Beruflich Dokumente
Kultur Dokumente
Advisors:
Ronald Batenburg & Slinger Roijackers
Advisors:
Kor Tops & Ronald van den Heuvel
Table of Contents
Introduc*on
.....................................................................................................4
Research
Descrip*on
........................................................................................5
Research
Problem
and
Scope
........................................................................................5
Research
Goal
and
Ques7ons
.......................................................................................5
Research
Paradigm
........................................................................................................7
Research
Approach
.......................................................................................................8
Research
Methodology
.................................................................................................10
Prac7cal
and
Scien7fic
Contribu7on
.............................................................................21
Research
Validity
...........................................................................................................25
Research
Phase
1:
Defini*on
of
Cloud
Compu*ng
.............................................26
Context
and
Enabling
Factors
........................................................................................28
Cloud
Compu7ng
Defini7on
..........................................................................................34
Taxonomy
of
Cloud
Solu7ons
........................................................................................48
Common
Use
PaOerns
..................................................................................................55
Cloudnomics:
Cloud
Compu7ng
Economics
..................................................................61
Risks
of
Cloud
Compu7ng
..............................................................................................65
Cloud
Security
...............................................................................................................72
The
Cloud
Compu7ng
Marketplace
...............................................................................76
Selec7ng
a
Cloud
Provider
............................................................................................90
Answers
to
Research
Ques7ons
Phase
1
.......................................................................95
Conclusion
Phase
1
.......................................................................................................99
Research
Phase
2:
ICT
in
the
Dutch
Healthcare
Sector
.......................................102
Context
and
Scope
.........................................................................................................102
The
Role
of
Technology
in
Healthcare
...........................................................................114
ICT
in
the
Dutch
Healthcare
sector
...............................................................................123
Electronic
Pa7ent
Records
in
The
Netherlands
.............................................................126
Answers
to
Research
Ques7ons
Phase
2
.......................................................................150
Conclusion
Phase
2
.......................................................................................................154
Phase
3:
Cloud
Compu*ng
in
the
EPD
context
...................................................160
Design
Science
Research
Approach
...............................................................................160
Ar7fact
Crea7on
............................................................................................................163
Ar7fact
Evalua7on
.........................................................................................................166
In
accordance
with
the
different
research
steps
performed,
the
report
is
structured
in
four
main
sec7ons:
Research
Descrip7on,
Research
Phase
1,
Research
Phase
2
and
Research
Conclusion.
In
the
first
sec7on
(Research
Descrip7on)
the
main
research
goal,
(sub)ques7ons,
methodology,
scope
and
scien7fic
and
social
relevance
are
introduced.
The
second
sec7on
of
this
report
(Research
Phase
1)
elaborates
the
results
of
the
first
part
of
our
research
which
focuses
on
Cloud
Compu7ng
solu7ons.
This
sec7on
includes
not
a
defini7on
of
the
concept
as
well
as
a
taxonomy
of
current
solu7ons,
common
use
paOerns,
a
brief
vendor
analysis
and
a
descrip7on
of
the
associated
risks
compared
to
other
alterna7ves.
The
third
part
of
this
report
(Research
Phase
2)
focuses
on
analyzing
the
Dutch
healthcare
sector
and
the
role
of
informa7on
and
communica7on
technology
(ICT)
in
that
sector.
For
this
purpose
we
have
selected
one
of
the
most
significant
ICT
projects
currently
being
deployed
in
The
Netherlands,
the
introduc7on
of
Electronic
Pa7ents
Records
(EPR
or
EPD
in
Dutch).
In
the
fourth
and
last
sec7on
of
this
report
(Research
Conclusion)
we
combine
the
results
of
the
previous
two
phases
in
analyzing
the
opportuni7es
and
challenges
for
deploying
Cloud
Compu7ng
solu7ons
within
the
EPR
context
in
The
Netherlands.
We
conclude
the
report
with
some
recommenda7ons
for
healthcare
providers,
ICT
providers
and
Government
bodies
as
well
as
some
issues
that
could
be
subject
of
future
research.
