  resources  (such  as  
  hardware,  development  plaDorms  and/or  services).  These  resources  can  be  dynamically  
  reconfigured  to  adjust  to  a  variable  load  (scale),  allowing  also  for  an  op;mum  resource  
  u;liza;on.  This  pool  of  resources  is  typically  exploited  by  a  pay-­‐per-­‐use  model  in  which  
  guarantees  are  offered  by  the  Infrastructure  Provider  by  means  of  customized  SLAs.”

C.  University  of  Melbourne,  Australia

  Another  scien7fic   defini7on  of  Cloud  Compu7ng  can  be  found  in  the  paper  “Market-­‐Oriented  
Cloud  Compu7ng:   Vision,   Hype,   and  Reality   for  Delivering  IT  Services  as  Compu7ng  U7li7es”   (Buyya,  
Yeo,   Venugopal,   et  al.,   2009)   by   the  Grid   Compu7ng  and  Distributed  Systems  (GRIDS)  Laboratory   of  

Towards a Healthy Cloud Page 36 of 218 Juan Hernández Colomina

Melbourne  University.  They  define  a  cloud  as  "a  collec;on  of  interconnected  and  virtualized  computers  
that  are  dynamically  provisioned   and  presented   as   one  or  more  unified  compu;ng  resources   based  on  
service-­‐level   agreements   established   through   nego;a;on   between   the   service   provider   and  

  This  defini7on  focusses  on  the  dynamic   provisioning  of  virtually  assembled  IT  capabili7es  as-­‐a-­‐
service.  Although  this  defini7on  considers  that  resources  are  virtually  assemble  by  applying  hardware  
virtualiza7on  (e.g.  using   an   hypervisor),   this  is  not  necessary   the  case  as  some  Cloud  providers  (e.g.  
Google,   RightScale)   do  not   apply   hardware  virtualiza7on  to   their   solu7ons.   For   this  reason  we  will  
consider   that   compu7ng   resources   are   virtually   assembled   in   Cloud   Compu7ng   although   not  
necessarily  by  applying  hardware  virtualiza7on.  

D.  2009  IEEE  Interna*onal  Conference  on  Cloud  Compu*ng

  From  the   21st   to  the  25th  of  September   of   2009,   the  first   IEEE  Interna7onal   Conference  on  
Cloud  Compu7ng  took  place  in  Bangalore,  India.  In  this  conference  a  large  number  of  scien7fic  papers  
were  presented  on   a  wide  variety  of  topics  related   to  Cloud  Compu7ng.  In  these  papers  we  can  find  
references  to  the  defini7ons  described  in  this  sec7on  as  well  as  to  other   defini7ons.  One  of  the  papers  
(Cai,  2009)  uses   the  defini7on  of  Cloud  Compu7ng   as  “the  style  of  compu7ng  in  which  dynamically  
scalable  and  oren  virtualized  resources  are  provided  as  a  service  over  the  Internet”.  

  Slight   varia7ons  of   this  defini7on   are  also  found   in   other   papers  of   this  conference,   which  
define   Cloud   Compu7ng   as   “dynamically   scalable   resources   provisioned   as   a   service   over   the  
Internet”  (Jensen,  2009).  Other  defini7ons  focus  more  on  the  sorware  perspec7ve  defining  a  cloud  as  
plaxorms   that   “offer   resource   u7liza7on   as   on-­‐demand   service,   which   lays   the   founda7on   for  
applica7ons  to  scale  during  run7me”.  We  will  further  analyze  these  scien7fic  defini7ons  when  crea7ng  
our  own  research  defini7on  of  Cloud  Compu7ng  in  sec7on  2.7.  

2.3.  Defini*ons  in  the  Media  

  In  the  large  number  of  commercial  defini7ons  of   Cloud  Compu7ng  currently  available,  we  can  
observe   a   series   of   misinterpreta7ons   of   the   term   that   should   be   carefully   considered.   Cloud  
Compu7ng  is  oren  wrongly   used  as  synonym   for   the  next   genera7on  of   data  centers,   client/server  
compu7ng,   SaaS,  Grid  compu7ng,   or   mainframe  architecture  (Brown,  2009a).   Although  data  centers  
are  an  important   element   of  Cloud   Compu7ng,  they  are  not  the  unique  characteris7c  that  defines  it.  
Because   most  of  the  processing  takes  place   on  the  server   side,   it   is  neither   a  synonym  for   a   client/
server   architecture.   SaaS  is  one  of  the  layers  to  deliver   Cloud   Compu7ng   but  a  lot   of  solu7ons  are  
being   offered  at  lower  abstrac7on  levels  (e.g.   IaaS  or  PaaS).  The  concept  of   Cloud  Compu7ng  is  based  
on  grid  compu7ng  but  there  are  also  layers  above  the  infrastructure  (e.g.   SaaS)  that  indicate  that  they  
cannot  be  used   as  synonyms.  Moreover,   although  Cloud  Compu7ng   can   be  considered  as  a   form  of  
server  compu7ng,  there  is  no  single  computer   handling  the  workload  (e.g.  a  mainframe)  but   a  series  
of  interconnected  resources  (Brown,  2009c).  

Towards a Healthy Cloud Page 37 of 218 Juan Hernández Colomina

  Although  Grid  Compu7ng  and  Cloud  Compu7ng  are  complementary   in  nature,  there  are  some  
significant   differences.   Both   are   collec7ons   of   computers   (or   computer   resources)   to   leverage  
collec7ve  IT   capabili7es.   However,   a  grid   is  usually   owned   by   various  organiza7ons  while  a  Cloud  
Compu7ng  environment  is  oren  in  the  hands  of  a  single  firm  (GridTalk,   2009).  Both  provide  access  to  
remotely   located  compu7ng   resources   as-­‐a-­‐service.   Grids  are   oren   maintained   and   developed   by  
academics  while  clouds  are  oren  exploited  by  commercial  organiza7ons.  This  is  the  reason  why  access  
to  grids  is  oren  free  of  charge,  while  Cloud  Compu7ng  is  always  usage  based.  While  Cloud  Compu7ng  
is   meant   to   support   services  on  the  long   term,   the  use  of  a  grid  infrastructure  is  oren   short   and  
incidental,  to  perform  a  resource  intensive  task  at  at  certain  point  in  7me  (GridTalk,  2009).

  One  of   the  main  assump7ons  of   Cloud  Compu7ng  is  that   resources  (e.g.   data,   applica7ons,    
etc.)  are  stored   on  the  Internet   as  opposed   to  internal  infrastructures  (Arnold,   2008a).   This  implies  
that   the   responsibility   of   maintaining   and   upda7ng   the   infrastructure   is   transferred   to   the  
corresponding  Cloud  Provider.  Another  important  implica7on  is  what  some  authors  call  the  Holy  Grail  
of   informa7on  sharing:  the  enablement   of   collabora7on  and  standardized  content   distribu7on,  where  
informa7on   is  easy   to   find   and   applica7ons  can   be  developed   quickly   (e.g.   RAD   /   agile  methods)  
(Arnold,  2008a).  

  Some   media   publica7ons   have   tried   to   define   Cloud   Compu7ng   by   analyzing   its   unique  
characteris7cs  compared  to   exis7ng   models  (Foley,   2009).   They   define  it   using  concepts  as  off-­‐site,  
virtual,   on-­‐demand  subscrip7on  based,  simple,   shared  and   web-­‐based  IT   capabili7es.  Off-­‐site  means  
that  resources  are  physically  located  in  data  centers  which  are  not   owned  by  Cloud  Users.  Through  the  
use   of   virtualiza7on,   a   Cloud   User   can   freely   assemble   his   own   stack   of   databases,   storage,  
networking,    etc.  

  Moreover,   resources  can  be  scaled   up  or   down  on-­‐demand  and  are  paid  for   by   usage  based  
subscrip7ons.   To  op7mally   use  the  available  physical  resources  Cloud  Providers  deploy   mul7-­‐tenant  
solu7ons  where  more   than  one  client   is  using  the  same  physical  resources.   Moreover,   resources  are  
quickly   provisioned   trough   and   easy   to   use   web   interface   and   are   available   within   minutes    
(Cunningham  &  Wilkins,  2009).  Based  on  these  characteris7cs,  the  authors  describe  Cloud  Compu7ng  
as  “on-­‐demand   access  to  virtualized  IT  resources  that   are   housed   outside  of   your   own  data  center,  
shared  by  others,  simple  to  use,  paid  for  via  subscrip7on,  and  accessed  over  the  Web”  (Foley,  2009).

  Other  publica7ons  focus  on  the  main   characteris7cs  of  the  concept  in  order  to  define  it  more  
accurately.   Arer   analyzing   some   of   these   publica7ons   we   have   generated   the   following   list   of  

• On-­‐demand   self-­‐service:  Cloud  Users  can  set  up  their  themselves  the  specific  resources  they   need  
(Leighton,  2009)  (Spinola,  2009).
• Ubiquitous  Network   Access:   Cloud   services  are  available   trough   the   Internet   (Leighton,   2009)  
(Spinola,  2009).

Towards a Healthy Cloud Page 38 of 218 Juan Hernández Colomina

• Loca7on   independent  resource  pooling:  Resources  are  not  user  dedicated  but  shared  on  a  
common  infrastructure  (Spinola,  2009).  
• Rapid   Elas7city:   Capacity   can   scale  up  or   down   when   needed   (Leighton,   2009)   (Spinola,   2009)  
(Kirsner,  2009).
• Usage   based  pricing:  Cloud  Users  are  billed  for  the  resources  they  actually  use  (Spinola,  2009).    
• Rapid   provisioning:   Resources   are   provided   quickly   without   extensive   interven7on   from   users  
(Spinola,  2009).  
• Shared   Resources:   To   achieve   cost   op7miza7on,   resources   are   shared   among   different   users  
(Spinola,  2009).    
• Self-­‐service   func7onality:   Most   of   the  Cloud  Compu7ng   plaxorms   offer   a  self-­‐service  interface  
where   end   users  can   contract   resources   for   the  7me  they   need   it   and  discard   them   arerwards  
(Spinola,  2009)  (Sheehan,  2009b).    
• Lack  of  ownership  of  Resources:  “Services  and  sorware  that  run  on  computers  you  don’t  need  to  
purchase  or  operate  yourself”  (Kirsner,  2009)

  The  variety  of  Cloud  Compu7ng  defini7ons  has  created  a  lot  of  confusion  among  prac77oners.  
An  interes7ng   approach  to  define  Cloud  Compu7ng   is  found  on  the   publica7on  “Compu7ng  in  the  
Clouds”  by  Aaron  Weiss.  He  recognizes  that   the  different  defini7ons  are  based  on  different   views  on  
the  same  phenomenon.   He  elaborates  on   some  of   this  perspec7ves  in  what   he  calls  “different  cloud  
shapes”  (Weiss,   2007).   Web  based  applica7ons,  a  revival  of   the   thin-­‐client,  u7lity   compu7ng,  an  on-­‐
demand  grid  with  7me  based  billing   or  “distributed  or   parallel  compu7ng  designed  to  scale  complex  
processes  for  improved  efficiency”  are  some  examples  of  these  different  shapes  (Weiss,  2007).

2.4. Defini*ons  from  IT  Consultants  and  Analysts

  Besides  scien7fic   publica7ons  and   commercial  media   outlets,   we  can   can   also   find  a  large  
number   of  diverse  (and  some7mes  contradictory)   defini7ons  from   IT   consultants  and   IT   analysts.   In  
this  sec7on   we  provide  an   overview  of  how   Cloud  Compu7ng   is  defined  from  an  IT  consultant   and  
analysts  point  of  view.  To  delimit  the  scope  of  this  research  we  have  selected  the  defini7ons  from  two  
of  the  most  respected  IT   analysts  firms  (Gartner  and  Forrester)  and  from  two  of  largest  IT  consultancy  
firms  (Capgemini  and  Accenture).

A.  Gartner  Research
  According  to  Gartner,  Cloud  Compu7ng  is  not  a  new  single  model  of  compu7ng  but  rather  an  
evolu7on  of   exis7ng  paradigms   and   technologies  like   U7lity   Compu7ng,   On-­‐demand   services,   Grid  
Compu7ng   and  SaaS  among   others  (Plummer,  2009).  Mr  Daryl  Plummer  (Gartner’s  VP  specialized  on  
Cloud  Compu7ng   research)   defines  Cloud  Compu7ng   as   a  new   IT   paradigm   or   style  of   compu7ng  
where  “massively   scalable   and  elas;c  IT-­‐related  capabili;es  are  provided   as  a   service   using   Internet  
technologies   to   mul;ple   external   customers”   (Stevens   &   PeOey,   2008)   (Plummer,   2009)   (Brodkin,  

Towards a Healthy Cloud Page 39 of 218 Juan Hernández Colomina

  Cloud  Compu7ng   has  according  to  Gartner   five  cri7cal  aOributes:   service  based  IT  capabili7es,  
scalable  and  elas7c,  shared,   metered  by   use  and  leveraging  Internet  technologies  to  develop  and/or  
deliver   those   services   (Plummer,   2009)   (PeOey,   2009b).   They   are   service   based   as   Cloud   Users  
concerns  are  abstracted   from  Cloud   Providers  concerns  through  service  interfaces.   They   are  scalable  
and  elas7c  as  they  are  capable  of  adding  or  removing  resources  on  demand  when  needed.  The  shared  
character  of  Cloud   Compu7ng  resources  are  the  most  important  ingredient  to   achieve  economies  of  
scale   by   Cloud   Providers.   Services   are   billed   based   on   usage,   enabling   new   innova7ve   payment  
models.   Internet   plays  a  crucial   role   in   Cloud   Compu7ng   as   it   is   the   main   technology   to   deliver  

  The  new  paradigm   of  Cloud  Compu7ng  is  expected  to  create  new   revolu7onary   rela7onships  
between  IT  users  and  providers  (Stevens  &   PeOey,   2008).   Users  can  therefore  focus  more  on  what  the  
service  provides  instead  of  how  they  are  implemented  or  hosted.  The  current  popularity  and  adop7on  
of  IT   models  like  sorware  as  a  service  (SaaS)  or  Infrastructure  as  a  service  (IaaS)  reflect  how  diverse  
informa7on  technology  capabili7es  can  be  delivered  on  a  global  scale  (Stevens  &  PeOey,  2008).  Cloud  
Compu7ng  is  expected  to  transform  IT  delivery  from  vendor-­‐user  rela7onship  to  a  provider-­‐consumer  
rela7onship   where   IT   services   are   merely   consumed   instead   of   acquiring   first   the   assets   and  
implemen7ng  them  prior  to  consump7on  (Plummer,  2009).

  According  to  Mr  Brian  Pren7ce  (Gartner’s  VP)  the  key   in  defining  Cloud  Compu7ng  offerings  is  
that   they   are  web  based   services  able  to  upscale   and  downscale  on   demand  (Howarth,  2009).   This  
implies  new   forms  of  customer-­‐provider   rela7onships,   based  on  the  quality   of   service   provided   (e.g.  
SLA)  instead   of   general  guidelines  in   end-­‐user   agreements.   This  new  type   of  rela7onship   will  lead  
according   to   Gartner   to   a   market   that   focus   on   price   and   quality   of   services   that   provide  
differen7a7on   (Howarth,   2009).   To   clarify   any   misinterpreta7ons   of   the   term   Cloud   Compu7ng,  
Gartner   has   selected   four   industry   myths  and   the  corresponding   Gartner   perspec7ve  on  them.   The  
myths  and  Gartner’s  insights  are  depicted  in  table  7  (Plummer,  2009):

Table  7:  Cloud  Compu*ng  myths  linked  to  Gartner’s  insights  (Gartner,  2009)

Industry  Myth Gartner  Insight

Clouds  are  hardware  based  services  

False,  Cloud  is  an  euphemism  for  a  abstrac7on  and  therefore  is  immaterial  
offering  compu7ng,  network  and  storage

Everything  need  to  be  in  the  cloud False,  the  dominant  model  for  the  coming  10  years  will  be  an  hybrid  cloud.  

All  remote  compu7ng  or  off-­‐premises  

False,  Cloud  Compu7ng  is  a  service  delivery  and  consump7on  model
hos7ng  is  Cloud  Compu7ng  

Cloud  Compu7ng  will  always  safe  money False,  it  can  safe  money  in  some  cases  and  provide  other  advantages  in  others

Towards a Healthy Cloud Page 40 of 218 Juan Hernández Colomina

B.  Forrester  Research
  According   to   Forrester   an  increasing  number   of  organiza7ons  are  considering   Internal  Clouds  
to  complement   their   on-­‐premises   infrastructures  (Staten,  2009).   In  a  Forrester   survey   performed  in  
the   third   quarter   of   2008   they   found   that   4%   of   the   organiza7ons   have   already   implemented   an  
internal  cloud  while  17%  are  implemen7ng  it  of  budge7ng  it  (Staten,  2009).  In  order  to  achieve  the  full  
poten7al   of   Cloud   Compu7ng   Forrester   believes   that   these   Internal   Clouds   should   be   dynamic  
plaxorms  with  automated  workload  management  and  self-­‐service  interfaces.

  Enterprise  developers  are  aware  of   the  Cloud   Compu7ng   advantages  of  self-­‐service,   pay-­‐as-­‐
you-­‐go  and  instant   deployment  of  compu7ng  resources.  For  these  reasons,  they  are  increasingly  using  
Public   Clouds  for  development   purposes   bypassing  IT  opera7on’s  processes  and  procedures  (Staten,  
2009).  Although  this  situa7on  accelerates  the  applica7on’s  deployment   process,  there  are  significant  
risks  in  bypassing  these  organiza7onal  policies  as  they  are  meant  to  protect   customer’s  informa7on,  
comply  with  laws  and  regula7ons  and  guarantee  quality  of  services.  

  Since  the  advantages  of   Cloud  Compu7ng   infrastructures  are  desired   by   developer,   and   to  
overcome  the  risks  of  bypassing  IT   opera7ons  procedures,  Forrester  suggests  that  organiza7ons  build  
Internal  Clouds  that   can   leverage   the  advantages  while  controlling   risks  (Staten,  2009).   By  deploying  
this  type  of  solu7ons  organiza7ons  can  improve  their   cost  effec7veness  and  achieve  a  faster  7me-­‐to-­‐
market  with  new  applica7ons.  

  Forrester   defines  a  Internal   Cloud  as  “a   mul7tenant,   dynamically   provisioned  and  op7mized  
infrastructure  with  self-­‐service  developer   deployment,   hosted  within  the  safe  confines  of   your   own  
data  center”  (Staten,  2009).  An  Internal  Cloud  aims  to  leverage  some  of  the  Public  Clouds  advantages  
without   compromising   the  protec7ons  enabled  by   organiza7onal  policies  and  procedures.   According  
to   Forrester,  the  main  characteris7cs  of   Internal   Clouds  are  self-­‐service  deployment  func7onality   for  
developers,  automated  workload  distribu7on,  mul7-­‐tenant   resource  pools  and  workflow  management  
func7onality  (Staten,  2009).

  Although   Forrester   recommends  organiza7ons  to  deploy   Internal   Clouds  they   recognize   also  
the  limita7ons  of   these  approach  (Staten,  2009).   In  some   cases  the  internal  infrastructure  could  be  
rela7vely  small  to  be  economically  interes7ng   to  op7mize  it,  while  in  other   cases  performance  tes7ng    
could  be  more  cost  efficient   on  Public  Clouds.   Moreover,   an  Internal  Cloud  is  not  the  best  environment  
for   all  types  of   applica7ons.   For   this   reason,   Forrester   recommends  to   deploy   hybrid   clouds  where  
internal  and  external  clouds  are  connected  and  can  benefit  from  each  other  (Staten,  2009).

C.  Capgemini
  Due  to  the  variety  of  emerging   defini7ons  of  the  term  Cloud  Compu7ng,   Capgemini  recognizes  
that  there  is  a  certain  level  of  confusion  among  its  clients  (Ross  et  al.,  2008).  Some  clients  believe  that  
Cloud  Compu7ng   is  the   next   genera7on   of   grid  compu7ng,   others  believe  that   is  the  next   level  of  
virtualiza7on   and   there   are   some   clients   that   think   that   Cloud   Compu7ng   is   a   combina7on   of  

Towards a Healthy Cloud Page 41 of 218 Juan Hernández Colomina

Plaxorm-­‐as-­‐a-­‐Service   (PaaS),   Infrastructure-­‐as-­‐a-­‐Service   (IaaS)   or   Sorware-­‐as-­‐a-­‐Service   (SaaS).   The  
term   Cloud   Compu7ng   is   also   considered   by   some   Capgemini   clients   as   a   synonym   of   u7lity  
compu7ng.   According   to   Capgemini’s   perspec7ve   this   confusion   is   logical   when   considering   new  
emergent  delivery  methods  for  IT  capabili7es.

  Capgemini  bases  his  defini7on  of  Cloud  Compu7ng   on  an  ar7cle   by   John  Foley   published  on  
the  online  magazine  Informa7on  Week  on  September  2008:  “Cloud  compu;ng  is  the  use  of  massively  
scaled  offsite  IT  resources  assembled  virtually,   accessed  over  the  internet,  used  on  demand  in  real-­‐;me  
or   near   real-­‐;me   on   a   pay-­‐per-­‐use   or   subscrip;on   basis,   where   the   workloads   are   shared   among  
mul;ple  customers”  (Ross  et  al.,  2008).  The  main  components  of  this  defini7on  are  the  following:

• Scalability:   Access  to  immense  infrastructures  that  would  otherwise  not  be  available.
• Off-­‐site:   IT  resources  are  owned  by  a  third  party  and  used  only  when  needed.
• Assembled   Virtually:  Mul7ple  customer’s  applica7on  run  on  the  same  physical  machine.
• On-­‐demand:   Resources  are  available  when  needed  and  for  the  7me  required.
• Pay-­‐per-­‐use:   pay  for  what  you  actually  use  and  never  for  idle  resources.
• Shared  workloads:  Economies  of  scale  to  account  for  uncorrelated  consump7on  paOers.
D.  Accenture
  In  a  recent   Accenture’s  survey   among  IT  decision   makers  (Cloud  Compu7ng   -­‐   Balancing   Risk  
and  Reward)  58%  of  correspondent  was  convinced  that  Cloud  Compu7ng   will  cause  a  “radical  shir  in  
informa7on  technology”  (Arellano,  2009).  

  Accenture  defines  Cloud  Compu7ng  as   the  “dynamic   provisioning   of  IT   capabili7es,   whether  
hardware,   sorware,   or   services   from   a   third   party   over   the  network”.   According   to   Accenture,   if  
enterprises  combine  the  benefits  of  virtualiza7on  and  mul7-­‐tenant   architectures  with  a  pay-­‐as-­‐you-­‐go  
pricing   model,   Cloud   Compu7ng   represents   a   innova7ve   paradigm   that   deeply   affects   how   IT  
capabili7es   (infrastructures,   plaxorms,   applica7ons,     etc.)   are   acquired,   delivered   and   supported  
(Harris,  Daugherty  &  Tobolski,  2009).

2.5. Defini*ons  from  Standards  Organiza*ons

  Due   to   the  innova7ve  character   of  Cloud  Compu7ng,   there  are  almost   no  defini7ons  being  
provided   by   standards   organiza7ons.   The   only   effort   found   is   that   of   the   Na7onal   Ins7tute   for  
Standards  in  Technology  (NIST)  which  is  the  equivalent  of  the  European  ISO  organiza7on  in  the  United  
States.   To  elaborate  this   defini7on  NIST   computer   scien7sts  collaborated  with   several  industry   and  
government  representa7ves.    

  In  their  15th  drar  version  on  the  defini7on  of  Cloud  Compu7ng,  NIST  describes  it   as  “a  model  
for   enabling   convenient,   on-­‐demand   network   access   to   a   shared   pool   of   configurable   compu;ng  
resources  (e.g.  networks,  servers,   storage,  applica;ons,  and   services)  that  can  be  rapidly   provisioned  
and  released  with  minimal  management  effort  or  service  provider  interac;on”.

Towards a Healthy Cloud Page 42 of 218 Juan Hernández Colomina

  Moreover,   NIST   believes  that   Cloud  Compu7ng  can  be   described   according   to  five  essen7al  
characteris7cs,   three  service  models,  and  four  deployment  models.  The  five  main  characteris7cs  are:  
on-­‐demand   self-­‐service,   broad   network   access,   resource   pooling,   rapid   elas7city,   and   measured  
service.   The  three  service  models  iden7fied   by   NIST   are  Sorware-­‐as-­‐a-­‐service  (SaaS),   Plaxorm-­‐as-­‐a-­‐
service  (PaaS)  and  Infrastructure-­‐as-­‐a-­‐service  (IaaS).  They   can  be  deployed  in  NIST  perspec7ve  either  
on  a  Private  Cloud,   Community  Cloud,  Public   Cloud,   or  on  an  Hybrid  Cloud  which  combines  more  than  
one  deployment  model.  It  is  important  to  note  that   this  defini7on  is  s7ll  in  drar   status  and  it  might  
evolve  over  7me  in  subsequent  drar  versions  and/or  the  final  version.  The  current  NIST  defini7on  of  
Cloud   Compu7ng   can   be   found   on   their   official   website:   hOp://­‐

  Another  two  ini7a7ves  to  develop  (open)  Cloud  Compu7ng  standards  are  the  OGF  Open  Cloud  
Compu7ng  Interface  Working  Group  (OCCI)  which  focus  on  developing  an  API  specifica7on  for  remote  
management   of   Cloud   Compu7ng   infrastructure   (e.g.   IaaS   solu7ons)   and   the   in   November   2009  
cons7tuted   Study   Group   on   Cloud   Compu7ng   (SGCC)   by   the   Interna7onal   Organiza7on   for  
Standardiza7on  (ISO)  SubcommiOee  38  (SC  38).  Both  groups  are  expected  to  publish  drar  versions  of  
their  defini7ons  during  2010.

2.6. Roles  in  Cloud  Compu*ng

  In  previous  research   (Vaquero  et  al.,  2008)  (Armbrust  et   al.,  2009)  (Mietzner  et  al.,  2008),  the  
different   actors  involved  in  cloud  compu7ng  are  described.  By  analyzing   all  actors  directly  involved  we  
can  achieve  a  deeper  understanding  of  the  concept,  delimi7ng  its  scope  and  boundaries.  

  In  a  cloud  applica7on  we  can  dis7nguish  between  three  main  roles:  cloud  users,  cloud  vendors  
and   cloud  providers  (Mietzner  et  al.,  2008)  (Armbrust   et  al.,   2009)  (Vaquero   et  al.,   2008).   The  cloud  
user  accesses  a  cloud  service  hosted  by  a  cloud  provider  and  created  by   a  cloud  vendor.  It  is  important  
to  note  that  an  organiza7on  can  fulfill  any   combina7on  of  two  or  three  of  these  roles  (Mietzner   et   al.,  
2008).  Vendors  and  providers  for  example  can  be  the  same  organiza7on  as  we  can  see  in  some  current  
offerings  (e.g.  Salesforce,  Google  Apps,    etc.)  while  in  other  cases  they  might  be  different  organiza7ons  
as  it   is  oren   the  case   in   PaaS   solu7ons  (e.g.   allowing   the  deployment   of   applica7ons  
developed  by   external  sorware  vendors.   Moreover,   the  cloud  users  and  providers  can  also  be  the  
same  en7ty  as  in  for  example  internal  IT  department  is  offering  an  internal  cloud.  

  Having  invested   in  a  data  center   is  an  important   key   enabler   for   a  firm   to  become  a  Cloud  
Provider.  On  one  hand,  by   adding  a  new  revenue  source  Cloud  Providers  can  leverage  their   past  and  
future  ICT  investments.  On  the  other  hand  by  using   an  infrastructure  that  has  been  already  designed,  
implemented,  tested   and   improved   Cloud  Users  do  not   have  to  spend  7me  in  repea7ng  these  steps,  
and  can  profit  from  an  already  proven  solu7on  offered  by  Cloud  Providers  (Armbrust  et  al.,  2009).

Towards a Healthy Cloud Page 43 of 218 Juan Hernández Colomina

  The   cost   of   resources   is  one   of   the  most   important   considera7ons  for  Cloud  Providers  when  
considering  where  to  locate  their  data  centers.  As  the  prices  of   manufacturing  resources  vary  strongly  
geographically  and  since  it  is  cheaper  to   transport  data  over   computer   networks  than  electricity  over  
high-­‐voltage  infrastructures  (Armbrust  et  al.,  2009),  Cloud  Providers  must  carefully  consider  resource’s  
cost  prices  to  determine  the  op7mal  loca7on  for  their   data  centers.  Cloud  Providers  should   consider  
the  price  of  electricity   and  cooling  (one  third  of  data  center   costs)  as  well  as  human  capital  costs,   real  
state  prices  and  taxes  in  their  economic  calcula7ons.

  Addi7onal  roles  in  Cloud  Compu7ng  are  Cloud  Service  Brokers,   Cloud  Sorware  Manufacturers,  
and   Cloud   Consultants  and  Integrators  among  others.   As  Cloud  Compu7ng  services  mature  over   the  
years,   Gartner   predicts  a   growing   importance  of   Cloud   Service  Brokers  which  can   be  found  in   the  
following   categories:   Cloud   Service   Intermedia7on,   Cloud   Service   Aggrega7on   and   Cloud   Service  
Arbitrage  (PeOey,   2009b).  Cloud   Sorware  Manufacturers  like  for   example   Enomaly   or   Open  Nebula  
leverage  the  tools  necessary   to   build  clouds  for   Cloud   Providers  and  Enterprises.   The  role  of  Cloud  
Integrators  is  currently  being   played  by  the  leading  consultancy  organiza7ons.  Some  focus  on  guiding  
enterprises  in   leveraging   Internal  Private   or   Hybrid  Clouds  (e.g.   Accenture,   Capgemini)   and   others  
focus  more  on  leveraging  Public  Clouds  (e.g.  Cloudscale).

2.7. Research  Defini*on  of  Cloud  Compu*ng  

  For  the  purpose  of   this  research   we  have   considered  all  the  previous  defini7ons  described  in  
this  report  to  combine  their  main  components  into  an  overview  (see  table  8).  From   this  overview   we  
will  generate  our   research   defini7on  of  Cloud  Compu7ng.   As  some   terms  or  concepts  represent   the  
same  idea,  we  have  consolidated  them  into  a  single  concept  which  represents  in   our  opinion  beOer  
the  characteris7c  being  discussed  (see  table  9).

  The  first   process  of   extrac7ng   the  main  components  from  defini7ons  is  shown   in  table  8.  It   is  
important   to   note  that  main  components  are   not  only   extracted  from  defini7ons  but   in  some  cases  
they  are  explicitly  men7oned  by  the  organiza7on  as  described  previously   in  this  report.  In  those  cases  
we  have  included  the  main  components  men7oned  even  if  they   cannot  be  directly  linked  to  (parts  of)  
the  defini7on.

Towards a Healthy Cloud Page 44 of 218 Juan Hernández Colomina

Table  8:  Component  Extrac*on  from  Defini*ons

Defini*on Components  Extracted

University  of  Berkeley:  "applica7ons  delivered  as  a  service  over  the   Applica7ons,  As-­‐a-­‐service,  Internet  as  delivery  &  
Internet  (SaaS)  and  the  infrastructure  that  delivers  them." Suppor7ng  Infrastructure

Telefonica:  “Clouds  are  a  large  pool  of  easily  usable  and  accessible  
virtualized  resources  (such  as  hardware,  development  plaxorms  and/
Large  pools,  easily  usable,  easy  accessible,  
or  services).  These  resources  can  be  dynamically  reconfigured  to  
virtualized  resources,  dynamically  reconfigured,  
adjust  to  a  variable  load  (scale),  allowing  also  for  an  op7mum  resource  
scalability,  op7mum  resource  op7miza7on,  pay-­‐
u7liza7on.  (...)  typically  exploited  by  a  pay-­‐per-­‐use  model  in  which  
per-­‐use  model,  customized  SLAs
guarantees  are  offered  by  the  Infrastructure  Provider  by  means  of  
customized  SLAs.”
University  of  Melbourne:  "a  collec7on  of  interconnected  and  
virtualised  computers  that  are  dynamically  provisioned  and  presented   Interconnected  virtualized  computers,  dynamically  
as  one  or  more  unified  compu7ng  resources  based  on  service-­‐level   provisioned,  unified  presenta7on  of  resources,  SLA  
agreements  established  through  nego7a7on  between  the  service   based
provider  and  consumers.”
IEEE  Interna*onal  Conference  on  Cloud  Compu*ng:  “the  style  of  
compu7ng  in  which  dynamically  scalable  and  oren  virtualized  
Dynamic  and  scalable  resources,  oren  virtualized,  
resources  are  provided  as  a  service  over  the  Internet”  (...)  “offer  
as-­‐a-­‐service,  over  the  Internet,  on-­‐demand
resource  u7liza7on  as  on-­‐demand  service,  which  lays  the  founda7on  
for  applica7ons  to  scale  during  run7me”  
On-­‐demand  self-­‐service,  ubiquitous  network  
access,  loca7on  independent  resource  pooling,  
Media:  “on-­‐demand  access  to  virtualized  IT  resources  that  are  housed  
rapid  elas7city,  usage  based  pricing,  rapid  
outside  of  your  own  data  center,  shared  by  others,  simple  to  use,  paid  
provisioning,  shared  resources,  self-­‐service  
for  via  subscrip7on,  and  accessed  over  the  Web”.
func7onality,  lack  of  ownership  of  resources,  
virtualized  IT  resources
Forrester:  “a  mul7tenant,  dynamically  provisioned  and  op7mized   Self-­‐service  deployment,  automated  workload  
infrastructure  with  self-­‐service  developer  deployment,  hosted  within   distribu7on,  mul7-­‐tenant  resource  pools,  workflow  
the  safe  confines  of  your  own  data  center” management,  dynamic  provisioning
Gartner:  “massively  scalable  and  elas7c  IT-­‐related  capabili7es  are  
Service  Based,  scalable  and  elas7c,  shared,  
provided  as  a  service  using  Internet  technologies  to  mul7ple  external  
metered  by  use,  internet  as  delivery  channel
Capgemini:  “Cloud  compu7ng  is  the  use  of  massively  scaled  offsite  IT  
Scalability,  off-­‐site,  assembled  virtually,  on-­‐
resources  assembled  virtually,  accessed  over  the  internet,  used  on  
demand,  pay-­‐per-­‐use,  shared  workloads,  internet  
demand  in  real-­‐7me  or  near  real-­‐7me  on  a  pay-­‐per-­‐use  or  subscrip7on  
basis,  where  the  workloads  are  shared  among  mul7ple  customers”.

Accenture:  dynamic  provisioning  of  IT  capabili7es,  whether  hardware,   Dynamic  provisioning,  from  a  third  party,  over  the  
sorware,  or  services  from  a  third  party  over  the  network.” network

NIST:  “Cloud  compu7ng  is  a  model  for  enabling  convenient,  on-­‐

demand  network  access  to  a  shared  pool  of  configurable  compu7ng  
On-­‐demand  self-­‐service,  broad  network  access,  
resources  (e.g.,  networks,  servers,  storage,  applica7ons,  and  services)  
resource  pooling,  rapid  elas7city,  measured  service.
that  can  be  rapidly  provisioned  and  released  with  minimal  
management  effort  or  service  provider  interac7on.”

  Based   on   the   extracted   components   we   can   proceed   by   crea7ng   an   overview   of   these  

components   and   how   oren   they   are   men7oned.   This   second   process   of   combining   all  the   main  
components  into  an  overview  is  depicted  in  table  9.  For  clarifying  purposes  we  have  grouped   similar  
components  into  a  single  row.

Towards a Healthy Cloud Page 45 of 218 Juan Hernández Colomina

Table  9:  Cloud  Compu*ng  Main  Components  Overview

Component Extracted  from  defini*on

Applica7ons Berkeley  University

As-­‐a-­‐service  /  Service  Based Berkeley  University,  IEEE,  Gartner,  NIST

Internet  /  Ubiquitous  Network  Access Berkeley  University,  IEEE,  Media,  Gartner,  Capgemini,  Accenture,  NIST

Suppor7ng  Infrastructure Berkeley  University

Large  Amounts  of  Resources Telefonica

Easily  Usable  /  Unified  Presenta7on  /  Self-­‐service Telefonica,  Melbourne  University,  Media,  Forrester,  NIST

Easy  Accessible  /  On-­‐demand Telefonica,  IEEE,  Media,  Capgemini,  NIST

Virtualized  Resources  /  Assembled  Virtually Telefonica,  Melbourne  University,  IEEE,  Media,  Capgemini

Dynamic  /  Scalable  /  Elas7c  /  Automa7c   Telefonica,  Melbourne  University,  IEEE,  Media,  Forrester,  Gartner,  
Workload  Distribu7on  /  Workflow  Management Capgemini,  Accenture,  NIST

Resource  Op7miza7on  /  Pooling  /  Shared  

Telefonica,  Media,  Forrester,  Gartner,  Capgemini,  NIST
Resources  /  Mul7-­‐tenant

Pay-­‐per-­‐use  /  Usage  Based  Pricing  &  Metering Telefonica,  Media,  Gartner,  Capgemini,  NIST

Customized  SLAs  /  SLA  based Telefonica,  Melbourne  University

Loca7on  Independent Media

Lack  of  Ownership  /  Offsite  /  From  Third  Party Media,  Capgemini,  Accenture

  As  shown  in  the  above  table,   some  components  are  found  in  almost  all  defini7ons  while  others  
are  men7oned  rarely.   In  construc7ng  our   research  defini7on  of  Cloud  Compu7ng  we  have   dropped  
some  of  these  components  as  they  are  only  used  by  few  par7es  and  do  not  truly  represent  the  current  
solu7ons  found  in  the  market.  

  The  first   component   that   we   have  dropped   is   Applica7ons,   as  the  Cloud   Compu7ng   model  
delivers   more   than   just   Applica7ons.   If   we   analyze   the   different   services   currently   being   offered  
following   this   model  we  observe  that   besides   applica7ons  also  infrastructure  and  plaxorm  services  

Towards a Healthy Cloud Page 46 of 218 Juan Hernández Colomina

are  being  offered  (IaaS  provider  and  PaaS  providers  respec7vely).  Consequently  we  also  dropped  the  
component  Suppor7ng  Infrastructure  as  in  some  cases  the  infrastructure  is  the  service  being  delivered  
(e.g.   IaaS   solu7ons)   and   it   is  also   a  logical  implica7on   for   providers   (in   order   to   deliver   services  
providers  need  to  use  a  suppor7ng  infrastructure).

  The  term  Large  Amount  of  Resources  has  also  been  dropped  for  two  reasons.  The  first  reason  
is  that   the  term  “large”   is  rather   subjec7ve  and  can  be  contradictorily   interpreted  by   two   par7es.  A  
group  of  resources  might   be  regarded  as  large  by  some  organiza7on  and  at  the  same  7me  as  small  by  
another  organiza7on.   The  second  reason  is  that  there  is  not  a  minimum  limit   of  resources  to  deploy  a  
Cloud   Compu7ng   solu7on.   For   example,   some   solu7ons   (e.g.   Ubuntu   Enterprise   Cloud)   can   be  
deployed  on   two  computers  (or   two  virtual  images  on  one   computer).   Although   in   prac7ce  Cloud  
Compu7ng  solu7ons  are  deployed   on  large  amounts  of  resources  to  enable  on-­‐demand  provisioning,  
scalability   and   elas7city,   it   is  not   a  necessary   requirement   as  these  benefits   can  also   be   achieved  
through  other  means  (e.g.  outburs7ng  of  Private  Clouds  to  Public  Clouds).  

  We  also  have   dropped  the   components  Loca7on  Independent   as  well  as  Lack  of  Ownership,  
Offsite,  and  From  Third  Party   as  organiza7ons  can  leverage  Internal  Clouds  (within   the  organiza7onal  
limits)  and/or  Private  Clouds  (only  accessible  by  a  single  organiza7on).  We  have  further  combined  SLA  
based   with  the   As-­‐a-­‐service   component   as  the  former  is  the  logical  embedding  of   the  later.  Service  
Level  Agreements  are  used  to  nego7ate,  measure  and  improve  the  quality  of  services  provided.  

  Although   not   dropped   en7rely   from   the  defini7on,   Virtualized   Shared   Resources,   Resource  
Op7miza7on   and   Self-­‐Service   interface   are  par7ally   included  as  possible  addi7onal  elements  oren  
found  in  current  solu7ons.  Although  Virtualiza7on   is  oren  applied  to  op7mize  resource  op7miza7on,  
this  is  not  always  the  case  as  some  Cloud  Providers  do  not  apply  any  form  of  (hardware)   virtualiza7on  
to   their   offerings  (e.g.   Google,   RightScale,     etc.).   The   existence   of   Private   and/or   Internal  Clouds  
indicates  that  Shared  resources  and  Mul7-­‐tenancy  are  not  essen7al  elements.  

  Moreover,  Resource  Op7miza7on  is  not  directly  related  to  the  services  being  offered  but  rather  
to  the  op7mum   implementa7on  by   a   Cloud  Provider.   A   Cloud  User   does  not   directly   benefit   from  
beOer   resource  op7miza7on  as  a   Cloud  Provider   does.   We  consider   the  Self-­‐Service  interface  to  be  
one  possible  implementa7on  of  the  On-­‐Demand  component  and  therefore  we  cannot  include  it  in  our  
defini7on  as  it  would  exclude  other  implementa7ons  (e.g.  automated  provisioning).  

  Taking   into  account  these  considera7ons  we  have  elaborated  the  following  research  defini7on  
of  Cloud  Compu7ng  to  be  use  in  the  rest  of  this  report:  Cloud  Compu*ng  is  the  delivery  model  where  
on-­‐demand   elas*c   IT   capabili*es   are   offered   as-­‐a-­‐service   through   the   Internet   following   a   usage  
based   pricing   model.   There   are  a  large  number   of   IT   capabili7es  offered   according   to   the   Cloud  
Compu7ng  model.  Some   examples  of   the  most  popular  services  are  infrastructures   (IaaS  solu7ons),  
plaxorms  (PaaS  solu7ons),  and  sorware  (SaaS  solu7ons).

Towards a Healthy Cloud Page 47 of 218 Juan Hernández Colomina

3. Taxonomy of Cloud Solutions
  Arer  defining   the  term  Cloud  Compu7ng  (see  sec7on  2)  and  in  order   to  obtain  a  clear  view  on  
the  possible  implementa7ons  we  con7nue  in  this  sec7on  by  analyzing  the  possible  types  of  solu7ons  
currently   available  in   the   market.   For   this  purpose,   we   consider   in   this  research   three  models  to  
classify   Cloud  Compu7ng  solu7ons   according  to   three  different   perspec7ves:   what   are  the  services  
being   offered   (Service   Model),   where  are  the   services   located   (Deployment   Model)   and   who   can  
access  those  services  (Access  Model).

3.1. Service  Model

  The  oren   men7oned   model  for   classifying   Cloud  Compu7ng   solu7ons  is  the  Service   Model  
which  groups  solu7ons  according  to  the  type  of  services  being  offered.  This  model  is  included  by  NIST,  
scien7fic  ar7cles,  consultants,  analysts  and  media  publica7ons  in  their  defini7ons  of  Cloud  Compu7ng.

  This   common   taxonomy   of   Cloud   Compu7ng   services   takes   into   account   the   level   of  
abstrac7on   from   bare  metal  (e.g.   hardware)   and  the  flexibility   provided  to   the  end  user.   From  this  
perspec7ve  we  can  classify   Cloud  Compu7ng  solu7ons  into  Sorware-­‐as-­‐a-­‐service  (SaaS),  Plaxorm-­‐as-­‐
a-­‐service  (PaaS)   and  Infrastructure-­‐as-­‐a-­‐service   (IaaS)   offering   respec7vely   sorware,   plaxorms  and  
infrastructure  services  (Armbrust  et  al.,  2009)  (Vaquero  et   al.,  2008)  (Spinola,  2009).  It  is  important  to  
note  that  as  we  go  up  the  service  stack  we  encounter  solu7ons  with  greater  levels  of  abstrac7on  and  
lower  levels  of  flexibility,  while  if  we  go  down  the  service  stack  user’s  flexibility   increases  in  detriment  
of  abstrac7on  from  bare  metal.    

  By  abstrac7on  we  mean  the  level  of  automa7on  to  end  users.  Using  IaaS  solu7ons  for  example,  
the   end  user   needs  to  manage   hardware  and  opera7ng  systems  while  in  PaaS  services  the   end  user  
only   manages  code  development  and  deployment.   Moreover,  end   user   of  SaaS  services  do  not   even  
need   to   manage  code  deployment   when  using   the   applica7on.   It   is  important   to  note  that   higher  
automa7on  (e.g.  abstrac7on)  implies  lower   flexibility   as  the  user  cannot   configure  the  parts  that  are  
automated.  The  Service  Model  and  this  trade-­‐off  is  depicted  on  figure  5.

   Figure  5:  Service  Model    

                 It   is  important   to  note  that   these  three  types  of  services  are  not  
the   only   ones   currently   being   offered.   The   model   presented   is  
therefore   not   exhaus7ve   as   it   focus   on   the   most   common   IT  
capabili7es   (e.g.   hardware,   sorware,     etc.).   The   large   variety   of  
services  being  offered  range  from  complete  e-­‐business  solu7ons  to  
mail   applica7ons   and   from   CPU   cycles   to   large   compu7ng   and  
algorithmic  facili7es  (Stevens  &  PeOey,   2008).  It  is  the  granularity  of  
the  services  provided  from  the  cloud  that   makes  it   possible  to  align  
the  required  infrastructure  and  sorware  to   the   business  needs  at  a  
par7cular  point  in  7me.  

Towards a Healthy Cloud Page 48 of 218 Juan Hernández Colomina

  Although   service   offerings   are   not   limited   to   these   three   typologies   they   can   oren   be  
generalized  into   one  of  them.  For   example,  data-­‐as-­‐a-­‐service  or  BPM-­‐as-­‐a-­‐service  can  be  generalized  
into  SaaS  or   PaaS  types,   depending   on   the  context   and  the   exact   service  being   offered.   Moreover,  
services  can  be  build  on  top  of   other  services  with  lower   levels  of  abstrac7on.   For   example,   a   SaaS  
applica7on   can   be  build   on   top   of   a  PaaS   plaxorm   (e.g.   plugin   build   on  
plaxorm).  SaaS  and  PaaS  solu7ons  can  therefore  also  be  deployed  on  IaaS  solu7ons  (e.g.  Google  Apps  
and   Google   App   Engine   on   top   of   Google’s   Private   IaaS   infrastructure).   When   evalua7ng   such  
composed   services  Cloud   Users  should   consider   the  specific   characteris7cs  of   the  solu7on   at   each  
abstrac7on  levels.  

  As  Cloud  Providers  naturally  seek  compe77ve  differen7a7on  we  can  expect  a  process  of  Cloud  
Compu7ng  PaaS-­‐ifica7on.   In   this  process  SaaS  solu7ons  will  incorporate  more  flexibility   by   allowing  
users  to  develop  or   customize   their   applica7ons  (becoming  a  PaaS   plaxorm)  and  IaaS   providers  will  
add   features  that   speed   up   the   use  of   the  services  (e.g.   adding   run7me   environment,   framework,    
etc.),     evolving  into  plaxorms.   At   the  moment   of   wri7ng   we  can   observe  this  shir   towards  cloud  
plaxorms  at  Salesforce’s  (PaaS  based  on  their  SaaS  solu7ons)   and   Amazon  EC2  suppor7ng  
frameworks  out-­‐of-­‐the-­‐box  (PaaS  on  top  of  IaaS).  

  It  is  important  to  note  that  none  of  these  types  of  Cloud  Services  is  beOer  than  the  others.   All  
levels  of  flexibility  and  abstrac7on  must  be  considered  when  developing  a  new  applica7on  in  order  to  
select   the   level   best   fiOed   for   that   specific   applica7on.   Some   applica7ons  might   require   specific  
hardware   configura7on   while   in   other   applica7ons   this   high   flexibility   level   could   complicate  
development   and   deployment   unnecessary.   For   clarifying   purposes   we   shortly   describe  the   three  
service  types  included  in  this  model:

A.  Somware  as  a  Service  (SaaS)

  SaaS  can  be  defined  as  “sorware  deployed  as  a  hosted  service  and  accessed  over  the  Internet”  
and   it  differs  from  on-­‐premises  sorware  in  the  loca7on  where  the  sorware  code   is  stored  and  how  
the  sorware  is  deployed  and  accessed   (Chong  &  Carraro,   2006)  (Mietzner,  Leymann,  &   Papazoglou,  
2008)   (Vaquero  et   al.,  2008)   (Armbrust   et   al.,   2009).   According  to  previous  work   SaaS  represents  a  
new   paradigm   in   sorware   delivery   which   implies   an   architectural   model  based   on   mul7-­‐tenancy  
efficiency,   massive  scalability   and   metadata  based   configurability.   Some  of   the  most   popular   SaaS  
offerings  are  Salesforce  CRM,  Cisco’s  WebEx,  Google’s  Gmail  and  SAP’s  Business  ByDesign.

  Using   SaaS  solu7ons  might  result  in  changing  the  ownership  of  sorware,  shiring  responsibility  
of   infrastructure  management  to  the  SaaS  provider,   reducing  opera7onal  costs   and/or   targe7ng  the  
long   tail  of   smaller   businesses  (Chong  &   Carraro,  2006).   In  every   as-­‐a-­‐service   model  transferring  IT  
responsibili7es  from   customer   to  provider   implies   a  different   distribu7on  of   budgets  for   sorware,  
hardware  and  professional  services  (Chong  &  Carraro,  2006).  On  tradi7onal  on-­‐premises  architectures,  
the  budget  for  hardware  and  services  is  higher  than  in  SaaS  architectures  as  a  part   of  them  is  carried  

Towards a Healthy Cloud Page 49 of 218 Juan Hernández Colomina

by   the  sorware   vendor.   As  a  direct  consequence  the  sorware  vendor   might  include  a  part  of  these  
costs  in  the  pricing  of  the  SaaS  solu7on.    

  The  long  tail  theory   states  that   a  large  group   of  low-­‐volume  items  translates  into   higher   total  
revenues   than   high-­‐volume  ones  (Chong   &   Carraro,   2006).   Nevertheless,   most   tradi7onal  sorware  
vendors  focus  on   large   customers  as  they   are   the  only   ones  that   can   afford  to  pay   the  high  level  of  
customiza7on   needed   to  deploy   sorware   on-­‐premises.   Due   to   the  economies  of   scale   and   mul7-­‐
tenancy  achieved  by  SaaS  vendors  a  new  market  opens  to  them  that  was  previously  cost-­‐ineffec7ve  to  
serve  (Chong  &  Carraro,  2006).  As  SaaS  vendors  can  offer  sorware  cheaper  than  on-­‐premises  they  can  
benefit  from  the  high  volumes  represented  in  the  long  tail.  

  Customiza7on   in  SaaS  solu7ons  can  be  achieved   by   iden7fying   variability   points  that  support  
the  configura7on  of   a  SaaS  applica7on   to  any   customer’s  specific   needs  (Mietzner   et   al.,   2008).   To  
achieve   this  the  SaaS   vendor   can  create  an  applica7on  template  that   includes  a  series  of  variability  
points  that   are  further   configured   by   the  SaaS   provider   to  create  customized   applica7ons   for   each  
SaaS  customer.   There  are  therefore  two  main  types  of  ar7facts  in  a  SaaS  solu7on,  a  fixed  part  that   is  
equal  for  all  tenants  and  configurable  metadata  that  enables  applica7on   customiza7on  (Mietzner  et  
al.,  2008).  

! SaaS  applica7ons  can  be  offered  following   different   mul7-­‐tenancy   strategies  according  to  the  
applica7on’s   needs   and   capabili7es   for   scalability,   configurability   and   mul7-­‐tenancy   awareness  
(Mietzner,   Unger,  Titze,   &   Leymann,   2009)   (Mietzner   et   al.,   2008).   Previous  research  on   SaaS  as  an  
alterna7ve  to  tradi7onal  on-­‐premises  sorware  has  incorporated  these   key   components  of   SaaS  into  
an  architectural  model  based  on  four   maturity  levels  (Chong  &  Carraro,  2006).   In  order  to  choose  the  
right  maturity   level  for  a  specific   applica7on  the  organiza7on  should  take  into  account   if  an  isolated  
approach   makes  financial  sense  (business  model),   if   the  applica7on  can   be  ran   in  a  single  instance  
(architecture)   and   if   the   applica7on   can   maintain   the   level   of   service   (SLAs)   without   isola7on  
(opera7onal  model).

  A   SaaS   applica7on   is   oren   scalable,   mul7-­‐tenant-­‐efficient   and/or   configurable   (Chong   &  

Carraro,  2006)  (Mietzner  et  al.,  2009).   Although  not   all  three  characteris7cs  are  compulsory  in  a  SaaS  
applica7on   we   oren   find   at   least   one   of   them   in   each   SaaS   solu7on.   Based   on   how   these   SaaS  
characteris7cs   are   implemented   we   can   dis7nguish   between   four   maturity   levels:   ad-­‐hoc,  
configurable,   configurable   mul7-­‐tenant   and   scalable,   configurable,   mul7-­‐tenant   efficient   (Chong   &  
Carraro,  2006).  

  The  first   maturity   level  (ad-­‐hoc)   can   be  compared  to   the  tradi7onal  ASP   model   (applica7on  
service   provider)   of   sorware   delivery   (Chong   &   Carraro,   2006).   In   this  level  each   customer   has  a  
separate   customized   instance   of   a   hosted   applica7on.   This   level   reduces   costs   through   the  
consolida7on  of  hardware   and  overhead  costs.   In  the  second  maturity   level  (configurable)  the   SaaS  
vendor   hosts   a   separate   instance   for   each   tenant   where   all   instances   use   the   same   code  

Towards a Healthy Cloud Page 50 of 218 Juan Hernández Colomina

implementa7on  that  include  detailed  configura7on  op7ons  (Chong  &   Carraro,  2006).  Each  instance  is  
equal  to  the  others  but  remains  fully  isolated.  This  level  enables  efficiency   in  sorware  updates  as  the  
are  implemented  in  the  code  and  therefore  used  at  once  by  every  tenant.  

  The  third  level  of   maturity   (configurable  &   mul7-­‐tenant   efficient)   includes  a  single   instance  
serving   every   tenant   with  configurable  metadata  allowing   some  degree  of  customiza7on  (Chong   &  
Carraro,  2006).  Security  is  in  this  context  crucial  to  guarantee  that   data  is  isolated  between  tenants.  
Moreover,  scalability   is  achieved  ver7cally   by  moving  to  a  larger  instance.  In  the  fourth  and  last  level  
of   SaaS  maturity  (Scalable,  Configurable  and  Mul7-­‐tenant  efficient)  a  load-­‐balanced  group  of   iden7cal  
instances  is  available  with  configurable  metadata  and  isolated  data  storage  (Chong  &  Carraro,  2006).  It  
is  important   to  note   that   this  maturity   level  is  the  only   one  leveraging  the  capabili7es  of  horizontal  
scalability  across  the  available  instances.

  According   to  previous  research  on  SaaS  mul7-­‐tenancy   paOerns  (Mietzner   et  al.,  2009)  a  SaaS  
service  can  be   configurable  or   non-­‐configurable.   In  each  of   these   two   categories  we  can   find  three  
mul7-­‐tenancy   paOerns:   single   instance,   arbitrary   instance   and   mul7ple   instance   (Mietzner   et   al.,  
2009).   There  are  therefore  six   different   mul7-­‐tenancy   paOerns  available  ranging  from   configurable  
single   instance  to  non-­‐configurable   mul7ple   instances.   Arbitrary   instances  are   mixes  of   these  two  
types,  where  some  tenants  share  instances  and  others  do  not.  This  might  be  to  guaranteed  the  quality  
of  service  of  due  to  legal  requirements  in  some  clients.  The  following  table  (see  table  10)  reflects  some  
of   the   considera7ons  that   we   can   find   in   previous   work   related   to   each   of   these   mul7-­‐tenancy  

Table  10:  SaaS  mul*-­‐tenancy  paRerns

PaRern Focus Considera*ons

Offering  some     (+)  Centralized  deployment,  maintenance  and  updates  for  

Single   customiza7on  while   the  fixed  part  of  the  applica7on.  Ver7cally  scalable.
Instance maintaining   (+)  Par7al  isola7on  and  customiza7on
centraliza7on (-­‐)  Deployment  of  customiza7on  cannot  be  centralized

Quality  of  service  or   (+)  Mix  of  single  and  mul7ple  instances
Arbitrary   compliance  while   (+)  Allows  fully  isola7on  when  needed
Instance allowing   (+)  Horizontally  and  ver7cally  scalable
customiza7on (-­‐)  Less  centraliza7on  than  single  instance

Customiza7on  when  
(+)  Full  customiza7on
Mul7ple   applica7on  logic  is  
(+)  Horizontally  scalable
Instances very  specific  tenant  
(-­‐)  Decentralized  deployment  and  maintenance

A  service  with  the   (+)  Centralized  deployment,  maintenance  and  updates  for  
same  behavior  for  all   all  tenants.  Ver7cally  scalable
tenants.   (-­‐)  No  isola7on  of  data  or  customiza7on

Towards a Healthy Cloud Page 51 of 218 Juan Hernández Colomina
PaRern Focus Considera*ons

(+)  Mix  of  single  and  mul7ple  instances

Guaranteeing  the  
Arbitrary   (+)  Allows  fully  isola7on  when  needed
Non-­‐ quality  of  service  or  
Instance (-­‐)  Ver7cally  scalable
Configurable compliance
(-­‐)  Less  centraliza7on  than  single  instance

Customiza7on  when   (+)  Full  isola7on  and  customiza7on

Mul7ple   applica7on  logic  is   (+)  Centraliza7on  with  templates  and  variability  points
Instances very  specific  tenant   (-­‐)  Less  centralized  that  the  other  two  approaches
specific (-­‐)  Ver7cally  scalable

  Although   we   consider   mul7-­‐tenancy   not   an   essen7al  feature  of   cloud   compu7ng   any   cloud  
vendor  or  provider  can  deploy  any   of   the  above  paOerns  in  another  type  of  cloud  solu7on  (e.g.  PaaS,  
IaaS,    etc.)  to  create  mul7-­‐tenant  aware  solu7ons.

B.  Planorm  as  a  Service  (PaaS)

  If  we  increase  the  level  of  abstrac7on  from  hardware  to  the  OS  and  common  applica7ons  (e.g.  
web  server,   load  balancing,    etc.)   we  reduce  complexity   but  also  programmer’s  flexibility.  Using  this  
delivery   model  customers  rent   vendor’s  hosted  infrastructure  and  programming  tools  to   create  their  
own  applica7ons  (Spinola,  2009).  According  to  NIST,  the  consumer  uses  a  hos7ng  environment  for  his  
applica7ons   that   run   in   the   environment   but   cannot   control   the   opera7ng   system,   hardware   or  
network  infrastructure.   PaaS  solu7ons  aim  to  enable  easy   development  and  deployment  of  scalable  
web  applica7ons  (Schiebl,  2009).  They  are  APIs  for  crea7ng  new  applica7ons  on  the  cloud  (Michelson,  

  This  kind  of  solu7on  is  currently  being  offered  by   Microsor’s  Azure,  Google  App  Engine,  Elastra  
and   RightScale   among   others   (Leighton,   2009).   Google’s   App   Engine   is   developed   to   host   web  
applica7ons  on  the  cloud  by  clearly  separa7ng  the  stateless  computa7on  layer  from  state-­‐full  storage  
layer   (Armbrust  et  al.,  2009).  Sorware  hosted  on  the  App  Engine  plaxorm   must  have  a  request-­‐reply  
behavior   to   minimize   the   resources   allocated   to   each   request.   The   mechanisms   for   guaranteeing  
availability   and  automa7c  scalability  as  well  as  the  data  storage  layer  (MegaStore)  are  dependent   on  
these  constrains  (Armbrust  et  al.,  2009).

C.  Infrastructure  as  a  Service  (IaaS)

  The   lowest   level   of   abstrac7on   is   provided   by   Infrastructure-­‐as-­‐a-­‐service   providers   or   as  
Berkeley   calls   them   Hardware   Virtual   Machines   (Armbrust   et   al.,   2009).   IaaS   can   be   defined   as  
hardware  resources  on   demand   (Michelson,   2009).   This  delivery   model  provides  users   with   basic  
compu7ng   resources  (e.g.   storage,   processing,    etc.)  on  a   rental  basis  (Spinola,  2009).  According  to  
NIST,   the   consumer   uses   “fundamental   compu7ng   resources”   but   cannot   control   the   underlaying  
infrastructure.   Although   this  type  of   model   increases  programmer’s  flexibility   with   a  low   level  of  
abstrac7on   it   implies   also   that   Cloud   Users  must   administrate   the   en7re   scope   of   their   solu7on  
themselves,  including  OS  configura7on,  backup,  updates,  etc.  (Schiebl,  2009).

