a framework for assessing and implementing cloud

A FRAMEWORK FOR ASSESSING AND IMPLEMENTING CLOUD COMPUTING SOLUTIONS IN SOUTH AFRICA A Lokotsch

JH Oosthuizen

Altech Woodmead, Johannesburg, South Africa [email protected]

Milpark Business School Melville, Johannesburg, South Africa [email protected]

Abstract—Cloud computing represents significant change in the way that IT services are provisioned to users within organisations. Traditionally services are provisioned internally and this followed a generic approach of capital expenditure, installation, configuration, and rollout. Cloud computing challenges this traditional provisioning model through a number of key differentiators. South Africa as a developing country has limitations with regards to the infrastructural environment, particularly around lack of bandwidth, quality of service and affordability. The primary objective of this study was to develop a framework for assessing and implementing cloud solutions in South Africa. The secondary objectives in support of this research were to: ascertain the current levels of adoption of cloud computing; predict the future landscape of the cloud computing; ascertain limitations to cloud computing adoption; and establish the existence of a cloud computing strategy. The results found that the greatest concerns about cloud computing were security, reliability of the data lines to the cloud service provider as well as the additional data lines and bandwidth required. The results further indicate that the expectations from cloud computing were scalability, improved uptime and speed of deployment. In addition, the study found that despite cloud computing being a top emerging IT trend, only half of the participants had cloud computing strategies. This research culminated in a framework for assessing and implementing cloud solutions. The implementation of this framework follows a step-wise, iterative approach. Each cycle of implementation leads to an improvement in the organisations capability and maturity in the area of cloud computing. Keywords—Cloud computing, Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS)

I.

INTRODUCTION

One of the more recent buzzwords in the local and international IT industry is that of cloud computing. Smith (2011) states that “cloud computing is maturing, but it continues to be the latest, most-hyped concept in IT”. To emphasise and illustrate the importance of cloud computing by means of growth forecasts, CISCO Systems (2011) predicts that by 2015 more than 50% of all computing workloads in the world will be processed in the cloud. It also estimates that cloud computing IP (internet protocol) traffic will grow twelvefold by 2015 at a 66% annual growth rate.

Cloud computing technologies are starting to emerge in South Africa, promising great benefits to business in terms of cost and efficiencies and to the country in terms of social and economic benefits (Laverty, 2011). However, South Africa as an emerging economy has a unique operating environment with respect to the availability and maturity of IT infrastructure and IT departments. It is necessary to explore these limitations, and the various cloud technologies should be critically assessed for their suitability to our environment and a strategy for their implementation should be developed. In First World countries, IT infrastructure is advanced and mature. Emerging economies lag behind the developed world in this respect, yet cloud technologies are being greeted with the same enthusiasm and expectations. In addition, contributing negatively towards the reliability of the technology, there are significant legal, privacy and security issues that need to be taken into consideration, and these fundamentally change how business should handle data and data access. The question then beckons: How should South African companies go about formulating a strategy for assessing, selecting and implementing cloud computing technologies? Kshetri (2010:13) admits that the field of cloud computing in the developing world is under-researched. He suggests that future research should examine cloud adoption and the decision processes of an organisation in the developing world. Against this backdrop, the primary objective of this study is twofold: firstly to propose a framework for assessing computing in South Africa and secondly to make practical recommendations for implementation. II.

LITERATURE REVIEW

A. Defining Cloud Computing Cloud computing is a term that describes the provision of IT services over the internet (Katzan, 2009:256). Here ‘internet’ is used as a generalisation for any kind of connectivity. Cloud computing enables organisations to receive IT services without having to deploy or manage the services themselves, thus there is a reduction in capital expenditure and fewer skilled IT workers are required. Services could include anything as simple as email to as sophisticated as complete office-productivity applications, and even raw computing

power and capacity. Because these services are potentially shared across many clients, there are also economies of scale benefits (Armbrust et al, 2009). Cloud computing was developed in the United States and has spread to other First World countries. It is generally accepted that “SalesForce” launched the first mass-market cloud service in 1999 and was followed by Amazon in 2002 (Mohamed, 2008). Many South African IT companies are deploying cloud infrastructure services, particularly large telecommunication providers with large client bases such as Dimension Data, BCX, Internet Solutions, Telkom, MTN and Vodacom. These companies are actively marketing their cloud computing platforms and services to South African companies and generating hype around the benefits. There are many definitions of cloud computing, which, at the most basic level, all describe cloud computing as services delivered over a computer network. However, they also all differentiate cloud computing services from other pre-existing computing services by defining unique characteristics of cloud computing services, how they are packaged and the various ways the services can be deployed. Armbrust et al (2009) define cloud computing as the applications delivered as services over the internet and the hardware and systems in the computer data centres that deliver and provide those services. The application services themselves are referred to as Software as a Service (SaaS). The data centre hardware and software is what is known as “the cloud”. Cloud computing services can be classified according to two deployment methods: public cloud and private cloud. In the public cloud, the service is intended for the general public. In the private cloud, services are provisioned internally by organisations in their data centres and with their equipment. When the cloud is made available to the general public on a pay-as-you-go model, the service being sold is called “utility computing.” Armbrust et al (2009) conclude that “cloud computing is the sum of SaaS and utility computing, but does not include private clouds.” Mell & Grance (2011) similarly define cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” The International Data Corporation (IDC) defines cloud computing on a high level as consumer and business products, services and solutions delivered and consumed in real-time over the internet (Gens, 2009). Gartner Corporation (2012) defines cloud computing as a style of computing where massively scalable IT-related capabilities are provided “as a service” using internet technologies to multiple external customers. B. Service Models of Cloud Computing Service models define the way in which the cloud computing product is provided to and consumed by the customer. In defining cloud computing, Armbrust et al (2009) have already mentioned two primary cloud service models: Software as a Service (SaaS) and utility computing, – which includes Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). Their view is that the different utility

computing offerings will be distinguished by the level of abstraction presented to the programmer and the level of management of the resources. Thus, IaaS is the most simplistic and PaaS is the most sophisticated, with the greatest level of abstraction. Mell & Grance (2011) define the three service models as: 

Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., webbased email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure – including network, servers, operating systems, storage or even individual application capabilities – with the possible exception of limited user-specific application-configuration settings.



Platform as a Service (PaaS). The customer is given the ability to programmatically access and utilise cloud infrastructure from within their applications and to deploy that program on to the cloud infrastructure (the cloud as defined by Armbrust et al (2009)). Thus the applications need to be specially written to utilise the cloud infrastructure using a provider framework.



Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks and other fundamental computing resources where the consumer is able to deploy and run their own software – from operating systems to applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage and deployed applications, and possibly limited control of select networking components and security.

C. Deployment Models Cloud computing services are made available either publicly, privately or in some combination. According to Gens (2010), public and private deployment models represent two extremes of the deployment continuum, which frame an evergrowing variety of models that mix aspects of both. Gens (2010) defines the public and private deployment models as: 

Public cloud – These are services that are open to a largely unrestricted base of users. These services are designed for a market, not a single enterprise.



