Professional Documents
Culture Documents
FH BKO-C06
Startup In The Cloud
Information Systems For Startup Companies Based On Cloud Computing
Submitted To:
Submitted By:
FH BKO-C06
Cloud computing is a technology that enables to use software as a service. Cloud computing service
providers assure to deliver the software at less cost than ever. The services are promised to run without
downtime and require solely an internet connection and a browser. Some services are completely free, such
as Google Mail, whereas others like Salesforce are paid according to the effective usage. Cloud computing
promises flexible business processes in order to keep up with constantly changing markets, shorter lead times
and better connectivity by using the intelligence of social networks.
These promises are not unheard, the business press is constantly giving an account of cloud computing.
But what does it mean for startups, entrepreneurs and small companies? This thesis Startup in the Cloud
examined whether cloud computing is secure, affordable, simple, lawful, available to all industries and
whether it is encouraging innovation.
The research results have shown that startups and small companies are able to benefit from the cloud
computing services the most. The absence of capital expenditure is excellent news for startup companies and
they also have a leveraged advantage out of the flexibility that cloud computing offers. Simply because
smaller organisations can capitalize faster on new market opportunities in comparison to larger companies.
The downside is the dependency on the service provider, the reason being that data is stored in a data
center and depending on the contract and technical hurdles can it prove to be difficult to move to another
service provider. However, by seriously assessing the business requirements and analyzing the risks, it is
possible to compare offerings from different service providers in order to avoid being locked. Furthermore,
supranational organizations, public institutions, non-profit organizations, private communities and even the
IT industry aim towards an open cloud with compatible, public standards.
Cloud computing has been given the potential to democratize global business opportunities, as
principally anyone with internet access has the chance to use sophisticated information systems. This seems
to be an interesting prospect for startups, entrepreneurs and small companies from all over the world. The
author of this thesis recommends strongly to assess the opportunities that cloud computing offers to them.
i
Table of Contents
Management Summary........................................................................................................................ I
Declaration........................................................................................................................................... V
Definition ................................................................................................................................................ 2
Essential Characteristics ........................................................................................................................... 3
Service Models ........................................................................................................................................ 6
Deployment Models.................................................................................................................................. 8
Cloud Computing Security..................................................................................................................... 10
Cloud Computing Enablers And Trends ................................................................................................. 11
Connecting Clouds............................................................................................................................. 11
Open Standards And Open Source Community ................................................................................ 12
Service Orientation ........................................................................................................................... 13
Grid Computing ................................................................................................................................ 13
Significance: Defining Cloud Computing ............................................................................................. 14
ii
Fundamental Business Economics .......................................................................................................... 34
Cloud Computing In Large Enterprises ................................................................................................. 35
Variations And Industries ........................................................................................................................ 36
Ever Changing Business Requirements .................................................................................................. 38
Relationships As A Driver ................................................................................................................. 38
Buyers Become Sellers...................................................................................................................... 40
Human Interaction Management ...................................................................................................... 41
Trends..................................................................................................................................................... 44
Encouraging Innovation By Simplicity ............................................................................................. 44
Software Paradigm Shift Away From Conventional To Pay As You Go ..........................................45
Freemium - Cloud Computing As A Potential Cost Trap .................................................................. 46
Hosted Open Source Business Opportunities .................................................................................... 46
Paradigm Shift Of Change – From Push To Pull And From Mass To Micro Markets ...................... 47
Mega Data Centers............................................................................................................................ 47
Brokering Cloud Services ................................................................................................................. 48
Significance: Market, Economics And Trends ....................................................................................... 49
Evaluation Guide............................................................................................................................... 50
iii
Conclusion: Cloud Computing Information Systems For Startups .............................................. 67
Table Of Tables................................................................................................................................... 68
Table Of Illustrations......................................................................................................................... 69
Bibliography....................................................................................................................................... 70
iv
Declaration
I certify that:
! the thesis being submitted for examination is my own account of my own research
! the data and results presented are the genuine data and results actually obtained by myself during the
conduct of the research
! this thesis in identical or similar form has not yet been submitted to any other board of examiners
…..........................................
v
Methodological Approach
! Literature research
! Consulting experts
Experts have been consulted in order to get answers on specific questions of interest:
! Both, experts with a distinct academical background and experts with rather practical background
have participated
The following table shall give an overview of how the methodological approaches have been applied:
Theoretical only * Mixed theoretical and Rather practical *** Own assumptions &
practical ** conclusions ****
Initial Position x
Problem Analysis x (H)
Defining Cloud Computing x
Political Implications and
Standardization
x
Markets, Economics and
Trends
x
Evaluation Guide x
Conclusion x
Table a: Application of methodological approaches. Annotations: (H) main questions and
assumptions hypothesized / * Without results from “Consulting Experts” and completely derived and
supported by literature / ** Includes results from “Consulting Experts” and extensively derived and
supported by literature / *** Includes results from “Consulting Experts” and enhanced with derived opinions
from the author of this thesis / **** Setting in context Assumptions & Findings with own experiences
The citations within text, footnotes and bibliography have generally been made on the base of Chicago
Manual of Style (Note with Bibliography). This style has been introduced in 1906 and is now in its 15 th
edition. It is widely used in the Angle-Saxon area for scientific publications and books and is the base for
several other styles. 1
The following list reflects the accredited value of the source types that have been used. In general, the
sequence gives an account of the importance given, the exception proves the rule. The designations in the
1 cf. University of Chicago, “The Chicago Manual of Style Online - 15th Edition: Chicago-Style Citation Quick Guide.”
vi
brackets specify the citation type due to the Chicago Manual of Style (Note with Bibliography) according to
which the citation elements are structured:
! Documents from standardization bodies with widely recognized acceptance from the business and the
academic world (Book or Report or Document)
! Videos (Video)
! An online database application filled with survey replies from consulted experts ( Interview)
! Emails (Email)
vii
Startup in the Cloud 1
Initial Position
Founding a global operating, sustainable company is the dream of many young people. In order
to fulfill this dream, fresh ideas, drive, innovation, reliable partners and efficient information
handling, amongst many other points, are required. Inspiration and creativity knows no boundaries
and many, somewhat challenging, ideas may at first have been scorned, only to be finally
acknowledged as something which truly adds value to our society.
There is a new wave of technology; some call it a new business philosophy, which could help
young entrepreneurs to make their dream come true. It is called cloud computing. Cloud computing
promises to provide highly-scalable information systems over the internet. All that is required is an
internet browser. No investment capital is needed as it follows the pay-as-you-use principle. If what
the business press and cloud computing pioneers say is true, then cloud computing could offer
unforeseen opportunities to broad levels of the population, no matter where, as long as internet access
is granted. It could, in a manner of speaking, enable young people to “Startup in the Cloud”.
But is cloud computing secure, affordable, simple to implement and in line with national laws?
Does it foster innovation and is it available to all industries?
This bachelor thesis will answer these questions in a neutral and comprehensible way. It
highlights the needs of startup companies who probably have the highest demand for smart but
affordable information systems. The thesis is divided into four main parts:
! Market, economics and trends: How cloud computing can be used and the most important
trends
The intended readers are startup companies, entrepreneurs who want to make a change, executive
management level from smaller companies and chief information officers, but also everyone else
who is interested in technology and in doing business.
Startup in the Cloud 2
“Cloud Computing is a new term for a long-held dream of computing as a utility, which has
recently emerged as a commercial reality.” 2 University of California
Cloud computing does not have a birthday and it was not formally invented. Some underlying
technologies have been used since the beginning of computing. Cloud computing is basically a new
way of delivering computer resources as a service. According to IDC's analysis, this emerging market
for cloud services is estimated to grow from $17.4bn in 2009 to $44.2bn in 2013. In spite of these
numbers, cloud computing is not yet clearly defined and is still in an early, but dynamic development
process. 3 4 5
Definition
There is no universal definition for cloud computing, as it is a highly controversial topic. The
most heard criticism is that cloud computing is nothing new and therefore does not need a definition.
To complicate matters further, no cloud computing standard work has been published yet with an
acceptance analogue like for example Kotler's “bible” in the field of marketing. 6 7 8
However, the most used definition source is a two-pages word document which was initially
written in 2008 by the Computer Security Division of the US National Institute of Standards and
Technology (NIST) and since then has continuously evolved under the auspices of NIST after
extensive consultation between IT governance institutions, industry and academia.The European
Network and Information Security Agency (ENISA), which also gained authority in the cloud
computing area, has leveraged the NIST definition by accepting it in November 2009 as the leading
cloud computing definition. 9 10 11
2 in dependence on Parkhill, 1966, "The Challenge of the Computer Utility", cited by Armbrust et al., Above the Clouds:
A Berkeley View of Cloud Computing , 2.
3 cf. Rittinghouse and Ransome, Cloud Computing: Implementation, Management and Security , 21.
4 cf. Baun et al., Cloud computing: Web-basierte dynamische IT-Services , 7.
5 cf. Gens, Mahowald, and Villars, 2009, "IDC Cloud Computing 2010 - An IDC Update", cited by Catteddu and
Hogben, Cloud Computing: Benefits, Risks and Recommendations for Information Security , 4.
6 cf. Khajeh-Hosseini, Sommerville, and Sriram, “Research Challenges for Enterprise Cloud Computing,” 1.
7 cf. Chen, Paxson, and Katz, What’s new about Cloud Computing Security? , chap. 2.
8 cf. Balachandran, “The Messiah of marketing.”
9 cf. Nelson, Briefing Paper on Cloud Computing and Public Policy , 2.
10 cf. Object Management Group et al., “Cloud Standards Coordination.”
11 cf. Catteddu and Hogben, Cloud Computing: Benefits, Risks and Recommendations for Information Security , 14; 93.
Startup in the Cloud 3
Illustration a: Visual Model of the NIST Working Definition of Cloud Computing. Source: Reproduced according
original source by NIST, 2009.
The following sub-chapters are structured according to the NIST definition and quote in each
case at the beginning the appropriate definition followed by further considerations.
Essential Characteristics
Many attributes can be accredited to cloud computing, but according to NIST these five essential
characteristics can be named: First, on-demand self-service, second, broad network access, third,
resource pooling, forth, rapid elasticity and fifth, measured service. With one of them missing, cloud
computing can in the strict sense not be called as such, or at least the usage value will be limited if
one is missing. To improve the reader friendliness, are the conclusive literally quotes set in grey tone.
This can help smaller companies to overcome the obstacles for sophisticated e-business
cooperations. For example, with the latest generation of cloud-based payment services is it possible
to easily include payment systems into web applications. Specialized service providers such as
PayPal make such cloud web services available to their customers (from end-users up to
multinational companies) and require no more extensive contracts and long-term commitments. It is
just pay-as-you-go via credit card. Small companies or even micro businesses such as startups now
have online commerce opportunities that go beyond traditional online shopping. 14 15 16 17
2. Broad network access: “Capabilities are available over the network and
accessed through standard mechanisms that promote use by heterogeneous thin
or thick client platforms (e.g., mobile phones, laptops, and PDAs).” 18
While platform independence has released applications from proprietary hardware, can cloud
computing applications be used from anywhere, anytime with any type of device, as long as it has
a browser. 19
The Cloud Security Alliance (CSA), an often cited non-profit organisation with individual
members from science and industry, has chosen to align with the NIST definition but argues the
undervaluation of virtualization by subordinating it to resource pooling, the same applies to multi-
tenancy. 21
In fact, virtualization is both; a strong enabler for the upraise of cloud computing and at the same
time not necessarily a requirement. Cloud services can for example be deployed directly on a server
without (hardware) virtualization layer. However, virtualization is usually deployed because the
virtualization can adjust better to changing performance requirements and uses the resources more
14 cf. Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing , 6.
15 cf. Lasica, Identity in the Age of Cloud Computing: The Next-generation Internet's impact on Business, Governance
and Social Interaction, 71-72.
16 cf. Reese, Cloud application architectures , 174.
17 cf. Lawson, “PayPal opens door to developers.”
18 Mell and Grance, “The NIST Definition of Cloud Computing v15.”
19 cf. Velte, Velte, and Elsenpeter, Cloud Computing: A Practical Approach , 92.
20 Mell and Grance, “The NIST Definition of Cloud Computing v15.”
21 Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 , 15.
Startup in the Cloud 5
efficiently. Widely known are enterprise hardware virtualization technologies such as VMware or the
open-source Xen hypervisor, which for example is used by Amazon Web Services (AWS), a well-
established cloud service from the cloud computing provider pioneer Amazon. Virtualization can also
happen on the software layer, as for example SaaS is using it to offer different users, different,
decoupled services while running only one software. 22 23
Many other definitions than the one from NIST define the multi-tenancy model as an integral
characteristic of cloud computing. CSA describes its role as follows: “Multi-tenancy in cloud
service models implies a need for policy-driven enforcement, segmentation, isolation, governance,
service levels, and chargeback/billing models for different consumer constituencies. Consumers
might utilize a public cloud provider’s service offerings or actually be from the same organization,
such as different business units rather than distinct organizational entities, but would still share
infrastructure.” 24 The architectural approach of multi-tenancy can lead to improved operational
efficiency because the shared infrastructure, data, metadata, services, and can be shared across
many different consumers. 25 26
Some conditions must be met to profit from rapid elasticity. Not every application can simply
be put in a cloud environment, it needs to be“architected for seamless scale-up and scale-
down in a linear fashion in response to load or declarative policy […] automatic scaling
requires additional levels of management of the basic cloud system infrastructure, and it may
not be consistently available across cloud system infrastructure providers.” 28
The measured service characteristic distinguishes the usage-based cloud computing pricing from
hosting (rent) and common outsourcings which are to a greater or lesser extent inflexible contracts. 30
Service Models
Cloud computing consists of three distinctive service models which are Software as a Service
(SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Additionally, several
other secondary variations exist. 31
SaaS is sometimes described as the user level of cloud computing because SaaS applications are
ready to use and just need to be logged in via a browser. Basically, no administrative hassle occurs, at
least as long as no change to the SaaS provider is planned. 33
SaaS can often be adjusted to company processes and user-specific look-and-feel but usually lack
the possibilities to customize it on a deeper level. Some application providers are addressing this
problem by offering Application as a Service (APaaS). They open up the hood to their customers by
letting them configure, customize and extend the application thanks to integrated development,
deployment and management services. These services are optimized for cloud computing by
supporting the delivery of the end application as a multi-tenant cloud service without losing the fine-
grained elasticity of the cloud computing infrastructure. Typical APaaS offerings are the online
database application Zoho Creator and Salesforce's Force.com platform service. 34
The development does not happen on a low level; it applies the metadata-driven programming of
the model-driven architecture. However, compared with pure SaaS leads APaaS to additional
complexity – this is something that startup companies usually try to avoid. Rather than looking for
precise adjustments they look for elasticity and seamless integration to other information systems. 35
30 cf. Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing , 20.
31 cf. Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 , 15.
32 Mell and Grance, “The NIST Definition of Cloud Computing v15,” 2.
33 cf. Rayport and Heyward, “Envisioning the Cloud: The Next Computing Paradigm,” 7; 29.
34 cf. Knipp et al., Creating Cloud Solutions: A Decision Framework , 8.
35 cf. Ibid., 2; 8-10.