Hitherto
there
are
few
scien7fic
publica7ons
on
Cloud
Compu7ng
and
they
focus
primarily
on
providing
the
grounding
step
stones
(e.g.
defini7ons,
actors,
etc.)
of
this
emerging
field.
However,
in
commercial
publica7ons
(e.g.
New
York
Times,
CIO.com,
The
Economist,
CNN,
etc.)
several
ar7cles
can
be
found
on
the
benefits
and
risks
of
this
new
delivery
model.
The
rapid
evolu7on
of
Cloud
Compu7ng
offerings
and
the
lack
of
a
broadly
accepted
defini7on
have
resulted
in
a
hype
where
almost
every
vendor
affirms
they
provide
this
type
of
solu7on.
As
a
direct
consequence
of
this
blurred
situa7on
customers
cannot
evaluate
and
compare
solu7ons
accurately.
Due
to
the
increasing
popularity
of
the
cloud
compu7ng
delivery
model
and
the
lack
of
previous
scien7fic
research
in
this
area
it
is
necessary
to
create
a
defini7on
of
the
concept
that
can
then
be
further
analyzed
in
a
specific
context.
For
this
reason,
the
scope
of
this
research
is
delimited
on
one
hand
by
the
crea7on
of
a
general
Cloud
Compu7ng
defini7on,
and
on
the
other
hand
by
the
risks
and
opportuni7es
of
this
new
paradigm
for
Dutch
healthcare
organiza7ons
and
policy
makers.
For
this
reason,
the
problem
that
we
aim
to
solve
in
this
research
is
the
lack
of
understanding
of
current
opportuni7es
and
barriers
for
using
Cloud
Compu7ng
solu7ons
in
the
Dutch
healthcare
sector.
By
solving
this
problem,
we
aim
to
support
policy
makers,
healthcare
organiza7ons
and
ICT
providers
when
considering
this
paradigm
in
the
Dutch
healthcare
context.
In
order
to
achieve
our
research
goal,
a
number
of
sub-‐steps
have
been
accomplished
first
where
each
step
solves
part
of
the
research
problem.
For
this
purpose,
we
have
divided
our
research
ques7ons
in
three
groups:
The
first
two
groups
of
ques7ons
are
answered
independently
from
each
other
while
the
third
group
elaborates
on
the
answers
found
on
those
two
groups.
By
answering
these
research
ques7ons
we
have
generate
a
set
of
recommenda7on
to
be
taken
into
account
when
evalua7ng
current
Cloud
Compu7ng
solu7ons
for
the
Dutch
Healthcare
sector
and
when
developing
new
cloud
products
for
that
specific
industry.
Moreover,
the
recommenda7ons
can
also
be
applied
in
the
development
of
new
laws
and
regula7ons
by
policy
makers.
The
answers
to
these
three
groups
of
research
ques7ons
provides
us
with
the
answer
to
our
main
research
ques*on:
how
can
a
Dutch
healthcare
organiza*on
select
cloud
compu*ng
solu*ons
taking
into
account
the
requirements
needed
to
connect
to
the
na*onal
pa*ent
records
system?
There
are
several
research
paradigms
applied
in
contemporary
social
research
each
having
its
corresponding
assump7ons,
methodologies
and
suppor7ng
theories.
This
diversity
of
approaches
enables
the
analysis
of
phenomena
from
different
frames
of
reference,
improving
its
validity
and
accoun7ng
for
possible
biases
(e.g.
methodology
related
biases)
(Hirschheim
&
Klein,
1989).
However,
on
Informa7on
Science
(IS)
research
this
is
not
always
the
case
as
the
posi7vist
and
interpreta7ve
approaches
have
been
the
dominant
approaches
for
many
years
(Orlikowski
&
Baroudi,
1991).
In
IS
research
we
can
find
previous
scien7fic
work
on
how
different
world
views
determine
the
research
paradigm
followed
the
researcher
(Orlikowski
&
Baroudi,
1991).