Private cloud – These are services intended for and accessible only to a single enterprise. The services offered are an internal shared resource, not a commercial offering.

Mell & Grance (2011:7) introduce two other deployment models that are in essence some combination of the two core deployment models (public or private). They call these “community cloud” and “hybrid cloud” deployment. 

Community cloud – These services are provisioned for exclusive use by a specific community of users from more than one organisation who may have a need to

co-operate with one another or have shared concerns around security or specific compliance requirements. This cloud service may be operated by one or more of the organisations in the community, a third party, or a combination. The services may also exist on or off premises. 

Hybrid cloud – The cloud services are deployed as two or more distinct cloud deployment models (private, community or public) that remain unique entities but share a standardised platform that enables data and application portability (from private to public and viceversa) should this be required.

D. Benefits of Cloud Computing The key benefits of cloud computing discussed by Armbrust et al (2009) and Mell & Grance (2011) can be summarised as: economies of scale, elasticity, transference and risk, and instant provisioning and self-service. These are further detailed below. 

Economies of scale: The advent and proliferation of large-scale data centres has enabled the costs of provisioning computer services to be controlled. Sharing of computing resources among many clients has enabled higher average utilisation of equipment and therefore lowered the cost per client.



Elasticity: Cloud computing has a pay-per-use model, which allows clients to choose how much of the service they require.



Transference of risk: The providers of cloud services carry the capital risks of over/under-provisioning the underlying platform and also the traditional risk associated with the efficient operation of a facility.. Additionally, capital that would normally be deployed to hardware and software capital expenditure can now be directed to the core business. The resources required to support the platform are reduced (transferred to the service provider) and existing resources can be redeployed on core business areas rather than platform support and maintenance.



Instant provisioning and self-service: A customer can provision services as needed or automatically without requiring human interaction with each service provider. Laverty (2011) highlights this as a key benefit for African businesses that often have to wait prolonged periods for services to be provisioned.

E. Specific Infrastructural Challenges for the Adoption of Cloud Computing in South Africa It is widely argued that Africa has insufficient infrastructure to support cloud computing technologies and provision them effectively to clients. Banks (2011:1) argues that cloud computing is largely “inappropriate” outside of predominantly urban areas or predominantly “developed” countries. Developing economies lack infrastructure and economies of scale for an extensive implementation and adoption of cloud technologies. Kshetri (2010:13) suggests that the greatest barriers for adoption and effective utilisation of the cloud in the

developing countries are personal computer (PC) penetration and low bandwidth availability. Van Wyk (2008) highlights a number of additional barriers for successful and ubiquitous implementation of cloud computing in Africa: 

Internet connectivity is not available in most of Africa;



Even devices that can use the internet and that are considered ‘cheap’ are in reality not affordable to the majority of people; and



Cloud computing is a step up from conventional computing use. It will therefore require additional training to overcome this step.

Comninos (2011:4) from the South African Internet Governance Forum (SAIGF) notes the following key technical challenges with respect to the quality and type of connectivity available to cloud computing users in Africa: 

Bandwidth: Bandwidth relates to how much data can be transferred at a time.



Quality of service: The reliability of the underlying data connection with respect to data loss, availability and speed.



Data limits: Many African internet users have limitations on how much internet data they can consume.

According to CISCO Systems (2011) South Africa falls significantly behind its First World peers when it comes to bandwidth capacity with an average download speed of 2.324 kbps is significantly behind many of counterparts such as China, India, and Egypt. F. Approaches to Adopting Cloud Computing Services Plummer (as cited by Weinberg, 2011) proposes a pragmatic and cautious approach to adopting cloud technologies. This involves: 

Performing a thorough analysis that identifies which benefits the company hopes to achieve by moving to the cloud;



Beginning with smaller, low-risk systems and then progressing to critical core systems: “Start at the edges and work your way into the core.”



Identifying the most common applications to start migrating to the cloud. These are typically email, social applications, test and development systems, productivity applications, and web servers.

A similar gradual approach is also recommended by Low & Chen (2011), who favour implementing simpler applications first and later progressing to more sophisticated applications. Cloud computing services are accessed by the public internet, private networks and sometimes by hybrids of the two. Implementers of cloud services should be aware of the performance, redundancy and cost associated with these access options. Skorupa & Fabbi (2008:3) emphasise that it should not

simply be assumed that "the cloud" and "the internet" are one and the same, or even that the internet is or isn't an appropriate delivery mechanism for business-critical applications delivered via cloud-based services. Smith & Natis (2011) then go on to provide a number of recommendations for companies considering adopting cloud technologies. Of particular interest is the clear distinction between cloud services over the internet versus more sophisticated networks. Skorupa & Fabbi (2008:1) expect that the internet is to remain the most cost-effective cloud access method but warn that it does not have even the most basic performance guarantees. Network planners need to mitigate this through proper planning in architecture. Preferable to the internet would be dedicated private networks using Multiprotocol Label Switching (MPLS) services that offer guaranteed performance, but these will have coverage limitations and are considerably more expensive.

highlight the risks of relying on an external service provider. Chen & Low (2011:14) emphasise that the reliability of cloud services (and potential outages) is a key a factor in the decision-making process of hightech companies to adopt cloud services. Reliability of the services is critical; however, the reliability of the connectivity to the services is also of paramount importance. This is emphasised repeatedly in the literature: Smith & Natis (2011), Munch (2011) and Comninos (2011) and Skorupa and Fabbie (2008). Skorupa and Fabbie (2008) emphasise the importance of the network connectivity to the cloud service provider. They state that the “internet will be the most cost-effective cloud access method due to its ubiquity, but it will not support even the most basic performance guarantees”. 2.

This view is supported by Munch (2011:1), who recommends that enterprises wanting to move their more business-critical applications to a cloud provider should consider the “tightly integrated services offered by network service providers due to superior performance guarantees and customised security settings”. Appropriate network selection appears to be a recurring recommendation in the literature. Smith and Natis (2011) emphasise that the network selection and testing from the expected geographic reach of the cloud services are two of the most critical points to consider in moving to cloud services. They recommend: 

Evaluating network options from your cloud provider and from your internet service provider (ISP) that can reduce network charges or improve application performance.



Testing the performance of cloud-based applications in all geographies where you plan to deploy them. Latency can cause dramatic differences in application response time.

Security as a key factor for evaluating cloud services is highlighted by Munch (2011:1), stating that companies should evaluate cloud services based on security, performance and flexibility. This is flexibility in being able to connect to a range of cloud computing providers and being able to monitor and manage the platform via a self-provisioning interface. G. Concerns and Risks Associate with Cloud Computing The concerns and risks around the implementation of cloud services can be categorised as (1) reliability, (2) security and (3) legalities. 1.