Startup in the Cloud 7
PaaS is sometimes described as the developer level of cloud computing, as it is the developers
and tech-savvy users who make the infrastructure layer available to the (end-)user. A difference is
made between the sub-categories Programming Environments and Execution Environments . Cloud
programming environments (for example Django Framework) depend on “conventional”
programming languages and selectively complement them with additional functionalities. Parts of the
software are decoupled which eases the adaption of “conventional” environments atop cloud
computing environments. By contrast cloud executing environments (for example Google Apps) rely
usually on their own programming environment. However, the borderline between cloud
programming environments and cloud execution environments has become more blurred. 37 38
IaaS is sometimes described as the IT level of cloud computing because IaaS is close to the
hardware that is commonly operated by so-called “typical” IT personnel such as infrastructure
system engineers. IaaS providers (for example IBM Blue Cloud) isolate the hardware from the upper
development and application layers in order to maintain a high flexibility to scale-up/out and
protection against hardware failures. This abstraction is usually done with the already mentioned
hardware virtualization. The aspect of deploying complex existing applications and its middleware to
IaaS is probably less relevant for non-IT startups, because they usually start on the greenfield and are
therefore more likely candidates for ready to use SaaS applications. 40 41 42
Deployment Models
According to NIST, cloud computing instances can be operated according to four different
deployment models: Private Cloud, Community Cloud, Public Cloud and Hybrid Cloud . However, it
cannot be assumed that every cloud provider support all of these deployment models. 43
Private clouds and efficient on the premises installations can have many common characteristics
such as virtualization or the same programming models and tools. The difference is the ability of
private clouds to move workloads into their own infrastructure and outside sets of infrastructure at
the same time. However, as the structure is already reasonably in the public cloud and has gained
some independence, it can offer unforeseen opportunities because of the ability to turn the tables by
opening their (private) cloud services to external partners to collaborate or to run it like a profit
centre. 45 46
In the strict sense can private clouds not be categorized as cloud computing because “it lacks
the freedom from capital investment and the virtually unlimited flexibility of cloud
computing.”47 Nonetheless, the fact that private clouds can be run behind the organization's
firewall can make it a feasible entry point to the world of cloud computing “for companies
that either have significant existing IT investments or feel they absolutely must have total
control over every aspect of their infrastructure.” 48 49
Enterprises, groups or individuals who have a common purpose share their collective distributed
computing power in order to accumulate many community cloud subsets that are all connected within
trusted Virtual Private Networks.51
43 cf. Khajeh-Hosseini, Sommerville, and Sriram, “Research Challenges for Enterprise Cloud Computing,” chap. 1.
44 Mell and Grance, “The NIST Definition of Cloud Computing v15,” 2.
45 cf. MacDonald and Smith, “Gartner Fellows interview with Microsoft's Ray Ozzie on Cloud Computing.”
46 cf. Bittmann, “Building a Private Cloud: Are We There Yet?.”
47 Reese, Cloud application architectures , 19.
48 Ibid.
49 cf. Khajeh-Hosseini, Sommerville, and Sriram, “Research Challenges for Enterprise Cloud Computing,” chap. 3.2.
50 Mell and Grance, “The NIST Definition of Cloud Computing v15,” 2.
51 cf. Cloud Computing Use Case Discussion Group, “Cloud Computing Use Cases White paper - Version 3.0,” 30-31.
Startup in the Cloud 9
“There are growing concerns over the control ceded to large cloud vendors, especially the
lack of information privacy […] the distributed resource provision from Grid Computing,
distributed control from Digital Ecosystems, and sustainability from Grid Computing, can
remedy these concerns […] Replacing vendor clouds with nodes potentially fulfilling all
roles, consumer, producer, and most importantly coordinator [...] by utilizing the spare
resources of networked personal computers collectively to provide the facilities of a virtual
data centre and form a Community Cloud.” 52 The concept of a community cloud is
challenging because of its technical complexity and issues related with distributed
computing, the heterogeneity of the nodes, varying quality of service and other security
constraints. 53
3. Public cloud: “The cloud infrastructure is made available to the general public or
a large industry group and is owned by an organization selling cloud services.” 54
The University of California, Berkeley (UC Berkeley) expands the NIST definition of a
public cloud as follows: “When a Cloud is made available in a pay-as-you-go manner to the
general public, we call it a Public Cloud; the service being sold is Utility Computing.” 55
Utility computing means that only the current needed amount of resources is being provided.
Due to technical and commercial developments, utility computing has finally made its
commercial breakthrough in the form of cloud computing because it is now possible to
consume these resources in the simple manner of Apple's App Store for the iPhone -
marketed off the shelf, automatically deployed and deducted. 56 57 58
Hybrid clouds are often used to swap specific functionalities or peak performance requirements
to third party cloud providers. 60
“It seems that having your data in the cloud on machines you do not control is very
emotionally challenging to people.” 61 George Reese, enStratus
A restrained point of view regarding moving its data into the cloud can certainly not only be
accredited to the natural disposition of IT decision makers. In fact, cloud computing has not yet
grown up, critical voices about the insufficient security are unmistakeable. The different aspects need
to be considered according the specific requirements, a serious assessment may help to identify
potential issues.
There are three main fields that cover most security aspects of cloud computing: First, legal
aspects, second, regulatory compliance and third, standards compliance . Each of these main fields is
connected with political questions regarding global governance of the information society. These,
several other issues and additionally a guiding model will be introduced later on in this thesis. 63 64 65
“An important point to keep in mind is that the cloud does not introduce any new security
threats or issues. To put security in perspective, cloud computing as a whole can be
considered the ideal use case to highlight the need for a consistent, transparent, standards-
based security framework regardless of cloud deployment model.” 66
Cloud Computing Use Case Discussion Group
To put it in a nutshell: A safe car does not necessarily mean a safe drive!
Besides the already mentioned key technologies and concepts of which cloud computing is based
on, other aspects should be mentioned. The ability to connect clouds, virtualization, open source
software & community and additionally technologies from which cloud computing has borrowed its
flexible, modular, interconnected nature; service orientation and grid computing.
Connecting Clouds
The connecting of clouds can bring the benefits of easily connection applications. It requires
suitable Application Programming Interfaces (API). API's enables the cloud applications and
services to communicate in the background whilst remaining invisible for the user. For example is it
possible to connect to a SaaS address database application with an SaaS accounting database in order
to implement a seamless workflow between the two programs. API's exist not exclusively in the
62 Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing , 15.
63 cf. Zittrain, The future of the Internet and how to stop it , 1.
64 cf. Reese, Cloud application architectures , 63-64.
65 cf. Nelson, Briefing Paper on Cloud Computing and Public Policy , 10.
66 Cloud Computing Use Case Discussion Group, “Cloud Computing Use Cases White paper - Version 3.0,” 43.
Startup in the Cloud 12
cloud computing world but an industry consensus in favour of common, open, standardized API's
becomes apparent. 67 68
Open standards are also important for the “emerging service model definitions associated with
cloud service brokers, those providers that offer intermediation, monitoring,
transformation/portability, governance, provisioning, and integration services and negotiate
relationships between various cloud providers and consumers.” 69
In the meantime, open standards are becoming crucial for enterprise solutions and to a certain
point important for enterprise customers in order to maintain their employer credibility and
competitiveness on the human resources market.
The reason is thus that “open source technologies tend to attract large and vibrant
communities and ecosystems around them, with one result being a variety of products and
services tailored for enterprise use. So if an enterprise is not happy with the service or
support it is receiving from one vendor, it can turn to a different vendor for that service and
support – and if all else fails, it has ready access to the source code and the communities that
created and maintain it.” 73 74
67 cf. Velte, Velte, and Elsenpeter, Cloud Computing: A Practical Approach , 120-122.
68 cf. Khajeh-Hosseini, Sommerville, and Sriram, “Research Challenges for Enterprise Cloud Computing,” 19.
69 Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 , 16.
70 Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing , 19.
71 cf. Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 , 16.
72 Reese, Cloud application architectures , 27.
73 Sun Microsystems, Inc., “Open Source & Cloud Computing: On-Demand, Innovative IT On A Massive Scale,” 5-6.
74 cf. Nelson, Briefing Paper on Cloud Computing and Public Policy , 6-8.
Startup in the Cloud 13
Service Orientation
Generally, regarding all the five essential characteristics , three service models, and four
deployment models NIST also adds: “Cloud software takes full advantage of the cloud
paradigm by being service-oriented with a focus on statelessness, low coupling, modularity,
and semantic interoperability.” 75
In this context, service-oriented means that the cloud applications are composed on independent,
interoperable, loosely coupled, discrete services that are connected via standardized interfaces. Such
services are stateless if a parallel running service from the same source can be reused, without
interrupting the other service. Statelessness as well as low coupling and modularity are embodied in
cloud software if Service-oriented Architecture (SOA) is used, what is commonly the case. The
semantic interoperability extends compatibility by intelligent, contextually selective allocation of and
in between services. The affirmation of NIST for the total structured architecture of SOA or similar
service-oriented architectures or web services to enables an almost borderless freedom of the service
execution. 76 77
This freedom of service execution was exactly for what reason SOA was intended for. Its
emergence was technically influenced by Object-oriented Programming (OOP) which already came
along with characteristics like abstraction, encapsulation, modularity and by the Object Engineering
Process (OEP) which models (for example with Unified Modeling Language ) business requirements
into a blueprint for software developers. This combination has been an important step towards
bridging the gap between business and technology and corresponds with the nature of SOA and as a
consequence of cloud computing. 78 79
Grid Computing
There would be no cloud computing without the world wide web. The word web is an
abbreviation of network. Sun Microsystems (SUN) has been one of the companies that pushed the
development of linking networks the most. Its chief researcher John Gage mentioned 1984 that the
network is the computer. Back then, he did not foresee the internet or cloud computing, but he already
realized then that computer infrastructure and data does not necessarily need to be tied together and
that comprehensive networks can lead to better collective results. Some years later, in the early
1990s, was the term grid computing introduced in dependence to the power grid. The idea was
simply that computing becomes a utility, same as electricity, consumable at every place where there
75 Mell and Grance, “The NIST Definition of Cloud Computing v15,” 2.
76 cf. Fingar, Dot.cloud: The 21st Century Business Platform , 43.
77 cf. Ibid., 55-57.
78 Stantchev and Schroepfer, 2009, in a collected edition of Abdennadher, Advances in Grid and Pervasive Computing:
4th International Conference, GPC 2009 , 25.
79 cf. Oestereich, Analyse und Design mit UML 2: Objektorientierte Softwareentwicklung , 21-24.
Startup in the Cloud 14
is a network. Such distributed computing calls for the decoupling of location, data, network
connection and processing power hardware. Several computers can share one task, it does not matter
where they stand, they just need to be connected with a network. Comparably, the virtualization
follows a similar approach; the hardware layer is abstracted from the software layer. The concept is
just the other way around. In grid computing share many computers the execution of one software,
while the virtualization enables to run several software on one or more hardware devices. Cloud
computing would not have made such a strong impact without virtualization and is also inseparable
from the distributed network approach of grid computing. 80 81 82
For startups, entrepreneurs and small companies, the following aspects of cloud computing
regarding its characteristics and technology may be of special interest:
! Cloud computing as utility computing facilitates the use of sophisticated information systems
80 cf. Rittinghouse and Ransome, Cloud Computing: Implementation, Management and Security , 21-22.
81 cf. Fingar, Dot.cloud: The 21st Century Business Platform , 25-27.
82 cf. Stanoevska-Slabeva, Grid and Cloud Computing: A Business Perspective on Technology and Applications , 5.
Startup in the Cloud 15
The internet is a global phenomenon – the information society is becoming reality. Global
solutions are needed to address issues which the information society is facing and open standards are
what cloud computing is in need of. Global solutions may offer new markets and significant
opportunities for startups and young entrepreneurs on all continents. However, the political
conditions and global standardization efforts must be understood in order to get an indication of the
future of the information society and its most important “tools”, such as cloud computing.
In the field of Information and Communication Technology (ICT) is the executive United
Nations (UN) agency International Telecommunication Union (ITU) having the paramount
responsibility. Its vision is to bring the ICT benefits to all the citizens of the world by assisting the
governments and the private sector of UN member countries in mobilizing the necessary technical,
financial and human resources.. 83
In 2002 initiated the former UN general-secretary Kofi Annan the World Summit on the
Information Society (WSIS) to involve all stakeholders, individual privacy activists as well
as business organisations and mentioned later on: “What do we mean by an information
society? We mean one in which human capacity is expanded, built up, nourished and
liberated, by giving people access to the tools and technologies they need, with the education
and training to use them effectively.” 84
WSIS has been created to find multinational answers to the challenges of the information society.
A focus point of its work is bridging the digital division between western countries and developing
countries. WSIS measures indicators of its UN member countries regarding their development state
of the ICT infrastructure and how the population is ready to use it. WSIS is deducts implications
about the design of action plans, about how to govern the internet and about the usage of which
financial mechanisms to create a sustainable incentive system. WSIS has created in 2006 two
executive institutions that should help them to reach the goals. First, the UN Group on the
Information Society (UNGIS) that coordinates with the relevant UN bodies and organizations such as
the World Bank, the International Monetary Fund (IMF) or the World Trade Organization (WTO)
83 Lips, 2006, in a collected edition of Koops et al., Starting points for ICT regulation: Deconstructing prevalent policy
one-liners, 41-46.
84 Annan, 2005, cited by Hayden, Thompson, and Levy, The SAGE handbook of research in international education, 206.
Startup in the Cloud 16
and second, the Internet Governance Forum (IGF) which should solve substantive and policy
issues. 85 86
The findings of WSIS give a consolidated overview about the status quo of the global
information society. They are valid for developed and developing countries alike, whereas the bigger
parts of the programs are conducted in developing countries. Developing countries offer relatively
higher growth opportunities than developed countries – a convenient initial position in the eyes of
startups and entrepreneurs from all over the world. 87
Subsequently, listed below are itemized excerpts which resulted from the efforts of WSIS and its
affiliated organisations. They were chosen by the author of this thesis according to characteristics that
may be of interest for small and startup companies. As cloud computing is a relatively new generic
term that contains existing technologies and challenges of the information society with its underlying
ICT, cloud computing was introduced in the terminology of WSIS not earlier than in 2009.
The main topics are firstly, ICT access and use, secondly, The broadband divide, thirdly,
Availability of local content and fourthly, Data privacy. Each main topic is followed by a critical
acclaim regarding the information systems perspective with particular notice towards cloud
computing:88
1. ICT access and use: “In many respects, the digital divide continued to narrow in
2008. An important milestone in the progress towards a global information society
has now been reached: over half the world’s population has obtained at least some
level of connectivity. In addition, 80–90 per cent of the world’s population now lives
within range of a cellular network, double the level in 2000. […] One of the benefi ts
to emerge from mobile telephony has been the versatility of short message services
(SMSs), which are used for increasingly innovative purposes, including fi nancial
transactions, market price updates, news transmission, emergency alerts and other
important functions. […] At the end of 2008, half of the world’s Internet users were
in developing countries, especially in Asia. Regionally, Africa and the Middle East
are experiencing the fastest mobile and Internet growth. […] Large disparities in
terms of penetration and affordability still exist, both across and within countries
and regions […] the digital divide debate is increasingly shifting away from
measurements of basic connectivity to issues of speed (bandwidth)” 89
85 cf. Doria and Kleinwächtger, 2009, co-authored by Cerf et al., Internet Governance Forum (IGF): The First Two Years ,
7.
86 cf.International Telecommunication Union (ITU), 2007, on behalf of Touré and Panitchpakdi, World Information
Society Report 2007 - Beyond WSIS , 13.
87 cf. World Bank Publications, Information and Communications for Development 2009: Extending Reach and
Increasing Impact , 45.
88 cf. Lucas, Progress made in the Implementation of and Follow-up to the World Summit on the Information Society
outcomes at the Regional and International Levels - Report of the Secretary-General , 3-6.
89 Ibid., 3-4.
Startup in the Cloud 17
The formula is simple, without ICT equipment, business development is difficult. The continual
growing rate of the world's population which have access to communication instruments is good to
know for entrepreneurs. Globally seen, it leads to millions of new potential customers by every
year. 90
Still, there is a long way to go. Developed countries have one hundred times more secure servers
compared to developed countries. Reliable information systems and especially secure e-commerce
platforms are required to enable online business. A benefit of using cloud computing is that simply a
browser is required that supports encryption; for example Firefox, which is freely available. 91 92 93
Adding to the circumstances is the fact that many people in developing countries use mobile
technology, including for financial transactions. With this background in mind, it is foreseeable that if
they acquire up to date equipment, there will be less constraints regarding the usage of new
technologies compared to developed countries.
