Jens Lansing

A Taxonomic Perspective on Certification Schemes: Development of a Taxonomy for Cloud Service Certification Criteria

Numerous cloud service certifications (CSCs) are emerging in practice. However, in their striving to establish the market standard, CSC initiatives proceed independently, resulting in a disparate collection of CSCs that are predominantly proprietary, based on various standards, and differ in terms of scope, audit process, and underlying certification schemes. Although literature suggests that a certifications design influences its effectiveness, research on CSC design is lacking and there are no commonly agreed structural characteristics of CSCs. Informed by data from 13 expert interviews and 7 cloud computing standards, this paper delineates and structures CSC knowledge by developing a taxonomy for criteria to be assessed in a CSC. The taxonomy consists of 6 dimensions with 28 subordinate characteristics and classifies 328 criteria, thereby building foundations for future research to systematically develop and investigate the efficacy of CSC designs as well as providing a knowledge base for certifiers, cloud providers, and users.

Trust in Cloud Computing: Conceptual Typology and Trust-Building Antecedents

Trust is an important facilitator for successful business relationships and an important technology adoption determinant. However, thus far trust has received little attention in the context of cloud computing, resulting in a lack of understanding of the dimensions of trust in cloud services and trust-building antecedents. Although the literature provides various conceptual models of trust for contexts related to cloud computing that may serve as a reference, in particular trust in IT outsourcing providers and trust in IT artifacts, idiosyncrasies of trust in cloud computing require a novel conceptual model of trust. First, a cloud service has a dual nature of being an IT artifact and a service provided by an organization. Second, cloud services are offered in impersonal cloud marketplaces and build upon a nested network of cloud services within the cloud ecosystem. In this article, we first analyze the concept of trust in cloud contexts. Next, we develop a conceptual model that describes trust in cloud services. The conceptual model incorporates the duality of trust in a cloud provider organization and trust in an IT artifact, as well as trust types for the impersonal environment and the cloud computing ecosystem. Using the conceptual model as a lens we then review 43 empirical studies on trust in IT outsourcing and trust in IT artifacts that were identified by a structured literature search. The resulting conceptual model provides a conceptual typology of constructs for trust in cloud services, defines trust-building antecedents, and develops 19 propositions describing the relationships between trust constructs and between trust constructs and trust-building antecedents. The conceptual model contributes to research by creating grounds for future theory-building on trust in cloud contexts, integrating two previously disjoint strands in the trust literature, and identifying knowledge gaps. Based on the conceptual model, we furthermore provide practical advice for managers from service providers, platform providers, customers, and institutional authorities.

Empfehlungen zur Gestaltung von Cloud-Service-Zertifizierungen

Zertifizierungen von Cloud-Services konnen Entscheidungstrager bei der Auswahlentscheidung unterstutzen, Transparenz am Markt schaffen, Vertrauen und Akzeptanz auf der Anwenderseite erhohen sowie es Cloud-Service-Anbietern ermoglichen, ihre Systeme und Prozesse zu uberprufen und zu verbesserb (Sunyaev/Schneider 2013; Bundesamt fur Sicherheit in der Informationstechnik 2011; Khan/Malluhi 2010).

Entwicklung eines Kriterienkatalogs zur Zertifizierung von Cloud-Services

Wie in Kapitel 12 aufgezeigt, entstehen zahlreiche Cloud-Service-Zertifizierungen (CSZ) in der Praxis. Doch in ihtem Bestreben, den Marktstandard zu schaffen, entwickeln sich diese CSZ-Initiativen unanbhangig voneinander, was zu einer heterogenen Sammlung von CSZ fuhrt, die uberwiegend proprierar sind, auf unterschedlichen Standards beruhen und sich in Bezug auf Umfang, Asuit-Prozess und den zugrunde liegenden Zertifizerungsschemata unterscheiden.