Reliability: The reliability of cloud services has been under the media spotlight recently. Many prominent service providers, such as Google and Amazon, have suffered major failures in their services. Most recently, Google accidentally deleted 15 000 user accounts (Newman, 2012:1). Last year Amazon had a critical failure that affected thousands of websites relying on its technology (Miller, 2011:1). These failures not only create negative publicity for cloud computing but

Security and privacy: It has been established that cloud computing is a service provided by an external party. Thus users of cloud services are not in immediate control of the cloud services environment and are dependent on the security of the underlying service and the service provider. Ryan (2011) refers to this as “entrusting” the service provider with your data, which resides on remote servers. It has also been established that one of the key concepts in cloud services is that they share computing hardware to gain economies of scale (Armbrust et al, 2009:21). Sharing, by its nature, has some implicit security risks. Furthermore, lack of control and transparency regarding the security architecture, compliance and maintenance may result in a phenomenon known as an “unknown risk profile”, where the client of a service is not fully aware of their security risks (Cloud Security Alliance, 2010:14).

3.

Legal risk: There is increased legal risk created by the distributed nature of the cloud, compared with traditional internal or outsourced infrastructure (Cloud Security Alliance, 2009:35). Plummer (as cited by Weinberg, 2011) states that there are some legal reasons not to take the cloud route – these include the inability to get the service-level agreements that you want, as well as regulatory and compliance issues. In general, there appear to be two primary dimensions to the discussion on legal cloud computing concerns and risks: 

The contractual dimension, which governs the relationship with the vendor (particularly servicelevel agreements).



The jurisdictional dimension, which involves legislative, regulatory and compliance issues that can depend on the location of the data. III.

RESEARCH METHOSOLOGY

The research methodology of this study includes the development of the questionnaire, the study population, the

process to gather the information and the statistical analysis as set below.

response rates ranged from 7% to 44% for web surveys and from 6% to 68% for email surveys.

A. Developing of the Measuring Instrument The measuring instrument utilised in this study was developed to assess:

C. Statistical Analysis The data collected was statistically analysed, using Microsoft Excel. Descriptive statistics were calculated from the raw data exported from the online survey tool. To assist in reaching conclusions from the data, the univariate descriptive statistics of mean, median and mode were used to establish the average response, the most likely response (central tendency) and the most frequently occurring response. Standard deviation was calculated to measure the degree that the answers varied from the mean.



Data on connectivity type, size and speed and availability in (1) developed countries; (2) South Africa; and (3) developing countries (where data was available).



The continuum of cloud service offerings from South African and African cloud services suppliers.



The cloud computing technologies implemented within an organisation.

already



The cloud computing technologies being considered for implementation.



The anticipated computing.



The range of concerns that IT managers have around implementing cloud computing, particularly concerning (1) reliability; (2) lack of control; (3) legal risk; (4) connectivity; (5) job security; and (6) skills and capability requirements.

benefits

derived

from

cloud

B. The Study Population The population identified for this study was IT decisionmakers within South African corporations. This comprises individuals in the positions of chief information officer, chief technical officer or IT director, IT manager and operations manager. Logically, a reliable sample frame would be companies and their subsidiaries listed on the stock exchange in South Africa. There are currently over 400 companies listed on the Johannesburg Stock Exchange (Khuzwayo, 2011:1). The sample method selected was a combination of nonprobabilistic, purposive and convenience sampling. The sample of JSE-listed companies was preselected and refined to exclude companies that did not have their primary listing in South Africa, exploration companies, cash shells or investment holding firms or companies that did not have a published contact email address. This sample was then supplemented using convenience sampling where industry contacts of the researcher were included. Using the list of JSE-listed companies also provided a cross-section of industry sectors, hence contributing to the validity of this research. Having applied the methodology listed above, the sample size used in this research was 262. The response rate from the emails sent out was 12.85%. Response rate calculations deduct the emails that bounced (failures) from the sample size. Out of a total of 262 emails that were sent, 83 were failures and 26 responses were received. This gives a response rate of 12.85%. This can be considered a low response rate, however, low response rates for internet-based surveys appear to be generally accepted in the literature reviewed (Fricker et al., 2005:373). Sivo et al (2006:357) surveyed a number of information systems journals and found response rates as low as 7% were considered usable. Schonlau et al (2002) found that typical

IV.

RESULTS AND DISCUSSION

A. Demographic Information In terms of industry distribution 21% of the respondents came from (a) banking and (b) communications/publishing/media respectively, followed by 17% from (c) services and (d) IT/technology/telecoms respectively. The remaining respondents came from (e) education/academia (8%) and (f) financial services, (g) information management, (h) manufacturing and (i) transport/logistics (4%) respectively. Although the survey sample was inclusive of all industry sectors on the Johannesburg Stock, industry distribution of the responses was limited to nine sectors. The missing sectors are retail, transport, construction and mining. Company size varied from 33% with 1-200 employees, 25% with 200-1000 employees, 21% with 1000-2000 employees, 8% with 2000-5000 employees, and 13% with more than 5000 employees. The most popular type of connectivity to head offices and regional offices was found to be diginet links at 39% followed by fibre (28%), ADSL (21%) and Wireless (12%) respectively. Head offices are more bandwidth intensive because of the density of personnel, therefore the larger line sizes of diginet (1-2Mbps+) and fibre (4-10Mbps and 10Mbps+) occurred almost exclusively at the head offices. Wireless and ADSL were less popular at head and regional offices. This is probably because the performance and reliability of these types of links is not as good as fibre and diginet. Reliable internet is considered a key ingredient for cloud adoption. Regional offices mostly have less concentration of personnel, less requirement for reliability and are more cost sensitive. ADSL is the cheapest form of broadband available in South Africa and was by far the most favoured form of branch (61% of responses). The type of connectivity at branch level evidently changes significantly when compared with regional office and head office level (Diginet = 31%, Fiber = 4% and Wireless = 4%). B. Cost of Connectivity Respondents were asked to rate the cost of their wide area network (WAN) connectivity on a Likert scale of 1 to 5, where, 1 was very reasonable and 5 was very expensive. The conclusion from analysis of these responses was that WAN connectivity was generally considered expensive. The average response was 3.53, thus marginally on the expensive side. The

mode indicated that the most frequently occurring response was 4, which on the Likert scale was expensive. The standard deviation of the responses was 1%, which indicates a high grouping of similar answers and supports the conclusion. C. Reliability of Connectivity Respondents were asked to rate the reliability of their WAN connectivity on a Likert scale of 1 to 5, where 1 was very unreliable and 5 was very reliable. The conclusion from the analysis of these responses was that WAN connectivity was generally considered reliable. The average response was 4.13, which was on the reliable side of the scale. The mode indicated that the most frequently occurring response was 4, which on the Likert scale was reliable. The standard deviation of the responses was -9%, which indicates the most frequently occurring responses were lower than the average but still supports the conclusion in the selection of reliable as the outcome. This outcome is, however, contradicted by the responses to the question on concerns around cloud computing (refer to expectations of cloud computing), where reliability was ranked as the second highest concern. Therefore, even though connectivity is generally considered to be reliable, it is still a major concern and thus a barrier to the adoption of cloud computing. One can therefore conclude that no less than very reliable connectivity is required to facilitate cloud adoption. D. Expectations of Cloud Computing The more obvious benefits of cloud computing such as scalability and speed of deployment were rated the highest expectations. 78% of respondents selected scalability (the ability to rapidly increase or shrink capacity of a service in line with demand). This is not possible in a traditional computing environment, where up-scaling triggers a procurement process and where negative scaling implies non-optimal usage of resources. This is therefore an admission that traditional IT environments do not scale well. 67% of respondents selected speed of deployment (how quickly a new service can be commissioned) and improved uptime. Both of these expectations are therefore indications that cloud computing allows for more rapid deployment of services and better reliability than in-house services. The assertion of better reliability is supported by Pieterse (2012:24) who found that reliability is part of the design fabric of the cloud, with an emphasis on disaster recovery and business continuity. Many of the operational benefits of cloud computing, such as less personnel (22%), cost savings (50%), improved corebusiness focus (50%) and improved security (39%), were not highly rated. This may be because the survey sample consisted of people mainly from a pure IT background and therefore less involved in improving overall business efficiency. E. Concerns Associated with Cloud Computing As a measure of risk aversion, respondents were presented with a list of possible concerns around cloud computing and asked to rate these on a Likert scale of 1 to 5, where 1 was not concerned and 5 was very concerned. The magnitude of each concern was then averaged across respondents to generate a ranked outcome of concerns. Table 1 shows the ranked concerns.