Towards a Healthy Cloud Page 52 of 218 Juan Hernández Colomina

  Examples  of  IaaS  vendors  are   Akamai,   Amazon,   GoGrid  and   Joyent  (Leighton,   2009).   Amazon  
offers  for   example  their   EC2   solu7on   for   compu7ng   resources  and   their   S3   solu7on   for   persistent  
storage.  In   Amazon  EC2  resources  are  referred  to  as  instances  and  they  are  comparable  with  physical  
resources.  Through  an  Applica7on  Programming  Interface  (API)  it   is  possible  to   configure  an  instance  
within   minutes.  Customers  can  buy   the  CPU   cycles,   MB   of  storage  and  IP   connec7vity   that   best   fit  
their  needs  at  a  certain  point  in  7me.  

3.2. Deployment  Model

  Another   model  oren   found  in  previous   research  is   the   Deployment   Model  which  classifies  
solu7ons  according  to   where  they  are  located  (Internal,  External  or  Hybrid  Clouds).  Gartner  research  
describes   two   viewpoints   on   the   cloud:   services   and   technology.   The   service   perspec7ve   is  
characterized   by   remote   access   to   services  and   compu7ng   resources  over   the   internet   while   the  
technology  point   of  view  represents  another  data  center   approach  on  internal  enterprise  systems  with  
no  use  of   external  off-­‐premises   third  party   capabili7es   (Brodkin,  2009).  According   to  Gartner,  these  
two  perspec7ves  are  both  valid  but   their  differences  should  be  carefully  considered  as  well  as  mixed  
forms  of  these  two  types  (an  Hybrid  Cloud).

  Internal  clouds  are  hosted  within  an  organiza7on’s  boundaries  and  aim  to  leverage  the  firm’s  
standard  processes  and   security   measures  (e.g.  firewalls,  DMZs,    etc.).  They  are  oren   limited  in  size  
and  scalability  as  they  are  fully  financed  by   the  organiza7on.  This  type  of   cloud  is  best  fiOed  for  firms  
that  require  full  control  and  configurability  of  their  infrastructure  and  security,  and  is  oren  used  when  
business   opera7ons  are   subject   to   strict   compliance   standards   (Spinola,   2009).   Moreover,   as   the  
organiza7on  does  not   depend  on  the  performance  and  availability  of  external  networks  (e.g.  Internet)  
or  providers  (e.g.   Cloud  Provider),  Internal  Clouds  are  highly  recommended  for   deploying   applica7ons  
that  handle  sensi7ve  data  or  need  high  availability  (Perry,  2009).

  External   Clouds   are   located   outside   the   organiza7onal   domain   and   they   are   oren   more  
scalable   and   cost   efficient   than   Internal   Clouds.   However,   this   might   imply   concessions   on   the  
solu7on’s  security  and  customiza7on  levels  as  well  as  higher   dependancies  on  third  par7es  and  public  
network’s  performance  (e.g.  Internet).

  An  interes7ng  mixed  approach  between  Internal  and  External  Clouds  are  Hybrid  Clouds.   Hybrid  
Clouds  are  Internal  Clouds   linked   to  External  Clouds  where  the  external  capabili7es  are  only   used  
when  needed.  An  organiza7on  can  use  an  Hybrid  Cloud  to  maintain  the  required  levels  of  security  and  
customiza7on   while   leveraging   External   Cloud   capabili7es  for   scalability   at   peak   workloads  (Cloud  
Burs7ng)  and  fail-­‐over  situa7ons.

Towards a Healthy Cloud Page 53 of 218 Juan Hernández Colomina

3.3. Access  Model
  The  third  model  that   we  consider  on  this  research  is  the  Access  Model  that  classifies  solu7ons  
according  to  who  can   access  them  (Public,  Private  and  Hybrid  Clouds).   Although   Private  Clouds  offer  
the  highest  possible  control  they   cannot   fully   leverage   the  full  poten7al  of  Cloud  Compu7ng.   Public  
Clouds  on  the  contrary   offer   less  control  but   can   enable  most   of   the   values  of   this  new   paradigm  
(Plummer,   2009).   Gartner   recommends  Hybrid  Clouds  that   can   leverage  some   of   the  benefits  while  
maintaining   the  desired  level  of   control.   For   this  purpose  organiza7ons  can  select   the  right   mix   of  
Public  and  Private  services  that  best  matches  their  specific  situa7on  at  hand  (Plummer,  2009).

  UC   Berkeley  RADSL  defines  a  Public   Cloud  as  a  cloud  where  the  infrastructure  layer  is  available  
on   demand   to  the  general  public   (Armbrust   et   al.,   2009).   This  is  what   Berkeley   refers  to   as  U;lity  
Compu;ng.  When  the  service  is  not  available  to  the  general  public  but  exclusively  to  users  of  a  single  
organiza7on  Berkeley   considers   it   to   be  a  Private  Cloud  (Armbrust   et   al.,   2009).   Although  Berkeley  
excludes   Private   Clouds   from   their   defini7on   of   Cloud   Compu7ng,   we   do   not   fully   agree   with  
Berkeley’s  perspec7ve  as  for  example  any  organiza7on  can  leverage  some  of  the  cloud  advantages  by  
deploying  a  Private  Cloud  for  corporate  use  only  (Perry,  2009).

  According  to  previous  research  a  Private  Cloud  is  designed  to  be  accessed  and  operated  only  
by  members  of  a  specific  organiza7on,  while  a  Public  Cloud  is  oren  open  for   use  by  the  general  public  
(Spinola,   2009)  (Perry,  2009).  As  Public   Clouds  make  use  of  economies-­‐of-­‐scale  by  leveraging  sta7s7cal  
mul7plexing   and   mul7-­‐tenancy,   the  savings   achieved  can   be  passed  on  to   Cloud  Users,  resul7ng  in  
cheaper   offerings  than   Private  ones.   However,  they   are  managed   and  supported  by  a  Cloud  Provider,  
offering  homogenous  resources  that  have  limited  configura7on  possibili7es  (Spinola,  2009).

  Public   Clouds   are   recommended   in   situa7ons   of   non-­‐cri7cal   SLAs   and   where   on-­‐premises  
infrastructures  have  limited  scaling  capabili7es  or  exper7se  (Michelson,  2009).  Private  Clouds  can  best  
be  used  when  trying  to  op7mize  resource  u7liza7on,   mission  cri7cal  SLAs  or  where  highly  secure  and  
fully   compliant   infrastructures   are   needed   (Michelson,   2009).   Among   others,   security,   intrusion  
detec7on   and   load   balancing   are   some   examples   of   func7onali7es   that   can   be   more   efficiently  
provided  by  Public  Clouds  (Howarth,  2009)  (Sheehan,  2009b).

3.4. Hybrid  Clouds

  Hybrid   Clouds  are   any   possible  combina7on   of   the  previous  models  ranging   from   Internal  
Private  Clouds  to  External  Public  Clouds.  The  connec7on  might  be  permanent   or  as  a  result   of  cloud  
burs7ng   (EvereO,   2009)   (Perry,   2009)   and   is  oren  implemented   using   standardized   or   proprietary  
technology  (Spinola,  2009).  Each  type  of  combina7on  implies  specific  types  of  risks  and  opportuni7es.  
Analysts  and   consultants  recommend   oren   an   hybrid   model  aligned   with   the   specific   project   or  
situa7on  at  hand.  

Towards a Healthy Cloud Page 54 of 218 Juan Hernández Colomina

  A   form  of   hybrid   clouds   are  hosted  clouds  or   External  Private   Clouds  (Spinola,   2009).   They  
apply   the  mul7-­‐tenant  layer  on  external  resources  but   the  cloud  is  only  accessible  by   a  single  Cloud  
User.  This  form  of  cloud  minimizes  the  large  capital  and  opera7onal  expenses  of   Internal  Clouds  while  
adding  elas7c  capabili7es.  As  they   are  dedicated  clouds,  they  allow   more  configura7on  and  flexibility  
than  standard  Public  Clouds.

  In  situa7ons  of  high  future  demand  uncertainty   for   an  specific  applica7on  Berkeley   believes  
that   deploying   a  Private  Cloud  will  lead  per  defini7on  to  data  center  underu7liza7on  due  to  the  over-­‐
provisioning  needed  to   cope  with  poten7al  peaks   in  demand  (Armbrust  et   al.,   2009).  On  the  other  
hand,   using   a   Public   Cloud  in  the  same  situa7on   will   automa7cally   lead  to   cost   savings  due  to  the  
usage  based  pricing  (pay-­‐by-­‐the-­‐hour)  model  (Armbrust   et  al.,  2009).  In  this  context,  an  Hybrid  Cloud  
that   scales  out  to  handle  peaks  could  be  the  best  solu7on  to  guarantee  the  con7nuity  of  services  at  a  
cost   efficient   manner.   This   is   what   some   prac77oners   describe   as   Cloud   Burs7ng   (Perry,   2009)  
(McLaughlin,  2009a)  (Treese,  2009)  (EvereO,  2009).   It  is  important   to  note  than  even  though  a  Cloud  
Users  can   scale   out   to   a  third  party   solu7on   they   s7ll  remain  responsible  for   their   corporate   data  
(EvereO,  2009).  

  According   to   Berkeley   performing   heavy   computa7ons   on   Private   Clouds  can   also   lead   to  
underu7liza7on   or   not   being  able   to  offer   the  required  computa7onal  capacity   for  the   task.   On  the  
contrary,   in  Public  Clouds  one  can  fully   benefit  from  parallel  processing  for   the  same  costs  as  1000  
cloud  servers  for   one  hour  cost  the  same  than   1  cloud  server  for   1000   hours  (Armbrust   et  al.,  2009).  
As  several  exis7ng  use  cases  demonstrate,   organiza7ons   should  consider   Public   Clouds   in  their   cost  
analysis  for  performing  heavy  computa7onal  tasks.

  Other  categoriza7ons  not   described  in  this  research  are  ver7cal  (industry)  or  horizontal  clouds  
(exper7se),   virtual   private   clouds   (VPC),   Cloud   Oriented   Architectures   (COA)   and   Cloud   Service  
Architectures  (CSA).

4. Common  Use  PaRerns

  Arer  having  defined  the  concept  of  Cloud  Compu7ng  (see  sec7on  2)  and  the  different  types  of  
solu7ons  available  (see  sec7on  3)  we  con7nue  in  this  sec7on  by   analyzing  some  of  the  most  common  
use  cases  that  leverage  this  new  delivery  model.   For  this  purpose  we  have  analyzed  a  variety  of   case  
studies  and  iden7fied  the   most  significant  use  paOerns.   Use  paOerns  in  the  context   of   this  research  
are  regarded  as  the  main  goals  of  Cloud  Users  when  adop7ng  a  Cloud  Compu7ng  solu7on.  

  It   is  important   to   note   that   this  use  paOerns  are   described   from   a  Cloud   User   perspec7ve.  
However,   Cloud  Providers  can  evaluate  how   this   paOerns  are  covered  in   their   offerings  in   order   to  
accelerate  the  adop7on  of  their  specific  Cloud  Compu7ng  solu7ons.  A  remark  should  be  made  on  the  
fact   that  in  some  types  of  Cloud   Compu7ng  solu7ons  (e.g.   Internal  and/or  Private  Clouds)  the  Cloud  
User  is  the  same  organiza7ons  as  the  Cloud  Provider.

Towards a Healthy Cloud Page 55 of 218 Juan Hernández Colomina

  An  overview  of  the  use  paOerns  analyzed  in  this  research  is  depicted  in  table  11.  The  overview  
includes  three  cases  for  each  paOern  and  the  specific  solu7on  applied.

Table  11:  Overview  of  Cloud  Compu*ng  Use  PaRerns

Use  PaRern Examples  &  Solu*ons  Applied

PresidioHealth  (GoGrid)
Resource  Op7miza7on Rentokil  (Google  Apps)
LA  County  (Google  Apps)
PresidioHealth  (Appistry  IQ  Cloud)
Scalability  &  Elas7city Wordpress  (MS  Azure)
TwiOer  (Amazon  S3)
New  York  Times  (Amazon  EC2)
High  Performance  Compu7ng Harvard  Medical  School  (Amazon  EC2  &  Oracle)
BT  (Amazon  EC2)
37signals  (Amazon  S3)
Fail-­‐over  /  Backup Zmanda  (Amazon  S3)
Jungle  Disk  (Amazon  S3)
PresidioHealth  (Appistry)
Business  Agility  /  Faster  Time  To  Market   Siemens  (Windows  Azure)
SugarCRM  (Windows  Azure)
GoGrid  (Windows  Azure)
External  Knowledge  &  Experience Associated  Press  (Windows  Azure)
Rover  Apps  (Rackspace  Cloud)

  In   the   rest   of   this   sec7on   we   elaborate   on   these   use   paOerns   to   provide   a   deeper  
understanding  of  the  situa7onal  factors  mo7va7ng   the  specific  usage.  Moreover,  by  using  this  sec7on  
an  organiza7on  can  evaluate  wether  the  specific  goals  can  also  be  applicable  to  their  context.

4.1. Resource  Op*miza*on

  Every   applica7on   needs   three   main   types   of   resources:   processing,   storage   and  
communica7on.   Tradi7onal   sorware   delivery   was   achieved   by   prealloca7ng   or   reserving   a   fixed  
amount   of   resources  to   be  used   by   the  applica7on   based   in  predic7ons  that   account   for   possible  
peaks  in  demand.   Cloud  Compu7ng   opens  new  opportuni7es   to  improve  the  efficiency   of   sorware  
delivery   as  resources  are  allocated  on-­‐demand  when   needed  leveraging  just-­‐in-­‐7me   infrastructures
(Baker,  2007)  (Michelson,  2009)  (Pluijm,  2009).

  The  op7miza7on  of   capacity  planning  and  resource  u7liza7on  is  one  of  the  most  frequent  use  
cases  of  Cloud  Compu7ng  (Brown,  2009a).  Tradi7onal  capacity  planning  oren  results  in  two  undesired  
situa7ons:  over-­‐provisioning  and  under-­‐provisioning.   When  resources  are  under-­‐provisioned,  demand  
exceeds  the  resources  available  resul7ng  in  unsa7sfied  customers  due  to  solu7ons  not  responding   or  
responding   with   a   significant   delay.   On   the   other   hand,   when   resources  are   over-­‐provisioned   the  
organiza7ons  suffers  directly  from  cost   inefficiencies  due  to  the  waste  of   resources.  Moreover,  buying  
resources   long   before   they   are   used   always   implies   nega7ve   financial   consequences   based   on  
opportunity  costs  and  the  7me  value  of  money  (e.g.  Net  Present  Value).

Towards a Healthy Cloud Page 56 of 218 Juan Hernández Colomina

Figure  6:  Resource  Op*miza*on  in  Cloud  Compu*ng                                      .

  C l o u d   C o m p u 7 n g   c a n   b e  
considered   as   just-­‐in-­‐7me   resource  
alloca7on   which   op7mizes   capacity  
planning   and   resource  u7liza7on   as   it  
eliminates   the   issues   of   over-­‐   and  
under-­‐provisioning   of   resources  
(Brown,   2009a).   The  effects  on   just-­‐in-­‐
7me  resource  provisioning  compared  to  
tradi7onal   resource   alloca7on   are  
shown  in  figure  6.

  Examples  of  this  use  paOern  can  

be  found  in  the  large  number   of  organiza7ons  adop7ng  SaaS  solu7ons  like  Google  Apps  (e.g.  Rentokil,  
Jaguar,   LA   County,   University   of   Deusto,     etc.)   as   well   as   in   other   IaaS   case   studies   where   cost  
efficiencies  are   one  of   the  main  benefits  obtained  (e.g.  PresidioHealth  applica7ons  at  GoGrid’s  IaaS  

4.2. Scalability  and  Elas*city

  Although  the  scalable  and  elas7c   character   of  Cloud  Compu7ng  are  the  main  ingredients  to  
achieve  op7mum  resource  u7liza7on  we  consider  them  as  an  independent  use  paOern  due  to  the  fact  
that   a   significant   number   of   organiza7ons  focus  on   rapid   elas7city   without   the   need   to   op7mize  
resources.   While   the   op7miza7on   of   capacity   planning   focus   primarily   on   predictable   workloads  
(including  predictable  peaks),   scalability  and  elas7city  are  ideal  features  for   provisioning  unexpected  

  As  Cloud  Users  can  allocate  extra  resources  almost   real-­‐7me  at   the  same  cost   per   unit,   they  
can  therefore  cover  any  unexpected  peaks  in  demand  (Broek,   2009)  (Michelson,   2009).  Elas7city,  or  in  
other  words  being  able  to  upscale  or  downscale  on  demand  is  specially  interes7ng  in  situa7ons  where  
the  prealloca7on   of   resources   must   cope  with  high   levels  of   demand   uncertainty   (Armbrust   et   al.,  
2009).   Elas7city   can   be   considered   as   an   advance   form   of   instant   load-­‐balancing   having   almost  
unlimited  resources  to  spread  the  workload.

  An   unique   and   oren   overlooked   characteris7c   of   Cloud   Compu7ng   is   the   possibility   to  

downscale  resource  provisioning.   By  shortening  amor7za7on   periods  from  years  to  hours,  a  firm  can  
react   to   changing   business   condi7ons   during   periods   of   economic   recession   while   minimizing  
investment   risks  (Armbrust   et   al.,   2009).   If   the  hardware   was   purchased   then   downscaling   always  
implies  a  financial  loss  for  the  amount  of  resources  not  used.  On  the  contrary,  when  the  applica7on  is  
hosted   on   the   cloud   a   firm   can   downscale   its   resources   within   minutes   without   financial  

Towards a Healthy Cloud Page 57 of 218 Juan Hernández Colomina

consequences.  This  is  specially   interes7ng  taking  into  account   hardware’s  speed   of  deprecia7on  as  it  
loses  market  value  immediately  arer  being  acquired.      

  Some   examples  of  this  use  paOern  are   the   use  of  Amazon  S3   storage  for  TwiOer  avatars,  the  
use  of  the  Azure  plaxorm  for  Wordpress  blogs,  and  the  sorware  scalability  achieved  by  PresidioHealth  
on   the  Appistry   Cloud  IQ  plaxorm.   This  use  paOern  demonstrate  how   fast  growing  organiza7ons  can  
leverage   infrastructures   to   cover   for   their   success   being   able   to   handle   unexpected   exponen7al  
demand  curves.

4.3. High  Performance  Compu*ng

  Another   of  the  most  common  use  paOerns  found  is  the  access  to  an  almost  infinite  amount  of  
compu7ng  resources  to  perform  heavy   computa7onal  tasks  on  a  7mely   and  cost  efficient  manner.  This  
use  paOern  is  mainly   applied   to   “on   and  off”  workloads  were  heavy   computa7onal  tasks  are  carried  
out  during  a  brief  period  of  7me.  

  As  Cloud  Compu7ng   can  deliver   an  almost  unlimited  amount  of   compu7ng  resources  they  are  
ideal  plaxorms  to   perform  high  performance  compu7ng  tasks.  Performing   heavy   computa7ons  on  a  
limited  amount  of  resources  oren  implies  large  performing  7mes.  Instead,  performing  the  same  task  
but   distributed  and   concurrently   over   a   large   amount   of   resources   leads  to  significant   lower   task  
fulfillment  7mes.  An  example  of  this  situa7on  can  be  found  in  extensive  calcula7ons  involving  a  large  
number   of   variables.   Since   these   types   of   calcula7ons   will   take   a   lot   7me   and   resources   when  
performed  at  internal  infrastructures,  organiza7ons  can  benefit  from  the  large  parallel  processing  that  
cloud  solu7ons  offer.

  An  important  implica7on  of  this  use  paOern  is  that  Cloud  Compu7ng  can  bring  high  volumes  of  
compu7ng   power   to   people  and  organiza7ons  that  otherwise  could  never   have  such  capabili7es  to  
their   disposal.   It   breaks   the  informa7on   asymmetry   from   the  past   years,   where   informa7on   was  
generated  by  end  users  but  only  a  few  firms  (e.g.  Microsor,  Google,  Yahoo,    etc.)  had  the  resources  to  
process  this  informa7on  and  get  advantage  from  it  (Armbrust  et  al.,  2009).

  Some   examples  of  this  use  paOern   are  BT’s  calcula7ons  of  mobile  plans,   the  New   York  Times  
conversion  of  their  archives,  and  the  gene7c  model  tes7ng  and  simula7ons  at   Harvard  Medical  School.  
BT’s  mobile  plan  calcula7ons  were  performed  more  efficiently  on  a  cloud  plaxorm  than  ever  before  on    
their   internal  infrastructure  involving  millions   of   records   in  around   3.6   terabytes  of   data  (DAuria  &  
Nash,  2009).  The  New  York  Times  converted  4  terabytes  of  7ff  files  into  pdf  files  on  Amazon  EC2  with  
substan7al   savings   in   7me   (days   instead   of   weeks)   and   money   (hundreds   of   dollars   instead   of  
thousands).  Harvard   Medical  School  used  Amazon  EC2  to   run  gene7c  tes7ng  models  and  simula7ons  
resul7ng  also  in  significant  cost  and  7me  savings.

Towards a Healthy Cloud Page 58 of 218 Juan Hernández Colomina

4.4. Fail-­‐over  /  Backup
  One   use   of   Cloud   Compu7ng   that   has   been   observed   in   mission   cri7cal   applica7ons   like  
hospital’s  pa7ent   administra7on  systems   are  fail-­‐over   and  data   replica7on  (DAuria  &   Nash,   2009).  
When   internal  infrastructures  fail   the   produc7on   environment   is  quickly   set   to   the  cloud   solu7on  
where  the  system  is  replicated.

  The  separa7on   of   data   from  applica7ons  is   a   current   trend   that   will   make  Cloud  Compu7ng  
more  aOrac7ve  in  the  near   future  (Hiner,   2009).   To   guarantee  con7nuity   and  availability   there   is  an  
increasingly   tendency   in   web   applica7ons   to   facilitate   off-­‐line   work   that   is   synced   to   the   online  
environment  once  the  client  goes  back   online  (e.g.   Google  Gears)  (Hiner,  2009).  Some  possible  fail-­‐
over  architectures  and  their  implica7ons  are  depicted  in  table  12.

Table  12:  Fail-­‐over  architectures  using  Cloud  Compu*ng

Infrastructure Failover Availability Costs Control

Self  Managed Self  Managed Best  Effort High High

Self  Managed Cloud Best  Effort  +  SLA Moderate Intermediate

Cloud Cloud SLA Low Low

Cloud Self  Managed SLA  +  Best  Effort Moderate Intermediate

  When  a  firm  uses  his  own  infrastructure  and  his  own  failover  mechanisms,   system’s  availability  
is  guaranteed   by   the  company’s  performance  (best   effort).   This   kind  of   solu7on   is  expensive  since  
monitoring,   problem   analysis  and  problem   solving   is  carried  out   by   the  organiza7on.   However,   the  
organiza7on  has  the  highest  degree  of  control  in  solving  the  situa7on  at  hand.  In  mixed  models  where  
either   the  infrastructure  or  the  failover  mechanism  is  managed  by  a  Cloud  Provider,  costs  decreases  in  
detriment   of   control   scope.   Where   organiza7ons   deploy   a   pure   cloud   construc7on   where  
infrastructure  and  failover  mechanisms  are  managed  by  Cloud  Providers,  the  degree  of  control  as  well  
as   the   costs  are   minimized.   Following   the  principle   of   “no   single   point   of   failure”   we   will  have  to  
discard  the  pure  managed  architectures  and  the  ones  using  a  single  (or  interconnected)  cloud  provider  
as  they  represent  a  single  point  of  failure  (Armbrust  et  al.,  2009).

  There   are   several   examples   of   organiza7ons   leveraging   Cloud   solu7ons   for   fail-­‐over   and  
backup.  Some  examples  are  37signals,  Zmanda  and  Jungle   Disk.   All  three  organiza7ons  have  created  
backup  solu7ons  on  top  of  Amazon  S3  storage  solu7on.

4.5. Business  Agility  /  Faster  *me  to  market

  Another  advantage  of   Cloud  Compu7ng  is  that   it   drives  innova7on  cycles  by  reducing  contract  
dura7on  and  upfront  capital  investments.  Taking  this  into  account,  companies  can  try   out  projects  that  
are  regarded  as  “too   risky”  without   compromising   large   amounts  of  capital  (Howarth,  2009)  (Broek,  

Towards a Healthy Cloud Page 59 of 218 Juan Hernández Colomina

2009).   Moreover,   once   an   applica7on   has   been   deployed   on   the   Cloud   it   can   be   delivered  
simultaneously  around  the  globe  to  a  great  variety  of  devices  reducing  deployment  7mes  significantly.  

  Cloud  Users  can  determine  the  exact  level  of  resource  needed  at   any   moment  allowing  them  
to  scale  up  or  down  when  needed.  This  elas7c  character  is  unique  in  the  sorware  world  and  enables  
companies   to   capitalize  on   market   opportuni7es  on  a   much   faster   pace  that   they   otherwise   could  
(Hinchcliffe,  2009).  Examples  of  this  use  paOern  can  be  found  in  PresidioHealth  with  the  PaaS  Appistry  
solu7on,   and   Siemens  and   SugarCRM   that   leverage   Windows   Azure   to   achieve   faster   applica7on  
development  and  deployment.

4.6. External  Knowledge  and  Experience

  A  some7mes  overlooked  use  paOern  of  Cloud  Compu7ng  is  the  availability  to  leverage  external  
(technical)   knowledge  and  experience.   Organiza7ons   that   have  limited  technical  knowledge  or   have  
difficul7es   in   acquiring   and   maintaining   that   knowledge   can   achieve   substan7al   performance  
improvements  and   cost   savings   by   using   a   Cloud   Provider   that   has  that   technical   knowledge   and  
exper7se  (Howarth,   2009)  (Cunningham  &   Wilkins,  2009).  Moreover,  according  to  McKinsey  research,  
adop7ng   a   Cloud   Compu7ng   solu7ons  can   lead   to   savings  in   IT   staff   of   around   10   to   15   percent  
(DAuria  &  Nash,  2009).  

  Due   to   the   size   of   Cloud   Providers   they   can   aOract   the   best   professionals   to   assure  
compe77veness  with  other   offerings.  As  highly   knowledgeable  employees  are  scarce   and  expensive,  
Cloud  Users  can  beOer  reallocate  exper7se  and  money   to  their  core  business,  crea7ng  new  solu7ons  
instead   of   maintaining   exis7ng   ones   (Hinchcliffe,   2009).   Examples   of   organiza7on   using   Cloud  
Compu7ng   to  leverage  external  knowledge  and  experience  are  hos7ng  provider  GoGrid  which  builds  
solu7ons  on   top  of   Windows  Azure,   Associated  Press  which  encourages  external  developers  to   build  
applica7ons  on   Windows  Azure  and   Rover   Apps  which   uses  the   Rackspace   Cloud   to   improve   the  
performance  of  their  infrastructure.

Towards a Healthy Cloud Page 60 of 218 Juan Hernández Colomina

5. Cloudnomics:  Cloud  Compu*ng  Economics
  As  Cloud   Compu7ng   has  significant   economic   implica7ons   we   analyze  them   further   in  this  
sec7on.   In   7mes   of   economic   difficul7es  like   nowadays  Cloud   Compu7ng   represents   a   cash   flow  
friendly   approach  to  provide  new  projects  with   the  required  IT   resources  (Schadler,   2009)  (DAuria  &  
Nash,  2009)  (McLaughlin,  2009a)  (Spinola,  2009).  The  elimina7on  of  upfront   investments  and  the  pay-­‐
as-­‐go   billing   model   are   probably   the   most   important   financial   benefits   of   this   new   compu7ng  
paradigm   (Howarth,   2009)   (Treese,   2009)  (Leighton,   2009).   Cloud   services  are  expected  to  save  one  
third   to  one  half  of   current  opera7ng   costs  as  opera7onal  tasks  like  backup,   upgrades  and  so  on  are  
carried  out  by  the  Cloud  Provider  (DAuria  &  Nash,  2009)  (Treese,  2009).  

  In  table  13   the  financial  benefits   of   Cloud   Compu7ng  as  described  by   Forrester   research  are  
depicted  (Forrester,   2008).   In   order  to  enable  a  clear  understanding  of  the  economic   implica7ons  of  
Cloud  Compu7ng  we  further  describe  in  this  sec7on  the  most  relevant  ones.

Table  13:  The  Financial  Benefits  of  Cloud  Compu*ng  (Forrester,  2008)

5.1. Capital Expenses versus Operational Expenses

! In  financial  terms  we  can  differen7ate  two  types  of  expenses:  opera7onal  expenses  (OPEX)  and  
capital  expenses  (CAPEX).  Opera7onal  expenses  are  incurred  when  resources  are  needed  to  support  
ongoing   businesses   while   capital   expenses  are   regarded   as   investments   in   assets   and   should   be  
accounted  for  in  the  corporate  balance  sheet.  CAPEX  investments  are  subject  to  amor7za7on  periods  
that   spread  the   impact   on   the   income   statement   over   7me  as   prescribed   by   (inter)na7onal   laws.  
Acquiring   new   hardware   for   a   data   center   is   a   typical   example   of   a   CAPEX   investment   while  
contrac7ng  a  Cloud   Compu7ng   service  is  an   example  of  an  OPEX  expense  (Schadler,   2009)  (Howarth,  
2009)  (Hiner,  2009)  (Kirsner,  2009)  (Golkar,  2009)  (Michelson,  2009).  

Towards a Healthy Cloud Page 61 of 218 Juan Hernández Colomina

  This  implies  that  investment  7mes  can  be  reduced  from  the  amor7za7on  horizon  (e.g.   4  years)  
to  the  fiscal’s  year  dura7on  (e.g.  1  year)  as  the  amount  spend  for  resources  in  that  year  is  account  for  
directly  on  the  yearly  income  statement  without  amor7za7on  periods  (Spinola,  2009).      

  According   to   Forrester,   the   improvement   of   investment   horizons   has   specific   financial  

advantages  specially  for  venture  capitalists.  Instead  of  compromising  capital  for  years  Cloud  Users  can  
pay   per   month   in   accordance   with   the   project’s   success   rate.   If   a   project   does   not   meet   the  
expecta7ons   it   can   be   stopped   without   compromising   capital   resources   (Cunningham   &   Wilkins,  
2009).   This   form   of   risk   mi7ga7on   and   the   improved   cost   transparency   of   Cloud   Compu7ng   are  
appealing  advantages  for  CFOs  (Schadler,  2009)  (Howarth,  2009)  (Sheehan,  2009b).

5.2. No  large  upfront  investments  &  Pay-­‐as-­‐you-­‐go  license  model

  One  of   the  most   important   advantages  of   Cloud  Compu7ng  is  the  reduc7on  of   the  upfront  
capital  expenses  in  hardware  and  sorware  when   crea7ng  and   deploying  solu7ons   (Armbrust   et   al.,  
2009).   This  is  specially  interes7ng  for  new  products  or  services  where  demand  is  highly  unpredictable  
and   therefore  tradi7onal  resource  alloca7on   can  lead   to   capital  losses  due   to  over-­‐provisioning   or  
under-­‐provisioning  (Armbrust  et  al.,  2009).  The  financial  consequences  of  these  two  risks  are  wasted  
resources  or  missed  revenue  respec7vely.

  Using   Cloud   Compu7ng,   hardware   installa7on   and   maintenance   costs  are   shired   to   Cloud  
Providers.  On  the  contrary,  running  your  own  data  center   implies  installing  and   replacing   every  piece  
of  hardware  manually  with  the  corresponding  opera7ng  costs.  Specially  in  countries  where  IT  human  
capital  is  rather  expensive  and  difficult  to  find  (e.g.   The  Netherlands)  this  is  an  interes7ng  opportunity  
to  take  into  account  given  the  transparent  pay-­‐as-­‐you-­‐go  pricing  offered  in  Cloud  Compu7ng  solu7ons.  
As  a  consequence  of  Cloud’s  elas7c  character  it   is  possible  to  reduce   upfront  investments  improving  
the  overall  cost  efficiency  of  IT  opera7ons.

5.3. Cost  reduc*ons

  Some  of  the  costs   associated   with  running  a  data  center   can  be  categorize  as  physical  costs.  
Examples   of   these  physical  costs  are  the  loca7on   where   the  data  center   is  built,   electricity,   cooling  
systems,    etc.  Recent  studies  have  es7mated  that   the  cost  of  resources  per  unit   roughly  doubles  when  
taking   into   account   these  physical  costs  (Armbrust   et   al.,   2009).   According   to   many   experts  Cloud  
Compu7ng  is  expected  to  leverage  a  large  diversity  of  cost  savings  in  ICT  opera7ons  (Golkar,  2009).  

  According   to   a   IDC   research,   around   70%   of   IT   budgets   are   used   to   maintain   current   IT  
capabili7es.   Moreover,  according  to  the  US  department  of  energy   around  85%  of  compu7ng  capacity  
is  idle  most  of  the  7me  (Spinola,  2009).  If  we  also  take  into  account  the  rising  energy  prizes  it   is  clear  
why  Cloud  Compu7ng  can  significantly  contribute  to  cost  efficiency.

Towards a Healthy Cloud Page 62 of 218 Juan Hernández Colomina

  Recent  studies  have  es7mated  average  server  u7liza7on  in  data  centers  to  be  between  5%  and  
20%   (Siegele,   2008).   Although  this  might   seem   inefficient,   we  have  to  take  into  account   that   peak  
workload   can   mul7ply   average   u7liza7on   by   2   to   10   7mes  which   needs   to   be   considered   when  
prealloca7ng   resources  on-­‐premises  (Armbrust   et   al.,   2009).   When   the   infrastructure  is  not   elas7c  
then   peak   capacity   must   be   embedded  beforehand  in  each   of   the  individual  physical  machines  to  
guarantee   the   availability   and   con7nuity   of   services.   This   means   that   when   using   solu7ons   on-­‐
premises   around   80%   to   95%   of   all   resources  are   “wasted”   during   non-­‐peak   periods.   The  elas7c  
character  of  the  cloud  eliminates  the  need  to  account  for  peak  load  beforehand  since  applica7ons  can  
automa7cally  scale  when  needed  as  demand  increases  or  decreases.

  Figure  7:  Worldwide  Server  Spending

  Taking   into   account   the   divergent   resource  

consump7on  of  sorware   applica7ons  and  its  dynamic  
development  over   7me  it  does  not   make  much  sense  
to   buy   IT   capabili7es   as   sets   of   resources   (e.g.  
mainframes,   servers,     etc.),   but   rather   as   separate  
resources  (e.g.  CPU,  RAM,    etc.)  in  the  amount  needed  
over   7me.   Using   this   approach   the   match   between  
resource  u7liza7on  and   provisioning  reduces  resource  
waste   due   to   underu7liza7on.   Moreover   the   risk   of  
under-­‐provisioning   resources   is   also   mi7gated  
(Armbrust  et  al.,  2009).

5.4. Economies  of  Scale

  The   mul7   tenancy   character   of   web   based   sorware   allows   Cloud   Providers   to   achieve  
economies  of  scale  by   sharing  physical  resources  among  as  many  clients  as  possible  (Hinchcliffe,  2009)  
(Broek,   2009).   In   Private  and/or   Internal   Clouds  this  is  less  relevant   and   depends  on  the  poten7al  
savings  in  the  current  infrastructure.  Among  others,  economies  of  scale  can  be  achieved  on  hardware,  
sorware,  management,  energy  supplies,  physical  loca7ons,  maintenance,  backup,  administra7on,  etc.  

  According   to  previous  research,   by   achieving   economies  of   scale  Cloud  Users   can  buy   their  
resources  at  a  factor  1/5   to  1/7   than   they   otherwise  would  (Armbrust   et  al.,   2009).   However,  There  
are  significant  differences  on  the  billing  methods  currently  applied   by   Cloud  Providers.  Billing  storage  
and   network  bandwidth  consump7on  is  a  straight   forward   task.  as  the   total  number  of  units  can  be  
easily   divided   and   consump7on   can   be   measured   on   those   units.   However,   depending   on   the  
virtualiza7on  level,   computa7onal  resources   are   not   as  simple   to  monitor   and   bill  (Armbrust  et   al.,  

Towards a Healthy Cloud Page 63 of 218 Juan Hernández Colomina

  Some   solu7ons   (e.g.   Google’s   AppEngine)   automa7cally   scales   up   and   down   to   changing  
consump7on  demands  billing  customers  for  the  number  of  cycles  used.  Other   solu7ons  (e.g.   Amazon  
Web  Services)  charge  users  on  a  7mely  basis  (e.g.  per   hour)  for  the  amount   of  resources  available  in  
an  instance,   regardless  of  those  resources  are  fully  consumed  or  not.  One  of  the  latest  developments  
on   cloud   based   billing   methods  is  Amazon’s   Spot   Prices   which   are  dynamically   set   by   supply   and  
demand.  Cloud  Providers  can   experiment  with  these  billing   methods  to  find   the  one  maximizes  their  

Towards a Healthy Cloud Page 64 of 218 Juan Hernández Colomina

6. Risks  of  Cloud  Compu*ng
  With  every   innova7on  new  capabili7es  emerge  but   they  imply  also  new  risks  to  users.   As  Cloud  
Compu7ng   is  an   emerging   phenomenon   Cloud   Users  should   carefully   take   into   account   the   risks  
associated  with  this  new  model  compared  to   other  alterna7ves  (e.g.  on-­‐premises).   We  base  this  risk  
analysis  on   previous  research   (Armbrust   et   al.,   2009)   (ENISA,   2009)   that   has  iden7fied   a  series  of  
security   issues  in  Cloud  Compu7ng   solu7ons.   Moreover,   we  complement   these  findings  with  other  
commercial  publica7ons  and  the  perspec7ves  of  consultants  and  analysts.  

  We  have  classified  cloud  related  risks  into  three  groups:  opera7onal  risks,  compliance  risks  and    
standards   related   risks.   For   each   risk   we   refer   to   some   (par7al)   solu7ons   for   risk   mi7ga7on   or  
avoidance  currently  being  offered  by  Cloud  Providers.  As  security  is  probably  the  most   men7oned  risk  
of  Cloud  Compu7ng  we  describe  it  separately  in  the  next  sec7on  (see  sec7on  7).

6.1. Opera*onal  Risks

  Opera7onal  Risks  are  encountered   by   Cloud  Users  when  using  a  Cloud  Compu7ng  solu7on.  In  
this  sec7on  we  elaborate  on  some  of  the   most   relevant   opera7onal  risks   in  current   clouds:   service  
availability   and  performance,  third  party  and  network  dependencies,   lack  of  cloud  management  tools  
and  reputa7on  sharing.  

A.  Service  Availability
  The   degree   of   service   availability   required   is   highly   applica7on   dependent.   However,   high  
availability   is  in   almost  all  cases  a  desired  property   that   improves  performance  and  leads  to  a  beOer  
user  experience.   However,   although   large  Cloud  Providers  should   in  theory  have  a  more  reliable  and  
secure  system  than  individual  organiza7ons  this  is  in  prac7ce  not  always  the  case  (Bakker,  2009).  Even  
the   most   redundant   infrastructure   can   fail   as   reflected   in   the   list   of   documented   cloud   incidents  
included  in  appendix  E  (Leighton,  2009).  

  It   is   important   to   note  that   fully   availability   (100%)   is  impossible  to  guarantee   when  using  
shared  ungoverned  infrastructures  (e.g.  Internet).  Nevertheless  Cloud  Users  should  carefully  compare  
historic  Cloud  Provider’s  availability  rates  with  availability   rates  at  their   current  infrastructure  (e.g.  on-­‐
premises  or   at   another   provider).   There   are  few   enterprises   in  the   world  that   can   achieve  higher  
availability   rates  than  the  largest   Cloud  Providers  (e.g.   Google’s  99,9%,  Amazon’s  99,95%,  Microsor’s  
99,95%,    etc.).  

  In   order  to  maximize  service  availability,  one  possible  solu7on  could   be   to   implement   one  of  
the  mixed  fail-­‐over   architectures  described  previously  in   this  research  (see  Cloud  Use  PaOerns).  If   we  
combine  on-­‐premises  and   cloud  solu7ons  where  one  of  them  is  deployed   as  a  fail-­‐over  we  can  cover  
for  possible   service  unavailability.  However,  this  solu7on   can  increase   opera7ng  costs  significantly   as  
everything  needs  to  be  redundantly  deployed.  For  this  reason  it  is  important  that  Cloud  Users  balance  
the  level  of  desired  availability  against  the  costs  of  achieving  that  level.

Towards a Healthy Cloud Page 65 of 218 Juan Hernández Colomina

B.  Service  Performance
  In   previous  research   (Armbrust  et   al.,  2009)  a  analysis  has  been  made  on  cloud  performance  
for  each  type  of  resource.  UC   Berkeley   found  that  although  processing  (e.g.   CPU)  and   memory   (e.g.  
RAM)   resources   can   be   shared   between   virtual   machines   on   the   cloud   without   performance  
detriment,   there  is  a  significant   performance   issue  in  input/output   (I/O)   opera7ons  between  virtual  
machines  on  the  cloud  sharing  the  same  physical  disk.  This  could  result   in  some  cases  in  I/O  latencies  
that  could  affect  service  performance.  

  Taking  into  account  that  applica7ons  are  becoming  more  data  intensive  and  bandwidth  costs  
are  not   decreasing  in  price  at   the  same  rate  than  other   hardware  does,  the  costs  of  transferring  data  
to  and  from  the  cloud  must   be  taken   into  account   when  considering   Cloud   Providers.   With  current  
networking  capabili7es,  transferring  large  amounts  of  data  implies  large  amounts  of  7me  and  money.  
Calcula7ons  in  previous  research  (Armbrust  et  al.,  2009)  have  discovered  that  in  some  cases  might  be  
more  effec7ve  to  ship  data  physically  instead  of  transferring  it  electronically.  This  approach  is  followed  
by   Amazon  that  allows  the  physical  sending  of  data  containers  (e.g.   DVD)  with  data  to  be  stored  on  
their  Cloud.  Once  the  media  container  is  received  Amazon  sets  the  data  on  the  Cloud  User’s  S3  service  
account  free  of  transfer  charges.  

  Another  approach  to  deal  with  network  throughput   limita7ons  could  be  to  limit  the  amount  of  
data  to  be  stored  on  the  Cloud.  As  more   public   data  sets  (e.g.   sets,   geographical  loca7ons,  
zip-­‐codes,     etc.)  become  available  on  the  cloud,  a  firm  does  not  need  to  transfer  all  data  to  the  cloud.  
An  applica7on  can  (re)use  these  public   sets  without   incurring  in  transmission  costs.  Moreover,  due  to  
the  centralized  character  of  the  cloud,  these  public  data  collec7ons  will  be  kept  up  to  date  without  any  
effort  needed  from  the  Cloud  User.

  Future   developments  in  networking  technology   promises  a  significant   increase  in  bandwidth  
reducing  the  7me  and  money  needed  to  transfer  large  data  sets.  For  example,  in  2010  the  cost  of  a  10  
Gigabit  Ethernet  server  connec7on  is  predicted  to  fall  to  around  $200  (against  $1000  nowadays)  while  
the  new  40  Gigabit  Ethernet  and  100  Gigabit  Ethernet  will  soon  become  available.

C. Third  Party  Dependency

  Using   a  Public  or  External  Cloud  Compu7ng  solu7on  can  be  compared  to  a  certain  extend  with  
outsourcing  where  certain  tasks  (applica7on  development   in  SaaS,  infrastructure  opera7ons  in  IaaS,    
etc.)  become   the   responsibility   of  the  Cloud  Provider.   This  implies  some  concessions  from  the  Cloud  
User   when  compared  to  on-­‐premises  solu7ons  where  the  organiza7on   has  full  control  and  decision  
rights  over   the   infrastructure.   A   Cloud   User   can   however   extend   the  scope   of   control  by   clearly  
defining  responsibili7es  in  their  Service  Level  Agreements  (SLAs)  with  Cloud  Providers  or   by   building  
Internal  Clouds.  Moreover,   Cloud  Users  should  be  aware  that   Cloud  Providers  can  modify  the  terms  of  
service   without   the  legal   obliga7on   of   directly   no7fying   Cloud   Users  about   it   (Reingold   &   Mrazik,  

Towards a Healthy Cloud Page 66 of 218 Juan Hernández Colomina

  In  situa7ons  where  a  firm’s  (cri7cal)   applica7ons  and   data  are  going   to  be  trusted   to  a   third  
party  it  is  also  important   to  consider   the  trustworthiness  and  con7nuity   of  the  provider  as  well  as  the  
reliability  of  the  offering  (Bakker,   2009)  (Arnold,  2008a)  (Hiner,  2009)  (Treese,  2009)  (Leighton,  2009)  
(Brynko,  2008).  Cloud  Users  should  be  aware  of  the  financial  situa7on  of  the  Cloud  Provider  over  7me  
and  develop  strategies  to  cope  with  possible  provider’s  bankruptcy.   One  possible  solu7on  could  be  to  
use  more  than  one  Cloud  Provider  where  some  are  configured  as  fail-­‐overs  of  the  other  one(s).    

D. Network  Dependency
  A  Cloud  User  is  always  dependent  on  its  Internet   connec7on’s  reliability   and  speed  to  access  
the   service   in   terms   of   bandwidth   and   latency   (Arnold,   2008a)   (Bakker,   2009)   (Golden,   2009).  
Although  some  vendors  have  developed  solu7ons  that  facilitate  offline  work  that  is  later  synchronized  
when   there  is  an  Internet  connec7on  (e.g.   Google  gears)  it   is  s7ll  not   a  standard  func7onality   in  all  
Cloud  Compu7ng  offerings.  

  Another   important   considera7on  is   the  ungoverned  character   of   the  Internet.   When  data   is  
transmiOed  through  this  public  network  the  route  to  be  followed  is  unknown  and  unpredictable  being  
an  inherent   characteris7c  of  the  TCP/IP   protocol  (Leighton,  2009).  Depending  on  the  specific  network  
situa7on  at   a  certain  point   in  7me  (e.g.   conges7ons,  malfunc7ons,    etc.)  the  selected  route   can  be  
different,   which   can   result   in   unpredictable  network   latencies.   Although  using   current   networking  
technologies  an  organiza7on  can  transfer  data  across  the  globe  with  latencies  of  milliseconds,  certain  
types  of  applica7ons  are  less  tolerant  for   latencies  like   for  example  real-­‐7me  trading  systems.  These  
applica7ons  are  for  this  reason  not  fiOed  to  be  hosted  on  the  Cloud  (Armbrust  et  al.,  2009).  

  Although   the   quality   of   the   network   can   be   par7ally   safeguarded   in   SLA’s   (service   level  
agreements),   it   is  not   clear   wether  the   economic   claims   arer   a  malfunc7on  fully   cover   the  damage  
suffered  (e.g.  Client   lost,  Brand  damage,    etc.)  (Bakker,  2009).   Moreover,   although  SLAs  can  help  to  
prevent  failures,  they  do  not   solve  the  problems  arising  from  wrong  designed  architectures  (Sheehan,  

E.  Lack  of  Cloud  Management  Tools

  A   new   paradigm  like   Cloud  Compu7ng   requires  a  new  set   of  tools  to  monitor,   op7mize  and  
automated  infrastructures.   However,   currently   most  cloud  offerings  are  lacking  such  tools  providing  
only   simple   APIs   to   operate   it   with   significant   limita7ons,   specially   in   management   func7onality  
(McLaughlin,   2009a).   Some   Open   Source   solu7ons   are   currently   being   developed   to   include  
management  tools  out  of  the  box  (e.g.  Open  Nebula,  Eucalyptus,     etc.).  Organiza7ons  should  carefully  
evaluate  which  cloud  management  tools  they   need  and  select  the  provider  that  most  closely  matches  
the  func7onality  required.

Towards a Healthy Cloud Page 67 of 218 Juan Hernández Colomina

F.  Reputa*on  Sharing
  In  Public   Clouds  the  same  physical  infrastructure  is   shared  among   various  Cloud  Users.   As  a  
consequence,  the  use  of   a  Cloud  Compu7ng  solu7on  by   an  user  with   dubious  inten7ons  (e.g.  spam)  
can  affect  the  overall  performance  of  that  solu7on  and  its  users  (Armbrust   et  al.,   2009).  For  example,  
if  an  IP   address   has  been  blacklisted  due  to  spam,   and  then  the  IP   address  is  reallocated  to  a  new  
customer  the  new  user  will  suffer  from  the  other  customer’s  misbehavior.  As  this  risk  mainly  occurs  on  
shared  infrastructures  at  the  network  layer  the  use  of  sta7c  or  reserved  IP  addresses  can  address  it  in  
most  cases.

6.1. Compliance  Risks

  Besides  opera7onal  risks,   Cloud  Users  should  also  consider   how  the  envisioned  Cloud  solu7on  
complies   with   the   applicable   laws   and   regula7ons   in   their   context.   The   differences   in   na7onal  
legisla7ons  between  the  loca7ons  of  both  Cloud  User   and  Cloud  Provider,  the  lack  of  transparency  of  
Cloud  Provider’s  opera7ons  and  data  confiden7ality   issues  are  among  the  most   relevant  compliance  
risks  when  using  a  Cloud  solu7on.  In  the  following  paragraphs  we  describe  this  risks  briefly.

A.  Compliance  with  Laws  and  Regula*ons

  Some   types   of   organiza7ons   (e.g.   Banks,   Hospitals,     etc.)   need   to   comply   with   specific  
regula7ons   on   how   sensi7ve  data  is  stored  and   the   accessed.   These  regula7ons  are  developed   to  
safeguard  privacy  and  avoid  fraud.  Some  examples  of  these  regula7ons  are  PCI,  SAS  70,  SoX  and  HIPAA  
among   many   others.   As   current   (inter)na7onal  laws  and  legisla7ons  are  developed  in   the  past   for  
transac7ons   with   physical   goods,   the   dynamic   virtual   characteris7cs   of   Cloud   Compu7ng   whose  
infrastructures   can   span   various   con7nents   presents   new   challenges   for   prac77oners   (Urquhart,  
2009a)  (Bakker,  2009).  

  It  is  important  to  note  that  while  in  past  compu7ng  paradigms  users  maintained  full  possession  
and  control  over   their   data,   Cloud  Compu7ng  solu7ons  imply   new   legal  considera7ons   to  take  into  
account  due  to  the  fact  that  the  legal  responsibility  to  protect  private  or  confiden7al  data  s7ll  remains  
on  Cloud  Users.   In  this  context,   an  important  aspect   to  take  into  account  is  the  geographical  loca7on  
of  the  provider  and  therefore  the  rules  and  regula7ons  that  the  provider  has  to  comply  with  (DAuria  &  
Nash,   2009)   (Mansfield-­‐Devine,   2008).   Cloud   Providers   tend   to   place   their   new   data   centers   on  
loca7ons  where  resources  are  cheap  which  are  oren  developing  or  underdeveloped  countries.  These  
countries  might  not  be  the  best  place  to  store  sensi7ve  data  (Bakker,  2009).

  Because   a   Cloud   Provider   can   be   located   anywhere  in   the  world,   differences   in   legisla7on  
become  a  very   important  barrier  for   adop7on  (Lewis,  2009)  (Reingold  &   Mrazik,  2009).  There  are  for  
example   significant   differences  between   the  EU   Data   Protec7on   Direc7ve  and   the  US   Patriot   Act.  
These  differences  should  be  considered  when  selec7ng  a  provider  as  for  example  a  Cloud  User   in  the  
EU   must   comply   with  EU   legisla7on   while  his  data  stored  in  the  USA   is  subject   to   USA   legisla7on  
(Mansfield-­‐Devine,   2008).   If   the   Cloud   Provider   is   for   example   located   in   the   USA,   then   all   the  

Towards a Healthy Cloud Page 68 of 218 Juan Hernández Colomina

informa7on   stored   by   Cloud   Provider   is   subject   to   the   Patriot   Act,   and   therefore   can   always   be  
accessed   by   USA   governmental  organiza7ons.  This  is  not  the  case  in  the  European   Union,   where  law  
enforcement  does  not  always  imply  default  access  to  sensi7ve  informa7on.

  A  solu7on  to   these  geo-­‐localiza7on  issues  could   be  that  Cloud  Providers  facilitate  the  division  
of   data  into  country   blocks  that   will  comply   with   the  regula7ons  of   each   individual  na7on.   This   is  
currently  offered  by  various  providers  like  for  example  Amazon  which  allows  Cloud  Users  to  determine  
where  to  store   their   data,   offering  the  possibili7es  of  their   Ireland’s  data  center   in  Europe  and  two  
data  centers  in  the  USA  (west  and  east  coast   data  centers).  This  feature  is  at  the  moment  of  wri7ng  
being   incorporated  to  other  solu7ons  like  Rackspace’s  Cloud  and  Terremark’s  Enterprise  Cloud  among  

B.  Lack  of  Transparency

  Some   recent   cloud   outages,   like   the   one   suffered   by   Google   Apps  on   May   14th   2009   are  
genera7ng  some  concerns  among  poten7al  adopters.  The  main  issue  commented  on  the  media  is  how  
Cloud   Users   can   “protect   something   they   can’t   even  see”   (Arellano,   2009)   (Spinola,   2009).   When  
failures  occur  in  a  large  distributed  system  it  is  very  difficult  to  iden7fy  the  origin  as  the  system  cannot  
be  replicated  on  a  smaller  scale.  If  Cloud  Providers  do  not   offer  enough  transparency  and  assurance  in  
the   form   of   globally   accepted   audit   (quality)   cer7fica7ons   it   is   almost   impossible   to   audit   their  
solu7ons  which  is  a  strong  barrier  for  Cloud  Users  to  achieve  their  compliance  requirements.

  As  the  level  of  transparency   varies  strongly  between  providers,  Cloud  Users  should  select  the  
provider  that  provides  them  with  the  desired  transparency  to  comply   with  laws  and   regula7ons.  This  
could   be   in   the   form   of   cer7fica7ons   (e.g.   SAS   70,   ISO,     etc.)   or   by   providing   full   access  to   the  
underlaying  resources.   Moreover,   when   evalua7ng   the   pricing  of  Cloud  offerings  Cloud   Users  should  
take  into  account   the  effects  of  informa7on  asymmetry   arising  from  the  current   lack  of  transparency  
in  offerings.

C.  Data  Confiden*ality
  One   of   the   most   important   barriers   for   the   adop7on   of   Cloud   Compu7ng   is   the   lack   of  
assurance  of  data   confiden7ality.   Among   others,   the  loca7on  where  data  is  stored,   how   secure  it   is  
stored   and   transferred   to   and   from   the   cloud,   data   access  management   and   procedures   for   the  
disposal  of  data  are  some  of  the  concerns  of  Cloud  Users  related  to  data  confiden7ality.

  Data  confiden7ality   is  specially   a  risk  in  cloud  models   where  data   is  transferred  outside  the  
organiza7on  through  public   networks  (e.g.  Internet)  and  when  storing   data  on  third  par7es'   systems.  
Transferring   data   outside   the   organiza7on   implies   an   added   risk   compared   to   on-­‐premises  
infrastructures  as   data   leaves  the  organiza7onal  domain   and   its  security   scope  (e.g.   firewall)   and  
therefore  it   cannot   be   fully   controlled  by   the  organiza7on.   It   is   important   to  note  that   when   data  
travels  over   public   networks  (e.g.   Internet)  there  is   no   fully   control  over   data  confiden7ality   unless  
specific  security  measures  are  taken  (e.g.  VPN  networks,  Point-­‐to-­‐point  connec7ons,  encryp7on,    etc.).  

Towards a Healthy Cloud Page 69 of 218 Juan Hernández Colomina

  A  popular  statement  on  the  externaliza7on  of   data  storage  is  “My  sensi7ve  corporate  data  will  
never  be  in  the  cloud”  (Armbrust  et  al.,  2009).  Although  this  is  an  understandable  point  of  view  there  
are  two  important  remarks  to  be  made.  First   of  all,   in  the  context   of  tradi7onal  managed   hos7ng  the  
client’s  data  is  already  stored  on  a  third  par7es’  systems  so  it  is  not  much  different   to  store  them  on  a  
Cloud  Provider’s  system  if  they  as  trusted  as  the  firm’s  hos7ng  provider  (Howarth,  2009).  

  Secondly,  security   research  indicates  that   vulnerabili7es  are  more  oren  generated  internally  
than  externally,  by  own  employees.   According  to  previous  research  one  third  of  IT  professionals  oren  
misuse  their  rights  to  access  sensi7ve  informa7on  (Spinola,  2009)  This  means  that   storing  data  on  the  
cloud  with  secure  access  policies  could  even  improve  current  data  access  management.

  Cloud  Providers  have  a  large  dedicated  security   departments  and  they   invest   con7nuously   in  
securing  their  infrastructure.  In  words  of  Forrester’s  analyst   Jason  Staten:  “Security  is  one  of  the  core  
competencies   of   the   cloud   provider”   (Golkar,   2009).   Taking   into   account   this   perspec7ve,   trust  
represents   a   cri7cal   ingredient   for   the   successful   adop7on   of   Cloud   Compu7ng   (Hiner,   2009)  
(Mansfield-­‐Devine,  2008).  The  lack  of  trust  with  Cloud  Compu7ng  environments  can  be  compared  to  
some  extend  with  the  first   developments  in  ICT  where  informa7on  on  screen  was  regarded  to  be  less  
reliable   than   on   paper.   As   this   new   model   matures,   trust   will   become   a   less   relevant   issue   for  

  Some   experts   suggest   the   mandatory   use   of   encryp7on   to   safeguard   data   confiden7ality  
(Reingold   &   Mrazik,   2009)   (Brynko,   2008)   (Spinola,   2009).   Although   this   is   oren   the   case   when  
transferring   data  to  and  from  the  Cloud   Provider,   it   is  oren   skipped  for   cloud  stored  data  as  it   can  
imply   a   significant   detriment   in   the   quality   of   service   provided   (Reingold   &   Mrazik,   2009).  
Nevertheless,  it  is  highly  recommended  that  Cloud  Users  select  a  provider  that   applies  encryp7on  also  
to  the  data  stored  besides  delivering  the  quality  of  service  needed.

6.1. Standards  Related  Risks

  One  of  the  most  important  barriers  for  the  current   adop7on  of  Cloud  Compu7ng  is  the  lack  of  
standards   that   can   lead   to   vendor   lock-­‐in   situa7ons.   Although   the   Cloud   Compu7ng   paradigm   is  
rela7vely   new,  there  are  a  large  variety   of  Cloud   offerings   being   introduced   every   month.  As  every  
Cloud   solu7on   is  different   than   the  other   ones,   and   most   of   them   support   only   specific   vendor’s  
products   (e.g.   databases,   programming   languages,     etc.)   there   is   an   increasing   need   for  
standardiza7on  to  prevent  vendor   lock-­‐in.  Open  cloud  standards  are  specially   needed  to  enable  cloud  
inter-­‐operability  and  hybrid  models.  

A.  Lack  of  Standards

  Although  the  “de  facto”  standard  will  be  set   by  the  stronger  Cloud  Provider,  it  is  very  important  
to   par7cipate   in   the   development   and   adop7on   of   formal   standards   as   they   provide   choice   and  
flexibility  to  Cloud  Users  and  avoid  vendor  lock-­‐in  situa7ons  (Hinchcliffe,  2009).  

Towards a Healthy Cloud Page 70 of 218 Juan Hernández Colomina

  A   series  of  formal  and   informal  organiza7ons  are  currently   working   on  the  development   of  
Cloud  Compu7ng  standards  like  the  Open  Cloud  Consor7um  (OCC),  the  Cloud  Standards  Coordina7on,  
the  Open  Grid  Forum’s  Open  Cloud  Compu7ng  Interface  (OCCI)  and  the  The  Open  Group  Cloud  Work  
Group.   The   Open   Cloud   Consor7um   (OCC)   is   a   member   driven   organiza7on   that   supports   the  
development  of   standards  for   Cloud  Compu7ng   and  frameworks  for   interopera7ng   between   clouds  
with  a  focus  in  large  data  clouds.   The  Cloud  Standards  Coordina7on  (cloud-­‐  is  a  informal  
wiki  to  document  the  ac7vi7es   of   the  various  groups   working  on  Cloud   Standards.  The  Open  Cloud  
Compu7ng  Interface  (OCCI)   working  group   is  an  informal  group  which  is  currently   developing  an  API  
specifica7on  for  the  remote  management  of  Cloud  Compu7ng  infrastructures.  The  Open  Group  Cloud  
Work   Group   aims   to   support   enterprises   of   all   sizes   in   their   adop7on   of   Cloud   Compu7ng   by  
developing  open  standards  that  guarantee  portability  and  avoid  vendor  lock-­‐in  situa7ons.

