Abstract
Industry analysts have made several enthusiastic projections on how cloud computing will transform the entire computing industry. According to recent research studies it is on the verge of becoming an extremely lucrative business: the financial profit to be drawn from business and productivity applications as well as related online advertising is expected to amount to billions of Dollars. However, the question arises whether there are any obstacles on the way to mature cloud computing environments. If one looks at IT outsourcing and the emerging field of cloud computing from an economic perspective, some obvious similarities between the two concepts strike the eye. In other words, already existing knowledge about the outsourcing of IT Services should be aligned with new arising obstacles and challenges created by the cloud. The objective of our paper is to support the improvement of decisionmaking processes by contributing to a better understanding of risk and compliance issues in the field of cloud computing and of their likely impacts. This can only be achieved by identifying the main risks and the necessary safeguards required. The reference model presented in this article could help to accomplish this goal.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adeleye, B. C. et al. (2004): Risk management practices in IS outsourcing: An investigation into commercial banks in Nigeria, in: International Journal of Information Management, 2004, 24(2), pp. 167–180.
Aloini, D. et al. (2007): Risk management in ERP project introduction: Review of the literature, in: Information & Management, 2007, 44 (6), pp. 547–567.
Anandasivam, A./Premm, M. (2009): Bid price control and dynamic pricing in clouds, in: Newell, P. et al. (Eds.), Information Systems in a Globalising World: Challenges, Ethics, and Practices, Proceedings of the 17th European Conference on Information Systems, Verona 2009, pp. 1–10.
Armbrust, M. et al. (2009): Above the Clouds: A Berkeley View of Cloud Computing, online: www.eecp.berkeley.edu/Pubs/TechRpts/2009/EECS-2009–28.pdf, last update: 10.02.2009, date visited: 15.07.2009.
Aubert, B. et al. (1998): Assessing the Risk of IT Outsourcing, in: Thirty-First Annual Hawaii International Conference on System Sciences, Band 6, Hawaii 1998, pp. 685–691.
Aubert, B. et al. (2002): Managing IT Outsourcing Risk: Lessons Learned, in: Hirschheim, R. et al. (Eds.), Information Systems Outsourcing in the New Economy: Emergent Patterns and Future Directions, Berlin 2002, pp. 155–176.
Bahli, B./Rivardp. (2003): The Information Technology Outsourcing Risk: a Transaction Cost and Agency theory-based Perspective, in: Journal of Information Technology, 2003, 18, pp. 211–221.
Bernhard, M. (2003): Der Werkzeugkasten für Service-Level-Kennzahlen, in: Bernhard, M. et al. (Eds.), IT-Outsourcing und Service-Management, Düsseldorf 2003, pp. 295–312.
Bible, L. et al. (2006): The Balanced Scorecard: Here and back, in: Management Accounting Quarterly, 2006, 7(4), pp. 18–23.
Blecken, A. et al. (2009): Humanitarian Supply Chain Process Reference Model, in: International Journal of Services, Technology and Management, 2009, 12(4), pp. 391–413.
Braun, C./Winter, R. (2005): A Comprehensive Enterprise Architecture Metamodel and Its Implementation Using a Metamodeling Platform, in: Desel, J., Frank, U. (Eds.), Enterprise Modelling and Information Systems Architectures, Proceedings of the Workshop in Klagenfurt, GI-Edition Lecture Notes (LNI), Klagenfurt 2005, pp. 64–79.
Braunwarth, K.p./Heinrich, B. (2008): IT-Service-Management – Ein Modell zur Bestimmung der Folgen von Interoperabilitätsstandards auf die Einbindung externer IT-Dienstleister, in: Wirtschaftsinformatik, 2008, 50(2), pp. 98–110.
vomBrocke, J. (2007): Construction Concepts for Reference Models – Reusing Information Models by Aggregation, Specialisation, Instantiation, and Analogy, in: Loos, P./Fettke, P. (Eds.), Reference Modelling for Business Systems Analysis, Hershey 2007, pp. 47–75.
vomBrocke, J. et al. (2009): Reconstructing the Giant: On the Importance of Rigour in Documenting the Literature Search Process, in: Newell, P. et al. (Eds.), Information Systems in a Globalising World: Challenges, Ethics, and Practices, Proceedings of the 17th European Conference on Information Systems, Verona 2009, pp. 1–10.
