A contingency lens on cloud provider management processes

Traditional ways of managing information technology (IT) service providers are no longer applicable as companies use more and more services provisioned in the cloud. Therefore, organizations are looking for new ways to manage their relationship with cloud providers. The shift from IT-as-a-product to IT-as-a-service puts clients in a continued dependency on cloud service providers (CSPs), making provider management a critical factor for companies’ success. In this paper, we (1) identify cloud-specific challenges in managing CSPs, (2) develop a corresponding process framework for CSP management, and (3) discuss and extend this framework. Our final cloud management framework comprises ten processes for effective CSP management based on a literature study and twelve expert interviews. Furthermore, we unpack three major contingency factors, i.e., client–provider ratio, specificity, and service delivery model, which influence the reasonability and configuration of the cloud management processes. Drawing on two specific cases from our interview study, we explicate the contingency factors’ influence. Thus, our paper contributes to cloud sourcing research by deepening the understanding of client–provider relationships and by introducing a viable CSP management instrument contingent on three salient factors of cloud service provisioning.

[1]  Rosann Webb Collins,et al.  Coordinating the Relationship between IT Services Providers and Clients: The Case of Cloud Computing , 2010 .

[2]  Michael D. Myers,et al.  Client-Vendor Relationships in Cloud Computing: Lessons from IT Outsourcing , 2016, PACIS.

[3]  Romain Rouvoy,et al.  A Federated Multi-cloud PaaS Infrastructure , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[4]  M. Sagar,et al.  Factors Affecting Customer Loyalty in Cloud Computing: A Customer Defection-Centric View to Develop a Void-in-Customer Loyalty Amplification Model , 2013, Global Journal of Flexible Systems Management.

[5]  Ali Sunyaev,et al.  Determinant factors of cloud-sourcing decisions: reflecting on the IT outsourcing literature in the era of cloud computing , 2016, J. Inf. Technol..

[6]  Subhajyoti Bandyopadhyay,et al.  Cloud computing - The business perspective , 2011, Decis. Support Syst..

[7]  Maria R. Lee,et al.  A Cloud Deployment Approach for Consumer Support Systems , 2014, PACIS.

[8]  AnuarNor Badrul,et al.  Service delivery models of cloud computing , 2016 .

[9]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[10]  Johan Tordsson,et al.  Towards Secure Cloud Bursting, Brokerage and Aggregation , 2010, 2010 Eighth IEEE European Conference on Web Services.

[11]  Max Mühlhäuser,et al.  Towards a Trust Management System for Cloud Computing , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[12]  Paul Rodrigues,et al.  State-of-the-art cloud computing security taxonomies: a classification of security challenges in the present cloud computing environment , 2012, ICACCI '12.

[13]  Gerhard Satzger,et al.  Towards Multi-Sourcing Maturity: A Service Integration Capability Model , 2016, ICIS.

[14]  Will Venters,et al.  A critical review of cloud computing: researching desires and realities , 2012, J. Inf. Technol..

[15]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[16]  Patrick K. Wamuyu,et al.  Use of cloud computing services in micro and small enterprises: a fit perspective , 2022, International Journal of Information Systems and Project Management.

[17]  Mario A. Bochicchio,et al.  SLA composition in service networks: a tool for representing relationships between SLAs and contracts , 2015, SAC.

[18]  Uma G. Gupta,et al.  OUTSOURCING THE IS FUNCTION , 1992 .

[19]  H. Krcmar,et al.  Cloud Computing – Outsourcing 2.0 or a new Business Model for IT Provisioning? , 2011 .

[20]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[21]  Amrik S. Sohal,et al.  Success and failure in IT outsourcing by government agencies: two Australian case studies , 2008, Int. J. Bus. Inf. Syst..

[22]  Paul T. Jaeger,et al.  Identifying the security risks associated with governmental use of cloud computing , 2010, Gov. Inf. Q..

[23]  Robert Keller Analyse von Risikomanagementstrategien in Cloudnetzwerken – Was tun bei verknüpften, voneinander abhängigen Cloud Services? , 2016, HMD Praxis der Wirtschaftsinformatik.

[24]  Antonio Pescapè,et al.  Cloud monitoring: A survey , 2013, Comput. Networks.

[25]  Nils Urbach,et al.  How to Steer the IT Outsourcing Provider , 2012, Business & Information Systems Engineering.

[26]  Euripidis Loukis,et al.  Contractual and Relational Governance, ICT Skills and Organization Adaptations, and Cloud Computing Benefits , 2018, HICSS.