  In  the  absence  of  formal  standards,  at  the  IaaS  level  “de  facto”   standards  are  emerging  which  
are  oren  based  on  the  underlaying   virtualiza7on  technologies.  Amazon’s  Xen  based  AMI  format  for  
instances  in  the  cloud  (e.g.  units  of   aggregated  resources)  and  VMware’s  virtual  image  format  are  two  
of  the  most  common  formats  that  can  be  currently  regarded  as  “de  facto”  Cloud  Compu7ng  standards.  

B.  Vendor  Lock-­‐in
  In  the  early  stages  of  any  technological  innova7on  there  is  an  increased  risk  for  vendor  lock-­‐in  
(Reingold  &   Mrazik,   2009).   As  vendors  are   s7ll  developing   their   own   vision  on   Cloud  Compu7ng  a  
Cloud   User   can   fall   into   this   situa7on   when   vendor’s   views   differ   significantly   from   each   other  
(McLaughlin,   2009a).   Specially,   the  lack   of   Cloud   Compu7ng   standards   can   lead   to   vendor   lock-­‐in  
situa7ons  as  organiza7ons  deploy  vendor  formats  not  supported  by  other  vendors.

  Most   cloud  APIs  are  proprietary   crea7ng  barriers  for  migra7ng  data  and   applica7on  between  
Cloud  Providers.  A  Cloud  User  suffering  from  vendor  lock-­‐in  is  more  fragile  to  raises  in  services  prices  
and  to  provider's  bankruptcy.  They   would  have  to  accept   price  increases  as  they   are,  and  they   could  
be  in  serious  trouble  if  their  supplier  goes  out  of  business  (Armbrust  et  al.,  2009).  

  Some   ini7a7ves  to  prevent   data  and  vendor  lock-­‐in  are  the  Cloud  Compu7ng   Interoperability  
Forum   and  The  Open  Cloud  Manifesto  by  IBM.  However  their  pioneering  efforts  have  not  lead  yet  to  
an  industry   wide  trend  to  develop  and  adopt  standards.  This  lack  of  standards  could  seriously  difficult  
migra7ng  to  another  Cloud  Provider   in  the  future  resul7ng  in  ver7cal  vendor   lock-­‐in  situa7on  (Bakker,  
2009)  (EvereO,  2009).

Towards a Healthy Cloud Page 71 of 218 Juan Hernández Colomina

7. Cloud  Security
  There   is   an   interes7ng   security   paradox   in   Cloud   Compu7ng   compared   to   on-­‐premises  
infrastructures.  While  the  concentra7ons  of  large  amounts  of  resources  and  data  are  a  more  aOrac7ve  
target  to  aOackers,  Cloud  solu7ons  are  oren  more  robust,  scalable  and  cost-­‐effec7ve,  improving  the  
overall  security  of  the  solu7on  (Reingold  &  Mrazik,  2009).  Nevertheless,  Cloud  Users  need  to  carefully  
consider   security   issues   arising   from   this  new   paradigm.   According   to   the  ENISA   report   on   Cloud  
Compu7ng   security   (ENISA,   2009),   organiza7onal   Cloud   Users   are   confronted   with   some   security  
issues  that   are   absent   at   on-­‐premises  infrastructures.   In  this  sec7on  we   first   look   at   the  arguments  
that   suggest   that   Cloud  Compu7ng  is  a  more  secure  op7on  than  on-­‐premises  to  con7nue  with  the  
arguments  that  indicate  the  contrary.  

A.  Cloud  Compu*ng  as  a  more  secure  op*on  than  on-­‐premises

  It  is  oren  wrongly  assumed  that  a  Cloud  infrastructure  is  per  defini7on  less  secure  than  an  on-­‐
premises   infrastructure.   Most   large  Cloud  Providers  have  deployed  beOer   security   measures  than  a  
small  or   medium   enterprise   as  their   core  business  depends  on   it.   Moreover,   Cloud  Providers  affirm  
that   their   environments  are  safer   than   local  infrastructures  due  to   the  facts  that   they   have  backup  
systems  in   place   by   default   and   perform   security   updates   almost   instantly.   Some   providers   have  
gathered   technological  exper7se  over   the  years  using   real-­‐7me  detec7on   systems   for   on-­‐demand  
security.   Moreover,   they   fragment   data   across   mul7ple   loca7ons   enabling   more   efficient   disaster  
recovery   and  storage  solu7ons  (Reingold  &   Mrazik,  2009)  and  as  most   aOacks  are   the  result   of  late  
sorware  updates  and  server   misconfigura7ons  due  to  lack  of  7me  (Spinola,  2009)   they   are  less  likely  
to   take   place   on   a   cloud   at   providers   which   are   highly   concerned   about   updates   and   server  
configura7on  (c.q.  it  is  their  core  business).  

  Another   important   remark   that   suggests   beOer   security   in   the   Cloud   is   the   effects   of  
economies  of   scale  on   security.   The  same   security   measures  currently   deployed   on-­‐premises   (e.g.  
Encryp7on,   Virtual  LANs,  firewalls,  DMZs,    etc.)  can  also  be  implemented  on  cloud  environments.   As  
security  hardware  is  rather  expensive  and  due  to  the  economies  of  scale  enjoyed  by  Cloud  Providers,  
cloud   environments  can  deploy   beOer   (more  secure)  hardware  and  sorware  improving   the  overall  
security  compared  to  tradi7onal  data  centers  (Armbrust  et  al.,  2009).

  One  of   the  most   remarkable  security   benefits  in   Cloud  Compu7ng  iden7fied  by   ENISA   is  to  
leverage  the  elas7c  on-­‐demand  property   of   the  Cloud  as  a  protec7on  against   denial  of  service  aOakcs  
(DDoS).   However  a  new  security  issue  arises  in  return,   the  Economic  Denial  of  Services  (EDOS)  aOack.  
Although   the   service   is   kept   available   on   the   Cloud,   the   unintended   use   of   the   applica7on   can  
generate   unexpected   costs   as   the   cloud   infrastructure   must   s7ll   be   paid   on   a   usage   basis.  
Nevertheless,  the  experience  and  dimensions  of  Cloud  Providers  makes  them  more  capable  to  detect  
and  absorb  these  aOacks  than   individual  companies  with  limited   resources  as  they   are  more  oren  

Towards a Healthy Cloud Page 72 of 218 Juan Hernández Colomina

confronted  with  them  and  they  affect  directly  the  performance  of  their  core  business  (Armbrust  et   al.,  

B.  Cloud  Compu*ng  as  a  less  secure  op*on  than  on-­‐premises

  A   cloud   infrastructure  containing   vast   amounts   of   data  is  a   more   aOrac7ve   target   for   bad  
inten7oned   individuals  (Bakker,   2009)   (Treese,   2009)   (Mansfield-­‐Devine,   2008).   By   discovering   and  
exploi7ng  one  single  infrastructure  they   could   get  their   hands  on   immense   amounts   of   informa7on  
that  would  otherwise  have  take  them  much  more  effort  to  obtain.  Moreover,   the  web  based  character  
of  Cloud  Compu7ng  solu7ons  makes  it  more  suscep7ble  for   network  aOacks  and  security   exploits  at  
browser  level  than  non  web-­‐based  infrastructures.  

  Previous  research  has  iden7fied  some  security  issues  arising  from  the  use  of  Cloud  Compu7ng.  
Among   others,   access   policies,   regulatory   compliance,   inves7ga7ve   support,   data   loca7on,   data  
segrega7on,   and   recovery   and  long   term   viability   are  some   of   the  security   risks  when   using   Cloud  
Compu7ng  (Mansfield-­‐Devine,  2008).

• Access  Policies:  The  single  sing-­‐on  solu7on  being  deployed  by  many   leading  internet  firms  allows  
an  user   to  switch  between  cloud  applica7ons  without  the  need  of  login  every   7me.  Although  this  
significantly   improves  usability,  it  also  represents  an  important   security   flaw  due  to  the  fact  that  
once  the  login  is  compromised  then  all  applica7ons  become  vulnerable  (Mansfield-­‐Devine,  2008).  
This  single  sing-­‐on  represents  a  single   point  of  failure  for   Cloud  infrastructures  and   it  is  currently  
being  mi7gated  by  Cloud  Providers  by  using  two  factor  authen7ca7on  methods.

• Regulatory  Compliance:   In   the  area  of  data  governance,   Cloud  Users  need   to   be  sure  that  other  
cloud   users  will  never  be  able  to  access  their  data  (Mansfield-­‐Devine,  2008).  In  some  cases  Cloud  
Providers   have   created   an   infrastructure   that   fully   complies   with   external  regula7ons  on   this  
maOer.  As  an  example,  Google  Apps  systems  and  processes  fulfill  to  SAS  70  Type  II  audit  of  control  
measurements  to  protect   data.  Since  Cloud   Users  are  oren  not   allowed  to  look  into  the  Cloud’s  
security   infrastructure,   trust   on   the   provider   and   on   the   audit   results   becomes   an   important  
enabler   for   adop7on  (Mansfield-­‐Devine,   2008)   (Broek,   2009).   Compliance  issues  arise  in  many  
cases   by   the   lack   of   transparency   of   Cloud   Providers   but   also   from   the   lack   of   auditors’s  
technological  knowledge   (McLaughlin,   2009a).   According   to   a   survey,   adding   a   Public  
Cloud   to   your   architectural   design   will  certainly   result   in   more   complexity   and   therefore   less  
understanding  from  external  auditors.  

• Inves*ga*ve   Support:   It   is  important   to  note  that   when   selec7ng   a  Cloud  Provider   its   security  
model  should  be  carefully  scru7nized  as  the  customer  is  oren  ler  to  the  audit  findings  supplied  by  
the  provider.  Cloud  Users  cannot   respond  to  audit  findings  or  examine  security  implementa7ons  at  
provider’s  level.   Performing  a  security  audit  on  a  cloud  based  system  is  almost   impossible  as  Cloud  
Providers   oren   do   not   provide   full   access   to   their   infrastructure.   Moreover,   ENISA   signals   a  
security   risk  based  on   the  lack  of  contractual  rights   to  perform  security   analysis  (e.g.   port   scans  
penetra7on  tests,     etc.)   by   Cloud  Users.  Although  these   analysis  are  oren  performed  by   Cloud  

Towards a Healthy Cloud Page 73 of 218 Juan Hernández Colomina

Providers,  they   are  not  reflected  in  Service  Level  Agreements  (SLA)  which  leads  to  uncertainty   on  
whether  they  are  performed  or  not,  and  what  are  the  results.

• Data   Loca*on,   Segrega*on,   Recovery   and   Disposal:   ENISA   iden7fies  some  jurisdic7onal  issues  
related   to   the   loca7on   of   data   storage.   Moreover,   the   mul7-­‐tenancy   and   shared   resources  
character   of   Cloud   Compu7ng   can   represent   addi7onal   risks   for   organiza7ons   when   isola7on  
mechanisms  separa7ng   tenants  fail  (e.g.   guest-­‐hopping   &   cartographic   aOacks).   The  integrity   of  
Cloud   Provider’s   employees   should   also   be   taken   into   account.   As   security   is   more   oren  
compromised   internally   and   the   cloud   represents   a   large   volume   of   data,   Cloud   Users   must  
carefully  analyze  how  Cloud  Providers  protect  data  from  internal  security  breaches.  Procedures  for  
data  disposal  should  also  be  taken  into  account.  Once  data  is  deleted   by   a  Cloud  User,  the  Cloud  
Provider  must  assure  that  the  deleted  data  cannot  be  restored,  specially  in  shared   infrastructures  
where  hardware  is  reallocated  to  a  different  user.  

• Long   Term   Viability:   The   absence   of   standard   tools,   procedures,   data   formats   and   services  
interfaces   to   guarantee   data,   applica7on   and   service   portability   can   significantly   difficult   the  
migra7on  to  other   Cloud  Provider   or   to  an  on-­‐premises  seung.   This  situa7on  can  result   in  high  
dependency   on  a  single  Cloud  Provider  and   therefore  vendor   lock-­‐in  situa7ons.  In   a  situa7on  of  
vendor   lock-­‐in   Cloud   Users   must  also  be   aware  of  the  risk  of   provider’s  bankruptcy   and  develop  
methods  to  recover  data  in  such  situa7ons.

• Disinvestments   &   Spoiler  Effect  of  Informa*on:   There  is  a  interes7ng  paradox  in  cloud  security.  As  
companies  have  invested  in  highly  secure  and  expensive  measures  like  DMZs  or  firewalls,  adop7ng  
a  cloud  infrastructure  will  mean  that  these  measures  are  not  longer  necessary  because  everything  
is  stored  outside  the  organiza7on’s  boundaries  without  direct  control  on  the  security   measures  to  
protect   it  (Mansfield-­‐Devine,  2008).  Moreover,   Cloud  Users  should  be  aware  of   the  spoiler  effect  
of   informa7on.   While  a  company’s  infrastructure  security   is  not   well  known  to   outsiders,   Cloud  
Provider’s   security   measures   are   publicly   available,   making   it   easier   for   hackers   to   exploit  
vulnerabili7es  (Mansfield-­‐Devine,  2008).  

  One  of  the  most   important  trade-­‐offs  that  Cloud  Providers  need  to  make  is  that   of  robustness  
versus  pragma7sm   of   the  plaxorm  (Hinchcliffe,  2009).  While  offering  enterprise  func7onali7es  is  very  
important,   they   nee  to   deliver   them   in   a  pragma7c   way   to   facilitate   its  adop7on   by   Cloud   Users.  
Moreover,  when  selec7ng  a  Cloud  Provider,  Cloud  Users  need  to  select  the  offering  that  provides  them  
with  the  right  balance  between  robust  security  and  pragma7sm  for  their  specific  situa7on.

  The   Jericho   Forum   and   the   Cloud   Security   Alliance   (CSA)   are   laying   down   the   first   steps  
towards  solving  the  security   issues  of  Cloud  Compu7ng  (EvereO,  2009).  The  CSA’s  Security   Guidance  
for  Cri7cal   Areas  of   Focus  in  Cloud  Compu7ng  provides  guidelines  for   managing  risk,   portability   and  
disaster   recovery.   The  Jericho   forum   has   developed  a  cube  model  linking  specific   security   issues  to  
each  type  of  cloud,  specially  when  transferring  data  to  and  from  a  provider.  Both,  the  CSA  and  Jericho  
forum  are  currently  working  together  to  develop  a  Cloud  Provider  accredita7on  mechanism.  

Towards a Healthy Cloud Page 74 of 218 Juan Hernández Colomina

  In  order  to  achieve  beOer  security  in  the  cloud,  Cloud  Users  should  carefully  examine  contracts  
with  Cloud  Providers,   specially   regarding  the  rights  and  obliga7ons  of   par7es  as  well  as  compliance  
with  laws  and  regula7ons.   Work   from  the  Jericho  Forum,  CSA  and  ENISA  are  good  staring  points  for  
Cloud   Users   to   analyze   the   security   of   poten7al   Cloud   Providers.   They   provide   guidelines   and  
checklists  that   can  be  used   to  assert   the   security   of   Cloud  Compu7ng  solu7ons  that   best  fits  their  

Towards a Healthy Cloud Page 75 of 218 Juan Hernández Colomina

8. The  Cloud  Compu*ng  Marketplace
  In  the  previous  sec7ons  of  this  research  we  have  provided  a  defini7on  of  Cloud  Compu7ng,  the  
types  of   cloud   offerings,   how  they   are  currently   being   used   and  the  risks  associated  with  this  new  
paradigm.   In   this  sec7on  we   con7nue  our   analysis  by  selec7ng  the  three  most  relevant   providers  at  
infrastructure  and   plaxorm   service   levels  based   on   our   research   defini7on.   This   will   facilitate  our  
further  analysis  on  the  applicability  to  the  Dutch  healthcare  sector  in  the  next  part  of  our  research.  We  
have  excluded  SaaS  solu7ons  from  this  part  of  our  analysis  as  they   are  very  specific  and  use  high  levels  
of   abstrac7on  which  makes  it   very   difficult   to  compare  them  and  evaluate  their   applicability   to  the  
Dutch   healthcare  sector.   Moreover,   SaaS   applica7on   are   oren   either   built   on   PaaS   solu7ons   (e.g.  
Salesforce  applica7ons  on  plaxorm)  or   they  tend  to  become  plaxorms  over  7me  by  offering  
more  flexibility  to  end  users  (e.g.  APIs).  

  We  begin  this  sec7on  by   describing  some  general  market  data  to  con7nue  with  two  overviews  
of   the   features   offered   by   the   three   selected   IaaS   and   PaaS   providers.   We   provide   also   a   brief  
descrip7on  of  each  provider  and  the  latest  developments  in  their  offerings.  As  External  Public  Clouds  
are  leading  the  development  of  Cloud  Compu7ng  we  limit  our  analysis  to  this  type  of  clouds.

8.1. General  Market  Data

  The   Cloud  Compu7ng   market  has  evolved  significantly   during  2009.   Supported  by   increasing  
adop7on  by   organiza7ons,   major   providers  have  incorporated   new   features  every   month  and  new  
providers   have   emerged   some7mes   focused   on   ver7cal   industries.   According   to   The   Wall   Street  
Journal   the  Cloud   Compu7ng   industry   is  es7mated  to  reach  $42   billion   by   2012   which  represents  
around   half   of   the   current   sorware   industry   (Hinchcliffe,   2009)   (McLaughlin,   2009a).   Gartner  
researchers  are  more  op7mis7c  on  their   predic7ons  as  they   expect   the  Cloud  Compu7ng   market   to  
generate  $56  billion  by  2009  and  $150  billion  by  2013  (Gartner,  2009).

  The  popularity  of  end  user  web  applica7ons  based  on  the  Cloud  Compu7ng  model  (e.g.   Gmail,  
Google  Apps,     etc.)   are  an  indica7on  of  current  use  and  adop7on.  According  to  a  recent  study  of  PEW  
Internet   Research  around  69%   of  Americans  are  using  some  kind  of  cloud  service  (Siegele,  2008).  On  
the  enterprise  side  the  rate  of  adop7on  can  be  observed  from  a  recent  survey  performed  by  AppLabs.  
Around  50%  of  the  firms  affirmed  that   they  are  deploying  cloud  infrastructures  or  are  planning  to  do  it  
within   a  year   (Solomon,   2009).   Around   30%  of   these   organiza7ons  have   already   deployed  a  cloud  
infrastructure  while  20%  is  expec7ng   to   deploy   it  within  a  year.   However,  the  remaining  50%  of  the  
companies  answered  that  they  have  no  plans  to  use  Cloud  Compu7ng  in  the  near  future.  

  There   are   a   large   diversity   of   services   offered   following   the   Cloud   Compu7ng   model.   An  
extensive  overview   is  offered  by   the  Cloud   Security   Alliance  and  its   depicted   in   figure  8.   Another  
interes7ng  overview  provided  by  Gartner  is  included  in  appendix  F.

Towards a Healthy Cloud Page 76 of 218 Juan Hernández Colomina

Figure  8:  OpenCrowd  Cloud  Taxonomy  and  Vendors

  As  observed  in  the  above  figure,  the  large  diversity   of  offerings  can   be   generalized  into  three  
main   groups   of   services  as  discussed   in   our   service   model   (SaaS,   PaaS   and   IaaS)   plus   the   tools  
necessary  to  build  them.  

8.2. Selected  IaaS  Providers

  For  the  purpose  of  this  research  we  have  limited   the  amount  of  IaaS  providers  to   be  included  
in  our   feature  comparison   to  the   top   three  largest   providers   measured   by   the  number   of  occupied  
instances:   Amazon,  Rackspace  and  Joyent.   We  base  our   selec7on  on  the  monthly   es7ma7on  by   Guy  
Rosen  described  on  his  blog  The  Jack  of  All  Clouds.

Towards a Healthy Cloud Page 77 of 218 Juan Hernández Colomina

                                                       Figure  9:  Guy  Rosen’s  Cloud  Market  Analysis                                                                                  .  


  In   the   month   December  

(see   figure   9),   according   to   Guy  
Rosen’s  classifica7on  Amazon  was  
s7ll  the  largest   provider,   followed  
by   Rackspace   and   much   further    
by  Joyent.

                         Figure  10:  Gartner’s  Magic  Quadrant  

June  2009.

  According  to  Gartner’s  Magic  Quadrant   on  Hosted  

Cloud   Infrastructure  Services   of  June  2009   (see  figure  
10)   Rackspace   can   be   categorized   as   an   IaaS   leader  
while   Amazon   and   Joyent   are   considered   as  
visionaries.   This   indicates   that   while   their  
completeness   of   vision   is   rather   similar,   Rackspace  is  
able  to  execute  their   offerings  beOer  than  Amazon  and  
Joyent.   Gartner’s   report   confirms   that   our   selected  
IaaS  providers  not   only   have  large   growing   customer  
bases  but   also  develop  their   Cloud  Compu7ng   visions  
and  are  able   to  execute  them.   It   is   important   to  note  
that   other   organiza7ons   regarded   by   Gartner   as  
leaders  (e.g.  AT&T,  Savvis,  Terremark  and  IBM)  focus  on  
leveraging   Internal   Private   Clouds   and   are   therefore  
not  suitable  for  our  analysis.

  Based  on  informa7on  from  the  three  selected  IaaS  providers  we  have  created  a  table  (see  table  
14)   containing   a  comparison   among  the  features  offered   by   them   at  the   moment   of   wri7ng.   When  
selec7ng  the  features  to  be  compared  we  have  focused  on  those  that   are  more  relevant   to  our  further  
analysis  of  their  applicability  to  the  Dutch  healthcare  sector.  As  new  features  are  being  launched  every  
month,  the  overview  is  limited  to  the  services  as  offered  on  December  2009.

Towards a Healthy Cloud Page 78 of 218 Juan Hernández Colomina

Table  14:  Feature  comparison  of  selected  IaaS  providers  

Amazon   Rackspace  
Features Joyent
EC2 Cloud  Servers
Security  &  Compliance

Dedicated  Firewall No No No

VPN Yes No No

SAS  70  Compliance Yes Yes Yes


Role-­‐based  access  control No Yes No

Managed  DNS No Yes Yes

Guaranteed  Up7me  in  SLA 99,95% 100% 99,9%

Opera*ng  Systems

Customized  Opera7ng  Systems Yes No No

Windows  Server  2003  &  2008 Yes No No

Linux  (e.g.  CentOS,  Redhat,  Ubuntu) Yes Yes No


Persistent  (block)  Storage Yes Yes Yes

Drive  Failure  Protec7on  (Backup) None Local  RAID10 No

Choice  of  data  geo-­‐localiza7on     Yes No No

Pricing  Model

Minimum  Server  Size  (RAM) 256  MB 1,7  GB 250  MB
Free  inbound  traffic Yes  (**)  500  GB  /  month Yes
Free  outbound  traffic No 500  GB  /  month Yes


Virtualiza7on  Technology XenServer vCloud  &  XenServer vCloud

Yes,  launching  new   Yes,  without  launching  
Elas7city  of  resources Yes
instances new  instances
Yes,  launching  new   Yes,  without  launching  
Elas7city  of  resources Yes
instances new  instances
Yes,  rBuilder  and  
Support  for  hybrid  cloud  models Yes  (VPC) No
(*)  The  provider  is  currently  deploying  this  feature
(**)  Available  for  a  limited  period  of  7me

Towards a Healthy Cloud Page 79 of 218 Juan Hernández Colomina

A.  Amazon  EC2  and  S3
  Amazon  was  the  first   organiza7on  to  offer  compu7ng  as  a  service  launching  its  EC2  solu7on  in  
October   2007.   Having   deployed  a  immense  infrastructure   to  support   its  well   known  retail  business  
Amazon   decided   to   sell   next-­‐genera7on   Web   Services   by   opening   up   their   own   IT   capabili7es   to  
external  customers  (Baker,  2007).  They  rent  for  example  CPU  cycles  per  hour  at  Amazon’s  Elas7c  Cloud  
Compute  (EC2)   and  storage  on  Amazon’s  Scalable  Storage  Service  (S3)  billed  per  gigabyte  per   month.  
Amazon  currently   has  fourteen   data  centers  spread   over  the  globe  to   support   more  than  88   million  
users.  At  any  moment  in   7me  several  hundreds  EC2  instance  are  running.  Cloud  Compu7ng   seems  to  
be   a  profitable  business   for   Amazon   as  in   their   latest   reported   fiscal   quarter   (September   30th)   it  
included  a  revenue  growth  of  29%  to  $138  million.

  The  compu7ng  solu7on  EC2  can  be  categorized  as  a  “Hardware-­‐as-­‐a-­‐service”  where  users  have  
control  over  the  en7re  compu7ng  stack.  By  applying  virtualiza7on  Amazon  offers  machine  images  with  
the  same  degree  of   access  as  a  dedicated  server.  By  allowing   users  to  instantly   create  or  destroy   any  
machine  image  at  any   moment  applica7ons  can  scale  up  and  down  dynamically  becoming  truly  elas7c  
(Weiss,   2007)  (Holliday,  2009).   A   feature  that   differen7ates  Amazon  from  its  directly   compe7tors   is  
that  Amazon  enables  scalability   by  adding  another   image  to  the  Load   Balancer   instead  of  increasing  
the  amount  of  the  underlaying  resources  (e.g.  RAM,    etc.).

  Amazon’s  storage  service  S3  hosted  around   64  billion   objects  per  August   2009  ranging  from  1  
byte   to   5   gigabytes   each.   This   large   amount   of   storage   handles   on   average   around   100.000   I/O  
requests  per   second.  Amazon  allows  third  par7es  to  store  and  distribute  their  own  (modified)  AMIs  
(Amazon  Machine  Images)  trough  their  infrastructure  which  are  stored  on  the  S3  service  (privately   or  
publicly  accessible)  and  can  be  used  to  boot  EC2  instances.

  According   to   some  IT   analysts  (Gartner,   2009)  Amazon   offers  compu7ng   services   with  high  
levels  of   granularity   applying   a   usage   based   pricing   model.   They   are   regarded   by   Gartner   as   an  
“innova7ve  and  extraordinary  agile  organiza7on  responding  rapidly  to  customer  demands  for  features  
rather  than  following  a  set  product  road  map”  (Gartner,  2009).  

  The   latest   features  launched   by   Amazon   focus  on   solving   some  of   the  main   risks  in   Cloud  
Compu7ng:  compliance  and  security.   In  order   to  solve  issues  related  to  the  loca7on   of   data  storage  
Amazon  offers  tools  that   allows  Cloud   Users   to  determine,   report   and  track  the  physical  loca7on  of  
their  data  (Holliday,  2009).  Regarding  Cloud  security  Amazon  EC2   offers  the  possibility   of  using  mul7-­‐
factor   authen7ca7on   by   using   an   external   authen7ca7on   device   next   to   the   user's   password.  
Moreover,   the   launch   of   the  Virtual  Private  Cloud   feature  that   enables   the   secure   integra7on   of  
Amazon’s  offering  with  on-­‐premises  infrastructures  facilita7ng  the  deployment  of  hybrid  models.

  Amazon   currently   offers   three   pricing   models   for   their   compu7ng   instances:   On-­‐demand,  
Reserved  and  Spot  Price.  On-­‐demand  is  the  regular  pricing  model.  Reserved  instances  are  on-­‐demand  
instances  that   include  a  discount   for   one  to  three   years  prepaid  contracts.   Spot   Price  represents  an  

Towards a Healthy Cloud Page 80 of 218 Juan Hernández Colomina

innova7ve  pricing  op7on  involving  dynamic   prices  set  by   supply   and   demand  over  7me.   In  the  Spot  
Instance  pricing  model  launched  in  December  2009,  each  customer  can  set  a  maximum  price  for  each  
type  of   compu7ng   instance  that   Amazon  offers.   The  spot   price  of   these   instances  is  calculated   by  
Amazon  based  on  supply  (available  stock  of  spot  instances)   and  demand  (how  many   customers  want  
that   instance  at  that  moment).  If   the  spot  price  is  less  or  equals  the  maximum   price  set  by   an  specific  
client,  the  instance  is   allocated  to  that  client,   and  he   or   she  is   billed  according   to  the  spot   instance  
price.   However,   if  the  spot   instance  rises  above  the  maximum  set   by   the  customer   the  instances  are  
automa7cally  terminated  and  resources  are  reallocated  to  another  customer.  

  Some   days   arer   the   Spot   Price   pricing   model   was   launched   the   first   graphical   tool   were  
developed  to  track   the  development   of   spot   prices  over   7me.   One   of  this  tools  is  Cloud  Exchange  
(hOp://  which  provides  overviews  as  the  one  depicted  in  figure  11   which   shows  
prices  of  all  instance  types  and  OS  (Windows  and  Linux)  on  all  three  data  centers  (USA  West,  USA  East  
&  Europe  West).

  Although   the   Spot   Price   model   represents   the   first   steps   towards   u7lity   compu7ng   and  
dynamic   pricing  of  resources  comparable  to  the  financial  stock  market,   this  approach   has  also  some  
limita7ons.   First   of   all,   as  there  are   no   guarantees  on   how   long   a  customer   will   be  using   a   spot  
instance  its  applicability   is  limited   to   a  specific  set   or   workloads,  like  for  example  those  that  are  not  
7me   constrained   and   can   be   easily   restarted   (e.g.   batch   processing,   large   data   processing   and  
transforma7on,    etc.).

  Second   of   all,   the  supply   of   Spot   Price   instances  is  limited  by   Amazon,   as   opposed   to   the  
“unlimited”  supply   of  on-­‐demand  and  reserved  instances.  For  this  reason,   prices  of  spot  instances  do  
not   necessary   need   to   be   supply   and   demand   driven   as   the   quan7ty   and   prices  of   each   type  of  
instance  are  determined  by   Amazon.   Amazon  can  for   example  decide   that   spot   prices   are   the  only  
op7on  or   that   there  is  no  stock   of   spot   prices  which  would  influence  Spot   Prices   significantly.   The  
current  lack  of  transparency  on  this  new  feature  of  Amazon  EC2  makes  it   difficult  to  determine  wether  
they  represent  surplus  capacity  or  they  are  just  another  pricing  choice  for  Amazon.

Figure  11  :  Cloud  Exchange  Spot  Prices

Towards a Healthy Cloud Page 81 of 218 Juan Hernández Colomina

  As   the   Spot   Price   feature   is   also   available   on   the   Amazon’s   API,   developers   can   build  
applica7ons  that  interact   with  these  prices  for   example  by   increasing   or  decreasing  their   maximum  
price  if  some  condi7ons  are  met.   Moreover,   by   including  an  abstrac7on  layer  in  their   applica7ons  to  
support  migra7ons  between  providers  Cloud  Users  could  account  for  the  possible  future  manipula7on  
of  spot  prices  by  Amazon.  

  Amazon   has   developed   during   2009   a   series   of   partnerships   with   enterprise   sorware  
producers   (e.g.   Oracle,   IBM,     etc.).   For   example,   in   February   2009,   the   partnership   agreement  
between  Amazon  and  IBM  represented  an  important  step  towards  the  adop7on  of  Cloud  Compu7ng  
as  a  new   delivery   method  for   enterprise’s  products  and   services.   IBM   offers   infrastructure  sorware  
on-­‐demand  on  the  Amazon  cloud  EC2   where  current  IBM  clients  can  use  their  exis7ng  licenses  also  on  
the  EC2  plaxorm.  IBM  products  that   are  available  on   the  cloud  are  among  others  IBM   DB2,  Informix  
Dynamic   Server,   WebSphere  Portal,   Lotus  Web   Content   Management   and   WebSphere  sMash.   This  
step   to  the   cloud   follows  from   a  recent   agreement   between   IBM   and   Juniper   (a  leading   network  
equipment  manufacturer)  around  Tivoli,  a  sorware  applica7on  that  is  able  to  transfer  workloads  from  
and  to  a  public  cloud.  As  of  December  2009,  Amazon  has  incorporated  Tivoli  as  a  standard  offering  on  
its  EC2  solu7on.

B.  Rackspace
  Rackspace  was  tradi7onally  a  U.K.  based  web  hos7ng  enterprise  which  have  gained  worldwide  
fame   for   their   “Fana7cal   support”   business   model.   Rackspace’s   acquisi7on   of   Mosso   added   IaaS  
services  to   their   product   porxolio  to   support   the  deployment   of   Public   and  Private  Clouds  (Cloud  
Servers  and  Dedicated  Services  respec7vely).  In  addi7on  they  also  offer  storage  services  (Cloud  Files)  
and  PaaS  services  (Cloud  Sites).  To  facilitate  its  comparison  with  Amazon  EC2  we  will  limit  our  analysis  
to  their  Cloud  Servers  offering.  

  According   to   John   Engates,   CTO   of   Rackspace,   the   company   aims   to   provide   maximum  
applica7on   compa7bility   minimizing  the  need  to  adapt  sorware  to  be  hosted  on  the  Cloud.  A  central  
element  on  their  strategy  is  to  enable  the  further   development  of  Hybrid  Clouds  for  burs7ng  between  
on-­‐premises   and   off-­‐premises   cloud   infrastructures.   This   is   reflected   for   example   in   the   fully  
compa7bility  of  Rackspace’s  API  with  RightScale  and  rPath’s  rBuilder  solu7ons.

  During  2009  Rackspace  has  reported  healthy  growth  rates.  Net  revenue  for  the  quarter  ending  
September   2009   was  reported   to   be  $162.4   million  which   is  17.4%  more  year-­‐over-­‐year   basis  and  
6.8%  more  compared  to  the   previous  quarter.   Cloud  revenue  increased  to  $15.3   million,  17%  more  
than  the  previous  quarter.  Rackspace   reported   that   Cloud   related  products  represent   approximately  
10%  of  its  total  revenues  (5%  a  year  ago)  managing  54,655  servers  from  80,944  customers.

  Cloud   Servers  has  access   to   local   RAID10   storage   which   provides  protec7on   against   drive  
failures.  If  any   instance  fails  data  is   restored  by   Rackspace  free  of  charge   to  another   instance.   They  
offer   also  a  broad  variety   of  instances,   ranging  from   256   MB   to   16   GB  of  RAM.   Once  an  instance   is  

Towards a Healthy Cloud Page 82 of 218 Juan Hernández Colomina

running  out  of  resources  it  can   be  expanded  without  the  need  to  start  another  instance.  Networking  
resources  offered   by   Rackspace  are  dedicated   and  persistent   public  IP   address  (no  NAT   transla7on)  
with  a  second  private  IP  address  included  for  free  and  addi7onal  ones  against  limited  costs.

  One  of  the  main  differences  between  Rackspace  and  Amazon  is  Rackspace’s  partnership  with  
VMware   to   offer   VMware   based   images  next   to   Xen   based   ones.   This  is   the  result   of   a   strategic  
alliance   between   VMware   and   AT&T,   Verizon,   Rackspace   and   BT   in   a  federated   cloud   plaxorm.   A  
federated  cloud  integrates  various  different  clouds  on  an  ongoing  premises  (McLaughlin,  2009a).  This  
vision   of   federated   clouds   facilitates  migra7ons  among   those   clouds  and   therefore   it   reduces  the  
vendor   lock-­‐in   risk.   This   is   reflected   on   VMware’s   vCloud   open   interface   which   is   developed   to  
facilitate  migra7ons  between  clouds  using  this  format  (Kel•ens,  2009).

  In  February  2009,   VMware  launched  its  new  cloud  tool  vSphere.   VMware’s  vSphere  is  a  Virtual  
Datacenter  Opera7ng  System  (VDC-­‐OS)  that  is  designed  to  support  organiza7ons  in  conver7ng  current  
data  centers  in  Private  Cloud  infrastructures  that  can  eventually   be  connected  to  Public   Clouds  when  
needed  (McLaughlin,  2009a).  The  vision  of  VMware  is  that  ICT  departments  in  the  future  are  going  to  
become   internal   hos7ng   providers   and   therefore   one   of   their   most   important   tasks   will   be   the  
effec7ve   alloca7on   of   resources   (Kel•ens,   2009).   According   to   VMware,   the   cloud   OS   (vSphere)  
enables  companies  to  deliver  IT  as  a  service  enabling  cloud  burs7ng  capabili7es  (McLaughlin,  2009a).  

  According   to   VMware   the   first   step   in   crea7ng   a  Private  Cloud   is  to   virtualize   the  current  
infrastructure  to  then   focus  in   delivering   IT   capacity   to   end   users.   By   provisioning   services  and  IT  
resources  to  end  users  trough  a  self-­‐service  interface  and  implemen7ng  usage   based  billing   systems  
an  organiza7on  can   unleash   the   poten7al  of   Private   Clouds  (Sheehan,   2009b).   With   the  launch  of  
vSphere,   VMware   is   addressing   the   self   service   provisioning   of   IT   capabili7es.   Management,  
automa7on  and  billing  features  will  de  launched  in  the  coming  year  (McLaughlin,  2009a).

C.  Joyent  
  Joyent  offers  on-­‐demand  cost  compe77ve  virtual  servers  which  they  call  Accelerators  deployed  
over  a  layer   of   shared  networking,   rou7ng,  load  balancing  and  persistent  storage.  On  the   PaaS   area  
Joyent   offers  Smart   Plaxorm  to  develop   applica7ons   and   determine  on  the  spot   which   instance   is  
required   to   run   them.   For   Private  Cloud   deployment   and   management   Joyent   has  developed  their  
Cloud  Control  sorware  which  is  offered  to  enterprise  customers.  

  Joyent   leverages  their   partnership   with   Sun   Microsystems  by   suppor7ng   at   the   moment   of  
wri7ng   only   the   Open   Solaris   OS.   Moreover,   Joyent   uses   Sun’s   Solaris   Containers   and   ZFS,   and  
networking  hardware  and   sorware  from  F5  Networks  and  Zeus.   One  of  the  most  significant  Joyent’s  
success  stories  is  the  one  of  the  professional  social  network   LinkedIN,  which   has  45  million  users  and  
16  million  unique  monthly  visitors  by  August  2009,  more  than  double  than  a  year   before.  The  Joyent  
IaaS  service  delivers  331  million  page  views  per  month  to  LinkedIN  visitors  (by  June  2009)

Towards a Healthy Cloud Page 83 of 218 Juan Hernández Colomina

  Gartner   recommends  Joyent  specially   for   deploying  External  Private  Clouds  aimed  to  deliver  
rapid  elas7city.   However,  one   of   Joyent’s  limita7ons  for   organiza7ons  outside   the  USA  is  that  at   the  
moment  of  wri7ng  Joyent’s  data  centers  are  all  located  in  the  USA.  They  have  Tier  One  SAS70  cer7fied  
facili7es  located  in  Emeryville,  San  Diego,  Andover  and  Dallas.

8.3. Selected  PaaS  Providers

  In  the  PaaS  service  level  we  can  find  a  increasing  larger  number  of  vendors  which  try   to  deliver  
more   flexibility   than   SaaS   solu7ons   while   providing   more   abstrac7on   from   bare   metal  than   IaaS  
solu7ons.   The  main  goal  of  these  offerings  is  to  facilitate  the  quick  and  easy  design,  development  and  
deployment  of   (business)  applica7ons.   Due  to  the  fact  that  “out-­‐of-­‐the-­‐box”  SaaS  solu7ons  are  rather  
inflexible,   and   that   most   organiza7ons   do   not   need   to   have   full   control   over   the   underlaying  
infrastructure,  we  can  expect  a  trend  in  the  Cloud  Compu7ng  market  place  towards  the  PaaS-­‐ificaa7on  
of  services.  

  For   the  purpose  of  this  research,   we   have  selected   Google  App  Engine,   Windows   Azure  and  as  the  most  relevant  PaaS  solu7ons.  Their  features  are  depicted  in  table  15.

Table  15:  Feature  comparison  of  selected  PaaS  providers  

Features Google  App  Engine Windows  Azure

Supported  languages Java,  Python .NET,  PHP,  Java Proprietary

Supported  databases BigTable MS  SQL,  MySQL Proprietary

Billing  Method Resource  Usage  Based Instance  Based Applica7on  Based

Code  Portability No No No

Compliance not  disclosed ISO  27001 ISO  27001

Data  Geo-­‐localiza7on No Yes No

Hybrid  Models Yes  (*) Yes  (**) Yes

API  available Yes Yes Yes

(*) Secure Data Connectors

(**) AppFabric

A.  Google  App  Engine

  According  to  Eric  Schmidt  (Google’s  CEO):  "Google  aspires  to  be  a  large  por7on  of  the  cloud,   or  
a  cloud   that   you  would  interact   with  every   day".   In  Google’s  perspec7ve  Cloud  Compu7ng   implies  a  
fundamental  change  in   the  management   of   informa7on.   Google  believes  that   as  it   happened   with  
electricity,   IT   will   become   an   u7lity   in   the   future   being   supplied   off-­‐the-­‐wall   (Baker,   2007).   The  
paradigm  of  Cloud  Compu7ng  was  long  envisioned  by   Google’s  founders  a  decade  ago   when   Sergey  
Brin  and  Larry   Page  described  their   corporate  vision:  "to  organize  the  world's  informa7on  and  make  it  
universally  accessible."

Towards a Healthy Cloud Page 84 of 218 Juan Hernández Colomina

! Google’s  en7re  business  of  around  $21   billion  in   2008   is   built   and  runs  on   the  cloud  (Baker,  
2007).  Their  popular  search  engine,  adver7sement  plaxorms  and  email  services  (among  others)  are  all  
developed  and  maintained  on   the  cloud.   The   first   version  of   its  most   important   product,   Google’s  
search  engine,  was  developed  and  deployed  on  the  cloud  from  the  beginning.  Moreover,  their  search  
algorithm  is  not   calculated  on  a  central  data  center   but   concurrently   on  its  network  of   distributed  
computers.  This  extensive  experience  and  exper7se  has  provide  Google  with  an  advanced  posi7on  in  
Cloud  Compu7ng.  

  In   a   recent   interview   with   Dave  Armstrong,   Google’s  EMEA   Cloud   Compu7ng   chief   (Broek,  
2009)  he  commented  on   the  most   important  advantages  of  the  cloud:  scalability,   cost  reduc7on  and  
improved  collabora7on.  Cloud  Compu7ng  allows  organiza7ons  to  focus  on   their  core  businesses  that  
differen7ates  them  from  their  compe7tors.  For   this  reason,  according   to  Armstrong,  Cloud  Compu7ng  
is  an   opportunity   for   every   company   in   any   sector,   including   highly   sensi7ve   businesses   like   the  
banking   industry.   Companies  should   just   analyze  and   determine   beforehand   which   informa7on   is  
going   to   be  stored  on  the  cloud  and  which  informa7on  will  remain  on  internal  on-­‐premises  systems.  
He   claims  that  there  is  no  risk  for  vendor  lock-­‐in  as  data  can  be  as  easy   pulled  out  than  it  was  push  
into  the  cloud.   In  his  own  words:  “You  don’t  lose  anything  by  moving  to   the  clouds.   You’re  just   doing  
things  differently”  (Broek,  2009).

  The  focus  of   Google  is  mainly  on  Public  Clouds  (Google  AppEngine)  providing  developers  with  
an  applica7on   framework   and   hos7ng   to   build  and   deploy   their   sorware.   For   enterprise  solu7ons  
Google  has  partnered   with   IBM   in   developing   cloud   solu7ons  for   the  enterprise.   Google   has   also  
teamed  up  with  IBM  under   the  ini7a7ve  Google  101  to  build  an  University  Cloud  where  students  can  
learn  about  large  scale  compu7ng  clouds  (Baker,  2007).  The  ini7a7ve  has  been  created  by   using  IBM’s  
business  sorware  and  Google  servers.

  Although   Google’s   cloud   is   framework   based,   it   supports   a   great   variety   of   programming  

languages  (e.g.   Java,   Python)  without  the  need  to  reprogram   applica7ons.  Currently   there  are  more  
than   80.000   applica7ons   hosted   in   Google’s   cloud   (Holliday,   2009).   One   of   the   most   important  
programming   components   of   Google’s   sorware   is   MapReduce.   Although   the   company’s   search  
algorithm   provide   the   intelligence,   it   is   the   MapReduce   applica7on   that   delivers   speed   to   all   its  
products  (Baker,  2007).   MapReduce  divides  each  task  into  very  small  subtasks  that  are  carried  out  on  
its  distributed  environment.  By   dividing  the   task  and  outsourcing  it   to  thousands   of   computers,   the  
task   is   completed   within   milliseconds.   MapReduce   combines   then   the   frac7oned   results   into   a  
significant  holis7c  answer.  

  For   educa7on   purposes   Google   has   developed   Hadoop,   an   Open   Source   version   of  
MapReduce.  Although  the  Hadoop  project  was  started  by   one  of  Google’s  main  compe7tors  (Yahoo),  
Google  has  worked  extensively  on  promo7ng  it  (Baker,  2007).  Google’s  inten7on  is  to  support   Hadoop  
in  becoming  a  standard  for  Cloud   Compu7ng   sorware  architectures.  From   a  developer’s  perspec7ve,  
Google  App  Engine  is  valued  for   its  fully   automated  and  easy   to  implement   scalability,  its  ease  of  use  

Towards a Healthy Cloud Page 85 of 218 Juan Hernández Colomina

and   the   usage   based   pricing.   However,   developers   complain   about   the   API   narrowness,   the  
compulsory   use  of  Big   Table  DB,   the  lack   of   support   for   rela7onal  data  bases   and  the  lack  of   code  

  Google  defines  clouds  as  “giant  clusters  of  computers  that  house  immense  sets  of  data   too  big  
for  tradi;onal  computers  to  handle”  (Baker,   2007).  Google’s  infrastructure  of  globally  distributed  data  
centers   has   been   crucial  for   their   pioneering   role  in  Cloud   Compu7ng   (Broek,   2009).   Their   cloud   is  
con7nuously   evolving   with   investments  in   data  centers  es7mated   to   be   around   $2   billion   a   year  
(Baker,   2007).  During  2007  Google  added  four  new  data  centers  to  its  Cloud  with  an  average  unit  cost  
of   $600   million.   The   capacity   and   capabili7es   of   its  infrastructure   makes  it   an   ideal   plaxorm   to  
perform  resource  intensive  scien7fic  jobs  that  a  decade  ago  would  have  been  performed  in  a  na7onal  
lab  (Baker,  2007).

  Google’s   architecture   includes   a   worldwide   network   of   thousands   cheap   self-­‐assembled  

computers  (Baker,  2007)  which  store  the  enormous  amounts  of  data  that   enable  fast  web   searching  
being  capable  of  answering  billions  of  queries  within  milliseconds.  In  Google’s  vision,  reliable  sorware  
enables  robust  plaxorms  and  the  use  of  inexpensive  hardware  (Sheehan,  2009b).  This  vision  is  reflect  
on   the   hardware   that   Google   uses   which   is   maintained   on   demand   where   individual   hardware  
elements  are  replaced  by  beOer  ones  only  when  they   stop  working.  According  to  Google,   “ The  reality  
is   that   most   businesses   don’t   gain   a   compe77ve   advantage   from   maintaining   their   own   data  
centers”  (Sheehan,  2009b).  For   those  enterprises  that  do   need  to  have  (part  of)  their  infrastructure  
on-­‐premises,   Google   enables   the   possibility   of   deploying   Hybrid   models   with   their   Secure   Data  
Connector  that  enables  Hybrid  Cloud  models  (Holliday,  2009).  

  In  the  last  quarter   of  2008  Google  has   implemented  an  innova7ve  data  center   management  
method   on   his  new   data   center   in  Saint-­‐Ghislain,   Belgium.   The  new   data  center   has   no  chillers  to  
support   its   cooling   systems.   As   chillers  require   large   amounts   of   electricity   to   operate,   this  new  
method   results  in  improved  energy   efficiency.  Instead  of  using  chillers,  Google   applies  fresh  air   from  
outside  the  data  center  when  temperatures  are  cool  and  it  uses  an  on-­‐site  water  purifica7on  facility  to  
use  water  from  a  nearby  industrial  canal  instead  of  municipal  water.

  Using   this  innova7ve  set  up,  local  weather  forecas7ng  becomes  a  cri7cal  factor  in  network  and  
data   center   management.   Belgium's  climate  ranges  from   18   to   22   degrees  celsius   during   summer,  
while  Google  maintains  his  data  centers  above  26   degrees  celsius.   Google  es7mates  that  temperature  
might   rise  above  the  acceptable  maximum  seven  days  per  year   on  average.  When  this  situa7on  occur,  
Google  will  turn   their   Belgium   data  center   off   and   reallocate   compu7ng   workloads   to   other   data  
centers   around   the  globe.   This   workload   management   strategy   has   been   denoted   as   “follow   the  
moon”   taking   advantage   of   lower   costs   for   power   and   cooling   during   overnight   hours,   the   so  
called  off-­‐peak  u7lity  rates  charged  by  energy  providers.

Towards a Healthy Cloud Page 86 of 218 Juan Hernández Colomina

  A  final  remark  should  be  made  on  the  first  Cloud  based  OS,  Google’s  Chrome  OS.  During  2009,  
Google  has  released  their  Chrome  browser   and  their  Chrome  OS  based  on  the  former.   Both  represent  
a  step  further  in  the  Cloud  Compu7ng  paradigm  as  now  Google  has  opened  the  door  to  “empty”   thin  
clients  where  applica7ons  and  data  storage  are  cloud   based.   During  2010  it   will   become   more  clear  
wether  this  development  will  be  embraced  by  users.    

B.  Windows  Azure
  Windows  Azure  was  launched  in   2008   and  it  is  expected  to  be  open  for  public  use  by   January  
2010.   Azure  supports  the  rapid  development  and  deployment  of  cloud  applica7ons  (Holliday,  2009).  In  
words  of  Bob  Muglia,  president  of  the  Server  and  Tools  Business  at  Microsor:  "MicrosoU  is  converging  
on   a   common   developer   plaDorm   for   both   servers   and   services".   According   to   some   journalists,  
Microsor’s  strategy   is  to  become  the  most   used   cloud   opera7ng   system   (Mitchell,   2009).   Gartner  
research   suggest   that   Microsor   is  planning   to  become  a  market   leader   in  tools  for   building  Private  
Clouds  (e.g.  System  Center  product)  as  well  as  in  Public  Clouds  (e.g.  MS  Azure)  (Fergusson,  2008).

  Azure  applica7ons  are  developed  using  .NET  and  compiled  arerwards  to  a  Common  Language  
Run7me  (CLR)  to  be  used  independently   (Armbrust  et  al.,  2009).  The  level  of  abstrac7on  of  Azure   is  
somewhere  between   the  Amazon’s  EC2  (low  abstrac7on)  and   Google  App  Engine  (high  abstrac7on).  
The  programming  languages  and  databases  supported   on  Azure  include  non-­‐Microsor  products  (e.g.  
Zend,  PHP,  MySQL,  Java,  Eclipse  EDI,    etc.)  as  well  as  Microsor  languages  and  tools  (e.g.  MS  SQL,  .NET,  
Visual  Studio  as-­‐a-­‐service,     etc.).  However,  it   is  important   to   note  that   as  most  Windows  applica7on  
are  built  on  Windows  programming  tools  (e.g.  .NET)   the  migra7on  of  these  applica7ons  will  be  easier  
to   Azure  than  to  any   other   plaxorm.  Although  this  development   means  a   unprecedented  change  in  
Microsor   product   strategy   as   compared   to   tradi7onal   sorware   models   (client   or   on-­‐premises)  
(Fergusson,   2008)  it   is  important   to   note  that   Windows  Azure  is  not   a  standard   Windows  OS.   This  
means  that  developers  might  need  to  adapt  their  applica7ons  to  be  able  to  run  them  on  Azure.  

  Microsor   recommends   organiza7ons   to   deploy   an   Hybrid   Model  to   limit   their   risks   while  
leveraging  some  of   the  poten7als  of  the  cloud  paradigm.  To  support  hybrid  models  Microsor   offers  
Windows  Server  AppFabric  (currently  in  Beta  status).  

  Developers  consider  Windows  Azure  as  a  very   simple  and  powerful  role-­‐based  PaaS   solu7on.  
However,  they   believe  that  Azure’s  scalability  is  currently   rather   poor   as  it  does  not   support  automa7c  
scaling  of   instances.   In   Microsor’s  latest   Professional  Developers  Conference  in  November   2009,  the  
company  presented  their  strategy  and  latest   development  around  the  Azure  plaxorm.  One  of  this  new  
developments  is  PinPoint,   an  AppStore  for   business  apps  developed  and  deployed  in  Azure  including  
third   party   add-­‐ons  and   data  sets  (comparable  to   Another   announcement   was  project  
Dallas,   a  data-­‐as-­‐a-­‐service  solu7on   which   offers  large  data  sets  of   public  and  commercial  data   (e.g.  
WHO,  NASA,    etc.)  on   a  pay-­‐per-­‐use  basis.  The  goal  of  this  project   is  to   enable  these  data  sets  to  be  
mashed  up  by  developers  on  the  Azure  plaxorm.

Towards a Healthy Cloud Page 87 of 218 Juan Hernández Colomina

  Microsor   is  also  working  on  the  design  of  its  new  data  centers  to  deliver  facili7es  that  require  
no   water   and   have   no   roofs.   This   facili7es   are   aggrega7ons   of   container   formed   boxes  and   are  
deployed  in  Chicago  and  San  Antonio   for  the  USA,   Dublin  and  Amsterdam  for   Europe,  and   Singapore  
and  Hong  Kong  for  Asia.  Their  Chicago  700,000  square  foot  data  center   which  costed  more  than  $500  
million  and  can  hold  up  to  56  containers  with  a  total  capacity  of   112.000  servers.   Currently  Microsor  
runs  a  more  than  85.000   servers  distributed   across  the   six   data  centers.   According   to  Microsor,   all  
data  will  be  replicated  to  at  least  three  data  centers  from  February  2010.

  Microsor  currently  supports  only  the  Windows  Server  virtual  machine  format  on  Azure.  Virtual  
machine  server’s  pricing   ranges  from   12   cents   per   service  hour   for   machines   powered   by1.6-­‐GHz  
processors  and   1.75   GB   of   RAM   up  to  96   cents  per   service  hour   for   eight   1.6-­‐GHz   chips  and  14GB  
RAM.   An   example   of   an   enterprise   applica7on   that   is   already   running   on   Windows   Azure   is  
Capgemini’s  ACS   applica7on  for  complex  calcula7ons  of   salaries  and  pensions   which   is  offered  as-­‐a-­‐
service  to  Capgemini’s  customers.  Other  case  studies  on  Azure  suggest  that  deployment  7mes  can  be  
reduced  from  six  weeks  to  six  minutes  while  adap7ng  1%  of  the  total  code.  

  The   success  of   is   even   greater   than   the   one   obtained   by   SaaS  
offering  of  hosted   business  applica7ons.   The  company   has  recently   reported   that   55%  of  the  HTTPS  
transac7ons   the   company   processes   come   through   their   API   (and   therefore   from   third   party  
developed  applica7ons)  compared  to  45%  coming  from  Salesforce's  own  developed  applica7ons.   focus   primarily   on   enabling   the   easy   development   and   deployment   of   custom  
enterprise  apps  like  HR,   accoun7ng,   sales,   support,     etc.  According  to   Salesforce,   organiza7ons  can  
deploy   applica7ons   five   7mes   faster   against   50%   of   the   costs   compared   to   tradi7onal   sorware  
development   paradigms.   allows   developers   to   reuse   exis7ng   pre-­‐defined   data   objects,  
security  models,  user  interfaces,  business  processes  and  automated  management.  Compared  to   .NET  
and  J2EE,  affirms  that  it  can   deliver  applica7ons  60%  faster   at   54%   lower  costs.  Moreover,  enables  the  integra7on  of  on-­‐premises  applica7ons  in  an  Hybrid  Cloud  model.

! Salesforce  last  reported  annual  revenue  was  $1  billion  as  of  February  2009.  By   December  2008,  
Salesforce  had  around  51.800   clients   and  3.300   employees.   Their   last   reported  quarter   (third   fiscal  
quarter  of  2009)  showed  a  31%  year-­‐over-­‐year  customer  increase  to  67.900  accounts.  

  Their   underlaying   infrastructure   is   based  on   the   mul7-­‐tenancy   principle,   hos7ng   more   than  
135.000   applica7ons  build  by   external  developers  on  the   plaxorm  performing  around  200  
million  transac7ons  daily   by  an  es7mated   188   million  lines  of  code.  Salesforce  has  obtained  the   ISO  
27001  Cer7fied  Security   recogni7on  and  guarantees  99%   availability   rates.   infrastructure  is  
distributed  on  three  global  data  centers  that  are  configured  for  fail-­‐over  and  disaster  recovery.

Towards a Healthy Cloud Page 88 of 218 Juan Hernández Colomina

  On  their   programming  layer,  offers  a  programmable  drag  and   drop  user   interface  
and   cloud  logic,   real-­‐7me  analy7cs,   an  integrated  content   library,  real-­‐7me  workflow  and  approvals,  
granular   security   and   more   than   800   integrated   applica7ons.   Moreover,   allows   user   to  
create  (mobile  compa7ble)   websites  for   developers   to   distribute  their   applica7ons.   Users  without  
technical  or   programming  knowledge   can  deploy   a  database,   design  applica7on  rules  and  deploy   it  
onto   front-­‐ends  and   dashboards  within   minutes.   For   advance  applica7on   development,  
offers   developers   its   own   programming   language,   an   Eclipse   based   IDE,   an   UI   framework,   and  
development  and  tes7ng  environments.

Towards a Healthy Cloud Page 89 of 218 Juan Hernández Colomina

9. Selec*ng  a  Cloud  Provider
  The   Cloud   Compu7ng   solu7ons   offered   nowadays   are   very   diverse   and   each   has   unique  
evolving  characteris7cs.  For  this  reason  it  is  important  to  consider  solu7ons  that   best  fit  organiza7onal  
needs  and  re-­‐evaluate  the  provider  periodically   (Leong,  2009).  A   methodology  is  therefore  needed  to  
support  the  evalua7on  of   offerings  and   compare  them  with  other   op7ons.  In  this  sec7on  we  provide  
an  brief   descrip7on   of   some  of   the  considera7ons  that  we  believe  an   organiza7on   has   to  take  into  
account  when  selec7ng  a  Cloud  Provider  or  developing  their  own  Cloud  solu7on.  

  There   are   a   number   of   misconcep7ons   when   considering   Cloud   Compu7ng   solu7ons  

(Michelson,  2009).   First  of   all,   not  all  applica7ons  need  to   be  clouded,  the  best  approach  is  to   select  
those  that  can  benefit   from  it.  Second  of  all,  there  is  no  need  to  replace  current  resources  if  they  can  
be  reused  into  an  Internal  or  Private  Cloud  model.  Moreover,  there  is  also  no  need   to   change  the  IT  
organiza7on   or  IT  processes  as   long   as  the   Cloud  solu7on  can  fit   into  the   exis7ng   ones  (Michelson,  

  An   incremental   gradual   approach   to   adopt   Cloud   Compu7ng   is   oren   recommended,   for  

example   by   running   first   a   pilot   test,   then   migra7ng   one   non-­‐cri7cal   applica7on   and   using  
benchmarking  against  on-­‐premises  to  decide  wether  to  go  further.  This  approach  helps  to  understand  
the  benefits  of  Cloud  Compu7ng  step  by  step  minimizing  risks  and  learning  by  doing  (Arnold,  2008a).  

 Figure  12  :  Gartner’s  model  for  selec*ng  a  Cloud  Provider          .

  Gartner   recommends  to  compare    

providers   based   on   a   TCO   basis   that  
includes  not  only   hardware  costs  but  also  
human  resources,   licensing  costs  and  risks  
(Leong,   2009).   Moreover,   Gartner   has  
developed   a   methodology   to   evaluate  
providers   based  on  the  specific   needs  of  
an   organiza7on.   Among   others,   the  
methodology   considers  cost,   opera7onal  
stability   and  ability  to  scale  as  well  as  how  
the   solu7on  matches  the  firm’s  applica7on  
architecture,   provides  the   level  of   desired   customer   support   and   meets   the   organiza7on’s  service  
level,  security,  privacy  and  compliance  requirements  (Leong,  2009).  In  order  to  get  started  with  Cloud  
Compu7ng,  Gartner  recommends  the  four  step  model  depicted  in  figure  12  (Plummer,  2009).

Towards a Healthy Cloud Page 90 of 218 Juan Hernández Colomina

A.  Focus  Areas  When  Selec*ng  a  Cloud  Provider  
  Security   is   a   major   concerns   by   Cloud   Users   a   must   therefore   carefully   be   scru7nized  
beforehand  (Brynko,  2008).  Storing  data  outside  the  organiza7on  is  in  some  cases  not   allowed  by  laws  
and   regula7ons   and   end   users  expect   appropriate   protec7on   of   their   privacy.   Another   important  
considera7on   when   evalua7ng   cloud   solu7ons   is   the   transparency   of   the   code   (open   source   vs  
proprietary)   to   reduce   the   risk   of   vendor   lock-­‐in   and   increase   applica7on   portability   and  
interoperability  (Urquhart,  2009a).    

