Tutorial 7 Flashcards
Key Advantages of Cloud Computing
- Lower Cost of Entry – Small businesses can access compute-intensive business
analytics and services that were previously exclusive to large enterprises. - Rapid Deployment & Scalability – Cloud services provide immediate access to
computing power, reducing time-to-market for businesses. - Business Agility – Firms can scale their IT infrastructure dynamically, avoiding
underutilization of expensive hardware. - Green Computing – Optimizing server utilization results in lower energy
consumption, making cloud computing an environmentally friendly choice. - Enabling Innovation – Cloud technology supports emerging AI, big data analytics,
and IoT applications. - Cloud computing offers a paradigm shift,
moving IT resources from capital expenditures (CapEx) to operational expenditures
(OpEx), thereby enabling businesses to scale resources efficiently.
Core Technologies and Service Models
The article describes three fundamental cloud service models:
- Infrastructure as a Service (IaaS) – Provides virtualized computing resources, such
as Amazon EC2 and Google Compute Engine. - Platform as a Service (PaaS) – Provides a cloud-based environment for application
development (Google App Engine, Microsoft Azure). - Software as a Service (SaaS) – Delivers applications via the internet, eliminating
the need for local installations (Google Apps, Salesforce).
Key enabling technologies for cloud computing (Marston et al.):
●Virtualization – Abstracting computing resources to improve efficiency.
●Multitenancy – Hosting multiple customers on shared infrastructure.
●Web Services & APIs – Facilitating cloud application interoperability.
Strengths of Cloud Computing
●Cost efficiency through resource pooling.
●Increased computing power and agility.
●Reduced maintenance burden on firms.
●Almost immediate access to hardware resources => faster time to market in business
●Reduced cost
Weaknesses of Cloud Computing
●Security concerns related to data privacy and compliance.
●Dependence on service providers for uptime and performance.
●Potential loss of control over IT infrastructure.
●High speed internet required
●Lose physical control
Opportunities of Cloud Computing
●Adoption by SMEs – Enables small and medium businesses to compete
with larger firms.
●Emerging markets – Cloud services can help developing economies
leapfrog traditional IT models.
●Hybrid cloud solutions – Enterprises can integrate private and public cloud
models for flexibility and security.
●No upfront investment is required
●Cloud computing appeals to large IT infrastructures that want to reduce their carbon footprint
●Opportunities ti get access to up to date technologies
Threats to Cloud Computing:
●Regulatory challenges – Different countries have data residency laws
impacting cloud adoption.
●Vendor lock-in – Lack of standardization can restrict flexibility.
=> Cloud vendors might cost more and more over time
●Threat to their corporate IT structure
●Fear of job loss
●Risk of cloud providers going bankrupt
●Security vulnerabilities – Potential breaches in multi-tenant environments.
Regulatory & Compliance Issues of Cloud Computing
●Data sovereignty – Where is data stored, and which laws apply?
●Compliance – Industries like finance and healthcare have strict data security
mandates (e.g., GDPR, HIPAA).
●Cybersecurity risks – Cloud services need robust identity management and
encryption to safeguard sensitive data.
=> Governments play a crucial role in setting regulations that ensure data privacy, security,
and fair market competition.
Two types of ERP
- On premise: You have everything stored within the company, you have the software etc.