[27]  Ainuddin Wahid Abdul Wahab,et al.  Service delivery models of cloud computing: security issues and open challenges , 2016, Secur. Commun. Networks.

[28]  Dolly Kandpal Role of Service Brokers in Cloud Computing , 2013 .

[29]  Paul L Bannerman Cloud computing adoption risks: State of play , 2010 .

[30]  Wayne A. Jansen,et al.  Cloud Hooks: Security and Privacy Issues in Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[31]  Michel Avital,et al.  Designing interviews to generate rich data for information systems research , 2011, Inf. Organ..

[32]  Göran Goldkuhl,et al.  Pragmatism vs interpretivism in qualitative information systems research , 2012, Eur. J. Inf. Syst..

[33]  Tharam Dillon,et al.  Decision-making framework for user-based inter-cloud service migration , 2015, Electron. Commer. Res. Appl..

[34]  Frank Teuteberg,et al.  Managing the Cloud Procurement Process – Findings from a Case Study , 2015 .

[35]  Leslie P. Willcocks,et al.  IT outsourcing as strategic partnering: the case of the UK Inland Revenue , 1998, ECIS.

[36]  S Ramgovind,et al.  The management of security in Cloud computing , 2010, 2010 Information Security for South Africa.

[37]  Robert Keller,et al.  A Reference Model to Support Risk Identification in Cloud Networks , 2014, ICIS.

[38]  Shehnila Zardari,et al.  Cloud adoption: a goal-oriented requirements engineering approach , 2011, SECLOUD '11.

[39]  Petter Svärd,et al.  A General Approach to Service Deployment in Cloud Environments , 2012, 2012 Second International Conference on Cloud and Green Computing.

[40]  Nikolay Borissov,et al.  Cloud Computing – A Classification, Business Models, and Research Directions , 2009, Bus. Inf. Syst. Eng..

[41]  Cees T. A. M. de Laat,et al.  Intercloud Architecture Framework for Heterogeneous Multi-Provider Cloud based Infrastructure Services Provisioning , 2013, Int. J. Next Gener. Comput..

[42]  Khaled M. Khan,et al.  Establishing Trust in Cloud Computing , 2010, IT Professional.

[43]  Marijn Janssen,et al.  Transformation to Cloud Services Sourcing: Required IT Governance Capabilities , 2012, EAI Endorsed Trans. e Bus..

[44]  Andrew P. Martin,et al.  Breaking Down the Monarchy: Achieving Trustworthy and Open Cloud Ecosystem Governance with Separation-of-Powers , 2016, 2016 IEEE 9th International Conference on Cloud Computing (CLOUD).

[45]  Michael D. Myers,et al.  The qualitative interview in IS research: Examining the craft , 2007, Inf. Organ..

[46]  V VasilakosAthanasios,et al.  Security in cloud computing , 2015 .

[47]  Mary Lacity,et al.  Review of the empirical business services sourcing literature: an update and future directions , 2016, J. Inf. Technol..

[48]  Chinyao Low,et al.  Criteria for the Evaluation of a Cloud-Based Hospital Information System Outsourcing Provider , 2012, Journal of Medical Systems.

[49]  Mario A. Bochicchio,et al.  Does service composition suffice to define business contracts for IT services in networked organizations , 2013, MEDES.

[50]  Ronald Maier,et al.  Challenges in Cross-Organizational Security Management , 2012, 2012 45th Hawaii International Conference on System Sciences.

[51]  Daniel Schlagwein,et al.  Married for Life? A Cloud Computing Client-Provider Relationship continuance Model , 2014, ECIS.

[52]  Ana Cristina Oliveira,et al.  From the dark net to the cloudy data - Cloud network governance guidelines , 2015, 2015 34th International Conference of the Chilean Computer Science Society (SCCC).

[53]  Chiang Ku Fan,et al.  Risk Management Strategies for the Use of Cloud Computing , 2012 .

[54]  Kwang-Kyu Seo,et al.  A Framework of Performance Measurement of Cloud Service Infrastructure System for Service Delivery , 2014 .

[55]  Timothy J. Calloway,et al.  Cloud Computing, Clickwrap Agreements, and Limitation on Liability Clauses: A Perfect Storm? , 2012 .

[56]  Frank Teuteberg,et al.  Towards a Reference Model for Risk and Compliance Management of IT Services in a Cloud Computing Environment , 2011 .

[57]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..

[58]  Florian Kerschbaum,et al.  Secure and Sustainable Benchmarking in Clouds , 2011, Bus. Inf. Syst. Eng..