  According  to  experienced   prac77oners,  the  best  approach  to  evaluate  Cloud  Compu7ng  as  a  
viable  alterna7ve  is  to  consider  it   for  each  applica7on  and  project  separately  (BeOs,  2009).  To  facilitate  
this  evalua7on,  a  weighted  scorecard  approach  has  been  suggested   that  considers  the  cri7cal  factors  
influencing  the  decision  (BeOs,   2009).  Some  examples  of  situa7ons  that  could  significant  benefit  from  
the  cloud  are  applica7ons  with  high  demand  vola7lity  or   that   require  fast  provisioning   of   resources  to  
improve  the  7me-­‐to-­‐market.  The  scorecard  approach  is  depicted  in  table  16:

Table  16:  Main  Considera*ons  When  Selec*ng  a  Cloud  Provider

Related  Area Ques*on

Are  any  of  the  cloud  advantages  source  of  compe77ve  advantage?
(e.g.  7me-­‐to-­‐market,  high  scalability,    etc.)  
Does  the  project  have  a  high  degree  of  demand  uncertainty?
Does  the  project  have  high  peaks  in  demand?
What  is  the  strategic  value  and  risks  associated  with  the  data?
How  vulnerable  is  the  firm  to  security  threats  rela7ve  to  cloud  providers?
Can  the  Cloud  Provider  provide  the  Recovery  Point  Objec7ve  (RPO)  and  Recovery  Time  
Disaster  Recovery
Objec7ve  (RTO)  needed?
What  are  the  SLAs  and  track  record  of  the  Cloud  Provider?
Performance Are  there  tools  for  monitoring  performance?  
What  is  the  effect  of  latency  on  performance?
To  what  extent  does  the  applica7on/project  depends  on  integra7on  with  other  
Architecture  &  Integra7on applica7ons  or  data?
Does  the  applica7on  need  to  be  customized  to  work  in  a  cloud?
Vendor  Support Does  the  provider  offer  migra7on  support,  and  support  for  service/performance  issues?
How  compliant  is  the  provider?
(e.g.  does  he  meet  all  necessary  regulatory  requirements)
Vendor  Compliance
Are  there  comparable  instances  mee7ng  the  same  requirements?  
Is  the  provider  open  to  audits  from  external  par7es?
Is  the  provider  financially  stable?
Vendor  Health
Does  he  offers  compensa7ons  for  outages  and  malfunc7ons?  

  Another   interes7ng  model  for  the  adop7on  of  Cloud  Compu7ng  solu7ons  has  been  developed  
by   Infosys   (Dargha,   2009).   To   evaluate   Cloud   Compu7ng   offerings,   Infosys   proposes   a   weighted  
scorecard  approach  based  on  specific  considera7ons  to  be  taken  by  Cloud  Users.   Although   the  list  of  
considera7ons  is  not   complete,   Infosys  considers  it   a  good   start   point   to   evaluate  Cloud   Providers  
(Dargha,  2009).  The  scorecard  is  depicted  in  table  17.

Towards a Healthy Cloud Page 91 of 218 Juan Hernández Colomina

Table  17:  Infoys  Scoreboard  Approach

Considera*ons Weight Raw  Score

The  demand  of  services  is  vola7le  and  unpredictable

The  service  usage  is  not  frequent

There  is  no  need  for  customized  services  or  API

The  applica7on  to  be  clouded  is  not  mission  cri7cal

The  applica7on  is  new  or  recently  developed

The  applica7on  is  not  subject  to  strict  compliance

The  development  plaxorm  is  not  vendor  specific

The  applica7on  does  not  need  to  be  integrated

Internal  or  industry  regula7ons  allow  to  store  data  on  the  cloud

The  firm  prefers  to  incur  in  OPEX  rather  than  CAPEX

The  applica7on  is  tolerant  to  latency  and  other  network  performance  issues

  The   priori7es   of   firms   of   different   sizes   are   significantly   different.   Small   firms   focus   on  
minimizing  costs  and  complexity   by  elimina7ng  the   need  to  own  resources.  They   are   willing  to  trust  
external  providers  easier   as  they   are  always  looking  for   outsourcing   as   many   non-­‐core  ac7vi7es   as  
possible   (Urquhart,   2009a).   On   the   other   hand,   large   enterprises   are   more   concerned   with  
maintaining   their   exis7ng   ICT   investments   and   they   carefully   evaluate   new   investments  based   on  
profitability   (e.g.   ROI)   (Urquhart,   2009a).   Because   large   organiza7ons   have   already   invested   vast  
amounts  of  7me  and  money   in  protec7ng  and   op7mizing   their   infrastructures  they   are   not  likely   to  
adopt  Cloud  Compu7ng  un7l  the  same  levels  can  be  guaranteed  (Urquhart,  2009a).

B.  Service  Model  Selec*on

  Many   IT   leaders  recommend   using   the   cloud  to   host   only   certain  types  of   applica7ons  and  
informa7on   as   not   all   of   them   are   well   fiOed   to   be   clouded.   As   Cloud   Compu7ng   has   many  
implica7ons   for   the   way   businesses   are   conducted   nowadays   it   is  important   to   select   the   cloud  
services   that   best   fit   the   business   needs   without   bothering   about   the   technical   implementa7on  
(Arnold,  2008a).  

Towards a Healthy Cloud Page 92 of 218 Juan Hernández Colomina

  In   order   to   select   the   type   of   service   best   suited   for   an   specific   applica7on   the  following  
ques7ons  might  be  considered  (Edgewater):

• How   standard  is  the  applica7on?                                        (Proprietary  /  Commodity)

• When   was  it  developed?                                                                    (Legacy  /  New  Applica7on)
• What   is  the  7me  and  cost  of  deployment?      (Fast  &  Low  /  Long  &  High)
• How   stable  is  the  applica7on  usage?                            (High  Scalability  /  Low  Scalability)
• Is  there  a  situa7on  of  vendor  lock-­‐in?                          (Yes  /  No)
  Answering  these  ques7on   we  can  determine  which  service  model  of   Cloud  Compu7ng  is  best  
fiOed  for  an  specific   applica7on.   Using  these  answers  we  can  use  a  decision  framework  (see  table  18)  
to  determine  the  best  type  of  service  for  our  situa7on  (Edgewater,  2009):

Table  18:  Cloud  Service  Model  Selec*on  Tool  

Type  of  
Service  Type Scalability Vendor  Lock-­‐in Code Deployment  Costs

IaaS Proprietary Low Low Legacy Low

PaaS Proprietary High High New High

SaaS Commodity High High -­‐ Low

C.  Deployment  and  Access  Models  Selec*on

  Another   important   choice   is   the   loca7on   of   the   cloud   to   be   used   (Internal   or   External)  
(Urquhart,   2009a).  Companies  that  believe  they   can  get   what  they   need  from  external  offerings  are  
more  likely   to  adopt   a  Public   Cloud  while  firms  that   are  concerned  about   lock-­‐in,   data  ownership,  
security  and  compliance  would  oren  adopt  and  Hybrid  or  Internal  Cloud  (Urquhart,  2009a).  An  oren  
recommended  approach  to  deploy   cloud  solu7ons  is  to  create  an  Internal  Cloud  first  that   out  scale  to  
a  External  Cloud  when  internal  resources  cannot  fully   handle  the  workload  and  scales   back  in  once  
those  extra  resources  are  no  longer  needed  (Michelson,  2009).  

  McKinsey  recommends  organiza7ons  to  build  their  own  cloud  infrastructure  and  although  this  
can  be  a  good  solu7on  for  some  situa7ons,  it   reduces  one  of  the  most  important  advantages  of  Cloud  
Compu7ng  cost  efficiency  (Sheehan,  2009b).  For  this  reason,   some  authors  have  proposed  a  different  
approach   by   first   examining   the  organiza7on’s  applica7on   porxolio  looking  for   cloud  candidates,   to  
calculate  then   the  true  costs  of   the   internal  infrastructure   and   therefore  make  founded  decisions  on  
wether  to  deploy  an  Internal  or  External  Cloud  (Sheehan,  2009b).

Towards a Healthy Cloud Page 93 of 218 Juan Hernández Colomina

  The  current  evolu7on  of   Cloud  Compu7ng  offerings  can  help  organiza7ons  to  decide  the  level  
of   hybridity   that   best   fit   their   needs  (Dignan,   2009).   In   some  cases,   organiza7ons   can   use  Private  
Clouds   that   can   out   scale   when   needed   to   Public   Clouds   and   therefore   improve   con7nuity   and  
availability  (Kirsner,  2009).  However,  most  of   the  Hybrid  offerings  in  the  market   are  partnership  based  
and  therefore  limit  the  choice  of  Public  Clouds  to  the  firms  involved  in  the  specific  vendor  partnership.  
An  example  is  Sun’s  Cloud  Compu7ng  plaxorm  or   BMCs  hybrid  solu7ons  which  among  many  other  can  
out   scale  strictly   to   Amazon’s  public   cloud   (Dignan,   2009)   (Kirsner,   2009).   Another   example   is  the  
strategic   partnership  of   VMware  with  several   providers  to  support   migra7ons   based  on  the   vCloud  

  Another   interes7ng   approach  to  determine  which   type  of   access  and   deployment   model   is  
best   fiOed   for   an   specific   applica7on   takes  into   account   how   mission   cri7cal  and   related   to   core  
prac7ces  are  the  resources  (Spinola,   2009).  First,  organiza7on  need   to   determine  which  on-­‐premises  
IT  resources  and  systems  are  mission-­‐cri7cal  and  which  are  not.  Second,   all  resource  must  be  analyzed  
to  iden7fy  which  ones  are  sources  of  compe77ve  advantage  (core-­‐business  prac7ces)   and   which  are  
not   (non-­‐core   prac7ces).   By   answering   these   two   ques7ons,   organiza7on   can   use   table   19   to  
determine  which  deployment  and  access  model  is  best  fiOed  for  that  type  of  resources.

Table  19:  Cloud  Access  and  Deployment  Models  Selec*on  Tool  (Spinola,  2009)  

Core  vs  
Mission  Cri*cal Non  Mission  Cri*cal
Mission  Cri*cal

Core  Prac*ces Deploy  in  Private  Internal  Cloud Good  candidate  for  Private  Internal  Cloud

Non  Core  Prac*ces Good  candidate  for  Public  cloud Deploy  in  Public  cloud

Towards a Healthy Cloud Page 94 of 218 Juan Hernández Colomina

10.  Answers  to  Research  Ques*ons  Phase  1
  To  summarize  our   findings   from   this  research   phase  we   provide  in   this  sec7on   the  specific  
answers  to  the  related  research  ques7ons.

1. What   is   cloud   compu*ng?   How   do   vendors,   consultants,   analysts,   standards  

organiza*ons  and  commercial  publica*ons  define  Cloud  Compu*ng?
  As  Cloud   Compu7ng   is  a  rela7ve   new   concept   evolving   rapidly   over   7me,   to  elaborate  our  
research  defini7on  we  have  taken  into  account  previous  defini7ons  found  in  scien7fic  papers  (Berkeley  
University,   Telefonica  R&D,   Melbourne  University   and   IEEE),   leading   ICT   consultants   and   analysts  
publica7ons  (Gartner, Forrester, Accenture and Capgemini),   commercial  media   and  publica7ons  
by   standards   organiza7ons   (NIST).   All   the   defini7ons   taken   into   account   can   be   found   in   the  
elabora7on  of  Phase  1  in  this  report.  

  From   each  exis7ng   defini7on  we  have  first   extracted   their   main  components  or   features  to  
group   them   further   where   seman7cally   possible.   Features   that   are   not   in   accordance   with   the  
possibili7es  of   this  new   paradigm  (as  reflected  by   exis7ng  solu7ons)   and/or   are  only   men7on  in  few  
publica7ons   have   been   excluded.   Moreover,   features   that   are   not   a   essen7al   requirements   as  
demonstrated  by   some  vendors  have  been  also   excluded.  Arer  this  analysis  we  have  elaborated  the  
following  defini7on  of  Cloud  Compu7ng:

Research  Defini*on  of  Cloud  Compu*ng

Cloud   Compu;ng   is   the   delivery   model   where   on-­‐demand   elas;c   IT   capabili;es   are  
offered  as-­‐a-­‐service  through  the  Internet  following  a  usage  based  pricing  model.

  There  are  a  large  number  of  IT   capabili7es  offered  according  to  the  Cloud  Compu7ng  model.  
Some   examples  of   the   most   popular   services   are   infrastructures   (IaaS   solu7ons),   plaxorms   (PaaS  
solu7ons),  and  sorware  (SaaS  solu7ons).

  The  main  features  found  in  our  defini7on  are:  (1)   IT  capabili7es,  (2)  on-­‐demand,  (3)  elas7c,  (4)  
as-­‐a-­‐service,   (5)  internet   delivery   and  (6)   usage  based  pricing   model.   We  will  use  these   features  to  
evaluate  if  a  specific  solu7on  can  be  regarded  as  Cloud  Compu7ng  or  not.  Other  non  essen7al  features  
that   have   been   therefore   excluded   from   the   defini7on   are   virtualiza7on,   mul7-­‐tenancy   use   of  
resources,   resource  op7miza7on  and  self-­‐service   func7onality.  A  further   explana7on  on  the  reasons  
for  excluding  these  features  as  well  as  the  analysis  performed  to  achieve  our  defini7on  can  be  found  in  
the  sec7on  over  Phase  1  in  this  report.  

Towards a Healthy Cloud Page 95 of 218 Juan Hernández Colomina

2. What  are  its  advantages  /  disadvantages?  
  The   poten7al  advantages  of   this   new   paradigm   can   be   inferred   from   the  goals   that   early  
adopters  had   when   adop7ng   Cloud   Compu7ng  solu7ons.  For   this  purpose  we  have  analyzed  several  
case   studies  on  the  use  of  current   Cloud  Compu7ng   solu7ons.   The  most   common   advantages  found  
are  resource  op7miza7on  and  elas7city,  high  performance  compu7ng,  failover  and  backup,  business  
agility   and   faster   7mer   to   market,   and   leveraging   external   knowledge   and   experience.   As   Cloud  
Compu7ng   has   disrup7ve   effects   on   the   current   delivery   of   IT   capabili7es,   we   have   dedicated   a  
separate   sec7on   for   describing   the   economic   considera7ons   of   this   new   paradigm.   Some   of   the  
economic  benefits  found  are  the  transforma7on  of  capital  investments  into  opera7onal  expenses,  the  
reduc7on   of   large   capital   commitments   for   the   long   term,   the   usage  based   pricing   for   improving  
opera7onal   cost   efficiency,   the   mi7ga7on   of   risks   associated   with   capacity   planning,   and   the  
realiza7on  of  economies  of  scale  (and  therefore  cheaper  offerings)  by  Public  Cloud  providers.

  The  risks  of  this  new  paradigm  have  been  elaborated  from   the  specific   characteris7cs  of  this  
new  paradigm  as  compared  to  other   op7ons  (e.g.   on-­‐premises  solu7ons).  Moreover,   they   have  been  
extensively   subject   of   previous  research  by   public   agencies  specialized  on  ICT   security   (e.g.   ENISA).  
When   adop7ng   a   Cloud   solu7on   compared   to   an   on-­‐premises   alterna7ve   risks   are   iden7fied   at  
opera7onal,  compliance  and  standards  levels.  Opera7onal  risks  include  among  others  the  dependency  
on   external   services   availability,   the   performance   of   solu7ons   build   over   shared   resources,   the  
dependence  on   external  providers,   the  performance  of  public   ungoverned   networks  (e.g.   internet)  
and  the  lack  of   advanced  cloud  management  tools.  At  the  compliance  level  risks  can  be  iden7fied  on  
the  applicability   of  (inter)na7onal  laws  and  regula7ons,   data  confiden7ality   on  Public   Clouds  due  to  
failures  in  resource  isola7on,  and  the  lack  of  transparency   in  external  infrastructures.   Although  some  
formats  (e.g.   Amazon  AMI  for   server   images)  are  emerging   as  de  facto  standards,   there   are  at   the  
moment   of   wri7ng   no   formal  standards  in  Cloud  Compu7ng.   This  creates  a   serious  risk  for   vendor  
lock-­‐in   as   organiza7ons   can   not   migrate   to   and   from   Cloud   solu7ons   without   adap7ng   their  

  Security   is  the  most   important   barrier   men7oned  by   organiza7ons  for   the  adop7on  of  Cloud  
Compu7ng.  The  single  sing-­‐on  feature  offered  in  Cloud  solu7ons  represents  a  single  point   of  failure  for  
the   infrastructures   and   it   is   currently   being   mi7gated   by   Cloud   Providers   by   using   two   factor  
authen7ca7on  methods.   As  External  Private  and  Public   Clouds  are  oren  not  physically   accessible  by  
clients   regulatory   compliance   is   determined   by   the   cer7fica7ons   obtained   by   the   provider   (e.g.  
SAS70).  Organiza7ons  must   therefore  rely   on  this  cer7fica7ons  for  their  own  regulatory   compliance.  
The  lack  of  contractual  rights  to  perform  security   analysis  implies  that  when  an  incident  takes  place  
organiza7ons  can  only  rely  on  the  audit  features  and  findings  provided  by  the  vendor.  

Towards a Healthy Cloud Page 96 of 218 Juan Hernández Colomina

  There  are  several  jurisdic7onal  issues  related  to  the  loca7on  of  data  storage  that  are  par7ally  
solved  by   providers  offering   data   geo-­‐localiza7on  features.   When  using  a  External   Private  or   Public  
Cloud  the  integrity   of   Cloud   Provider’s   employees  should  also  be  taken   into   account   as   security   is  
more  oren  compromised   internally.   Procedures  for  data  disposal  should  also   be   taken  into  account.  
Once  data  is  deleted  by  a  Cloud  User,  the  Cloud  Provider  must  assure  that  the  deleted  data  cannot  be  
restored,   specially   in   shared   infrastructures  where   the   hardware  is  reallocated   to   a  different   user.  
Another   security   issue   can   be   explained   by   the   spoiler   effect   of   informa7on.   While  a  company’s  
infrastructure  security  is  not  well  known  to  outsiders,  Cloud  Provider’s  security  measures  are  publicly  
available,  making  it  easier  for  hackers  to  exploit  vulnerabili7es.

3. What  types  of  cloud  solu*ons  are  being  currently  offered  in  the  market?  
  In   order   to  create  an  overview  of  the  different   types  of   Cloud   Compu7ng  solu7ons  currently  
available   in   the   market   we   have   described   three   classifica7on   models   described   in   exis7ng  
publica7ons:   the  Service   Model   which  implies  a  trade-­‐off   between   flexibility   and  abstrac7on   (IaaS,  
PaaS  and  SaaS),  the  Access  Model  according  to  how  access  to  the  service  is  delimited  (Private,   Public  
and  Hybrid)  and  the  Deployment  Model  that  takes  into  account  the  physical  loca7on  of   the  solu7on  
(Internal,  External  and  Hybrid).  

  It   is  important  to  note  that  besides  the  pure  Hybrid  models  (e.g.  Public  &  Private  or   Internal  &  
External)  there  are  also  several  combina7ons  possible  as  we  go  down  the  service  model  stack  (SaaS  on  
PaaS   or   IaaS,   PaaS   on  IaaS).   Services  can  therefore  be  aggregated   so   we  must   take   the   individual  
services   individually   into   considera7on   and   aggregate   our   conclusions   when   evalua7ng   possible  
solu7ons.  Moreover,  each   of  these  combina7ons  can   have  also  different  dimensions  like  for  example  
Public   SaaS  on  Private  IaaS,   or   Private  PaaS  on  Public   IaaS.  This  might   not  be  clear   at  first   in  current  
product   specifica7on  but   it   is  crucial  to  know  the  underlaying   service   composi7on   of   a  solu7on  in  
order  to  evaluate  it  properly.  We  recommend  organiza7ons  to  analyze  each  service  layer   of  a  solu7on  
separately  to  find  out  if  it  is  truly  inline  with  their  needs.

  Each   model   implies   different   considera7ons   for   organiza7ons.   For   example   in   the   Service  
Model,  when  we  move  from  SaaS  to  PaaS  and  from  PaaS  to  IaaS  the  flexibility   offered  increases  while  
abstrac7on   levels   decrease   (and   vice   versa).   In   the  Access  Model,   organiza7ons   can   choose   from  
exclusive  alloca7on  of  resources  (Private  Cloud)  to  mul7-­‐tenancy  over  shared  resources  (Public  Cloud).  
It   is   important   to   note   that   Public   Clouds   represent   a  higher   security   risk   that   Private   Clouds   as  
isola7on  mechanisms  can  fail  (e.g.  bad  neighbor  and  cartographic  aOacks).  However  the  exclusive  use  
of   resources  leads  per   defini7on  to   lower   provider’s  cost   efficiency   and   therefore  more  expensive  
solu7ons.   In  de  Deployment   model  organiza7ons  can   choose  to   have  full  control  over   the   solu7on  
(Internal  Cloud)  or  outsource  some  management  tasks  to  an  external  organiza7on  (External  Cloud).  As  
each   situa7on   (e.g.   project,   organiza7on,     etc.)   requires  a  different   set   of   features,   organiza7ons  
should  carefully  evaluate  these  models  and  select  the  one  that  fit  their  needs  more  accurately.  

Towards a Healthy Cloud Page 97 of 218 Juan Hernández Colomina

  At  the  moment  of  wri7ng   several  incidents  on  Public  Clouds  have  been  reported  due  to  the  
lack  of  proper  resource  alloca7on  (performance  issues  due  to  overbooking)  and  isola7on  (cartographic  
aOacks).  For  this  reason  we  can  conclude  that   Public  Clouds  need  to  evolve  significantly  in  the  coming  
years  in  order   to  be  ready  for   enterprise  usage.  In  our  opinion   organiza7ons  will  begin  using  Internal  
Private   Clouds   in   the   near   future   and   evaluate   the   use   cases   for   Hybrid   models   once   this   new  
paradigm  has  been  proven  on  a  secure  and   fully  controllable  environment.   Hybrid  construc7ons  will  
evolve  first   by   adding  connec7vity   to   External  Private  Clouds  and  on  a  later   stage  to   Public   Clouds  
(Internal   and/or   External).   However,   as   Hybrid   construc7ons   are   not   easy   to   implement,   we  
recommend  that   organiza7ons   should  account   for   this  feature  from  the  first   development   steps  of  
their  Internal  Private  Clouds,  even  if  they  are  not  planning  to  use  it  in  the  short  term.

  A   remark   should   be   made  on  the  consolida7on   process  currently   taking   place  in  the  Cloud  
Compu7ng  market,  denoted  by  some  prac77oners  as  the  PaaS-­‐ifica7on  of  Cloud  Compu7ng  services.  
SaaS   solu7ons  are   becoming   more  flexible  by   allowing   the   development   and   deployment   of   third  
party   applica7ons   and  mashups  (e.g.  from   Salesforce)   while   IaaS  solu7ons   are  including  
increasing  levels  of   automa7on  that   perform  some  of  the  heavy   liring   in  infrastructure  management  
(e.g.  Amazon).  

  For  the  purpose  of  our  research  we  have  selected  three  IaaS  solu7ons  (Amazon,  Rackspace  and  
Joyent)  and  three  PaaS  solu7ons  (Google  App  Engine,  Windows  Azure  and  and  extracted  
their   features  for   further  analysis.  We  have  excluded  SaaS  solu7ons  from  this  part   of  our  analysis  as  
they  are  very  specific  and  use  high  levels  of  abstrac7on  which  makes  it  very  difficult  to  compare  them  
and   evaluate  their   applicability  to  the  Dutch  healthcare  sector.   Moreover,   SaaS  applica7on  are  oren  
either   built   on   PaaS  solu7ons  (e.g.   Salesforce   applica7ons   on   plaxorm)   or   they   tend   to  
become  plaxorms  over  7me  by  offering  more  flexibility  to  end  users  (e.g.   APIs).  A  detailed  descrip7on  
of  our  feature  analysis  can  be  found  in  the  Phase  1  sec7on  of  this  report.

Towards a Healthy Cloud Page 98 of 218 Juan Hernández Colomina

11.  Conclusion  Phase  1
  In  this  phase  of  our   research  we  have   elaborated  a  defini7on  of   Cloud   Compu7ng  based  on  
other  defini7ons  given  in  scien7fic  defini7ons  and  commercial  media,  as  well  as  perspec7ves  from  the  
leading  IT  analysts  and  consul7ng  firms.   To  provide  a  beOer  understanding  of  the  concept  we  have  
described   three   cloud   taxonomy   models,   the   most   common   use   paOerns,   some   of   its   economic  
considera7ons  and   the  risks   involved  in  adop7ng  this  new  computer   paradigm.   In  addi7on  we  have  
included  a  brief  descrip7on  of  some  of   the  leading  cloud  offerings  and  some  models  that  can  be  used  
for  evalua7ng  vendors  and  their  solu7ons.

  The  increasing  demand  for  internet-­‐based  services  and  the  current  economic  downturn  have  
created   a   perfect   storm   for   organiza7ons   to   reevaluate   the   role   of   non-­‐differen7a7ng   compu7ng  
resources  in  their  infrastructure.  The  vision  of  compu7ng  technology  as  an  u7lity  is  gaining  acceptance  
between   prac77oners   as   current   innova7on   are   increasingly   enabling   this   paradigm.   Moreover,  
organiza7ons  focus  nowadays  more  on  business  processes  and  how  to  op7mally   support  them  rather  
than  on  the  underlaying   resources.   In   this   context   the  elas7c   character   of   u7li7es  matches  current  
organiza7onal  needs   and  the   capabili7es  of   technology   as  businesses  of  all  kinds,  specially   internet  
start-­‐ups  and  fast   growing   organiza7ons,   must   be  able  to  adapt   to   quickly   changing   demands.   ICT  
solu7ons  must  enable  rapid  scalability  to  scale  (up  and  down)  at  the  same  rate  than  businesses.

  Based  on  defini7ons  from  scien7fic   publica7ons,  analysts,  consultants,  commercial  media  and  
the  Na7onal  Ins7tute  of   Standards  in   Technology   (NIST)   we   have  elaborated   our   own   defini7on  of  
Cloud  Compu7ng:  Cloud  Compu;ng  is   the  delivery   model  where  on-­‐demand  elas;c  IT   capabili;es  are  
offered  as-­‐a-­‐service  through  the  Internet  following  a  usage  based  pricing  model.  

  Moreover,   we   have   described   three   models   to   categorize   Cloud   Compu7ng   solu7ons:   the  
Service  Model  (IaaS,   PaaS  and  SaaS),  the  Access  Model  (Private,   Public,   Hybrid)  and  the  Deployment  
Model  (Internal,  External,  Hybrid).  We  believe  that  organiza7ons  will  begin  using  Private  Clouds  in  the  
near   future  and  evaluate   the  use  cases  for   Hybrid  models  once  they   have  been   proven  on  a  secure  
environment.   However,   as  Hybrid   construc7ons  are   not   easy   to   implement,   we   recommend   that  
organiza7ons  should  account  for  this  feature  from  the  first  development  steps  of  their  Private  Clouds.  

  We  also  believe  that  the  large  variety  of  services  currently  offered  will  consolidate  over  7me  in  
a  PaaS-­‐ifica7on  process  where  SaaS  solu7ons  will  become  more  flexible  by  allowing  the  development  
of   (third   party)   applica7ons   and   mashups  (e.g.   Salesforce   and   and   IaaS   solu7ons  will  
include  increasing  levels  of  automa7on  that  perform  the  heavy  liring  of  infrastructure  management.  

  It   is   clear   to   us   that   Cloud   Compu7ng   should   be   considered   by   organiza7ons   as   a   viable  

alterna7ve   to   increase   IT   capabili7es  without   making   long   term   investments   in   data   centers.   As  
organiza7ons   can   transform   their   Capex   investments   into   Opex   expenses  they   can   align   resource  
u7liza7on   to   the   success   of   projects   and   business   ideas,   which   enables   innova7on.   Moreover,  

Towards a Healthy Cloud Page 99 of 218 Juan Hernández Colomina

organiza7ons  can  leverage  this  large  amounts  of  resources  for  heavy  compu7ng  tasks  that  otherwise  
would  be  very  expensive  and  would  take  a  long  7me  to  complete.  

  However,  in  our  opinion  not  all  applica7ons  will  be  run  in  the  cloud  and  there  will  not  be  one  
single  standardized  cloud  but   rather   different   types  of  cloud  to  server   different  purposes.  Some  clouds  
will  be  specialized  non-­‐commodi7zed   applica7ons   and   other   will  be  deployed  as  Private   or   Hybrid  
Clouds.  Organiza7ons  should  carefully   evaluate  the  human  resource  and  experience  needed   for  each  
of  these  delivery  models  in  order  to  select  the  best  one  for  their  situa7on.

  As   more   and   more   Cloud   Compu7ng   offerings   are   emerging,   developers   should   take   into  
account  the   possibili7es  and  limita7ons  of   deploying   applica7ons  on  the  cloud  and  create  sorware  
that  supports  such  environments.  Specifically,  they  should  consider  horizontal  scalability  which  implies  
that  applica7ons  are  not   longer   bounded  to  the  physical  resources  available  but  can  run  across  several  
physical  loca7ons  with  almost  unlimited  resources.

  Systems   that   are   not   regarded   as   compe77ve   differen7ators   are   good   candidates   to   be  
deployed  on   the   cloud.   As  they   are  not   source  of   compe77ve  advantage,   any   effort   in  upgrading,  
maintaining   or   modifying   such   systems  will   not   create  any   added   valued   to   the   organiza7on   and  
therefore   they   can   be   beOer   outsourced   to   reallocate   the   resources   to   projects   that   do   enable    
differen7a7on.  Moreover,  when  considering  the  type  of   resources  consumed  by  each  applica7on,   we  
can  conclude  that  non-­‐mission  cri7cal  applica7on’s  consuming  scarce  resources  that   are  also  used  by  
cri7cal  applica7ons  are  probably  the  best  candidates  to  be  placed  on  the  cloud.  It  is  important  to  note  
that  some  IT  resources  (the  minority)  are  indeed  enablers  of  differen7a7on  and  should  therefore  not  
be   contracted   from   third   par7es.   Those   applica7ons   are   key   to   an   organiza7on’s   compe77ve  
advantage  and  therefore  enable  the  firm  to  perform  beOer  than  their  compe7tors

  Although   the   on-­‐premises   paradigm   provides   higher   levels   of   control   for   organiza7ons,   in  
previous  researches  it  is  es7mated  that  75%  of  IT  expenses  are  incurred  merely   to   keep   the   systems  
running   (Arnold,   2008a).   Most   IT   departments   have   to   deal   with   human   resource   scarcity   which  
results  in  a  lot  of  new  ideas  that  remain  in  the  pipeline.   An  organiza7on  can  use  Cloud  Compu7ng  to  
develop  services  that  are  interes7ng   for  the  business  but   that  due  to  lack  of  resources  are  not  being  

  A   final  considera7on   must   be  made  on   the   poten7al  that   Cloud   Compu7ng   has  to  provide  
compe77ve  advantage  to  firms.  A  recent   study   showed   that   firms  using   intensively   Amazon’s  cloud  
services  were  realizing  savings  in  storage  between  20%  and  50%  during  the  last  years  (Armbrust   et   al.,  
2009).  When  these  firms  reallocate  the  savings  to  their   selling  prices,  they   are  able  to  offer   cheaper  
services  or  products  to  their  clients  while  maintaining  the  same  quality  levels.  In  this  way,  companies  
using  cloud  services  can  achieve  compe77ve  advantage  in  their  markets  by  cost  differen7a7on.

Towards a Healthy Cloud Page 100 of 218 Juan Hernández Colomina

  Before  Cloud  Compu7ng  is  widely  adopted  by   enterprises  a  series  of  developments  must  take  
place  on  the  market.  First  of  all,  the  great  diversity  of  offerings  will  need  to  converge  in  a  form  of  cloud  
uniformity  to  support  service  and  data  interoperability   and  portability.  However,   the  close  character  of  
some  of   the  current  offerings  are  major  drawback  for  this  development.  Moreover,  in  the  future  new  
features  that  improve  safety  and  reliability   must  be  added  to  current   solu7ons  to   convince  firms  that  
they  can  regain  control  when  desired.  

  Scien7fic  researchers  can  contribute  to  the   field   by   researching  the  main   issues  in  the  use  of  
this  new   paradigm.   Certain   open   ques7on   remain   that   could  be  further   researched   in   the   future.  
According  to  UC  Berkeley  RADSL  the  following  future  issues  need  to  be  further  researched:

• What   will  be  the  billing  units  for  the  higher-­‐level  virtualiza7on  clouds?
• What   will  be  the  billing  units  for  flash  memory?
• How   will  network  bandwidth  pricing  evolve?
• What   are  the  barriers  for  the  improvement  of  network  bandwidth?
• Which   level  of  abstrac7on  in  cloud  solu7ons  will  be  the  dominant  one  ?
• How   and  when  are  cloud  standards  going  to  emerge?
• How  would  Cloud  Providers  differen7ate  in  the  future  (e.g.  services,  quality,    etc.)?
  Certain  types  of  applica7on  are  expected  to  contribute  to  the  emergence  of  Cloud  Compu7ng    
(Armbrust   et   al.,   2009).   Mobile   interac7ve   applica7ons,   parallel   batch   processing   and   compu7ng  
intensive  desktop  applica7ons  are  some   examples  of  sorware  types  that  are   good  candidates  to  be  
hosted  on  the  cloud.  We  can  expect   rapid   developments  in  the  future  of  these  types  of  capabili7es  
that  can  be  also  subject  of  further  research.

  In   the  remaining   sec7ons   of   this  research   we  use  the   results  of   this   phase  to   analyze   the  
applicability   of  Cloud  Compu7ng  solu7ons  to  the  Dutch  healthcare  sector.  Specifically   we  will  use  the  
research  defini7on,  taxonomies  and   market  analysis  to  evaluate   wether   current  offerings  sa7sfy   the  
condi7ons  of  this  ver7cal  sector.

Towards a Healthy Cloud Page 101 of 218 Juan Hernández Colomina

Research  Phase  2:  ICT  in  the  Dutch  Healthcare  Sector
  Now  that   we  have  defined   the  concept   of  Cloud  Compu7ng  and   what  offerings  are  currently  
available  on  the  market   (see  Phase  1  of  this  report)  we  will  con7nue  in  this  second  phase  by  analyzing  
the  current  trends  and  opportuni7es  in   the  healthcare  sector  and  the  role  of  Informa7on  Technology  
on  this  sector.  We  will  narrow  our   focus  to  the  Dutch  healthcare  sector  and  specifically   to   one  of   its  
most   important   current   ICT   projects,   the  introduc7on   of   a   na7onal   EPR   system   (the   EPD  ini7a7ve).  
This  analysis,  together   with  our  findings  from  Phase  1   will  become  the  step  stones  for  Phase  3,  where  
we  will  analyze  the  applicability  of  current  Cloud  Compu7ng   solu7ons  to  the  Dutch  healthcare  sector  
and  specifically  to  the  EPD  ini7a7ve.

  In   this   second   phase   of   the   research   we   will   examine   the   EPD   infrastructure   in   The  
Netherlands.   As   this   type   of   projects   in   the   European   Union   are  not   geographically   or   poli7cally  
isolated  but   they   are  rather   embedded  in  na7onal  context   from   an  interna7onal  perspec7ve,  we  will  
introduce  first  the   scope  of  this  research   with  a  top-­‐down  approach,   from  the  European  healthcare  
strategy   to  the   Dutch  healthcare  perspec7ve  (see  sec7on  1).   We  con7nue  then  by  briefly   describing  
the  role  of  technology  in  the  healthcare  sector  (see  sec7on  2)  in  order  to  facilitate  our  further  analysis  
of   ICT   usage  in  the  Dutch  healthcare  system   with  special  aOen7on  to   the  introduc7on  of  EPD  (see  
sec7on  3).

1. Context  and  Scope

  To  introduce  our   analysis  of   the  Dutch  healthcare  sector   and   its  use  of   ICT  we  need   first   to  
consider  the  scope  and  context  that  influence  current  developments  in  the  sector  and  the  adop7on  of  
technology   to   support   them.   For   this  reason  we  will  discuss  first   the   specific   characteris7cs  of   the  
healthcare   sector   (see  sec7on  A),   to   con7nue   with   our   analysis  of   European   healthcare  taking   into  
account   the   current   concerns   of   European   ci7zens,   the   current   European   health   strategy   and  
objec7ves  and  the  current   challenges  of  this  sector   in  the  European  Union  (see  sec7on  B).   We  will  
conclude  this  sec7on  by   describing  the  current  developments  and   concerns  in  the  Dutch  healthcare  
sector  from  a  ci7zens  point  of  view  as  well  as  from  a  government  perspec7ve  (see  sec7on  C).

1.1. Characteris*cs  of  the  Healthcare  Sector

  The  healthcare  sector   is  probably   one  of  the  most   demanding  sectors  and  with  the  highest  
impact   on  ci7zen’s  quality  of  life.  Ci7zen’s  are  not  only   the  main  consumers  of  care  services  but   they  
are  (in  many  cases)  also  the  source  of  resources  (through  taxes)  that  enable  such  services.  The  specific  
character   of   the   healthcare   sector   compared   to   other   sectors  can   be   summarized   into   four   main  
factors:   7mely   decision  making,   broad  impact  on  ci7zens,   increasing  expenses  and  increasing  service  

Towards a Healthy Cloud Page 102 of 218 Juan Hernández Colomina

• Timely   Decision  Making:  Although  it  is  important  to  carefully  determine  which  is  the  best   solu7on  
for  a  specific   situa7on  and   how  to  implement  it,   delays  in  healthcare  improvement  ini7a7ves  can  
be  directly   linked  to   ci7zen’s  injuries  and  deaths  that   could  have   been   avoided  (Gartner,   2009).  
This  impact  of  decision  making  on  ci7zen’s  lives  cannot  be  found  in  all  other  industries.
• Broad   Impact   on   Ci*zens:   Healthcare   affects   all   ci7zens   in   various   ways.   Either   as   service  
consumers  (e.g.  pa7ents)   or  as  service  providers  (e.g.  tax  payers).   According  to  a  recent  european  
opinion   survey   (Eurobarometer,   2008)   healthcare   is   the   firh   most   important   issue   among  
European  ci7zens.
• Increasing   Yearly   Expenses:   On   average   healthcare   expenses   as  percentage   of   gross   domes7c  
product   (GDP)  in  Europe  have  been  con7nuously  rising  during  the  past  decades  (from  3,1%  of  GPD  
in  1960  to  8,8%   of  GDP  in  2006).  As  healthcare  expenses  growth  rates  have  been  higher  that  GDP  
growth  rates,   analysts  expect  an  exponen7al  increase   of   healthcare   costs  in  the  future  reaching  
15%  of  GDP  by  2020  (Gartner,  2009).  
• Increasing  Service   Demand:   The  increasing  growing  costs  are  largely   originated  by   an  increasing  
demand  for  healthcare  services.   This  increase  in  demand  is  caused  by  longer  life  expectancies  and  
aging   popula7on   as  well  as  by   new  lifestyles   which  imply   more   (and  more   intensive)  healthcare  
services  (Gartner,   2009)   (Stroetmann,   Jones,   Dobrev,   &   Stroetmann,   2006).   Some  examples  of  
these  new  lifestyles  are  increasing  alcohol  consump7on  and  increasing  average  weight  of  ci7zens.

1.2. Healthcare  in  the  European  Union

  In  our  effort  to  delimit  the  scope  of  our  analysis,  we  will  focus  in  this  sec7on  on  the  healthcare  
sector   at   the   European   level.   For   this   purpose,   we   will   briefly   describe   the   evalua7on   of   actual  
European   Health   systems   from   a   ci7zen   perspec7ve   (see   sec7on   B.1),   the   current   concerns   of  
European  ci7zens  and  its  rela7onship   with  healthcare  (see  sec7on   B.2),   the   European   wide  health  
strategy   and   objec7ves  (see  sec7on   B.3)   and   the  current   challenges  of   healthcare  in   Europe   (see  
sec7on  B.4).

A.  European  Healthcare  Systems

  The  health  sector   in  Europe  is  very  heterogenous  and  complex   as  it  includes  a  great  variety  of  
different   na7onal  healthcare  systems  and  it   serves  a  wide  variety   of   customers,   in   some   situa7ons  
even  across  na7onal  systems  (Stroetmann,  Jones,  Dobrev,  &  Stroetmann,   2006).  Na7onal  healthcare  
systems   vary   strongly   in   their   public/private   delivery   and   financing.   The   sector   is   usually   highly  
regulated   by   (inter)na7onal,   regional  and/or   local  laws   and   regula7ons.   In   most   cases,   healthcare  
services  are  delivered  by   public,  non-­‐profit   organiza7ons  leading   to  the  absence  of  compe77on  and  
free  market  mechanisms.  As  a  result,  cost  efficiency  is  a  lower  priority  compared  to  other  sectors.            

  According  to  the  eBusiness  Watch  report,   the  healthcare  sector   was  by  the  year  2000  the  most  
dominant   economic   sector   in  the   EU   (Stroetmann  &   Stroetmann,  2004b).   It   employs  more  than  15  
million  people  (9%  of  the  total  jobs  in  the  union)  and  it   represents  500  billion  euros  expenditure  (more  
than   6%   of   the   total   European   GDP).   When   analyzing   healthcare   expenditure   by   the   source   of  
financing   per   country   we   observe   that   The   Netherlands   has   lower   public   expenditure   than   the  

Towards a Healthy Cloud Page 103 of 218 Juan Hernández Colomina

European  average  (68%  and  74%  respec7vely)  while  its  private  financing  is  higher  than  the  European  
mean  (32%  and  26%  respec7vely).

  In  general,  Europeans  are   highly   sa7sfied  with  their   health   and  the  medical   services   in  their  
local  areas.   Around  81%  of  Europeans  are  sa7sfied   with   their   state  of  health   while  72%  is  sa7sfied  
with   the   health   services  they   can   access  locally   (Eurobarometer,   2009).   Beside   the   effects   of   the  
economic   malaise   and   the   posi7ve   evalua7on   of   personal   health   and   care   services   provided,  
“healthcare  systems”   is  s7ll  the  number   one  non-­‐economic   issue   for   Europeans.   In   the   two  latest  
european  barometers  (waves  70   and  71)   we   observe  that   healthcare  systems  are   the   fourth   most  
important  issue  arer  three  economic  related  issues  (infla7on,  economy  and  unemployment).

  European  countries  are  confronted  with  increasing  long  term  healthcare  needs  due  to  the  fact  
that   ci7zens  live  longer   and  the  “baby   boom”  genera7on  becomes  older.   For   this  purpose,   in  2002  
three  guiding   principles  for  the  reform   of  healthcare  systems  were  defined  by   the  European  Council:  
healthcare  accessibility  for  every  ci7zen,  high  quality  of  care  and  long  term  financial  sustainability.

  In   a   special   Eurobarometer   report   from   the   European   Commission   on   healthcare   in   the  

European   Union   the   results   of   interviews   with   more   than   28.000   Europeans   from   27   different  
European  countries  are  analyzed  to  support  the  development  of  long   term  healthcare  strategies  by  
member  states  (Eurobarometer,  2007).  When  evalua7ng  hospitals,  around  71%  of  Europeans  rate  the  
quality  of  na7onal  hospitals  as  very   good  (15%)  or  fairly  good  (56%).  On  the  opposite  side,   around  25%  
of   Europeans  believe  that   hospitals  are  fairly   bad  (20%)  or   very   bad  (5%)  (Eurobarometer,   2007).   In  
The  Netherlands,  hospital’s  evalua7ons  score  above  the  European  average  with  87%   of  Dutch  ci7zens  
claiming   that   their   hospitals   are  fairly   good   or   very   good.   If  we  observe   the  evalua7on   of  services  
provided   by   medical   specialists,   we   observe   the   same   sa7sfac7on   scores   as   with   hospitals.   At  
European  level  74%  of  ci7zens  values  the  quality   of  specialist  care  as  good  or  very   good   while  in  The  
Netherlands  around  83%  is  sa7sfied  with  the  quality  of  specialist  care  provided.

  The  availability   and  accessibility   of  hospitals  in  the  European  Union  is  posi7vely   evaluated  by  
Europeans   (76%   affirmed   to   be   very   easy   or   fairly   easy).   However,   in   The   Netherlands,   ci7zens  
evaluated   accessibility  and   availability   of  hospitals  slightly  lower  than  the  quality  of   services  provided  
(80%   answered   that   hospitals   are   very   easy   or   fairly   easy   to   reach)   (Eurobarometer,   2007).   An  
important  remark  should  be  made  on   the  fact   that  8%  of  European  ci7zens  (7%  in  The  Netherlands)  
could   not   obtain   health   services   when   needed   due   to   the   lack   of   availability   or   accessibility   of  

  The   availability   and   accessibility   of   specialists   care   in   Europe   scores   lower   than   when  
evalua7ng  it   at   hospitals  (Eurobarometer,   2007).   Around   62%  of   Europeans  considers  that   medical  
specialist  care  is  easy  or   very  easy  accessible.  In  The  Netherlands  the  percentage  is  slightly   higher   than  
average  as  66%  of  Dutch  ci7zens  affirm  that  specialist  care  is  easy  or   very  easy   to  access.  Around  9%  of  

Towards a Healthy Cloud Page 104 of 218 Juan Hernández Colomina

European  ci7zens  (7%   in  The  Netherlands)   could  not  obtain  specialist’s  care  because  they   were  not  
accessible  or  available.  

  Family   doctors  and  GPs  are  beOer  evaluated  by   European  ci7zens  than  hospitals  and  medical  
specialists   (Eurobarometer,   2007).   From   all   correspondents,   84%   considers   the   quality   of   care  
provided   by   family   doctors  as  good   or   very   good.  In  The  Netherlands  the  percentage  is  even  higher,  
with   around  89%   of   Dutch   ci7zens  evalua7ng   their   family   doctor’s  quality   of   care  as  good  or   very  
good.   The  same  differences  are  observed   when  evalua7ng   the  accessibility   and   availability   of  care  
provided  by  family  doctors.  Around  88%  of   European  ci7zens  and  92%  of  Dutch  ci7zens  considers  that  
family  doctors  are  easy  or  very  easy  accessible  and  available.

B.  Current  Concerns  of  European  Ci*zens

  In  the  latest  report  of  the  Eurobarometer  public  opinion  research  by  the  European  Commission  
(Eurobarometer   wave   70)   the   effects   of   the   economic   crisis   are   clearly   ascertained   by   European  
ci7zens.   The  average   unemployment   rate  in  the   European  Union   is  expected  to  rise  up  to  8,1%   by  
2010   having   a   significant   impact   on   European   consumer’s   confidence.   As   a   result   the   Economic  
Sen7ment   Indicator   reached   its   lowest   point   since   1993   (Eurobarometer,   2008).   Europeans   are  
primarily   concerned   about   the   deteriora7on   during   2009   of   na7onal   employment   rates   and  
economies,  followed  by  the  economic  situa7on  in  the  European  Union  and  the  world.    

  A  recent  report  from  the  European  Commission  (The  Europeans  in  2009)  reflects  on  the  shir  in  
ci7zen’s  opinion   from   a  ‘feel-­‐good’   to   a  ‘feel-­‐bad’   situa7on   in   both   their   personal  and   economic  
perspec7ves.  The  accelerated  recession  that  we  are  experiencing  during  2009  was  not  an7cipated  by  
economic  experts  and  analysts.  While  8,2%  of  Europeans  did  not  have  a  job  by   January  2009,  experts  
expected   those  levels  of  unemployment  by  2010.   Economic  growth  is  reaching  its  lowest   rates  since  
the  second  World   War.   This  nega7ve  economic   context   is  affec7ng   the   lives  of   Europeans  and   the  
expecta7ons  they  have  for  the  future  (Eurobarometer,  2009).

  Even  though  the  economic  crisis  is  having  a  deep  impact  on  all  aspects  of  society,  s7ll  three  out  
of  four  Europeans  are  sa7sfied  with  the  life  they  lead  (Eurobarometer,  2009).  However,  the  percentage  
of   unsa7sfied   Europeans  is  the  highest  since  1995.   In  The   Netherlands   96%   of   ci7zens  are  sa7sfied  
with   their   lives.   This   is  significantly   higher   than   the   European  average  (75%)   and   is  also   the   third  
highest  sa7sfac7on  rate  within  the  European  Union.

Towards a Healthy Cloud Page 105 of 218 Juan Hernández Colomina

   Figure  13:  Current  Concerns  of  European  Ci*zens

  Although   European   ci7zens   are  

Inflation 37% now   more   concerned   with   economic   issues  
Economy 37%
like   infla7on   or   unemployment,   there   are   a  
Unemployment 26%
significant   number  of   people  which  considers  
Crime 17%
healthcare   systems   to   be   an   important  
Healthcare 16%
current  na7onal  issue  (Eurobarometer,  2009).  
Pensions 10%
Immigration 9%
In  the  three  latest  Eurobarometer  researches  
Taxation 8% healthcare  systems  were  the  fourth  (EB  67   to  
Housing 8% EB   69)   and   firh   (EB70)   major   concern   of  
Education 7% Europeans   at   na7onal   level,   arer   economic  
Terrorism 5% related   issues   and   safety   (e.g.   crime).   The  
0 0,1 0,2 0,3 0,4 results  are  shown  in  figure  13.
Issues at national level (EB70)

  When   europeans  are   asked   about  

their  concerns  at   personal  level,  healthcare  becomes  the  third  most   important  issue  arer   infla7on  and  
the  economic  situa7on  (Eurobarometer,  2008).  This  is  specially   the  case  in   The  Netherlands,  the  only  
European   country   where   healthcare   systems   are   the   number   one   concern   at   personal   level,  
men7oned  as  first  priority  by  37%  of  all  correspondents.  

  It  is  important  to  note   that   concerns  about   healthcare  systems  increases  with  the  age  of  the  
correspondent.   This  is  in  accordance  to  the  dependency  on  healthcare  services,   where  older  ci7zen’s  
are  usually   more  dependent   on  healthcare   than   younger   ones.   When   Europeans  are  consulted   on  
where  decisions  affec7ng   healthcare  should  be  made,  the  majority   (66%  of  correspondent)  considers  
that  they  should  be  taken  at  na7onal  level  by  the  government  (Eurobarometer,  2008).

C.  European  Health  Strategy  and  Objec*ves

  The  right  of   universal  access  to  healthcare  has  been  recognized   by   the  European  Union  in  the  
Charter  of  Fundamental  Rights  of  the  EU  (European  Parliament,   2000)   and  it  has  been  incorporated  in  
the   overall   strategy   of   the   European   Union   (European   Commission,   2007).   The   Charter   of  
Fundamental   Rights   of   the   European   Union   (European   Parliament,   2000)   describes   the   right   of  
healthcare  in  ar7cle   35:   “Everyone  has  the  right   of   access  to  preven7ve  healthcare  and  the  right   to  
benefit  from  medical  treatment  under  the  condi7ons  established  by  na7onal  laws  and  prac7ces.”

  The  European  Commission’s  publica7on  “ Together  for  Health:  A  Strategic   Approach  for  the  EU  
2008-­‐2013”   describes  the   strategy   and  objec7ves   that   member   states  should   follow  in   the  coming  
years  to  improve  the  quality  of  healthcare  services.  Healthcare  is  a  essen7al  element  of  every  ci7zen’s  
life   and   it   must   therefore   be   effec7vely   supported   by   na7onal   and   european   policies,   laws   and  
regula7ons  (European  Commission,  2007).  

Towards a Healthy Cloud Page 106 of 218 Juan Hernández Colomina

  Although  member  states  are  directly   responsible  for  the  care  services  provided  to  ci7zens  and  
the   suppor7ng   policies,   there  are  certain   situa7ons   where  coopera7ve   ac7on  at   European  level   is  
required   (e.g.   pandemics,   free   movement   of   ci7zens,     etc.).   Moreover,   the   delivery   of   healthcare  
services  is  explicitly   men7oned  in  the  EC   Treaty   (ar7cle  152):  “high   level  of   human  health  protec7on  
shall   be   ensured   in   the   defini7on   and   implementa7on   of   all   Community   policies   and  
ac7vi7es”  (European  Commission,   2007).  This  statement  has  been  reaffirmed  in   the  Reform  Treaty  in  
Lisbon   the   19th   of   October   of   2007.   Besides   reenforcing   the   importance   of   healthcare,   the  
Commission  encourages  member  states  to  cooperate  with  other  countries  on  health  related  issues.  

  The  need  for  an  European  wide  health  strategy  is  the  result  of  three  main  growing  challenges  
that  affect  the  health  services  provided  to  ci7zens:  demographic  changes,  global  threats  and  the  rapid  
evolu7on  of  technologies  (European  Commission,   2007).   These  three  challenges  are  related  to   the  
European  strategic  objec7ves  of  solidarity,  security   and  prosperity   respec7vely.  As  the  average  age  of  
Europeans  increases  (for  example  The  Netherlands  expects  that   in  2030  around  35%  of  the  popula7on  
will   be   older   than   55   years)   the   sustainability   of   current   na7onal   healthcare   systems   will   be  
significantly   affected.   Global   threats  like   for   example   pandemics,   global   warming   or   bioterrorism  
require  rapid  response  and  extensive  coopera7on  among   all  member   states.   The  rapid  evolu7on  of  
new  technologies  can  enable  new  capabili7es  for  predic7ng,  preven7ng  and  trea7ng  illnesses.  

  The  strategy   developed  by   the  European  Commission  includes  four  fundamental  principles  to  
guide  european  and  na7onal  healthcare  ini7a7ves  from  2008  to  2013  (European  Commission,  2007).  
The   principles   are:   (1)  strategy   based  on  shared  health  values,  (2)   health   in   the  greatest   wealth,   (3)  
health  in  all  policies  and  (4)  strengthening  the  European  Union  voice  in  global  health.  This  principles  
are  elaborated  in  appendix  G.  

  As  a  part   of   the  European  Commission  healthcare  strategy,   the  commission  have  elaborated  
three  strategic  objec7ves  to  cope  with  current  challenges.  These  strategic  objec7ves  are  elaborated  in  
the  following  paragraphs:

• Fostering   good   health   in   aging   Europe:   Current   low  birth  rates  and  increased  ci7zen’s   longevity  
result   in   an   increasing   aging   of   the   European   popula7on   (Stroetmann   &   Stroetmann,   2004a).  
According  to  EC   by   2050   the  number   of  ci7zens  older   than  65   years  will  grow   by   70%  and  the  
number   of   ci7zens   older   than   80   years  will  grow   by   170%   (European   Commission,   2007).   This  
developments  will  increase   the   demand   for   healthcare  services   while   the   working   popula7on  
decreases   at   the  same  7me.   In   order   to  maintain   the  sustainability   of  healthcare  systems  it   is  
important  to  improve  the   health  status  of  this  aging  popula7on.   For   this  reason  the  commission  
proposes  specific  ac7ons  to  promote  healthy  lifestyles  and  prevent   and  treat  diseases.   To  achieve  
this   objec7ve  the  commission  proposes  four   ac7ons:   promote  healthy   lifestyles  among  ci7zens,  
develop  specific   ac7on  against  factors  affec7ng  health  (e.g.   tobacco,  alcohol,    etc.),   improve  the  
preven7on   and   treatment   of   rare   diseases   and   improve   the   policies   for   organ   dona7on   and  

Towards a Healthy Cloud Page 107 of 218 Juan Hernández Colomina

• Protec*ng   ci*zens   from   health   threats:   Safety,   security   and   protec7on   of   European   ci7zens  
against   health   threats   is  an   obliga7on   of   every   member   state   as  stated   in   the  EC   Ar7cle   152.  
Globaliza7on,  global  warming  and  terrorists  threats  have  added  new  challenges  to  this  objec7ve  
that   require   collabora7on   between   member   states   and   interna7onal   actors   (European  
Commission,   2007).  To  successfully  achieve  this  objec7ve  the  commission  proposes  to  strength  the  
mechanisms   for   detec7on  and  response  to   health  threats  and  to  research  how   climate  change  
affects  ci7zens  health.  
• Suppor*ng   dynamic   health   systems   and   new   technologies:   The  European  Commission   believes  
that   new   technologies   can   significantly   contribute   to   the   sustainability   of   current   healthcare  
systems.   Emerging   technologies   like   for   example   eHealth,   genomics   and   biotechnologies   can  
improve  the  preven7on  of  illness,  the  delivery  of  care  services  and  the  treatment  of  ci7zens.  The  
commission  believes  that   eHealth  can  contribute  to  beOer  ci7zen  centered  care  as  well  as  to  lower  
costs  and   improve   interoperability   across   na7onal  boundaries.   Moreover,   eHealth   can  facilitate  
ci7zen’s  mobility  within  the  EU  and  improve  their  safety.  The  proposed  ac7ons  are  the  crea7on  of  
a  framework  for   safe,  high  quality   and  efficient  health  services,   the  support   of  member   states  in  
managing  innova7on  in  health  systems  and  the  support  of  implementa7ons  and  interoperability  of  
eHealth  solu7ons.
D. Future  Challenges  for  Healthcare  in  Europe
  The  main  goal  of   healthcare  is  to   provide  ci7zens   with  7mely   and   qualita7ve   care.   For   this  
reason,   aligning  healthcare  services  to  the  specific   needs  of   pa7ents   at   a   certain  point   in  7me   is  a  
growing  concern   for   all  member   states.   Member   states   and   healthcare   organiza7ons  need  to   cope  
with   the  con7nuously  growing  demand   for  health   services  while  improving  the  quality  and  efficiency  
of   those   services.   According   to   previous   research   (Gartner,   2009)   this   implies   changing   current  
healthcare  systems  from   a  physician-­‐centric   to   a  pa7ent-­‐centric   perspec7ve.   According   to  previous  
research,  policy  makers  and  healthcare  organiza7ons  need  to  align  their  efforts  towards  the  following  
challenges  (Gartner,  2009):

• Growing   Demand:  effec7vely  and  efficiently  mee7ng  growing  demand.

• Availability   of  Care:  equal  access,  less  wai7ng  7mes  and  beOer  resource  u7liza7on.
• Con*nuity   of  Care:  coordina7on  and  informa7on  sharing  among  healthcare  providers.
• Empowerment:   pa7ent-­‐centric  healthcare  reinforcing  the  pa7ent’s  role  in  healthcare.
• Pa*ent   Safety:  evidence  based  services  that  reduce  the  risk  of  harm.
• Quality   of  Care:  effec7ve  and  efficient  healthcare  that  improves  customer  sa7sfac7on.
• Large   Scale   Risks:   ability   to   mi7gate   or   avoid   large   scale   healthcare   risks   like   pandemics,  
bioterrorism  and  health  consequences  of  climate  change.

1.3. The  Dutch  Healthcare  System

  The   main  actors  in  the  Dutch  healthcare  sector   are  pa7ents,   healthcare  providers,   insurance  
companies,  pa7ent   associa7ons,  informa7on  systems  providers  and  government   organiza7ons  (Stap,  
Verhoosel,  Bekkum,  &   Mos,  2007).  The  Dutch  healthcare  system  is  one  of  the  most  priva7zed  systems  
within  the  EU.  The  percentage   of   private  expenditure  related  to  GDP  in  health  is  the  third   largest  in  
the   EU   (around   3,7%   of   Dutch   GDP)   (Ebusiness  Watch,   2006).   Only   Switzerland   and   Greece   have  

Towards a Healthy Cloud Page 108 of 218 Juan Hernández Colomina

higher   private   financing   of   health   services   related   to   their   GDPs.   From   the   total   Dutch   health  
expenditure  around   33%   is  used   to  finance   hospital  ac7vi7es  which  is  in   line  with  the  EU   average  
(Ebusiness  Watch,  2006).  As  in  the  rest   of   the  EU,  the  financial  sustainability   of  Dutch  health  system  is  
at   risk   due  to   socio   demographic   developments,   while   at   the   same   7me  ci7zens  expect   that   the  
quality  of  care  services  improve  over  7me.

  According  to   data  from  2004,   the  costs  of  the  Dutch   healthcare   system   are   es7mated  to  be  
around  45   billion   euros  per   year,   represen7ng   9,2%   of   the  na7onal  gross  domes7c   product   (GDP)  
(Prou   &   Smit,   2006).   The   three   main   cost   areas   are   hospitals   (29%),   elderly   care   (18%)   and  
pharmaceu7cals  (11%).  As  the  Dutch  system  is  predominantly  private,   care  service  providers  nego7ate  
directly   with   health   insurers.   In   2006,   public   coverage   for   ci7zens  earning   less  than   a   predefined  
threshold   (65%  of   popula7on)   was  ended,   leading  to   a  new  system  of   compulsory   private  na7onal  
insurance  with  basic   care  for   everyone.   Insurers  must   offer   the  basic   package  to  every   ci7zen  that  
request   it,  while   they   can  compete  with  other   insurers  by   offering  addi7onal  care   services  (Prou   &  
Smit,  2006).  Dutch  ci7zens  pay  an  annual  fee  of  around  2.000  euros  with  a  refund  of  around  300  euros  
per  ci7zen  if   no  healthcare  services  are  consumed  during  a  year.  Within  the  basic  coverage  all  primary  
and  secondary  care  is  included.

