This paper is to evaluate, discuss, and critique in detail the cloud migration approaches
followed by the organizations mentioned in the case studies The City of Pittsburgh Goes to the
Cloud” and “Selecting a Suitable Cloud Computing Technology Deployment Model for an
Academic Institute”, by comparing and contrasting the facts in each case study using the
proposed cloud computing management criteria outlined in the “A Practical Framework for
Managing Cloud Computing Risk” documents Part I and Part II.
The first part of the paper will explain the term “Cloud Computing” and its features. Then
we will discuss the nature of each case and the specific needs of users of each organization.
Next, we will discuss the decision-making models used in each case. Lastly, we focus on major
concepts from the identified practical framework.
Overview of Cloud Computing
Cloud computing (CC) possesses five essential characteristics: on-demand self-service,
broad network access, resource pooling, rapid elasticity, and measured service; three service
models Platform as a Server (PaaS), Software as a Service (SaaS) and Infrastructure as a Service
(IaaS); and four types of deployment models: Private cloud (PRC) Community cloud (COC),
public cloud (PUC) and hybrid cloud (HYC).
Cloud Computing characteristics
● The on-demand self-service characteristics are the customer’s access to the service at any
time and from anywhere;
● The broad network allows accessing the network from any device, such as a phone,
laptop, tablet, etc.
● The resource pooling allows many customers to share the same servers.
● The rapid elasticity is considered to have a major advantage of CC and refers to scalable
services in which the customer can be paying based on the use of resources. The
purchases can be done at any time and quantity.
● The measured service is referring to monitoring the services, such as bill payments and
● Platform as a Service (PaaS) provides a platform for the customers to run, manage and
develop applications, using the available programming tools and languages. Examples of
PaaS are Google App Engine and Microsoft Azure.
● Software as a Service (SaaS) enables the customer to use the application through a web
browser via subscription, rather than installing it to the device. Examples of SaaS
software are Google Apps, Microsoft Office Suite, Salesforce.com, etc.
● Infrastructure as a Service (IaaS) enables the customer to storage and process, servers,
memory the computing resources. Examples of IaaS are Amazon Elastic Compute Cloud
● Private cloud (PRC) is for internal, personal or company use. The customers able to
access the PRC are only from the organization, for which the PRC is created.
● Community cloud (COC) can be shared by a few organizations that support the same
mission, policy, security requirements, and compliance considerations.
● Public cloud (PUC), unlike the PRC and COC, the PUC is available to be accessed by the
general public and it is owned by an organization.
● Hybrid cloud (HYC) combines two or more types of cloud services and allows them to
still remain unique but are they can bound together to allow data and application
Overview of Cases
The City of Pittsburgh Case
The city of Pittsburgh’s Chief Information Officer was tasked with finding an alternative
to their costly existing email system. The current email system was proving to be ineffective. It
was costly to employee the centralized IT shop that consisted of 55 full time employees and a
$5.6 million operating budget and $500,000 capital budget. Moreover, the IT department was
made up of two kinds of employees, the first are tenured employees with high salaries and little
more than a high school education. These employees also had IT skill in areas that have become
or were quickly becoming obsolete. Conversely, the second group of employees was made up of
recent graduates, who had skills that were more pertinent to today's IT environment. However,
these employees were started at a lower wage and retention was challenging as they often moved
on to higher paying positions in the private sector.
With the increasing need for more email service the City Information Systems (CIS)
technical branch of the City of Pittsburgh was faced with a dilemma. Hire additional staff and
purchase new software or begin to outsource their mail service to a Software as a Service (SaaS)
known as a cloud-based provider. It was determined that moving the email system to a cloudbased platform would be a viable option.
Even though the city of Pittsburg has been successful in many areas, such as, education,
medical fields, and other. It has also encountered with challenges with the need to improve
employees email services. They found an alternative of a cloud-based solution which is cost
effective. After several attempts to choose between cloud service providers, Google was chosen
for their cloud solution.
The Academic Institute Case
The Internet revolution is rapidly spreading worldwide, from its earliest stage of only
providing information to users to providing data storage, run software applications and so on.
Cloud computing in the education sector was implemented quickly in the UK and USA,
however, it was not as accessible for developing countries like India. Choosing the proper cloud
implementation, the right model and the suitable vendor for cloud computing technology are
crucial because it has an impact on students, teachers, and IT staff. This case focuses on a
management institute in India with approximately 1,500 students in post graduate programs. The
problem faced by the Institute is whether continued investment should be put into the existing IT
infrastructure (computer laps, servers, and software licenses) or implement a cloud computing
environment. Over time, more students are using their own laptops and tablets over the limited
space in the computer labs, but access to specific software packages is necessary for the growing
Overview of Decision-Making Models
The City of Pittsburg Case and the selection of suitable cloud computing technology for
an Academic Institute case had similar decision-making frameworks which is to determine if
they should switch to cloud computing and if they did what type of cloud service will best fit in
to their business processes. There are different types of Multi-Criteria Decision Making
(MCDM) models such as Elimination and Choice Translating Reality (ELECTRE), Technique
for Order Preference by Similarity to Ideal Solution (TOPSIS), Multi-Attribute Utility Theory
(MAUT), and Analytic Hierarchy Process (AHP). These two organizations have selected and
relied on the AHP type of MCDM models to help in selecting the suitable cloud computing
technology for their organization.