On the contrary to developing countries, IT departments have built up the structures and gained
conceptual experience over the period of decades in developed countries. For them is it possibly
more “emotional challenging” to let their data manage by a cloud computing provider compared to
an entrepreneur in a developing country that until a year ago was doing financial transactions solely
via SMS or not at all and now has the chance to use sophisticated cloud computing applications. 94
Cloud computing could give companies in developing countries the chance to compete with
companies in developed countries at eye level. Engagements in cooperation are also an option due to
the fast developments of social networks that now cover most aspects of business. These competitive
improvements and possible cooperations could lead to solid economic growth in the developed
countries, which is necessary to reduce poverty and to build up a stable civil society. Initiatives such
as the 100$ One-Laptop-per-Child (OLTP) have had positive effects on the spot in developing
countries and also helped the western society to recognize the need of developing countries for ICT
infrastructure and education. It was even an initiator for the now very popular netbooks. 95
divide” […] The slow response discourages or even prevents people from using
applications that would improve effi ciency and enhance productivity […] The United
Nations system and other partners – including Governments, civil society and the
private sector – are focusing on broadband issues as part of their efforts to assist
developing countries achieve WSIS targets and meet the Millennium Development
Goals.” 96
The awareness of the importance of broadband requires honest, forceful efforts of both, the
governments that are leveling the way with regulations and an investor friendly environment and the
private sector which should take the risk to invest in these yet to be developed markets. If the basic
broadband infrastructure will be available everywhere around the world, it will be a logical
consequence that the bandwidth will be used with modern business tools as well. It will be up to the
choice of the startups, SMB's and entrepreneurs in these developing countries whether they prefer to
use cloud computing information systems or to wait until they can afford to build their own data
centers. 97 98
Advanced information systems offer at least a partial content management functionality that
supports multi-language. Content Management Systems (CMS) can be API-connected with mashup
services that integrate content such as news, maps or market information to interconnect into one
localized, user-friendly web platform. Such localized services can be especially interesting for
startups to fill a local market niche. The needed internet web 2.0 technology is widely available for
free and does not necessarily require cloud computing. 100 101
96 Lucas, Progress made in the Implementation of and Follow-up to the World Summit on the Information Society
outcomes at the Regional and International Levels - Report of the Secretary-General , 4.
97 cf. Subramanian, “Cloud Computing and Developing Countries – Part 2.”
98 cf. Ibid.
99 Lucas, Progress made in the Implementation of and Follow-up to the World Summit on the Information Society
outcomes at the Regional and International Levels - Report of the Secretary-General , 4-5.
100cf. Knipp et al., Creating Cloud Solutions: A Decision Framework , 10.
101cf. Vembu, “Startup in the Cloud - Consulting Experts - Interview with Sridhar Vembu from Zoho Corp. about
Innovation,” col. 4.
Startup in the Cloud 19
4. Data privacy: In the recent past, privacy has become one of the central themes of
the emerging information society, not least in the light of the expanded role of
search engines on the Web and of the fast spread of social networking services […]
There is also a perceived threat to the personal integrity of users from entrusting
too much personal information in the hands of large corporations (e.g. Yahoo,
Google, Facebook, MySpace […] Trans-border data fl ows have the ability to
circumvent national laws […] The main purpose of data protection legislation is to
ensure that personal data are not processed without the knowledge and, except in
certain cases, consent of the data subject […] These trends may suggest a need for
more effective and up-to-date public policies and regulations at the international,
regional, national and local levels. Cyber security and inadequate data privacy
solutions are dealt with differently by countries with dissimilar priorities,
challenges and levels of development. Many different national approaches have
surfaced, but a global response to this truly global problem is yet to emerge.
While the main topics number one (ibid. ICT access and use) and two (ibid. the broadband
divide) can be attributed due to the lack of availability of up to date ICT equipment in developing
countries, the main topic number four (ibid. data privacy) is a problem that directly effects every
country. Compromises in privacy and security are firstly, a result of lacking legal frameworks on
global and national level and secondly, issues due to the lack of standardization.
Provided that the international society is truly getting involved to make an effort for these four
WSIS goals, it could lead slowly but surely to millions of new internet users all over the world. Many
of them will do business and will need modern information systems. By using information systems
based on cloud computing, they will have the chance to use up to date applications without first
having the need to build up their own infrastructure or initiate the build-up by an outsourcing
provider. That can be an interesting prospect for startups and companies in underdeveloped countries
but equally for startups and innovative companies in developed countries who are willing to take the
risk.102
Global data flows need harmonized approaches to facilitate cloud computing operations which
requires consensual cooperation on regulations and standards. International organizations can be of
help to achieve this consensus by providing an exchange of information, education and concrete help
in developing countries, but basically it is at the liberty of every independent country to set legal
standards that cover cloud computing. As most countries have different regulations, even within the
European Union, is it difficult to state what needs to be changed in which country. A study conducted
by information policy scientist Paul T. Jaeger about cloud computing and information policy has
102cf. Lucas, Progress made in the Implementation of and Follow-up to the World Summit on the Information Society
outcomes at the Regional and International Levels - Report of the Secretary-General , 3-6.
Startup in the Cloud 20
summarized the most crucial points that lawmakers and politicians should be aware of and try to
improve.103
! Protections of privacy
There is a obviously a difference between these points compared with the goals (ibid.: 1. ICT
access and use, 2. The broadband divide, 3. Availability of local content, 4. Data privacy) from the
WSIS (ibid.). Jaegers points correspond only with 4. Data privacy. The reason is simply that WSIS is
intended for the international community including developing countries while Jaegers points are
intended for the national level in developed countries.
The following chapters provides a glimpse of the situation by presenting extracts of current cloud
computing discussions in the United States (U.S.), Asia and Europe (EU). The focus lies on cross-
national exchange of data as it is there where cloud computing offers in particular many points open
to attack because of its distributed nature. 104
United States
To a certain extent most things concerning cloud computing are happening in the United States or
in collaboration with U.S. institutions such as NIST (ibid. Computer Security Division of the US
National Institute of Standards and Technology) or companies such as Amazon, Salesforce, Google
or IBM. The United States are an intellectual and technological leader in the field of cloud
computing. Therefore, in order to understand what is happening politically and legally in the United
States concerning open clouds and cross-country data exchange, one can draw conclusions to get the
status quo on a worldwide level and conceive future implications. It may be interesting to look ahead
103cf. Jaeger, Lin, and Grimes, “Cloud Computing and Information Policy: Computing in a Policy Cloud?,” 280-281.
104cf. Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing , 15.
Startup in the Cloud 21
to where U.S. visionaries and information society lobbyists wants to lead their government, as this
opinion-forming process will have an impact on future directions on a worldwide level. 105 106
The influential non-profit organisation Aspen Institute Communications and Society Program
repeatedly composes a memo to every new U.S. president with calls on how to affect the policies in
favour of a sustainable society. The 2009 edition, intended for Barack Obama or John McCain, the
future president having not been decided by then, focused on policy proposals and general advice on
Information Technology (IT). The proposals and advice are U.S.-centered, but as the economy of the
United States is still by far the biggest and the innovation capabilities of its scientific institutes and
companies still world-leading, especially in the IT field, it can be of interest for the global society to
see what the focus of engagement is. 107 108 109
Number six of the six policy proposals (1. Formulate an identity agenda, 2. Mend the Patriot
Act, 3. Retraining and immigration reform, 4. Modernize the grid, 5. Deploy world-class
broadband, 6. Support an open cloud) is explicitly calling for an open cloud: “Support an
open cloud. Traditional notions that governments should hoard data within their borders is
an outdated notion with the advent of the global cloud economy. We need to pursue
architectures that allow individuals, companies and governments to plug into the best
resources on the planet, regardless of where they are located.” 110
One aspect of the open cloud is the dominance of the United States regarding the global
management and assignment of top-level domain names and IP addresses. This is still under control
of the non-profit organization Internet Corporation for Assigned Names and Numbers (ICANN)
which acts on behalf of the U.S. government. The international voices are getting louder that this
unilateral control of ICANN by a single government should be replaced by an international
independent institution. Whereas there is a consensus about this topic, there is still a big controversy
ongoing about how much influence the governments should have with regard to national policy
issues. However, the Aspen Institute, to give an example, put its money on the catalyzing effect of
the fast changing global information society that will in the long run pull down national hegemonial
ambitions. 111
105cf. World Bank Publications, Information and Communications for Development 2009: Extending Reach and
Increasing Impact , 137.
106cf. Jaeger, Lin, and Grimes, “Cloud Computing and Information Policy: Computing in a Policy Cloud?,” 280.
107cf. Lasica, Identity in the Age of Cloud Computing: The Next-generation Internet's impact on Business, Governance
and Social Interaction, 72-77.
108cf. Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 , 72-73.
109cf. O'Halloran, Charity Law Social Policy: National and International Perspectives on the Functions of the Law
relating to Charities, 315; 577.
110 Lasica, Identity in the Age of Cloud Computing: The Next-generation Internet's impact on Business, Governance and
Social Interaction, 74.
Startup in the Cloud 22
Cloud computing is given an important role because “the cloud will usher in a seismic shift
in the locus of control in our culture, and it will have ripple effects in all walks of life –
energy, the environment, national security, learning, health care, business processes,
emerging markets and much more. The cloud is about open access, rapid delivery of
services, the ability to scale quickly and the power of networks. Ultimately, though, the cloud
story is not just about computing, communication or information but about empowering
citizens.” 112
These statements – the conversion from top-down to bottom-up power – are radical in its nature
but vague in regard to what will happen concretely. Nonetheless, this to be expected shift towards a
more democratized access to high-tech resources, true globalization and commercial opportunities
that are more independent of company size sounds definitively promising to young people with
entrepreneurial spirit, startups and small companies.
Asia
The Asia-Pacific Economic Cooperation (APEC) is the leading free trade forum in Asia. It is
encouraging its member nations to improve ICT and e-commerce. The focus lies on supranational
collaboration but without to cede laws and sovereignty to other members, as they are reluctant to do
so. While Cross Border Privacy Rules are discussed in privacy-related legislative working groups,
cloud computing not yet a big topic. APEC has an Electronic Commerce Steering Group which
started discussions about cloud computing with OECD and UN organisations in 2009, but it has not
yet resulted in concrete actions or publicly accessible documents. APEC is not purely representing
Asia, as it includes countries from South-America, the United States and Canada which naturally also
belong to the Asia-Pacific area. On the other hand, the members of the Association of Southeast
Asian Nations (ASEA) are purely Asian countries. ASEA have enlarged their association to become
the ASEAN Free Trade Area (AFTA) which also includes China and Japan. Cloud computing is not
yet on the public roadmap. 113 114 115
The fact that supranational Asian efforts are almost absent should not hide the instance that cloud
computing is booming in countries like China, Korea and Japan. A survey done with 400 Asian
developers conducted by the Evans Data Corporation (EDC) has shown that 11.3 percent of them are
111 Discussion panel "Critical Internet Rescources" hosted by Aguiar, 2009, co-authored by Cerf et al., Internet
Governance Forum (IGF): The First Two Years , 227-228.
112 Aspen Institute Roundtable 2009 consisting of Firestone, Coleman, Brown, Lysyanskaya, Dyson, Clippinger, Taipale,
Bregman, Hynes, Burton, Artom, Gupta, Rotenberg, Pearson, Dyson, Dachis, Mancini, rapported by Lasica, Identity in
the Age of Cloud Computing: The Next-generation Internet's impact on Business, Governance and Social Interaction ,
77.
113 cf. Pearson and Charlesworth, 2009, edited by Koops et al., Starting points for ICT regulation: Deconstructing
prevalent policy one-liners , 133.
114 cf. Bourassa, “20th APEC Electronic Commerce Steering Group Meeting,” 7.
115 cf. Hunton & Williams LLP, “APEC Forum Discusses International Privacy Legislation Developments.”
Startup in the Cloud 23
already developing on cloud services. Interestingly, the public cloud deployment model is the most
likely type of implementation which EDC derives from the lower average age of Asian developers
compared to their western counterparts. Especially China, with its immense backlog demand for
sophisticated information systems and ICT infrastructure, could become a very interesting market.
Not only for Western and Indian cloud computing service providers, but also for entrepreneurs in
China to work in their huge domestic market and abroad, as well as in order to follow the traces of
the Indian IT services industry. 116 117
Europe
The European Network and Information Security Agency (ENISA), a sub-organisation from
the European Union suggests that “if the cloud provider is in a country outside the European
Economic Area and that country does not offer an adequate level of data protection, it is
advisable to have in place procedures in accordance with […] Standard Contractual Clauses
or Safe Harbor Principles - if the data are transferred to the United States and the cloud
provider participates in such a programme [...] however, it has to be stressed that the
transfer of data within the territory of Member States is not without problems. Indeed,
despite the fact that personal data can freely circulate within Member States, the laws are
not consistent across countries. This inconsistency may create obvious difficulties in
compliance and thus liability issues. We recommend that the European Commission take
steps towards the standardization of minimum data protection requirements in Europe. This
is particularly important in the light of the fact that the Data Protection Directive is
currently under revision. Moreover, a data protection certification scheme based on
minimum data protection standards, which are common across the Member States, may be
extremely useful.” 118
The statement of ENISA shows that even within Europe the situation is not entirely solved. It is
not clear under which jurisdiction cross-country data flows belong to and which result of the Data
Protection Directive is under revision. Some relief of the strain between the European Union and the
United States was brought by the EU Safe Harbor Principles . They underpin the data privacy of EU-
based customers which have put their data on U.S. systems. Concretely, they are not anymore
exposed to the USA PATRIOT Act (acronym for Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 – this law had been
implemented by George W. Bush after the 9/11 attack) which basically provides the U.S. government
full insight into data which they classify as suspect. Admittedly, the EU Safe Harbor Principles are
only valid if the cloud service provider supports them. That can be seen fair from the view of the
customer, but it is a burden for the cloud provider who constantly must secure in which country the
data effectively is stored and has therefore obey different jurisdictions. This is difficult to manage,
weakens the flourishing of the free services market and is generally not longer suited to this day and
age of the internet society. 119 120
The Council of Europe focuses rather on the hazard potential and wishes a law enforcement
regarding cloud computing. “We need to have access to traffic data, need subscriber
information, and experience shows us that such information helps us to prosecute criminals
and bring them to court […] we have international cooperation and we can take urgent
measures to assure the safety of data in other countries. If a person's data is stored in
another country there is probably a lower level of protection of rights. We need to give law
enforcement the tools to protect us from cybercrime.” 121
The European Commission criticizes the lack of standardization within the heterogeneity of the
European Union, but also within the other continents. They acknowledge the United States to be the
world leader in cloud computing and advocate for a globalized open cloud market without making
concrete solutions on how to adjust the regulations to ease transnational data flows. 122 123
Finally, the OECD (ibid.) is currently calling upon governments to assure that new laws and
regulations are future-proof in a way that they will not limit the potential of cloud computing. They
grant the governments an important role in fostering standards, especially regarding service-level
management and interaction. They also mention the important role of public procurement by
referring to the example of government of Washington D.C., which has switched thousands of
workstations to using cloud computing applications. 124
Notably, the cloud computing provider at Washington D.C. is Google Apps – suited to the
occasion the following statement from the OECD, which recommend to “use the power of
the purse in their IT procurement policies, governments can push companies to find
consensus on the key Cloud standards.” 125
119 Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 , 35.
120Jaeger, Lin, and Grimes, “Cloud Computing and Information Policy: Computing in a Policy Cloud?,” 280.
121Seger, representative of Council of Europe, 2009, cited by Anderson et al., “Workshop: Privacy, Security Implications
of Cloud Computing.”
122cf. Schubert, Jeffery, and Neidecker-Lutz, “The Future of Cloud Computing: Opportunities for European Cloud
Computing Beyond 2010,” 57.
123Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing , 15.
124cf. Nelson, Briefing Paper on Cloud Computing and Public Policy , 11.
125Ibid.
Startup in the Cloud 25
Standardization
Stable legal frameworks that cover cloud computing are required but experience shows that
legislation takes its time. The international community and the national legislative bodies, especially
politicians, are not yet advanced in expatiating upon the specific characteristics of cloud computing.