  An   interes7ng   research   on   recent   developments  in   the   Dutch   healthcare   system   has   been    
carried  out   by   the  Nivel  ins7tute,   an   organiza7on  specialized  in  healthcare  related  research   in  The  
Netherlands  (Nivel,   2009).   According   to  Nivel,   Dutch  healthcare  organiza7ons   are  going   through  a  
deep   transforma7on   process  that   affects  not   only   those   organiza7ons   but   every   professional  that  
collaborates   with   them.   The   size   of   Dutch   healthcare   organiza7ons   has   increased   over   the   past  
decades  due  to  merges  and  acquisi7ons   (Nivel,   2009),   resul7ng   in   larger   hierarchical  organiza7ons  
that   create   more   distance   between   top   execu7ves   and   care   professionals   complica7ng   their  
management.  In  The  Netherlands,  hospital’s  top  execu7ves  leave  their  posi7ons  on   average  2,8  years  
arer  they   started  in  that  func7on  (Nivel,  2009).  This  is  remarkably  low  compared  to  other  sectors  and  

  Unhealthy  behaviors  and  situa7ons  are  directly  related  to  an  increase  in  demand  of  healthcare  
services   (Nivel,   2009).   One   of   these   situa7ons   is   caused   by   viral   infec7ons  within   Dutch   hospital  
(MRSA)  that   have  double  in  number   of  infec7ons  between  2002  and  2006.  This  type  of  infec7on   is  
hard   to   find   outside   hospitals   and   the   bacteria   has   developed   over   the   years   resistance   against  
tradi7onal  medica7on  (e.g.   penicillin).  Other   types  of  situa7ons  that  have  been  researched  by   Nivel  
are  the  treatment  of  post  stroke  depression  (a  phenomenon  that  occurs  in  around  30%  of  the  cases),  
the   increasing   number   of   pa7ents  with   sexual  or   rela7onship   problems,   the  treatment   of   chronic  
sicknesses  (e.g.  HIV),  the   rela7on  between  professional   female  athletes  and   the  amount  of  injuries,  
the  health  status  of  rural  versus  urban  ci7zens  and  the  effect  of  personal  movement  on  health.  

  One  of  the  most   important  challenges  signaled  by  Nivel  is  the  lack  of  medical  professionals  and  
medical  educators  in  the  (near)  future  due  to  demographic  developments.  As  the  Dutch  popula7on  is  

Towards a Healthy Cloud Page 109 of 218 Juan Hernández Colomina

aging  and  some  are  working  part  7me  more  oren,   researchers  expect  that   the  healthcare  sector  will  
need  25%  more  professionals  by  2025.   This  challenge  is  likely  to  accelerate  collabora7on  rates  among  
healthcare  prac77oners  and  therefore  the  adop7on  of  na7on  wide  EPD.

  The  Dutch  minister   of  Health  recognizes  the  social  importance  of  healthcare  accessibility   and  
quality  as  every   ci7zen   needs  these  services  some7me  in  their  lives  (Klink  &   Bussemaker,  2008).   In  a  
leOer   to  the  Dutch   parliament   in  2008   he  recognizes  the  pressure   on  the  current   system  due  to  the  
steady   increase   in   demand   and   cost   of   care   services   (Klink   &   Bussemaker,   2008).   Ci7zens   are  
increasingly  demanding  higher  quality  of  care  services  at  lower  prices  while  at  the  same  7me  they  are  
becoming  less  tolerant  for  errors  or  unexpected  circumstances.  

  Due  to   the  evolu7on   of   medical  prac7ces,   physicians  can   treat   (cri7cal)   medical   condi7ons  
more  efficiently   and  accurately,   resul7ng   in   longer   ci7zen’s  life  expectancy.  However,   elderly   people  
require   more  intensive  care  services  than  younger   ones,  and  they  oren  suffer   from  mul7ple  and  (in  
some   cases)   chronic   health   condi7ons  (Klink,   2009).   This  indicates  that   the  demand  for   healthcare  
services  is  changing,  requiring  more  mul7disciplinary  services  leveraged  by  collabora7on.

  To  cope  with  these  socio  demographic  developments,   healthcare  needs  to  improve  opera7onal  
efficiency,  or   in  other   words  it  needs  to  provide  more  and  beOer  services  with  less  human  and  capital  
resources  (Klink,  2009).  The  Ministry  believes  that  innova7on,  its  diffusion  and  applica7on  are  cri7cal  
factors  to  deal  with  these  challenges.  For  this  reason,  the  Dutch  government   has  launched  a  series  of  
ini7a7ves   focused   on   the   crea7on   of   a   healthcare   innova7on   plaxorm   and   policies   to   support  
innova7on  through  the  use  of   ICT.  It  is  not  only  important  that  innova7ons  emerge  but  also  that  they  
are  quickly   implemented   and  adopted   to   leverage  benefits  for   ci7zens,   pa7ents  and  organiza7ons  
(Klink   &   Bussemaker,   2008).   The   Dutch   Ministry   of   Health   defines   innova7on   with   the   following  
formula:   innova7on  equals   improvement   mul7plied  by   implementa7on.   The   government’s  role  is  to  
create  a  climate  where  innova7ons  emerge  and  are  rapidly  spread,  and  to  guide  innova7ons  in  solving  
current  healthcare  challenges.  

  According  to  the  Dutch  minister  of  Health,   con7nuous  improvements  in  healthcare  quality  and  
opera7onal   efficiency   are   necessary   to   meet   (future)   ci7zen’s   demands   (Klink,   2009).   Quality  
improvements  imply  measuring,  knowing,  evalua7ng  and  improving  current  performance.   The  Dutch  
Ministry   of   Health  has  the  inten7on   to  restructure  the   current   health  system  including   the   shir   of  
power   from  providers  to   consumers  and   the  shir   of   control  from   public   bodies  to  insurers  (Tange,  
2008).  The  EPD  ini7a7ve  can  be  regarded  as  the  first  steps  towards  this  redesign.    

  To  support   innova7on  in  the  healthcare  sector,  the  Dutch  Ministry   of   Health  is  planning  to  a  
significant   amount   of  resources  during  the  coming  years  (Klink,   2009).   While  in   2008   the  budget  for  
healthcare  innova7on  was  around  14   million  euros,  in  2009  it  increased  to  29   million  euros.  This  trend  
will  con7nue  in  the  coming  years  where  42  million  euros  will  be  allocated  in  2010,  55  million  euros  in  
2011  and  60  million  euros  in  2012.

Towards a Healthy Cloud Page 110 of 218 Juan Hernández Colomina

  The  implementa7on  of  the  Electronic  Health  Records  (EHR)  infrastructure  in  The  Netherlands  
(the   EPD   project)   was   ini7ated   by   the   Minister   of   Health   to   improve   the   access   and   quality   of  
healthcare  as  well   as  the  cost  efficiency   of  the   current   system  (Deutsch   &   Turisco,   2009).   The  aging  
character   of  the  Dutch   society   and  the  mobile  character   of   its  ci7zens  are  some   of   the  contextual  
factors  that  can  be  considered  as  enablers  of  this  project.  Taking  into  account  these  circumstances,  the  
Dutch   Ministry   of   healthcare   determined   that   informa7on   access,   informa7on   sharing   and  
communica7on   between   providers   are   the   cri7cal   factors   in   order   to   enable   more   efficient   and  
effec7ve  healthcare  services  (Deutsch   &   Turisco,  2009).  This  situa7on   lead  to  the  founda7on  of  the  
Na7onal   IT   Ins7tute   for   Healthcare   (NICTIZ),   an   organiza7on   responsible   for   developing   and  
implemen7ng  a  na7onal  EHR  infrastructure.

1.4. Sec*on  Summary

  In  this  sec7on  we  have  described  the  specific  characteris7cs  of   the  (EU)  healthcare  sector,  the  
evalua7on  of  current   European  healthcare   systems  by  ci7zens  and  the  rela7ve  importance  of  health  
issues  compared  to  other  issues  within  the  European  Union.  Moreover,  we  have  briefly  described  the  
European  wide   healthcare   strategy   and   objec7ves   and   the  challenges  that   EU   health   systems  are  
facing   in   the   near   future.   For   the   purpose   of   this   research   we   have   further   described   the  
characteris7cs  of  the  Dutch  healthcare  system.

  There  is  great   variety   of   heterogenous   na7onal  healthcare   systems   within   the  EU   aimed   to  
serve  a  large  diversity   of  ci7zens.  One  of  the  main  differences  between  those  na7onal  systems  is  the  
mix   of   public   versus   private   delivery   and   funding   of   care   services.   While   a   pure   public   model  
eliminates  free-­‐markets  forces  (e.g.  cost  efficiency,  innova7on,     etc.),  a  full  private  model  on  the  other  
hand   is  oren   regarded   as  more  expensive  and   in  some  cases  it  limits  the  access  to  services  based  
purely   on   financial  reasoning   (e.g.   low   ROI  for   rare  disease  research).   The  healthcare  sector   in  The  
Netherlands  is  predominantly  private,  where  public  financing  is  significantly  below  the  EU  average.

  It   is  important  to  note  that  independently  of  the  financing  model  used,  ci7zens  are  consumers  
as  well  as  providers  in  healthcare  as  they  finance  it  through  taxes  and/or  insurance  bills  and  consume  
those  services  when  they   need  them.   Moreover,  the  healthcare  sector  has  significant  impact  on  (inter)
na7onal  economies  as  it  employs  more  than  15  million  people  (9%  of  the  total  EU   jobs  by  2000)  and  
represents  around  500  billion  euros  yearly  (more  than  6%  of  the  total  EU  GDP  by  2000).

  Due  to  the  broad  impact   on  ci7zen’s  quality  of  life,  the  healthcare  sector  must  focus  on  7mely  
decision  making   as  delays  in  care  services  can  have  fatal  consequences   for   pa7ents.   Besides   7mely  
decision  making,   the   healthcare  sector   is  also  characterized  by   two  main  developments:   increasing  
demand  of  services  and   increasing  yearly   expenses.   Healthcare  yearly   expenses  have  been  growing  
significantly   during  the  last  years,  in  most   cases  at  greater  pace  than  GDP’s  growth  rates.  If  expenses  
con7nue  to  grow  at   the  same  rate,  we  can  expect  healthcare  costs  to  account  for  15%  of   EU  GDP   by  
2020.   As  a  consequence,  in  order   to  sustain  current   systems  while  maintaining  quality   governments  

Towards a Healthy Cloud Page 111 of 218 Juan Hernández Colomina

need   to  either  reallocate  resources  from  other   purposes  (e.g.  educa7on,  transport,     etc.)  or   increase  
taxes.   This  increase  in  costs  is  mostly  caused  by   the  increase  in  care   services  demand  due  to  higher  
ci7zen’s  life  expectancy,  lower   birth  rates  and  current   lifestyles  (e.g.  larger  alcohol  consump7on  and  
higher   ci7zen’s   weight).   In   order   to   cope   with   these   developments,   the   healthcare   sector   must  
con7nuously  find  new  ways  to  improve  the  quality   and  efficiency  of  services  to  deliver  beOer  services  
to  more  ci7zens  with  the  same  amount  of  resources.  

  Healthcare  has  been  during  the  past  years  the  first  non-­‐economic  issue  for  European  ci7zens.  A  
great  majority  of  EU  ci7zens  are  sa7sfied  with  their  health  and  the  quality   of  health  services  they  can  
access.   At   EU  level  around  three  out  of  four   Europeans  evaluate  the  services  provided   by   Hospitals  
and  Specialists  posi7vely.  In  The  Netherlands,  quality   sa7sfac7on   scores  are  even  higher  than   the  EU  
average.  However,  it  is  important  to  note  that  from  a  EU  ci7zen  perspec7ve  there  is  a  significant   gap  
between   the   quality   of   care   services   provided   and   their   availability   and   accessibility.   In   general,  
ci7zens   value   the   quality   of   services  higher   than   their   accessibility   and   availability.   Specially   the  
accessibility   and   availability   of   Specialists  services  scores   significant   lower   than   the   quality   of   the  
services  obtained.   Around  8%  of   EU   ci7zens  claim   they   could   not   access  care  services   provided   by  
Hospitals  and  Specialists.

  EU  ci7zens  are  currently  very   concerned   about   the  effects  of  the  economic  crisis  as  economic  
growth  rates  are  the  lowest  since  World  War   two,   unemployment   rates  are  expected  to  raise  to  8,1%  
by   2010  and  the  Economic  Sen7ment  Indicator  has  reached  its  lowest  levels  since  1993.   Even  though  
the  percentage  of  unsa7sfied  Europeans  is  the  highest  since  1995,   three  out  of  four  EU  ci7zens  are  s7ll  
sa7sfied  with   their   lives.   In  The  Netherlands,   almost   all   ci7zens  (96%)   are  sa7sfied   with  their   lives  
which  is  significantly  higher  that  the  EU  average  (75%)  being  also  the  third  highest  sa7sfac7on  score  in  
the   EU.   The   Netherlands   is   the   only   EU   country   where   healthcare   systems   are   the   number   one  
concern  at   personal  level.   It   is  important   to  note  that   concerns  about  healthcare  systems  increases  
with  ci7zen’s  age  as  dependency  and  consump7on  on  those  services  increases.

  According   to   the   European   Commission,   there   are   three   main   developments   that   require  
modifica7ons  of  the  current  healthcare   systems:  demographic  changes,   global  threats  and  the  rapid  
evolu7on  of  technology.   In  The  Netherlands  around  35%  of   ci7zens  will  be   older   than  55   by   2030.  
Pandemics,   global  warming  and  terrorism  are  some  examples  of  global  threats  affec7ng  healthcare.  By  
leveraging   new   technology   developments,   organiza7ons   can   enable   new   ways   of   predic7ng,  
preven7ng  and  trea7ng  illnesses.

  In   order   to   guide   member   states   in   developing   new   healthcare   reforms,   the   EU   Council  
proposes  three  basic  principles:   healthcare  accessibility  for  every  ci7zen,  high  quality   of  care  and  long  
term   financial   sustainability.   Moreover,   these   principles   have   been   complemented   by   the   EU  
Commission  with  four  statements  that  should  be  taken  into  account   when  developing  new  legisla7on  :  
(1)  strategy  based  on   shared  health   values,  (2)  health  in  the  greatest  wealth,   (3)  health  in   all  policies  
and  (4)  strengthening  the  European  Union  voice  in  global  health.

Towards a Healthy Cloud Page 112 of 218 Juan Hernández Colomina

  To  improve  the  sustainability  of  current  systems  the  EU  proposes  three  Strategic  Objec7ves:  (1)  
Fostering  good  health  in  aging  Europe  by  improving  ci7zen’s  health  and  therefore  reducing  demand  of  
services,   (2)   Protec7ng   ci7zens   from   health   threats   which   requires   collabora7on   across   na7onal  
borders  and  is  an  obliga7on  of  every   member  state,   and  (3)  Suppor7ng  dynamic  health   systems  and  
new  technologies  to  improve  preven7on,  delivery,  treatment  and  enable  cost  efficiencies.

  In  the  future,  EU  health  systems  will  face  important  challenges  that  can  affect  the  quality   and  
availability   of   services   provided.   First   of   all,   countries   need   to   deploy   measures  to   effec7vely   and  
efficiently   meet   growing  demand.  Second  of  all,   in  order  to  improve  the  availability   of   care,  na7ons  
need  to  facilitate  equal  access  to  ci7zens,  reducing  wai7ng  7mes  and  improving  resource  u7liza7on.  
Third,  member  states  need  to  further  develop  their  ability  to  mi7gate  or   avoid  large  scale  healthcare  
risks  like  pandemics,   bioterrorism   and   health   consequences  of   climate  change.   Fourth,   in   order   to  
guarantee   and   improve   the   quality   of   care,   countries   need   to   develop   effec7ve   and   efficient  
healthcare  systems  that  improve   customer   sa7sfac7on.   Firh,   services  should  be  based   on  evidence  
that  reduce  the  risk  of  harm.  Sixth,  systems  must  evolve  towards  a  pa7ent-­‐centric  model  reinforcing  
the  pa7ent’s  role  in  healthcare.   Last  but   no  least,   na7ons  must   foster  coordina7on  and   informa7on  
sharing  among  healthcare  providers  to  guarantee  the  con7nuity  of  care.

  The   Dutch   healthcare  system  is  one  of   the  most   priva7zed  systems   in   the  EU.   From  a   yearly  
healthcare   budget   of   45   billion   euros   (9,2%   of   Dutch   GDP)   around   40%   is   financed   by   private  
organiza7ons  and   60%  is  financed  by   the  government.  This  percentage  of  private  funding  is  the  third  
largest   of  the  EU.  The  majority   of  the  budget  is  spend  on  hospitals  (33%  of  the  total  budget),   elderly  
care  ins7tu7ons  and  pharmacies.   In  The  Netherlands,   the  financial  sustainability   of  the  healthcare  
system   is   also   under   pressure   due   to   demographic   changes   (longer   life   expectancies)   and   the  
increasing  quality  of  services  demanded  by   ci7zens  at  lower   costs.  Other  issues  affec7ng  the  current  
system   are  the  lack   of  medical  professionals  as  popula7on  ages,  the  decreasing  ci7zen’s  tolerance  for  
medical  errors  and  the  increasing  costs  of  healthcare  resources.  As  a  result   care  organiza7ons  need  to  
collaborate   more  intensively   in  order   to  deliver   more  and  beOer   care   with   less  human  and  capital  

  According   to   the   Dutch   Minister   of   healthcare,   con7nuous   improvements   in   quality   and  

opera7onal  efficiency   are  necessary   to   meet   future  healthcare  demand.   For   this  reason,   the  Dutch  
government  has  ini7ated  a  healthcare  reform  since  2006,  where  every   ci7zen  must  obtain  a  na7onal  
private  insurance  that  provides  him  or  her  access  to  basic  healthcare.  This  transforma7on  is  aimed  to  
shir  the  power  from   providers  to  consumers  and  shir  the  control  from  public  bodies  to  insurers.  The  
need  to  improve  opera7onal  efficiency  is  also  reflected  on  the  introduc7on  of  the  EPD  system   for  the  
exchange   of   medical  informa7on  across  the  country.   The   purpose  of   this  project   is  to  improve  the  
access  and  quality  of  healthcare  while  achieving  cost  efficiencies  by   leveraging  collabora7on  between  
care  organiza7ons.   The  government   believes   that   innova7on   and   its   diffusion   and   applica7on   are  
cri7cal  success  factors  to  achieve  these  goals.

Towards a Healthy Cloud Page 113 of 218 Juan Hernández Colomina

2. The  Role  of  Technology  in  Healthcare
  According   to   previous   work,   EHR   systems   are   necessary   to   cope   with   current   and   future  
healthcare   challenges   (Deutsch   &   Turisco,   2009).   Previously   research   has  shown   how   successfully  
leveraging   ICT   in   organiza7ons   can   result   in   improved   effec7veness   and   therefore   superior  
performance.   For   this  purpose,   organiza7ons  need  to  consider   healthcare  issues  as  well  as  general  
issues,  crea7ng  a  culture  of  openness,  posi7ve  autude,  pragma7sm,  shared  goal-­‐seung  and  learning  
(Gartner,  2009).   By  implemen7ng  the  right   solu7on  in  a  specific  situa7on,  eHealth  can  be  a  catalyst  for  
healthcare  transforma7on  with  substan7al  poten7al  benefits.

  According   to  research  performed  by   Harvard   Business  Review  (McAfee  &  Brynjolfsson,  2008)  
the  link  between  technology   and   compe77ve  advantage   has  become  much  stronger   since   the  mid  
1990s.  Organiza7ons  that  invest  in  the  right  ICT   ini7a7ves  perform  significantly  beOer  than  firms  that  
do   not   invest   in   those  ICT   capabili7es.   This  is   also   the  case  in   the  healthcare  sector   where   some  
emerging   eHealth   technologies   have   resulted   in   improved   performance   (Gartner,   2009).   Some  
examples  are  the  Electronic   Transfer   of   Prescrip7ons   (ETP),   Computer   Based   Pa7ent   Records   (CPR)  
also   known   as  Electronic   Medical   Records  (EMR)   and   Electronic   Health   Records   (EHR).   Successful  
implementa7ons  of  these  technologies  within  the  EU  can  be  found  in  Sweden  (ETP),   Denmark  (EHR)  
and  the  Spanish  province  of  Andalusia  (EHR).  The  success  of  this  implementa7ons  are  not  only  due  to  
the  technology  itself  but  also  to  the  cultural  change  involved.  

  Other   research  has  demonstrated   how  using   the  right  approach,  context  and  implementa7on  
process,   ICT  can  improve  the  quality,  accessibility  and  efficiency  of  healthcare  delivery  (Stroetmann  et  
al.,  2006).  To  further  elaborate  on  the  role  of  technology  in  the  healthcare  sector  we  will  describe  the  
current   use   of   eHealth   in   Europe   (sec7on   A)   and   its  main   opportuni7es,   challenges,   drivers   and  
barriers  (sec7on  B)  to   con7nue  with  a  descrip7on  of   the  cri7cal  success   factors  for   the  adop7on  of  
technology  in  the  healthcare  sector  (sec7on  C).

2.1. eHealth  in  Europe

  Ini7a7ves  at  European  level  for  the  implementa7on  of  electronic  health  systems  are  supported  
under  the  ini7a7ve  “Smart  Open  Services,  Open  eHealth”  (NICTIZ,  2009).  Based  on  the  principle  of  a  
single  European  market,  the  EU  has  elaborated  three  key   policy  objec7ves  in  healthcare:  the  crea7on  
of   a  European  eHealth  area,  free  pa7ent  mobility  and  empowering  ci7zens  through  eHealth  tools  and  
services   (Stroetmann   et   al.,   2006).   Although   healthcare   is  one   of   the   most   informa7on   intensive  
sectors  in  Europe,  it   does  not   leverage  ICT   developments  as  much  as  other   sectors  do.   This  implies  
that   there  is  significant   poten7al   for   rapid   and   sustainable  growth   by   applying   ICT   in   this   sector  
(Stroetmann  et  al.,   2006).  ICT  is  therefore  regarded  as  a  cri7cal  enabler  for  the  further   development  of  
European  health  systems.  

Towards a Healthy Cloud Page 114 of 218 Juan Hernández Colomina

  The  eHealth   market   represents  around   2%   of   total  healthcare  expenditure  in   Europe   during  
2006  (Stroetmann  et   al.,   2006).  This  is  a  low   percentage  when  compared  to  other  healthcare  related  
markets  (e.g.  medical  devices).  The  difficulty  to  calculate  the  economic   value  of  eHealth  is  one  of  the  
main  factors  that  are  slowing  its  adop7on  in  Europe.  However,  experts  predict  that   the  eHealth  market  
will  double  its  size  in  the  near  future  (Stroetmann  et  al.,  2006).

  The  ini7a7ve  “eHealth   for   a  Healthier   Europe  -­‐   opportuni7es   for   a  beOer   use  of  healthcare  
resources”   was  launched   by   the   Swedish  government   in  2008   to   research  how   healthcare  can   be  
supported  and  improved  by  the  use  of  technology  and  how   technology   is  connected  to  poli7cal  goals.  
From  July  2009  to  December   2009  Sweden  represented  the  Presidency  of  the  Council  of  the  European  
Union.   The  methodology  applied  was  to  link  the  benefits  of  con7nued  implementa7on  of  technologies  
with  the  current   medical  and  technology   status  in  six  member  states  by  gathering  data  from  60  clinical  
studies  and  11  eHealth  technologies  (Gartner,   2009).  According  to  this  research,  there  are  significant  
poten7al  healthcare  improvements  using  electronic  healthcare  (eHealth)  as  a  catalyst  due  to  the  fact  
that   for   the  five  poli7cal  goals  analyzed  by   Gartner   the  technology   adop7on   rates  were  below  30%  
(Gartner,   2009).   Some   examples   of   technologies   that   could   contribute   to   improve   European  
healthcare  are:

• Electronic   Transfer   of   Prescrip7ons   to   eliminate   or   reduce   the   5   million   yearly   outpa7ent  

prescrip7on  errors  in  the  European  Union.
• Computerized   Physician   Order   Entry   and   Clinical   Decision   Support   to   eliminate   or   reduce   the  
100,000   yearly  inpa7ent  adverse  drug  events.  In   turn  this  would  free  up  700,000  bed-­‐days  yearly  
by  increasing  throughput   and  decreasing  wai7ng   7mes.  This  poten7al  benefit   could  result  in  €300  
million  yearly  savings.
• Electronic   Pa7ent   Records   (EPR)   which   could   save   up   to   €3,7   billion   yearly   by   increasing  
throughput  and  decreasing  wai7ng  7mes  and  freeing  9  million  bed-­‐days  yearly.

  Another   interes7ng   yearly   report   on   the   adop7on,   development   and   impact   of   electronic  
business  (eBusiness)  technologies  within  the  European  Union  is  The  eBusiness  Watch  (Stroetmann  &  
Stroetmann,  2004a).   The  reports   are  periodically   extended  with  industry   specific  reports  to  support  
the   needs  and  challenges  of  a  specific   sector.   Although  the  last   eBusiness  Watch  report  focusing   on  
the  healthcare  sector  was  carried  out  in  2004  some  of  the  challenges  are  s7ll  valid  today.   According  to  
the  research,  eHealth  technology  has  evolved  in  the  last  years  to  become  the  third  largest  industry  in  
the   EU.   Some   researchers  (Stroetmann   et   al.,   2006)   expect   that   by   2010   eHealth   expending   can  
account   for   5%   of   the   total   health   budget   of   member   states.   The   eBusiness  Watch  report   defines  
eHealth  as  “the  applica7on  of  informa7on  and  communica7on  technologies  across  the  whole  range  of  
func7ons   that   affect   the  health  sector”.   This  is   a  broad   defini7on  that   includes  a  great   variety   of  
solu7ons  like  for  example  tools  for   health  authori7es,  personalized  health  pa7ent  systems,  networks,  
telemedicine   services,   etc.   The   main   goals   of   these   tools  are   to   improve   medical  outcomes   and  
ci7zen’s  quality  of  life  as  well  as  to  reduce  the  costs  in  pursuing  these  objec7ves.  

Towards a Healthy Cloud Page 115 of 218 Juan Hernández Colomina

  Healthcare  systems  in  the  EU  need  to  be  prepared  for   the   aging  of  their  ci7zens  as  the  baby  
boomer   genera7on  will  soon  not  be  part  anymore  of  the  working  popula7on.  This  creates  significant  
pressure   on  the   sustainability   and  efficiency   of   current   healthcare  systems.   Moreover   the  pervasive  
character  of  chronic   sicknesses  (e.g.  Cancer,  Adis,   etc.),  the  increased   average  weight  of  ci7zens  and  
the  rapid  spread  of   sicknesses  (e.g.  the  H1N1  pandemic)  are  also  developments  that  affect  the  future  
demand  of  care  services.   At   European  and   na7onal   levels  several  ini7a7ves  have  been  launched  to  
cope  with  these  issues  by   leveraging  ICT.  One  of   this  ini7a7ves  is  the  introduc7on   of   EHR   (or   EMR)  
integra7ng   all   health   related   relevant   informa7on   of   a  single  pa7ent   (Stroetmann   &   Stroetmann,  
2004a).   This  ini7a7ve  implies  a  shir  from  paper  based  medical  records  to  electronic  records  that  can  
be  easily  accessed  to  all  actors,  and  in  some  cases  to  the  pa7ent  as  well.          

  A   special   issue   of   the  eBusiness   Watch   report   on   ICT   in   hospital   ac7vi7es  elaborates   the  
adop7on,  implica7ons  and  issues  of  ICT   in  hospital  ac7vi7es  within  the  EU  (Ebusiness  Watch,  2006).  
Although  hospital’s  adop7on   of   ICT   is  higher   compared  to  other   medium   and  small  size  healthcare  
enterprises,  it  mostly  focuses  on  collabora7on  and  on  purchasing  goods  and  services  (e.g.  networks,  e-­‐
collabora7on,   e-­‐procurement,   etc.).   There   are   not   many   hospitals   which   have   adopted   customer  
facing  technologies  like  online  booking  or  e-­‐marke7ng.  

  The  most   important   drivers  for   the  adop7on   of   technology   by   hospitals  are  the  expecta7ons  
from   health   insurers,   gaining   compe77ve   advantage   and   the   pressure   of   compe77on   (Ebusiness  
Watch,   2006).  The  two  most  significant   barriers  men7oned  by   hospitals  are  security   and  the  cost  of  
technology,  followed  by   the  size  of  the  organiza7on,  legal  issues,   system  compa7bility   and  the  lack  of  
reliable  providers.  The  most  frequent   ICT  system  used  by   hospitals  is  the  Hospital  Informa7on  System  
(HIS).   A   HIS  system  is  a  type  of  Enterprise  Resource  Planning  (ERP)  system  with  a   focus   on  hospital  
ac7vi7es.   It   manages   the   large   amount   of   informa7on   to   support   communica7on,   knowledge  
management   and   process   efficiency   (Ebusiness   Watch,   2006).   However,   technology   can   also  
contribute  to  the  achievement   of   two   main  goals  in   healthcare,   con7nuity   and  availability   of   care  

  A  final  remark  should  be  made  on  the  data  security   paradox   in  hospital  opera7ons.   Although  
pa7ent   data   need   to   be   readily   available   for   exchange,   it   also   needs   to   be   protected   against  
unauthorized  usage,  dele7on  or  modifica7on.  The  use  of  secure  server  technology,  digital  signatures,  
firewalls  and  public  keys  in  hospitals  is  twice  as  high  as  in  other  sectors  (Ebusiness  Watch,  2006).

2.2. eHealth  Opportuni*es,  Challenges,  Drivers  and  Barriers

  The  adop7on  of  technology  in  the  healthcare  sector  is  lower   and  slower   than  in  other  sectors.  
Healthcare  organiza7ons  can  be  regarded  as  late  adopters  of  technology.  The  reasons  for  this  situa7on  
can  be  found  in  the  challenges  that   healthcare  organiza7ons  face.   The  European  eBusiness  Watch  
report   iden7fies   a   series   of   challenges   and   opportuni7es   for   the   adop7on   of   eBusiness   in   the  
healthcare  sector  (Stroetmann  et  al.,  2006):

Towards a Healthy Cloud Page 116 of 218 Juan Hernández Colomina

Table  20:  Opportuni*es  and  Challenges  of  eHealth

Opportuni*es Challenges
•Piggy-­‐back  on  eHealth  infrastructure  developments
•Increasing  compe77on  due  to  interoperability
•Gain  compe77ve  advantage  from  coopera7on  in  the  value  chain
•Legal,  regulatory  and  security  issues
•Reduce  costs  and  improve  services  through  beOer  supply  chain  
•Ensure  staff  monitoring  and  training
•Adopt  a  long  term  view  on  future  developments
•Enhance  marke7ng  of  services  and  client  loyalty  through  
•Reduce  size  disadvantages  through  collabora7on

  Moreover,   the   report   of   the   European   Commission   iden7fies   also   a   series  of   drivers   and  
barriers  to  the  adop7on  of  eBusiness  in  the  European  healthcare  sector:

Table  21:  Drivers  and  Barriers  of  eHealth

Drivers Barriers
•Health  system  guidance  and  leadership •Lack  of  opportunity  awareness
•Compe77on •Size  of  organiza7ons
•User  friendliness  and  func7onality •Interoperability  deficits
•Good  prac7ces •Financing  of  eBusiness
•Standardiza7on •Legal,  security  and  privacy  issues

  By   increasing   the   availability   of   accurate,   complete   and   relevant   clinical   data   healthcare  
providers  can  improve  the  quality   of  their   services  and  deliver   them  more  efficiently   and  effec7vely  
(Deutsch  &   Turisco,  2009).  For  this  reason  healthcare  is  currently   experiencing  a  transforma7on  from  a  
physician-­‐centric  to  a  pa7ent-­‐centric  orienta7on  that  could  be  accelerated  by   the  right  use  of  the  right  
informa7on  technology.  

  In  previous  researches  a  number  of   advantages  have  been  iden7fied  linked   to  the  use  of  EHR  
systems  connected  to  health   informa7on  exchange  (HIE)   systems   (Deutsch   &   Turisco,   2009).   These  
advantages  can  be  grouped   around  the   two   main  goals  of   healthcare:   improve  pa7ent   safety   and  
improve   cost   efficiency   of   processes.   EHR   systems   can   improve   pa7ent   safety   by   elimina7ng  
transcrip7on   errors,   medical   errors   and   adverse   medica7on   events   (e.g.   allergies).   Efficiency  
advantages  can   be  found  in  the  reduc7on  of  redundant   tests,  improved  administra7ve  efficiency   and  
faster   processing   of  pa7ents,   prescrip7ons   and   hospital  discharges.   Moreover,   being  able  to  access  
current  pa7ent   data  on  a  real-­‐7me  basis  leads  to  new   forms  of  consulta7on  which  are  more  effec7ve  
and  efficient  than  face-­‐to-­‐face  contact.

  Some   examples  of  technologies  linked   to   documented  benefits  in  healthcare  can   be   found  in  
previous  research  (Gartner,  2009).  Based  on  poli7cal  goals  the  technologies  are  linked  to  documented  
benefits   with   the   excep7on   of   Con7nuity   of   Care.   The   poten7al   benefits   are   es7mates   from  
documented  benefits  in  one  or  more  EU  member  states  that  could  be  extrapolated  to  other   countries.  
The   results   of   Gartner’s   research   for   each   poli7cal   goal   are   shown   in   appendix   H   to   appendix   K
(Gartner,   2009).   Due  to  the  large  number   of   documented  benefits,   it   is  important   to  consider   first  
those   technologies   that   have   enabled   the   most   benefits   in   the   past.   Some   of   these   eHealth  

Towards a Healthy Cloud Page 117 of 218 Juan Hernández Colomina

technologies  with  high   poten7al  are  Electronic  Medical  Records,  Computerized  Physician  Order  Entry  
and  Clinical  Decision  Support  systems.

  In  another  research  on  the  benefits  and  costs  of  eHealth  in  ten  European  sites  (Stroetmann  et  
al.,   2006)  researchers  quan7fied  them  by   using  a  Cost   Benefit  Analysis  (CBA)   which  allows  individual  
site  assessments  as  well  as  comparing   various  sites.  The  researchers  found  that  improved  quality  can  
be  traced   back   to  five  factors:   beOer   informed  ci7zens   and   providers,   informa7on  that   streamlines  
care  processes,   7meliness  of   care,   safety   and  effec7veness.   Researchers  found   that   all   cases  under  
study   reflect   posi7ve   economic   impact   measured   as   net   benefits   at   present   value.   The   average  
payback  period  was  4   years,   being  the   main  beneficiaries  healthcare   providers  (52%),  ci7zens  (43%)  
and  third  party  payers  (e.g.  insurers)  (5%).

  In  some  countries  the  adop7on  of  health  informa7on  exchange  systems  (HIEs)  have  been  slow  
and  with  moderate  success.  Previous  research  has  found  that  the  top  three  obstacles  for  the  adop7on  
of  HIEs  in  the  USA  are  (1)  the  funding  and  par7cipa7on  of  those  ini7a7ves,  (2)  the  legal  and  regulatory  
context,  and  (3)  the  technical  issues  (Deutsch  &  Turisco,  2009).

2.3. Technology  Adop*on  in  Healthcare

  Many   countries  are   enforcing   policies   to   improve   the   quality   and   efficiency   of   healthcare  
through  the  use  of  ICT   solu7ons  (Schoen  et   al.,  2006).  Some  examples  are  prac7ce  and  systemwide  
informa7on   systems   to   track   pa7ents   as   they   visit   different   points   of   care,   to   support   disease  
management,   to  prevent  duplica7on  and  medica7on  errors,  and  to  7mely   access  pa7ent   informa7on  
(Schoen  et  al.,  2006).

  In  the  2009  HIMSS  conference  we  can   find  some  expert’s  presenta7ons  regarding  the  current  
use   of   informa7on   technology   at   healthcare  organiza7ons.   According  to  one  of  these  presenta7ons  
(Duke,   Hartz,   &   Jacobs,   2009)   Health  Informa7on   Technology   (HIT)   nowadays  is  s7ll  predominantly  
paper   based,  using  systems  that   are  oren  not  interoperable.   Although  there   is  an  increasing   public  
pressure   on   moderniza7on   and   economic   efficiency   of   healthcare   delivery,   technological  
implementa7ons  are   s7ll  taking   more  7me  than   expected   and  at   higher   costs  than   were  budgeted  

  Some  na7onal  regula7ons,   like  the  American  Recovery  and  Reinvestment  Act   (ARRA)  of  2009,  
clearly   state  that   the   main  goal  of  technical  innova7ons  is  to  achieve   added  value.  For   this  purpose,  
future  IT  implementa7ons  must  take  into  account  not   only   the  adop7on  of  technological  innova7ons  
but   also   the   complete   (business)   process   reengineering   from   paper   based   processes   to   digital  
workflow   management.   The   use  of   technology   in   healthcare   should   therefore   aim   to   achieve   real  
value  (e.g.  ROI)  measured  in  quality   of  healthcare,  process  efficiency  and  revenue  (Duke  et  al.,  2009).  
The   evolu7on   of   IT   transforma7on   according   to   this   process-­‐technology   approach   to   clinical  
transforma7on  is  depicted  in  the  figure  14.

Towards a Healthy Cloud Page 118 of 218 Juan Hernández Colomina

Figure  14:  IT  transforma*on  model  (Duke  et  al.,  2009)

  The  different  process  maturity  levels  (green  blocks)  and  corresponding  technological  
implica7ons  (blue  blocks)  can  be  iden7fied  by  observing  the  current  situa7on:

• Maturity   Level   1:   The   organiza7on   cannot   fully   trust   its   processes   and   is   suffering   from   data  
overload  where   few  informa7on  is  regarded  as  useful.  By   automa7ng  transac7ons  processes  can  
be  improved  shiring  the  organiza7on  to  the  next  level.
• Maturity  Level  2:  The  focus  at  this  point  is  to  improve  processes  to  be  able  to  do  increase  process  
efficiency.   By   crea7ng   informa7on   silos,   useful   informa7on   can   be   gathered   and   stored  
• Maturity   Level  3:  Once  a  certain  level  of  efficiency  has  been  achieved,  the  organiza7on   can  focus  
on   process   reengineering   to   modify   current   prac7ces   and   achieve   opera7onal   effec7veness.  
Process  redesign  can  at  this  level  be  facilitated  by  IT  processes.
• Maturity   Level  4:  Organiza7ons  that   achieve  this  level  of  maturity  are  able  to  collaborate  outside  
the  organiza7onal  boundaries  and  technology  becomes  an  strategic  advantage.  

  When   considering   new   technological   adop7ons   from   a   added   value   point   of   view   some  
authors  (Duke  et  al.,   2009)  propose  the  use  of  well  known  financial  ra7os  like  the  benefit-­‐cost   ra7o,  
payback  period,  net   present  value  (NPV)  and  the  internal  rate  of  return.  Although  these  indicators  are  
regarded  useful  when  evalua7ng  investment   alterna7ves  they  do  not  account  for  intangible  costs  and  
benefits.   For   this   reason   their   use   should   be   limited   to   complementary   measurements   to   guide  
decision  making.   Some  examples  of   intangibles  benefits  that   financial  ra7os  ignore  are  compe77ve  
advantage,   brand   awareness,   regulatory   compliance,   employee   sa7sfac7on   and   improved  

Towards a Healthy Cloud Page 119 of 218 Juan Hernández Colomina

  In  the  implementa7on  of  Electronic  Health  Records  systems  in  the  United  States  a  number  of  
Cri7cal  Success  Factors  (CSFs)  have  been  iden7fied  (Duke  et  al.,  2009).  The  factors  can  be  grouped  into  
four  main  areas:  Leadership,  Management,  Func7onality  and  Technology.  The  CSFs  are  shown  in  the  
table  22:

Table  22:  Cri*cal  Success  Factors  for  the  adop*on  of  Electronic  Health  Records

Related  Area Cri*cal  Success  Factor

•Management  commitment  reflected  in  shared  vision

•Accordance  with  organiza7onal  strategic  objec7ves
•Mul7disciplinary  governance  commiOee  ac7vely  involved
•Clear  objec7ves  and  business  case

•Support  from  senior  execu7ves  as  if  it  is  a  clinical  project
•Added  value  is  clear  for  employees
•Good  project  management  with  detailed  planning  and  real  7me  monitoring  and  repor7ng.
Management •Resources  and  commitment  for  redesign  focusing  on  process  quality,  efficiency  and  reliability
•Training,  ini7al  and  ongoing
•Adequate  communica7on  throughout  the  whole  project.  
•Transparency  and  feedback  to  all  end  users  is  cri7cal.

•Cri7cal  to  organiza7onal  processes

•Broad  intended  user  group
•Support  for  clinical  workflow
•Horizontal  integra7on  and  use  of  the  system

•Compa7bility  with  other  technologies  in  place  and  alignment  with  clinical  processes
•High  availability  on  demand.  No  latency.
•Security,  confiden7ality  and  data  integrity

  Another  approach  to  evaluate  the  cri7cal  success  factors  for  the  adop7on  of  technology  can  be  
found  in  Gartner  research  (Gartner,  2009).  In  order  to  successfully  adopt  a  new  technological  solu7ons  
organiza7ons   need   to   take   into   account   (among   other   factors)   the   complexity,   governance,   local  
condi7ons,   stakeholder   engagement,   vendor   engagement,   adaptability   and   measurement   of   the  
envisioned   solu7on  (Gartner,   2009).  In  the  healthcare  sector,  in  addi7on  to  these  concerns,  adopters  
need   to  consider   the  complexity  of  the  medical  process,  the  high  sensi7vity   of  medical  and  personal  
data  and  the  need  for  proven  technology  due  to  the  low  tolerance  for  errors.

  The  European  Commission  conducted  an  empirical  survey   among  healthcare  organiza7ons  to  
evaluate  their  percep7on  on  the  importance  of  eBusiness  applica7on  areas  (Stroetmann  et  al.,  2006).  
The   applica7ons   that   are   considered   highly   or   very   relevant   for   the   healthcare   sector   are  
collabora7on,   informa7on   exchange,   online  purchasing,   efficient   e-­‐procurement,   and   web   services  
based   integra7on   of   IT   components.   Moreover   a   number   of   applica7ons  are  considered   to   have  
average   relevance   in   the   healthcare   sector:   e-­‐learning,   human   resource   management   and   virtual  
private   networks.   Organiza7ons  expect   that   interac7ve   pa7ent   informa7on   and   involvement,   and  

Towards a Healthy Cloud Page 120 of 218 Juan Hernández Colomina

electronic   networking   with   other   actors   and  organiza7ons  are  the  two  most   relevant   factors  in  the  
near   future.   The   most   relevant   adop7on   barriers   signaled   by   healthcare   firms   are   the   size   of  
organiza7ons  and  the  complexity  and  cost  of  technology.

2.4. Sec*on  Summary

  In   order   to   facilitate   our   analysis  on   the   applicability   of   Cloud   Compu7ng   solu7ons   in   the  
healthcare   sector,   we   have   described   in   this   sec7on   the   current   role   of   technology   in   European  
healthcare,  the  most  relevant   opportuni7es,   challenges,  drivers  and  barriers,  as  well  as  some  cri7cal  
success  factors  for  the  successful  adop7on  of  technology  in  this  sector.  

  As  it  is  also  the  case  in  other  sectors,  business  and  IT  alignment  of  organiza7onal  strategy  and  
processes   is   crucial  for   leveraging   IT   solu7ons.   Previous  research  has  found  that   applying   the  right  
approach   and   implementa7on   methodology   for   a  specific   situa7on   organiza7ons   can   improve   the  
quality,   accessibility   and   efficiency   of   healthcare   delivery.   Some   documented   cases   indicate   that  
organiza7ons  that   invest   in   the  right   ICT   ini7a7ves  (e.g.   eHealth)   perform   significantly   beOer   than  
firms  that  do  not  invest  in  those  ICT  capabili7es.  The  poten7al  for  improvement  in  this  sector   is  rather  
large  due  to   the  fact   that   although   the  healthcare   sector   is  one  of   the  most   informa7on  intensive  
industries  it  does  not   leverage  IT  solu7ons  as  much   as  other   sectors  do.  Moreover,  in  order   to  deal  
with  current  challenges  (e.g.  aging  popula7on,  pervasive  chronic  sicknesses,  rapid  spread  of  sicknesses  
globally,   etc.)   and   guarantee   the   sustainability   of   healthcare   systems,   organiza7ons   need   to   take  
advantage  of  technological  developments.  

  The   benefits  of  technology   in  healthcare  have  also  been  extensively   documented.   Significant  
improvements  in  quality,  cost  efficiency,  process  throughput  and  the  reduc7on  of  medical  errors  have  
been  directly  linked  to  implementa7ons  of  Electronic  Transfer  of  Prescrip7ons,  EPR  and  Computerized  
Physician  Order   Entry   and  Clinical  Decision  Support   systems.  Other   research   from  Gartner   iden7fies  
significant   high   poten7al   benefits   in   the   adop7on   of   Electronic   Medical   Records,   Computerized  
Physician  Order   Entry   and  Clinical  Decision  Support   systems.  Other   research  based  on  financial  cost  
benefit   analysis   has   also   demonstrated   significant   benefits   arising   from   successful   ICT  
implementa7ons   like   for   example   beOer   informed   ci7zens   and   providers,   streamlined   processes,  
7meliness  of  care  and  improved  safety  and  effec7veness.  

  Organiza7ons   can   improve   the   quality,   efficiency   and   effec7veness   of   care   services   by  
increasing  the  availability  of  accurate,  complete  and  relevant  clinical  data  (e.g.  EHR  system).  Quality   is  
improves  as  medical  errors,   adverse  medica7on  errors  and  prescrip7on  errors  are  reduced.  Efficiency  
is  improved  when  redundant   tests  are  eliminated,  the  administra7on  process  is  streamlined,  and  the  
organiza7on  is  able  to  process  pa7ents,  prescrip7ons  and  hospitaliza7ons  faster.

  The  main  barriers  encountered   by   organiza7ons  when   adop7ng  IT  solu7ons  are  the   security  
and  the   cost   of  technology.   Although   informa7on  needs  to  be  exchangeable  across  organiza7ons  it  
also  needs  to  be  protected   from   unauthorized  use.  Other  barriers  found   in  previous  research   are  the  

Towards a Healthy Cloud Page 121 of 218 Juan Hernández Colomina

lack  of   opportunity   awareness,  the  size  of  the  organiza7on,   the   lack   of   interoperability   with  current  
systems  and  legal  and  privacy  issues.

  The  adop7on  of  technology   is  mo7vated  by   the  increasing  compe77on,  the  demand  for  user  
friendly  services  and  extensive  func7onality,  previous  good  prac7ces  and  standards.  Organiza7on  can  
take  advantage  of   technological  solu7ons  by   leveraging   current   infrastructure  investments,   gaining  
compe77ve  advantage  from  coopera7on  in  the  value  chain,  reducing  costs  by   improving  supply  chain  
management  and  crea7ng  economies  of  scale  and  synergies  through  collabora7on.  When  leveraging  
solu7ons  organiza7ons  need  to  take  into  account   legal,  regulatory   and  security   issues  as  well  as  the  
training  and  monitoring  of  staff  on  the  envisioned  solu7on.

  IT   implementa7ons  must  include  the   adop7on  of  technology   as  well  as  complete  (business)  
process  reengineering  from  paper   based  processes  to  digital  workflow  management.   As  the  use  of  
technology   in   healthcare   must   aim   to   achieve  real  added   value   (e.g.   ROI)   measured   in   quality   of  
healthcare,   process   efficiency   and   revenue,   organiza7ons   should   align   process   maturity   with  
technologies   that   enables   higher   value  crea7on  in  the  transforma7on  process.  The   ul7mate   goal  of  
this  transforma7on   process  is  to  enable  collabora7on  outside  the   organiza7onal  boundaries  while  
leveraging  technology  as  a  strategic  advantage.  

  In   previous   research   a   number   of   cri7cal   success   factors   (CSFs)   have   been   iden7fied   for  
leveraging   IT   solu7ons.   The   CSFs   can   be   classified   into   four   areas:   management,   leadership,  
func7onality  and  technology.  In   the  management   area  some  of  the  CSFs  are  the  support  from  senior  
management,  clear   added  value,   good   project  management,   employee  training  and  communica7on  
and   a  clear   focus  on   process  quality,  efficiency   and  reliability.  Organiza7onal  leaders  must   develop  a  
shared  project  vision  with  clear   objec7ves  and  business  case  and   align  it   with  the  firm’s   strategy   as  
well  as  with  corporate  governance.  

  The  func7onality   of  the  solu7on  must  focus  on  suppor7ng  organiza7onal  and  clinical  processes  
as  well  as  a  broad   user   group  and  horizontal  integra7on.  On  the  technology   area,  the  solu7on   must  
ensure   compa7bility   with   current   systems,   and   guarantee   a   high   level  of   availability,   security   and  
interoperability.   Other   CSFs  found  in  previous  research   are  the  level  of   organiza7onal  and  medical  
complexity,   the  stakeholder  and  vendor  engagement,   the  adaptability   of  the  solu7on  to  be  adopted,  
the  sensi7ve  character  of   pa7ent  data  and  the  need  for   proven   technology   due  to  the  low  ci7zen’s  
tolerance  for  medical  errors  and  the  high  impact  of  those  errors.    

  According  to  healthcare  organiza7ons  tools  that  facilitate  collabora7on,  informa7on  exchange,  
eProcurement   and   web   services  are   the   most   relevant   for   the  sector.   Specially,   interac7ve  pa7ent  
informa7on  and  involvement  and  electronic  communica7ons  are  the  two  most  relevant  factors  in  the  
near  future.

Towards a Healthy Cloud Page 122 of 218 Juan Hernández Colomina

3. ICT  in  the  Dutch  Healthcare  sector
  Healthcare  professionals  need   the  right   informa7on,  at   the   right  7me  and  at  the  right  place.  
For   this  reason,   ICT   is  considered   by   the   Dutch  government   as  an  important   enabler   to  cope   with  
healthcare   challenges   not   only   by   suppor7ng   medical   research   but   also   improving   opera7onal  
efficiency,  specially   in  an  informa7on  intensive  sector   like  healthcare  (Klink  &   Bussemaker,  2008).   As  a  
consequence,   during   the   past   years  there   has  been   a   growing   governmental  interest   to   support  
healthcare  services  with  ICT  (Stap  et  al.,  2007).  

  An  example  of  this  interest  is  the  introduc7on  of  EPR  in  The  Netherlands,  which   is  known   as  
the  Elektronisch  Pa7ënten  Dossier  (the  EPD  project).   The  EPD  is  currently  an  important  priority  for  the  
government  to  improve  quality,  accessibility  and  affordability   of  healthcare  services.  However,  due  to  
the  priva7za7on  of   the  Dutch  healthcare  sector,  the  government   has  limited  enforcing   power  in  how  
healthcare  organiza7ons  work  (Stap  et  al.,  2007)  affec7ng  the  adop7on  of  this  type  of  infrastructure.

  The   NICTIZ   ins7tute,   the   Na7onal   Ins7tute   for   ICT   in   Healthcare   (in   Dutch,   Na7onaal   ICT  
Ins7tuut  in  de  Zorg)   was  founded  in  2002   to  s7mulate  the  use  of  ICT   in  the  Dutch   healthcare  sector.  
NICTIZ   is   responsible   for   the   realiza7on   of   the   na7onal   EPD   infrastructure   in   collabora7on   with  
pa7ent’s   associa7ons,   healthcare  providers,   insurers,   ICT   providers   and   public   bodies.   Under   their  
slogan:  “BeOer  healthcare  trough  beOer  informa7on”  the  main  goal  of  NICTIZ  is  to  support  healthcare  
organiza7ons   in   leveraging   ICT   solu7ons  and   to   enable   the  condi7ons  for   electronic   exchange   of  
pa7ent  informa7on.  

  NICTIZ   is   responsible   for   developing   and   maintaining   the   AORTA   basic   infrastructure   to  
facilitate   the   secure   exchange   of   medical   informa7on   (e.g.   EPD   records).   Moreover,   NICTIZ   is  
responsible   for   the   standards   used   and   cer7fica7on   programs   for   ICT   providers   and   healthcare  
organiza7ons.  Within  the  EPD  ini7a7ve,  two  components  have  been  first  implemented,  the  Electronic  
Transfer   of   GP   Observa7ons  WDH   (Waarneem   Dossier   Huisartsen)   and   the   Electronic   Transfer   of  
Prescrip7ons  EMD  (Electronisch  Medica7e  Dossier)  (Stap  et  al.,  2007).  

  The  EPD  ini7a7ve  was  launched  to  improve  the  quality  of  medical  services  by  providing  7mely,  
accurate  and  secure  informa7on  exchange.  Electronic   Pa7ent  Records  (e.g.  EPD  records)  are  a  specific  
type   of   Electronic   Health   Records   (EHR)   systems.   An   EHR   is   a   collec7on   of   personal   medical  
informa7on   that   is   stored   during   the   en7re   life7me   of   a   person.   This  informa7on   is   stored   and  
exchanged  in  digital  form  on  secure  infrastructures.  

  The  main  goal  of  an  EHR  system  is  to  guarantee  con7nuity   of   care  to  a  pa7ent  as  it  reflects  his  
or   her   medical  situa7on  at   a  specific  point  in  7me.  Although  this  is  also  one  of  the  goals  of   the   EPD  
ini7a7ve,  it  is  primarily  designed  to  support  a  specific  healthcare  process  or  treatment.  Due  to  the  fact  
that   the   EPD   combines   informa7on   which   is   generated   and   stored   at   the   source   (e.g.   the   care  

Towards a Healthy Cloud Page 123 of 218 Juan Hernández Colomina

provider)   it   does   not   provide   a   complete   overview   of   a   pa7ents   health   situa7on   but   rather   the  
relevant  parts  needed  to  accomplish  an  specific  healthcare  task  (Stap  et  al.,  2007).

  Informa7on  technology  can  improve  healthcare  by   suppor7ng   decision  making  and  facilita7ng  
pa7ent’s  assessment   and  monitoring.   Moreover,   ICT   can  enable  innova7on   and  the  efficient   use  of  
physical  and   human   resources  (Schoen  et   al.,   2006).   One  of   the  main   success  factors  iden7fied  in  
previous  implementa7ons   is   the  alignment   between  those   who   benefit   from   the   new   system   and  
those  who   pay   for   it  (Deutsch  &   Turisco,   2009).   This  is   not   the  case  in  The  Netherlands   where  the  
healthcare  sector  is  priva7zed  while  the  EHR  implementa7on  has  been  paid  by  the  Dutch  government,  
including  the   Na7onal  Switch  Point   (Landelijke   Schakel  Punt,   LSP),   which  is  offered  free   of  charge  to  
healthcare  providers.

  The  demand  of  care  services  in  the  Dutch  healthcare  sector  will  grow  significantly   in  the  near  
future  due  to  the  demographic   evolu7on  of  its  ci7zens  (e.g.  aging  popula7on,  higher   average  weight,  
etc.).  Collabora7on  is  also  becoming  increasingly  important   among  healthcare  prac77oners  in  order  to  
treat   rapid   spreading   threats   (e.g.   H1N1   virus)   or   to   improve   the   treatment   of   care   intensive  
sicknesses  (e.g.  Cancer,  AIDS,  etc.).  In  order  to  cope  with  these  challenges,  the  Dutch  government  has  
launched   new   laws   and   regula7ons,   new   financing   models   and   has   fostered   ICT   innova7on   in  
healthcare  (NICTIZ,  2009).

3.1. ICT  in  General  Prac**oners  Offices

  Primary   care  professionals  are  the  first   point  of   contact   for   pa7ents  playing   a   crucial  role  in  
preven7on   and   ongoing   care   (Schoen   et   al.,   2006).   In   the   Dutch   healthcare   system   general  
prac77oners  (GPs)   or   family   prac77oners  (FPs)   are  the  gatekeepers  of  healthcare  services  as  pa7ents  
must  be  referred  by   them   to  be  able  to  access  further  specialized  treatments.  Moreover,  pa7ents  can  
not  access  various  GPs  at  the  same  7me  as  they  need  to  register  at  one  GP  beforehand.  

  The  Dutch   healthcare  system   counts   with  around   9.000   family   doctors  (GPs)   with   specialist  
training  in  family  medicine  (Prou  &  Smit,  2006).  GPs  are  the  gatekeepers  of  the  system  as  they   must  
authorize  every   pa7ent   in   order  to  be  further   treated  by   hospitals  or   specialists.  As  a  result,   95%  of  
primary  care  condi7ons  are  solved  at  GPs  (Prou   &  Smit,  2006).  Around  88%  of   GPs  work  alone  or  in  
prac7ces  of  two  to  three  doctors.   Outside  office  hours,  pa7ents  can  obtain   help  from  primary   care  
coopera7ves,   serving   up   to   90%   of   Dutch   ci7zens.   The   computeriza7on   of   GPs   prac7ces   in   The  
Netherlands  is   high.   Around   97%   of   GPs  use  a   computer   based   GP   informa7on   system   for   use  in  
primary  care.  Around  90%  of  prescrip7ons  are  generated  electronically  (Prou  &  Smit,  2006).  

  According   to   a  research   from   the  Commonwealth   Fund   in   The  Netherlands,   almost   all  GPs  
(98%  according  to  data  from  2006)  use  electronic  medical  record  systems  in  their  prac7ces  (Schoen  et  
al.,  2006).   However,  when  we  look  at  collabora7on  only  45%  of  all  GPs  can  share  records  electronically  
with   clinicians  outside  their   prac7ce,  32%  can  access  medical  records  when  outside  of  office,   and  8%  
provide   pa7ents  with   access  to  their   medical  records.   Although   the  great   majority   of   GPs  in   The  

Towards a Healthy Cloud Page 124 of 218 Juan Hernández Colomina

Netherlands  can  prescribe  medica7on  electronically  and  have  electronic   access  to  pa7ent’s  test   results  
(85%  and  78%  respec7vely)  only   few   of   them   (around  10%)   has  access  to  pa7ent’s  hospital  records  
and  can  order  tests  electronically  (Schoen  et  al.,  2006).  

  A  large  number  of  GPs  (93%)  receives  electronic   alerts  when  a  poten7al  medica7on  problem  
takes  place  and  they  send  electronic  alerts  to  pa7ents  for  preven7ve  of  follow  up  care  (61%)  (Schoen  
et   al.,   2006).   On  the  other   hand,   only   a  minority   of   GPs  (16%)  receive  electronic   alerts  to  provide  
pa7ents  with  test  results.  The  majority  of  GPs  can  easily  obtain  electronic  lists  of  pa7ents  by  diagnosis  
(63%)  and  lists  of  all  medica7ons  taken  per  pa7ent  (59%).  

  As  GPs  manage  the  referring-­‐to-­‐specialist   process  and   the  longitudinal  care   history   they   are  
cri7cal  for  the  coordina7on   of  care  services  over   7me  (Schoen  et  al.,  2006).  When  care  service  span  
various  prac77oners  some7mes  pa7ents  in  The  Netherlands  suffer   problems  from  lack  of  coordina7on  
(41%)  and  unavailable  medical  records  (15%).  Around  7%  of  Dutch  GPs  have  to  repeat  tests  some7mes  
because  the   findings  cannot   be  found  anymore.   In  almost   all  cases  (96%)   GPs  affirm  that   they   get  
informa7on  back  from  referred  professionals.

  In  this  research  we  delimit  our  analysis  from  now  on  to  one  of  the  largest  ICT  implementa7ons  
in   Dutch   healthcare,   the   introduc7on   of   a   na7onal   infrastructure   for   the   exchange   of   electronic  
medical   records   known   in   Dutch   as   the   EPD.   The   government   plans   to   make   the   use   of   this  
infrastructure   compulsory   by   law   to  all   healthcare  organiza7ons  in   The  Netherlands,   including   GPs,  
hospitals,   pharmacies,   etc.  At  the  moment  of  wri7ng   the  EPD  project   has  completed  the  first  pilots  
successfully   while  healthcare  organiza7ons  are  deploying  cer7fied  solu7ons  that   can  connect  to  this  

Towards a Healthy Cloud Page 125 of 218 Juan Hernández Colomina

4. Electronic  Pa*ent  Records  in  The  Netherlands
  The   project   for   the   introduc7on   of   Electronic   Pa7ent   Records   (EPD   in   Dutch)   in   The  
Netherlands  was  officially   launched  by   the   Dutch  Ministry  of  Health  in  September  2008,  when   a  law  
came  into  force  allowing  the  use  of  ci7zen’s  social  security  numbers  (in  Dutch  burgerservicenummer  
or   BSN  number)  in  the  healthcare  sector  (NICTIZ,  2009).  The  EPD  project   aims  to  implement  a  basic  
“empty”   infrastructure   containing   strictly   index   and   reference  systems  that   connects   all   individual  
sources  were   pa7ent   informa7on  is  registered  and  stored  (for   example  at   a  GP   office   or   hospital)  
(Tange,  2008).  

