Abstract
In this article a sophisticated formal mathematical decision model is developed that supports the selection of Cloud Computing services in a multisourcing scenario. The objective is to determine the selection of appropriate Cloud Computing services offered by different providers. In order to do so, we consider cost as well as risk factors which are relevant to the decision scope. For example, coordination costs, IT service costs, maintenance costs and the costs of taken risks were compared. Risks are modeled by means of the three common security objectives integrity, confidentiality and availability. The managerial implications of the model lie in the sustainable decision support and the comprehensive decision approach. The formal model is prototypically implemented using a software tool and examined with the help of a simulation study in three realistic scenarios and a sensitivity analysis.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Albach, H. (1981). The nature of the firm—a production-theoretical viewpoint. Zeitschrift für die gesamte Staatswissenschaft, Journal of Institutional and Theoretical Economics, 137, 717–722.
Argote, L., Beckman, S., & Epple, D. (1990). The persistence and transfer of learning in industrial settings. Management Science, 36(2), 140–154.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R. H., Konwinski, A., et al. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50–58.
Aron, R., Clemons, E. K., & Reddi, S. (2005). Just right outsourcing: understanding and managing risk. Journal of Management Information Systems, 22(2), 37–55.
Aubert, B. A., Patry, M., & Rivard, S. (2005). A framework for information technology outsourcing risk management. The Data Base For Advances in Information Systems, 36(4), 9–28.
Bardhan, I. R., Demirkan, H., Kannan, P. K., Kauffman, R. J., & Sougstad, R. (2010). An interdisciplinary perspective on IT services management and service science. Journal of Management Information Systems, 26(4), 13–64.
Beimborn, D. (2006). A Model for Simulation Analyses of Cooperative Sourcing in the Banking Industry. Proceedings of the 39th Hawaii International Conference on System Sciences.
Beimborn, D. (2008). Cooperative sourcing: Simulation studies and empirical data on outsourcing coalitions in the banking industry. Wiesbaden: Deutscher Universitäts-Verlag.
Benlian, A., Hess, T., & Buxmann, P. (2009). Drivers of SaaS-adoption—an empirical study of different application types. Business Information Systems Engineering, 1(5), 357–369.
Bishop, M. (2002). Computer security: Art and science. Addison-Wesley.
Brandl, R., Bichler, M., & Ströbel, M. (2007). Cost accounting for shared IT infrastructures. Wirtschaftsinformatik, 49(2), 83–94.
Braunwarth, K. S., & Heinrich, B. (2008). IT-Service-Management—Ein Modell zur Bestimmung der Folgen von Interoperabilitätsstandards auf die Einbindung externer IT-Dienstleister. Wirtschaftsinformatik, 50(2), 98–110.
Brocke, J. vom, Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., & Cleven, A. (2009). Reconstructing the Giant: On the Importance of Rigour in Documenting the Literature Search Process. Proceedings of the European Conference on Information Systems.
Brodsky, L., & Tan, Y.-h. (2003). A Risk Management Perspective of ASPs. Proceedings of the European Conference on Information Systems.
Buyya, R., Ranjan, R., & Calheiros, R. N. (2009). Modeling and Simulation of Scalable Cloud Computing Environments and the CloudSim Toolkit: Challenges and Opportunities. Proceedings of the 7th High Performance Computing and Simulation.
Cha, H. S., Pingry, D. E., & Thatcher, M. E. (2008). Managing the knowledge supply chain: an organizational learning model of information technology offshore outsourcing. MIS Quarterly, 32(2), 281–306.
Chaudhury, A., Nam, K., & Rao, H. R. (1995). Management of information systems outsourcing: a bidding perspective. Journal of Management Information Systems, 12(2), 131–159.
Cheng, C. H., Balakrishnan, J., & Wong, C. W. (2006). A quantitative model for analysing IS outsourcing decisions. International Journal of Services Operations and Informatics, 1(3), 221–32.
Chou, D. C., & Chou, A. Y. (2007). Analysis of a new information systems outsourcing practice: software-as-a-service business model. Information Systems and Change Management, 2(4), 392–405.
Choudhury, V., & Sabherwal, R. (2003). Portfolios of control in outsourced software development projects. Information Systems Research, 14(3), 291–314.
Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., & Zamboni, D. (2009). Cloud Security Is Not (Just) Virtualization Security A Short Paper. Proceedings of the 2009 ACM workshop on Cloud computing security.
Cloud Security Alliance (2009). Security Guidance for Critical Areas of Focus in Cloud Computing. Security, (December).
Cohen, F. (1999). Simulating cyber attacks, defences, and consequences. Computers Security, 18(6), 479–518.