As a result they will not decide unless the decision base is clear. Regarding cloud computing
internationally recognized standards are a conducive factor. 126
In 2000, ISO and IEC expanded its circle by signing a Memorandum of Understanding on
electronic business (MoU) with the UN/ECE (United Nations Economic Commission for
Europe) whose purpose is “to minimize the risk of divergent and competitive approaches to
standardization, avoid duplication of efforts and avoid confusion amongst users [...] the
MoU will also provide greater intersectoral coherence in the field of electronic business, an
important step considering the uptake of e-commerce.” 128
These joint forces drafted in October 2009 the report Report of JTC 1/SWG-P on possible future
work on Cloud Computing in JTC 1 - ISO/IEC JTC 1 N9687, in order to start the process for a new
ISO norm. The process has started with the just mentioned proposal stage, followed by the
preparatory-, committee-, enquiry-, approval stage and will finally lead one day in the publication
stage as a new ISO and/or IEC norm on cloud computing.
Furthermore have reputable sources announced that ISO/IEC JTC1 is about to intensify its efforts
by having formed a new subcommittee (SC) in November 2009 which will contain working groups
126cf. Ibid.
127cf. Copenhagen University College of Engineering, “JTC1/SC22/WG9 - Welcome to the ISO home of Ada Standards.”
128Houlin Zhao 2000, cited by International Telecommunication Union (ITU), “ITU Telecommunication Standardization
Sector (ITU-T) - MoU on electronic business between IEC, ISO, ITU, and UN/ECE.”
Startup in the Cloud 26
for service-oriented architecture (SOA) and web services as well as a study group for standardization
of cloud computing. 129 130
Overlapping Competencies
ICANN (ibid.) is the guardian of a fully functional internet and has therefore a high interest in a
flourishing development of cloud computing. However,there are frictions between the ITU (ibid.), or
respectively its multistakeholder forum IGF (ibid.), about the hegemony in internet governance.
Subramaniam Ramadorai, chairman of one of India's leading software manufacturers and president of
the Business Action to Support the Information Society (BASIS) which is an initiative of the
“One of the schisms that came to light during an Internet Governance Forum meeting was
that between ICANN and the ITU. Some have seen this as emblematic of the clash between
traditional United Nations culture (a largely government-to-government formal process) and
Internet culture (where a range of actors meet as peers) [...] ICANN includes all relevant
stakeholders, but it deals with a specific agenda linked to ICANN’s role in the management
and technical coordination of the Internet’s domain name system.” 131
It is indeed questionable whether ICANN can have a leading role in cloud computing as they are
only specified on managing the domain name system of the world wide web.
For the record, Ramodorai answered what he had put on the table: “Only the IGF offers a
truly multistakeholder discussion forum where all members are on an equal footing, by form
and by definition. It is the only global-level space for discussions that cover the breadth and
depth of Internet governance policy issues. The IGF offers a vital place to discuss Internet
governance issues from infrastructure and access to the free flow of information and security
matters.” 132
Bottom-up Standardization
Whether IGF or ICANN feels more responsible for the development of cloud computing is
maybe not a crucial question. As a matter of fact are international governance, national legislation,
research institutes, politicians, all kind of initiatives and many standardization organisations partly
covering cloud computing and its issues. Unfortunately, there are many issues, for example
129cf. Joint Technical Committee 1, Report of JTC 1/SWG-P on possible future work on Cloud Computing in JTC 1 -
ISO/IEC JTC 1 N9687.
130cf. Cohen, “ISO Forms Group for Cloud Computing Standards.”
131Ramadorai, 2009, co-authored by Cerf et al., Internet Governance Forum (IGF): The First Two Years , 31.
132Ramadorai, 2009, co-authored by Ibid.
Startup in the Cloud 27
transborder data flows, which are not yet solved in spite of the multistakeholder approach. One could
be tempted to say that an ant on the move does more than a dozing ox but that would leave out the
fact that legislation and standardization are always lengthy processes because they require
international compromises. 133
However, internationally seen, there is a wide range of people, companies and non-profit
organisations that are not willing to wait until the international governance, the national legislations
and the highly-accredited standardization organisations have solved all issues. The cloud computing
market is booming and has led to acknowledged quasi-standards and since cloud computing is a
combination of existing technologies, a lot of the standardization work has already been done.
Furthermore, industrial demand, so-called cloud communities, the open source community that
develops fundamental software – these stakeholders drive the development of cloud computing in
form of iterative processes.
Sridihar Vembu, founder of ZOHO, a leading online office suite based on cloud computing,
describes the development as an innovation circle using the example of open source
software: “There have been major advances in open source distributed file systems and
databases in recent years, spurred by cloud computing. Javascript frameworks like jQuery
have enabled major advances in client functionality. Open source and cloud applications
have worked in a virtuous cycle of innovation, and adoption.” 134
“Many of the public policy issues, including privacy, access, and copyright protection,
raised by Cloud computing are similar to Internet policy issues that governments have been
struggling with for at least fifteen years. ”135 Michael R. Nelson, Georgetown University and OECD
Nelson's comparison of cloud computing suggests itself – cloud computing is offering many
advantages and it will probably not be stopped by political and legal issues, it will just be slowed by
the lack of standardization and hundreds of millions of world citizens that do not yet have suitable
internet access and devices. The following list summarizes the findings of Political Implications and
Standardization itemized after developing country, developed country and outlook.
133cf. Nelson, Briefing Paper on Cloud Computing and Public Policy , 11.
134Vembu, “Startup in the Cloud - Consulting Experts - Interview with Sridhar Vembu from Zoho Corp. about Innovation,”
col. 6.
135Nelson, Briefing Paper on Cloud Computing and Public Policy , 11.
Startup in the Cloud 28
Developing countries:
! ICT and cloud computing are needed and offer an immense potential for the people and for
cloud service suppliers
! Many entrepreneurs will for the first time have the chance to use sophisticated information
systems thanks to cloud computing
! Mobile internet can be a favourable solution even though are specialized cloud applications
are required
Developed countries:
! Mainly data privacy issues due to laws and regulations that are not yet adjusted to the
emerging reality of information society and cloud computing
! The cloud in 2010 is U.S.-centric but other countries will increase their efforts
! These legal issues will not hinder cloud computing in quickly gaining market shares
! Empowering citizens: More democratized access to high-tech recourses will facilitate to true
globalization. Radical paradigm shift from top-down to bottom-up thanks to open access,
rapid delivery of services, the ability to scale quickly and the power of networks
Not for the first time in human history have legislation and formal organisations been overtaken
by the market reality. There is no way back, cloud computing will be setting various standards by all
means and cannot be called anymore a marketing ephemera. Cloud computing has an immense
potential for startups, small businesses and entrepreneurs as such and for the information society as a
whole.136
136Ellison, 2008, reported by Johnson, cited by Wyld and IBM Center for the Business of Government, Moving to the
Cloud: An introduction to Cloud Computing in Government , 11.
Startup in the Cloud 29
For startups, entrepreneurs and small companies, the following aspects of cloud computing
regarding its political dimensions and standardization efforts may be of special interest:
! Along with cloud computing will the globalization will further increase and with it global
business opportunities
! Cloud computing will become accepted because it is politically desired and the standardization
efforts are steadily advancing
“The cloud represents the reinvention of commerce...the control point has shifted so that
suddenly commerce and communication are end to end, with no regard to borders.” 137
William Colemen, Aspen Institute Roundtable
“The interesting thing about cloud computing is that we’ve redefined cloud computing to
include everything that we already do. The computer industry is the only industry that is
more fashion-driven than women’s fashion. Maybe I’m an idiot, but I have no idea what
anyone is talking about. What is it? It’s complete gibberish. It’s insane. When is this idiocy
going to stop?” 138
Larry Ellison, Oracle
“Cloud computing is nothing new. All of these technologies have existed for quite some time.
That's like saying the iPhone is nothing new because all the technologies existed prior to its
arrival. For an innovative company like Apple, it's great that their competitors lack such
imagination, as it leaves the field wide open.” 139
Ray DePena, Los Rios Community College
“We don't know where the data is in cloud computing, and it does not matter because it's
much cheaper, it's more efficient and it can be accessed from anywhere.” 140
Laurent Bernat, OECD
137Coleman, 2009, edited by Lasica, Identity in the Age of Cloud Computing: The Next-generation Internet's impact on
Business, Governance and Social Interaction , 71.
138Ellison, 2008, reported by Johnson, cited by Wyld and IBM Center for the Business of Government, Moving to the
Cloud: An introduction to Cloud Computing in Government , 11.
139Depena, “The Beauty of the Cloud.”
140Bernat, 2009, edited by Anderson et al., “Workshop: Privacy, Security Implications of Cloud Computing.”
Startup in the Cloud 31
Whatever one thinks of cloud computing, fact is that a large number of the internet society is
already using cloud computing based on online software probably without being aware. Examples
are: Google's Gmail with its online collaboration office suite Google Docs, Facebook or the photo
sharing application Flickr from Yahoo. 141
However, the main usage area of the above mentioned examples is the private market whereas
one of the most common reasons to use cloud computing is to allow it to assist business operations.
This following chapter Market, Economics and Trends focuses on the business-economical aspects of
cloud computing, the market as such, where cloud computing is not yet a feasible option, as well as
trends.
What are the real business benefits of using cloud computing? The Information Systems Audit
and Control Association (ISACA), which is an international association that is defining IT
Governance standards, arranging education and certifications for its almost 100'000 members
(typically Information Security Auditors or Chief Information Officers) , has pointed out the following
business benefits: 142
! Immediacy: Provision and utilization of new services and processes within days instead of
months for ordering as well as configuration and operationalizing in traditional IT
! Availability: Due to economies of scale cloud providers can afford to invest in high-end
bandwidth and systems that small companies could not afford
! Scalability: Cloud computing solutions can flexibly react on arising performance or capacity
demands and provision them on demand
! Resiliency: Better protection against unexpected events as the data is stretched between
different geographic areas
The degree of the benefit that companies realize in reality may differ as the case arises.
Additionally, others may mention other benefits or not easily quantifiable effects such as improved
innovation due to easier setup of Customer-Driven Innovation solutions. 143
A survey from the European Network and Information Security Agency (ENISA) that analyzed
what possible business benefits of cloud computing are most tempting to small- and medium
businesses (often called SME / SMB). Avoiding capital expenditure in hardware, software and IT
personnel was most named. Flexibility and scalability of IT resources was voted second and business
continuity and disaster recovery third. 144
“Cloud computing promises a powerful new platform for innovation. It allows entrepreneurs
to develop, deploy, market, and sell cloud applications worldwide without having to invest in
expensive IT computing infrastructure.” 145 This definition of the Internet Society is less
technical but emphasizes the entrepreneurial aspects of having the hands free for real
business.
Assumed that the average startup and small business is not an IT company, it is clear the the main
interest of this target group is to use, respectively consume applications, not to develop them.
Therefore are consumption-ready SaaS (see illustration c) applications probably the most used cloud
computing service model of startups and small businesses. 148
“It also gives smaller businesses access to the same industrial-strength computing systems
as large multinational corporations, boosting the competitiveness of small and medium-sized
business. By allowing government and business in developing countries to access
sophisticated computing platforms without having to make large hardware and software
investments or manage complex IT deployments, cloud computing can help jump-start
economic development. All that is required to access cloud computing solutions is a browser
with broad-band access.” 149 Internet Society
The notion that cloud computing can help small businesses to compete with multinational
cooperations at equal terms is certainly a promising statement. The positive aspects that cloud
computing could have in developing countries can be highly welcomed as well (ibid. chap. Political
Implications and Standardization) .
This table compares fundamental business economic figures between the conventional IT
approach with on the premises implementation of a client/server architecture and the cloud
computing model. Some literature describes the conventional approach as old paradigm and the cloud
computing model as new paradigm. 150 151 152
Investing and running an own IT equipment requires capital expenditure (capex), while using an
external cloud service that offers pay-as-you-go service falls into ongoing operational expenditure
(opex). Both, capex and opex are generating cash flow, but the absolut amount of cash flow cannot be
compared directly. 153
“A payment on a capital good like a server is one of a series - each of which the enterprise is
committed to, no matter if the server is being used or not. Once you purchase a capital good,
you're stuck with it, as anyone who has purchased a car understands. Even if you're no
longer excited about owning it, the finance company still expects its monthly payment.” 154
The incurred operational expenditures can be set in contrast with the following example: “If
you rent a car, you are committed to it only as long as you want to use it -- and once you've
paid for that use, you have no further financial obligation. And guess what, pretty much
everyone understands that you pay a premium for that flexibility, for example, a rental car
costs more per day than the same car would, if purchased. In MBA-speak, there is an option
value in that flexibility, for which a premium is paid.” 155
Dispersing the costs over the time is for startup companies probably even more crucial than for
established companies, because startup companies often do firstly not have enough capital, secondly,
enough securities to borrow money and thirdly they lack a fixed strategy for protection of
investments. Therefore the question of capex vs. opex is a crucial factor for startup companies and is
a point for cloud computing.
It is possible to use common Total Cost of Ownership (TCO) models to calculate the cost for a
cloud computing solution and compare it with a conventional on the premises installation. However,
before this is possible, a serious assessment is needed to specify what the true benchmark for the old
and the new solutions are. 156
“Cloud readiness requires viewing current offerings through the lens of a service provider.
Cloud vendors offer services with certain defined commitments and associated costs for
delivery. If you cannot express existing service capabilities in the same manner, how can a
meaningful build vs. buy cost comparison be done?” 157
Jim Damoulakis, CTO of GlassHouse
Antonio Palacin, director of the international IBM SAP International Competence Center,
about the ability of cloud computing solutions regarding business process management: “In
specific areas "yes". E.g. simple processes could be hosted in a cloud: eMail, data
repositories for backup, etc. In other areas where mission-critical data and access rights are
targeted I still do not see how this can be ensured.” 158
Cloud computing, especially public cloud, has obviously not yet achieved full acceptance by
large corporations. A similar objection mentioned Rick Franckowiak, Information
Technology Director at Johnson and Johnson perhaps spoke for the industry when he was
155Ibid.
156cf. Baun et al., Cloud computing: Web-basierte dynamische IT-Services , 91-93.
157Goodman, “The CIO’s Guide To Cloud Computing,” 6.
158Palacin, “Startup in the Cloud - Consulting Experts - Interview with Antonio Palacin from IBM Deutschland GmbH
about Simplicity.”
Startup in the Cloud 36
stating: “Cloud computing can solve the problem of overtaxed internal resources...but not, at
least not yet, for the highest-risk applications involving sensitive data.” 159
Vishal Sikka, Chief Technical Officer at the ERP vendor and SAP notices: “You have to get it
right-and not only from a cost and go-to-market perspective, but from an integrity
perspective. For us, it is far more important to roll this out in a controlled way to make sure
the customer comfort is there and grows with the software, rather than to go out there and
meet some arbitrary definition of some guy's take on cloud computing or SaaS. […] So we
will get it right, and we will take our time. Yeah, it took a little bit longer than we thought,
but we can afford to.” 160
SAP is the market leader in the business-to-business area for ERP software. Microsoft on the
other hand is the overall number one software vendor. Microsoft obviously sees the time coming for
cloud computing and extends their Azure cloud offerings. In February 2010 Microsoft has announced
to offer cloud web connectors from their office suite MS Office 2010 towards social networks such as
Facebook or LinkedIn. Obviously is Microsoft focused on the business-to-consumer market which is
more volatile than SAP's enterprise market. On can guess that if Microsoft is pushing cloud
computing, that will have an effect on the rest of the market. 161
There are many sophisticated information systems with lots of functions for different industries
in the market. It is beyond the scope of this thesis to name them here, but even googling the
categories reveals an immense diversity: Enterprise Resource Planning (ERP), Supply Chain
Management (SCM), Enterprise Relationship Management (ERM), Management Information
Systems (MIS), Business Intelligence (BI) and many more.