TABLE I. 1 2 3 4 5 6 7 8 9 10 11 12 13 14

RANKED CLOUD COMPUTING CONCERNS

Security concerns Reliability of data lines to provider Additional Internet bandwidth required Additional data lines required/upgrade Pricing is too high Regulatory, legal and compliance Performance concerns Integration with in-house applications Reliability of the cloud service Contractual lock-in to provider Loss of control of data and systems Solutions are still immature and evolving Geographic location of service Need to understand the technology better

median 4 3 4 3 4 3 3 4 4 4 3 3 3 2

mode 5 3 4 3 4 3 3 4 4 4 4 2 2 2

mean 3.71 3.71 3.65 3.65 3.53 3.47 3.35 3.19 3.18 3.13 3.00 2.82 2.82 2.71

The two greatest concerns (𝑥̅ = 3.71) being security concerns around the fact that data and access lies in the hands of a third party (solution provider), and the reliability of data lines to the solution provider. The median and mode results were used as the ultimate differentiators between the two questions in order to select the single greatest concern. Security concerns, with a median of 4 and a mode of 5, were therefore selected over reliability of data lines (with a median and mode of 3). The next two concerns were additional data lines required for cloud solutions and the additional internet bandwidth required (𝑥̅ = 3.65). A solution provider hosts cloud solutions, therefore the customer needs additional capacity on their physical data links to their offices as well as additional internet bandwidth to the solution provider. Both the median and the mode for these responses were the same, so there was no differentiator to rank the one above the other. These two questions received a high correlation coefficient score of 0.93, which implies the two are almost mutually inclusive of each other. Cronbach’s Alpha (α) was conducted to measure the internal consistency of the questions relating to concerns. According to Gwet (2012:242), this test was originally developed with the objective of measuring a specific construct such as risk aversion, extraversion or introversion. Thus, the question related to concerns about cloud computing is suitable for a Cronbach test because it sought to measure the risk aversion of the sample. The Cronbach α = 0.81. To conclude that the responses to the questions are internally consistent, the rule of thumb advocated in literature is that α is required to equal or exceed 0.70 (Nunnally, 1978 as cited by Gwet, 2012:245). Therefore, a score of 0.81 enables us to conclude that the responses to the questions were internally consistent. To investigate the relationship between the concerns, the Pearson correlation coefficients (r) between the questions were calculated and are presented in Table 2. Because repeatability is an indication of reliability, the calculation was repeated about the axis and the results proved to be completely bidirectional as expected. Significant correlations with a correlation coefficient more than 0.7 were then highlighted. These were (1) Security concerns and contractual lock-in to provider; (2) Additional data lines and additional bandwidth

5 0.41 0.25 0.43 0.43 1.00 0.55 0.50 0.60 0.19 0.05 0.52 0.28 0.66 0.14

8 9 10 11 1 0.36 -0.07 -0.12 0.55 2 0.14 -0.42 -0.35 0.24 3 -0.02 0.07 0.01 0.18 4 0.50 0.58 0.18 0.71* 5 0.60 0.19 0.05 0.52 6 0.56 0.36 0.20 0.35 7 0.21 0.40 0.43 -0.20 8 0.32 0.15 0.38 1.00 9 0.32 -0.10 1.00 0.94* 10 0.15 -0.20 0.94* 1.00 11 0.38 -0.10 -0.20 1.00 12 0.30 -0.04 0.02 0.55 13 0.60 -0.15 -0.20 0.59 14 0.09 -0.08 0.01 0.30 *Significant correlations with r > 0.7

12 0.46 0.44 -0.03 0.07 0.28 0.16 -0.07 0.30 -0.04 0.02 0.55 1.00 0.66 0.64

6 0.40 0.12 0.28 0.42 0.55 1.00 0.19 0.56 0.36 0.20 0.35 0.16 0.30 0.27 13 0.73* 0.45 -0.08 0.26 0.66 0.30 0.12 0.60 -0.15 -0.20 0.59 0.66 1.00 0.27

7 -0.04 0.21 0.32 0.45 0.50 0.19 1.00 0.21 0.40 0.43 -0.20 -0.07 0.12 -0.31 14 0.21 0.23 -0.19 -0.19 0.14 0.27 -0.31 0.09 -0.08 0.01 0.30 0.64 0.27 1.00

Where: 1 = Security concerns; 2 = Regulatory, legal and compliance; 3 = Integration with in-house apps; 4 = Reliability of data lines to provider; 5 = Reliability of the cloud service; 6 = Performance concerns; 7 = Geographic location of service; 8 = Pricing is too high; 9 = Additional data lines required; 10 = Additional internet bandwidth; 11 = Loss of control; 12 = Solutions are still immature; 13 = Contractual lock-in to provider; 14 = Need to understand it better.

F. Cloud Computing Strategy Respondents were asked whether they had a strategy for implementing cloud computing in their organisation. 47% respondents indicated that they did not have a strategy for implementing cloud computing in their organisation. As cloud computing has been identified as a critical IT trend (David & Claunch, 2012:1), only 53% who have a cloud computing strategy could be regarding as concerning. G. Levels of adoption of SaaS, IaaS and PaaS One of the key research questions sought to discover the current extent of cloud computing adoption in South Africa and the probable future state of the cloud computing landscape in South Africa. The questions presented a range of cloud computing solutions, categorised into the three main categories of cloud computing solutions, namely Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

TABLE III.

Email Email archiving / Compliance Backup Office Applications Collaboration Tools HR Payroll Finance/ Accounting CRM ERP Supply Chain Management Buisness Intelligence Web Content Filtering Hosted PABX

SOFTWARE AS A SERVICE ADOPTION

Not Considering

1 2 3 4 1 0.43 -0.19 0.42 1.00 2 0.43 0.09 -0.25 1.00 3 -0.19 0.09 -0.05 1.00 4 0.42 -0.25 -0.05 1.00 5 0.41 0.25 0.43 0.43 6 0.40 0.12 0.28 0.42 7 -0.04 0.21 0.32 0.45 8 0.36 0.14 -0.02 0.50 9 -0.07 -0.42 0.07 0.71* 10 -0.12 -0.35 0.01 0.58 11 0.55 0.24 0.18 0.18 12 0.46 0.44 -0.03 0.07 13 0.45 -0.08 0.26 0.73* 14 0.21 0.23 -0.19 -0.19 *Significant correlations with r > 0.7

Considering Implementing

RESULTS OF PEARSON CORRELATION COFFICENTS (r) BETWEEN CONCERNS

Partially Implemented

TABLE II.