[59]  Gary Garrison,et al.  Success factors for deploying cloud computing , 2012, CACM.

[60]  P. Mayring Qualitative content analysis: theoretical foundation, basic procedures and software solution , 2014 .

[61]  B. S. Buchowicz,et al.  A process model of make-vs.-buy decision-making. The case of manufacturing software , 1991 .

[62]  Sasko Ristov,et al.  Business Continuity Challenges in Cloud Computing , 2011 .

[63]  Shangguang Wang,et al.  Towards an accurate evaluation of quality of cloud service in service-oriented cloud computing , 2014, J. Intell. Manuf..

[64]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[65]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[66]  Will Venters,et al.  Cloud Sourcing: Implications for Managing the IT Function , 2012, Global Sourcing Workshop.

[67]  Saonee Sarker,et al.  The Role and Value of a Cloud Service Partner , 2016, MIS Q. Executive.

[68]  S. Sarkar,et al.  Cloud Based Next Generation Service and Key Challenges , 2012, 2012 Third International Conference on Services in Emerging Markets.

[69]  Lakshmanan,et al.  Overview of Cloud Standards , 2010, Cloud Computing.

[70]  Jonas Repschläger,et al.  Cloud Requirement Framework: Requirements and Evaluation Criteria to Adopt Cloud solutions , 2012, ECIS.

[71]  Mary Lacity,et al.  Cloud Services Practices for Small and Medium-Sized Enterprises , 2014, MIS Q. Executive.

[72]  R. Heckman,et al.  Organizing and managing supplier relationships in information technology procurement , 1999 .

[73]  Yi Chen,et al.  A Game Theoretic Approach to Service Discovery and Selection , 2013, 2013 IEEE International Conference on Systems, Man, and Cybernetics.

[74]  Henrique Santos,et al.  What is Missing for Trust in the Cloud Computing? , 2016, CPR.

[75]  James Bret Michael,et al.  Cloud to cloud interoperability , 2011, 2011 6th International Conference on System of Systems Engineering.

[76]  Mahdi Fahmideh,et al.  A generic cloud migration process model , 2018, Eur. J. Inf. Syst..

[77]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[78]  Leslie P. Willcocks,et al.  ITsourcing reflections Lessons for customers and suppliers WI – Schwerpunktaufsatz , 2012 .

[79]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[80]  Leslie P. Willcocks,et al.  Exploring information technology outsourcing relationships: theory and practice , 2000, J. Strateg. Inf. Syst..

[81]  Lamine Mahdjoubi,et al.  Challenges to BIM-Cloud Integration: Implication of Security Issues on Secure Collaboration , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[82]  Richard T. Watson,et al.  Analyzing the Past to Prepare for the Future: Writing a Literature Review , 2002, MIS Q..

[83]  B. Glaser Basics of Grounded Theory Analysis: Emergence Vs. Forcing , 1992 .

[84]  Beniamino Di Martino,et al.  Cloud Computing: Security, Privacy and Practice , 2015, Future Gener. Comput. Syst..

[85]  D. Dalli,et al.  Theory of value co-creation: a systematic literature review , 2014 .

[86]  Asaf Varol,et al.  QoS Parameters for Viable SLA in Cloud , 2020, 2020 8th International Symposium on Digital Forensics and Security (ISDFS).

[87]  Feng Tian,et al.  Critical review of vendor lock-in and its impact on adoption of cloud computing , 2014, International Conference on Information Society (i-Society 2014).

[88]  A. Ravi Ravindran,et al.  Vendor selection in outsourcing , 2007, Comput. Oper. Res..

[89]  Tom Kirkham,et al.  Assuring Data Privacy in Cloud Transformations , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[90]  Feng Tian,et al.  Critical analysis of vendor lock-in and its impact on cloud computing migration: a business perspective , 2016, Journal of Cloud Computing.

[91]  Lukas Häfner,et al.  Scheduling Flexible Demand in Cloud Computing Spot Markets , 2019, Business & Information Systems Engineering.

[92]  Robert W. Zmud,et al.  Arrangements for Information Technology Governance: A Theory of Multiple Contingencies , 1999, MIS Q..

[93]  Peter Weill,et al.  An Assessment of the Contingency Theory of Management Information Systems , 1989, J. Manag. Inf. Syst..

[94]  J. Barthélemy The Hidden Costs of IT Outsourcing , 2001 .

[95]  Xiaodong Liu,et al.  Benefits management of cloud computing investments. , 2014 .