Dibbern, J. (2004). The Sourcing of Application Software Services : Empirical Evidence of Cultural, Industry and Functional Differences. Physica.
Dibbern, J., Goles, T., Hirschheim, R., & Jayatilaka, B. (2004). Information systems outsourcing. ACM SIGMIS Database, 35(4), 6–102.
Durkee, D. (2010). Why cloud computing will never be free. Communications of the ACM, 53(5), 62–69.
ENISA (2009). Cloud Computing: Benefits, risks and recommendations for information security. ENISA.
Gordon, L. A., & Loeb, M. P. (2006). Budgeting process for information security expenditures. Communications of the ACM, 49(1), 121–125.
Govindarajan, A., & Lakshmanan, G. (2010). Overview of cloud standards. In N. Antonopoulos & L. Gillam (Eds.), Cloud computing: Principles, systems and applications (pp. 77–89). London: Springer-Verlag.
Gupta, M., Banerjee, S., Agrawal, M., & Rao, H. R. (2008). Security analysis of Internet technology components enabling globally distributed workplaces—a framework. ACM Transactions on Internet Technology, 8(4), 1–38.
Harmantzis, F., & Malek, M. (2004). Security risk analysis and evaluation. IEEE International Conference on Communications, 1897–1901.
Huang, K.-w., & Wang, M. (2009). Firm-Level Productivity Analysis for Software as a Service Companies. Proceedings of the 13th International Conference on Information Systems.
Hulthén, R. (2009). Managing information risk and the economics of security. In M. E. Johnson (Ed.), Managing information risk and the economics of security (pp. 121–140). Boston: Springer US.
Jenkins, A. M. (1985). Research methodologies and MIS research. In E. Mumford (Ed.), Research Methods in Information Systems (pp. 103–117). North-Holland.
Jensen, M., & Meckling, W. (1976). Theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of Financial Economics, 3(4), 305–360.
Jurison, J. (1995). The role of risk and return in information technology outsourcing decisions. Journal of Information Technology, 10(4), 239–247.
Kauffman, R. J., & Sougstad, R. (2008). Risk management of contract portfolios in IT services: the profit-at-risk approach. Journal of Management Information Systems, 25(1), 17–48.
Kern, T. (1997). The Gestalt of an information technology outsourcing relationship: An exploratory analysis. Proceedings of the International Conference on Information Systems.
Knolmayer, G. F. (1997). A hierarchical planning procedure supporting the selection of service providers in outtasking decisions. In H. Krallmann (Ed.), Wirtschaftsinformatik 97 Internationale Geschäftstätigkeit auf der Basis flexibler Organisationsstrukturen und leistungsfähiger Informationssysteme, (pp. 99–119). Physika-Verlag.
Lacity, M. C., & Willcocks, L. (2003). IT sourcing reflections. Lessons for customers and suppliers. Wirtschaftsinformatik, 45(2), 115–125.
Lacity, M. C., Khan, S. A., & Willcocks, L. P. (2009). A review of the IT outsourcing literature: insights for practice. The Journal of Strategic Information Systems, 18(3), 130–146.
Lammers, M. (2004). Make, buy or share: combining resource based view, transaction cost economics and production economies to a sourcing framework. Wirtschaftsinformatik, 46(3), 204–212.
Lehmann, S., & Buxmann, P. (2009). Pricing strategies of software vendors. Business Information Systems Engineering, 1(6), 452–462.
Leimeister, S., Riedl, C., Böhm, M., & Krcmar, H. (2010). The Business Perspective of Cloud Computing: Actors, Roles, and Value Networks. Proceedings of the 18th European Conference on Information Systems, (Ecis 2010).
Levina, N., & Ross, J. (2003). From the vendor’s perspective: exploring the value proposition in information technology outsourcing. Management Information Systems Quarterly, 27(3), 331–364.
Levina, N., & Su, N. (2008). Global multisourcing strategy: the emergence of a supplier portfolio in services offshoring. Decision Sciences, 39(3), 541–570.
Martens, B., & Teuteberg, F. (2009). Why risk management matters in IT outsourcing—a systematic literature review and elements of a research agenda. Proceedings of the 17th European Conference on Information Systems.
Martens, B., Teuteberg, F., & Gräuler, M. (2011). Design and implementation of a community platform for the evaluation and selection of cloud computing services: a market analysis. Proceedings of the 19th European Conference on Information Systems.
Matros, R., Stute, P., Von Zuydtwyck, N. H., & Eymann, T. (2009). Make-or-Buy im Cloud-Computing—Ein entscheidungsorientiertes Modell für den Bezug von Amazon Web Services. Wirtschaftsinformatik, 45.