1) Levels of adoption of SaaS Table 3 indicates which SaaS solutions have been implemented company-wide and partially, and which are being considered for implementation. The type of solutions that have been implemented can be found by aggregating the partially implemented and implemented company-wide responses. This essentially shows the current industry penetration. The solutions that are being considered for implementation and to what degree could be indicative of the probable future state.

Implemented Company-wide

required; and (3) Additional data lines and the reliability of data lines.

18.75%

25.00%

25.00%

31.25%

43.75%

19.00%

19.00%

18.75%

18.75% 12.50% 18.75% 12.50% 12.50% 13.33% 12.50% 12.50% 6.67% 6.25% 18.75% 12.50%

19.00% 19.00% 31.00% 6.00% 0.00% 0.00% 13.00% 6.00% 7.00% 6.00% 13.00% 6.00%

13.00% 19.00% 25.00% 19.00% 6.00% 7.00% 38.00% 25.00% 13.00% 13.00% 25.00% 19.00%

50.00% 50.00% 25.00% 62.50% 81.25% 80.00% 37.50% 56.25% 73.33% 75.00% 43.75% 62.50%

The SaaS solutions being considered by companies are an indicator of interest and therefore a predictor of which solutions are likely to be adopted and at what rate (the greater the percentage). The cumulative responses for partially implemented, implemented company-wide and being considered solutions show the total momentum behind a solution and the possible future state of the SaaS landscape. Table 4 ranks the solutions according to industry penetration to establish their current states and predicted futures thus representing the possible future landscape of SaaS solutions in South Africa. Email archiving is the most dominant SaaS cloud solution implemented at 62.5% current penetration and a predicted 81.25% future penetration. This is because in South Africa there are a multitude of laws that require email archiving for periods of between three and 10 years (Gill, 2009). Email archiving is also a relatively simple and transparent solution to implement, requiring a small configuration change to redirect the mail delivery destination to the cloud service provider to intercept and archive the emails. The greatest gainer in the future rankings of cloud solutions is predicted to be customer relationship management (CRM). CRM gained three places from the current rankings to the future predicted rankings. CRM is one of the first and thus most mature cloud technologies. Cloud CRM providers like SalesForce.com are considered one of the pioneers of cloud services and have been evolving their solution over the past 13

75.00%

Email Customer relationship management (CRM)

68.75%

31.25%

Web content filtering

56.25%

31.25%

Backup

50.00%

25.00%

Office applications

50.00%

18.75%

Enterprise resource planning (ERP)

43.75%

18.75%

HR

37.50%

37.50%

18.75%

62.50%

Hosted PABX Supply chain management

37.50%

13.33%

Business intelligence

25.00%

Payroll

12.50%

Finance / accounting

20.00%

Business intelligence

12.50%

Payroll

18.75%

13.34%

26.67%

The three most unpopular SaaS solutions in both the current and future SaaS landscape were (1) business intelligence, (2) finance / accounting, and (3) payroll. The lack of popularity of finance and payroll cloud solutions is understandable given the fact that finance and payroll functions contain sensitive company and personnel data, and that security concerns were the highest ranked concern. Business intelligence (BI) in the cloud is an emerging cloud solution. BI also has some practical challenges in moving to the cloud, most notably the large amounts of data that need to be passed into the cloud as well as the integration difficulties with internal systems. Although BI is not explicitly shown on the Gartner Cloud Computing Hype Cycle (Smith, 2011:5), some elements of BI are. These include Big-data and Extreme Information, which are still in the early technology trigger phase. The relative newness of this type of cloud solution and the practical difficulties it faces explains its unpopularity. 2) Levels of adoption of IaaS Table 5 shows that IaaS has very low levels of current adoption – less than 30% of all respondents indicated they had one or more IaaS solution implemented. However, the future predicted state, derived from the interest in the various solutions shows significant growth potential. The leading

TABLE V.

INFRASTRUCTURE AS A SERVICE ADOPTION

Not Considering

Enterprise resource planning (ERP) Hosted PABX Supply chain management Finance / accounting

Collaboration tools

43.75%

Virtual Machines / Servers

18.75%

0.00%

37.50%

43.75%

Storage

25.00%

0.00%

18.75%

56.25%

25.00%

6.00%

43.75%

25.00%

25.00%

0.00%

25.00%

50.00%

Disaster Recovery Environment Application Testing Environment

3) Levels of adoption of PaaS PaaS solutions showed low levels of current adoption. PaaS solutions also showed very low future adoption levels, with only website hosting exceeding 50% future adoption levels. Table 6 illustrates the low level of current adoption and future prospects. These results are validated by the Gartner Cloud Computing Hype Cycle (Smith, 2011:5), which shows that PaaS has only just exited the technology trigger phase and entered the peak of inflated expectations. This means that PaaS solutions are not yet mature and need to prove that they can deliver on business requirements and expectations. TABLE VI.

PLATFORM AS A SERVICE ADOPTION

Not Considering

HR

50.00%

Considering Implementing

Office applications Web content filtering Customer relationship management (CRM)

Email archiving

Future industry penetration 81.25%

Considering Implementing

Backup

Future popularity

Partially Implemented

Email archiving Collaboration tools Email

Current industry penetration 62.50%

Database Hosting

15.38%

15.38%

0.00%

69.23%

Website Hosting

21.43%

21.43%

14.00%

42.86%

Application Development

14.29%

7.14%

29.00%

50.00%

Integration Services

10.00%

0.00%

40.00%

50.00%

Partially Implemented

Current popularity

CURRENT AND FUTURE RANKING OF SAAS SOLUTIONS

The low levels of adoption can also be explained by the fact that 94% of all respondents indicated that they had already invested in a virtualisation environment – in essence this is a form of IaaS but provisioned in-house. The existing investments in internal platforms will therefore act as barrier to IaaS adoption in the short to medium term. According to the Gartner Cloud Computing Hype Cycle (Smith, 2011:5), virtualisation is on the plateau of productivity, which implies that it is optimally delivering on business needs according to expectations. Thus, there is no urgency to switch from an internally provisioned platform to an externally provisioned platform.

Implemented Companywide

TABLE IV.

future solution is the disaster recovery solution / platform. This implies that companies wish to make use of IaaS as a backup environment to their primary environment (infrastructure).

Implemented Companywide

years. According to the Gartner Cloud Computing Hype Cycle (Smith, 2011:5), CRM (referred to as sales force automation) is the third most mature cloud solution and is approaching its plateau of productivity. This validates its popularity as found by this study.

V.

CONCLUSIONS

VI.