[96]  Elizabeth Chang,et al.  Formulating and managing viable SLAs in cloud computing from a small to medium service provider's viewpoint: A state-of-the-art review , 2017, Inf. Syst..

[97]  Xuejie Zhang,et al.  Information Security Risk Management Framework for the Cloud Computing Environments , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[98]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[99]  Subhankar Dhar,et al.  From outsourcing to Cloud computing: Evolution of IT services , 2011, First International Technology Management Conference.

[100]  Haralambos Mouratidis,et al.  A framework to support selection of cloud providers based on security and privacy requirements , 2013, J. Syst. Softw..

[101]  D. Lambert,et al.  Supplier relationship management as a macro business process , 2012 .

[102]  R. Hirschheim,et al.  Information systems outsourcing : myths, metaphors, and realities , 1993 .

[103]  Ron Chi-Wai Kwok,et al.  IT outsourcing evolution---: past, present, and future , 2003, CACM.

[104]  Jonas Hedman,et al.  How a Software Vendor Weathered the Stormy Journey to the Cloud , 2019, MIS Q. Executive.

[105]  Sen Liu,et al.  Decision making for the selection of cloud vendor: An improved approach under group decision-making with integrated weights and objective/subjective attributes , 2016, Expert Syst. Appl..

[106]  Pankaj Goyal,et al.  Enterprise Usability of Cloud Computing Environments: Issues and Challenges , 2010, 2010 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises.

[107]  Mayuram S. Krishnan,et al.  Cloud Computing Adoption and its Implications for CIO Strategic Focus - An Empirical Analysis , 2012, ICIS.

[108]  Björn Niehaves,et al.  Standing on the Shoulders of Giants: Challenges and Recommendations of Literature Search in Information Systems Research , 2015, Commun. Assoc. Inf. Syst..

[109]  Andrés Marín López,et al.  FRiCS: A Framework for Risk-driven Cloud Selection , 2018, MPS@CCS.

[110]  G. Karagiannis,et al.  Taxonomy of cloud computing services , 2010, 2010 IEEE Globecom Workshops.

[111]  Joseph Vithayathil,et al.  Will cloud computing make the Information Technology (IT) department obsolete? , 2018, Inf. Syst. J..

[112]  Lech J. Janczewski,et al.  Governance Life Cycle Framework for Managing Security in Public Cloud: From User Perspective , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[113]  Sun Wook Kim,et al.  Cloud SLA relationships in multi-cloud environment: models and practices , 2017, ICCMS '17.

[114]  K. Chandra Sekaran,et al.  Monitoring and Management of Service Level Agreements in Cloud Computing , 2015, 2015 International Conference on Cloud and Autonomic Computing.

[115]  Alexander Benlian,et al.  Bayer HealthCare Delivers a Dose of Reality for Cloud Payoff Mantras in Multinationals , 2014, MIS Q. Executive.

[116]  Elizabeth Chang,et al.  Conceptual SLA framework for cloud computing , 2010, 4th IEEE International Conference on Digital Ecosystems and Technologies.

[117]  R. Nolan,et al.  How to Manage an IT Outsourcing Alliance , 1995 .

[118]  Christopher Millard,et al.  Negotiating Cloud Contracts - Looking at Clouds from Both Sides Now , 2012 .

[119]  Maximilian Röglinger,et al.  Operational and Work System-Related Success Factors for Customer Relationship Management in "Product Sales" and "Solution Sales" - a Descriptive Case Study , 2010, ECIS.

[120]  Mario Macías,et al.  Client Classification Policies for SLA Enforcement in Shared Cloud Datacenters , 2012, 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012).

[121]  Oliver Günther,et al.  The Impact of Software as a Service on IS Authority - A Contingency Perspective , 2011, ICIS.

[122]  Susan A. Brown,et al.  Strategic IS Sourcing and Dynamic Capabilities: Bridging the Gap , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[123]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[124]  Abdulaziz Aljabre Cloud Computing for Increased Business Value , 2012 .

[125]  Dijiang Huang,et al.  MobiCloud: Building Secure Cloud Framework for Mobile Computing and Communication , 2010, 2010 Fifth IEEE International Symposium on Service Oriented System Engineering.

[126]  Jan C. Huntgeburth Developing and Evaluating a Cloud Service Relationship Theory , 2014 .

[127]  Alexander Benlian,et al.  A transaction cost theoretical analysis of software-as-a-service (SAAS)-based sourcing in SMBs and enterprises , 2009, ECIS.

[128]  BottaAlessio,et al.  Survey Cloud monitoring , 2013 .