It can be difficult not to lose the track, as these terms are not standardized. Vishal Sikka,
Chief Technical Officer at the ERP vendor SAP notices: “I sometimes find it amusing. When
vendors call their little salesforce-automation application a "platform", that does actually
bother me, as a technologist, to be honest with you.” 162
There are complaints in the market that many vendors have started to market some cloud
computing services but only in a slim entry version without the whole range of functionality. Maybe
this entry level functionality is enough for many startups and small businesses. But the question
should be raised why they are not yet porting the full versions to cloud computing as well. Probably
that will change as the demand for cloud computing services is on the rise and the competition
between the vendors as well. In either way is a serious assessment of the business- and service-level
requirements necessary and it will be a good starting point for a supplier research. A possible
requirements framework is freely available from Cloud Security Alliance (see also chap. Evaluation
guide).163 164
Daniel Stadelmann, founder and general manager of wedoit, a company that is specialized on IT
consolidation projects, identified an obstacle that could slow down the breakthrough of cloud
computing.
“It is increasingly difficult to find skilled specialists for the consolidation projects we do. I
assume this would be even more difficult regarding cloud computing projects.” 165
Daniel Stadelmann, wedoit
Illustration d: Overview of some cloud offerings assigned to different services/taxonomies. Source: OpenCrowd, 2009
“The prospects look bright for workers with specialized technical knowledge and strong
communications skills [...] as companies are increasingly looking to technology to drive
their revenue.” 166 Alfred P. Sloan Foundation
Relationships as a driver
Information technology has expanded the communication channels and as a result, revolutionized
the way we live relationships. Every aspect of our business life is becoming digitalized, relationships
as well as they are literally evolving digital social networks. Customers have received more power by
having globalized access to information through the internet where they are able to compare suppliers
and their products. 167
The world has changed into one big market with extreme competition and “To make a
difference, the customer must be put in the center of the business activities, just transacting
orders is not enough anymore, the relationship of existing and future relationships must be
developed and improved.” 168
Reinhold Rapp, German Economic Forum
Many companies are changing their strategies, for example to customer relationship
management (CRM) which is “a user-centric marketing- or corporate strategy supported by
information- and communication technology with the intention to establish marketing-,
sales- and service concepts in a sustainable, profitable and holistic way.” 169
Evangelos Xevelonakis Xenis, Swiss Valuenet
Sophisticated information system solutions bring in line people, processes, and technology to
utilize the synergies and to develop and strengthen relationships within the company and outside. 170
Open your eyes and ears, is explained by business strategist Peter Fingar by stating:
“Newcomers disrupt established industries with business model innovation that not only
incorporates their suppliers, and their suppliers' suppliers, but also places their customers at
the very center of their business processes – and taps the creative abilities of all employees
to meet the ever-changing needs of their customers.” 171
Business models that can cope with customer needs and other stakeholders require information
systems which can be flexible adjusted to changing customer requirements and ensures a constant
interaction with all stakeholders via different channels including social networks. The example of the
CRM strategy can also be used to highlight the importance of seriously evaluating new information
systems, because CRM is a typical IT buzzword that can have many meanings. It can mean the just
mentioned marketing- or corporate strategy, but also mean simple versions of CRM tools which are
not much more than an address book with email functionality. There are cloud computing solutions
available for both types. However, it is depending on the requirements which solution shall be chosen
but if an established small business considers to to implement the CRM as their core strategy, cloud
computing based systems should included in the assessment as well, because they may be interesting
regarding the costs and some of them offer comprehensive integration with other cloud based online
collaboration solutions, adaptors to social networks, business intelligence and more. 172 173
168Rapp, Customer Relationship Management: Das neue Konzept zur Revolutionierung der Kundenbeziehungen , 43.
169Xevelonakis, “CRM - Erfolgreiches Kundenbeziehungsmanagement mittels Differenzierungsstrategien,” 6.
170cf. Information Today, Inc., “What Is CRM?.”
171Fingar, Dot.cloud: The 21st Century Business Platform , 16.
172cf. Goldenberg, CRM in Real-time: Empowering Customer Relationships , 138.
173cf. Biddick, “Why You Need A SaaS Strategy.”
Startup in the Cloud 40
Illustration e: Business Process Spectrum: Information systems need to comply with the soaring demand for
relationship and communication. Source: Harrison-Broninski, 2009.
The seller becomes the extended arm of the buyer. A popular example is the online retailer
Amazon, where customers usually buy books, but can easily change their role and become a seller of
books or even furniture. Social network components are built in reviews from other customers or
hints like other customers who bought this book also bought XY. This makes it possible for Amazon
to offer the customer a comprehensive shopping experience with all kinds of information and
interaction possibilities that can be of value. To realize such solutions, sophisticated information
systems are needed such as top-notch content management systems, databases, data warehouses, data
mining tools and many more which connect the solution within itself and to the stakeholders and
associated supply chains. These systems offer an extended functionality but should not be too static
in order to stay flexible regarding changing requirements. Larger enterprises may have all the
necessary infrastructure and software, but startups usually do not have them. Such solutions are not
cheap in neither way, but if startups can start with using cloud computing services instead of having
the need to buy and set it up by themselves, a successful start seems more realistic. 175 176
HIM supports human work processes, which depend on interaction and are dynamically shaped
by the participants. The model takes greater notice of five main features of human working activity:
Connection visibility, structured messaging, support for mental work, supportive rather than
prescriptive activity management, processes change processes. HIM has four levels of how to turn
strategy into action. First, the Strategic Control, where the aims and measures for each high-level
process are defined. Second, Executive Control, where outline processes consisting of a mixture of
roles, interactions and users are defined. Third, Management Control, where the outline processes for
175cf. Bellomo, How to sell anything on Amazon ... and make a fortune! , 13.
176cf. Reese, Cloud application architectures , 20-24.
177cf. Qi Sui, Dong-Qing Yang, and Teng-Jiao Wang, 2009, in a collected edition of Chen, Liu, and Zhang, Advances in
Web and Network Technologies and Information Management , 5731:141.
Startup in the Cloud 42
initial execution are defined and where an on-going re-definition of the process itself is possible and
finally fourth, Agreements which defines interactions, deliverables and business rules in a kind of
contract that is continually renegotiated during the life of the process. Before a HIM system can be
introduced, it is necessary to define the five principles: 178 179 180
1. Team Building: Who has what personality and skills and is involved in which
processes. The responsibilities are set according to role objects
One of the main elements of HIM is the bottom-up approach called Stories, which allows the
participant in accordance with his role to start collaborative work processes and to evolve it on-the-
fly as part of the work itself. The adherents of HIM praise the effectiveness of this approach, because
of the emphasis on collaborative human work that can now easily be integrated in a structured way.
On the other hand, the emphasis does not lie on efficiency, because routine work processes are more
and more often largely automated and deserve therefore less attention. 181 182 183
According Peter Fingar approaches like HIM in combination with cloud computing could
result in “management structures and styles to become organic networks rather than
hierarchical, function-divided monoliths [...] leaders don’t give commands, they transmit
information, trusting the team members’ competencies and gaining accountability through
transparency [...] true leadership is about cooperation, not control” 184 185
HIM is not widely known and not much literature can be found, nor is the IT industry's adoption
of the theory very advanced at this point in time (February 2010). Significantly, the only enterprise
software that is offers HIM as the core concept is HumanEdj, notably developed by the company
(Role Modelers Ltd) where the creator (Harrison-Broninski) of the HIM principles works.
Nevertheless, HIM is starting to get a grip, for example SAP has introduced a HIM module for its
ERP suite. In the end-user market the productivity application Getting Things Done (GTD) has taken
on parts of HIM and has become quite popular with it. David Allen, the founder of GTD and the
author of the bestseller book with the same name, explained in an interview that cloud computing and
HIM could be the best possible combination. The reason he thinks so is because cloud computing is
able to connect different platforms and applications in order to manage them on the meta-level. Each
part of the five HIM principles (ibid.) can be made better thanks to cloud computing due to the fact
that it is predestinated to interconnect the involved human-driven processes .186 187 188
The following comparison categorizes HIM on the architectures map and underscores its
democratized user-level approach: 189 190
If HIM would become more popular in form of several competing HIMS (Human Interaction
Information Systems) or as a supplement to existing business process management software, it could
lead to a considerable productivity advantage. It would be desirable, if the HIM approach would be
taken on by the open source community. What the world need is nothing less than a highly
competitive but free open source business platform of the 21st century! The open source community
has already achieved to develop an impressive number of free, open source business software such as
vTiger (CRM), Compiere (ERP), Pentaho (Business Intelligence), Essential Project (Enterprise
Architecture), Liferay (Office Collaboration) or Alfresco (Enterprise Content Management). The
rather radical, because democratized bottom-up HIM approach needs maybe to be newly developed
from Scratch, probably that is why there is not yet (HumanEdj has been free but is now closed
source) a free, open source HIM available. Especially startups and small businesses could profit a lot
from using an integrated solution that leverages productivity by a more effective communication
which dynamises and even democratizes the processes in companies. 191
“Today, customers are able to connect to the cloud without installing software or buying
specific hardware. A bit reason for their desire to use the cloud is the availability of
collaborative services. Collaboration is the opiate of the masses in cloud land” 192
John Rittinghouse, Cloud Evangelist
Trends
John Adair, professor for leadership, has mentioned this quote from Laozi to show that wisdom
always tends towards simplicity. The reason being that simplicity reduces things to essentials. It is
important to store solely essential information and to keep the information systems simple, otherwise
change will be become difficult. Information systems need to become accelerators of change and
open ways to let innovation happen. Every change can be a chance for constantly improving the
companies productivity. The information system solutions have to leverage this process of
organizational maturity and learning. It must be possible for startups and small companies to take
advantage of advanced information systems to become more innovative than their larger
competitors. 194 195
191cf. Geeknet, Inc., “SourceForge - Find and Develop Open Source Software.”
192Rittinghouse and Ransome, Cloud Computing: Implementation, Management and Security , 62.
193Laozi (a.k.a. Lao Tzu) ~100 BC, cited by Adair, How to grow Leaders: The seven Key Principles of effective
Leadership Development , 51.
194cf. Ibid.
195cf. Avgerou, Information systems and the economics of innovation , 180.
Startup in the Cloud 45
However, a lot of functionality leads to complexity. And if complexity is not handled the
right way it becomes complicated: “Data moves between processes, and processes move
between departments. Once you get everybody running on the system, you don't know what
ripple a change could create throughout the organization.” 196
Complicated is exactly what startups and small companies do not need. They are looking for
simplicity, low costs and being able to adjust their business processes quickly to changing market
needs. Following this approach, they can concentrate on their core business. If cloud computing
applications support startups and small companies in that way, then they are becoming enablers for
innovation.197 198
One of these major vendors, Microsoft, is just one amongst many in the enterprise software
market but still dominant in the end-user desktop market, has publicly disclosed its cloud-computing
strategy in 2008. They expect that cloud computing will lead to a hybrid model of the current on-
premises model and to SaaS that is run on centralized, massive data centers that are operated by
major IT companies. 200 201
Ray Ozzie, Microsoft's chief software architect states: "At the back-end side, it depends on
the size of enterprise and the workload, as well as the segment of the enterprise and whether
it is highly regulated or whatever. The decisions regarding what to keep on-premises versus
what to distribute into the cloud will vary dramatically. Very small businesses will put almost
everything into the cloud. Very large businesses will put all their infrastructural systems,
such as mail, phone systems and document management, into the cloud. Enterprise
applications that have high integration requirements and a lot of legacy issues will stay on
premises. What happens in the middle is a mix.” 202 203
Furthermore he explains Microsoft's position whether the switch will happen evolutionary or
revolutionary: “Cloud computing won't be successful if organizations and developers have to
reinvent everything. That's not what customers want. They want a smooth transition.” 204
Richard Stallman, a leading advocate of free software and founder of the Free Software
Foundation warns the public that cloud computing is a trap. The ICT industry is using
Freemium to catch buy into locked, proprietary systems that would cost them more and more
over time: “It's stupidity. It is worse than stupidity: it's a marketing hype campaign […]
somebody is saying this is inevitable – and whenever you hear somebody saying that, it's
very likely to be a set of businesses campaigning to make it true […] One reason you should
not use web applications to do your computing is that you lose control […] It is just as bad
as using a proprietary program. Do your own computing on your own computer with your
copy of a freedom-respecting program. If you use a proprietary program or somebody else's
web server, you are defenseless. You are putty in he hands of whoever developed that
software.” 206
concerns against hosted open source solutions. This can lead to interesting business opportunities for
open source companies which are now able to address niche applications to well-funded enterprise
companies. These open source do not even need to host the cloud computing based open source
applications themselves. They can use established IaaS or PaaS providers while concentrating of the
developing, marketing and making services and support of their SaaS applications. 207
Up to now, the open source industry consists usually of innovative, rather young people with
moderate incomes that dedicated a lot of their time to improve the open-source solutions out of the
belief that the open-source society is helpful for our society. It can be seen as more than desirable that
these young people of the open source world now are able to become successful entrepreneurs. This
will hopefully underpin the necessary shift towards a business culture that take its social
responsibility more seriously!
Paradigm Shift of Change – from Push to Pull and from Mass to Micro Markets
“The cloud represents the reinvention of commerce, from a push to pull model and from mass
to micro market economics as the long tail dominates value creation enabled by network
effects, which accelerates globalization, greatly increases productivity and improves the
quality of life for all. The control point has shifted so that suddenly commerce and
communication are end to end – with no regard to borders – location and even time
independent. We are just at the beginning of an escalating slope of change that affects how
we will live socially, culturally, politically. This is a once-in-a-millennium paradigm shift.” 208
2. Rack level of deployment: Dozens of servers at a time which arrive prebuilt and
are installed by a third party
3. Modularity to the level of containers: The cutting edge. Fully confi gured
containers with 2'000 servers are implemented in a shell building with enough
power and cooling systems
207Dallé, 2009, cited by Asay, “Open source: The money is in the cloud.”
208Coleman, 2009, reported by Lasica, Identity in the Age of Cloud Computing: The Next-generation Internet's impact on
Business, Governance and Social Interaction , 71-72.
Startup in the Cloud 48
This may sound a bit futuristic to both, IT professionals and normal business people, but it is a
fact and these major vendors will use all their market power in order to gain market shares and
utilizing these new “mega data centers”. Vendors in the consumer market will leave nothing undone
to adjust their strategy in a way, that the millions existing customers, end-users and small businesses
alike, will switch to their cloud application offerings. 210 211
Not only end-users are targeted, enterprise customers as well. Microsoft's chief software
architect describes it that way: “I fundamentally believe that all the enterprise applications
that we sell as software will also be a service. I know that every time you add a zero to the
order of magnitude, you can do it more efficiently. So, if we are serving 100 million
Exchange mailboxes, we'll do it better than if we're serving 1 million or 100,000. There is a
significant advantage there.” 212
Global vendors with such efficient state-of-the-art infrastructure coupled with the effective usage
thanks to cloud computing will be highly competitive compared to conventional on the premises
models. Especially compared to shall businesses, can they massively profit from economies of scale.
At small businesses are the necessary IT skills are often not in-house available. 213
“As Cloud platforms become ubiquitous, we expect the need for inter-networking them to
create market-oriented global Cloud exchanges for trading services. Several challenges need
to be addressed to realize this vision. They include: market-maker for bringing service
providers and consumers; market registry for publishing and discovering Cloud service
providers and their services; clearing houses and brokers for mapping service requests to
209MacDonald and Smith, “Gartner Fellows interview with Microsoft's Ray Ozzie on Cloud Computing.”
210cf. Ibid.
211 cf. Metz, “Will Google regret the mega data center?.”
212MacDonald and Smith, “Gartner Fellows interview with Microsoft's Ray Ozzie on Cloud Computing.”
213cf. Thommen, Managementorientierte Betriebswirtschaftslehre , 791.