Researcher’s
believes
about
physical
and
social
reality,
knowledge
and
the
rela7onship
between
knowledge
and
the
empirical
world
determine
his/her
research
philosophy
(e.g.
posi7vist,
interpreta7ve,
etc.)
and
consequently
influence
his/her
selec7on
of
research
approach
and
methods
(Orlikowski
&
Baroudi,
1991).
Our
believes
are
described
in
the
following
list:
★ Physical
and
social
reality:
Our
perspec7ves
on
the
empirical
world
is
that
it
is
subjec7ve
and
therefore
created
by
human
ac7ons.
We
assume
therefore
that
humans
(re)create
the
world
applying
high
levels
of
ra7onality
on
their
percep7ons
and
interac7ons
with
other
humans.
Moreover,
we
believe
that
social
rela7ons
are
dynamic
and
in
some
cases
conflicts
arise
from
differences
in
created
"reali7es"
.
★ Epistemology
/
Knowledge:
We
believe
that
knowledge
is
created
and
evaluated
by
human
ra7onality
and
it
is
valid
once
it
has
been
empirically
proven
true
several
7mes.
★ Rela*onship
between
knowledge
and
the
empirical
world:
In
our
research
we
believe
that
knowledge
is
primarily
created
to
solve
specific
problems
in
prac7ce.
Analyzing
our
perspec7ves
on
these
three
areas
we
have
to
conclude
that
we
follow
a
interpreta7ve
research
philosophy.
It
differs
from
the
posi7vist
view
in
the
assump7on
of
social
construc7onism,
the
believe
that
reality
and
our
knowledge
about
it
are
social
products
and
therefore
depend
on
humans
to
be
constructed
and
make
sense
of
it
(Orlikowski
&
Baroudi,
1991)
(Chen
&
Hirschheim,
2004)
(Myers,
1997).
Applied
to
the
IS
research
field,
the
interpreta7ve
research
paradigm
aims
to
understand
“the
context
of
the
informa7on
system,
and
the
process
whereby
the
informa7on
system
influences
and
is
influenced
by
the
context"
(Myers,
1997).
When
aiming
to
achieve
replicability
and
generalizability
of
research
findings
some
authors
believe
that
the
posi7vist
paradigm
might
be
the
most
appropriate
(Chen
&
Hirschheim,
2004).
However,
when
the
researchers
goal
is
to
provide
an
in-‐depth
understanding
of
the
phenomenon
under
study
the
interpreta7ve
paradigm
is
recommended
as
it
enhances
research
from
different
perspec7ves
(Chen
&
Hirschheim,
2004).
The
interpreta7ve
research
paradigm
is
considered
by
some
authors
as
the
only
real
alterna7ve
to
the
dominant
posi7vism
stream
(Chen
&
Hirschheim,
2004).
Although
the
posi7vism
view
is
the
dominant
research
perspec7ve
in
IS
research
it
requires
that
the
phenomenon
under
study
is
single,
tangible,
fragment-‐able
and
with
a
clear
an
unique
defini7on
(Orlikowski
&
Baroudi,
1991).
This
last
requirement
is
not
found
in
the
context
of
our
research
as
there
is
not
yet
a
clear
and
unique
defini7on
of
cloud
compu7ng.
For
this
reason
we
will
try
to
achieve
this
during
the
first
phase
of
our
research.
4. Research
Approach
A
research
approach
can
be
defined
as
"the
set
of
research
methods
that
can
be
applied
to
similar
research
objects
and
research
ques7ons"
(Järvinen,
2000).
A
research
approach
encompasses
therefore
a
group
of
research
methods
that
are
applied
for
the
same
goal
and
on
the
same
object.
We
have
divided
our
research
in
three
different
phases
aiming
to
answer
three
different
types
of
research
ques7ons.
For
this
reason
we
have
selected
different
approaches
and
methods
in
each
phase
depending
on
the
type
of
research
ques7ons
that
we
aim
to
answer.
The
first
two
phase
our
research
follow
a
conceptual-‐analy7cal
approach
to
fully
understand
cloud
compu7ng
and
the
ICT
in
the
Dutch
healthcare
sector
context.