According to Ishizaka (2009) The Analytical Hierarchy Process is defined as “a multicriteria decision making (MCDM) method that helps the decision-maker facing a complex
problem with multiple conflicting and subjective criteria.”(p. 201) Simply stated, the (AHP)
process creates an outline of criteria and sub criteria that are weighted. It’s a technique for
decision making in a business environment that is very broad and complex in which many
variables are considered in the prioritization and selection of alternative projects (Vargas, 2010).
AHP was developed in the 1970s by Thomas L. Saaty and has since been extensively studied and
is currently used in decision making for complex scenarios, where people work together to make
decisions when human perceptions, judgments, and consequences have long-term repercussions
(Bhushan & Rai, 2004).
Using this method ensures that the most important aspects are given a larger
consideration, whereas the sub-criteria are given a lesser consideration in the decision process.
Due to large financial investment of the projects, both the City of Pittsburgh and Indian
Academic Institution depended on (AHP) method, so that the decisions were based on strong
analytics data. The first step in the application of AHP is the decomposition of the problem or
goal they are trying to achieve in to a hierarchy so it’s easier to analyzed and compared
independently (Exhibit 1). After the hierarchy has been constructed, the decision makers can
systematically assess the alternatives by making pair-wise comparisons for each of the chosen
criteria. This comparison may use concrete data from the alternatives or human judgments as a
way to input subjacent information (Saaty, 2008).
The versatility and capability of AHP methodology makes it the most widespread MCDM
models and it is also said to be very easy to understand can be used in real life decisions
(Ramachandran, Sivaprakasam, Thangamani, & Anand, 2014).
Comparisons to a Practical Framework
The purpose of this two-part article is to describe risks related to cloud computing from
the customer’s perspective and provide a “framework” for how these risks can be addressed. In
general, the authors suggest incorporating all agreements in written and unchanging form. The
two cases under evaluation (City of Pittsburgh and Academic Institute) do not go far enough into
the process of implementing the selected cloud computing solution and creating written
agreements with a provider. However, some aspects of the decision-making process can be
related to the “framework” for our analysis even without identification of written agreements.
The following section lists major items provided in the framework and compares how both case
studies addressed these cloud computing risks.
The document titled A Practical Framework for Managing Cloud Computing Risk Part I
and Part II outlined a framework for service availability and continuity, service level, data
security, data redundancy, data ownership and use right and data conversion. We found the two
most important areas of this framework that related to the two case studies are service levels and
It is stated in part I of the framework that “service levels serve two main purposes. First,
service levels assure the customer that it can rely on the services in its business and provide
appropriate remedies if the provider fails to meet the agreed service levels. Second, service levels
provide agreed upon benchmarks that facilitate the provider’s continuous quality improvement
process and provide incentives that encourage the provider to be diligent in addressing issues”
(Kalyvas et al. 2013). The framework also suggested that providers offering cloud computing
services should be evaluated by the customer based on several elements including uptime,
service response time, and ability to support simultaneous visitors, and problem response and
Uptime. Uptime is the percentage of time the cloud services are available to the customer
over a specified period (e.g. day, week, month, etc.) within desired operating hours (Kalyvas et
In the Pittsburgh case, there is no specific reference to the need for high uptime levels.
However, this is an area that should be a major concern for the CIO. In regards to the email
service unscheduled downtimes of the service could lead to breakdowns in communication and a
decrease in daily productivity.
In the Academic Institute case, availability (AVL) was specified as the one of the main
factors for the decision-making process and had the highest weight (Ramachandran et al., 2014).
Included as a subfactor to AVL was “accessible at anytime” (ANT). The institute’s existing IT
infrastructure allowed students and faculty to access services 24x7. Because previous experience
is considered to be 24x7 availability, the institute would need to evaluate how the level of
availability might be different between the existing IT infrastructure (EXT) and various cloud
computing options (PRC, COC, PUC, HYC) as well as potential variations among providers.
Both case studies reference cost as a determining factor. It is important for both
organizations to realize that the focus on cost could pigeon hole them later when it comes to
expansion. History has proven that IT is a rapidly changing field and what is new today could be
outdated and obsolete tomorrow. Point being in the India case cost is not as heavily weighted,
but it does reveal to be relevant in the infrastructure (INC) and maintenance (MNC) cost main
factors used in the decision-making model. Whereas in the Pittsburgh case, the criterion of
“financial” was given the second lowest overall weighting next to “opportunities” (Mu & Stern,
Service response time. Service response time is a measure of how quickly the server
responds to the user’s needs. If response time is too slow, the services would essentially be
considered unusable and unavailable.