Brown, D. H./Lockett, N. J. (2001): Engaging SMEs in E-commerce: The Role of Intermediaries within eClusters, in: Electronic Markets, 2001, 11(1), pp. 52–58.
Breiter, G./Behrendt, M. (2008): Cloud Computing Concepts, in: Informatik Spektrum, 2008, pp. 624–628.
Brown, D. (2008): It is good to be green: Environmentally friendly credentials are influencing business outsourcing decisions, in: Strategic Outsourcing: An International Journal, 2008, 1(1), pp. 87–95.
Buyya, R. et al. (2008): Market-Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities, in: Proceedings of the 10th IEEE International Conference on High Performance Computing and Communications, Dalian 2008.
Cederlund, J. et al. (2007): Global Sourcing of IT Services: Necessary Evil or Blessing in Disguise?, in: Communications of the Association for Information Systems, 2007, 19, Article 14.
Cobit4.1 (2004): Control Objectives for Information and Related Technology Version 4.1, online: www.isaca.org/Content/NavigationMenu/Members_and_Leaders/COBIT6/Obtain_COBIT/Obtain_COBIT.htm, last update: 15.07.2009, date visited: 15.07.2009.
Cullen, P. et al. (2005): IT outsourcing configuration: Research into defining and designing outsourcing arrangements, in: The Journal of Strategic Information Systems, 2005, 14(4), pp. 357–387.
CurrieW./SeltsikasP. (2001): Exploring the supply-side of IT outsourcing: evaluating the emerging role of application service providers, in: European Journal of Information Systems, 2001, 10(3), pp. 123–134.
Delic, K. A./Walker, M. A. (2008): Emergence of The Academic Computing Cloud, in: ACM Ubiquity, 2008, 9(31), Article 1.
Dibbern, J. et al. (2004): Information Systems Outsourcing: A Survey and Analysis of the Literature, in: The DATA BASE for Advances in Information Systems, 2004, 34(4), pp. 6–102.
ElKharbili, M. (2008): Towards a Framework for Semantic Business Process Compliance Management, in: Proceedings of the GRCIS'08 Workshop at CAiSE'08 - Governance, Risk and Compliance: Applications in IS, 2008.
Eymann, T. (2008): Cloud Computing, in: Kurbel, K. et al. (Eds.), Enzyklopädie der Wirtschaftsinformatik, online: www.enzyklopaedie-der-wirtschaftsinformatik.de, date visited: 15.07.2009.
FettkeP./LoosP. (2007): Perspectives on Reference Modeling, in: FettkeP./LoosP. (Eds.), Reference Modeling for Business Systems Analysis, 2007, pp. 1–20.
Fleming, R./Low, G. (2007): Information System Outsourcing Relationship Model, in: Australian Journal of Information Systems, 2007, 14, pp. 95–112.
Foster, I. (2005): Service-Oriented Science, in: Science, 2005, 308(5723), pp. 814–817.
Gefen, D. et al. (2008): Business familiarity as risk mitigation in software development outsourcing contracts, in: MIS Quarterly, 2008, 32(3), pp. 531–542.
Goodman, P. E./Ramer, R. (2007): Global Sourcing of IT Services and Information Security: Prudence before Playing, in: Communications of the Association for Information Systems, 2007, 20, Artikel 50.
Günther, O. et al. (2001): Application Service Providers: Angebot, Nachfrage und langfristige Perspektiven, in: Wirtschaftsinformatik, 2001, 45(6), pp. 555–568.
Hall, J./Liedtka, St. (2007): The Sarbanes-Oxley Act: Implications for large-scale IT Outsourcing, in: Communications of the ACM, 2007, 50(3), pp. 95–100.
Hayes, B. (2008): Cloud Computing, in: Communications of the ACM, 2008, 51(7), pp. 9–11.
Iacovou, C. L./Nakatsu, R. (2008): A risk profile of offshore-outsourced development projects, in: Communications of the ACM, 2008, 51(6), pp. 89–94.
Iqbal, M./Nieves, M..(2007): Service Strategy, 2. Auflage, London 2007.
JayatilakaB. et al. (2003): Determinants of ASP choice: an integrated perspective, in: European Journal of Information Systems, 2003, 12(3), pp. 210–224.
Kaplan, R./Norton, D. (1997): Balanced Scorecard, Stuttgart 1997.