Once
we
have
deeply
understood
these
two
parts
of
reality
we
con7nue
our
research
in
the
third
phase
by
applying
a
design
science’s
innova7on
building
research
approach
that
focuses
on
the
crea7on
of
an
ar7fact
(e.g.
matching-‐
model)
based
on
the
results
from
the
previous
two
phases
(Järvinen,
2000).
Within
the
conceptual-‐analy7cal
research
approach
we
can
observe
two
research
trends
(Järvinen,
2000).
Some
researchers
focus
on
research
ques7ons
as
"Which
kind
of
theory
concerning
a
certain
part
of
reality
could
be
derived,
if
certain
assump;ons
and
premises
are
valid?"
while
other
researchers
aim
to
answer
ques7ons
like
"Is
there
any
common
theory,
which
describes
and
explains
those
phenomena?".
Our
research
corresponds
primarily
with
the
first
research
stream
as
we
aim
to
derive
theory
(e.g.
our
matching-‐model)
concerning
a
part
of
reality
(e.g.
cloud
compu7ng
and
IT
in
Dutch
Healthcare)
from
certain
assump7ons
and
premises
(e.g.
our
own
defini7on
of
cloud
compu7ng
and
our
interpreta7on
of
NICTIZ
requirements).
In
the
ar7fact
building
research
approach
the
researcher
inves7gates
if
a
certain
ar7fact
(abstract
or
concrete)
can
be
constructed
(Järvinen,
2000).
The
corresponding
research
ques7on
that
this
approach
aims
to
answer
is
“Is
it
possible
to
build
a
certain
ar;fact?"
(Järvinen,
2000).
In
phase
three
of
our
research
we
have
followed
this
research
approach
to
elaborate
a
meta-‐ar7fact
(e.g.
matching-‐model).
With
our
meta-‐ar7fact
we
try
to
demonstrate
not
only
that
this
abstract
ar7fact
can
be
build
but
also
that
following
our
matching-‐model
a
prac77oner
can
select
a
concrete
cloud
compu7ng
ar7fact
to
be
used
in
the
EPD
context.
In
the
IS
research
field
we
can
find
several
other
taxonomies
that
are
oren
applied
to
select
the
most
appropriate
research
approach.
Some
examples
are
Nunamaker’s
et
al,
Galliers
&
Land’s
and
March
&
Smith’s
frameworks
(Järvinen,
2000)
(Hevner,
March,
Park,
&
Ram,
2004)
(Galliers
&
Land,
1987).
According
to
Nunamaker’s
taxonomy,
our
mix
of
conceptual-‐analy7cal
and
ar7fact
building
approaches
is
considered
as
a
theory
building
approach
with
a
focus
on
delivering
conceptual
frameworks.
In
Galliers
&
Land’s
framework
our
research
is
regarded
as
descrip7ve
interpreta7ve
in
phase
one
and
two
as
we
focus
mainly
on
understanding
the
nature
of
IT
(Järvinen,
2008).
Moreover,
applying
March
and
Smith's
framework
(see
table
1)
our
research
can
be
classified
as
theory
research
As
the
research
methods
depend
on
the
research
approach
followed
we
will
discuss
them
per
phase
of
our
research
in
the
following
sec7on.
5. Research
Methodology
One
of
the
key
factors
to
select
an
appropriate
research
methodology
is
to
recognize
available
methodologies
and
understand
their
challenges
and
opportuni7es
(Järvinen,
2008)
(Jenkins,
1985)
(Chen
&
Hirschheim,
2004).
Although
surveys,
laboratory
experiments
and
case
studies
research
methods
have
been
dominant
in
the
IS
research
field
(Orlikowski
&
Baroudi,
1991),
qualita7ve
methods
and
longitudinal
studies
are
gaining
popularity
as
the
interpreta7ve
approach
is
gaining
popularity
(Chen
&
Hirschheim,
2004).
Experienced
IS
researchers
recommend
to
select
the
most
appropriate
methodology
within
the
context
of
the
research
objec7ve,
an
individual's
research
paradigm,
his/her
integrity,
the
available
knowledge
on
the
IS
field
and
the
opera7ng
paradigms
available
(Jenkins,
1985).