While the main goal of implementing cloud computing is to email service in the
Pittsburgh case, one must be cognizant of the scalability of future IT needs such as software that
will allow for increase productivity and greater opportunities for communication and
collaboration. This could have an impact on service response time because as the needs grow
into new areas such as video conferencing, response times must be very high to allow for
In the Academic Institute case, several software packages are currently used including
Microsoft Office, Adobe Photoshop CS4, and SPSS STATISTICS 22. Depending on the amount
of data involved in running these applications, slow response times could seriously impact the
ability to meet the user’s needs. The framework suggests setting maximum latency values in any
agreement with the cloud computing provider. The Academic Institute case mentions concerns
regarding drops in speed based on simultaneous visitors (see next section relating to ELS), but
Simultaneous visitors. Simultaneous visitors is the idea that as the number of users
increases, services levels should be maintained while meeting the increased demand.
In the Pittsburgh case, there are approximately 3,000 employees that would require
individual mailboxes. The request for proposal issued by the city to potential vendors included
this number to make it clear the number of users involved. The case also recognizes varying
computer usage levels depending on the type of worker (knowledge worker, occasional worker,
or light worker) but does not provide a breakdown of the number of users that would fall into
each of these categories. However, because email services include both sending and receiving
messages, the system would need to support emails received by the maximum number of users.
In the Academic Institute case, there was concern over the ability to meet fluctuating
demand of approximately 1,500 students, especially with live laboratory demonstrations are
performed involving 50-80 simultaneous users and increased activity such as during exam
periods. This case classifies this need as elasticity (ELS) and was given the lowest resulting
value. This should be given higher value because it is so closely related to overall availability.
Problem response and resolution time. Both the Pittsburgh and Academic Institute
cases did outline criteria on how to evaluate a provider’s problem response and resolution time.
In Pittsburgh case “Support for the solution is the provider’s responsibility including but not
limited to: monitoring of the solution, immediate report of any malfunction to the City, restore
all City data in the event of a system malfunction, failure, or compromise” (Mu & Stern, 2015).
On the other hand, The Academic Institute case implemented a decision criterion called support
(SUP) under availability (AVL). With a cloud computing providing Software as a Service,
technical problems relating to software would have to be addressed by the provider which could
cause delays as compared to the existing in-house IT support staff. As identified by Pocatilu et
al. (2010), “This criterion deals with the service availability, which needs to be always high”. If
problems are not addressed quickly, availability would drop.
There are many aspects of data security to consider that are unique to cloud computing.
Kalyvas recommended the evaluation of the criteria surrounding data security in the Part II of the
Practical Framework for Managing Cloud Computing Risk. It is important for customers to
know that “unique data security issues arise in a cloud computing environment” as was
mentioned in the framework, some situations that can arise are loss or unauthorized release of
data by providers. This is because customers are responsible for complying with security and
privacy laws regardless of where the data is stored. Because of this, customers should “include
identifying the location of the data center where the data will be physically stored and who may
have access to the data” (Kalyvas et al., 2013).
In the Pittsburgh case, because the data pertains to government operations and could
include confidential information data security was a high priority. Therefore, the city included
specific requirements in the request for proposal to potential providers including “specific
details, policies, procedures, compliances, regulations, and other resources related to the security
plans” that must be followed. Additionally, another requirement stated that “the City’s data will
be segregated from other customer’s data, accessed only by authorized personnel, and remain in
the continental United States” (Mu & Stern, 2015). More so, the Pittsburgh case emphasizes the
importance of location by giving higher priority to providers operating within city limits over
those that are outside city limits but inside the county, outside the county but within the state or a
bordering state, or outside the state.
On the other hand, the decision makers in the Academic Institute case also wanted to
ensure that proper security measures were taken, such as maintaining an updated online antivirus
to prevent data tampering by external forces or viruses (Ramachandran et al., 2014). They also
ensure that “There should be a data encryption facility for protecting the data from hackers”
(Ramachandran et al., 2014). In the Academic Institute case, security (SEC) was specified as the
one of the main factors for the decision-making process and had the second highest weight
(Ramachandran et al., 2014) just below AVL. The decisions makers in this case were highly
concerned with data security and recognized the need for protecting personal information of
students and their academic work.
Data security can be largely impacted by the deployment model selected. The Pittsburgh
case resulted in the selection of Google Apps for Government which is a type of public cloud
deployment with additional security restrictions (Ramachandran et al., 2014) where servers are
only used by other government customers (Heaton, 2011). The Academic Institute case resulted
in the selection of a private cloud (PRC), however not decision was identified as to whether the
hardware would be installed and maintained by the institute or by a third-party provider off-site.
The organization responsible for performing some security functions such as backups and
updating anti-virus and other software would depend on the physical location of the hardware
(Ramachandran et al., 2014).
Cloud computing provides flexibility and availability from every part of the work, that is
able to connect to the internet and use a web browser, scalability, and elasticity. Other positive
features are the financial savings and the e-learning platform. Keeping in mind the resources that
data storage and hardware equipment. Cloud comp ...
Purchase answer to see full