Karagiannis, D. (2008): A Business Process-Based Modelling Extension for Regulatory Compliance, in: Bichler, M. et al. (Eds.), Multikonferenz Wirtschaftsinformatik 2008, Berlin 2008, pp. 1159–1173.
Kargl, H./Kütz, M. (2007): IV-Controlling, 5. Auflage, München 2007.
Kauffman, R./Sougstad, R. (2008): Risk Management of Contract Portfolios in IT Services: The Profit-at-Risk Approach, in: Journal of Management Information Systems, 2008, 25(1), pp. 17–48.
Klotz, M./Dorn, D.-W. (2008): IT-Compliance – Begriff, Umfang und relevante Regelwerke, in: HMD – Praxis der Wirtschaftsinformatik, 2008, 263, pp. 5–14.
Knolmayer, G. F. (2007): Compliance-Nachweise bei Outsourcing von IT-Aufgaben, in: Wirtschaftsinformatik, 2007, 49, pp. 98–106.
Kondo, D. et al. (2009): Cost-Benefit Analysis of Cloud Computing versus Desktop Grids, in: 18th International Heterogeneity in Computing, Workshop, 2009.
Krause, E. (2008): Methode für das Outsourcing in der Informationstechnologie von Retail- Banken, Berlin 2008.
Kütz, M. (2009): Kennzahlen in der IT – Werkzeuge für Controlling und Management, 3. Auflage, Heidelberg 2009.
Lacity, M. C./Willcocks, L. P. (1998): An empirical investigation of information technology sourcing practices: Lessons from experience, in: MIS Quarterly, 1998, 22(3), pp. 363–408.
Lee, J. et al. (2003): IT outsourcing evolution: past, present, and future, in: Communications of the ACM, 2003, 46(5), pp. 84–89.
Martens, B./Teuteberg, F. (2009a): Ein Referenz- und Reifegradmodell für integrierte Fundraising-Managementsysteme an Hochschulen, in: Hansen, H. R. et al. (Eds.), Tagungsband der 9. Internationalen Tagung Wirtschaftsinformatik: Business Services: Konzepte, Technologien, Band 2: Anwendungen, 2009, pp. 543–552.
Martens, B./Teuteberg, F. (2009b): Why Risk Management Matters in IT Outsourcing – A Systematic Literature Review and Elements of a Research Agenda, in: Newell, P. et al. (Eds.), Information Systems in a Globalising World: Challenges, Ethics, and Practices, Proceedings of the 17th European Conference on Information Systems, Verona 2009, pp. 1–10.
Matros, R. et al. (2009): Make-or-Buy im Cloud-Computing – Ein entscheidungsorientiertes Modell für den Bezug von Amazon Web Services, online: www.opus.ub.uni-bayreuth.de/volltexte/2009/552/pdf/Paper_45.pdf, date visited: 15.07.2009
Meeker, M. et al. (2008): Morgan Stanley – Technology Trends, online: www.morganstanley.com/institutional/techresearch/pdfs/TechTrends062008.pdf, last update: 12.06. 2008, date visited: 18.07.2008.
Mei, L. et al. (2008): A Tale of Clouds: Paradigm Comparisons and Some Thoughts on Research Issues, in: Asia-Pacific Services Computing Conference, 2008, p. 464–469.
Mika, P./Tummarello, G. (2008): Web Semantics in the Clouds, in: IEEE Intelligent Systems, 2008, 23(5), pp. 82–87.
Mossanen, K./AmbergM. (2008): IT-Outsourcing & Compliance, in: HMD – Praxis der Wirtschaftsinformatik, 2008, 263, pp. 58–68.
Müller, P./Supatgiat, C. (2007): A quantitative optimization model for dynamic risk-based compliance management, in: IBM Journal of Research and Development, 2007, 51(3/4), pp. 295–307.
Murthy, P. (2004): The Impact of Global Outsourcing on IT Providers, in: Communications of the Association for Information Systems, 2004, 14, Artikel 25.
Ngwenyama, O. K./SullivanW. E. (2006): Secrets of a Successful Outsourcing Contract: A Risk Analysis, in: LjungbergJ./Andersson, M. (Eds.), Proceedings of the 14th European Conference on Information Systems, Göteborg 2006, pp. 1–10.
Oh, W. et al. (2006): The Market's Perception of the Transactional Risks of Information Technology Outsourcing Announcements, in: Journal of Management Information Systems, 2006, 22(4), pp. 271–303.