- Cloud computing: An information technology service model where computing systems are delivered on demand over a network in a self-service fashion, independent of device and location
Cloud computing benefits of large firms
- Benefit from economies of scale => reduce total cost of ownership
- Virtualisation enables server consolidation => enhances efficiency and reduces maintenance costs
- Cloud providers offer private cloud options => Firms can maintain greater control over data security
- Firms can establish “cloud committees” to strategically evaluate cloud adoption and implement best practices
Cloud Computing benefits for small/medium firms
- Pay-as-you-go model => eliminates the need for heavy capital expenditure on IT infrastructure
- Can adopt cloud computing quickly without needing to integrate with complex legacy systems (=> a challenge that many large firms have)
- Can scale IT resources on demand => allows adaptation into market fluctuations and growth
- Provides immediate access to advanced computing resources => no requirement of large IT teams
Different cloud deployment models:
- Public cloud: Being available from a third-party service provider via the internet and is a cost-effective way to deploy IT solutions, especially for SMEs
- Private cloud: Offers many of the benefits of a public cloud computing environment, such as being flexible and service based, but is managed within an organisation
- Community cloud: Controlled and used by a group of organisations that have shared interest, such as specific security requirements
- Hybrid cloud: A combination of a public cloud and private cloud => typically non-critical information is outsourced to the public cloud, while business-critical services and data are kept within the control of the organisation
Cloud Mantras (Financial benefits): 1. High cost advantages can be achieved
Supporting Example:
Organizations in large countries with complex requirements and costly legacy systems saved on costs
Refuting Example:
Smaller country organizations with lower process complexities and simpler needs preferred an existing in-house solution
Relevant Inhibitors:
- Business process complexity
- Legacy systems
Cloud Mantras (Financial benefits): 2. Implementation times are short
Supporting Example:
Organizations in emerging countries with less regulatory requirements, fairly low process complexity and no legacy systems had a working cloud solution in a relatively short time
Refuting Example:
Overall cloud implementation globally was a multi-year program driven by different process heterogeneity and regulatory requirements
Relevant inhibitors:
- Business process complexity
- Regulatory differences
- legacy systems
Cloud Mantras (Technological Implications): 3. Customisation is limited, but meets most needs
Supporting Example:
In the more narrow scope of the Pharma business, where an industry-specific cloud solution was available, the customization proceeded merely with adaptations to the different market environments
Refuting Example:
The cross-industry (horizontal) cloud solution for the non-para segments needed extensive customisation to the different business process needs across this enterprise-wide implementation
Relevant Inhibitors
- Solution’s lack of industry focus
- Business process complexity
- Implementation scope
Cloud Mantras (Technological Implications): 4. Compliance and security risks have to be accepted
Supporting Example:
Compliance and regulatory requirements for the cloud rollout were major issues to consider, particularly in the highly regulated Pharma business
Refuting Example:
Compliance and security issues were not accepted blindly, but addressed early on, creating mindful awareness of risks and preventing “show-stopper” barriers
Relevant Inhibitors:
- Regulatory differences
- Solution’s business specificity
Cloud mantras (Organizational impacts) 5. Business units can focus in their core competencies
Supporting Example:
Business units in countries with no legacy systems and under global IT governance accepted the cloud solution without the need to involve the global business organisation
Refuting Example:
Business units in countries with existing CRM systems and strong local IT ownership required governance through global business leaders to drive the template definition and acceptance of the new solution
Relevant Inhibitors:
- Legacy systems
- Distribution of IT ownership
Cloud mantras (Organizational impacts) 6. Companies become less dependent in internal IT units
Supporting Example:
BHC became less dependent on CRM hosting and data center capabilities - i.e., on non-business-specific IT functions
Refuting Example:
The enterprise-wide cloud CRM rollout affecting complex business processes made global IT functions indispensable as a governance function; a cloud expert was also needed for all business-specific issues
Relevant inhibitors:
- Implementation scope
- Business process complexity
- Solution’s business specificity
Learning form BHC’s going strategies to achieve cloud payoffs
- Consider multi-platform cloud strategies
- Perform a competitive vendor review and negotiate contract terms
- Design a global template approach for rollouts
- Manage strategic benefuts and costs expectations
- Use PaaS to compliment standard SaaS customisation options
- Partner with cloud vendors and third parties for functional and technical needs
- Ensure regulatory compliance and data security to mitigate risks
- Establish a global business governance and change management process
- Strengthen IT units’ involvement and expertise
Key Features of Cloud Computing: On-Demand Self-Service
Users can provision resources as needed without requiring human intervention
Key Features of Cloud Computing: Broad Network Access
Services are accessible over the internet from various
devices
Key Features of Cloud Computing: Resource Polling
Providers use multi-tenant models to serve multiple customers
from shared infrastructure
Key Features of Cloud Computing: Rapid Elasticity
Resources can be scaled up or down dynamically based on
demand
Key Features of Cloud Computing: Measured Service
Users are charged based on actual resource consumption,
following a pay-per-use model
Multitenancy
Multitenancy is a software architecture where a single instance of an application serves
multiple users (tenants) while keeping their data separate. It maximizes resource efficiency
and cost savings by allowing multiple clients to share infrastructure while maintaining privacy
and security .