  The  main  goal  of  this  inter-­‐organiza7onal  infrastructure  is  to  share  pa7ent   medical  informa7on  
in  a  fast   and   reliable  way   in   order   to  prevent   communica7on  errors  and  therefore  to  improve  the  
quality   of  care  provided  to  ci7zens  (Tange,  2008).  As  informa7on  is  stored  and  maintained  at  its  origin,  
it   is   always   kept   up   to   date   by   minimizing   the   delay   between   the   origin   of   informa7on   and   its  
registra7on.   The  index  system  is  implemented  at  the  na7onal  switch  point  (in  Dutch  Landelijk  Schakel  
Punt  or  LSP)  that  contains  pointers  to  all  registered  EPD  records  of  each  pa7ent.  

  When   a  clinician  needs  medical  informa7on  about   a  specific   pa7ent,   the   index   systems  pulls  
the  informa7on  on  demand  from  the  provider’s  systems  and  sends  it  to  the  clinician  reques7ng  it.  The  
switch  point  is  at   all  7mes  empty,   containing  only   the  informa7on  needed  to  gather   the   data  (index  
and  reference  system)  from  a  provider’s  systems  (Tange,  2008).  

  Once  the  EPD  project   has  been  completed,   all  healthcare  providers  and  insurers  will  benefit  
from  secure  electronic   informa7on  exchange   of   pa7ent’s  data  (Prou   &   Smit,  2006).  Although  there  
are  some  healthcare  regional  networks  already  in  place,   they   exchange  informa7on  according  to  the  
EDIFACT   standard.   These  regional  networks  are  going   to  be  integrated  in  the  na7onal  infrastructure  
which   exchanges  informa7on  following   the  HL7   version  3   standard.   The  Ministry   of   Health  plans  to  
reuse  these  regional  networks  as  aggrega7on   channels   to   connect   to  the  na7onal  switching   point  
(Prou  &  Smit,  2006).

  Collabora7on  between  healthcare  service  providers  has  been  subject  of  a  lot  of  research  in  The  
Netherlands  (Nivel,   2009).   The   recent   introduc7on  of  electronic  pa7ent  records  (EPD)  is   believed  to  
affect  the   supply   and  organiza7on  of  services  in  the  Dutch  healthcare   sector.   Previous  research  has  
observed  a  higher  rate  of  collabora7on  among   healthcare  actors  (Nivel,  2009).   Around  50%   of  Dutch  
GPs  are  physically   working  next   to  other   actors  (e.g.  pharmacy,  physiotherapist,  etc.)   while  30%  of  all  
GPs  have   actually   formal  collabora7on   agreements   with   other   actors.   Moreover,   according  to   Nivel  
research   clinics  with   more  than   one  doctor   collaborate  more  with  other   professionals  than   clinics  
where  a  single  clinician  is  located.  

Towards a Healthy Cloud Page 126 of 218 Juan Hernández Colomina

  Electronic  pa7ent  records  (EPD)  must   contain  informa7on   that   is  complete,  reliable,  and  well  
structured   (Nivel,   2009).   This  is  not   an  easy   task  as   pa7ent   informa7on  is  registered   and  stored   by  
individual  clinics  or  GPs  using  their  own  nota7ons  and  conven7ons.  In  order  to  facilitate  the  exchange  
of   informa7on  (EPD)  with  other  professionals,  the  Associa7on  of  Dutch  GPs  (Nederlands  Huisartsen  
Genootschap)  has  published  in   2004  a  set  of   guidelines  that   every  prac77oner   should  follow  in  order  
to  support  the  exchange  of  informa7on  with  other  clinicians.

4.1. The  EPD  Agenda

  In  order   to  cope  with  the  (future)  challenges  of  healthcare,   the  Dutch  government  launched  
two   ini7a7ves:  an  electronic  pa7ent  record  system  (the  so  called  EPD)  and  an  ICT  basic  infrastructure  
to   facilitate  the  exchange   of   informa7on   in   the   healthcare  value  chain.   ICT   solu7ons  that   support  
healthcare  delivery,  sickness  preven7on,   clinical  examina7on  and   healthcare  logis7cs  are  considered  
to   be   part   of   the   EPD   project   (NICTIZ,   2009).   The   basic   ICT   infrastructure   to   be   used   includes  
standards,   agreements,   contracts   and   tools   that   facilitate   the   exchange   of   informa7on   in   the  
healthcare  sector  (NICTIZ,  2009).

  For  the  introduc7on  of  the  na7onal  EPD  infrastructure,  a  governance  body  has  been  created  to  
define  the  project  agenda,   facilitate  decision  making  and  control  the  implementa7on  (NICTIZ,  2009).  
The  governance  includes  two  bodies:   the  plaxorm  for   ICT   and  innova7on  (Plaxorm  ICT  &  Innova7e)  
and  the  steering  commiOee  ICT  &  innova7on  (Stuurgroep  ICT  &  Innova7e).  The  plaxorm  is  responsible  
for  defining  the  agenda  while  the  main  func7on  of  the  steering  commiOee  is  decision  making  and  the  
direct   management  of  implementa7on  projects.  The  governance  body  is  responsible  for  the  execu7on  
of   the  project   and  individual  programs.  Every  subprogram  is  managed  by   Program  Advise  CommiOees  
(PAC)  where  the   most  relevant  stakeholders   for   that   specific   project   are  represented.   Each  program  
compromises   five   itera7ve   phases:   awareness,   decision   prepara7on,   design   and   valida7on,  
development  and  tes7ng  and  implementa7on.

  The  incremental  approach  of  the  EPD   implementa7on  includes  a  diverse  number  of  ini7a7ves  
to   be   completed   in   the  planning   horizon   from   2008   to  2013   (NICTIZ,   2009).   Figure  15   depicts  an  
overview  of  these  ini7a7ves  grouped  in  the  EPD  agenda  (NICTIZ,  2009):

Towards a Healthy Cloud Page 127 of 218 Juan Hernández Colomina

       Figure  15:  EPD  Program  Overview

  The  deployment  of   the  EPD  infrastructure  follows  an  incremental  top-­‐down  approach  star7ng  
with   two   func7onali7es:   the  exchange  of   informa7on  regarding   pa7ent’s  drug   prescrip7ons  (EMD,  
Electronisch   Medica7edossier   in   Dutch)   and  GPs  observa7ons   from   service  encounters  at   point   of  
service   loca7ons  (WDH,   Waarneemdossier   Huisartsen   in   Dutch)   (NICTIZ,   2009).   At   the   moment   of  
wri7ng,   the   implementa7on   and   pilot   projects   for   these   two   types   of   informa7on   have   been  
successfully  accomplished  and  they  will  be  rolled  out  soon  at  na7onal  level.

4.2. Stakeholders  in  the  EPD  ini*a*ve

  The  Dutch  government  has  passed  a  law  in  2009  making  the  use  of  the  na7onal  infrastructure  
compulsory.   However,   par7cipants   need   to   obtain   the   required   cer7fica7on   obtaining   financial  
incen7ves  for   those  using  cer7fied  informa7on  systems  (Tange,   2008).  The  most  relevant   actors  that  
are  affected  by  the  EPD  ini7a7ve  are  the  Dutch  government,  healthcare  providers,  tax  payers,   pa7ents  
and  pa7ent’s  organiza7ons,  poli7cal  par7es,   GP   organiza7ons,   IT   vendors  and  others  (Tange,   2008).  
The  stakeholders  and  their  support  for  the  project  is  depicted  in  figure  16.

Towards a Healthy Cloud Page 128 of 218 Juan Hernández Colomina

     Figure  16:  EPD  stakeholders  support  (Tange,  2008)

  The  Government  is  the  main  ini7ator   and  advocate  of  the  project.  Some  healthcare  providers  
(e.g.   GPs)   support   the  idea  but  are   opposed  to  the  na7onal  infrastructure  and  prefer  regional  ones,  
while   other   providers  (e.g.   hospitals)   remain   indifferent.   In   general,   pa7ents  and   poli7cal   par7es  
support  the  idea  as  they  agree  with  the  advantages  of   the  new   infrastructure.  Nevertheless,  the  EPD  
ini7a7ve  have  found  some  opposi7on   from  prac77oners  and  ci7zens.   According  to  a  recent  research  
by   the  associa7on   of   GPs,  only   4,2%   of   Dutch  ci7zens  agrees   with   the  exchange  of  their   electronic  
pa7ent   record   through  the  na7onal  switching  point   (ICTzorg,   2009)  (WAKE-­‐UP,  2009).   Although  this  
research  can  not  be  regarded  as  scien7fic  as  is  strongly   biased,  it  reflects  the  cri7cal  role  of  GPs  as  first  
point  of  contact  and  informers.

4.3. Defini*ons
  A   number  of   concepts  must  first  be  defined  to  fully   understand  the  EPD  infrastructure.   Theses  
defini7ons  can  be  categorized  into  general  defini7ons  and  EPD  related  defini7ons.  General  defini7ons  
are  included  in  appendix  L.  The  most  relevant  EPD  related  defini7ons  are  further  elaborated  in  table  

Towards a Healthy Cloud Page 129 of 218 Juan Hernández Colomina

Table  23:  Basic  EPD  Architecture

Acronym Term Descrip*on

The  Electronic  Pa7ent  Records  (EPD)  infrastructure  aims  to  support  the  exchange  of  
accurate  and  7mely  medical  informa7on  among  healthcare  providers  at  na7onal  
Electronisch  Pa7enten   level  under  two  condi7ons:  the  pa7ent  has  approved  the  exchange  of  data  and  the  
Dossier healthcare  provider  has  been  authorized  (as  it  has  a  treatment  rela7onship  with  the  
pa7ent).  The  first  two  func7onali7es  to  be  deployed  are  the  electronic  exchange  of  
medica7ons  and  medical  observa7ons  dossiers.
Na7onal  basic  infrastructure  to  facilitate  the  exchange  of  medical  records.  It  includes  
two  registers  (UZI  &  SBV-­‐Z)  and  the  na7onal  switching  point  (LSP).
Ci7zen’s  na7onal  unique  iden7fica7on  number.  Healthcare  providers  are  obliged  by  
BSN Burgerservice-­‐nummer law  (from  the  1st  of  June,  2009)  to  use  this  numbers  in  their  administra7on  as  well  
as  when  exchanging  pa7ent  related  data.
Public  en7ty  responsible  for  assigning,  maintaining  and  verifying  ci7zen’s  BSN  
Sectorale  Berichten   numbers.  The  CIBG  public  body  is  responsible  for  this  register.  The  register  is  
Voorziening  in  de  Zorg connected  to  the  local  ci7zen  administra7on  systems  (Gemeentelijke  
Basisadministra7e  Persoonsgegevens,  GBA)
Na7onal  unique  iden7fica7on  number  for  healthcare  provider.  It  can  be  found  in  two  
Unieke  Zorgverlener   forms:  electronic  UZI  card  and  UZI  server  cer7ficate.  UZI  cards  are  used  to  iden7fy  
Iden7fica7e individuals  and  UZI  server  cer7ficates  are  used  to  iden7fy  the  servers  connected  to  
the  na7onal  switching  point  LSP.
The  na7onal  switching  point  to  facilitate  the  secure  electronic  exchange  of  actual  
LSP Landelijke  Schakelpunt pa7ent  informa7on  at  na7onal  level.  The  LSP  is  an  indexing  system  containing  
pointers  on  where  to  find  actual  informa7on  from  a  specific  pa7ent.  
A  good  managed  health  informa7on  system.  A  type  of  informa7on  system  that  has  
Goed  Beheerd  
GBZ obtained  the  GBZ  cer7fica7on  due  to  compliance  with  all  applica7on,  
implementa7on  and  exploita7on  requirements  as  defined  by  NICTIZ.
Zorginforma7e-­‐ A  healthcare  informa7on  system  that  has  obtained  the  XIS  sorware  cer7fica7on  as  
systeem defined  by  NICTIZ.
Healthcare  connec7vity  provider  that  facilitates  a  secure  connec7on  between  the  
ZSP Zorgservice-­‐providers
GBZ  and  the  LSP.
Public  body  responsible  for  the  AORTA  basic  infrastructure,  including  the  
Na7onaal  ICT  Ins7tuut  
NICTIZ management  of  the  switching  point  (LSP)  and  the  specifica7ons  of  requirements  for  
in  de  Zorg
healthcare  providers.  

  There  is  few  consistency  in  the  use  of  general  terms  like  EHR  or  ICEHR  around  the  globe.   Many  
countries  use  their  own  acronyms  which   are  oren  very   similar   to  the  EHR  defini7on.  Some  examples  
of   the   different   terms  use  are:   Electronic   Pa7ent   Records  (EPR)   in   England,   Computerized   Pa7ent  
Record  (CPR)  in  the  USA,  Electronic  Health  Care  Record  (EHCR),   Electronic  Client  Record  (ECR),  Virtual  
EHR,  Personal  Health  Record  (PHR),   Digital  Medical  Record  (DMR)  and  Computerized  Medical  Records  

  ECR  is  a   delimita7on   if  the   term  EHR  for  non-­‐medical  health  informa7on  (e.g.   social  worker,  
physiotherapist,   etc.).  A  Virtual  EHR  can  be  defined  as  a  real-­‐7me  assembled  EHR.  The  DMR  is  defined  
as  “a  web-­‐based  record  maintained  by   a  healthcare  provider  or   health   plan.   The  DMR  can  have  the  
func7onality  of  the  EMR,  EPR  or  EHR”.  CDR  is  a  term  mostly   used  in  Canada  to  define  “an  opera7onal  
data  store  that   holds  and  manages  clinical  data  collected  from  service  encounters  at  point  of  service  
loca7ons  (e.g.   hospitals,   clinics,   etc.)”.   CMR   can  be   defined   as  “a  computerized   record   created   by  
image  scanning  or  op7cal  character  recogni7on  (OCR)  of  a  paper-­‐based  healthcare  record”.

Towards a Healthy Cloud Page 130 of 218 Juan Hernández Colomina

  The   bri7sh   Na7onal  Health  Service   (NHS)   defines  EPR   as  “an   electronic   record   of   periodic  
healthcare  of  a   single  individual,   provided  mainly   by   one   ins7tu7on”   (ISO,   2005).   This  defini7on   is  
applied  in   different   countries   with   slightly   different   interpreta7ons.   In   the  USA,   it   is   referred   to   as  
Computerized   Pa7ent   Record   (CPR).   In   Europe,   the   term   Electronic   Health   Care   Record   (EHCR)   is  
widely   used  as  a  synonym   for   EHR.   This  term  is  also  used   in  the  CEN  standard   13606   but   is  being  
increasingly  replaced  in  use  by  EHR.

4.4. Legisla*ve  Context

  There  are  two  important  Dutch  laws  seung  the  scope  for  the  na7onal  introduc7on  of  the  EPD:  
one   law   to   regulate   the   use   of   ci7zen’s   social   security   numbers   in   healthcare   “Wet   gebruik  
burgerservicenummer   in  de   zorg”   and  one  law  to  determine  the  specific   characteris7cs   of   the  new  
infrastructure  “Wet  op  het  EPD”.  The  first  law  came  into  force  the  8th  of  April  of  2008.   The  second  law  
was  approved  in  2009  (NICTIZ,  2009)  and  will  soon  come  into  force  arer  parliament  approval.

  Besides  these  two  laws  that   were   specifically  created  for   the  EPD   project,  a  series  of  exis7ng  
laws  and  regula7ons  must   also  be  taken   into  account   as  they   highly   influence  some  aspects   of   the  
infrastructure  (NICTIZ,   2009).   Some  examples  are  the  laws  “Wet   Bescherming   Persoonsgegevens”  that  
specifies   how   personal   informa7on   must   be   handle,   the   “Wet   op   Geneeskundige  
behandelingsovereenkomst”   that   regulates   clinical   encounters,   the   “Wet   op   de   beroepen   in   de  
individuele  gezondheidzorg”  related  to  independent  clinicians  and  the  “Kwaliteitswet  zorginstellingen”  
to  guarantee  the  quality  of  healthcare  services  delivered.

  Although  the  use  of  BSN  numbers  have  already  been  embedded  in  current  laws  and  legisla7on  
(see  law  Wbsn-­‐z),  the  overall  use  of  the  EPD  infrastructure  is  at   the  moment  of  wri7ng  regulated  by  
bilateral  agreements  between  NICTIZ  and  each  healthcare  provider.  The  Dutch  government   is  planning  
to  introduce  in   the  coming  years  new  legisla7on  that   will  govern  the  use  of  the   EPD  infrastructure  
(Informa7epunt   EPD,  2009).  As  the  main  goal  of  the  EPD  is  to  share  informa7on  that  can   reduce  the  
probability   of  medical  errors  resul7ng  from   incomplete  or  inaccurate  pa7ent   informa7on  (es7mated  
on  19.000   unnecessary   hospitaliza7ons  yearly)  it   is  very   important   that   all  healthcare  providers  are  
included   in   the   system.   For   this   reason,   the   Dutch   government   will   enforce   par7cipa7on   of   all  
healthcare  providers  by  law.  

  Only   healthcare   providers  that  have  a  treatment  rela7onship  with  a  pa7ent   can   retrieve   his/
her   data  from  the  EPD  infrastructure.  This  requirement   is  controlled  by   (1)  checking   if  that   provider  
has  previously   enlisted  informa7on  on  the  LSP  regarding  that  pa7ent  or  (2)  by   checking  if  the  pa7ent   is  
registered  at  the  provider’s  administra7on  and  reques7ng  confirma7on  from  the  provider  that  there  is  
a   treatment   rela7onship   and   the   customer   has   authorized   the   exchange   of   informa7on  
(Informa7epunt  EPD,  2009).  

Towards a Healthy Cloud Page 131 of 218 Juan Hernández Colomina

4.5. Standards
  The  AORTA   infrastructure  has  been  developed  to   encourage   communica7on  and   informa7on  
sharing  in   the   Dutch  healthcare  sector.   The  infrastructure  has  been   developed  by   NICTIZ  to  facilitate  
the  secure  and  reliable  exchange  of   medical  records  between  healthcare  providers  at   na7onal  level  
(Stap  et  al.,  2007).   For  the  exchange  of  informa7on,  a  number  of  standards  have  been   selected.  The  
message  specifica7ons  comply   with   the  HL7   version  3  standard,   services  are  specified  in  WSDL  (Web  
Service  Descrip7on  Language)   and  SOAP   (Simple  Object  Access  Protocol)  and  communica7on  follows  
the  HTTPs  and  TCP/IP   protocols.   The  concepts  in   process  descrip7ons  and  informa7on  models  are  
described  according   to  the  CEN  EN  13606   standard  (Stap   et   al.,   2007).   The  standard   HL7   version  3  
specifies  requirements  regarding  communica7on,  informa7on,  processes  and  methodologies.

  Although  there  is  interna7onal  pressure  to  comply   with  the  EU  standard  CEN   13606,  the  Dutch  
government   has   chosen   for   this  project   the   American   standard   HL7   version   3.   At   the   moment   of  
wri7ng   there   are   interna7onal  ini7a7ves  to   merge  these   two   standards  but   no   results   have   been  
achieved  yet  (Tange,  2008).

  The   European   norm   EN   13606   is   a   standard   created   by   the   European   Commission   of  

Normaliza7on   (CEN,   Comité   Européen   de   Normalisa7on)   for   the   exchange   of   electronic   medical  
informa7on  in  a  Electronic  Health  Records  system  (Stap  et  al.,  2007).  The  standard  is  not  compulsory  
for   member   states  but   it  is  recommended  to  include  it   in  na7onal  legisla7on  when   developing  EHR  
infrastructures.   The  syntax,   structure  and  seman7cs  of  EN  13606  have  a  lot  in  common  with   the  HL7    
version   3   standard  developed  by   ANSI   (American   Na7onal   Standard  Ins7tute).   The   differences  are  
currently  being  harmonized  by  the  Electronic  Healthcare  Records  Group.  

  A   clear  dis7nc7on  should  be   made  between  registering  and  exchanging   medical   informa7on  
(Stap   et   al.,   2007).   Registering   medical  informa7on   includes   recording,   modifying   and   elimina7ng  
informa7on   in   Health   Informa7on   Systems   (HIS).   De   CEN   standard   EN   13606   focuses   on   the  
communica7on  of   medical  records  between  informa7on  systems.  The  standard’s  goal  is  to  create  an  
interface  that  translates  informa7on  from  an  sender’s  informa7on  system  into  a  exchangeable  format  
(e.g.  EN  13606  format)  that  can  be  translated  again  into  the  recipient’s  informa7on  system  (Stap  et   al.,  

  Through  the  use  of  13606  adapters  the  exchange  of  informa7on  is  made  independent  from  the  
structure,   syntax   and   meaning   of   informa7on   stored   in   individual   provider’s   systems.   The   13606  
interfaces  are  responsible  for   coding  and  decoding  informa7on  in  the  provider’s  systems  to  an   EN  
13606   structure,   syntax   and   meaning   (Stap   et   al.,   2007).   De  standard   defines  what   informa7on   is  
exchanged  and  how  does  that  informa7on  looks  like  but  it  does  not  define  the  communica7on  form  to  
be  used.  The  use  of  the  EN  13606  standard  is  depicted  in  the  figure  17.

Towards a Healthy Cloud Page 132 of 218 Juan Hernández Colomina

Figure  17:  Usage  of  CEN  13606  Standard

  The  primary  goal  of   this  standard  is  to  specify   the  structure,  syntax  and  seman7cs  of  medical  
data  to  be  exchanged  by  healthcare  service  providers  (Stap  et  al.,  2007).  Healthcare  organiza7ons  can  
rely  on  standards  to  develop  applica7ons  that  can  seamlessly   communicate  with  other  providers.  The  
standard  has  five  parts  responsible  for   different   aspects  of   the  structure,   syntax   and   seman7cs  of  
informa7on.   This  five  parts  and  their   corresponding  coverage  of   these  aspects  are  depicted  in  figure  
18.  Moreover,  we  briefly  describe  each  of  the  five  parts  for  clarifying  purposes.

Figure  18:  Components  of  CEN  13606  Standard

• Part  1,   the  reference  model:  this  part  of  the  standard  specifies  the  generic  model  for  exchange  of  
EHR  data  which  is  the  basic   structure  for  all  the  exchangeable  medical  informa7on.   The  structure  is  
created  by   hierarchically   decomposing   an  EHR   extract   which   is  the  whole  medical  record   of   a  
pa7ent   or   a  part   of   it.   An   EHR   extract   contains   one   or   more  folders   containing   one   or   more  
composi7ons   each.   A   composi7on   contains   one   or   more   sec7ons   and   one   or   more   nested  
subsec7ons   with   entries.  An  entry   contains  one  or   more  elements   and/or   a  cluster   of  elements  
(Stap  et  al.,  2007).  
• Part   2,   archetypes   interchange:   the  second  part   of  the  standard  is  concerned  with   the  syntax,  
structure  and  seman7cs  of   informa7on.   It   does  not   include  medical  informa7on  but   rather   the  

Towards a Healthy Cloud Page 133 of 218 Juan Hernández Colomina

tools   to   define   medical   concepts   and   its   rela7onships   that   can   be   understood   and   used   by  
different  care  providers.  Once  an  archetype  has  been  created  it  can  be  directly  used  by  healthcare  
providers.   During   the   informa7on   exchange   instances   of   archetypes   are   communicated   which  
contains  the  data  over  a  specific  pa7ent  (Stap  et  al.,  2007).  
• Part   3,  reference  archetypes  and  terminology:   In  this  third  part  of  the  standard  the  seman7cs  of  
the  aOributes  from   the  first  part  are  specified.  It  determines  which  values  the  aOributes  can  have  
to  facilitate  its  correct   interpreta7on   when   they   are  exchanged.   Moreover,   it   defines  reference  
archetypes  to  be  used  with   openEHR  and   HL7   version  3.  This  defini7ons  of  archetypes  are  meant  
to  provide  examples  on  how  to  use  those  archetypes  with  openEHR  and  HL7  (Stap  et  al.,  2007).  
• Part   4,   security   requirements   and   distribu*on   rules:   Security   and  reliability   are  two  important  
requirements  for  exchanging   medical  informa7on.  This  part  of   the  standard  focuses  on  describing  
a  security  and  access  model  for  a  EHR  extrac7on,  specifying  what  is  needed  when  exchanging  such  
an  extract   (Stap  et  al.,  2007).   The  standard  includes  role  based  access  control,  access  rules,  access  
management,  informa7on  sensi7vity  assessment  and  access  policies.
• Part   5,   interface   specifica*ons:   this   last   part   of   the   standard   specifies  the   interfaces   to   the  
func7onality   described   in   the  other   four   parts  of   the  standard.   It   includes   defini7ons  of   three  
interface  domains:  request  EHR   extract,  request  archetype  and   request   audit  log  extract  (Stap  et  
al.,  2007).

4.6. Interoperability
  According  to  the  ISO-­‐TR-­‐20514  standard  there  are  two  specializa7ons  (or  types)   of  basic  EHRs,  
shareable  EHRs  and  non-­‐shareable  EHRs.  Moreover,   there  is  one  specific  type  of  shareable  EHRs,  the  
integrated  ICEHR.  In  order  to  share  informa7on  in  integrated  ICEHR  we  need  to  consider  two  types  of  
interoperability:   func7onal  and  seman7c   interoperability.  Func7onal  interoperability   is  the  capability  
of   two   or   more   systems   to   exchange   informa7on.   Seman7c   interoperability   is   the   capability   of  
understanding  the  informa7on  being  shared  according  to  the  previously   defined  domain  model  (ISO,  
2005).   Seman7c   interoperability   is  an   essen7al  requirement   for   automated  informa7on  processing  
and  it  implies  agreements  between  sender  and  receiver  regarding  standardizes  EHR  reference  models,  
service  interface  models,  domain  specific  concept  models  and  terminologies  (ISO,  2005).  

  In  order  to  provide  effec7ve  integrated  care  services  the  informa7on  gathered  must  be  7mely  
exchanged   among   care   providers.   The   standardiza7on   of   domain   concepts,   terminologies   and  
archetypes  is  essen7al  to  facilitate  interoperability   (ISO,  2005).  The  fundamental  characteris7c  of  an  
ICEHR  is  a  standardized  logical  informa7on  model  based  on  widely   accepted  standards  (e.g.   ISO,  CEN  
&  HL7).  A  logical  informa7on  model  determines  the  structure  and  rela7onship  of  informa7on  and  it   is  
plaxorm  and  technology  independent.

  Interoperability   of   heterogenous  informa7on   systems  is   crucial   for   the  success  of   the   EPD  
ini7a7ve  (NICTIZ,  2009).  In  order   to  achieve  inter-­‐organiza7onal  system  interoperability   it  is  necessary  
to   define   beforehand   the   standards   to   be   used   in   processes   (procedures   and   guidelines),  
communica7on   (messages,   reports,  overviews,   security,   etc.)   and  languages  (structure,   terminology  
and   coding).   The   basic   infrastructure   of   the   EPD   project   includes   the   following   communica7on  

Towards a Healthy Cloud Page 134 of 218 Juan Hernández Colomina

standards:  usage  of  BSN  numbers  to  iden7fy  pa7ents,  usage  of  UZI  card  to  iden7fy  providers,  technical  
implementa7on   of   communica7on   within   the   infrastructure   and   the   requirements   to   become   a  
system  provider  (GBZ  or  Goed  Beheer  Zorgsysteem  in  Dutch).  

  In  the  Dutch  healthcare  sector   some  processes  take  place  at   regional  level   without   requiring  
connec7vity   with  other   infrastructures  outside  that  region.  These  regional  infrastructures  do  not  oren  
comply  with  the  security   requirements  and  standards  defined  by  the  EPD  project.  However  they  need  
to  be  integrated  in  the  na7onal  infrastructure  in  order   to  facilitate  the  exchange  of  informa7on  across  
regions  (NICTIZ,  2009).  In  order   to  integrate  this  regional  efforts  in  the  na7onal  infrastructure,  a  series  
of  collabora7ve  ini7a7ves  have  been  launched  that  include  care  providers,   insurers,   ICT  organiza7ons  
and  local  public   bodies.   Due  to  the   reduced  size  of  this  regional  collabora7ons  implementa7ons  are  
accomplished  faster  and  innova7ons  emerge  fluently  (NICTIZ,  2009).

4.7. AORTA  Basic  Architecture  &  Interac*ons

  In  order   to  provide  an  overview   of  the  EPD   infrastructure,   we   have  created   an  architecture  
diagram   of   the   AORTA   basic   infrastructure   including   all   components   involved   and   their   basic  
interac7ons  (see  figure  19).  For   clarifying  purposes  the  architecture  includes  only   two  qualified  GBZ  
healthcare  providers,  each  with  his  own  ZSP   provider.   Moreover,  the  interac7ons  depicted  represent  a  
single   healthcare   encounter   of   one   pa7ent   and   the   process   of   retrieving   pa7ent   data   at   another  
encounter  with  another  healthcare  provider.

  AORTA  is  the  na7onal  basic  infrastructure  to  support  the  exchange  of  informa7on  in  the  Dutch  
healthcare   sector.   The   AORTA   infrastructure   includes   the   na7onal   switching   point   (LSP),   where  
cer7fied   healthcare  providers  (GBZ)   can   connect   using  their   cer7fied  infrastructure   (ZSP)   and   their  
cer7fied  sorware  (XIS).   These  main  components  of  the  AORTA  infrastructure  are   further  elaborated  
on  table  24  (Tange,  2008):

Table  24:  AORTA  Components

AORTA  Component Elements

Two  authoriza7on  
Ci7zen’s  social  security  numbers  (BSN)  and  providers  id  (UZI)
For  healthcare  providers  (GBZ),  connec7on  service  providers  (ZSP)  and  sorware  (XIS).  It  is  not  
possible  to  connect  to  the  na7onal  switching  point  without  having  these  cer7fica7ons.  The  
Three  cer7fica7on  
cer7fica7ons  include  three  type  of  requirements:  func7onal  (how  to  register  and  exchange  
informa7on),  implementa7on  (how  to  connect,  security  and  technical  performance)  and  
exploita7on  (procedures  to  keep  informa7on  accurate,  7mely  and  secure).
The  LSP  (Landelijke  Schakel  Punt  in  Dutch)  is  financed  and  maintained  by  Nic7z.  It  connects  the  
different  source  systems  at  na7onal  level  being  the  central  component  of  the  na7onal  
A  na7onal  switching   infrastructure  where  cer7fied  systems  (GBZ)  can  connect  to  exchange  data  on  a  point-­‐to-­‐point  
point basis.  The  func7ons  of  the  LSP  are  to  authen7cate  and  authorize  providers  and  cer7fied  systems  
(GBZ),  to  subscribe  pa7ent  in  its  index  and  to  route  requests  and  replies  of  standardized  data  
sets.  Moreover,  it  registers  all  data  accessed  and  by  whom.
A  library  of  messages Based  on  version  3  of  the  HL7  medical  communica7ons  standard

Towards a Healthy Cloud Page 135 of 218 Juan Hernández Colomina

  In  figure  19  the  EPD  workflows  between  all  actors  are  depicted  (Informa7epunt  EPD,  2009).  

Figure  19:  Basic  EPD  Architecture

  The  different  exchanges  of  informa7on  depicted  in  figure  19  are:

(C) At   a   healthcare   encounter,   the   healthcare   provider   register   the   pa7ent   data  in   his   own  
administra7on  and  informa7on  system.
(D) The  healthcare  provider  enlists  the  data  on  the  na7onal  switching  point  (LSP).   Enlis7ng  means  
in   this   context   communica7ng   the   fact   that   the   specific   organiza7on   (iden7fied   by   UZI  
number)   has   data  related   to   that   specific   pa7ent   (iden7fied   by   BSN   number).   The   “real”  
pa7ent  data  (e.g.   medical  condi7ons,   medicines  prescribed,  etc.)  remains  at  all  7mes  at  the  
organiza7on’s  informa7on  system.  
(E) Other  healthcare  providers  can  access  the  pa7ent’s  data  if  they  have  a  care  rela7onship  with  
the  pa7ent.   For  this  purpose,  they   request   first   from  the  LSP  a  list   of  which  providers  have  
informa7on  regarding  an  specific  pa7ent.  
(F) Arer  the  pa7ent  has  been  informed  and  he/she  has  authorized  the  exchange  of  informa7on,  
the  provider  can  retrieve  the  pa7ent  data  from  the  other  provider(s).

  From  the  architecture  diagram  we  can  iden7fy  three  main  steps  that  every  healthcare  provider  
must   complete  before  being   connected  to   the  EPD  infrastructure:   deploy   the  use   of   BSN   numbers,  
obtain  the  GBZ  cer7fica7on  and  implement  the  connec7on  to  the  LSP  (by   using  an  external  cer7fied  
ZSP  provider  or  by  obtaining  the  ZSP  cer7fica7on).

Towards a Healthy Cloud Page 136 of 218 Juan Hernández Colomina

4.8. Security  and  Privacy  Considera*ons
  Security,   reliability   and   privacy   are   important   challenges   when   implemen7ng   inter-­‐
organiza7onal   infrastructures,   specially   in  the  healthcare  sector.   To  deal   with   these  challenges,   the  
Dutch  government  has  developed  a  model  of  trust  that   covers  laws,  regula7ons,  informa7on  security  
and  control   that   determines  who  and  in  which  circumstances  can  share  informa7on   (NICTIZ,  2009).  
The   technology   applied   must   ensure   that   informa7on   is   securely   stored   and   transmiOed.   An  
appropriate   access  control   policy   must   guarantee  that   informa7on  is  accessed  only   by   authorized  
users  (ISO,  2005).

  The   EPD   infrastructure   contains  a  series   of   controls  to   detect   unauthorized   access.   These  
security   checks   are   distributed   across  the   infrastructure   and   focus   on   each   of   the  possible   weak  
points.   The   overall   security   system   is  called   GKI   (Grootschalige   Ketenbrede   Indringerstest)   and   it  
includes  three  security  policies:  PvE  GBZ,   PvE  ZSP  and  PvE  LSP.  These  policies  and  controls  are  depicted  
in  figure  20.

Figure  20:  Security  Policies  and  Controls  in  the  EPD  Infrastructure

Control Control

Register Register

Control Control Control

GBZ Control



Security Policies EPD

  As  shown  in  figure  20,  security  controls  have  been  placed  at  every  individual  component  of  the  
EPD   chain:   the   healthcare   organiza7on   (GBZ)   aiming   to   connect   to   the   switching   point   (LSP),   the  
sorware  applica7on   facilita7ng  the  connec7on  (XIS),   the  cer7fied  service  provider   that  facilitates  the  

Towards a Healthy Cloud Page 137 of 218 Juan Hernández Colomina

data  communica7on  (ZSP),  the  switching  point   (LSP)  and  both  external  registers  (SBV-­‐Z  &   UZI)  that  
facilitate  the  iden7fica7on  of  ci7zens  and  healthcare  providers  respec7vely.  For  the  main  three  blocks  
(GBZ,  ZSP  &  LSP)  specific  security  policies  have  been  developed.  The  controls  and  policies  main  goal  is  
to  detect  unauthorized  access  to  any  of  the  components  which  therefore  could  compromise  the  en7re  
EPD  chain.

  Pa7ent  iden7fica7on  in  the  Dutch  healthcare  sector  is  registered  using  Ci7zen  Service  Number  
(Burger   Service  Nummer,  BSN).   Although  this  number   is  used  for   several  purposes  (e.g.   taxes,   work  
permits,  etc.)  it  was  not  authorized  to  be  used  in  healthcare.  For  this  reason,   current  legisla7on  had  to  
be  modified,   a  process  that   took  three  years  to  be  completed  (Deutsch  &  Turisco,   2009).  In  order  to  
protect  pa7ent’s  privacy,  to  ensure  that  data  is  kept  up-­‐to-­‐date  and  to  improve  the  overall  security  of  
the  new   system,   pa7ent   data  is  not   stored  in   a  central  system   but   instead   real-­‐7me  gathered   and  
assembled  by   prac77oners  when  needed   (NICTIZ,   2009)   (Informa7epunt   EPD,   2009)  (Prou   &   Smit,  

  Only   healthcare   providers  that  have  a  treatment  rela7onship  with  a  pa7ent   can   retrieve   his/
her  data  from  the  EPD  infrastructure  (Informa7epunt  EPD,  2009).  To  protect   pa7ent’s  privacy,   pa7ents  
have  the  right  to  be  informed  and  must  be  able  to  block   his  dossier  (fully  or  par7ally)  from  exchange  
with  healthcare  providers  (all  or   some)  (Deutsch  &  Turisco,  2009).  When  pa7ent  data  is  enlisted  for  
the   first   7me   on   the   LSP,   the   pa7ent   must   be   informed   on   the   consequences   and   he/she   must  
authorize  the  exchange.  The  blocking  (and  unblocking)  right  can  be  applied  by  the  ci7zen  at  any  7me.  
Due  to  current   privacy   legisla7on  in  The  Netherlands,   before  enlis7ng  any   pa7ent   dossier   in  the  LSP  
for   the   first   7me,   the   organiza7on   must   inform   the   corresponding   public   body:   the   College  
Bescherming  Persoonsgegevens  (CBP).

  The  na7onal  switching  point   can  be  compared  with  a  traffic   control  tower   which  contains  a  
reference  index   to  locate  where  informa7on  about  a  specific  pa7ent   can  be  found  and  wether   it  can  
be  retrieved.  It   uses  ci7zen’s  social  security   number   (BSN   numbers)   to  iden7fy   the  subject   at   hand,  
and   it   uses   UZI   numbers   to   iden7fy   the   provider   reques7ng   the   informa7on   and   wether   he   is  
authorized   to   retrieve   that   specific   informa7on   (Prou   &   Smit,   2006).   Moreover,   the   Dutch  
government  provides  full  audit   results  to  pa7ents  regarding  access  and  modifica7ons  of  their  records,  
including   logs  on  who   accessed  the  data  and  what   type  of  informa7on  was  viewed  by   each  person.    
Moreover,   pa7ents  can  determine  if  they   want  to  opt   in,   opt  out   or  opt   in  with  restric7ons  (Deutsch  &  
Turisco,  2009).

  An  important   mistake  made  by   the  Dutch  government   in  the  development   of  their  EHR  was  
not   to  achieve  7mely   consensus   from   pa7ents  (Deutsch  &   Turisco,   2009).   The   government  tried  to  
obtain  pa7ent’s  general  agreement  once  the  system  was  built  and  ready   to  be  rolled  out  by  sending  
pa7ents   a   leOer   of   permission.   This   resulted   in   pa7ents   being   surprised   and   returning   300.000  
incomplete  or  inaccurate  leOers  which  lead  to  significant  delays  in  rolling  out  the  new  EHR.

Towards a Healthy Cloud Page 138 of 218 Juan Hernández Colomina

4.9. GBZ:  Good  Managed  Health  Informa*on  Systems
  The   Netherlands   has   established   a  cer7fica7on   program   for   EHRs   and   connec7on   service  
providers.  The  cer7fica7on   is  based  on  three  types  of  requirements:  func7onal,  implementa7on  and  
u7liza7on  requirements  (Deutsch  &  Turisco,   2009).  Func7onal  requirements  specify   how  to   store  and  
exchange  informa7on,   implementa7on   requirements  are   concerned   with  security   and   connec7vity  
issues,  and  u7liza7on  requirements  focus  on  processes  and  measures  to  maintain  informa7on  in  the  
EHR  as  accurate,  7mely  and  secure  as  possible.

A.  Defini*on  of  a  GBZ  organiza*on

  GBZ   is  the  Dutch  acronym  for  “Goed  Beheer  Zorgsysteem”  which  can  be  translated  to  English  
as  “Good  Managed   Health   System”.   Dutch  healthcare  organiza7ons  are  responsible  for   mee7ng   all  
GBZ   requirements  in   order   to   obtain  this   cer7fica7on  that   allows  them   to  connect   to   the  na7onal  
switching  point  (LSP)  of  the  EPD  infrastructure  (NICTIZ,  2006)  (NICTIZ,  2005).  

  A   GBZ   is   a   health   informa7on   system   (or   a   collec7on   of   systems)   which   can   be   used   to  
exchange   pa7ent   informa7on   with   other   healthcare   providers   through   the   na7onal  infrastructure  
AORTA   (Informa7epunt   EPD,   2009).   Providers   connect   to   other   providers   through   the   na7onal  
switching   point   (LSP).   To   connect   to   the   switching   point   providers   need   to   use   a   secure   data  
communica7on  network  provided  by  a  ZSP  qualified  provider.  The  switching  point  is  a  reference  index  
system  that  contains  informa7on  about   what  type  of  pa7ent  informa7on  is  stored  on  each  healthcare  
provider’s  system.   For   authen7ca7on   purposes,   providers  need   to   use   their   UZI  cards  and   server  
cer7ficates   when   connec7ng   to   the   LSP.   Moreover,   the   LSP   stores   extended   logging   on   what  
informa7on  is  accessed  by  each  provider.  

  According   to   the  PvE   GBZ   documenta7on,   a  GBZ   is   a  XIS   applica7on   or   a   collec7on   of   XIS  
applica7ons,   including   the   related   pa7ent   dossiers,   that   are   available   to   a   healthcare   provider,  
facilita7ng   the  exchange   of   pa7ent   data  through   a  health  informa7on   management   system   (ZIM),  
communica7ng   with   ZIM   through   a   network   address,   and   is   authen7cated   by   one   UZI   server  
cer7ficate  which  has  been  assigned  to  the   responsible   organiza7on  (Tesink,  2009).  This  includes  the  
measures  to  guarantee  that   data  is  only   accessed   by   authorized  individuals,   and  the  manuals  and  
procedures  for  the  users  and  administrators  of  those  facili7es.  In  other   words,  a  GBZ  includes  the  ICT  
capabili7es  used  by   a  healthcare  provider   where  one  or  more  XIS  cer7fied  applica7ons  are  connected  
to  the  na7onal  switching  point.  

  The   main  goal   of   the  GBZ  cer7fica7on  is  to  ensure  that  pa7ent  data  exchanged  through  the  
na7onal  switching  point   fully  complies  with   the  requirements  of   integrity  and  confiden7ality   (Tesink,  
2009).  The  importance  of  delimi7ng  the  scope  of  a  GBZ  organiza7on  is  explicitly  elaborated  in  na7onal  
policies  (IE  BVL  e04)  (Tesink,  2009).  

Towards a Healthy Cloud Page 139 of 218 Juan Hernández Colomina

  A  GBZ  organiza7on  must  be  able  to  iden7fy  always:

• The   fron7ers  of  the  GBZ  system  within  the  organiza7onal  ICT  infrastructure.
• When   and  how  pa7ent  data  cross  that  fron7er.
• Data  Confiden7ality:  How  is  ensured  that  pa7ent  data  is  not  accesses  by   unauthorized  individuals  
or  organiza7ons.
• Data  Integrity:   How  is  ensured  that  pa7ent  data  is  not  received  from  unauthorized  individuals  or  
• How   is  ensured  that   unauthorized  individuals  are  blocked  from  physical  access  to  parts  of   or   the  
whole  GBZ  system.

  The  fron7er  of  a  GBZ  organiza7on  is  delimited  by  the  sorware  and  system  used  to  connect,  the  
use  cases  where   pa7ent   data   leaves   the   organiza7on   and   the   security   measures   taken  to  prevent  
unauthorized   access  and   unauthorized   delivery.   Moreover,   the   hardware   used   must   have  enough  
capacity  to  handle  all  requests  within   the  required  response  7mes.  Moreover  there  must  be  enough  
disk  space  to  store  all  logs.   Once  data  has  been  received  from  another   qualified  healthcare  provider,  
the  GBZ  must  strictly  facilitate  the  following   four  ac7ons  (AE  OPV  e11)  (Tesink,  2009):   storing   data  as  
addi7on  to  the  pa7ent  dossier   temporarily  (for  a  maximum  of  48  hours)  where  it  can  be  modified  it   or  
deleted  it.        

B.  Examples  of  GBZ  systems

  For   clarifying   purposes   four   examples   of   GBZ   systems   are   illustrated   in   this  sec7on.   They  
include   a  PC   based   system   (e.g.   used   by   a  GP)  in  figure  21,   a  client/server   system  (e.g.   used  by   a  
Pharmacy)  in  figure  22,  a  mul7ple  client/server  system  with  a  communica7on  server   (e.g.   used  by  a  
hospital)  in  figure  23  and  a  Applica7on  Service  Provider  (HAP)  model  in  figure  24.

  Figure  21:  Example  of  PC  Based  GBZ         Figure  22:  Example  of  Client/Server  GBZ

Towards a Healthy Cloud Page 140 of 218 Juan Hernández Colomina

  Figure  23:  Example  of  Mul*ple  Client/Server  GBZ    Figure  24:  Example  of  Applica*on  Service  Provider  GBZ

C.  GBZ  Cer*fica*on  Requirements

  To  facilitate  the  evalua7on  of   GBZ   requirements,  NICTIZ  has  developed  a  checklist  that  can  be  
used   by   healthcare   organiza7ons   to   evaluate   the   readiness   to   obtain   the   GBZ   cer7ficate.   Only  
organiza7ons   that   can   answer   posi7vely   all  ques7ons  should  apply   for   the  cer7fica7on   as  they   are  
certain  to  meet   all  requirements.  The  checklist  is  included  in  appendix  I.  In  the  context  of  this  research  
(cloud  compu7ng  in  Dutch  healthcare),   availability   requirements  are  the   most  important  boOleneck  
and  therefore  they   should   be  carefully   evaluated.  A   GBZ  must   comply   with  the   following  availability  
requirements  (NICTIZ,  2005):

• A  A  GmBZ   must  be  able  to  handle  messages  24  hours  per  day  and  7  days  per  week.
• A  maximum   of  1  small  outage  per  month  and  it  must  be  solved  within  15  minutes.
• The  aximum   of  2  large  outages  per  year  and  they  must  be  solved  within  1  day.
• In  the  overall   yearly  availability  must  be  minimal  99,4%.
• 15  minutes case  of  new  pa7ent  data,  a  GBZ  must   register  it  at   the  na7onal  switching  point  (LSP)  within  
 in  the  case  of  new  data,  and  within  1   day  in  the  case  of  updates  or  data  that   has  been  
already  registered  at  least  once.
• The  response  7mes  of   communica7ons  between  a  GBZ  system  and   a  health   informa7on  broker  
(ZIM)  regarding  informa7on  requests  and  responses  are  the  following:
➡ Request  message  of  data  overview:  0,5  seconds.
➡ Response  message  with  data  overview:  0,5  seconds.
➡ Request  message  of  pa7ent  data:  0,5  seconds.
➡ Response  message  with  pa7ent  data  gathered:  on  average  2  seconds.
➡ Response  message  with  pa7ent  data  to  the  requester:  0,5  seconds.

Towards a Healthy Cloud Page 141 of 218 Juan Hernández Colomina

  For   clarifying   purposes,   the  response  7mes  applicable  to   GBZ   organiza7ons  are  depicted  in  
figure  25  and  26.

Figure  25:  Request  /  Responses  Times  for  Data  Overviews

Request / Response times for Data Overview

(a) 0,5 seconds




(b) 0,5 seconds 1 second

Figure  26:  Request  /  Responses  Times  for  Retrieving  Pa*ent  Data

Request / Response times for Patient Data

(c) 0,5 seconds 0,5 seconds


(e) 0,5 seconds 1 second (d) 2 seconds

  There  are  three  main  layers  of  GBZ  requirements:  applica7on  and  data  layer,  server   layer  and  
communica7on   layer.  Moreover,  the  standard  NEN7510  is  used  to  guarantee  appropriate  informa7on  
security  (NICTIZ,  2005).  The  requirements  per  layer  are  depicted  in  the  following  table  25:

Towards a Healthy Cloud Page 142 of 218 Juan Hernández Colomina

Table  25:  NEN7510  Requirements

Layer Requirements
•Use  of  UZI  cards  to  access  health  data  in  the  na7onal  infrastructure
•Logging  of  data  retrieved  and  delivered  from/to  other  organiza7ons  including  role  based  access  logs.
•Daily  backup  procedures  and  data  restore  procedures.
&  Data
•Storage  of  pa7ent  data  based  on  BSN  numbers  (ci7zen’s  social  security  numbers).  
•Data  must  be  sing-­‐in  at  the  LSP  before  use  in  the  na7onal  index  system  (Verwijsindex  VWI).  

•Every  GBZ  must  be  registered  at  the  na7onal  UZI  register  and  obtain  an  UZI  issued  server  cer7ficate.  
•To  connect  to  the  LSP  every  GBZ  must  iden7fy  itself  with  their  UZI  server  cer7ficate.  
•The  authen7ca7on  of  GBZ  takes  place  through  SSL  version  3.0  or  TLS  version  1.0  standards.  
•Storing  the  private  key  of  the  cer7ficate  on  the  server  must  include  encryp7on  mechanisms.
•Each  GBZ  can  exclusively  communicate  through  their  ZSPs  to  the  LSP.  
•Access  to  the  opera7ng  system  or  to  the  GBZ  must  be  protected  with  login  and  password  combina7on.
•The  system  administrator  must  ensure  that  the  opera7ng  system  of  a  GBZ  is  securely  deployed  and  updated.
•File  and  mail  servers  must  be  protected  by  an7  virus  sorware.

•Incoming  and  outgoing  requests  must  be  accurately  handle.  

•No  request  must  be  lost  even  if  the  receiver  is  not  available  at  a  certain  moment.  
Communi-­‐ •The  following  standards  must  be  followed:  HL7  version  3,  SOAP  1.1  /  WSDL  1.1  and  HTTP(S)  /  TCP/IP
ca*on •Communica7ons  must  be  protected  by  firewalls.  
•If  VPN  connec7ons  are  used  all  other  Internet  traffic  must  be  blocked.  
•Communica7ons  must  be  encrypted  by  using  SSL  version  3  /  TLS  version  1.0  and  a  session  key  of  128  bits.

D.  GBZ  Cer*fica*on  Process

  In   order   to   obtain   the   GBZ   cer7fica7on,   providers   need   to   comply   with   a   series   of  
requirements  specified   by   NICTIZ   on   their   document   “Programa   van   Eisen   voor   een   goed  beheer  
zorgsysteem  (GBZ)”  (Informa7epunt  EPD,   2009).  There  are  five  main  process  steps  to  obtain   the  GBZ  
cer7fica7on:   adap7ng   the   local   ICT   infrastructure,   adap7ng   the   organiza7on,   registra7on,   BSN  
numbers   implementa7on   and   GBZ   cer7fica7on   (Informa7epunt   EPD,   2009).   The   steps   and   some  
descrip7on   of   the   deliverables   from   NEN7510   are   shown   in   table   26.   An   overview   of   all   GBZ  
requirements  is  included  in  appendix  N.

Table  26:  NEN7510  Requirements

Step Descrip*on
One  of  the  main  requirements  to  be  able  to  connect  to  the  na7onal  switching  point  (LSP)  is  to  embed  
the  use  of  BSN  numbers  in  internal  ICT  systems  and  administra7on.  This  includes  the  technical  
implementa7on  in  the  internal  ICT  infrastructure  as  well  as  the  connec7on  to  the  register  (SBV-­‐Z).  
Adap*ng  the  
Another  important  requirement  is  that  the  connec7on  between  the  qualified  healthcare  provider  (GBZ)  
(internal)  ICT  
and  the  na7onal  switching  point  (LSP)  must  be  carried  out  through  a  data  communica7on  network  
provided  by  a  qualified  provider  (ZSP).  Moreover,  the  applica7on  connec7ng  to  the  LSP  must  have  
obtained  the  XIS  cer7fica7on.  In  order  to  comply  with  these  requirements  healthcare  providers  might  
need  to  adapt  their  current  ICT  infrastructure.

Towards a Healthy Cloud Page 143 of 218 Juan Hernández Colomina

Besides  the  technical  adapta7on,  healthcare  providers  need  to  adapt  also  their  organiza7onal  processes,  
including  training  employees  and  modifying  exis7ng  work  instruc7ons,  manuals  and  process  
descrip7ons.  The  organiza7on  must  ensure  that  there  are  work  instruc7ons  and  user  manuals  available  
related  to:  the  use  of  the  (new)  XIS  sorware,  the  use  of  BSN  numbers,  the  process  of  enlis7ng  pa7ent  
Adap*ng  the  
dossiers,  the  process  of  consul7ng  pa7ent  dossiers,  the  use  of  UZI  cards  and  the  process  of  informing  
pa7ents  about  the  EPD  infrastructure  and  their  rights.  The  organiza7on  needs  to  train  employees  to  
work  with  this  process  modifica7ons  in  order  to  ensure  accurate  process  performance.  Moreover,  the  
organiza7on  must  deploy  processes  that  enable  availability,  maintenance,  management  and  security  of  
the  (new)  ICT  infrastructure.
Once  the  internal  ICT  infrastructure  and  processes  have  been  adapted,  the  organiza7on  is  ready  to  
Registra*on  and  submit  their  enrollment  request  to  the  EPD.  This  includes  registering  the  organiza7on  as  qualified  
Enrollment healthcare  provider,  reques7ng  the  UZI  tools  (card,  reader  and  server  cer7ficate)  and  submiung  the  
request  for  connec7on  to  the  EPD  infrastructure
From  the  1st  of  June  2009  every  healthcare  provider  in  The  Netherlands  is  obliged  by  law  to  use  ci7zen’s  
BSN  numbers  in  their  administra7on  and  informa7on  systems.  This  is  also  a  requirements  to  be  met  
before  connec7ng  to  the  EPD  infrastructure.  In  order  to  embed  BSN  numbers,  organiza7ons  need  to  use  
Embedding  the   the  UZI  tools  (card,  reader  and  server  cer7ficate)  for  authen7ca7on  purposes.  The  use  of  these  tools  
use  of  BSN   have  already  been  documented  in  the  related  work  instruc7ons  and  process  descrip7on  (see  Adap7ng  
numbers the  organiza7on  above).  Moreover,  the  organiza7on’s  ICT  systems  have  already  been  adapted  to  include  
BSN  numbers  (see  Adap7ng  the  ICT  infrastructure  above)  to  facilitate:  the  request  of  a  pa7ent’s  BSN  
number  from  the  registry  (SBV-­‐Z),  the  storage  of  that  BSN  number  in  the  internal  administra7on,  and  to  
be  able  to  exchange  pa7ent  informa7on  based  on  a  BSN  number.
The  last  step  before  connec7ng  to  the  EPD  infrastructure  is  to  obtain  the  GBZ  cer7fica7on.  The  GBZ  
cer7fica7on  includes  requirements  that  can  be  grouped  into:  applica7on  requirements,  implementa7on  
requirements  and  management  requirements.

4.10.  ZSP:  Healthcare  Communica*on  Service  Providers

  A  cer7fied  ZSP  organiza7on   enables  the  secure  connec7on  of  a  GBZ  to  the  na7onal  switching  
point  (LSP).   NICTIZ  has  specified   the   requirements  for   ZSP   cer7fica7on   in  their  document  “Programa  
van  Eisen   voor   een  Zorgserviceprovider   (ZSP)”   (NICTIZ,   2009).   NICTIZ   defines  a  ZSP   as  a  legal  en7ty  
that   provides   services   to   healthcare   provider   by   connec7ng   a   GBZ   to   the   LSP   through   a   data  
communica7on   network   (DCN).   Besides   the  data   communica7on  network   a  ZSP   also   includes  the  
devices  needed  to  realize  the  connec7on  to  the  LSP.  

  Moreover,   the  ZSP   must   provide  a  series  of  services  to  GBZs  and  the  LSP   including  a  service  
desk  to  communicate  malfunc7ons  and  planned  maintenance,  and   to  support  the   con7nuity   of  the  
services  provided  (NICTIZ,  2009).   The  main  responsibili7es  of   the  ZSP  is  to  manage  the  connec7on  of  
the  GBZ   to  the  LSP   using  a  preven7ve,   correc7ve   and  adap7ve  approach.  The   requirements   can  be  
grouped  into   func7onal,   implementa7on  and  exploita7on  requirements.  A  complete  overview  of  all  
requirements   is   included   in   appendix   M.   Those   requirements   defined   as   op7onal   or   no   longer  
applicable  in  the  current  document  version  have  been  excluded  from  the  overview.

4.11.  XIS:  Cer*fies  Health  Informa*on  Systems

  The  XIS  cer7fica7on  is  a   essen7al   element  of   the  GBZ   cer7fica7on.   Healthcare  organiza7ons  
are  free  to  choose  the  sorware  provider  that   best   meet  their  needs.  The  only  requirement  is  that  the  
sorware  used  has  obtained  a  XIS   cer7fica7on.  Every  provider  that  facilitates  sorware  connec7vity  to  

Towards a Healthy Cloud Page 144 of 218 Juan Hernández Colomina

the  na7onal  infrastructure  must  obtain  the  XIS  cer7fica7on  for  its  sorware.   To  obtain  the  cer7fica7on,  
NICTIZ  runs  a  series  of  test  scripts  to  evaluate  the  sorware  connec7on  to  the  na7onal  switching  point  
(LSP).   If   all   scripts   are   completed   successfully,   NICTIZ   issues   the   XIS   cer7fica7on   to   the   sorware  
producer  (NICTIZ,  2006).  The  XIS  specifica7on  describes  the  requirements  for  messaging  and  security.  
The  cer7fica7on  is  obtained  once  by   the  sorware  producer   for  a  specific  sorware  product.  The  same  
sorware  can   further  be  installed  in  various  healthcare   organiza7ons  without  the  need   to  obtain  the  
XIS  cer7fica7on  for  each  deployment.

4.12.  Current  Status  of  the  EPD  project

  The  introduc7on  of  Electronic  Pa7ent  Records  in  The  Netherlands  (the   so  called   EPD  project)  
was   launched   by   the   Ministry   of   Health   (Ministerie   van   Volksgezondheid,   Welzijn   en   Sports)   in  
collabora7on  with  the  Na7onal  ICT  Ins7tute  in  Healthcare  (NICTIZ)  and  the  CIBG,  a  public  organiza7on  
responsible  for  a  number  of  public   registers  (e.g.  UZI  &   SBV-­‐Z  registers)  (Informa7epunt  EPD,  2009).  
  The   project   is   carried   out   following   an   incremental   approach   where   first   two   selected  
func7onali7es  are  deployed.  For  this  reason,  the  Ministry  has  chosen  the  medica7on  and  observa7on  
dossiers  to  be  the  first  ones  deployed  (Informa7epunt  EPD,  2009).  

  By   2008,   significant   progress   has  been   made   on   the  EPD   introduc7on   (NICTIZ,   2009).   The  
na7onal  infrastructure  and  standards  suppor7ng  the  first  two  selected  func7onali7es  (EMD  and  WDH)  
have  been  completed.  Pilot   projects  in  selected  regions  have  been  successfully  realized,  while  a  large  
number   of   healthcare  organiza7ons  and  ICT  providers  have  successfully   completed  the  accredita7on  
process  to  be  connected  to  the  basic   infrastructure  (LSP,  Landelijke  Schakel  Punt   in  Dutch).  Following  
these  two  func7onali7es,  the  project  will  con7nue  by   adding  informa7on  related  to  emergency  care,  
lab  informa7on  and  diabetes  treatments.

  The  law  for  the  use  of  ci7zen’s  social  security  numbers  (BSN  numbers)  in  healthcare  came  into  
force  the  1st  of  June  2009.  From  that  moment   all  healthcare  providers,  ins7tu7ons  and  insurers  in  The  
Netherlands  must  work  according  to  this  law  (Klink  &   Bussemaker,  2008).   According   to  TNS  research  
around  two  thirds  of   all  healthcare  organiza7ons  have  taken  measures  to  use  BSN  numbers  by   June  
2009.  The  rest  expects  to  be  ready  to  use  BSN  numbers  by  the  end  of  the  year  2009  (MVWS,  2009).  

  There  are  two  main  applica7ons  that   providers  need  to  use  when  working  with  BSN  numbers.  
One  to  iden7fy  and/or  control  the  BSN  number  of  a  pa7ent  (SBV-­‐Z)  and  a  second  one  to   check  if  the  
pa7ent  is  insured  (Vecozo).  These  two  applica7ons  have  experienced  a  significant  increase  in  demand,  
resul7ng   in   some   technical   malfunc7ons.   The   health   ministry   will   work   in   the   coming   months  to  
improve   the   robustness  of   these   two   applica7ons  improving   the  availability   of   the  SBV-­‐Z   and   UZI  
registers  which   do  not   comply   yet   with  the  requirement  of  24x7  up7me   (Klink   &   Bussemaker,  2008)  
(MVWS,   2009).  By  June  2009,  around  45%  of  healthcare  ICT  providers  have  obtained  the  cer7fica7on  
for  the  use  of  BSN  numbers  (BSN  Zorg  Keurmerk)  (Klink,  2009)  (MVWS,  2009).  