Startup in the Cloud 49
providers who can meet QoS expectations; and payment management and accounting
infrastructure for trading services.“ 214
His next statement suggests how important the efforts for the standardization of interfaces
and coordinated risk management systems are: “The state-of-the-art Cloud technologies
have limited support for market-oriented resource management and they need to be extended
to support: Negotiation of QoS between users and providers to establish SLAs; mechanisms
and algorithms for allocation of VM resources to meet SLAs; and manage risks associated
with the violation of SLAs. Furthermore, interaction protocols needs to be extended to
support interoperability between different Cloud service providers.“
Further efforts are necessary in order to establish open clouds that offer unlimited flexibility without
cutting back security. That the quality is given is especially important for startups and small
businesses, as they do not have the risk assessment instruments and experiences that larger
cooperations have. 215
For startups, entrepreneurs and small companies, the following aspects regarding cloud
economics, its market development and participants and finally future trends of cloud computing may
be of special interest:
! Operational expenditures instead of capital expenditures are favoured will be valued especially
by startups
! Constantly changing business requirements need information systems that offers the same
flexibility without becoming complicated. The modular, often service-oriented cloud
computing systems can be a good base, depending on the offer of the cloud application
provider
! The IT industry is very keen as it can help them to change their business model from hardware
and licenses to services. This will lead to more standardization efforts and to more
competition what will expand the variations of offerings and will lower the prices as well
! By contrast to enterprise cooperations which their long grown information systems, can
startups start on the greenfield with a completely new solution based on cloud computing
214Buyya et al., “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the
5th utility,” 614.
215Ibid.
Startup in the Cloud 50
Evaluation Guide
“Cloud computing is gaining interest as a potential driver of value generation and cost
savings for migrating and creating new applications, but enterprises must choose carefully
from among varied architectural alternatives based on their degree of alignment with
business processes and existing architectural constraints.” 216
Eric Knipp et al., Gartner Group
When taking a look in a library, results in several books in the category requirements engineering
can be found. Requirements engineering is usually quite at the beginning of information system
evaluations. Questions to be asked are: 217
! Why? Requirements of the market: Customer and user needs, business requirements- and
goals as well as other needs
This sounds quite logical so far. However, after having browsed through the requirements
engineering books, one has the impression that it looks all very technical and abstract. Maybe too
technical for business people? Is their business mindset compatible with the mindset of IT
specialists? To what extent is the classic software development process applicable when it comes to
considering a new business application based on cloud computing?
As a matter of fact, it is not the principal idea of cloud computing consumers to develop
software. Therefore, the requirements engineering approach may be too heavily “software
development-oriented”. As most potential cloud computing consumers will lean toward ready to use
Software as a Service (SaaS), requirements engineering will probably not be suitable.
“Because of the wide degree of differentiation among provider offerings and potential use
scenarios, best practices for constructing, hosting, and maintaining cloud-based enterprise
solutions are still evolving.” 218 Eric Knipp et al., Gartner Group
As cloud computing is still a new discipline, not much literature can be found to answer these
questions in a holistic way. Nonetheless, the cloud computing society has developed best practices.
One of them was developed from the Cloud Computing Security Alliance (CSA). A community of
often well-known individuals from science and the IT industry, has developed the Security Guidance
for Critical Areas of Focus in Cloud Computing (CSA Guidance), which is currently in version 2.1.
They give indications what are the most crucial points in the fields of security, legal and privacy
issues that should be considered during an assessment of cloud computing based information
systems. 219
The author of this thesis assumes that such a framework can be especially helpful for startups and
small companies, as due to its compact dimensions it is more likely to be read whereas complex
literature would probably not be read at all. Instead, an ad hoc decision would be made based upon
the business functionality of the cloud computing application only. Following the pragmatic approach
of CSA, are the consecutive paragraphs which adopts the entire structure of CSA Guidance and cites
only excerpts of the effective content and compares it with other literature.
Additionally, to emphasize the practical value, are the excerpts from CSA guidance enhanced
with information from a practical survey (see annex). This survey Startup in the Cloud - Consulting
Experts has been been conducted by the author of this thesis in order to get practical first hand
feedback as complemental information on whether cloud computing can be the right choice for
startups and small companies.
Having an idea how to approach such an evaluation is one thing, the other is who has the overall
responsibility from the business side? One paragraph earlier, it was assumed that startups and small
companies would tend to ad-hoc approaches. But how to do it better? Who should attend such
projects? Antonio Palacin, on of the interviewees from the Consulting Experts survey, has given the
following advice:
“It depends on the industry. In general, the link between business requirements and the
associated information systems should be owned by one of the managing directors. This
person should have a counterpart in each line-of- business or main organization within the
company. Those departements should summarize their needs. Finally it is the task on C-level
to derive the right catalogue of services and to combine the different requests.” 220
Antonio Palacin, IBM
219cf. Khajeh-Hosseini, Sommerville, and Sriram, “Research Challenges for Enterprise Cloud Computing,” chap. 4.
220Palacin, “Startup in the Cloud - Consulting Experts - Interview with Antonio Palacin from IBM Deutschland GmbH
about Simplicity,” col. 1.
Startup in the Cloud 52
This answer targets rather bigger companies but the message is clear: Assessing business-
relevant information systems are a top priority and need to be attended by the founders of a startup
company and the same at smaller companies. Evangelos Xevelonakis Xenis, managing director of a
CRM consulting strategy company who attended the Consulting Experts survey as well, confirms this
impression by stating:
“It depends on the company's size. But I think the CEO is the appropriate person.” 221
Evangelos Xevelonakis Xenis, Swiss Valuenet
The following sub-chapters are structured according CSA Guidance and quote in each case at the
beginning the corresponding information from CSA Guidance followed by the further considerations
including the survey results. The guidance is divided into section one, Cloud Computing
Architectural Framework , section two, Governing in the Cloud and section three, Operating in the
Cloud. To improve reader friendliness, literal quotes from CSA Guidance are set in a grey tone.
Additionally, it should be mentioned that the CSA guidance is written in the 4 th person. The editors of
CSA guidance follow this approach in order to attain better acceptance from practitioners.
As there are different cloud services and deployment options (ibid.; for example SaaS service
model or public cloud deployment) , CSA mentions that no guidance or list can cover all
circumstances and that the CSA guidance simply helps to guide the evaluation through a decision
phase. It shall not be seen as a full risk assessment framework or methodology for determining the
whole set of possible risk threats. 222
221Xevelonakis, “Startup in the Cloud - Consulting Experts - Interview with Evangelos Xevelonakis Xenis from Swiss
Valuenet about about Simplicity,” col. 1.
222cf. Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 , 9.
Startup in the Cloud 53
We are either moving information into the cloud, or transactions / processing (from
partial functions all the way up to full applications).
With cloud computing our data and applications don’t need to reside in the same
location, and we can even shift only parts of functions to the cloud. For example, we
can host our application and data in our own data center, while still outsourcing a
portion of its functionality to the cloud through a Platform as a Service.
The first step in evaluating risk for the cloud is to determine exactly what data or
function is being considered for the cloud. This should include potential uses of the
asset once it moves to the cloud to account for scope creep. Data and transaction
volumes are often higher than expected.” 223
1. How would we be harmed if the asset became widely public and widely
distributed?
6. How would we be harmed if the asset were unavailable for a period of time?
223Ibid.
224Ibid., 9-10.
Startup in the Cloud 54
Ray Ozzie, Chief Technology Officer at Microsoft has been asked in an interview with Gartner
Inc., one of the leading IT analysts, how the security concerns of moving to cloud computing should
be adressed. His answer has not been too short but it mentions some reasonable points.
1. Public
4. Community; taking into account the hosting location, potential service provider,
and identification of other community members.
At this stage you should have a good idea of your comfort level for transitioning to
the cloud, and which deployment models and locations fi t your security and risk
requirements.” 225
225Ibid., 10.
Startup in the Cloud 55
Your focus will be on the degree of control you have to implement risk mitigations in
the different SPI tiers. If you already have specifi c requirements (e.g., for handling
of regulated data) you can include them in the evaluation.” 226
If you have yet to decide on a particular offering, you’ll want to sketch out the rough
data flow for any options on your acceptable list. This is to insure that as you make
final decisions, you’ll be able to identify risk exposure points.” 227
These together should give you suffi cient context to evaluate any other security
controls in this Guidance. For low-value assets you don’t need the same level of
security controls and can skip many of the recommendations — such as on-site
inspections, discoverability, and complex encryption schemes. A high-value
regulated asset might entail audit and data retention requirements. For another
high-value asset not subject to regulatory restrictions, you might focus more on
technical security controls.
Due to our limited space, as well as the depth and breadth of material to cover, this
document contains extensive lists of security recommendations. Not all cloud
deployments need every possible security and risk control. Spending a little time up
front evaluating your risk tolerance and potential exposures will provide the
context you need to pick and choose the best options for your organization and
deployment.” 228
226Ibid.
227Ibid., 10-11.
228Ibid., 11.
Startup in the Cloud 56
While the content of the preliminary part Introduction to CSA guidance For Cloud Security
Assessment has been completely taken over in this chapter Evaluation Guide, will only excerpts be
cited from the now following domains 1-13 and some of them completed with interview excerpts
from the survey Startup in the Cloud - Consulting Experts . Nonetheless, the structure will be
completely taken over to give an undistorted overview what the CSA Guidance has to offer to
startups and small companies.The domains 13 domains in total are assigned according the following
three sections:
definitions and sub-chapters have already been examined earlier in this thesis (ibid. Defining Cloud
Computing) and will therefore not again be expatiated unless it contains important extra information.
! Multi-Tenancy
Multi-Tenancy
Keyword: Single instance serving multiple client organizations. Has been examined earlier in this
thesis (ibid. Defining cloud computing) .
The Cloud Reference Model illustration can be found in the next chapter, in fact it compromises
only the left part; Cloud Model.
229Ibid., 18.
Startup in the Cloud 58
“SaaS provides the most integrated functionality built directly into the offering,
with the least consumer extensibility, and a relatively high level of integrated
security (at least the provider bears a responsibility for security).
PaaS is intended to enable developers to build their own applications on top of the
platform. As a result it tends to be more extensible than SaaS, at the expense of
customer- ready features. This tradeoff extends to security features and
capabilities, where the built- in capabilities are less complete, but there is more
flexibility to layer on additional security.
IaaS provides few if any application-like features, but enormous extensibility. This
generally means less integrated security capabilities and functionality beyond
protecting the infrastructure itself. This model requires that operating systems,
applications, and content be managed and secured by the cloud consumer.” 230
To attain a holistic view of the security and compliance situation, the Cloud Reference Model is
expanded to become the Cloud Security Reference Model .
The gap analysis according the figure below shows “how a cloud service mapping can be
compared against a catalogue of compensating controls to determine which controls exist
and which do not – as provided by the consumer, the cloud service provider, or a third party.
This can in turn be compared to a compliance framework.” 231
If such a gap analysis is accomplished, the risk manager in bigger companies becomes already a
bit friendlier while such an analysis in small companies it is a good start in order to watch out for
possible cloud computing provider.
230Ibid., 19.
231Ibid., 23.
Startup in the Cloud 59
Illustration g: Cloud Security Reference Model. Source: Reproduced according original source by Cloud Security
Alliance, 2009.
But one of the key characteristics and at the same time maybe the strongest critic point is that
“cloud computing is about gracefully losing control while maintaining accountability even if
the operational responsibility falls upon one or more third parties.” 232
The following comparison shall give an impression of considerable legal, regulatory and
standardization aspects. CSA calls the issues, UC Berkeley obstacles and ENISA risks. It is roughly
232Ibid., 24.
233Ibid., 26.
Startup in the Cloud 60
about the same thing but the author of this thesis points out that it can only be compared limitedly as
the perspective is varying from case to case. While CSA's issues and ENISA's risks are arranged
according a structured, holistic approach, has UC Berkeley listed ten obstacles. Nonetheless, the
reader may be able to draw his own useful conclusions. 234 235 236
! Governance Recommendations
Daniel Jost, on of the interviewees from the Consulting Experts survey, is working in the IT of an
insurance company. His experience is that cloud computing can be an option them, but only if it has
been trough a serious risk assessment. 240
“Large cooperations have the advantage that they are experienced with storing the data at
different locations. They will carefully assess an offering regarding the protection of data
privacy before they would move in the cloud.” 241
Daniel Jost, CSS Group
“The 20th-century-built walls of privacy show serious cracks now. The parapets are rather
useless in facing the threats of the internet. This is the very moment for rebuilding them.” 242
otherwise) are discussed here. This domain includes some direction on proving compliance
during an audit.” 243 244
243Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 , 27.
244cf. Ibid., 37-38.
245Ibid., 27.
246Ibid.
247Ibid.
248Ibid.
Startup in the Cloud 63
Matthias Schunter, one of the interviewees from the Consulting Experts survey, is security
scientist at the IBM research center in Zurich. He ssupposes a shift from the market towards a higher
security level.
“Large cooperations only choose cloud provider with a long, trustworthy security record.
That will urge providers to increase their quality in order to increase their market.” 250
249Ibid., 28.
250Schunter, “Startup in the Cloud - Consulting Experts - Interview with Matthias Schunter from IBM Deutschland GmbH
about Security,” col. 7.
251Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 , 28.
252Ibid.
253Ibid.
254cf. Ibid., 63-67.
Startup in the Cloud 64
! IDaaS Recommendations
Although several if not most contributors to the CSA guidance are members of the cloud
computing industry, an industry nota bene which wants to sell cloud services. Nonetheless, the author
assumes that the CSA guidance from the Cloud Security Alliance is a honest piece of work in order to
help the cloud computing market to mature.
The maturity transformation will take several years because due to the complex nature of cloud
computing the friction surface is naturally spacious. Regarding not loosing the orientation while
assessing cloud computing solutions, there can be excepted a wide range of literature; from
application-oriented to the point of fundamental and anticipatory scientific considerations. Several
definitions, models and quasi- standards are about to emerge that are guiding and illuminating the
risks and chances. Subsequently, these lists are further elaborated in order to give a cloud computing
status quo overview with recommendable information sources. 257
255Ibid., 28.
256cf. Ibid., 68-70.
257cf. Chen, Paxson, and Katz, What’s new about Cloud Computing Security? , 2-3.
Startup in the Cloud 65
! Major vendors make some efforts toward inter-compatible, open clouds (ibid. Market)
! Total size and diversified composition of the market (ibid. Defining Cloud Computing)
! Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance by Tim
Mather et al.
! Cloud Computing Use Cases by the Cloud Computing Use Case Discussion Group
! Research challenges for Enterprise Cloud Computing as a much cited reference document 259
! Cloud Computing and Information Policy: Computing in a Policy Cloud? is one of a few
sources about policy and cloud computing 260
! Cloud Computing: Benefits, Risks and Recommendations for Information Security from the
ENISA which represents a reputable multistakeholder view 261
! Briefing Paper on Cloud Computing and Public Policy on behalf of the OECD 262
! Cloud Computing Architectural Framework by the Cloud Security Alliance that offers a
reference model, standardized, architectural requirements and and challenges (ibid. siehe
practical part)
258cf. Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing .
259cf. Khajeh-Hosseini, Sommerville, and Sriram, “Research Challenges for Enterprise Cloud Computing.”
260cf. Jaeger, Lin, and Grimes, “Cloud Computing and Information Policy: Computing in a Policy Cloud?.”
261cf. Catteddu and Hogben, Cloud Computing: Benefits, Risks and Recommendations for Information Security .
262cf. Nelson, Briefing Paper on Cloud Computing and Public Policy .
Startup in the Cloud 66
These recommendations are an excerpt of convenient information that were also used as research
source for this thesis. Further information can be found in the bibliography. It may help the reader to
orientate and draw conclusions for the benefit of his own projects.
For startups, entrepreneurs and small companies, the following aspects in the field of legal,
regulatory and standards may be of special interest:
While concluding the significant findings from the four main chapters Defining cloud computing ,
Political implications and standardization , Market, economics and trends and Evaluation guide, it is
evident that cloud computing has an immense potential, not only for startups and small businesses,
but also for global society. As sophisticated information systems are becoming available as a service,
it liberates companies from having to build up and operate their own infrastructure. This is especially
welcomed by entrepreneurs in developing countries as well as by startups and small businesses. It
allows them to benefit from higher service levels and lower costs which the cloud service provider
can offer due to economies of scale.