The survey results show that SaaS adoption is significantly further ahead of IaaS and PaaS solutions. This is in line with the Gartner Cloud Computing Hype Cycle (Smith, 2011:5), which shows SaaS taking the lead, followed by IaaS and PaaS. The hype cycle shows SaaS in the plateau of productivity while IaaS is on the peak of inflated expectations approaching the trough of disillusionment. PaaS is further behind, having just entered the peak of inflated expectation. The predicted future landscape of SaaS shows a shift in relative market penetration in the mid-segment – the top three most popular cloud solutions remain the same (1) Email archiving, (2) Collaboration tools, and (3) Email. However (1) Customer relationship management, (2) Web content filtering, and (3) Enterprise resource planning are gaining in popularity. In addition, there is a decline in relative market penetration for (1) Backup, (2) Office applications, (3) Human resources, and (4) Finance / accounting. The three lowest ranked SaaS solutions in both the current and future SaaS landscape were (1) Business intelligence, (2) Finance / accounting, and (3) Payroll. IaaS and PaaS solutions showed very low levels of current adoption, indicating considerable caution should be taken in adopting these classes of cloud solutions. However, in the predicted future landscape, disaster recovery environments (IaaS) and website hosting (PaaS) have the greatest future potential.

RECOMMENDATIONS

The primary objective of this research was to develop a framework for assessing and implementing cloud computing solutions in South Africa. This framework is aimed at IT executives, IT managers and operations executives for implementation in their organisations. The framework that follows was formulated based on the findings of the study combined with the literature review conducted. The framework is laid out in logical steps and is illustrated in Figure 1 below. This figure illustrates the framework as analogous to a house: 

The roof provides the protection from the ‘elements’: regulatory, legal and compliance risk management;



The foundation provides the strength of the house and is analogous to the organisation’s connectivity to the cloud solution provider;



The fittings are the chosen cloud services suitable for the organisation’s needs; and



The bricks are the configuration of bandwidth, capacity, security and reliability service levels that can be arranged in a manner suitable to the organisation.

Other key findings from the data analysis were: 

WAN connectivity expensive.



WAN connectivity was generally considered reliable. However, this was contradicted by the fact that reliability of data lines was the second biggest concern about cloud computing. Therefore, the conclusion is that no less than very reliable connectivity is required for cloud adoption.



The following concerns were strongly correlated (coefficient > 0.7): (1) Security concerns and contractual lock-in to provider; (2) Additional data lines and internet required; and (3) Additional data lines and the reliability of data lines.

was

generally

considered



The three biggest expectations from cloud computing were scalability, speed of deployment and improved uptime.



Only half of respondents said that their companies had a cloud computing strategy (53%). Analysis of the description of these strategies showed a cautious approach to cloud computing.

The next and final section relates the aforementioned to the literature and makes recommendations for South African IT managers for implementing cloud computing in their organisations.

Fig. 1. The ‘cloud house’ framework – a framework for implementing cloud solutions

The steps to implementing the framework are cyclical (intended to be repeated) and are detailed below. The idea is to constantly repeat the cycle to improve the maturity of an organisation’s cloud computing strategy from one cycle to the next. A. Step 1: Assessing cloud readiness Organisations need to determine their overall readiness for cloud computing. It was determined that a cautious approach is the most common approach to implementing a cloud computing strategy. It is recommended that assessing cloud readiness should be conducted on two levels: organisational ownership and capability and maturity.

Morgenthal (2012) suggests the following key questions should be answered before implementing cloud computing within an organisation: 

Who is the primary stakeholder for cloud computing?



What is the expected goal for adopting cloud computing?



What types of services will we be providing through our cloud computing offering?



Who are the primary consumers for our cloud computing services?

Answering the above questions will allow for a clear understanding of ownership, stakeholders and purpose. The organisation then needs to understand where they currently are with their cloud computing strategy. According to Oracle Corporation (2011), maturity in the software industry is frequently assessed using the Capability Maturity Model (CMM). Thus, the maturity of an organisation’s cloud computing strategy can be measured against the six defined CMM maturity levels: none, ad hoc, opportunistic, systematic, managed and optimised. An objective for the organisation should be that each subsequent cycle of implementation would result in an iterative improvement in maturity level. In the context of cloud computing, these levels of maturity can be explained as follows: 

None – At this level there is no understanding of cloud computing or intent to implement it within the organisation.



Ad-hoc – At this level there is basic awareness of cloud computing within the organisation, but there is no cloud computing strategy.



Opportunistic – Cloud computing is being opportunistically applied within the organisation. This strategy or plan may be basic and informal.



Systematic – At this level there is a formal, documented strategic approach to implementing cloud computing within the organisation. This has been reviewed and ratified by the various stakeholders.



Managed – At this level the cloud computing strategy is being managed and monitored through a governance structure.



Optimised – Quantitative metrics are used for incremental improvement.

Once ownership, stakeholders, purpose and strategic maturity are established, the organisation can move on to the selection of the cloud services and providers, which will form part of the strategic implementation. B. Step 1: Initial selection of appropriate cloud computing solutions A cautious approach to selection of cloud computing solutions would be for the organisation to select solutions that are currently popular and well established, and not necessarily

business critical – for example, email archiving, collaboration tools and email should be minimally disruptive to implement and there are a wide range of solution vendors from which to choose. Collaboration tools are by their nature interactive and can help build enthusiasm for cloud services. Another approach could be to identify existing weaknesses in internally deployed systems – i.e., opportunities that exist in the current business. For example, an existing internally provisioned system or service may be ageing and suffer from reliability issues. This should therefore be shortlisted for conversion to the cloud. A pilot approach is suggested for the first iteration of framework implementation. This approach is suggested where the solutions are tested with smaller groups within the organisation. C. Step 3: Address the most critical concerns around cloud computing For the first iteration of the framework implementation, organisations need to focus on addressing the major concerns around cloud computing as identified by this research. Subsequent iterations can focus on the other concerns, as listed in section 4.8, or any additional issues that may arise during implementation. The key concerns as identified by this research are: The reliability of data lines to provider – It is recommended that the organisation use fibre or diginet connectivity as the primary form of connectivity from the offices utilising the cloud services. This connectivity is available through service-level agreements (SLAs) from the service provider. It is essential that these SLAs be in place. Fibre connectivity is preferred over diginet as fibre line capacity can be substantially and rapidly upgraded as and when required. Figure 5.1 illustrates that the connectivity component is the foundation to any cloud computing strategy. Security concerns – Implementing cloud solutions requires a mindset change from IT managers in that data is no longer stored under the direct control of the organisation but is entrusted to the cloud service provider. Organisations should ensure that these cloud service providers have provided sufficient evidence of their ability to protect the organisation’s information assets. Such evidence is often supplemented by annual audit reports from neutral third parties and ISO certifications for data access. Additional data lines and bandwidth – The additional data lines and bandwidth required needs to be accurately estimated. This is highly dependent on the cloud service that is being implemented. All cloud providers should be able to provide estimates of the bandwidth required. These estimates are usually provided on a per-user basis and can therefore be linearly extrapolated on a multiplicative basis of the user’s estimated usage. The following formula can be used to estimate the additional bandwidth required for a cloud solution (formula adapted from Di Nardo, 2008) 𝐵𝑎𝑛𝑑𝑤𝑖𝑡ℎ 𝑟𝑒𝑞𝑢𝑖𝑟𝑒𝑑 =