Towards a Healthy Cloud Page 145 of 218 Juan Hernández Colomina

  As  providers  need  to  iden7fy   themselves  to  connect  to  the  EPD  infrastructure,  there  have  been  
a  large  number  of  requests  for  provider’s  iden7fica7on  cards  (UZI  cards)  resul7ng   in  processing  delays  
(Klink  &  Bussemaker,  2008).  This  boOleneck  has  already  been  iden7fied  in  the  early   stages  of  the  EPD  
implementa7on.  Although  the  delay   has  been  par7ally  reduced  it  does  not  yet  fully   comply   with  the  
agreed  terms  (MVWS,  2009).  UZI  cards  and  server  cer7ficates  are  now  distributed  within  the  agreed  
7mes,  but  the  preceding  process  of  evalua7ng  subscrip7ons  for  healthcare  providers  suffers  a  delay  of  
10  days  above  the  previously  agreed  14  days.  

  The  total  number  of  healthcare  providers  to  be  connected  to  na7onal  switching  point  (LSP)   is  
6.368   composed   of   4.321   GP   offices,   127   GP   posts,   1.825   pharmacies  and   95   hospitals.   Un7l  the  
second   quarter   of   2009,   around   100   providers  have  been   connected   (MVWS,   2009).   The   ministry  
expects  to   connect   an  addi7onal  900   providers  by   the  end  of  2009,   including   450   GP   offices,  50  GP  
posts,   400  pharmacies  and  15  hospitals.   During  the  first  half  of  2010,  the  ministry  expects  to  connect  
another   2.500   providers.   By   the  second  quarter   of   2009,   the  na7onal   EPD   infrastructure  provides  
informa7on  of  around  360.000   pa7ents.   The  data  has  been  successfully   exchanged  around   400.000  
7mes  un7l  June  2009  (MVWS,  2009).

  Every   ci7zen   has  the   right   to   refuse  that   his   or   her   pa7ent   data  is  exchanged  through   the  
switching  point  (LSP).   Un7l  June  2009,  more  than   350.000   ci7zens  are  excluded  at   their  own  request  
(Klink,  2009).  

  The  financial  costs  of  the  EPD   project  have  been   recently   reported  by   the  Ministry   of  health  
(Klink,   2009).   By   January   2009,   around  90   million  euros  have   been   expended   in   development   and  
deployment  of   the  EPD   infrastructure.  This  amount  can  be  further  subdivided  into  67  million  for   the  
development  of  the  na7onal  infrastructure  (LSP,  UZI  registry   and  BSN  control  system),11  million  euros  
to  support   deployment,   pilots   and  evalua7ons,   3,6   million  euros  for   communica7on  and   7,9   million  
euros  for   subsidies  to  providers.  The  Ministry  is  also  planning  to  research  the  Total  Cost  if  Ownership  
(TCO)  of  ICT   in  the  healthcare  sector.   The  conclusions  of  this  research  will  be  presented  by  the  end  of  
2009  (Klink,  2009).

  An   extension  of   the  EPD  project   currently   being  planned  by   the   Ministry   of  Health  is  pa7ent  
access  to  his  or  her  data  being  shared  through  the  na7onal  infrastructure  (Klink,  2009).  The  goal  is  to  
provide  ci7zens   not   only   with   access  to  view   their   data   but   also  to   be  able  to  digitally   refuse  the  
disclosure  of  his  or   her   personal  data.   Moreover,   as  the  first  two  func7onali7es  have  been  deployed  
with  success,  the  next  steps  in  the  EPD  agenda  will  be  ini7ated  in  the  near  future.

Towards a Healthy Cloud Page 146 of 218 Juan Hernández Colomina

4.13.  Sec*on  Summary
  According   to   the   Dutch  government,   ICT   is  an  important   enabler   to   cope  with  current   and  
future  challenges  in  healthcare  (e.g.   age  distribu7on,   pervasive  and   care  intensive  illnesses,   etc.)   as  
well   as   to   improve   the   sustainability   (e.g.   cost   efficiency)   of   the   current   system.   On   one   hand  
healthcare  organiza7ons  can  leverage  ICT  solu7ons  to  support  medical  research  and  prac7ces,   while  
on   the   other   hand  they   can  be  applied   to   improve  the  cost   efficiency   of   the  system.   The  growing  
governmental  interest  on  leveraging  ICT  for   healthcare  is  reflected  for  example  on  the  introduc7on  of  
electronic   pa7ent   records  (the   EPD   project)   which   aims   to   improve   the   quality,   accessibility   and  
affordability   of  care  services.   However,   the  Dutch  government  has  limited   enforcing   power   on  how  
healthcare  organiza7ons  operate  as  the  Dutch  health  system  is  predominantly  private.  

  In  order   to  s7mulate  the  use  of  ICT   in  Dutch  healthcare  the  government   created  the  NICTIZ  
organiza7on  which   is  responsible  for   the  realiza7on  of   the  EPD  infrastructure  in  collabora7on   with  
pa7ent’s   associa7ons,   healthcare  providers,   insurers,   ICT   providers  and   public  ins7tu7ons.   The   main  
goal  of  NICTIZ  is  to  develop  and   maintain  the  basic  infrastructure  (AORTA)  that  supports  the  na7onal  
exchange  of  electronic  pa7ent  records,  including  the  related  standards  and  cer7fica7on  programs.  

  The  EPD   project   was  primarily   launched  to  improve  the  quality   of   care   by   enabling   7mely,  
accurate  and   secure  informa7on  exchange  among  healthcare   providers.   It   is  important  to  note  that  
electronic   pa7ent  records  are  a  delimited  type  of  electronic  health  records  that  include  informa7on  to  
support  a  specific  treatment   or  care  process  rather   than  providing  a  holis7c  view   of   a  pa7ent’s  health  
status.   For   this  reason,   the   informa7on   exchanged  through  the  EPD   infrastructure  is  limited  to  the  
relevant  parts  needed  at  a  certain  moment  in  7me  by  a  healthcare  provider.  

  Family   doctors   (General  Prac77oners  or   GPs)   are  one   of   the   most   important   actors  in   the  
Dutch   healthcare   system.   They   are   the   first   point   of   contact   for   pa7ents   (except   in   case   of  
emergencies)   and  they   have  the  decision   power   to  refer   pa7ents  (or   not)  to  other   specialists.   The  
9.000   family   doctors  in  The  Netherlands   currently   solve  around  95%  of   all  primary   care  condi7ons.  
There  is  a  clear   need  for  electronic  collabora7on   between  GPs  and  other  medical  actors  as  the  great  
majority  of  them  work  alone  or  share  their  office  with  one  or  two  other  clinicians.  When  analyzing  the  
use  of  ICT   in   GP   offices,   we  observe  high  levels  of   computeriza7on  when  genera7ng   prescrip7ons,  
using   electronic   medical  records,   accessing   test   results   or   maintaining   their   own  administra7on   in  
computer   based   informa7on   systems.   However,   we   find   lower   levels   of   automa7za7on   when  
accessing  a  pa7ent’s  medica7on  history.

  Although  collabora7on  between   clinicians  is  becoming   more  important  due   to   the  increasing  
number   of   sicknesses  that   require   mul7-­‐disciplinary   approaches,   only   half   of   the   GPs   can   share  
records  electronically   with   prac77oners   outside   their   workplace.   Very   few   GPs  receive   electronic  
alerts  to  provide  pa7ents  with  test  results,  access  a  pa7ent’s  hospital  record,  order  tests  electronically  
or  provide  pa7ents  with  access  to  their  test  results  electronically.  The  need  for  electronic  collabora7on  

Towards a Healthy Cloud Page 147 of 218 Juan Hernández Colomina

is  also  reflected  on  the  fact  that   almost  half  of  the  popula7on  have  experienced  medical  problems  due  
to   the  lack   of   coordina7on   among   prac77oners.   Around   one   out   of   ten   GPs   have   repeated   tests  
because  the  results  were  not  available.   Collabora7on  is  therefore  cri7cal  to  improve  the  quality   of  care  
and  achieve  cost  efficiencies.  

  In   order   to   foster   collabora7on   between   healthcare   actors,   the   Dutch   government   has  
launched  the  EPD  ini7a7ve  in  2008.  The  main  goal  of  this  ini7a7ve  is  to  improve  the  quality   of  care  
services  by   sharing   medical  informa7on   in  a  fast   and   reliable   manner.   By   7mely   sharing   accurate  
pa7ent  informa7on  clinicians  can  prevent   communica7on  errors  that  can  have  fatal  consequences  for  
a  pa7ent’s  health.  

  The  EPD  ini7a7ve  includes  several  sub-­‐projects   that   are   being   implemented  following  a  top-­‐
down  incremental  approach  from   2008   to  2013.  The  first   two  func7onali7es  to  be  implemented  are  
electronic  pa7ent  drug  prescrip7on  records  (EMD,  Electronisch  Medica7edossier)  and  GPs  observa7on  
records  from  service  encounters  at   point   of  service  loca7ons  (WDH,  Waarneemdossier   Huisartsen).  
The   EPD   project   is  managed   by   two   governance   bodies,   the   plaxorm   for   ICT   and   innova7on   for  
defining  the  EPD  agenda  and  the  steering  commiOee  ICT  &  innova7on  responsible  for  decision  making  
and  the  direct  management  of  implementa7on  projects.  

  The  EPD  infrastructure  consists  of  a  basic  “empty”  infrastructure  (AORTA)  containing  index  and  
reference  systems  (LSP)  that  connects  all  individual  sources  were  pa7ent  informa7on  is  registered  and  
stored.   It   is  important   to   note  that   pa7ent   informa7on  is  not   stored   on   a   central  repository   but   it  
remains   at   its   origin   (e.g.   hospital,   GP   office,   etc.)   and   it   is   gathered   on   demand.   With   this  
construc7on,  data  can  be  kept   always  updated   minimizing  the  delay  between   informa7on  genera7on  
and  its  availability  to  other  prac77oners.

  The  actors  related  to  the  EPD  project   are  very   diverse  and  with  different  perspec7ves  on  the  
project.   The   ministry   of   health   and   pa7ent   organiza7ons   are   among   the   actors   that   are   highly  
suppor7ve  of  the  ini7a7ve  and  have   strong  influence  on  its  adop7on.  GP   organiza7ons  on  the  other  
hand  are  not  very  suppor7ve.  This  can  become  a  significant  barrier  for  adop7on  as  they  also  have  a  lot  
of  influence  on  the  use  of  the  envisioned  system.  

  There  are  several  laws  related  to  the  EPD  regula7ng  the  use  of  ci7zen’s  numbers  in  healthcare  
(Wet  gebruik  burgerservicenummer   in  de   zorg),   the   characteris7cs  of  the  infrastructure  (Wet  op  het  
EPD),   the  use  of  personal  informa7on  (Wet   Bescherming  Persoonsgegevens)   and  the  treatment   of  
pa7ents  (Wet   op  Geneeskundige  behandelingsovereenkomst)  among  others.  It   is  important  to   note  
that  par7cipa7on  of  healthcare  organiza7ons  is  currently  non-­‐compulsory  and  contractually   regulated  
by   bilateral   agreements   between   NICTIZ   and   each   individual   provider.   The   government   plans   to  
enforce  par7cipa7on  by  law  in  the  coming   years  as  for  the  success  of  the  system  all  providers  need  to  
be  connected  to  the  infrastructure.  Exis7ng  regional  switching  points  will  be  integrated  on  the  na7onal  
switching  point  (LSP).  

Towards a Healthy Cloud Page 148 of 218 Juan Hernández Colomina

  The  standards  used  on  the   EPD   infrastructure  are  HL7   version  3   for   message  specifica7ons,  
WSDL  and  SOAP  for   web-­‐service  descrip7ons  and  access,  HTTPs  and  TCP/IP  for   communica7ons  and  
the  CEN  13606   for  concepts  in  process  descrip7ons  and  informa7on  models.  NICTIZ  has  chosen  these  
standards  to   facilitate   the  exchange   of   informa7on   independently   from   the   structure,   syntax   and  
seman7cs  used  at  individual  provider’s  systems.  

  In   order   to   guarantee   interoperability   between   provider’s   systems,   the   EPD   ini7a7ve   has  
established   three   cer7fica7ons   that   healthcare   providers   must   obtain   before   connec7ng   to   the  
na7onal   infrastructure.   These   programs   are   the   Good   Managed   Healthcare   Organiza7on   (GBZ)  
cer7fica7on,   the  Healthcare   Service  Provider   cer7fica7on  (ZSP)  and  the  Cer7fied  Health  Informa7on  
System   cer7fica7on   (XIS).   The  XIS  cer7fica7on  is  meant   to  ensure  that   sorware  connec7ng   to   the  
na7onal  infrastructure  complies  with  the  requirements  established  by  NICTIZ.   The  ZSP  cer7fica7on   is  
designed  to  enabled  the  secure  connec7on  of  a  GBZ  cer7fied  healthcare  provider   (an  his  XIS  cer7fied  
sorware)  to   the   na7onal  switching  point  (LSP).  The  GBZ   cer7fica7on   aims  to  ensure  that  exchanged  
pa7ent   data   complies  with   the  requirements  of   integrity   and  confiden7ality.   GBZ  requirements  are  
divided   into  three   layers:   applica7on,  communica7on   and  server.   The  requirements  focus  mainly   in  
guaranteeing  the  accuracy,  availability  and  security  of  informa7on  exchanges.

  AORTA   is   the   basic   infrastructure   suppor7ng   the   exchange   of   informa7on.   It   includes  two  
registers  (BSN  and  UZI  registers)  for  actor   iden7fica7on  purposes  and  one  switching  point  (LSP)  where  
providers  can   connect   if   they   have  obtained   the  required  cer7fica7on   (XIS,   GBZ  and   ZSP).   For   each  
type  of  cer7fica7on  specific  requirements  are  described  in  three  areas:  func7onality  (how  to  store  and  
exchange  informa7on),  implementa7on  (security  and  connec7vity   issues)   and  exploita7on  (processes  
and  measures  to  keep  informa7on  as  accurate,  7mely   and  secure  as  possible).  These  requirements  are  
mandatory  to  obtain  and  maintain  the  cer7fica7on.  

  Security,  reliability  and  privacy   are  crucial  elements  of  every  inter-­‐organiza7onal  infrastructure.  
This  is  specially   relevant   in   the  healthcare   sector   due  to   its  high  impact   of   ci7zen’s  lives.   For   this  
reason,  NICTIZ  has  placed  controls  at  each  component  of  the  infrastructure  and  has  developed  three  
security  policies  for  GBZs,  ZSPs  and  the  LSP.  Access  to  pa7ent’s  informa7on  is  limited  to  providers  that  
have   a   treatment   rela7on   with   that   pa7ent,   based   on   previous   encounters   and/or   arer   explicit  
authoriza7on  from  that  pa7ent.   Moreover,  pa7ents  can  at  any   moment   in  7me  block  access  to  some  
or   all  his/her   data   and/or   limit   or   block   the  access  of   certain   providers   to   that   data.   To   facilitate  
forensic   analysis,   pa7ents   can  obtain  an   audit   report   containing   informa7on   on  who  has  accessed  
their  data,  what  data  has  been  accessed  or  modified  and  when.

  Arer  successfully  having  completed  the  first  two  pilots,  the  two  ini7al  func7onali7es  are  being  
rolled  out  to  all  providers.  Un7l  June  2009,   more  than   350.000   ci7zens  have  been  excluded  from  the  
infrastructure  at   their   own  request.   At   that   7me,   the  EPD  contained  informa7on  about   more   than  
360.000  pa7ents  serving  400.000  exchanges  of  informa7on.

Towards a Healthy Cloud Page 149 of 218 Juan Hernández Colomina

5.  Answers  to  Research  Ques*ons  Phase  2
  To  summarize  our   findings   from   this  research   phase  we   provide  in   this  sec7on   the  specific  
answers  to  the  related  research  ques7ons.

5.1. What   are   the   current   trends,   challenges   and   opportuni*es   in   the   Dutch  
Healthcare  sector?  
  The   healthcare  sector   has  not   only   a  high  impact  on   ci7zen’s  lives  but   also  on  their  na7onal  
economies.   One   of   the   main   differences  between   the  healthcare  sector   and  other   sectors   is  that  
ci7zens  are  both  consuming  and  funding  care  services  (through  taxes  and/or  insurance  bills).  Although  
the   healthcare   sector   in   The   Netherlands   is   one   of   the   most   priva7zed   systems   in   the   EU   its  
sustainability   is  challenged  by   the   increasing  demand  of  care  services  as   well  as  by   the   decreasing  
ci7zen’s  tolerance  for   medical  errors.   Healthcare  is  the  number   one  non-­‐economic   issue   for   Dutch  
ci7zens.   Although  in  general  ci7zens  are  sa7sfied  with  the  quality  of   care  services  obtained,  there  is  a  
significant   gap   between  the   quality   of   services  and   their   accessibility   and   availability   specially   for  
specialist’s  care.

  The  demand   of   services  increases  among   other   developments   due  to  demographic   changes  
(e.g.   longer   life  expectancies  and  lower   birth   rates),   pervasive  and  difficult  to  treat   sicknesses   (e.g.  
cancer),   the  rapid  spread  of   illnesses   (e.g.   H1N1)   and   new   unhealthy   lifestyles   (e.g.   higher   average  
weight   and   increasing   alcohol   consump7on).   In   order   to   deal   with   these   issues,   healthcare  
organiza7ons   need   to   con7nuously   find   new   methods   for   delivering   qualita7ve   services   to   more  
ci7zens  with   the  same  amount   of   resources  by   predic7ng,   preven7ng   and   trea7ng   illnesses  more  
efficiently   and   effec7vely.   Mostly   as   a  result   of   the   growing   demand  of   services,   yearly   healthcare  
costs   are   also   increasing   significantly,   in   some   cases   even   faster   the   na7onal  GDP.   Collabora7on  
between   medical   prac77oners   is  a  increasingly   important   requirement   not   only   to   guarantee   the  
sustainability  of  current  healthcare  systems  but  also  to  7mely   react  to  global  threats  while  improving  
the  con7nuity  of  care  services  delivered  to  ci7zens.

  In   order   to   cope  with   current   and   future   challenges  the  Dutch   healthcare   sector   needs  to  
con7nuously   improve  the  quality   and  opera7onal  efficiency   of   care   services.   For   this  purpose,   the  
Dutch  Ministry   of  Health  has  ini7ated  a  reform  of  the  healthcare  system  in  2006  with  the  introduc7on  
of   a   compulsory   private   insurance   for   each   ci7zen.   As   a   part   of   this   transforma7on,   the   Dutch  
government  has  started  in  2008  with  the  introduc7on  of  an  na7onal  electronic  pa7ent  record  system  
(EPD)  in  order  to  improve  the  quality  and  accessibility  of  healthcare  on  a  cost  efficient  manner.      

Towards a Healthy Cloud Page 150 of 218 Juan Hernández Colomina

5.2. What  is  the  current  role  of  ICT  in  the  Dutch  Healthcare  sector?  
  There   is   a  significant   poten7al   for   improvement   in   leveraging   ICT   solu7ons   in   healthcare.  
Although  the  healthcare  sector  is  one  of  the  most  informa7on  intensive  ones,  the  use  of  technological  
innova7ons  is  below  other  less  informa7on  intensive  industries.  Nevertheless,  there  is  a  large  number  
of   documented   benefits  linked   to   the  adop7on   of   certain   ICT   solu7ons  like  for   example   improved  
quality,  cost  efficiencies,  larger  process  throughputs,  the  reduc7on  of  medical  errors,  beOer  informed  
ci7zens   and  providers,   streamlined  processes,   improved  safety   and  7mely   care   delivery.   The  proper  
use  of  technology   can  help  to  foster  healthy   ci7zen’s  behavior  and  to  protect  them   from  large  scale  
threats  while  increasing  the  availability  of   services  and  mee7ng  growing  demand  on  an  effec7ve  and  
efficient  manner.

  Family   doctors   (General  Prac77oners  or   GPs)   are  one   of   the   most   important   actors  in   the  
Dutch  healthcare  system  currently   solving  around  95%   of  all  primary   care  condi7ons.  There  is  a  clear  
need  for  electronic  collabora7on  between  GPs  and  other  medical  actors  as  the  great  majority  of  them  
work  alone  or  share  their  office  with  one  or   two  other   clinicians.  When  analyzing  the  use  of   ICT  in  GP  
offices,  we   observe  for  example  low  levels  of  automa7za7on   when  accessing  a  pa7ent’s  medica7on  
history   while  only   50%  of  all  GPs  can  share  informa7on  electronically   with  prac77oners  outside  their  
workplace.  Moreover,  very  few  GPs  can  access  a  pa7ent’s  hospital  record,   order  tests  electronically   or  
provide  pa7ents  with  electronic  access  to  their  test  results.

  From  a  Dutch  ci7zen  perspec7ve   there  is  also  a  clear   need  for   increasing  computeriza7on  to  
enable   collabora7on  between  clinicians.  Almost   50%  of   all  Dutch  ci7zens  have  experienced  medical  
problems  due   to   the  lack   of   coordina7on   while  around   10%   of   the   GPs  have   had   to   repeat   tests  
because  the  results  of  previous  tests  were  no  longer  available.

  The  Dutch  government  considers  ICT  as  an  important   enabler  to  cope  with  current  challenges  
in  healthcare  while  improving  the  system’s  sustainability.   Not   only   can  technology   support   medical  
prac7ces   to   improve   quality   but   it   also   can   enable   significant   improvements   in   opera7onal   cost  
efficiency.  This  perspec7ve  is  reflected  on  the  introduc7on  of  electronic   pa7ent  records  (EPD  project)  
which  aims  to  improve  the  quality,  accessibility   and  affordability   of  care  by   enabling  7mely,   accurate  
and  secure  informa7on   exchange  between  healthcare  organiza7ons.  However,  it   is  important  to   note  
that  due  to  the  private  character  of  the  Dutch  healthcare  sector,   the  government   has  liOle  enforcing  
power  in  how  healthcare  organiza7ons  work.  For  this  reason,  the  Dutch  government  has  created  the  
NICTIZ   organiza7on   responsible   for   s7mula7ng   the   use   of   ICT   in   healthcare   as   well   as   for   the  
realiza7on  of  the  EPD  project  in  collabora7on  with  other  healthcare  actors.   The  main  goal  of  NICTIZ   is  
to   develop   and   maintain   the   basic   infrastructure   (AORTA)   suppor7ng   the   electronic   exchange   of  
medical  data  (EPD),  including  the  needed  standards  and   cer7fica7ons.  In  order  to  limit  the  scope  of  
our   research   we   have  focused   our   analysis   on   this   project   which   is  one   of   the  largest   and   most  
significant  ICT  projects  in  the  Dutch  healthcare  sector.

Towards a Healthy Cloud Page 151 of 218 Juan Hernández Colomina

  In  previous  research  we  can  find  significant   benefits  from  the  use  of  electronic  medical  records  
systems.   By   increasing   the  availability   of  accurate,   complete  and  relevant  clinical   data  organiza7ons  
can  reduce  medical  errors  in   diagnosis,  medica7on  and  treatments  and  thus  improving   the  quality  of  
services.  Moreover,   by   sharing   informa7on  among   prac77oners,  redundant  tests  are  eliminated  and  
processes  are  streamlined  resul7ng   in  a   significant  larger   throughput.  In   previous  work  we  can   also  
find  a  series  of  barriers  for  the  adop7on  of  technology  in  healthcare.  The  most  important  barriers  are  
security  and  the  cost  of  technology,  followed  by  the  lack  of  interoperability  with  exis7ng  solu7ons  and  
legal  and  privacy  issues.  

  The  introduc7on  of  the  EPD  infrastructure  implies  high  levels  of  computeriza7on  not   only  for  
governmental  bodies   but  also  for   healthcare  providers  of   all  kinds  and  sizes.   However,  the  size  of  a  
provider   can  influence   the  adop7on  of  this  system   as  many   clinics  are  too   small  for   leveraging  high  
investments   in   IT.   For   this   reason,   organiza7ons   need   to   find   new   ways   to   reduce   the   costs   of  
technology  by  for  example  outsourcing  it  or  joining  forces  with  other   clinicians  to  achieve  economies  
of  scale.

  Technology   can  support   healthcare  organiza7ons  in   achieving   their   two  most   relevant   goals:  
improve  the   quality   of   services  and   cost   efficiency.   Healthcare  providers   can   for   example  leverage  
technology   to   improve  the  quality   of  care  services   by   automa7ng   processes   (thus  reducing   human  
mistakes),   by   enabling   7mely   decision   making   (based   on   the  7mely   exchange   of   accurate  pa7ent  
informa7on)  and  bridging   the  current  gap  between  the  quality  of  services  and  their  accessibility   and  
availability   (e.g.   telemedicine   for   specialists   care).   Moreover,   organiza7ons   can   achieve   cost  
efficiencies   by   enabling   affordable  (global)   collabora7on,   by   automa7ng   tasks  to   op7mize   human  
resources   costs  (specially   in   areas  where  salaries   are   rela7vely   high   like   The   Netherlands)   and   by  
achieving   economies  of   scale   and   synergies   (delivering   qualita7ve   and   efficient   services   to   more  
ci7zens  with  the  same  amount  of  resources).  According  to  healthcare  organiza7ons  tools  that  facilitate  
collabora7on,   informa7on   exchange,   eProcurement  and  web  services  are  the   most   relevant   for   the  
sector.  Specially,  interac7ve  pa7ent  informa7on  and  involvement  and  electronic  communica7ons  are  
the  two  most  relevant  factors  in  the  near  future.  

5.3. What   are   the   main   policies   and   legisla*ons   affec*ng   the   use   of   ICT   in   Dutch  
Healthcare  organiza*ons?
  The  adop7on  of  the  EPD  system  by  healthcare  organiza7ons  is  currently   non-­‐compulsory   and  
contractually   regulated   by   bilateral   agreements   between   NICTIZ   and   each   individual  provider.   The  
government  plans  to  enforce  par7cipa7on  by  law  in  the  coming  years  as  for  the  success  of  the  system  
all  providers  need  to  be  connected  to  the  infrastructure.  Nevertheless,  in  order  to  be  able  to  connect  
to  the  EPD  infrastructure,   healthcare  providers  must   obtain   three  cer7fica7ons  (XIS,   GBZ   and  ZSP)  
elaborated  by  NICTIZ.  For  each  type  of  cer7fica7on  specific  requirements  are  described  in  three  areas:  
func7onality   (how   to   store  and   exchange   informa7on),   implementa7on   (security   and   connec7vity  
issues)  and   exploita7on  (processes  and  measures  to  keep  informa7on  as  accurate,  7mely  and  secure  

Towards a Healthy Cloud Page 152 of 218 Juan Hernández Colomina

as  possible).  These  requirements  are  mandatory  to  obtain  and  maintain  the  cer7fica7on  and  therefore  
to  connect  to  the  EPD  infrastructure.  

  Security,  reliability  and  privacy   are  crucial  elements  of  every  inter-­‐organiza7onal  infrastructure.  
This  is  specially   relevant   in   the  healthcare   sector   due  to   its  high  impact   of   ci7zen’s  lives.   For   this  
reason,  NICTIZ  has  placed  controls  at  each  component  of  the  infrastructure  and  has  developed  three  
security  policies  for  GBZs,  ZSPs  and  the  LSP.

Towards a Healthy Cloud Page 153 of 218 Juan Hernández Colomina

6. Conclusion  Phase  2
  The  main  goal  of  this  second  phase  in  our   research  is  to  perform  an  analysis   of  the  current  
trends,   challenges   and   opportuni7es  in   the   Dutch   healthcare   sector   and   the   role   of   informa7on  
technology   in  that   context.   The  phase  is  divided  into  three   main  blocks.   In  the   first   block  we  have  
delimited   the   context   and   scope  of   our   analysis   by   taking   into   account   the   European   and   Dutch  
healthcare   systems   and   the   specific   characteris7cs   of   that   sector.   The   second   block   contains   an  
analysis  on  the  role  of  ICT  in  European  healthcare.  The  third  and  last  block  provides  a  study  on  the  use  
of   ICT   in   the   Dutch   healthcare   sector,   with   a  special   focus   on   one   of   its   most   important   current  
projects:   the  introduc7on   of  a  na7onal  electronic   pa7ent   records  system.   In  this  last   part   we  have  
taken  into  account  the  main  policies  and  regula7ons  governing  the  use  of  ICT  on  that  project.  

  The   healthcare  sector   has  not   only   a  high  impact  on   ci7zen’s  lives  but   also  on  their  na7onal  
economies.   One   of   the   main   differences  between   the  healthcare  sector   and  other   sectors   is  that  
ci7zens  are   both  consuming  and  funding  care   services.  Through  taxes  and/or   insurances  ci7zens  pay  
for   the  services  they  might   consume  when  needed.  Moreover,  as  the  main  product  of   care  services  is  
to  improve  ci7zen’s  quality   of  life,  it  is  crucial  that  healthcare  organiza7ons  are  able  to  make  decision  
on  a  7mely   basis.   The  healthcare  industry  is  also  one  of  the  most  economically  significant  industries  as  
it  represents  more  than  9%  of  all  jobs  in  the  EU  and  more  than  6%  of  the  EU  GDP.  

  Healthcare  systems  in  the  European  Union  are  very   heterogenous  and  have  diverse  mixes  of  
public  and  private  funding  and  delivery.  Although  there  is  not  an  op7mum  single  model,  a  pure  public  
model   eliminates   free-­‐market   mechanisms   which   enable   innova7on   and   cost   efficiency   through  
compe77on.   On   the   other   hand,   a   solely   private   model   is   oren   more   expensive   as   healthcare  
organiza7ons  aim   to   obtain   increasingly   yearly   net   profits  and   therefore   focus  their   efforts  on   the  
most   profitable  ac7vi7es.  As  a  result  access  to  healthcare  services  (e.g.  research,  treatment,  etc.)  for  
pa7ents  with  rare  diseases  can  be  limited  due  to  its  low  profitability.

  Regardless  of  the  specific  system  in  place,  the  sustainability   of  almost  all  systems  is  challenged  
by   the  increasing   demand  care  services  as  well  as  by   the  decreasing  ci7zen’s  tolerance  for   medical  
errors.   The  demand  of  services  increases  among   other   developments   due   to  demographic   changes  
(e.g.   longer   life  expectancies  and  lower   birth   rates),   pervasive  and  difficult  to  treat   sicknesses   (e.g.  
cancer),   the  rapid  spread  of   illnesses   (e.g.   H1N1)   and   new   unhealthy   lifestyles   (e.g.   higher   average  
weight   and   increasing   alcohol   consump7on).   In   order   to   deal   with   these   issues,   healthcare  
organiza7ons   need   to   con7nuously   find   new   methods   for   delivering   qualita7ve   services   to   more  
ci7zens  with   the  same  amount   of   resources  by   predic7ng,   preven7ng   and   trea7ng   illnesses  more  
efficiently  and  effec7vely.  Mostly  as  a  result  of  the  increasing  service  demand,  yearly   healthcare  costs  
are  also  increasing   significantly,   in  some  cases  even  faster   the  na7onal   GDP.   Some  experts   predict  
healthcare  costs  to   account   for   15%   of   EU   GDP   by   2020.   This  affects   the   sustainability   of   current  
systems  if  they  are  not  reformed.  

Towards a Healthy Cloud Page 154 of 218 Juan Hernández Colomina

  Taking   into  account  the  above  developments  the  European  Commission  believes  that  na7onal  
governments  must   aim   to   deliver   high  qualita7ve  care   services  accessible   to  every   ci7zen   under   a  
sustainable  healthcare  system.  In  order   to  achieve  this,  the  commission  suggests  that   member   states  
embed  healthcare  issues  in  all  policies,  developing  a  strategy  based  on  shared  health  values.  

  In   a  recent   EU   research  we  can  observe  that   although   healthcare  is   the   number   one   non-­‐
economic   issue   for   ci7zens,   they   are   rather   sa7sfied   with   the   quality   of   services   provided   by  
healthcare  organiza7on.  Nevertheless,  there  is  a  significant   gap  between  quality   of  services  and  their  
accessibility   and   availability   reflected   in   lower   sa7sfac7on   scores   specially   for   specialist’s   care.  
Although   Dutch  ci7zens  are  even  more  sa7sfied  with  quality   than   the  EU  average  they   also  reflect  
some   discontent   with   the   access   to   specialists.   It   is   important   to   note   that   the   importance   of  
healthcare  for   ci7zens  can  be  related  to  their   age   as  older  ci7zens  consume  more  care  services  than  
younger  ones.   Due  to  the  fact  that   the  overall  age  is  currently  increasing  we  can  expect  in  the  future  a  
growing  ci7zen’s  concern  for  healthcare.  

  The   increasing  demand  and  costs  of   care  services  reflect   the  need  of  collabora7on  between  
clinicians.  Collabora7on  is  a  important   requirement   not  only  to  guarantee  the  sustainability  of  current  
healthcare  systems  but   also  to  7mely   react   to  global   threats  while  improving  the  con7nuity   of  care  
services   delivered   to   ci7zens.   The   proper   use   of   technology   can   help   to   foster   healthy   ci7zen’s  
behavior  and  to  protect  them  from  large  scale  threats  while  increasing  the  availability   of   services  and  
mee7ng   growing   demand   on   an   effec7ve   and   efficient   manner.   For   example,   current   (internet)  
technologies  can   leverage  collabora7on  in  a  cost  efficient  manner,  improving  care  services  con7nuity  
and  accessibility.

  The   healthcare   sector   in   The   Netherlands   is   predominantly   private   with   public   funding  
significantly   below   EU   average.   In   order   to   cope   with   current   and   future   challenges   the   Dutch  
healthcare   sector   needs   to   con7nuously   improve   the   quality   and   opera7onal   efficiency   of   care  
services.  For  this  purpose,  the  Dutch  Ministry  of  Health  has  ini7ated  a  reform  of  the  healthcare  system  
in  2006   with  the  introduc7on  of  a  compulsory  private  insurance  for  each  ci7zen.   The  transforma7on  is  
aimed  to  shir  the  power   from  healthcare  providers  to  consumers,   and  the  control  from  public  bodies  
to   insurers.   As  a  part   of   this  transforma7on,   the  Dutch   government   has  started   in   2008   with   the  
introduc7on  of  an  na7onal  electronic  pa7ent   record  system  (EPD)  to  facilitate  the  7mely  exchange  of  
accurate  medical  informa7on.   The  main   goal  of   this   project   is  to   leverage  collabora7on   in  order   to  
improve  the  quality  and  accessibility  of  healthcare  on  a  cost  efficient  manner.      

  As   it   is   the   case   in   other   industries,   business   and   IT   alignment   is   crucial   for   successful  
leveraging   technological   solu7ons  in   healthcare.   By   using   the   right   approach   and   implementa7on  
methodology   for   each   specific   situa7on,   organiza7ons   can   improve   the   quality,   accessibility   and  
efficiency   of   healthcare  delivery.   It   has  been  oren  demonstrated  that   those  firms  that   invest   in  the  
right   ICT  solu7ons  perform  significantly  beOer  than   other  ones  that  do  not  invest  on  those  solu7ons.  
According   to   healthcare   organiza7ons   tools   that   facilitate   collabora7on,   informa7on   exchange,  

Towards a Healthy Cloud Page 155 of 218 Juan Hernández Colomina

eProcurement   and   web   services  are   the   most   relevant   for   the  sector.   Specially,   interac7ve  pa7ent  
informa7on  and  involvement  and  electronic  communica7ons  are  the  two  most  relevant  factors  in  the  
near  future.  

  There   is   a  significant   poten7al   for   improvement   in   leveraging   ICT   solu7ons   in   healthcare.  

Although  the  healthcare  sector  is  one  of  the  most  informa7on  intensive  ones,  the  use  of  technological  
innova7ons  is  below  other  less  informa7on  intensive  industries.  Nevertheless,  there  is  a  large  number  
of   documented   benefits  linked   to   the  adop7on   of   certain   ICT   solu7ons  like  for   example   improved  
quality,  cost  efficiencies,  larger  process  throughputs,  the  reduc7on  of  medical  errors,  beOer  informed  
ci7zens  and  providers,  streamlined  processes,  improved  safety  and  7mely  care  delivery.  

  The   specific   advantages   of   electronic   medical   records   systems   have   also   been   subject   of  
previous   research.   By   increasing   the   availability   of   accurate,   complete   and   relevant   clinical   data  
organiza7ons  can  reduce  medical  errors  in   diagnosis,   medica7on   and  treatments  and  thus  improving  
the  quality   of   services.   Moreover,   by   sharing   informa7on  among   prac77oners,   redundant   tests  are  
eliminated  and   processes  are  streamlined  resul7ng  in  a  significant   larger   throughput  (more   pa7ents  
processed  with  the  same  resources).   In  previous  work  we   can  also  find  a  series  of  barriers  for   the  
adop7on   of   technology   in   healthcare.   The   most   important   barriers  are   security   and   the   cost   of  
technology,  followed  by  the  lack  of  interoperability  with  exis7ng  solu7ons  and  legal  and  privacy  issues.

  Organiza7ons  can  leverage  ICT  solu7ons  by  reusing  exis7ng  investments  in  technology,  gaining  
compe77ve   advantage   from   value   chain   coopera7on,   improving   supply   chain   management   and  
benefi7ng   from   economies   of   scale   and   synergies   through   collabora7on.   Moreover,   a   number   of  
cri7cal   success   factors   (CSFs)   have   been   iden7fied   in   previous   research   for   guiding   healthcare  
organiza7ons  in   the   adop7on   of   technology.   These   CSFs  are  grouped   in   four   areas:   management,  
leadership,  func7onality   and  technology.  The  support  from   senior  management,   a  clear  added  value,  
good   project   management,   employee   training   and   communica7on   and   a   clear   focus   on   process  
quality,   efficiency   and  reliability   are  the  most   relevant   factors  at   management   level.   Organiza7onal  
leaders  must   develop  a  shared  project   vision  with   clear  objec7ves  and  business  case  and  align  them  
with  the  firm’s  strategy  as  well  as  with  corporate  governance.  The  func7onality   of   the  solu7on   must  
focus  on  suppor7ng  organiza7onal  and  clinical  processes  as  well  as  a  broad  user  group  and  horizontal  
integra7on.  On  the  technology  area,  the  solu7on  must  ensure  compa7bility  with  current  systems,  and  
guarantee  a  high  level  of  availability,  security  and  interoperability.  

  From  a   Dutch   government   perspec7ve  ICT   is  regarded  as  an  important  enabler   to  cope  with  
current  challenges   in  healthcare  while  improving   its  sustainability.   Not   only   can  technology   support  
medical   prac7ces  to   improve  quality   but   it   also   can   enable   significant   cost   efficiencies  in   medical  
prac7ces.   This  perspec7ve  is  reflected  on  the  introduc7on  of  electronic  pa7ent   records  (EPD  project)  
which   aims  to   improve   the   quality,   accessibility   and   affordability   of   care   services.   However,   it   is  
important  to  note   that  due  to  the  private   character   of  the  Dutch  healthcare   sector,   the   government  
has   liOle   enforcing   power   in   how   healthcare   organiza7ons   work.   For   this   reason,   the   Dutch  

Towards a Healthy Cloud Page 156 of 218 Juan Hernández Colomina

government   has   created   the   NICTIZ   organiza7on   responsible   for   s7mula7ng   the   use   of   ICT   in  
healthcare  as  well  as  for   the  realiza7on  of   the  EPD  project   in   collabora7on  with   other   healthcare  
actors  (e.g.   pa7ent’s  organiza7ons,   insurers,   healthcare  providers,  etc.).  The  main  goal  of  NICTIZ  is  to  
develop  and  maintain  the  basic  infrastructure  (AORTA)   suppor7ng   the  electronic  exchange  of  medical  
data   (EPD),   including   the   needed   standards   and   cer7fica7ons.   The   EPD   ini7a7ve   was   created   to  
improve  the  quality   of  care  by   enabling   7mely,  accurate  and  secure   informa7on  exchange  between  
healthcare  organiza7ons.  

  Family   doctors   (General  Prac77oners  or   GPs)   are  one   of   the   most   important   actors  in   the  
Dutch  healthcare  system  currently   solving  around  95%   of  all  primary   care  condi7ons.  There  is  a  clear  
need  for  electronic  collabora7on  between  GPs  and  other  medical  actors  as  the  great  majority  of  them  
work  alone  or  share  their  office  with  one  or   two  other   clinicians.  When  analyzing  the  use  of   ICT  in  GP  
offices,  we   observe  for  example  low  levels  of  automa7za7on   when  accessing  a  pa7ent’s  medica7on  
history   while  only   50%  of  all  GPs  can  share  informa7on  electronically   with  prac77oners  outside  their  
workplace.  Moreover,  very  few  GPs  can  access  a  pa7ent’s  hospital  record,   order  tests  electronically   or  
provide  pa7ents  with  electronic  access  to  their  test  results.  

From  a  Dutch  ci7zen  perspec7ve  there  is  also  a  clear  need  for  increasing  computeriza7on  to  enable  
collabora7on  between  clinicians.  Almost  50%  of  all  Dutch  ci7zens  have  experienced  medical  problems  
due  to  the  lack  of  coordina7on  while  around  10%  of  the  GPs  have  had  to   repeat   tests  because  the  
results  of  previous  tests  were  no  longer  available.  

  The   introduc7on   of   medical  pa7ent   records   (EPD)   in   The   Netherlands   is  being   carried   out  
following   a  top-­‐down  incremental   approach.   At   the   moment   of   wri7ng   the  first   two  func7onali7es  
(prescrip7on   history   and   GP   observa7ons)   are  being   rolled   out   arer   having   completed   their   pilot  
phases  successfully.   The  EPD  basic  infrastructure  (AORTA)  consists  of  a  basic  “empty”  switching  point  
(LSP)   containing   index   and   reference   systems   that   connects   all   individual   sources   were   pa7ent  
informa7on  is  registered  and  stored.   It   is  important  to  note  that   pa7ent  informa7on  is  not  stored  on  a  
central  repository   but   it   remains  at   its  origin   (e.g.   hospital,   GP   office,   etc.)   and   it   is  gathered   on  
demand.   With   this   construc7on,   data  can   be   kept   always   updated   minimizing   the  delay   between  
informa7on  genera7on  and  its  availability  to  other  prac77oners.

  The  actors  related  to  the  EPD  project   are  very   diverse  and  with  different  perspec7ves  on  the  
project.   Some  actors  with   high   influence  on   adop7on   support   the  ini7a7ve  (e.g.   government   and  
pa7ent   organiza7ons)   while   others   actors   with   high   influence   are   less   suppor7ve   (e.g.   GP  
organiza7ons).  In  our  opinion,   the  lack  of  support  of   GPs  can  be  linked  to  the  lack  of  control  and  trust  
when   relying   on   externally   generated   informa7on.   The  adop7on   of   the  EPD   system   by   healthcare  
organiza7ons   is   currently   non-­‐compulsory   and   contractually   regulated   by   bilateral   agreements  
between  NICTIZ  and  each  individual  provider.  The  government  plans  to  enforce  par7cipa7on  by  law  in  
the   coming   years   as   for   the   success   of   the   system   all   providers   need   to   be   connected   to   the  
infrastructure.   Another   important   remark   is   that   ci7zens  can   at   any   moment   in   7me   block   their  

Towards a Healthy Cloud Page 157 of 218 Juan Hernández Colomina

informa7on  en7rely   or  par7ally  from  exchange  between  all  or  some  providers.  Un7l  June  2009,  more  
than   350.000  ci7zens  have  been   excluded  from  the  infrastructure   at  their  own  request.  At  that  7me  
the   EPD   contained   informa7on   about   more   than   360.000   pa7ents   serving   more   than   400.000  
exchanges  of  informa7on  between  providers.

  AORTA   is   the   basic   infrastructure   suppor7ng   the   exchange   of   informa7on.   It   includes  two  
registers  (BSN  and  UZI  registers)  for  actor   iden7fica7on  purposes  and  one  switching  point  (LSP)  where  
providers  can   connect   if   they   have  obtained   the  required  cer7fica7on   (XIS,   GBZ  and   ZSP).   For   each  
type  of  cer7fica7on  specific  requirements  are  described  in  three  areas:  func7onality  (how  to  store  and  
exchange  informa7on),  implementa7on  (security  and  connec7vity   issues)   and  exploita7on  (processes  
and  measures  to  keep  informa7on  as  accurate,  7mely   and  secure  as  possible).  These  requirements  are  
mandatory  to  obtain  and  maintain  the  cer7fica7on.

  The  standards  used  on  the   EPD   infrastructure  are  HL7   version  3   for   message  specifica7ons,  
WSDL  and  SOAP  for   web-­‐service  descrip7ons  and  access,  HTTPs  and  TCP/IP  for   communica7ons  and  
the  CEN  13606   for  concepts  in  process  descrip7ons  and  informa7on  models.  NICTIZ  has  chosen  these  
standards  to   facilitate   the  exchange   of   informa7on   independently   from   the   structure,   syntax   and  
seman7cs   used   at   individual   provider’s   systems.   In   order   to   guarantee   interoperability   between  
provider’s  systems,   the  EPD   ini7a7ve   has  established   three   cer7fica7on   programs  that   healthcare  
providers  must  obtain  before  connec7ng  to  the  na7onal  infrastructure.   These  programs  are  the  Good  
Managed   Healthcare   Organiza7on   (GBZ)   cer7fica7on,   the  Healthcare   Service   Provider   cer7fica7on  
(ZSP)   and  the  Cer7fied   Health  Informa7on   System  cer7fica7on   (XIS).  The  XIS  cer7fica7on  is  meant  to  
ensure   that   sorware   connec7ng   to   the   na7onal   infrastructure   complies   with   the   requirements  
established  by   NICTIZ.   The  ZSP   cer7fica7on   is  designed   to  enabled   the  secure   connec7on  of   a  GBZ  
cer7fied   healthcare  provider  (an  his  XIS  cer7fied  sorware)  to  the  na7onal  switching  point  (LSP).  The  
GBZ   cer7fica7on   aims  to   ensure   that   exchanged   pa7ent   data   complies  with   the   requirements  of  
integrity   and   confiden7ality.   GBZ   requirements   are   divided   into   three   layers:   applica7on,  
communica7on  and   server.   The  requirements  focus   mainly   in  guaranteeing   the  accuracy,  availability  
and  security  of  informa7on  exchanges.

  Security,  reliability  and  privacy   are  crucial  elements  of  every  inter-­‐organiza7onal  infrastructure.  
This  is  specially   relevant   in   the  healthcare   sector   due  to   its  high  impact   of   ci7zen’s  lives.   For   this  
reason,  NICTIZ  has  placed  controls  at  each  component  of  the  infrastructure  and  has  developed  three  
security  policies  for  GBZs,  ZSPs  and  the  LSP.  Access  to  pa7ent’s  informa7on  is  limited  to  providers  that  
have   a   treatment   rela7on   with   that   pa7ent,   based   on   previous   encounters   and/or   arer   explicit  
authoriza7on  from  that  pa7ent.  

  The  introduc7on  of  the  EPD  infrastructure  implies  high  levels  of  computeriza7on  not   only  for  
governmental  bodies   but  also  for   healthcare  providers  of   all  kinds  and  sizes.   However,  the  size  of  a  
provider   can  influence   the  adop7on  of  this  system   as  many   clinics  are  too   small  for   leveraging  high  
investments   in   IT.   For   this   reason,   organiza7ons   need   to   find   new   ways   to   reduce   the   costs   of  

Towards a Healthy Cloud Page 158 of 218 Juan Hernández Colomina

technology  by  for  example  outsourcing  it  or  joining  forces  with  other   clinicians  to  achieve  economies  
of  scale.

  Technology   can  support   healthcare  organiza7ons  in   achieving   their   two  most   relevant   goals:  
improve   the  quality   of  services  and  cost   efficiency.  In  other  sectors,   technology   has  played  a  crucial  
role  in  achieving   both  of  these  targets.  Healthcare  providers  can  for   example  leverage  technology   to  
improve   the   quality   of   care   services  by   automa7ng   processes  (thus   reducing   human   mistakes),   by  
enabling  7mely   decision  making  (based  on  the  7mely   exchange  of  accurate   pa7ent  informa7on)  and  
bridging   the  current   gap  between  the  quality   of  services   and  their  accessibility   and  availability   (e.g.  
telemedicine  for   specialists  care).   Moreover,   organiza7ons   can  achieve  cost   efficiencies  by   enabling  
affordable  (global)  collabora7on,  by   automa7ng  tasks  to  op7mize  human  resources  costs  (specially  in  
areas  where  salaries  are  rela7vely  high  like  The  Netherlands)  and  by  achieving  economies  of  scale  and  
synergies  (delivering   qualita7ve   and   efficient   services   to   more  ci7zens   with   the   same   amount   of  

Towards a Healthy Cloud Page 159 of 218 Juan Hernández Colomina

Phase  3:  Cloud  Compu*ng  in  the  EPD  context
  In  this   last   phase  of  our   research  we  combine  the   findings  from   our   previous  two  phases  to  
iden7fy   the  most  relevant  challenges  and  opportuni7es  for  adop7ng  cloud  compu7ng  solu7ons  in  the  
Dutch   na7onal   pa7ent   records  system  context.   For   this  purpose  we   create  an   ar7fact   following   the  
design  science   research  that  can  support   organiza7ons  in  selec7ng  cloud   solu7ons  that  comply   with  
the  corresponding  legal  requirements.  

  We   start   this  sec7on   by   describing   the   research   methodology   followed   in   this   phase   (e.g.  
design   science)  as  it   differs  significantly   from  two   previous   ones.   We  con7nue  then  presen7ng  our  
ar7fact’s  construc7on   and  evalua7on   to  conclude  with   the  answers  to  the  research  ques7ons  related  
to  this  phase  of  our  research.        

1. Design  Science  Research  Approach

  When   execu7ng   the  third   phase   of   our   research   we  have  followed  Hevner's  guidelines  for  
design  science  in  IS  research  (Hevner  et   al.,  2004).  This  guidelines  are  based   on  the  assump7on  that  
knowledge   over   a   design   problem   and   its   solu7on   is   created   when   building   and   applying   an  
ar7fact.   According   to   Hevner,   design   science   research   focuses   on   the   crea7on   of   an   innova7ve  
purposeful   ar7facts   for   a  specific   problem   domain   where   the   ar7fact   aims   to   solve   an   unsolved  
problem   or   a  known   problem   in   a   more   efficient   or   effec7ve  way.   In   this  sec7on   we   provide   an  
elabora7on  of  these  guidelines  and  how  we  have  applied  them  in  our  research.

Guideline  1:  Design  as  an  ar*fact

  In  the  design  science  research  field,   IT   ar7facts  are  defined   as   constructs,   models,   methods  
and  instan7a7ons   created  to   solve  specific   unsolved  problems  or   known   problems  more  efficiently  
and  effec7vely   (Hevner  et  al.,  2004).   The  ar7facts  are  then  evaluated  according  to  how  useful  they  are  
in   solving   that   specific   problem.   Constructs   are   defined   as   the   language   in   which   problems   and  
solu7ons  are  defined  and  they  are  applied  in  models  to  represent  a  real  world  situa7on.  Methods  are  
the   processes   that   guide   us  to   the   solu7on   while   instan7a7ons  show   how   constructs,   models   or  
methods  can  be  applied  in  prac7ce  to  demonstrate  the  ar7fact’s  feasibility  and  suitability.

  The   ar7facts   created   in   our   research   are  two   main   constructs  in   phase   one  and   two   (our  
defini7on  of   Cloud  Compu7ng   and   EPD   requirements),   a  model  in  this  third   phase  (our   matching-­‐
model)  and  methods  (the  processes  that   we  followed  to  create  our  defini7on  of  Cloud  Compu7ng  and  
our   matching-­‐model).   The  overall  goal   of  this  part   of  our   research  is  to   create  a   meta-­‐ar7fact   (our  
matching  model)   as  a  solu7on  to   an  unknown  problem:   if  a  Dutch  healthcare  organiza7on  can  use  
cloud  compu7ng  solu7ons  to  connect  to  the  na7onal  electronic  pa7ent  system.  

Towards a Healthy Cloud Page 160 of 218 Juan Hernández Colomina

  The  matching   model   can  be  used  by   Dutch  healthcare   organiza7on  to  select   solu7ons  that  
comply  with  NICTIZ  requirements.  Moreover,  cloud  providers  can  use  the  matching  model  to  develop  
new   solu7ons  or   modify   exis7ng  ones  that   could   be  used  in  the  EPD  context.   A   remark   should  be  
made  on  the  fact  that  we  do  not  provide  any  instan7a7ons  of  our  matching-­‐model  due  to  the  fact  that  
there  are  not  yet  Cloud  Compu7ng   solu7ons  deployed  in  the  EPD  context.   Nevertheless,  according  to  
Hevner  et  al   (Hevner  et  al.,  2004)   all  four  types  of  ar7facts  are  equally  important  and  valid  outputs  of  
design  science  research.

Guideline  2:  Problem  relevance

  As  in   previous  design   science  research   the  purpose  of   our   research   is  to  acquire  knowledge  
and  understanding   to  enable  the  development   and  implementa7on  of  technology   based  solu7ons  for  
unsolved  problems  (Hevner  et  al.,  2004).  The  problem  we  aim  to  solve  is  to  evaluate  the  feasibility  of  
cloud  compu7ng  solu7ons  taking  into  account   the   constrains  imposed   by   the  Dutch  na7onal  pa7ent  
records  systems  (EPD).  As  there  are  not  yet  known  implementa7ons  of  cloud  solu7ons  that  connect  to  
the   EPD   this  problem   is  new   and   unknown   at   the   moment   of   wri7ng.   The  problem   is  important  
because   Cloud   Compu7ng   is   an   emerging   technological   paradigm   that   is   expected   to   leverage  
significant   improvements  in  opera7onal  efficiency   and  effec7veness.  As  these  are  also  two  of  the  most  
important   goals  in  current   Dutch  healthcare,   cloud   compu7ng  represents  a   business  opportunity   to  
decrease  cost  or  maximize  revenue  when  using  IT  capabili7es  in  this  context.  

Guideline  3:  Design  Evalua*on

  According  to  previous  work  the  u7lity,   quality  and  efficacy  of  a  design  ar7fact  must  be  carefully  
evaluated  (Hevner  et  al.,   2004).   For  this  purpose  we  have  first  carefully  evaluated  our  basic   constructs  
(e.g.   defini7on  of   Cloud  Compu7ng   and  EPD   requirements)  before  including  them  in  our   matching-­‐
model  and  we  have  evaluated  the  matching-­‐model  with  expert  reviews.  

  The  expert  reviews  consisted  of  unstructured  in-­‐depth  interviews  with  two  experts:  Mr  Gerard  
Persoon  and  Mr.  Bert  Kabbes.  Both  have  more  than  20  years  experience  in  business  consultancy  in  the  
Dutch  healthcare  sector   and  Mr.   Kabbes  has  been  interim  director  of  several  large  Dutch  hospitals.  The  
in-­‐depth  interviews  include   the  evalua7on   of   our   ar7fact's   func7onality,   completeness,   consistency,  
accuracy   and   usability.   Other   aOributes   like   performance,   reliability,   and   organiza7onal   fit   were  
excluded   from   our   valida7on   because   the  experts  are   not   aware  of   any   implementa7on   of   Cloud  
Compu7ng   solu7ons  in  the   EPD   context.   The   reviews  of   the   model   were   very   posi7ve  and   some  
realloca7ons  of  requirements  to  different  features  were  performed.  

  Although  a  deeper  ar7fact  evalua7on  could  have  been  achieved  by  performing  an  instan7a7on  
of   the  model   in   prac7ce,   we   could   not   find   any   case   in   prac7ce   to   apply   our   model.   Moreover,  
although  there  are  several  wriOen  cases  on  HIPAA  compliant   US  healthcare  organiza7ons  we  could  not  
find  any  case  study  on  a  EPD  cloud  compu7ng  solu7on  to  instan7ate  our  model.

Towards a Healthy Cloud Page 161 of 218 Juan Hernández Colomina

Guideline  4:  Research  Contribu*ons
  According   to   previous   work   on   design   science   research   must   include   clear   and   verifiable  
contribu7ons  in  the  areas  of  design  ar7fact,  design  founda7ons,  and/or  design  methodologies  (Hevner  
et  al.,  2004).  The  main  contribu7on  of  our   research  can  be  found  on  theses  three  areas.  On  one  hand  
we  have  designed  an   unique   ar7fact   as  we  cannot   find   any   similar   ar7fact   in  previous  work.  In  the  
founda7ons  area  we  have  created  a  series  of  validated  constructs  in   the  first  two  phases  that   extend  
and  improve  respec7vely   the  Cloud  Compu7ng  and  IT  in  Dutch   healthcare   knowledge  bases.  In  the  
design   methodology   area  our   contribu7on   can   be  found   in   the   process   of   crea7ng   our   matching-­‐
model  from  an  interpreta7ve  perspec7ve  and  based  on  the  assump7ons  made  throughout  this  thesis.

Guideline  5:  Research  Rigor

  Research  rigor   can   be  evaluated   by   analyzing   how   the  researcher   applies  exis7ng  theore7cal  
founda7ons   and   research   methodologies   in   deriving   research   findings   (Hevner   et   al.,   2004).   To  
improve  our   research   rigor   we  have  described  the  process  of   construc7ng   our   basic   elements  and  
validated  them  before  genera7ng  our  matching-­‐model.  We   have  applied  not   only   exis7ng  literature  
but  also  how  the  defini7on  of  cloud  compu7ng   is  (re)created  through  human  interac7ons  by  the  most  
relevant  actors.  

Guideline  6:  Design  Science  as  a  Search  Process

  An  effec7ve  ar7fact   is  considered  to  use  available  means   to  reach  a  desired  end   state  while  
complying   with   constrains   determined   by   the   problem’s   environment   (Hevner   et   al.,   2004).   Our  
matching-­‐model  uses  available  knowledge  to  facilitate  the  deployment  of  Cloud  Compu7ng  solu7ons  
that  comply   with  the  requirements  enforced  by  the  Dutch  healthcare  context  (EPD  requirements).   It   is  
important  to  note  that  our  matching-­‐model  does  not  represent  a  overall  solu7on  to  the  problem  but  it  
just   aims  to   support   prac77oners   and   researchers   in   further   explora7ons   of   this   type  of   delivery  
models   in   this   type   of   context.   Moreover,   as   effec7ve   design   research   requires   knowledge   and  
understanding   of  both  the  applica7on  domain  and  the  solu7on   domain  (Hevner  et  al.,  2004)   we  have  
analyzed   both  separately   in  our   search   process  to   discover   if  Cloud   Compu7ng   applica7ons  can  be  
applied  in  the  Dutch  healthcare  domain.  

Guideline  7:  Communica*on  of  the  research

  Previous   work   suggests   that   research   findings   must   be   communicated   to   technology   and  
management  audiences  (Hevner  et  al.,   2004).   For   this  reason  we  have   wriOen  our   thesis  with  both  
reader   in  mind.  In  our  opinion  our  wri7ng  style,  vocabulary  and  argumenta7ons  can  be  understood  by  
business  and  IT  audiences.

Towards a Healthy Cloud Page 162 of 218 Juan Hernández Colomina

2. Ar*fact  Crea*on
  Following  the  design   science  research  approach   we  have  created   a  meta-­‐ar7fact   (a  matching  
model)  to   link  the  results  of  our   previous  two  phases  (see  table  27).   On  one  side  of  our   matching-­‐
model  (the  y   axis)   we  have  placed   the  features  we   have  found  in  our  defini7on  of   Cloud  Compu7ng  
during   the   first   phase   of   our   research.   On   the   other   side   (the   x   axis)   we   have   placed   the   EPD  
requirements   iden7fied   during   the   second   phase   of   our   research   according   to   their   support   or  
limita7on  of  the  corresponding  cloud  compu7ng  feature.  

  For   clarifying   purposes   we   have   chosen   a   coding   scheme   to   iden7fy   the   corresponding  
requirement.   GBZ   requirements   are   code   as   “GBZ-­‐id”   where   “id”   represents   the   requirement  
iden7fica7on  number  in  appendix  N.  ZSP   requirements  are  coded  as  “ZSP-­‐id”  where  “id”  indicates  the  
corresponding  code  in  appendix   M.  ZSP   codes  include  three  leOers  to  iden7fy  the  category   followed  
by  two  numbers  to  iden7fy  the  specific  requirement  within  that  category.