Example:
●In Salesforce, multiple companies (tenants) use the same CRM system
without interfering with each other.
Scalability
Scalability refers to the ability of a cloud system to handle increasing workloads by
automatically adjusting resources. There are two types:
●Vertical Scaling (Scaling Up) – Adding more power (CPU, RAM) to an existing
server.
●Horizontal Scaling (Scaling Out) – Adding more machines to distribute the load
across multiple servers.
Example:
●Netflix scales its servers during peak hours to handle increased traffic and
scales down during low-usage periods.
Software-as-a-Service (SaaS)
SaaS is a cloud computing model where applications are hosted and managed by a provider and delivered over the internet. Users access software without installing it on their
local machines.
Examples:
●Google Workspace (Gmail, Drive, Docs)
●Microsoft 365
●Salesforce CRM
Infrastructure-as-a-Service (IaaS)
IaaS provides virtualized computing resources (servers, storage, networking) over the internet. It allows businesses to rent IT infrastructure instead of purchasing and maintaining
physical hardware.
Examples:
●Amazon Web Services (AWS EC2, S3)
●Microsoft Azure Virtual Machines
●Google Cloud Compute Engine
Platform-as-a-Service (PaaS)
PaaS is a cloud service model that provides a development environment for building,
testing, and deploying applications. It abstracts the underlying infrastructure, enabling
developers to focus on coding without managing hardware and system software.
Examples:
●Google App Engine
●Microsoft Azure App Services
●Heroku
Why Does Cloud Computing Often Meet Resistance from Internal IT Departments?
- Fear of Job Redundancy
- Loss of Control
- Security and Compliance Concerns
- Vendor Lock-in Risks
- Integration Challenges with Legacy Systems
- Performance and Reliability Worries
- Compliance with Internal Policies
On-Premise Computing
Fully owned and managed by the company; Limited by physical hardware capacity; High upfront investment (CapEx); Requires in-house IT team; Full control over security but requires expertise; Dependent on local infrastructure reliability; Full control over compliance management; Seamless if already built on on-premise architecture; Fully customisable
Is Cloud Computing Inferior to On-Premise Computing?
No, but it depends on business needs. Cloud computing offers flexibility, cost savings, and
scalability, making it superior for most businesses. However, on-premise computing remains
preferable for companies with strict regulatory requirements, high-security needs, or heavy
legacy system dependencies
Growth of Outsourcing
●Offshore Business Process Outsourcing (BPO) has grown significantly, particularly in
India.
●Factors such as low labor costs, a skilled workforce, and improved
telecommunications infrastructure have contributed to this growth.
●The reduction in outsourcing risks, particularly due to technological advancements,
has facilitated this expansion.
Risks in Outsourcing
- Strategic Risks – Arise from vendor opportunism (e.g., deliberate actions that harm
the client). - Operational Risks – Result from failures in vendor operations due to complexity or
miscommunication. - Intrinsic Risks of Atrophy – Occur when an outsourced process leads to a loss of
internal expertise over time. - Intrinsic Risks of Location – Geopolitical, sovereign, and exchange-rate risks
related to the remote location of outsourced operations.
Strategic Risk in Detail
- Shirking (Principal-Agent Problem)
○Vendors may deliberately underperform while claiming full payment.
○Shirking includes low effort, use of lower-skilled staff, or lack of investment in training and infrastructure. - Poaching (Misuse of Information)
○Vendors may use proprietary client information for their own benefit or sell it to competitors.