Mykletun, E., Narasimha, M., & Tsudik, G. (2006). Authentication and integrity in outsourced databases. ACM Transactions on Storage, 2(2), 107–138.
Ogawa, K., & Iiboshi, H. (2008). Does the agency cost model explain business fluctuations in Japan?: A Bayesian approach to estimate agency cost for firms classified by size. Journal of the Japan Statisical Society, 38(3), 349–378.
Parasuraman, A., Zeithaml, V. A., & Berry, L. L. (1988). SERVQUAL: A multiple-item scale for measuring consumer perceptions of service quality. Journal of Retailing, 64(1), 12–40.
Poston, R. S., Kettinger, W. J., & Simon, J. C. (2009). Managing the vendor set: achieving best pricing and quality service in it outsourcing. Mis Quarterly Executive, 8(2), 45–58.
Pring, B., Brown, R. H., Frank, A., Hayward, S., & Leong, L. (2009). Forecast: Sizing the Cloud; Understanding the Opportunities in Cloud Services. Gartner, (March).
Püschel, T., Anandasivam, A., Buschek, S., & Neumann, D. (2009). Making money with clouds—Revenue optimization through automated policy decisions. Proceedings of the 17th European Conference on Information Systems.
Sackmann, S., Lowis, L., & Kittel, K. (2009). Selecting Services in Business Process Execution—A Risk-based Approach. Proc. of 9. Intern. Tagung Wirtschaftsinformatik, 357–366.
Schniederjans, M. J., & Zuckweiler, K. M. (2004). A quantitative approach to the outsourcing-insourcing decision in an international context. Management Decision, 42(8), 974–986.
Silver, E. A. (2004). An overview of heuristic solution methods. Journal of the Operational Research Society, 55(9), 936–956.
Simon, H. (1990). Prediction and prescription in systems modeling. Operations Research, 38(1), 7–14.
Singh, C., Shelor, R., Jiang, J., & Klein, G. (2004). Rental software valuation in IT investment decisions. Decision Support Systems, 38(1), 115–130.
Suh, B., & Han, I. (2003). The IS risk analysis based on a business model. Information Management, 41(2), 149–158.
Sun, L., Srivastava, R. P., & Mock, T. J. (2006). An information systems security risk assessment model under the dempster-shafer theory of belief functions. Journal of Management Information Systems, 22(4), 109–142.
Talukder, A. K., Zimmerman, L., & Prahalad, H. A. (2010). Cloud economics: Principles, costs, and benefits. In N. Antonopoulos & L. Gillam (Eds.), Cloud computing: Principles, systems and applications (pp. 343–360). London: Springer-Verlag.
Tan, C., & Sia, S. K. (2006). Managing flexibility in outsourcing. Journal of the Association for Information Systems, 7(4), 179–206.
Tiwana, A., & Bush, A. (2007). A comparison of transaction cost, agency, and knowledge-based predictors of IT outsourcing decisions: a U.S.-Japan cross-cultural field study. Journal of Management Information Systems, 24(1), 259–300.
Tsang, E. W. K. (2000). Transaction cost and resource-based explanations of joint ventures: a comparison and synthesis. Organization Studies, 21(1), 215–242.
Wang, J.-J., Lin, Z.-K., & Huang, H. (2008). A decision model for information systems outsourcing: using a multicriteria method. Journal of Service Science and Management, 1(1), 1–10.
Weinhardt, C., Anandasivam, A., Blau, B., Borissov, N., Meinl, T., Michalk, W., et al. (2009). Cloud computing—a classification, business models, and research directions. Business & Information Systems Engineering, 1(5), 391–399.
Wernerfelt, B. (1984). A resource-based view of the firm. Strategic Management Journal, 5(2), 171–180.
Whitten, D., & Wakefield, R. (2006). Measuring switching costs in IT outsourcing services. The Journal of Strategic Information Systems, 15(3), 219–248.
Williamson, O. (1981). The economics of organizations: the transaction cost approach. The American Journal of Sociology, 15(3), 219–248.
Xin, M., & Levina, N. (2008). Software-as-a service model: elaborating client-side adoption factors. Proceedings of the 12th International Conference on Information Systems.
Yunis, M. M. (2009). A “cloud-free” security model for cloud computing. International Journal of Services and Standards, 5(4), 354–375.
Zhu, Z., Sivakumar, K., & Parasuraman, A. (2004). A mathematical model of service failure and recovery strategies. Decision Sciences, 35(3), 493–525.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Martens, B., Teuteberg, F. Decision-making in cloud computing environments: A cost and risk based approach. Inf Syst Front 14, 871–893 (2012). https://doi.org/10.1007/s10796-011-9317-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-011-9317-x