PearsonP. (2009): Taking account of privacy when designing cloud computing services, in: Proceedings of the 2009 ICSE Workshop on Software Engineering: Challenges of Cloud Computing, 2009, pp. 44–52.
Püschel, T. et al. (2009): Revenue Optimization Through Automated Policy Decisions, in: Newell, P. et al. (Eds.), Information Systems in a Globalising World: Challenges, Ethics, and Practices, Proceedings of the 17th European Conference on Information Systems, Verona 2009, pp. 1–10.
Rohloff, M. (2008): A Reference Process Model for IT Service Management, in: Proceedings of 14th Americas Conference on Information Systems, Madison 2008.
Sackmann, P. et al. (2009): Selecting Services in Business Process Execution – A Risk-based Approach, in: Hansen, H. R. et al. (Eds.), Business Services: Konzepte, Technologien, Anwendungen, Tagung Wirtschaftsinformatik (WI'09), 2009, pp. 357–366.
Saeed, K./Leitch, R. (2003): Controlling Sourcing Risk in Electronic Marketplaces, in: Electronic Markets, 2003, 13(2), pp. 163–173.
Sakthivel, P. (2007): Managing risk in offshore systems development, in: Communications of the ACM, 2007, 50(4), pp. 69–75.
Singh, C., et al. (2004): Rental software valuation in IT investment decisions, in: Decision Support Systems, 2004, 38(1), pp. 115–130.
Skillicorn, D. (2002): The Case for Data-Centric Grids, in: Proceedings of the 16th International Parallel and Distributed Processing Symposium, 2002, pp. 247–251.
Smith, M./Kumar, R. (2004): A theory of application service provider (ASP) use from a client perspective, in: Information & Management, 2004, 41(8), pp. 977–1002.
Sury, U. (2009): Cloud Computing und Recht, in: Informatik Spektrum, 2009, 32(2), pp. 83–84.
TheEconomist (2008): When clouds collide, in: Economist, 2008, Volume 386 (Issue 8566), pp. 69–70
ThomsonReuters (2009): Journal Citation Reports, online: www.isiknowledge.com/jcr, date visited: 14.07.2009.
Turner, J. R. (2008): Gower Handbook of Project Management, 4. Auflage, Cornwall 2008.
Vitharana, P./Dharwadkar, R. (2007); Information Systems Outsourcing: Linking Transaction Cost and Institutional Theories, in: Communications of the Association for Information Systems, 2007, (20), pp. 346–370.
Vykoukal, J. et al. (2009): Services Grids in Industry -On-Demand Provisioning and Allocation of Grid-based Business Services, in: Wirtschaftsinformatik, 2009, 51(2), pp. 206– 214.
Wang, L. et al. (2008): Scientific Cloud Computing: Early Definition and Experience, in: Proceedings of 10th IEEE International Conference on High Performance Computing and Communications, pp. 825–830.
Webster, J./Watson, R. T. (2002). Analyzing the past to prepare for the Future: Writing a Literature Review, in: MIS Quarterly, 2002, 26(2), pp. xiii–xxiii.
Weinhardt, C. et al. (2009): Business Models in the 2. Service World, in: IEEE IT Professional, 2009, 11(2), pp. 28–33.
Weiss, A. (2007): Computing in the Clouds, in: netWorker, 2007, 11(4), pp. 16–25.
Xiong, L. et al. (2007): Preserving data privacy in outsourcing data aggregation services, in: ACM Transactions on Internet Technologies, 2007, 7(3), pp. 1–28.
Zhang, L.-J. (2008): Introduction to the Knowledge Areas of Services Computing, in: IEEE Transactions on Services Computing, 2008, 1(2), pp. 62–74.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2011 Gabler Verlag | Springer Fachmedien Wiesbaden GmbH
About this chapter
Cite this chapter
Martens, B., Teuteberg, F. (2011). Towards a Reference Model for Risk and Compliance Management of IT Services in a Cloud Computing Environment. In: Keuper, F., Oecking, C., Degenhardt, A. (eds) Application Management. Gabler. https://doi.org/10.1007/978-3-8349-6492-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-8349-6492-2_6
Publisher Name: Gabler
Print ISBN: 978-3-8349-1667-9
Online ISBN: 978-3-8349-6492-2
eBook Packages: Business and EconomicsBusiness and Management (R0)