𝑁𝑜. 𝑜𝑓 𝑢𝑠𝑒𝑟𝑠 × 𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑒𝑑 𝑢𝑠𝑎𝑔𝑒 𝑝𝑒𝑟 𝑑𝑎𝑦 𝐷𝑢𝑟𝑎𝑡𝑖𝑜𝑛 𝑜𝑓 𝑜𝑝𝑒𝑟𝑎𝑡𝑖𝑜𝑛

Where: Bandwidth required –in kilobits per second. Number of users – how many users the solution will be servicing. Duration of operation – in seconds. This is the average amount of time per day the users will be using the system. Estimated usage per day – how much data each user is expected to upload or download. A completed example for 200 users using a cloud email service and each sending 20MB worth of email per day for eight working hours would be: 200 𝑢𝑠𝑒𝑟𝑠 × 20𝑀𝐵 𝑝𝑒𝑟 𝑢𝑠𝑒𝑟 𝐵𝑎𝑛𝑑𝑤𝑖𝑡ℎ 𝑟𝑒𝑞𝑢𝑖𝑟𝑒𝑑 = 8 ℎ𝑜𝑢𝑟𝑠 × 3,600 𝑠𝑒𝑐𝑜𝑛𝑑𝑠 𝑝𝑒𝑟 ℎ𝑜𝑢𝑟 200 × 20 × 1024 × 8 = 28,800 𝑠𝑒𝑐𝑜𝑛𝑑𝑠 = 1,138𝑘𝑏𝑝𝑠

Therefore, in the above example, the organisation needs to provision an additional 1,138kbps of capacity on their data lines. D. Step 4: Address legal and contractual issues In the survey findings, regulatory, legal and compliance concerns only ranked 6th in the rankings of concerns (refer to Figure 4.8) and contractual lock-in to provider ranked 10th. Although legal and contractual issues were ranked low in the list of concerns, these are critical issues and are therefore a factor in ensuring the success of cloud implementation. This view is supported by the Cloud Security Alliance (2009:35) and Winkler (2011). Winker (2011) recommends that the following key contractual issues be addressed: 



Initial due diligence – selecting a service, a reputable supplier and deciding on the legal and regulatory parameters required by your business. The Cloud Security Alliance (2009:36) emphasises the importance of this, stating that “knowing where the cloud service provider will host the data is a prerequisite to implementing the required measures to ensure compliance with local laws that restrict the crossborder flow of data”. Contract negotiation, termination and supplier transfer – the ability to select another supplier or terminate the agreement. Once the contractual relationship has terminated for any natural or unnatural reason, the ownership and transference of the data needs to be clearly defined.

E. Step 5: Evaluate success of implementation Success will be determined by establishing if the solutions implemented met the business requirements with the degree of reliability expected. There are also financial metrics that can be used to evaluate success such as Return on Investment (ROI) and Total Cost of Ownership (TCO). Using ROI and TCO should be seen as a supplementary measure of success as these models are primarily focused on

the traditional upfront capital expenditure costs of equipment and labour. The strength of these measures as applied to cloud computing is questioned by Gracely (2011) and Mitchell (2010), who argue that value creation and service delivery and increased productivity are benefits of cloud computing that are not taken into account by traditional financial models. Gracely (2011:1) suggests more elaborate measurements such total pace of innovation – which is an organisational measure of how quickly ideas get to market. Ultimately the measured degree of success will determine the amount of momentum carried into the next iteration of the implementation cycle. VII. LIMITATIONS OF STUDY AND DIRECTIONS FOR FUTURE RESEACH The first limitation of the study is the response rate and industry sectors not present in this study. The response rate of 12.85% is considered low and, although this was justified in section III B, a higher response rate would improve confidence in the findings. The survey sample was inclusive of all major industry sectors on the Johannesburg Stock Exchange; however, the industry distribution of the actual responses was limited to nine sectors. The missing sectors were: retail, transport, construction and mining. Different industry sectors may have different IT and business requirements, so caution should be taken in applying these research findings to the industry sectors absent from the result set. The second limitation is the uncertainty in the future cloud computing landscape. In the study participants were asked to indicate which cloud solutions they were considering. This question was designed to ascertain the interest in and probable future adoption of these solutions. This helped sketch the future predicted landscape of cloud computing. A limitation of this is that the additional aspects of degree of certainty and timeline were not requested. Therefore, the timeline of implementation of these solutions is indeterminate, as is the degree of certainty with respect to implementation. Thus, in order to improve the certainty in the future predicted cloud computing landscape, future research should introduce timeline and certainty dimensions. Thirdly, the responses to the survey questions may have been influenced by a lack of the respondents’ subject matter knowledge in the area of cloud computing. The respondents’ level of knowledge should be gauged and explanations provided for the questions and terms used. More examples could be used to assist in explaining the various solutions presented to the sample. This study focused on cloud computing as in the South African context, and further studies could be expanded to include Africa and correlated with other international research on emerging economies. In addition, the study focused exclusively on cloud computing as applied to South African corporates. However, cloud computing can benefit other enterprises such as SMMEs (small to medium enterprises), government and educational institutions. Their needs and wants may be different to corporates surveyed in this research. For example, SMMEs may have a greater need for a cloud accounting system and have less fear around data security.

Future research should therefore expand the sample to include other enterprises and categorise the research findings by industry to determine industry differences and correlations. REFERENCES [1]

[2]

[3]

[4]

[5]

[6]

[7]

[8] [9]

[10]

[11]

[12]

[13]

[14] [15]