[129]  Andrea Back,et al.  Shadow it – A View from Behind the Curtain , 2014, Comput. Secur..

[130]  Claudia Löbbecke,et al.  Assessing Cloud Readiness at Continental AG , 2012, MIS Q. Executive.

[131]  Bandula Jayatilaka,et al.  Information systems outsourcing: a survey and analysis of the literature , 2004, DATB.

[132]  Manuel Wiesche,et al.  ARE YOU READY FOR DEVOPS? REQUIRED SKILL SET FOR DEVOPS TEAMS , 2018 .

[133]  Gerd Breiter,et al.  Life cycle and characteristics of services in the world of cloud computing , 2009, IBM J. Res. Dev..

[134]  Acklesh Prasad,et al.  On governance structures for the cloud computing services and assessing their effectiveness , 2014, Int. J. Account. Inf. Syst..

[135]  Jörn Altmann,et al.  Cost-benefit analysis of an SLA mapping approach for defining standardized Cloud computing goods , 2012, Future Gener. Comput. Syst..

[136]  Constance E. Helfat,et al.  Qualitative empirical research in strategic management , 2015 .

[137]  T. Grance,et al.  SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing , 2011 .

[138]  Thomas J. Trappler If It's in the Cloud, Get It on Paper: Cloud Computing Contract Issues , 2010 .

[139]  Dimosthenis Kyriazis Modeling the interactions between cloud service providers , 2012, 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems.

[140]  Hiroyuki Sato,et al.  Risk Management on the Security Problem in Cloud Computing , 2011, 2011 First ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering.

[141]  Ali Sunyaev,et al.  CloudLive: a life cycle framework for cloud services , 2015, Electronic Markets.

[142]  David C. Chou,et al.  Cloud computing: A value creation model , 2015, Comput. Stand. Interfaces.

[143]  Nils Urbach,et al.  How to Steer the IT Outsourcing Provider , 2012, Business & Information Systems Engineering.

[144]  Markku Tuominen,et al.  Understanding risk and uncertainty in supplier networks--a transaction cost approach , 2002 .

[145]  Robert Keller,et al.  Cloud Networks as Platform-based Ecosystems : Detecting Management Implications for Actors in Cloud Networks , 2019 .

[146]  Johan Tordsson,et al.  Cloud brokering mechanisms for optimized placement of virtual machines across multiple providers , 2012, Future Gener. Comput. Syst..

[147]  Adil Maarouf,et al.  Practical modeling of the SLA life cycle in Cloud Computing , 2015, 2015 15th International Conference on Intelligent Systems Design and Applications (ISDA).

[148]  T. Aaron Gulliver,et al.  Safeguarding the Cloud: An Effective Risk Management Framework for Cloud Computing Services , 2014 .

[149]  Federico Etro,et al.  The Economic Impact of Cloud Computing on Business Creation, Employment and Output in Europe. An application of the Endogenous Market Structures Approach to a GPT innovation , 2009 .

[150]  Leslie P. Willcocks,et al.  How Commonwealth Bank of Australia Gained Benefits Using a Standards-Based, Multi-Provider Cloud Model , 2014, MIS Q. Executive.

[151]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.

[152]  Qiang Zhang,et al.  The Characteristics of Cloud Computing , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[153]  Yoshinori Sato,et al.  Automated Certification for Compliant Cloud-based Business Processes , 2011, Bus. Inf. Syst. Eng..

[154]  Hanêne Ben-Abdallah,et al.  SaaS cloud provider management framework , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[155]  Rainer Alt,et al.  Service-Lifecycle-Management , 2013, Wirtsch..

[156]  Morris A. Cohen Product Performance Based Business Models: A Service Based Perspective , 2012, 2012 45th Hawaii International Conference on System Sciences.

[157]  Neven Vrcek,et al.  Cost effectiveness of commercial computing clouds , 2013, Inf. Syst..

[158]  Douglas M. Lambert,et al.  Customer relationship management as a business process , 2009 .

[159]  Rajkumar Buyya,et al.  Dynamically scaling applications in the cloud , 2011, CCRV.

[160]  David C. Chou,et al.  Information systems outsourcing life cycle and risks analysis , 2009, Comput. Stand. Interfaces.

[161]  Omar Khadeer Hussain,et al.  Service level agreement (SLA) assurance for cloud services: a survey from a transactional risk perspective , 2012, MoMM '12.

[162]  Shawn R. Chaput,et al.  Cloud Compliance: A Framework for Using Cloud Computing in a Regulated World , 2010, Cloud Computing.