On the opposite side, enterprise cooperations usually stick to their conventional, long standing
solutions or, on the other hand, avoid public clouds, preferring private clouds which they can run on
their own systems. This way they are able to avoid risks that could occur through the handing of their
mission-critical data to third-parties such as cloud services providers. The risks consist mainly of
legal nature, lack of standardization, and are not classical security risks.
Although cloud computing is politically desired, it will take time until the national legal systems
have adopted to the internet realities of today, such as transborder data flow. On the standardization
side, countless efforts from non-profit organizations and the industry are taken towards open, inter-
compatible cloud standards which would foster innovation and lower costs.
However, it can be assumed that these legal and standardization issues will not hinder cloud
computing from its successful procession. These issues can be mastered by seriously assessing the
business and service-level requirements as a starting point in order to compare the various offerings
that are available for most industries. Assessment frameworks and guidances which are adjusted to
the characteristics of cloud computing are publicly available.
With all factors taken into account, cloud computing is a secure, affordable, lawful option for
startups and small businesses from all over the world a secure, affordable, lawful option that is
becoming more and more available for most industries and can help them concentrate on business
innovation. The writer of this thesis strongly recommends considering cloud computing, but points
out the need for a serious assessment in order to avoid losing control of the data whilst being locked
with a specific cloud computing provider.
Startup in the Cloud 68
Table Of Tables
Table b: Conventional IT concept (old paradigm) compared with the cloud computing model (new
paradigm). Source: Own comparison based on literature according bibliographic footnote,
2010......................................................................................................................................... 34
Table c: Service-oriented architecture (SOA) is primarily the domain of IT analysts, BPM is the
domain of business analysts. The bottom-up approach of HIM makes it possible for business
people to define the processes, in other words providing support for the way humans work
and interact with each other. Source: Own conclusion based on Fingar, 2009; Rayport and
Heyward 2009......................................................................................................................... 43
Table d: Collection of aspects that need to be considered while assessing cloud computing solutions.
Source: Own comparison based on literature according bibliographic footnote, 2010. .........60
Startup in the Cloud 69
Table Of Illustrations
Illustration a: Visual Model of the NIST Working Definition of Cloud Computing. Source:
Reproduced according original source by NIST, 2009. ............................................................ 3
Illustration b: Hybrid Cloud. Source: Cloud Computing Use Case Discussion Group, 2010. .............10
Illustration c: The various offerings of cloud computing covers different levels of abstraction, the
focus on consuming applications by the end user / business man is provided by SaaS.
Source: Reproduced according original source by LSE Research Online, 2009. ...................33
Illustration e: Business Process Spectrum: Information systems need to comply with the soaring
demand for relationship and communication. Source: Harrison-Broninski, 2009. ................. 40
Illustration g: Cloud Security Reference Model. Source: Reproduced according original source by
Cloud Security Alliance, 2009................................................................................................ 59
Startup in the Cloud 70
Bibliography
Abdennadher, Nabil. Advances in Grid and Pervasive Computing: 4th International Conference,
GPC 2009. 1st ed. Berlin; New York: Springer, 2009.
Adair, John. How to grow Leaders: The seven Key Principles of effective Leadership Development .
1st ed. London; Philadelphia: Kogan Page, 2007.
Alfred P. Sloan Foundation. “Information Systems Overview.” Sloan Career Cornerstone Center,
April 19, 2009. http://www.careercornerstone.org/pdf/infosys/infosys.pdf .
Anderson, Janna, Andie Diemer, Eugene Daniel, Shelley Russel, Drew Smith, and Dan Anderson.
“Workshop: Privacy, Security Implications of Cloud Computing.” Sharm El Sheikh, Egypt:
Elon University, 2009. http://www.elon.edu/e-web/predictions/igf_egypt/cloud_computing.xhtml .
Armbrust, Michael, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy H. Katz, Andrew
Konwinski, Gunho Lee, et al. Above the Clouds: A Berkeley View of Cloud Computing .
Berkeley: Electrical Engineering and Computer Sciences (EECS), University of California,
February 10, 2009. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf .
Asay, Matt. “Open source: The money is in the cloud,” December 3, 2009. http://news.cnet.com/8301-
13505_3-10408562-16.html .
Avgerou, Chrisanthi. Information systems and the economics of innovation . 1st ed. Cheltenham;
Northhampton: Edward Elgar Pub., 2003.
Baun, Christian, Marcel Kunze, Jens Nimis, and Stefan Tai. Cloud computing: Web-basierte
dynamische IT-Services . 1st ed. Informatik im Fokus. Berlin; Heidelberg: Springer, 2009.
Bellomo, Michael. How to sell anything on Amazon ... and make a fortune! 1st ed. New York:
McGraw-Hill, 2006.
Biddick, Michael. “Why You Need A SaaS Strategy.” Why You Need A SaaS Strategy, January 16,
2010. http://intelligent-
enterprise.informationweek.com/showArticle.jhtml;jsessionid=5FTQXL0YBW3KVQE1GHPSKHWATMY32JV
N?articleID=222301340 .
Bittmann, Thomas. “Building a Private Cloud: Are We There Yet?,” February 17, 2009.
http://blogs.gartner.com/thomas_bittman/2009/02/17/building-a-private-cloud-are-we-there-yet/ .
Startup in the Cloud 71
Bourassa, Richard. “20th APEC Electronic Commerce Steering Group Meeting.” Singapore:
Electronic Commerce Steering Group (ECSG), 2009.
http://aimp.apec.org/Documents/2009/ECSG/ECSG2/09_ecsg2_summary.pdf .
Briscoe, Gerard, and Alexandros Marinos. “Community Cloud Computing.” Beijing: LSE Research
Online, 2010. http://eprints.lse.ac.uk/26516/1/community_cloud_computing_%28LSERO_version%29.pdf.
Buyya, Rajkumar, Chee Shin Yeo, Srikumar Venugopal, James Broberg, and Ivona Brandic. “Cloud
computing and emerging IT platforms: Vision, hype, and reality for delivering computing as
the 5th utility.” Future Generation Computer Systems 25, no. 6 (December 11, 2008): 599-
616.
Catteddu, Daniele, and Giles Hogben. An SME perspective on Cloud Computing . Heraklion [Crete]:
European Network and Information Security Agency (ENISA), November 20, 2009.
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-sme-survey/at_download/fullReport .
———. Cloud Computing: Benefits, Risks and Recommendations for Information Security .
Heraklion [Crete]: European Network and Information Security Agency (ENISA), November
20, 2009. http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-
assessment/at_download/fullReport .
Cerf, Vinton G., Sha Zukang, Hamadoun I. Touré, Koichiro Matsuura, Markus Kummer, Nitin Desai,
Michalis Liapsis, et al. Internet Governance Forum (IGF): The First Two Years . 1st ed.
Geneva: World Summit on the Information Society (WSIS), 2008.
http://www.intgovforum.org/cms/hydera/IGFBook_the_first_two_years.pdf .
Chen, Lei, Chengfei Liu, and Xiao Zhang. Advances in Web and Network Technologies and
Information Management. Vol. 5731. 2009th ed. Lecture Notes in Computer Science. New
York; Berlin; Heidelberg: Springer, 2009.
Chen, Yanpei, Vern Paxson, and Randy H. Katz. What’s new about Cloud Computing Security?
Berkeley: Electrical Engineering and Computer Sciences (EECS), University of California,
January 20, 2010. http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.pdf .
Cloud Computing Use Case Discussion Group. “Cloud Computing Use Cases White paper - Version
3.0.” Cloud Computing Use Case Discussion Group, February 2, 2010. http://cloud-computing-
use-cases.googlegroups.com/web/Cloud_Computing_Use_Cases_Whitepaper-3_0.pdf?
gda=iwLqyV8AAAAPGXgkJ5fi30lYg4awQpoEqWScDsHoVk5f48r18wRWOvRsmgvNFNvJoZZD7r3PzEf2eH
jnTEKAfBvfYgf3pCOm2Nl_xKuxFIy3-WR9Ezn4SpxzIUqf6s0oL53Wkz8h1XQ .
Cloud Security Alliance (CSA). Security Guidance for Critical Areas of Focus in Cloud Computing
V2.1. CSA is a group of like-minded associates (contributor list of this document on page 5-
Startup in the Cloud 72
6) and does not have a location because it is purely located in the internet: Cloud Security
Alliance, December 22, 2009. http://www.cloudsecurityalliance.org/csaguide.pdf .
Cohen, Reuven. “ISO Forms Group for Cloud Computing Standards,” November 6, 2009.
http://www.elasticvapor.com/2009/11/iso-forms-group-for-cloud-computing.html .
———. “The Future of Cloud Computing Belongs to Asia,” November 12, 2009.
http://cloudcomputing.sys-con.com/node/1184360 .
Depena, Ray. “The Beauty of the Cloud,” August 18, 2009. http://dotnet.sys-con.com/node/1072760.
Fingar, Peter. Dot.cloud: The 21st Century Business Platform . 1st ed. Tampa: Meghan-Kiffer Press,
2009.
Foley, Mary Jo. “Microsoft's Azure cloud is officially open for business,” February 1, 2010.
http://blogs.zdnet.com/microsoft/?p=5085 .
Geeknet, Inc. “SourceForge - Find and Develop Open Source Software,” February 13, 2010.
http://sourceforge.net/softwaremap/trove_list.php?form_cat=576 .
Golden, Bernard. “Capex vs. Opex: Most People Miss the Point About Cloud Economics,” March
13, 2009.
http://www.cio.com/article/484429/Capex_vs._Opex_Most_People_Miss_the_Point_About_Cloud_Economics .
Goldenberg, Barton. CRM in Real-time: Empowering Customer Relationships . 1st ed. Medford:
CyberAge Books, 2008.
Goodman, Jason. “The CIO’s Guide To Cloud Computing.” GlassHouse Technologies, Inc., 2009.
http://www.scribd.com/doc/26327785/The-CIO-s-Guide-to-Cloud-Computing .
———. Human interactions: The heart and soul of business process management . 1st ed. Tampa
FL: Meghan-Kiffer Press, 2005.
———. “The Future of BPM” presented at the SOLEA 2009 - International Symposium on Service-
Oriented Locally adapted Enterprise Architecture, Espoo [Finnland], April 23, 2009.
http://www.uku.fi/solea/symposium2009/pres/Solea09-Harrison-Broninski.pdf .
Hayden, Mary, Jeff Thompson, and Jack Levy. The SAGE handbook of research in international
education. 1st ed. London: SAGE Publications, 2007.
Hayes-Weier, Mary. “Alternative IT Software is New Reality.” InformationWeek, October 16, 2009.
http://www.scribd.com/doc/22676189/Alternative-It-Software-s-New-Reality-Information-Week?
secret_password=1wniolqlkz65sm5gp0iu .
Hunton & Williams LLP. “APEC Forum Discusses International Privacy Legislation Developments,”
July 28, 2009. http://www.huntonprivacyblog.com/2009/07/articles/international/apec-forum-discusses-
international-privacy-legislation-developments/ .
Jaatun, Martin, Gansen Zhao, and Rong Chunming. Cloud Computing: First International
Conference, CloudCom 2009, Beijing, China, December 1-4, 2009, Proceedings . 5931 vols.
1st ed. Computer Communication Networks and Telecommunications. Berlin; Heidelberg;
New York: Springer, 2009.
Startup in the Cloud 74
Jaeger, Paul T., Jimmy Lin, and Justin Grimes. “Cloud Computing and Information Policy:
Computing in a Policy Cloud?.” Journal of Information Technology & Politics 5, no. 3 (10,
2008): 269-283.
Johnson, Bobbie. “Cloud computing is a trap, warns GNU founder.” The Guardian. London,
September 29, 2008. http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman .
Joint Technical Committee 1. Report of JTC 1/SWG-P on possible future work on Cloud Computing
in JTC 1 - ISO/IEC JTC 1 N9687. Geneva: International Organization for Standardization
(ISO) and International Electrotechnical Commission (IEC), September 11, 2009.
http://isotc.iso.org/livelink/livelink/fetch/2000/2489/Ittf_Home/MoU-MG/Moumg396.pdf .
Jost, Daniel. “Startup in the Cloud - Consulting Experts - Interview with Daniel Jost from CSS
Gruppe about Simplicity.” Online Database Application, January 31, 2010.
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/record-
summary/Simplicity_View/363985000000086003/ .
Khajeh-Hosseini, Ali, Ian Sommerville, and Ilango Sriram. “Research Challenges for Enterprise
Cloud Computing.” Arxiv preprint arXiv:1001.3257 abs/1001.3257 (January 15, 2010). http://
arxiv.org/ftp/arxiv/papers/1001/1001.3257.pdf .
Knipp, Eric, David Smith, David W. Cearley, and Yefim V. Natis. Creating Cloud Solutions: A
Decision Framework. Stamford: Gartner, Inc., December 8, 2009.
http://www.gartner.com/resources/171600/171623/creating_cloud_solutions_a_d_171623.pdf .
Koops, Bert-Jaap, Miriam Lips, Corien Prins, and Maurice Schellekens. Starting points for ICT
regulation: Deconstructing prevalent policy one-liners . 1st ed. The Hague: TMC Asser,
2006.
Kooten, van, Michel, and Balder Verberne. “Enterprise Software Top 10: Salesforce running up the
ranks,” September 4, 2009. http://www.softwaretop100.org/software-top-100/enterprise-top-10 .
Lasica, Joseph Daniel. Identity in the Age of Cloud Computing: The Next-generation Internet's
impact on Business, Governance and Social Interaction . 17th ed. Annual Aspen Institute
Roundtable on Information Technology. Washington D.C.: Aspen Institute, 2009.
http://www.aspeninstitute.org/sites/default/files/content/docs/pubs/Identity_in_the_Age_of_Cloud_Computing.pd
f.
Startup in the Cloud 75
Lawson, Stephen. “PayPal opens door to developers,” July 23, 2009. http://www.infoworld.com/d/cloud-
computing/paypal-opens-door-developers-590 .
Lucas, Sylvie. Progress made in the Implementation of and Follow-up to the World Summit on the
Information Society outcomes at the Regional and International Levels - Report of the
Secretary-General. General Assembly Economic and Social Council. Geneva: United
Nations, March 13, 2009. http://www.unctad.org/en/docs/a64d64_en.pdf .
MacDonald, Neil, and David Mitchell Smith. “Gartner Fellows interview with Microsoft's Ray Ozzie
on Cloud Computing,” October 30, 2009. http://www.gartner.com/technology/media-
products/reprints/microsoft/172235.html .
Mack, Eric. Video: David Allen - GTD and Cloud Computing . Adobe Flash on Youtube. Notes on
Productivity, 2010. http://www.notesonproductivity.com/ICA/NOP.nsf/dx/video-david-allen-gtd-and-cloud-
computing.
Mather, Tim, Subra Kumaraswamy, and Shahed Latif. Cloud Security and Privacy: An Enterprise
Perspective on Risks and Compliance . 1st ed. Beijing; Cambridge [Massachusetts]: O'Reilly,
2009.
Mell, Peter, and Tim Grance. “The NIST Definition of Cloud Computing v15.” Computer Security
Division of the US National Institute of Standards and Technology, October 7, 2009.
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc .
Metz, Cade. “Will Google regret the mega data center?,” August 8, 2009.
http://www.theregister.co.uk/2009/08/08/microsoft_azure_migration/ .
Meyer, Dirk. Review: Peter Fingar, Dot.cloud: The 21st century business platform built on cloud
computing. San Jose [California]: Adobe Systems, July 31, 2009.
www.oevermeyer.net/dmeyer/files/dotcloud_reviewdirkmeyer.pdf .