M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica and M. Zaharia. 2009. Above the Clouds: A Berkeley View of Cloud Computing. Technical Report No: UCB/EECS-2009-28. Available at: http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html [Accessed on 23 February 2012] K. Banks. 2009. “‘Inappropriate’ appropriate technology?”, Build it Kenny, and they will come [online]. Available at: http://www.kiwanja.net/blog/2009/11/inappropriate-appropriatetechnology/ [Accessed on 27 February 2012] CISCO Systems Incorporated. 2011. “Cisco Global Cloud Index: Forecast and Methodology, 2010–2015”, Whitepaper. Available at: http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns7 05/ns1175/Cloud_Index_White_Paper.html [Accessed on 23 February 2011] Cloud Security Alliance. 2009. Security Guidance For Critical Areas of Focus in Cloud Computing V2.1. The Cloud Security Alliance. Available at: https://cloudsecurityalliance.org/csaguide.pdf [Accessed on 28 February 2012] Cloud Security Alliance. 2010. Top Threats to Cloud Computing. Cloud Security Alliance. The Cloud Security Alliance. Available at: http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf [Accessed on 28 February 2012] A. Comninos. 2011. “Emerging Issues: Cloud Computing”, Southern African Internet Governance Forum. Issue Papers, No. 1 of 5. Available at: www.apc.org/en/system/files/1.CloudComputing.pdf [Accessed on 28 February 2012] Cloud Security Alliance. 2009. Security Guidance For Critical Areas of Focus in Cloud Computing, Version 2. Available at: www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf [Accessed on 23 February 2012] C. David and C. Claunch. 2012. The Top 10 Technology Trends for 2012. Gartner Incroporated. Document ID:G00230213 T. Di Nardo. 2008. White Paper: Outlook Anywhere Scalability with Outlook 2007, Outlook 2003, and Exchange 2007. Microsoft Technet [online]. Available at: http://technet.microsoft.com/enus/library/cc540453%28EXCHG.80%29.aspx [Accessed on 13 November 2012]. S. Fricker, M. Galesic, R. Tourangeau and T. Yan. 2005. An Experimental Comparison of Web and Telephone Surveys. Public Opinion Quarterly, Vol 69, No 3, 2005, pages 30-392. Gartner. 2011. Interpreting Technology Hype. Gartner Incorporated. Available at: http://www.gartner.com/technology/research/methodologies/hypecycle.jsp [Accessed on 3 November 2012] Gartner Corporation. 2012. “Cloud Computing”. Gartner Corporation [online]. Available at: http://www.gartner.com/it-glossary/cloud-computing/ [Accessed on 14 November 2012] F. Gens. 2009. “Defining “Cloud Services” – an IDC update”, International Data Corporation (IDC) [online]. Available at: http://blogs.idc.com/ie/?p=422 [accessed on 1 May 2012] L. Gwet. 2012. Handbook of Inter-Rater Reliability. Third Edition. Advanced Analytics, LLC. ISBN 978-0-9708062-7-7 B. Gracely. 2011. “How do you measure your cloud computing strategy?” CISCO Blog [online]. Available at: http://blogs.cisco.com/datacenter/how-do-you-measure-your-cloudcomputing-strategy/. [Accessed on 14 November 2012]

[16] H. Katzan. 2009. Cloud Software Service: Concepts, Technology, Economics, Service Science, page 256-269. Available at: http://www.sersci.com/ServiceScience/upload/12567381160.pdf http://www.sersci.com/ServiceScience/upload/12567381160.pdf [17] W. Khuzwayo. 2011. “JSE reviews results of all listed firms”, Business Report [online]. Available at: http://www.iol.co.za/business/businessnews/jse-reviews-results-of-all-listed-firms-1.1027691 (accessed on 3 May 2012). [18] N. Kshetri. 2010. Cloud Computing in Developing Economies. IEEE Computer, 43(10):47-55. [19] A. Laverty. 2011. The Cloud and Africa – Indicators for Growth of Cloud Computing, The African File [online]. Available at: http://theafricanfile.com/academics/usc/the-cloud-and-africa-indicatorsfor-growth-of-cloud-computing/ http://theafricanfile.com/academics/usc/the-cloud-and-africa-indicatorsfor-growth-of-cloud-computing/ [20] C. Low and Y. Chen. 2011. Understanding the determinants of cloud computing adoption, Industrial Management & Data Systems, Vol. 111 No. 7, 2011, pages. 1006-1023. [21] P. Mell and T. Grance. 2011. “The NIST definition of Cloud Computing, Special Publication, 800-145”. National Institute of Science and Technology. Available at: http://www.mendeley.com/research/thenist-definition-about-cloud-computing/ [Accessed on 1 March 2012] [22] C. Miller. 2011. “Amazon Cloud Failure Takes Down Web Sites”, New York Times [online]. Available at: http://bits.blogs.nytimes.com/2011/04/21/amazon-cloud-failure-takesdown-web-sites/ [Accessed 29 February 2012]. [23] R. Mitchell. 2010. “ROI fading fast as a measure of IT success”. Computer World [online] Available at: http://blogs.computerworld.com/17176/gartner_roi_fading_fast_as_mea sure_of_it_success [Accessed on: 14 November 2012]. [24] A. Mohamed. 2008. “A history of cloud computing”. Computer Weekly [online] Available at: http://www.computerweekly.com/feature/A-history-of-cloud-computing [Accessed on 14 November 2012] [25] J.P. Morgenthal. 2012. An Implementer’s View of Cloud Computing Readiness Assessments. http://www.infoq.com/articles/Cloud_Computing_Readiness_Assessme nts_Insights [26] B. Munch. 2011. Your Data Center Network is Heading for Traffic Chaos. Gartner, ID Number: G00210674. [27] J. Newman. 2012. “Gmail Bug Deletes E-Mails for 150,000 Users”, PCWorld [online]. Available at: http://www.pcworld.com/article/220886/gmail_bug_deletes_emails_for_ 150000_users.html [Accessed on 29 February 2012]. [28] J.C. Nunnally. 1978. Psychometric theory (2nd ed.). New York: McGraw-Hill. [29] Oracle, 2011. Cloud Computing Maturity Model -Guiding Success with Cloud Capabilities. Oracle Corporation White Paper. Available at: http://www.oracle.com/technetwork/topics/entarch/oracle-wp-cloudmaturity-model-r3-0-1434934.pdf [Accessed on 13 November 2012] [30] I. Pieterse. 2012. Examining the Public Cloud. iWeek Magazine, IT Web. 19 September 2012. Page 24 [31] M. Ryan. 2011. Cloud Computing Privacy Concerns on Our Doorstep, Communications of the ACM, Vol. 54 No. 1, Pages 36-38, 10.1145/1866739.1866751. [32] S. Sivo, C. Saunders, Q. Chang and J. Jiang. 2006. How Low Should You Go? Low Response Rates and the Validity of Inference in IS Questionnaire Research. Journal of the Association for Information Systems Vol. 7 No. 6, pp. 351-414/June 2006 [33] M. Schonlau, R. Fricker and M. Elliott. 2002. Conducting Research Surveys via E-mail and the Web. RAND Corporation. ISBN: 0-83303110-4 [34] J. Skorupa and M. Fabbi. 2008. “You Can't Do Cloud Computing Without the Right Cloud (Network)”, Gartner Incorporated. Document ID:G00158513.

[35] D. Smith. 2011. Hype Cycle for Cloud Computing, 2011. Gartner Incorporated. Document ID: G00214915 [36] D. Smith and Natis. 2011. “Predicts 2012: Cloud Computing Is Becoming a Reality”, Gartner Incorporated. Document ID:G00226103 [37] K. Van Wyk. 2008. “Cloud Computing in Africa”, e4Africa [online] available at http://www.e4africa.co.za/?p=106http://www.e4africa.co.za/?p=106

[38] N. Weinberg. 2011. Gartner: Private clouds are a last resort - Thorough analysis required to identify cloud computing benefits. Network World. http://www.networkworld.com/news/2011/101911-gartner-privatecloud-252151.html. . [39] V. Winkler. 2011. Cloud Computing: Legal and Regulatory Issues. Adapted from “Securing the Cloud: Cloud Computer Security Techniques and Tactics” (Syngress, an imprint of Elsevier, 2011). Microsoft Technet [online]. Available at: http://technet.microsoft.com/en-us/magazine/hh994647.aspx