  As  our   goal  is   to   explore   opportuni7es  and   incompa7bili7es  between   the   cloud   compu7ng  
delivery   model  and  the  EPD  cer7fica7on  requirements  we  have  classified  the  requirements  according  
to  how  the  feature  is  supported  by  a  requirement  (column  supported  by)  as  well  as  how  the  feature  is  
delimited  (or   excluded)  by   a  requirement  (column  delimited  by).  Within   the   “delimited  by”  category  
we   dis7nguish   between   those   requirements   that   directly   affect   a   feature   and   requirements   that  
indirectly  limit  the  implementa7on  of  a  feature.

  We  consider   that   a   feature  is   supported  by   a  requirement  when  the  feature  capabili7es  are  
explicitly   required   by   cer7fica7on   requirements.   We   believe   that   a   feature   is   delimited   when   a  
requirement   determines  some  aspect  (or   the  totality)  of  its  implementa7on  (e.g.  hybrid  cloud,  private  
cloud,   public  cloud,   etc.).   Some  requirements  are  not  included  in  our   matching  model  as  they   do  not  
limit  or   support  any  of  the  features.  Moreover,  requirements  can  be  linked  to   more  than  one  feature  
but   they   always  either   delimit   or   support   that   feature.   The  usage-­‐based   pricing   model  is  the  only  
feature  not  supported  or  limited  by   any   requirement  as  organiza7ons  are  free  to  choose  any  economic  
model  to  purchase  IT  capabili7es  in  the  EPD  context.  Our  matching-­‐model  is  presented  in  table  27.  

Towards a Healthy Cloud Page 163 of 218 Juan Hernández Colomina

Table  27:  Matching-­‐model  for  cloud  compu*ng  in  the  EPD  context

Cloud  Features Enforced  By Delimited  By

Directly Indirectly

ZSP-­‐CON-­‐01,  ZSP-­‐
On-­‐demand BSC-­‐01,  ZSP-­‐BSC-­‐02,   ZSP-­‐CON-­‐11
GBZ-­‐5.1,  GBZ-­‐5.7

ZSP-­‐CON-­‐01,  ZSP-­‐
Elas7c BSC-­‐01,  ZSP-­‐BSC-­‐02,   ZSP-­‐CON-­‐11
GBZ-­‐5.1,  GBZ-­‐5.7

ZSP-­‐BVL-­‐01  ZSP-­‐BVL-­‐02  ZSP-­‐BVL-­‐03  

ZSP-­‐BVL-­‐06  ZSP-­‐BVL-­‐07  ZSP-­‐
BVL-­‐08,  ZSP-­‐BSC-­‐06,  ZSP-­‐BSC-­‐07,  
ZSP-­‐GBO-­‐01  &  ZSP-­‐GBO-­‐02,  
ZSP-­‐BSC-­‐08,  ZSP-­‐ORG-­‐01,  ZSP-­‐
ZSP-­‐RSP-­‐01,  ZSP-­‐RSP-­‐03,  
As-­‐a-­‐service BEH-­‐07,  ZSP-­‐BEH-­‐08,  GBZ-­‐1.1,  
ZSP-­‐BEH-­‐03,  ZSP-­‐BEH-­‐04,  
GBZ-­‐1.2,  GBZ.3.8,  GBZ-­‐3.10,  
GBZ-­‐4.1,  GBZ-­‐4.2,  GBZ-­‐4.4,  
GBZ-­‐4.6,  GBZ-­‐4.7,  GBZ-­‐4.8
GBZ-­‐6.1,  GBZ-­‐6.2,  GBZ-­‐6.3

ZSP-­‐DNS-­‐01,  ZSP-­‐DNS-­‐02,  
ZSP-­‐DNS-­‐04,  ZSP-­‐DNS-­‐05,  
ZSP-­‐DNS-­‐06,  ZSP-­‐CON-­‐05,  
Internet  delivery ZSP-­‐CON-­‐06,  ZSP-­‐CON-­‐08,  
ZSP-­‐CON-­‐03,  ZSP-­‐CON-­‐07
ZSP-­‐CON-­‐09,  ZSP-­‐CON-­‐10,  
ZSP-­‐BVL-­‐05,  ZSP-­‐RSP-­‐01  &  

Usage-­‐based  pricing not  applicable not  applicable not  applicable

  As  the  EPD   is  a  decentralized  infrastructure,   connec7vity   requirements  include  features  that  

maximize   the  infrastructure’s  availability   and  con7nuity.   Some  examples  are  the  need  to  be  able  to  
handle  all  messages  (ZSP-­‐CON-­‐01,   GBZ-­‐5.7),   limi7ng  the   delay   of  NAT   rou7ng  (ZSP-­‐CON-­‐11)  or   24x7  
availability   (ZSP-­‐BSC-­‐01,  GBZ-­‐5.1)  with  a  very  limited  number  of  outages  per  year  if  specific  recovery  
7mes  are  met   (ZSP-­‐BSC-­‐02).  The  on-­‐demand  and  elas7c  feature   of   cloud  compu7ng   are  very   useful  
factors  to  comply  with  this  type  of  requirements.

  ZSP   DNS  requirements  (ZSP-­‐DNS-­‐id)   delimit   indirectly   how   an   applica7on  can  connect   to  the  
EPD  using   domain  name  protocols.  Although  EPD  requirements  include  advanced  DNS  configura7on  
almost  all  available  solu7ons  offer  these  configura7on  op7ons.

  The  most  significant   limita7ons  to  the  use  of  cloud  compu7ng  solu7ons  in  the  EPD  context  are  
found  in  the  connec7vity  area  as  the  use  of  components  that   use  the   public  internet  network  (ZSP-­‐
CON-­‐07)  is  prohibited.  This  excludes  all  public  cloud  solu7ons  and  many  private  providers  that   do  not  
offer  private  leased  connec7ons  (e.g.  point-­‐to-­‐point)  in  The  Netherlands.  Moreover,  the  use  of  fixed  IP  
addresses  (ZSP-­‐CON-­‐03)  is  not  a  common  feature  in  public  cloud  solu7ons  re-­‐enforcing  the  need  for  

Towards a Healthy Cloud Page 164 of 218 Juan Hernández Colomina

private  offerings.  Other  connec7vity   requirements  delimit  indirectly  the  use  of   Internet  as  a  delivery  
plaxorm   but   there   are   basic   capabili7es  available  in   almost   all   infrastructures   (ZSP-­‐CON-­‐05,   ZSP-­‐
CON-­‐06,  ZSP-­‐CON-­‐08,  etc.)

  In  the  cloud   compu7ng  model  (part   of)   an  IT   capability   is  delivered  as-­‐a-­‐service  where  the  
provider   owns  the  capability  and  rents  it  to  the  user  for  a  specific  purpose.  For  this  reason,   security  of  
the  cloud  provider  is  a  very  important  issue  to  consider  in  the  EPD  context  delimi7ng  directly  the  as-­‐a-­‐
service   model   to  organiza7ons  that   can  provide  this   kind  of   assurance.  ZSP   requirements  related  to  
security   are  to  be  evaluated   at   the   provider   level  where   he   needs   to   have   a  security   policy   (ZSP-­‐
BVL-­‐01)  embedded  in   the  organiza7on  (ZSP-­‐BVL-­‐02),  followed   by   employees  (ZSP-­‐BVL-­‐03),  Moreover,  
it   should  include  an  access  policy   (ZSP-­‐BVL-­‐06),   a  con7nuity   management   plan   (ZSP-­‐BVL-­‐07)  and  a  
con7ngency  plan  in  case  of  security  incidents  (ZSP-­‐BVL-­‐08).

  Response  7me   requirements   (ZSP-­‐RSP-­‐01   &   ZSP-­‐RSP-­‐03)  implies  indirectly   serious   limita7ons  
on  the  as-­‐a-­‐service  feature  and  on  the  Internet  delivery  feature.   Current  public  clouds  for  example  do  
not  comply  with  the  maximum  delay  allowed  in  HTTP  communica7ons.

  Some   ZSP   organiza7onal   requirements   delimit   directly   which   types   of   organiza7ons   can  
connect  to   the  EPD  (ZSP-­‐ORG-­‐01,  ZSP-­‐ORG-­‐03)  as  they   exclude  directly   the  as-­‐a-­‐service  model  where  
the   provider   is   not   a   registered   Dutch   organiza7on   located   in   The   Netherlands   or   a   cer7fied  
organiza7on  (GBZ-­‐1.1  &  GBZ-­‐1.2).

  In  order  to  comply  with  ZSP  management  requirements  the  as-­‐a-­‐service  solu7on  must   include  
a  24x7  available  system  administrator  (ZSP-­‐BEH-­‐01),  measuring  and  repor7ng  capabili7es  (ZSP-­‐BEH-­‐03,  
ZSP-­‐BEH-­‐04   &   ZSP-­‐BEH-­‐05)   and   facilitate  migra7ons  to   other   solu7ons  (ZSP-­‐BEH-­‐07   &   ZSP-­‐BEH-­‐08).  
The   majority   of   current   cloud   offerings   have   con7nuos   monitoring   and   include   measuring   and  
repor7ng   capabili7es.   The   as-­‐a-­‐service   feature   is   therefore   indirectly   affected   by   these   features.  
However,  the  support  for   migra7ons  is  not  found  in  all  types  of  cloud  services.   The  majority  of   public  
cloud  solu7ons  facilitate  the  migra7on  to   their   solu7on  but   not   to  another  solu7on.  The  as-­‐a-­‐service  
feature  is  therefore  directly  affected  by  migra7on  requirements.

  The   requirements   related  to   the  level  of  user   support   and  the  handling   of   issues  is  a  strong  
requirement  that  indirectly  excludes  public  clouds  because  the  as-­‐a-­‐service  model  does  not  normally  
includes   this  type   of   personalized   support   (ZSP-­‐GBO-­‐01   &   ZSP-­‐GBO-­‐02).   Communica7on   issues  in  
cases  of   malfunc7ons   and   recoveries  (ZSP-­‐BSC-­‐06   &   ZSP-­‐BSC-­‐08)   as  well  as  the   fixed   schedule  for  
maintenance  (ZSP-­‐BSC-­‐07)  are  also  strong  limita7ons  to  the  type  of  solu7on  to  be  used.   Current   public  
clouds  for  example  communicate  outages  and   recoveries  through  a  website  and  do  not  have  a  fixed  
maintenance  schedule.

  Several   GBZ   requirements   are   concerned   with   protec7ng   the   EPD   infrastructure   against  
unauthorized   access,   misuse   and   errors   (GBZ.3.8,   GBZ-­‐3.10,   GBZ-­‐4.1,   GBZ-­‐4.2,   GBZ-­‐4.4,   GBZ-­‐4.6,  

Towards a Healthy Cloud Page 165 of 218 Juan Hernández Colomina

GBZ-­‐4.7,  GBZ-­‐4.8,   GBZ-­‐6.1,   GBZ-­‐6.2,   GBZ-­‐6.3).  All  these  features  have  a  strong  impact  on  how  the  as-­‐a-­‐
service   feature   is   implemented   as   the   provider   needs   to   include   the   capabili7es   needed   for  

3. Ar*fact  Evalua*on
  The   field  of  design  science  in  IS   research  is  regarded  in  previous  work  as  an  applied  science  
discipline  reflec7ng  the  importance  of   IT  (meta-­‐)ar7facts  that  enable  the  development  of  concrete  IT  
applica7ons  (Iivari,  2007).   This  is  also   the   main  goal  of  our  research,  to  develop   a  meta-­‐ar7fact   (our  
matching-­‐model)   to   facilitate  the   deployment   of   cloud   compu7ng   solu7ons  in   an   specific   context  
(healthcare  in  The  Netherlands).  A  design  science  ar7fact  can  therefore  be  evaluated  by  analyzing  how  
that   ar7fact   achieves  its  goal   in  prac7ce  (u7lity   and  quality)   and  how   efficient   it   is  in   achieving   it  
(Hevner  et  al.,  2004).  However,  there  are  significant  barriers  for  evalua7ng  ar7facts  as  they  are  related  
to  the  environment  where  they  operate  (March  &  Smit,  1995).

  According  to  previous  work,   the  resul7ng  meta-­‐ar7facts  must   include  knowledge  that  enables  
product   and  process  design   (Iivari,   2007).  We   believe  that   our   matching-­‐model  contains  knowledge  
that   can  support  prac77oners  in  the  design  of  new  (or   modified)  cloud  products  and  as  well  as  in  the  
design  of  cloud  related  processes.  By  matching  a  poten7al  solu7on  with  our  cloud  compu7ng  features  
and  evalua7ng  the  requirements  enforced  by  NICTIZ  an  organiza7on  can   select  the  solu7on  that  best  
fits  their  needs  in  that  context.  

  In  order   to  evaluate  our  ar7fact  in  prac7ce  we   need  to  find  a  Dutch  healthcare  organiza7on  
that   it   is  considering   cloud  compu7ng  solu7ons.  We  could  not  find  such  an  organiza7on  which  means  
that   our   matching-­‐model  should  be  further   evaluated   in   prac7ce.   Nevertheless,  taking  into   account  
that  we  build  our  model  based  on  two   already  validated  constructs  created   in  phase  one  and  two  of  
our   research   and   that   we   validate   the   matching-­‐model  with   expert   reviews,   we   can   draw   some  
conclusions   regarding   the   completeness   and   accuracy   of   our   matching-­‐model   based   on   the  
assump7ons  made   during   our   research.   It   is  important   to   note   that   we  could   not   found   specific  
metrics  to  measure  our  variables  and  therefore  the  evalua7on  of  the  ar7fact  is  qualita7ve  by  nature.

  Qualita7ve   research  methods   use  qualita7ve   data  (e.g.   interviews,   documents,   observa7on  
data,  etc.)  to  understand  and  explain  social  phenomena  (Myers,  1997).  Although  they   are  typical  social  
sciences  research  methods  they   are  increasingly   popular   in  IS   research,  specially   when  inves7ga7ng  
(new)   managerial   and   organiza7onal   issues.   Moreover,   qualita7ve   methods   are   oren   found   in  
research   performed   from   an   interpre7ve  perspec7ve   like  in   our   research   (Myers,   1997).   The   main  
purpose  of   this  type  of   methods  is  to   inves7gate   phenomena  taking  into  account   the  par7cipant's  
perspec7ve  and  the  specific  social  and  ins7tu7onal  context  (Myers,  1997).

Towards a Healthy Cloud Page 166 of 218 Juan Hernández Colomina

  The  expert  reviews  consisted  of  unstructured  in-­‐depth  interviews  with  two  experts:  Mr  Gerard  
Persoon  and  Mr.  Bert  Kabbes.  Both  have  more  than  20  years  experience  in  business  consultancy  in  the  
Dutch  healthcare  sector   and  Mr.   Kabbes  has  been  interim  director  of  several  large  Dutch  hospitals.  The  
experts  were  asked  to  evaluate  the  ar7fact’s  quality  (e.g.  completeness  and  effec7veness)  by  analyzing  
(A)  if  all  relevant   requirements  and  cloud   compu7ng  features  are  included  in  the  model  and  (B)  if   we  
make  the  right  assump7ons  when  evalua7ng  and  placing  requirements  in  our  model.   In  design  science  
completeness  and  effec7veness  of   an  ar7fact  can  be  evaluated  by   how  it   sa7sfies  the  requirements  
and  constraints  of  the  problem   it  was  meant  to  solve  (Hevner  et  al.,   2004).   For  this  reason,  experts  
were  asked  to  evaluate  our  matching-­‐model  taking  into  account  our   defini7on  of  cloud  compu7ng  and  
EPD  requirements.

  According  to  previous  work   when  there  is  not   a  previous  outcome  of  tan   ar7fact,  as  it   is  also  
the  case  in  our  research,  its  poten7al  usefulness  must  be  es7mated  (Järvinen,  2008).   Due  to  the  lack  
of   cloud   compu7ng   implementa7ons   in   Dutch   healthcare   the   experts   were   asked   to   give   their  
es7ma7on   of  the  model’s  usability,   func7onality   and  consistency   by   applying   logical  reasoning   and  
their   own   experience.   Other   aOributes   like   performance,   reliability,   and   organiza7onal   fit   were  
excluded  from  our  valida7on  as  they  need  to  evaluated   once  the  model  has  been  applied  in  prac7ce.  
Nevertheless  we  have  provided  some  assurance  about  our   ar7fact’s  relevance  by  considering  business  
needs  from   environmental   factors  (e.g.   people,   organiza7on   and   technology)   during   our   research  
(Hevner  et  al.,  2004).  

  Experts  had   no   remarks  concerning   the   completeness   and   effec7veness  of   our   matching-­‐
model.   as  they   believe  that   it   contains  all  relevant   features  and   requirements  and   they   are  placed  
using  appropriate  logical  reasoning.  Moreover,  the  experts  reflected  that  our   model  could  be  useful,  
func7onal  and  consistent  but  they  agreed  on  the  fact  that  this  should  be  further  evaluated  in  prac7ce.  

  It  is  important  to  note  that   the  quality   of  design  science  ar7facts  improves  when  subsequent  
evalua7ons   are  performed  as  they   oren   result   in   incremental   improvements  (Hevner   et   al.,   2004)  
(Gregor  &  Jones,  2007).  However,  we  could  not  improve  any   exis7ng  model  as  we  could  not  find  any  
similar   meta-­‐ar7fact   in  previous  literature.  For  this  reason   we  had  to  create  a  new  meta-­‐ar7fact  that  
can  be  evaluated   and  improved   in   further  research.  This  is  a  typical  situa7on  when  applying   design  
science  to   build   new   or   innova7ve   ar7facts   as  theories  over   the  applica7on   and   impact   of   these  
ar7facts  can  be  created  once  the  ar7facts  are  applied  in  prac7ce  (Hevner  et  al.,  2004).

Towards a Healthy Cloud Page 167 of 218 Juan Hernández Colomina

4.  Answers  to  Research  Ques*ons  Phase  3
  To  summarize  our   findings   from   this  research   phase  we   provide  in   this  sec7on   the  specific  
answers  to  the  related  research  ques7ons.

4.1. What   are   the   most   relevant   opportuni*es   and   challenges   for   adop*ng   Cloud  
Compu*ng  in  the  Dutch  Healthcare  sector?
  Current  developments  in  healthcare  and  in  na7onal  economies  have  created  the  perfect  storm  
for   the   adop7on   of   Cloud   Compu7ng.   The   current   economic   downturn,   demographic   and   social  
developments,   pervasive   sicknesses  and   global   threats  are  among   the   challenges  that   reflect   the  
con7nuous   need   for   cost   efficiency   and   7mely   qualita7ve   services   in   healthcare.   Collabora7on  
between   prac77oners   is   increasingly   becoming   an   essen7al   requirement   to   cope   with   these  
developments.   From   our   analysis  in   phases   1   and   2   we   observe   a   match   between   opportuni7es  
offered   by   Cloud   Compu7ng   models   and   challenges  that   Dutch  healthcare   organiza7ons  are  facing  
now  and  in   the  future.   In   order   to   improve  the  sustainability   of   the  healthcare  system,   healthcare  
organiza7ons  can   leverage  Cloud  Compu7ng  solu7ons  to  achieve  their  two  most   relevant  goals:  cost  
efficiency  and  quality  improvements.

  As  described   in  phase  1  according  to  previous  research  around  80%   of  IT  budgets  are  used  to  
keep  the  lights  on  (maintaining  compu7ng  resources)  while  the  average  server  u7liza7on  is  es7mated  
by   several  researches   to   be   between   5%   and   20%.   This  poten7al   cost   efficiency   improvement   is  
specially   interes7ng   for   small  healthcare  organiza7ons  as  their   budgets  are   significantly   lower   than  
larger   ones   and   they   are   directly   affected   by   the   increase   in   demand   of   services   (GPs   in   The  
Netherlands  solve  around  95%   of  primary   care  condi7ons).   However,  large  healthcare  organiza7ons  
can   achieve   larger   savings   as   their   budgets   are   larger   and   therefore   there   is   more   scope   for  
improvement.   For   this   reason   large   organiza7ons   should   also   consider   the   use   case   of   Cloud  
Compu7ng  solu7ons  to  op7mize  resource  u7liza7on.  

  An   specific   example   on   how   small   and   large   healthcare   organiza7ons   can   achieve   cost  
efficiency   by   leveraging   SaaS  solu7ons  is  the  use   of   Google  Apps  as  a  replacement   for   Microsor’s  
Office  tools.  Google  Apps  licenses  are  much  cheaper   than  Office  licenses  and  they  are  fully  compa7ble  
with  Microsor’s  file  formats  (e.g.  doc,  ppt,  etc.).  Moreover,  as  informa7on  is  stored  remotely  clinicians  
can  work   from   everywhere   and  they   can   use  the   collabora7on  features  offered  by   Google  Apps  to  
enable  simultaneous   collabora7on   on   the  same  document.   However,   sensi7ve  pa7ent   informa7on  
should   not   be  stored   on   this  solu7on   as  it   is  not   clear   where  is   physically   stored   (Google   uses  a  
distributed  file  system)   and  it   could   be  against   na7onal  regula7ons  that   limit   the  storage  of  pa7ent  
informa7on   to  the  na7onal  boundaries.  Dutch  ICT  providers  can  solve  this  issue  by  deploying   similar  
solu7ons  where  informa7on  is  stored  securely   within   the  Dutch  territory.   Nevertheless,   in  the  past  
years  we  have  seen  a  significant   number   of   enterprises   migra7ng  to  Google  SaaS   solu7ons  like  for  
example  Rover,  Rentokil,  the  University  of  Melbourne  or  Utrecht  University.  

Towards a Healthy Cloud Page 168 of 218 Juan Hernández Colomina

  Another  example  of   how  large  organiza7ons  can  also   leverage  Cloud  Compu7ng  solu7ons  for  
cost  efficiency   is  the  op7mum   resource  u7liza7on  enabled  by   deploying  Internal  Private  Clouds.  In  a  
fully   controllable   on-­‐premises   environment   organiza7ons   can   deploy   tools   that   allow   automa7c  
provisioning  and  scalability   over   mul7-­‐tenant  resources.  With  this  approach,  large  organiza7ons  can  
op7mize  the  use  of  previous  ICT   investments  resul7ng  in  significant  improvements  in  opera7onal  cost  
efficiency   and  agility.   Some  tools   that   can  support   organiza7ons  in   this   approach   are  Open  Nebula,  
Eucalyptus,  Ubuntu  Enterprise  Cloud  and  OpenQRM.  

  Healthcare   organiza7ons  can   also   leverage   Cloud   Compu7ng   solu7ons   to   access  an   almost  
unlimited  amount  of  resources  to  perform   heavy   computa7onal  tasks  (e.g.   HPC)   that   in  some  cases  
cannot   be  accomplished   on-­‐premises  due   to   the   large   capital   investment   they   require.   The   usage  
based  pricing  model  of  Cloud  Compu7ng  enables  organiza7ons  to  use  very   large  amounts  of  resources  
for   short   periods  of   7me.   Several  case   studies  have  demonstrated   this  advantage   not   only   in   the  
medical   research   field   but   also   when   performing   large   batch   file   conversions   and   tes7ng   ICT  
infrastructures  among  others  (e.g.  Harvard  Medical  Research,  NYT,  Soasta,  etc.).

  Quality   and   cost   efficiency   in   care   services   can   also   be   achieved   by   enabling   efficient  
collabora7on  between  clinicians.  For   this  purpose  SaaS  tools  can  contribute   to   connect  prac77oners  
and  centralize  knowledge.  Another  op7on   for  leveraging  collabora7on   is  given  by   the  EPD  project,  an  
“empty”  infrastructure  consis7ng   of  an  index  system  that   enables  the  retrieval  of  pa7ent   informa7on  
on-­‐demand  from  decentralized  repositories  (each  of   the   connected   organiza7on’s  system).   With  this  
approach  prac77oners  can  access  each  others  previous  work  in  order  to  build  their  prac7ces  on  these  
findings.   This  results  per  defini7on  on  improved  cost  efficiency  (e.g.   reused  test  results,  less  redundant  
treatments,   etc.)   as   well  on  quality   improvements  (e.g.   no  contradictory   and   poten7ally   dangerous  
treatments,  less  medical  errors,  etc.).  

  Another  poten7al  improvement  when  using  Cloud  Compu7ng  solu7ons  in  Dutch  healthcare  is  
the   improvement   in  care  service  availability   and  con7nuity.  The  7mely   decision  making  character  of  
healthcare  due   to   the  high   impact   it   has   on   ci7zen’s  lives  implies  that   prac77oner   need   accurate  
medical  informa7on  on-­‐demand  to  perform   their   jobs  beOer   and  more  efficiently.   For   this  reason,  
medical  informa7on  must   be  always  available  to  clinicians  in  order  to  guarantee  the  delivery   of  care  
services  to  ci7zens.  As  reflected  in  some  of  the  case  studies  analyzed  in  this  report,  organiza7ons  can  
leverage  Cloud  Compu7ng  solu7ons  for  affordable  failover   and  backup  mechanisms  that  improve  the  
con7nuity  of  care  services.   Moreover,   the   elas7c  character   of  Cloud  Compu7ng  solu7ons  guarantees  
that   ICT   systems   and   infrastructures   will  never   suffer   from   down7mes   due  to   planning   errors   in  
resource  provisioning  and  alloca7on.      

  An  interes7ng  use  case  for  leveraging  Cloud  Compu7ng  solu7ons  in  healthcare  is  to  be  able  to  
guarantee   the   con7nuity   of   care   services   in   case   of   large   health   threats   or   catastrophes   (e.g.  
pandemics,  bioterrorism,  earthquakes,  etc.).  In  these  situa7ons  the  demand  of  care  services  increases  
unexpectedly   and   rapidly   crea7ng   in  some  cases  a  workload   that   cannot   be  handle  by   non-­‐elas7c  

Towards a Healthy Cloud Page 169 of 218 Juan Hernández Colomina

models.  The   elas7c  character   of  Cloud  solu7ons  can   solve  this  issue  as  more   resources  are  allocated  
instantly  as  the  demand  of  care  services  rises.  Moreover,  cost  efficiency  is  also  improved  as  resources  
are  scaled  down  when  demand  decreases  (once   the  situa7on  is  back   to  normal).   It   is   important   to  
note  that  on-­‐demand  elas7city  of  resources  leads  per  defini7on  to  larger  process  throughputs  which  is  
a  necessary  development  in  order  to  deal  with  the  increasing  demand  of  services.

  Organiza7ons  are   constantly   challenged   by   ever   changing   market   condi7ons.   This  requires  
them  not  only   to  leverage  opera7onal  agility  by  adap7ng  their  processes  over  7me  but  also  to  use  the  
right   tools   at   the   right   7me  for   each   specific   situa7on.   To   meet   this   needs   external   and   internal  
sorware  providers  must  reduce  the  7me-­‐to-­‐market   of  their  new  applica7ons  significantly.  By  using  a  
PaaS   environment   for   the   rapid   development   and   deployment   of   applica7ons  these   tools   can   be  
delivered   on   a   7mely   basis.   This   results   in   significantly   lower   7me-­‐to-­‐market   as   deployment,  
maintenance  and  upgrades  have  minimum  impact  on  the  tool’s  availability.  A  healthcare  oriented  case  
study   related  to   this   usage  of  Cloud   Compu7ng   can   be  found  at   PresidioHealth,   a  HIPAA   compliant  
sorware  company  which  is  able  to  build  and  deploy   SaaS  applica7ons  20%   faster  than   before  using  

  The  use  of  Cloud  Compu7ng  solu7ons  in   healthcare  is  influenced   by   the  size  of  organiza7ons.  
In   general   small   healthcare   organiza7ons   (e.g.   GPs,   Specialists  Clinics,   etc.)   should   focus   on   cost  
efficiency   by   leveraging   the   usage   based   pricing   model   of   Cloud   Compu7ng   solu7ons.   Large  
organiza7ons  (e.g.  Hospitals,  etc.)  on   the  other  hand  should  focus  more  on   resource  op7miza7on  by  
building  Internal  Private  Clouds  or  by  using  Cloud  solu7ons  to  perform  heavy   computa7onal  on  a  cost  
efficient  basis  (e.g.  medical  research).  For   this  purpose,  hybrid  models  for  non-­‐mission  cri7cal  data  or  
when   persistent   data   is   maintained   on-­‐premises   in   a   n-­‐7er   architecture   (see   PresidioHealth   case  
study)  are  the  most  recommended  use  cases  for  large  organiza7ons.

  According   to   healthcare   organiza7ons,   the   most   significant   barriers   for   the   adop7on   of  
technology   in   this   sector   are   security   and   the   cost   of   technology   followed   by   the   lack   of  
interoperability  with  exis7ng  solu7ons  and  legal  and  privacy   issues.  Public  Clouds  improve  the  cost  of  
technology  for  Cloud  Users  due  to  service  mul7-­‐tenancy  and  Private  Clouds  achieve  the  same  goal  due  
to  resource  op7miza7on.   Moreover,   the  security   offered  by   large  Cloud   Providers   might   also  be  in  
some  cases  beOer   than   in   certain   situa7ons  (e.g.   small  businesses,   home   networks  of  doctors,   etc.)  
but  legal  and  privacy   issues  and   the  lack  of  interoperability   due  to  the  lack  of   standards  are  cri7cal  
issues  that  disqualify  the  largest  Public  Cloud  offerings  at  the  moment  of  wri7ng.

  Documented  issues  in  current   Public  Clouds  solu7ons  include  security  incidents,  privacy   leaks,  
availability  and  performance  of  services.   Security  in  current  IaaS  Public  Clouds  has  been  compromised  
in   the   last   year   by   cartography   and   bad   neighbor   aOacks   that   can   affect   service   reliability   and  
performance.  Moreover,  it  is  not   clear  yet  what  are  the  procedures  for  data  dele7on  and  how  the  full  
isola7on  of  tenants  guarantees  performance.  This  are  important  issues  in  the  EPD  context.

Towards a Healthy Cloud Page 170 of 218 Juan Hernández Colomina

  The  performance  (e.g.  latency)  of  the  largest  Public  IaaS  offerings  is  also  a  cri7cal  issue  being  in  
some  cases   too   poor   to  meet   cer7fica7on   requirements.   However,  the  next   networking  technology  
will  enable  higher  bandwidth  therefore  minimizing  the  effect  of  network  latency  when  boOlenecks  are  
generated  at  the  public   internet  level.   Dutch  healthcare  organiza7ons  can  select   a  Cloud  Provider  in  
their  own  country  to  minimize  the  effect  of  latency  on  performance.  

  During  2009   there  has  been  a  number  of   outages  in  Public  SaaS,   PaaS  and  IaaS  offerings  witch  
dura7on   and   recovery   7mes  unacceptable  in   the   EPD   context.   The   lack  of   features  for   the  proper  
isola7on  from  the  public   internet  (e.g.   point-­‐to-­‐point  connec7ons)  is   also  another   cri7cal   issue  that    
that   makes  current   Public   Clouds  not   applicable  to   the  EPD   context.   Nevertheless,   na7onal  Cloud  
Providers  specialized  in  healthcare  might  offer  such  solu7ons  on  a  customized  basis.  

    For  this  reasons  we  recommend   the  use  of  large  Public   Clouds  (Internal  or  External)  by  Dutch  
healthcare   organiza7ons   exclusively   for   selected   uses   cases   involving   non-­‐mission   cri7cal   or   non-­‐
sensi7ve   data.   Some   examples   of   these   cases   are   tes7ng   applica7ons   with   dummy   data,   high  
performance  compu7ng  with  encrypted   or   non-­‐persistent   data,  fail-­‐over   for  applica7ons  that  do  not  
use  pa7ent   or   sensi7ve  data  (e.g.   Medical  Model  Analysis,  Gene7c  Tests,   etc.).  Private  Clouds  on  the  
contrary   are  well  suited  for  crea7ng  solu7ons  that  comply   with  NICTIZ  cer7fica7ons.  We  elaborate  on  
some   of   the   most   relevant   tools   for   building   Private   Clouds   in   the   next   sec7on   (see   sec7on   5,  
recommenda7on  for  Cloud  Providers).  We  recommend  healthcare  organiza7ons  to  evaluate  this  tools  
if  they  plan  to  build  a  Private  Cloud  to  connect  to  the  EPD.

4.2. Which   type   of   Cloud   Compu*ng   solu*ons   fit   within   the   current   legisla*ve  
context  and  poli*cal  agenda  in  The  Netherlands?  
  The  Dutch  Government   is  very   aware  of  the  challenges  that  the  healthcare  system  is  currently  
facing.   Focus  on   quality   improvements   and   opera7onal   efficiency   is   repeatedly   reflected   in   their  
policies  and  legisla7ons.  For   this  purpose,   the  Dutch  Ministry  of  Health  has  ini7ated  a  reform  of  the  
healthcare  system  in  2006   with  the   introduc7on  of  a   compulsory   private   insurance  for   each  ci7zen.  
The   transforma7on   is  aimed   to  shir   the   power   from   healthcare  providers   to   consumers,   and   the  
control  from  public  bodies  to  insurers.  

  As   a   part   of   this   transforma7on,   the   Dutch   government   has   started   in   2008   with   the  
introduc7on  of  an  na7onal  electronic  pa7ent   record  system  (EPD)  to  facilitate  the  7mely  exchange  of  
accurate  medical  informa7on.  The  main  goal  of   this  project  is  to  improve  the  quality   and  accessibility  
of  healthcare  on  a  cost  efficient  manner   by   enabling  collabora7on  between  medical  prac77oners.   All  
three  goals  (quality,  accessibility,  and  cost  efficiency)  are  also  the  most  common  goals  found   in  Cloud  
Compu7ng   adop7on  case  studies.  For   this  purpose  we  have  limited  the  scope  of  our   research  to  the  
applicability  of  Cloud  Compu7ng  in  the  EPD  context.

Towards a Healthy Cloud Page 171 of 218 Juan Hernández Colomina

  The  Dutch  government  believes  that  if  healthcare  organiza7ons  have  7mely  and  secure  access  
to  relevant,   complete   and   accurate  clinical  data  (e.g.   previous  health   encounters,   test   results,   etc.)  
they   can  improve  the  quality,   accessibility   and  affordability   of  care   services  they   provide  to  ci7zens.  
The  EPD  is  developed  to  provided  these  features  to  Dutch  healthcare  organiza7ons.  An  example  of  the  
poten7al   benefits   of   the   EPD   is   the   reduc7on   of   medical   errors   in   diagnosis,   medica7on   and  
treatments  by  increasing  the  availability  of  accurate,  complete  and  relevant  clinical  data.  

  As  the  government  has  currently  no  enforcing  power  to  make  the  use  of  the  EPD  compulsory,  
the  Ministry  of  Health  has  created  NICTIZ,   an  organiza7on  to  support  healthcare  organiza7ons  in  their  
use   of   ICT.   NICTIZ   has   developed   a   cer7fica7on   program   to   regulate   secure   access   to   the   EPD  
infrastructure.   Healthcare  organiza7ons  that   want   to   connect   to   the   EPD   need   to   obtain   the   GBZ  
cer7fica7on  which  includes  the  use  of  XIS  cer7fied  sorware  and  ZSP  cer7fied  connec7vity.  The  XIS  and  
ZSP   cer7fica7ons   are   obtained   by   the   sorware   manufacturer   and   the   network   provider   used   to  
connect   to  the  EPD  respec7vely.  However,   if  a  healthcare  organiza7ons  develop  their   own  sorware  
and  want  to  connect   directly  to  the  EPD  they   need  to  obtain  these  two  cer7fica7ons  previously  to  the  
GBZ  cer7fica7on.  

  NICTIZ  cer7fica7on   requirements  determine  the  feasible  Cloud  Compu7ng  models  that  Dutch  
healthcare  organiza7ons  can  apply   to  connect  to  the   EPD.   Therefore   there  are  three  possible  Cloud  
Compu7ng  models  (or  any  combina7on  of  them):  Cloud  GBZ,  Cloud  ZSP  and  Cloud  XIS.  

A.  Cloud  GBZ  Example

  A  Cloud  GBZ  is  a  health  informa7on  systems  that  can  connect   to  the  EPD   and  runs  on  a  Cloud  
Compu7ng   plaxorm   as   defined   in   this   research.   The   informa7on   system   must   provide   all   Cloud  
Compu7ng   features  described   in   phase   1   of   this   research   and   comply   with   all   GBZ   cer7fica7on  
requirements  established  by  NICTIZ  (see  appendix  N).  

  GBZ  requirements  are  grouped  in  five  main  areas:  prac7cal,  organiza7onal,   data  management,  
access,   connec7on  and  security.  Prac7cal  requirements  describe  the  profile  of  organiza7ons  that  are  
allowed  to  access  the  EPD  and  delimit  the   scope  of  applica7ons  and   network  providers  that   can  be  
used.  Only   healthcare  organiza7ons  that  have  completed  the  UZI  registra7on  process  and  have  wriOen  
agreements  with  their   ZSP   cer7fied   network   provider   and  their   XIS  cer7fied  sorware  provider   can  
connect  through  their  XIS   applica7on  to  the  EPD.   To  further   analyze  the  feasibility   of   the   Cloud  GBZ  
model,   we  assume  that   the  organiza7on  is  using   XIS   and  ZSP   cer7fied  providers  as  they   are  further  
elaborated  in  the  Cloud  XIS  and  Cloud  ZSP  models  later  on  this  sec7on.  

  Organiza7onal  requirements  describe  the  organiza7onal  processes  and  resources  needed  to  
maintain   GBZ   compliance   including   training,   procedures,   documenta7on,   support,   governance,  
security,  accountability,  etc.  Requirements  in  the  data  management   area  focus  on  the  use,   accuracy  
and  protec7on  of   pa7ent   data.  They   include  requirements  for   the   proper   iden7fica7on  of   pa7ents,  
dossier  management,  rights  and  ini7al  registra7on  of  pa7ents,  data  storage,  data  integrity,  control  and  

Towards a Healthy Cloud Page 172 of 218 Juan Hernández Colomina

security.  Storage  plays  a  crucial  role  in  data  management   as  GBZ  organiza7ons  must   not  only   store  
data   during   the   legal   storing   7me   but   also   provide   data   overviews,   daily   back   ups   and   discard  
procedures.   The  requirements  in  the  access  group  are  created  to  determine  who  and  how  individuals  
can  access  the  EPD.  They   include  procedures,  restric7ons  and  controls  for  the   use   of   UZI  cards,   UZI  
readers,   UZI   server   cer7ficate,   log   management,   delega7on   of   responsibili7es,   pa7ent   (ini7al)  
approval,  data  disposal  and  data  integrity.

  Connec7vity   requirements  refer   to  the  appointment   of   responsibili7es  related  to  configuring  

and   maintaining   EPD   connec7vity.   They   include  requirements  to   determine   the  minimum   allowed  
availability   (including   maintenance),   power   con7nuity,   7me   synchroniza7on,   domain   name  and   IP  
address  configura7on,  and  the  accurate  alloca7on  of  resources  to  guarantee  availability  and  response  
7mes.  The  security  requirements  area  focuses  on  protec7ng  the  EPD   against  unauthorized   access  or  
filling  by  controlling  the  protec7on  of  (XIS)  sorware  interfaces.

  Arer  analyzing  all  GBZ  requirements  we  have  selected  the  ones  that  could  delimit  the  possible  
characteris7cs  of  a   Cloud  GBZ   solu7on.   In  prac7cal  terms,   a  Cloud  GBZ   must   be  able  to  allow   the  
installa7on  of  secure  server   cer7ficates,   to  deploy   XIS  cer7fied  sorware  and  to  connect   to  the   EPD  
through  a  cer7fied  ZSP  connec7on  (e.g.  on-­‐premises  or  external).  All  supported   opera7ng  systems  in  
current   Cloud   Compu7ng   IaaS   offerings   include   the   configura7on   of   server   cer7ficates.   The  
applicability  of  XIS  and  ZSP  models  are  elaborated  further  in  this  sec7on.  

  At   the  applica7on  layer  it   must   be  clear   which  interfaces  connect  to  the  EPD   as  they   must  be  
properly   protected  against   data  leakage  and  unauthorized  access.   For   this  purpose,   the  applica7on  
must   contain   features  for   logging,   audit   and  control  and   the   par7al  or   total  block   of   pa7ent   data  
exchange.   In  order   to  enable  secure  access  to  the  EPD,  the  applica7on  must  also  provide  support  for  
the  use  of  UZI  cards,  UZI  reader  and  UZI  server  cer7ficate  including  monitoring  and  repor7ng  features,  
log   management   and  usage  control.  These  features  are  dependent  on  the  XIS  sorware  connec7ng  to  
the   EPD.   Current   IaaS   and   PaaS   solu7ons   enable   the   development   of   such   applica7ons  in   various  
programming  languages  (e.g.  Java,  Python,  etc.).

  The  Cloud  GBZ  must  ensure  data  availability,  correctness  and  security.  For  this  reason,   isola7on  
of  the  XIS  applica7on  and   pa7ent  data  are  crucial  requirements  and  they  can  be  accessed  exclusively  
for   EPD  purposes.   Based  on   recent   security   issues  reported   in   the   last   year   on  Public   Clouds   (e.g.  
cartography   and   bad  neighbor   vulnerabili7es,   data   leaks,   data   losses,   etc.)   we   believe  that   at   the  
moment   of   wri7ng   that   Public   Cloud   models  (Internal  or   External)   do   not   fully   comply   with  these  
isola7on  requirements  and  with  na7onal  laws  and  regula7ons.

  To   guarantee   the   con7nuity   and   availability   of   the   EPD   connec7on,   the   Cloud   GBZ  
infrastructure  must   con7nuously   perform   above  the  agreed  level,  with  a   maximum   of   1   outage   per  
month  with  no  more  than  15  minutes  down7me,  a  maximum  of  2   outages  per  year  with  no  more  than  
1   day   down7me   and   a   maximum   amount   of   planned   maintenance   of   12   7mes   per   year   with   a  

Towards a Healthy Cloud Page 173 of 218 Juan Hernández Colomina

maximum   down7me   of   1   hour.   Almost   all  current   Cloud   Compu7ng   offerings   have   proven   higher  
availability  scores  over  the  last   year  and  guarantee  them  in  SLAs.  However,  some  Public   Cloud  outages  
and   maintenance   have   resulted   in   longer   recovery   and   maintenance   7mes   than   the   maximum  

The  infrastructure  must   also  be  able   to   scale  resources  in   order   to  handle,   the  exchange   of   (HL7)  
messages   and   SSL   sessions   with   response   7mes   below   the   agreed   maximum.   Moreover,   the  
infrastructure  must   include  measures  against  power  shortage  (e.g.  UPS)  and  NTP  7me  synchroniza7on  
with  an  allowed  devia7on   of   one  second.   In  order   to  enhance  security,  each  connec7on  to  the   EPD  
must   always  use  a  dedicated  IP  address  and  domain  name  and   every  XIS   sorware  interface  must  be  
properly  protected  (e.g.  firewall,  DMZs,  etc.).  Moreover,  the  Cloud  GBZ  must  provide  scalable  storage,  
daily  back  ups,  stored  data  overviews  and  procedures  for  effec7ve  data  disposal.

  All  Cloud   Compu7ng   providers   offer   large  scalability   of   resources   as  it   is   one  of   the   most  
commercially  interes7ng  features  of  such  solu7ons.  Some  them  offer   automa7c   scalability   based  on  
pre-­‐defined  paOerns  which  enables  fully  availability  in  all  possible  situa7ons.  Cloud  data  centers  have  
also  taken  measures  against  power  failures  (e.g.  UPS  fail-­‐over,  replica7on,  etc.)  and  in  some  cases  even  
more  advanced   than   enterprise  solu7ons.   Daily  back-­‐ups,  NTP   7me  synchroniza7on,   data  overviews,  
and  IP  and  domain  name  configura7on  are  standard  features  in  available  Cloud  Compu7ng  solu7ons.    

  Response  7mes  are  an  important  issue  for  current  Public   Cloud  models.  For  example,  arer  the  
introduc7on  of  spot  prices,  Amazon’s  IaaS  offering  experienced  response  7mes  much  larger  than  the  
maximum   allowed.   Another   issue   is   data   disposal   procedures   in   Public   Clouds.   As   resources  are  
reallocated   to   other   customers,   it   is   not   clear   how   current   providers   eliminated   data   before  
realloca7on.  Although  there  have  not  been  any  reported  leaks  of  this  type,  it  is  not  clear  wether  data  
is  later   available  to  the  next  customer.   Public  Cloud  providers  need  to  improve  their  transparency   on  
this  issue  as  most  enterprises  need  this  kind  of  assurance.  

  An   example   of   a   possible   Cloud   GBZ   solu7ons   is   Adastra   in   its  managed   hos7ng   version  
together  with  LSPconnect   a  plugin  to  connect  to  the  EPD   infrastructure.  Both  products  are  offered  by    
E.nova7on   B.V.   in  The  Netherlands.   Adastra  is   a  XIS   cer7fied   informa7on   management   system   for  
organiza7ons  that  provide  primary  care  arer  office  hours  (huisartsenposten  in  Dutch).  The  applica7on  
is  offered  to  Dutch  healthcare  organiza7ons  in  two  forms:  on-­‐premises  or  in  a  managed  hosted  version  
(SaaS).   The   SaaS   model   is   developed   to   allow   users  to   leverage   E.nova7on’s   data   center   for   full  
availability   and  con7nuity   of  care  on  a  cost  efficient   manner.  E.nova7on  has  two  data  centers  where  
data  is  replicated  between  them  using  a  SAN  storage  solu7on.   Together  with  the  LSPconnect  plugin  on  
its  managed  hos7ng  version  they  both  make  a  SaaS  solu7on  that  offers  a  XIS  cer7fied  applica7on  and  
a   ZSP   cer7fied   connec7on.   As   these   are   essen7al   requirements   to   obtain   the   GBZ   cer7fica7on  
organiza7ons  can  use  these  two  products  to  comply  with  most  of  the  EPD  technical  requirements.

Towards a Healthy Cloud Page 174 of 218 Juan Hernández Colomina

B.  Cloud  ZSP  Example
  A  Cloud  ZSP  is  a  connectIon  to  the  EPD  that  runs  on  a  Cloud  Compu7ng  plaxorm  as  defined  in  
this  research.   The  connec7on  must   offer   all  Cloud  Compu7ng  features  described  in   phase  1   of  this  
research  and  comply  with  all  ZSP  cer7fica7on  requirements  established  by  NICTIZ  (see  appendix  M).  

  Dutch  healthcare  organiza7ons  can  choose  to  implement   their  own  ZSP  cer7fied  connec7on  to  
the   EPD  or   use  a  external  provider   for   this  purpose.   A   external  Cloud  ZSP   is  interes7ng  specially   for  
small  organiza7ons  (e.g.  GPs,  specialists  clinic,  etc.)  where  the  costs  of  a  direct  connec7on  to  the  EPD  
are  too  high.  The  majority   of  small  organiza7ons  do  not   have  enough  resources  (e.g.  capital,  human  
resources,  ICT,  etc.)  to  comply  with  ZSP  requirements.  For  example,   for  a  GP   working  alone  on  his  own  
prac7ce  it   is  very   complex  and  expensive  to  implement   24x7   availability,  firewalls,  etc.   By   leveraging  
the   external  knowledge  and   experience  as  well  as  the  resources  of  the  Cloud  ZSP   provider   they   can  
implement  cost  efficient  EPD  connec7vity.  

  The   main   purpose   of   the   Cloud   ZSP   provider   is   to   facilitate   the   exchange   of   electronic  
messages  between  their   clients  (GBZs)  and  the  na7onal  switching  point   (LSP)  including  connec7ons  to  
tes7ng   and   produc7on   LSP   environments.   To   achieve   this   goal   ZSP   requirements   focus   on   the  
func7onality,  implementa7on  and  exploita7on  of  the  connec7on.  

  The   func7onality   of   data   communica7ons   must   comply   with   two   groups   of   requirements:  
connec7vity  and  domain  name  system  requirements.  The  connec7on  of  the  LSP  must  use  a  fixed  pre-­‐
assigned  IP  address  an  comply  with  a  set  or   predefined  physical  requirements  (e.g.  UTP,  duplex  mode,  
fixed  speed,  etc.)  without  making  (par7al)  use  of  the  public  internet  network.  The  connec7on  must  be  
able   to   connect   to   the   UZI   register   through   the   LSP’s   rou7ng   func7onality   and   to   Cer7ficate  
Authori7es   (CAs).   Domain   name   server   requirements   include   registering   GBZs   hosts   and   domain  
names,   forwarding   DNS   zones,   management   of   authorita7ve   primary   and   secondary   DNS   servers,  
reverse  DNS  zones  and  the  configura7on  of  the  LSP’s  DNS  server  as  slave  for  each  subdomain.

  The  implementa7on  of  the  connec7on  must  also  comply  with  a  series  of  security,  availability  
and  response  7mes  considera7ons.   ZSP   organiza7ons  must   have  security   policies  embedded  in  the  
organiza7on   regarding   employees,   physical   security   (e.g.   network   devices),   access   management,  
protec7on  against   internet  threats  (e.g.  virus,   spam,   hackers,   etc.),  security   incidents  and  con7nuity  
management.  In  general  terms  the  ZSP  connec7on  must  be  available  24  hours  per  day  and  7   days  per  
week,   with   a  specific   maximum   number   of   allowed   malfunc7ons  and   recovery   7mes   per   type  of  
malfunc7on.   Moreover,   the  con7nuity   of  the  connec7on  and  DNS  services  must   be  guaranteed   by  
providing  sufficient  backup  and  fail-­‐over  mechanisms  to  cope  with  hardware  malfunc7ons.   The  Cloud  
ZSP  must   communicate  any   malfunc7on,   its  progress  and  recovery  to  all  connected  GBZs  and  the  LSP.    
Response  7mes  of   network   round  trips  between  GBZs  and  the  LSP  must   be  in  90%  of   all  cases  bellow  
200  milliseconds.  For  this  purpose,  network  traffic  to  the  LSP  must  be  priori7zed.  

Towards a Healthy Cloud Page 175 of 218 Juan Hernández Colomina

  Exploita7on  requirements  focus  on  the  ongoing  use  and   maintenance  of  the  ZSP   connec7on  
and  they   include  organiza7onal,  management  and  user  support  considera7ons.  Most  of  them  do  not  
affect  the  solu7on  to  be  applied  as  they  include  contractual  and  administra7ve  requirements  to  report  
and   solve   malfunc7ons,   maintenance   and   other   outages.   The   Cloud   ZSP   must   provide   points   of  
contact  for  user  support  and  system  administrators  as  well  as  migra7on  support   to  and  from  other  ZSP  
providers.  User  support  should  be  priori7zed  according  to  service  levels  and  must  be  able  to  handle  all  
issues  reported  by  connected  GBZs.

  When  analyzing  the  applicability  of  Cloud  Compu7ng  we  observe  that   isola7on  from  the  public  
internet   network   is  an   issue  in   current   Public   Clouds.   Although   secure   VPN   connec7ons  in   Hybrid  
Clouds  are  possible  (e.g.  Amazon’s  Virtual  Private  Cloud)  effec7ve  public  internet  isola7on  can  only  be  
achieved  by   for  example  point-­‐to-­‐point  connec7ons  which  are  feature  currently  not  available  in  Public  
Clouds.  Moreover,   as  SSL   is  supported  in  almost   all   cases  the  implementa7on  of   connec7ons   to  the  
UZI  register   and  CAs  can   also  be   implemented.   Regarding  DNS  management,   current   IaaS  solu7ons  
offer   all  the  required   func7onality.  The   only   issue  we   observe  is  that  fixed  speed  is  only   offered  by  
some  current  Public  Cloud  providers.

  Looking  at  current  Public   Cloud  offerings  we  must  also  conclude  that  although  they  apply  high  
end   security   tools  (e.g.   data  encryp7on,   firewalls,   spam   and   virus  protec7on,   back-­‐ups,   etc.),   the  
isola7on   and   performance  of  mul7-­‐tenant  resources  s7ll  needs  to  be  improved.  For   example,   during  
the  last  years  cartography   aOacks  and  bad  neighbor  vulnerabili7es  have  been   reported  on  Amazon’s  
EC2.   Although   the  guaranteed   availability   of   Public   Clouds  currently   complies  with   the   maximum  
allowed  malfunc7ons,   recovery  7mes  even  during  planned  maintenance  is  in  some  cases  larger   than  
allowed.  Another  important  issue  in  Public   Clouds  is  the  lack  of  transparency  in  security  architectures,  
malfunc7ons,   their   progress   and   their   solu7on.   Most   providers   (e.g.   Amazon)   communicate  
malfunc7ons  through  a  web  dashboard  or   website  instead   of  contac7ng  users  directly.  They   also  do  
not  publish  a  lot  of   security  specifica7ons  to  avoid  suffering  aOacks  based  on  that  knowledge  (spoiler  
effect  of  informa7on).  

  Response  7mes  are  a  crucial  issue  for   the  use  of  current   Public  IaaS  solu7ons.  In  figure  27.  The  
single  trip  responses   from   the   USA   to  Amazon’s  EC2   cloud  are   measured   from   November   2009   to  
January   2010.   The  effect  of   the  spot   pricing  models  is  clearly   observed  in  the  increase  in  response  
7mes  from  an  average  of  50  ms  before  the  introduc7on  to  much  above  200  ms  arerwards.  In  any   case  
the  op7mum  level  of  50  ms  is  s7ll  the  maximum  allowed  by  cer7fica7on  as  the  200   ms  round  trip  from  
GBZ  to  LSP  means  100  ms  round  trip  to  each  and  therefore  four  50  ms  single  trips.

Towards a Healthy Cloud Page 176 of 218 Juan Hernández Colomina

Figure  27:  Ping  latency  to  Amazon  EC2  amer  spot  price  introduc*on


  A  example  of  a  current  Cloud  ZSP   solu7on  is  E.nova7on’s  LSPconnect  plugin   to   link   GBZs  and  
the   LSP   through  a  ZSP   cer7fied   connec7on.   The   offering   is  offered   both  on-­‐premises  or   hosted   at  
E.nova7on’s  data  center,  possibly   in  combina7on  with  other  solu7ons  (e.g.   Adastra  SaaS  solu7on).  As  
the  managed  hosted  version  of  LSPconnect  is  ZSP  cer7fied  to  connect  to  the  EPD,  it  complies  with  our  
defini7on  of  Cloud  Compu7ng   in  a  Private  External  PaaS  model  so  it   can   be   considered  a  Cloud  ZSP  
solu7on.   This   is   specially   interes7ng   for   small   healthcare   organiza7ons   in   order   to   achieve   cost  
efficient  EPD  connec7vity  without  the  need  to  cer7fy  their  connec7ons  or  applica7ons.  

C.  Cloud  XIS  Example

  All  XIS  cer7fica7on  requirements  can  be  accounted   for  in  the  development  of   the  applica7on.  
Most  of  the  current  XIS  cer7fied  sorware  has  been  developed  using   the  most  common  programming  
languages  (e.g.  Java,  .NET,  etc.).  As  these  languages  are  also  supported  in  all  IaaS  and  PaaS  offerings  it  
is   therefore  possible  to   build  XIS   (SaaS)   applica7ons   on   them.   An   example  could   be  the  managed  
version  of  Adastra  which  is  XIS  cer7fied  and  in  also  offered  as-­‐a-­‐service  at   E.Nova7on’s  data  center  
which  complies  with  our  defini7on  of  Cloud  Compu7ng.

  A  final  remark  should  be  made  on  the  fact   that  the  EPD  infrastructure  is  a  Cloud  Compu7ng  
environment  from  each  healthcare  provider’s  perspec7ve  where  features  are  forced  by  requirements  
in  the  NICTIZ  cer7fica7on  program.  For   example,  scalability  and  elas7city  is  enforced  in  requirement  to  
have   enough  storage  and   bandwidth   to   handle   all   message   exchanges.   The  on-­‐demand   feature   is  
guaranteed   by   requirements  related  to   back-­‐ups,   fail-­‐over   and  con7nuity   of  opera7ons,.   Moreover,  
ZSP   solu7ons  are   oren   offered   as-­‐a-­‐service  by   external  ICT   providers  and  their   solu7ons  use   the  
internet   as  the  network  plaxorm.   The  usage  based   pricing   model  can  be  included  in   EPD   cer7fied  
solu7ons  by  ICT  providers  although  this  is  currently  not  oren  the  case.

Towards a Healthy Cloud Page 177 of 218 Juan Hernández Colomina

4.3. How   do   current   regula*ons   facilitate   or   difficult   the   adop*on   of   Cloud  
  In   our   research   we   have   focused   on   the   introduc7on   of   a   electronic   pa7ent   records  
infrastructure  (the   EPD),  one   of  the  largest   and   most  significant  ICT  projects  in   the   Dutch  healthcare  
sector.   Regula7ons  that   determine  the   technical  requirements  needed   to   connect   to   the   EPD   are  
developed  by  NICTIZ  in  GBZ,  ZSP  and  XIS  cer7fica7on  programs.  We  have  analyzed  these  requirements  
previously   in   this  research  and  although  the  majority   of  them  are  realis7c  and  found  in   other  secure  
inter-­‐organiza7onal  infrastructures,  some  requirements  have  a  clear  focus  on  na7onal  large  healthcare  
organiza7ons  (e.g.   hospitals,   etc.)  and  na7onal  ICT   providers.   First,   the   ICT   investments  needed   to  
comply   with   all  NICTIZ  requirements  are  in  most  cases  too  high   for  small  and  medium  organiza7ons.  
On  the   other  hand,   required  network   response  7mes  and  speed,   customized  support   and  dedicated  
limit   the   available   providers   to   na7onal   ICT   provider   specialized   in   healthcare   and   with   custom  
solu7ons  that  meet  all  the  needs.

  As  small  organiza7ons  (e.g.  GPs,  etc.)  need  to  find  ways  to  meet  all  the  requirements  on  a  cost  
efficient  basis,   there  are  large  opportuni7es  for  intermediaries  that  deliver  part  of  the  solu7on  (e.g.  a  
cer7fied   ZSP   connec7on,   a  cer7fied   XIS   applica7on,   etc.).   These   intermediaries   deliver   the   same  
solu7on  to  more  than  one  client,  therefore  capitalizing  the  investment  as  sales  volume  rises.  Although  
this  enables  cost  efficiency   for  all  individual  customers,  it   represents  a  cost   inefficiency  for   the  whole  
system  as  these  intermediaries  increase   overall  costs  with   their   profit  margins.  If  requirements  were  
more  easy   and   less  expensive  to  implement  there  will  not  be  intermediaries,  therefore   reducing  the  
overall  cost.

  Cloud   Compu7ng   solu7ons  outside  NL   are   excluded   by   legisla7on   as  pa7ent   data   must   be  
stored  within  the  Dutch  na7onal  domain.  As  a  consequence,  the  largest  and  more  mature  Public  Cloud  
vendors  are  excluded   as  they  are  oren  locate  in  the  United  States.   These  providers  in  the  USA  have  
demonstrated  several  HIPAA  compliant  best  prac7ces.   Even  the  USA  government  has  created  a  Private  
External  Cloud  to  be  used  by   all  governmental  bodies  and  is  planning  to  enforce  the  use  of  this  cloud  
by  law  by  2010.  

  It  is  important  to  note  that   par7cipa7on  of  all  healthcare  providers  is  a  cri7cal  success  factor  
for  EPD   ini7a7ve.  Although  at  the  moment  of  wri7ng   the  use  of  ICT   in  Healthcare  is  not  yet  enforced  
by   Dutch   law,  the  Dutch  government  is  planning  to  improve  this  in  the  coming   years  by   making   EPD  
par7cipa7on   compulsory   to   all   healthcare   organiza7ons.   The   Dutch   government   should   carefully  
examine  Cloud  Compu7ng   best   prac7ces  of   the  USA   when   developing   future  laws  and   legisla7on,  
taking  into   account  the  effects  of   globaliza7on  and  improving   the   limita7ons  of  data  localiza7on  and  
response  7mes.

Towards a Healthy Cloud Page 178 of 218 Juan Hernández Colomina

  Although  the  cer7fica7on  program  and  architecture  of  the  EPD  infrastructure  provides  enough  
flexibility   to  implement  many   different   solu7ons,   it   implies   also  a  added  security   risk   for   the  whole  
system.  If  n  providers  connect   to  the  EPD   there  can  be  n  different   construc7ons  in  place  as   long   as  
they   comply   with   the  requirements.   Some  might   deploy   high  end  hardware  or   contract   leading   ICT  
providers,  others  might  use  less  reliable  hardware  or  contract  smaller  ICT  providers.  This  means  that  in  
the   current   situa7on   the   EPD   is  as  strong   as   it   weakest   link.   This   also   implies   a  significant   cost  
inefficiency   for   the   whole  system  represented  by   the  sum   of   differences   between  the  investments  
made  by  the  weakest  GBZ  and  the  investments  of  all  other  connected  GBZs.

Towards a Healthy Cloud Page 179 of