Mittelstaedt, Robert, Dennis Hoffman, Elizabeth Farquhar, Steven Salik, and Sanjay Modi. “IT
evolution: Why ERP systems face extinction - Knowledge@W.P. Carey,” February 28, 2007.
http://knowledge.wpcarey.asu.edu/article.cfm?articleid=1378 .
Nelson, Michael R. Briefing Paper on Cloud Computing and Public Policy. Cloud Computing and
Public Policy. Paris: Organisation for Economic Co-operation and Development; Committee
for Information, Computer and Communications Policy, September 29, 2009.
http://www.olis.oecd.org/olis/2009doc.nsf/ENGDATCORPLOOK/NT00004FC6/$FILE/JT03270509.PDF .
O'Halloran, Kerry. Charity Law Social Policy: National and International Perspectives on the
Functions of the Law relating to Charities . 1st ed. Berlin: Springer Netherland, 2008.
Startup in the Cloud 76
Object Management Group, Distributed Management Task Force, Open Grid Forum, Storage
Networking Industry Association, Open Cloud Consortium, and Cloud Security Alliance.
“Cloud Standards Coordination.” Cloud Standards Wiki, February 2, 2010. http://cloud-
standards.org/wiki .
Oestereich, Bernd. Analyse und Design mit UML 2: Objektorientierte Softwareentwicklung . 7th ed.
München; Wien: Oldenbourg, 2005.
Palacin, Antonio. “Startup in the Cloud - Consulting Experts - Interview with Antonio Palacin from
IBM Deutschland GmbH about Simplicity.” Online Database Application, January 24, 2010.
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/record-
summary/Simplicity_View/363985000000070991/ .
Rapp, Reinhold. Customer Relationship Management: Das neue Konzept zur Revolutionierung der
Kundenbeziehungen . 3rd ed. Frankfurt: Campus Verlag, 2005.
Rayport, Jeffrey F., and Andrew Heyward. “Envisioning the Cloud: The Next Computing Paradigm.”
Marketspace LLC, March 20, 2009. http://www.marketspaceadvisory.com/cloud/Envisioning-the-
Cloud.pdf.
Reese, George. Cloud application architectures . 1st ed. Sebastopol [California]: O'Reilly, 2009.
Rittinghouse, John, and James F. Ransome. Cloud Computing: Implementation, Management and
Security. Boca Raton [Florida]: CRC Press, 2009.
Roig, Antoni, and et al. “Proceedings of the First Workshop on Law and Web 2.0.” IDT - Institute of
Law and Technology (UAB) 3. Law and Web 2.0 (September 18, 2009): 91.
Sansom, Clare. “Up in a cloud?.” Nature Biotechnology 28, no. 1 (January 4, 2010): 13-15.
Schubert, Lutz, Keith Jeffery, and Burkhard Neidecker-Lutz. “The Future of Cloud Computing:
Opportunities for European Cloud Computing Beyond 2010.” Brussels: Commission of the
European Communities, Information Society & Media Directorate-General, 2010.
http://cordis.europa.eu/fp7/ict/ssai/docs/cloud-report-final.pdf .
Schunter, Matthias. “Startup in the Cloud - Consulting Experts - Interview with Matthias Schunter
from IBM Deutschland GmbH about Security.” Online Database Application, January 25,
2010. https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/record-
summary/Security_View/363985000000077011/ .
Startup in the Cloud 77
Spivey, Jeff, Phil Agcaoili, Joshua Davis, Geir Arild Engh-Hellesvik, David Lang, Jim Reavis, Ben
Rothke, Joel Scambray, and Ward Spangenberg. “Cloud Computing: Business Benefits With
Security, Governance and Assurance Perspectives.” Information Systems Audit and Control
Association (ISACA), October 28, 2009. http://www.isaca.org/AMTemplate.cfm?
Section=Deliverables&Template=/ContentManagement/ContentDisplay.cfm&ContentID=53044 .
Stadelmann, Daniel. “Startup in the Cloud - Consulting Experts - Interview with Daniel Stadelmann
from wedoit AG about Industry.” Online Database Application, January 28, 2010.
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/record-
summary/Industry_View/363985000000085003/ .
Subramanian, Krishnan. “Cloud Computing and Developing Countries – Part 2,” September 25,
2008. http://www.cloudave.com/link/Cloud-Computing-and-Developing-Countries-%E2%80%93-Part-2 .
Sun Microsystems, Inc. “Open Source & Cloud Computing: On-Demand, Innovative IT On A
Massive Scale.” Sun Microsystems, Inc., 2009. https://www.sun.com/offers/docs/open_cloud.pdf .
Touré, Hamadoun I., and Supachai Panitchpakdi. World Information Society Report 2007 - Beyond
WSIS. World Information Society Report. Geneva: International Telecommunication Union
and United Nations Conference on Trade and Development, May 16, 2007.
http://www.itu.int/osg/spu/publications/worldinformationsociety/2007/WISR07_full-free.pdf .
University of Chicago. “The Chicago Manual of Style Online - 15th Edition: Chicago-Style Citation
Quick Guide,” 2007. http://www.chicagomanualofstyle.org/tools_citationguide.html .
Velte, Toby, Anthony Velte, and Robert Elsenpeter. Cloud Computing: A Practical Approach. 1st ed.
New York: McGraw-Hill, 2010.
Vembu, Sridhar. “Startup in the Cloud - Consulting Experts - Interview with Sridhar Vembu from
Zoho Corp. about Innovation.” Email and Online Database Application, February 2, 2010.
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/record-
summary/Innovation_View/363985000000089005/ .
Verberne, Michel. “Global Software Top 100 - Interim Update,” December 24, 2009.
http://www.softwaretop100.org/component/content/article/215-Global-Software-Top-100---Interim-Update .
Startup in the Cloud 78
Wailgum, Thomas. “SAP CTO Vishal Sikka talks clouds,” June 23, 2009.
http://www.cio.co.uk/article/117836/sap-cto-talks-clouds/ .
World Bank Publications. Information and Communications for Development 2009: Extending
Reach and Increasing Impact. 2009th ed. Washington D.C.: World Bank, 2009.
Wyld, David C., and IBM Center for the Business of Government. Moving to the Cloud: An
introduction to Cloud Computing in Government . Hammond: Southeastern Louisiana
University, October 26, 2009. http://www.businessofgovernment.org/pdfs/WyldCloudReport.pdf .
———. “Startup in the Cloud - Consulting Experts - Interview with Evangelos Xevelonakis Xenis
from Swiss Valuenet about about Simplicity.” Online Database Application, January 24,
2010. https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/record-
summary/Simplicity_View/363985000000080003/ .
Zittrain, Jonathan. The future of the Internet and how to stop it. 1st ed. New Haven: Yale University
Press, 2009.
Startup in the Cloud 79
Source data of the qualitative survey in order to get qualified answers on prevailing questions
about cloud computing. The original survey data can be accessed here:
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/#View:Industry_View
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/#View:Security_View
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/#View:Legal_View
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/#View:Costs_View
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/#View:Simplicity_View
https://creator.zoho.com/agrachina/startup-in-the-cloud-consulting-experts/#View:Innovation_View
In case a consulted expert statement has been cited in the thesis, a footnote has been set which is
linked to the corresponding entry in the bibliography. All answers of this Consulting Expert survey
that have been quoted in this thesis, were translated by the author of this thesis.
Startup in the Cloud 80
In a small company, who can derive business requirements It depends on the industry. In general, the link between
into information management systems based on cloud business requirements and the associated information
computing? systems should be owned by one of the managing directors.
This person should have a counterpart in each line-of-
business or main organization within the company. Those
departements should summarize their needs. Finally it is the
task on C-level to derive the right catalogue of services and
to combine the different requests.
How easy is it to connect one cloud with another? Technically many of those business applications are web
based applications. Connectivity is not the real problem.
Data security and data consistency are still a big problem,
even within traditional IT infrastructures. On the cloud it is
one of the main inhibitors today.
How to switch from one to another cloud computing There are no or only little experiences on that. Main
provider? problem will be to extract all the data and to import into
another application hosted by a different provider. Why
should a cloud service hoster provide this mechanisme that
at the same time is offering his client a way to cancel the
contract?!
Will cloud computing help to popularize BPM even in the In specific areas "yes". E.g. simple processes could be
small company market? hosted in a cloud: eMail, data repositories for backup, etc.
In other areas where mission-critical data and access rights
are targeted I still do not see how this can be ensured.
Should small companies understand the concept of EA The most important thing to understand are the SLA
(enterprise architecture) or is it sufficient if they are able to (Service Level Agreement) between customer and cloud
compare the business functionality of different cloud provider. But a basic understanding what is possible will
computing offerings? also help to question if all promisses are really technically
possible.
Can small companies start using advanced functionality I am not aware of any example that is only provided in the
(e.g. data warehouse) which they hadn't the chance without cloud. Everything can be ran "on-premise" or hosted by a
cloud computing? 3rd party company based on a traditional IT infrastructure.
Comments -
Added Time 24/01/10 19:12
Startup in the Cloud 81
In a small company, who can derive business requirements It depends on the company's size. But I think the CEO is the
into information management systems based on cloud appropriate person.
computing?
How easy is it to connect one cloud with another? It depends on the environment and the number of different
providers.
How to switch from one to another cloud computing There are some switching costs associated. -contracts, -data
provider? management, -training
Will cloud computing help to popularize BPM even in the I do not see here a direct relationship between these
small company market? concepts.
Should small companies understand the concept of EA II would say they have to differentiate their solution. it is
(enterprise architecture) or is it sufficient if they are able to important to design an architecture containing both
compare the business functionality of different cloud elements.
computing offerings?
Can small companies start using advanced functionality Yes. I think some expensive applications in the BI area and
(e.g. data warehouse) which they hadn't the chance without CRM. However the topic of data privacy and security has to
cloud computing? be addressed.
Comments -
Which efforts must be taken to resolve the security worries Depends on type of cloud computing.
of cloud computing? Infrastructure/Software/...
Is a private cloud as secure as a conventional inhouse IT? Yes and no. Depends on the quality/experience of the
provider. Good provider should be better than bad in-house
IT.
Why has public cloud the reputation to be less secure than Because enterprises loose power and control. More
an outsourced IT environment? dependence on internet connection.
How are cloud computing solutions fitting in the concepts unclear. Due to black-box approach usually harder to
and practices of ITIL, especially regarding the security integrate into ITIL
management?
Comments Ich vermute, dass der Markt von selbst Reifen wird: Heute
werden meist nur Spielzeuganwendungen verwendet (oder
Startups). Grosse Unternehmen verwenden Clouds nur,
wenn der Betreiber vertrauenswuerdig ist und einen
Startup in the Cloud 83
Can the cloud computing market provide sufficient Nein! Es ist schon heute sehr schwierig kompetente und
consulting expertise to realize the requirements of entsprechend Ausgebildete Consultants zu finden, die ein
customers of all industries? ganz normales Infrastruktur Projekt mit allem drum und
dran richtig implementieren können. Das Know-how und
die nicht Verfügbarkeit der Spezialisten wird das grösste
Problem für den Durchbruch von Cloud-Computing sein.
Which industries are using broadly cloud computing Im Moment ist es vor allem ein Schlagwort der Hardware
applications? Hersteller, die damit ihre Produkte zu platzieren versuchen.
Wir haben noch keine konkreten Kundenprojekte in denen
Cloud wirklich ein Thema ist.
Which industries don't accept their suppliers to store Alle Kunden die den Wert ihrer Daten kennen, werden diese
business critical data to store in the cloud? nicht in eine Cloud verlegen wollen! In einer Cloud gebe
ich die Kontrolle über die Daten ab. Das damit nur Banken
oder Versicherungen Probleme haben glaube ich nicht, ich
kann mir vorstellen, dass auch Industriebetriebe mit
Patenten und speziellem Know-how damit ein Problem
haben.
Are there industries where public cloud computing offerings Ich sehe im Moment keine Brache, die einfach so Ihre
will not be accepted for the time being? wichtigsten Daten in eine Cloud verlagern würden.
More info -
In a small company, who can derive business requirements In KMU ist das Fachwissen für die Möglichkeit der
into information management systems based on cloud Umsetzung von betrieblichen Prozesse in
computing? Informatiksysteme selten gegeben. Informatik gehört selten
zur der Kernkompetzenz. Somit ist eine Umsetzung con
Cloud Computing nur mit erfahrenen Experten möglich, die
auch über Branchenverständniss verfügen.
How easy is it to connect one cloud with another? Bei sauberer Defintion der Schnittstellen zwischen den
Applikationen ist der Schwierigkeitsgrad sicher nicht
grösser als bei der Integration von verschiedenen
serverbasierten Applikation verschiedener Hersteller.
How to switch from one to another cloud computing Sollte vor Projektbeginn mit dem ausgewählten Provider
provider? festgehalten werden.
Will cloud computing help to popularize BPM even in the Akzeptanz wird solange kritisch bleiben, wie Fragen zu
small company market? Datenschutz (was ist wenn meine Daten auf einem US-
Rechner liegen), nicht mit Sicherheit abgeklärt sind. Im
Moment sicher interessant für internationale Unternehmen,
welche sich schon heute mit diesen Fragestellungen
auseinandersetzen müssen.
Should small companies understand the concept of EA Für KMU reicht es aus, dass sie die Geschäftsfunktionen
(enterprise architecture) or is it sufficient if they are able to der verschiedenen Angebote verstehen. Wichtig ist jedoch,
compare the business functionality of different cloud dass das Vertrauen da ist, wo und was mit den Daten
computing offerings? passiert.
Startup in the Cloud 87
Can small companies start using advanced functionality Wenn cloud computing in KMU ein Thema ist, soll ganz
(e.g. data warehouse) which they hadn't the chance without bewusst Projekte gesucht werden, die nur mit Cloud
cloud computing? Computing geschäftsrelevante Vorteile ergeben.
How can cloud computing lead to new business? It depends on how the functionality is used. Collaborative
tools can help make transparent and well-informed
decisions. People at various job positions can share their
ideas and contribute to collective innovation. For example,
people at different levels in the organization can come up
with an innovative idea. This is unlikely to happen in
traditional offices. Saas is changing the way you work. But
if someone posted some idea not very “sweet” to the boss
and got punished for it, then nobody would dare to post his
ideas any more, innovation suffers, and we have an
organization of yes-men.
If in the future everyone can afford advanced business Companies do not differentiate themselves because they use
applications because of cloud computing, how can electricity. Why should business applications confer any
companies differentiate themselves from their competitors? particular advantage? No matter how advanced a business
application is, it’s just a tool. Having the tool improves
productivity and efficiency. Companies need to focus on
their businesses, always thinking about how to satisfy
customers’ needs in a better way? As long as companies are
offering what the customers need with better quality, better
user experience, they’re differentiating themselves from
their competitors.
How will cloud computing change the way to do business? Thanks to cloud computing, one can do business faster,
better and cheaper. By networking geographically different
teams, cloud computing enables easy collaboration. Cloud
Startup in the Cloud 89
What brings the future of cloud computing? Traditional software is hard to integrate; this is an area
where cloud applications can shine based on technological
advantages in systems integration. I don't know. I believe
contextual integration of applications is the key -
information accessed from a variety of different
applications in a single page, for example.
Will the semantic web become reality because of cloud On the contrary, Saas incubates innovation. Due to the rapid
computing? evolution of cloud services, and the attractive pricing - often
a fraction of traditional software - there is substantial
innovation up and down the technology stack. As an
example, cloud vendors are pioneering new forms of low-
cost network storage, new forms of databases. Both file
systems and databases have been stagnant for a long while,
and it is cloud computing that brought them new life.
The rise of cloud computing goes along with increased There have been major advances in open source distributed
usage of open source based software. Will that lead to file systems and databases in recent years, spurred by cloud
additional innovative business applications and is that computing. Javascript frameworks like jQuery have enabled
beneficial for future efforts of t The rise of cloud computing major advances in client functionality. Open source and
goes along with increased usage of open source software. cloud applications have worked in a virtuous cycle of
How is the open source community anticipating that and innovation, and adoption.
what are the consequences for the degree of innovation?
Comments -