○Examples include reverse-engineering business processes or reselling
customer data. - Opportunistic Renegotiation (Vendor Hold-Up)
○A vendor might exploit a client’s dependence by raising prices or changing contract terms once alternative suppliers are no longer viable.
○This typically occurs in long-term contracts where switching vendors is
difficult.
Risk Mitigation Strategies
●Vertical Chunkification – Dividing a process into sequential non-overlapping
activities handled by different vendors.
●Horizontal Chunkification – Splitting the same activity among multiple
vendors to reduce dependency on a single supplier.
●Internal Retention of Critical Functions – Keeping the most sensitive
processes in-house to prevent knowledge loss and vendor opportunism.
Managing Strategic Risk
The authors suggest different strategies for controlling specific risks:
●Shirking Mitigation
○Monitoring vendor activities.
○Using multiple vendors to compare performance.
○Establishing performance-based compensation.
●Poaching Prevention
○Limiting vendor access to critical knowledge.
○Ensuring that no single vendor has full control over strategic operations.
○Using vertical chunkification to prevent knowledge leakage.
●Opportunistic Renegotiation Avoidance
○Maintaining some internal capacity to take over outsourced functions if
necessary.
○Using multiple vendors to ensure alternative suppliers are available.
○Structuring contracts with safeguards against price increases.
Operational Risks
○Project Delays: Misaligned expectations, miscommunication, or unforeseen
technical issues can slow development.
○Quality Issues: Bugs, security vulnerabilities, or poor software architecture
can result from inadequate testing or lack of expertise.
○Dependency on Vendor: Over-reliance on a single vendor can create
long-term risks if the vendor discontinues support or goes out of business.
Intrinsic Risks
○Atrophy of In-House Expertise: As internal teams become less familiar with
IS development, firms lose the ability to innovate or troubleshoot issues
independently.
○Geopolitical and Compliance Risks: Outsourcing to international vendors
may create compliance challenges related to data security, privacy laws, or
geopolitical instability.
Mitigation Mechanisms for IT Outsourcing Risks
1. Contractual Safeguards
○Service-Level Agreements (SLAs): Clearly define performance
expectations, deadlines, and penalties for non-compliance.
○Intellectual Property (IP) Protection Clauses: Prevent vendors from using
proprietary knowledge for other clients.
○Exit Strategies: Ensure there are clauses for terminating contracts with
minimal disruption.
⇒ Effectiveness: While these contracts set expectations, enforcement can be challenging if
disputes arise. Legal action may be time-consuming and costly.
Mitigation Mechanisms for IT Outsourcing Risks
2. Strategic Chunkification
○Vertical Chunkification: Splitting IS development into modular tasks with
different vendors, ensuring no single vendor gains full system knowledge.
○Horizontal Chunkification: Distributing tasks among multiple vendors to
prevent dependence on one supplier.
⇒ Effectiveness: This method effectively reduces poaching and vendor hold-up but
requires strong integration and oversight mechanisms.
Mitigation Mechanisms for IT Outsourcing Risks
3. Retaining Critical Functions In-House
○Keeping core system architecture and data security processes internal to
prevent vendor control over sensitive components.
⇒ Effectiveness: Reduces strategic risk but may increase costs due to the need for internal
expertise
Mitigation Mechanisms for IT Outsourcing Risks
5. Maintaining Multiple Vendors
○Using different vendors for development, testing, and maintenance ensures
competition and prevents opportunistic renegotiation.
⇒ Effectiveness: Reduces dependence but increases coordination complexity.
Mitigation Mechanisms for IT Outsourcing Risks
4. Robust Monitoring and Testing
○Implementing continuous performance monitoring, peer code reviews, and
third-party audits.
○Requiring vendors to follow security and quality assurance best practices.
⇒ Effectiveness: Helps detect and mitigate issues early, but requires additional
management oversight.
Mitigation Mechanisms for IT Outsourcing Risks
6. Knowledge Retention and Training
○Documenting code, system architecture, and vendor interactions.
○Cross-training internal staff to understand outsourced systems.
⇒ Effectiveness: Prevents long-term knowledge loss but may not be feasible for highly
specialized technologies.