Our
research
can
be
in
general
considered
as
a
interpreta7ve
case
study
because
it
aims
to
capture
and
communicate
(a
part
of)
reality
in
a
par7cular
context
7me
(e.g.
feasibility
of
cloud
compu7ng
in
the
current
Dutch
healthcare
system)
(Jenkins,
1985).
One
of
the
most
significant
barriers
that
we
encounter
when
selec7ng
our
research
methods
was
the
lack
of
available
knowledge
about
cloud
compu7ng
in
a
Dutch
healthcare
seung.
Other
barriers
that
we
encountered
when
selec7ng
our
methods
are
the
high
costs
and
feasibility
of
alterna7ve
methods
(e.g.
survey,
lab
experiment,
etc.),
the
low
level
of
control
we
have
over
the
variables
and
the
lack
of
applicable
ar7facts
(e.g.
defini7ons,
methods,
models,
etc.)
When
performing
IS
research
is
oren
very
difficult
to
reproduce
the
research
environment
in
experimental
designs
and
only
a
limited
number
of
factors
can
be
studied
on
such
a
seung
(Galliers
&
Land,
1987).
Moreover,
for
this
type
of
method
the
researcher
should
have
control
over
behavioral
events.
Due
to
the
fact
that
we
cannot
reproduce
the
EPD
context
in
an
experiment
and
that
we
have
low
control
over
the
events
we
have
discarded
lab
experiments
as
a
viable
method
in
our
situa7on.
A
survey
was
considered
during
the
first
months
of
the
research
but
was
discarded
due
to
the
fact
that
Previous
work
on
selec7ng
the
appropriate
IS
research
methodologies
has
shown
that
applying
only
empirical-‐analy7cal
methods
(e.g.
sta7s7cal
methods)
the
research
would
have
serious
limita7ons
as
it
should
also
include
behavioral
and
organiza7onal
considera7ons.
IT
is
defined
by
some
authors
as
"technology
used
to
acquire
and
process
informa7on
in
support
of
human
purposes,
typically
within
some
organiza7onal
seung"
(March
&
Smith,
1995).
Qualita7ve
methods
(e.g.
field
work,
interviews,
etc.)
are
therefore
appropriate
for
IS
research
as
IT
is
oren
studied
in
organiza;ons
and
used
by
humans
(Galliers
&
Land,
1987)
(Myers,
1997).
Taking
into
the
limita7ons
previously
stated,
we
have
applied
Järvinen's
taxonomy
to
link
our
research
ques7ons
to
the
most
appropriate
(and
feasible)
research
methods
(Järvinen,
2008).
The
results
of
our
selec7on
process
is
depicted
in
table
2.
For
clarifying
purposes,
we
have
depicted
the
main
research
ques7on
and
sub-‐ques7ons,
the
corresponding
research
methodology,
the
research
deliverables
and
their
rela7onships
in
figure
1.
Moreover,
based
on
the
meta
modeling
technique
developed
by
Professor
Brinkkemper
(Brinkkemper,
Saeki,
&
Harmse,
1999)
we
have
elaborated
the
research
phases
and
deliverables
in
a
Process
Deliverable
Diagram
(PDD)
which
is
depicted
in
appendix
B.
In
appendix
C
we
have
also
included
the
GANTT
diagram
for
the
planning
of
each
research
phase.
Our
research
methodology
is
designed
per
phase
due
to
the
significant
differences
in
research
subjects
in
phase
one
and
two,
and
the
differences
in
the
research
goal
of
phase
three.
The
first
two
phases
focusing
on
describing
reality
to
understand
the
nature
of
two
different
parts
of
reality
(e.g.
cloud
compu7ng
and
Dutch
healthcare)
while
the
third
phase
goal
is
to
elaborate
a
meta-‐ar7fact
(e.g.
matching-‐model).
During
the
first
two
phases
of
our
research
we
conduct
descrip7ve
literature
studies
following
the
archival
research
methodology
(Jenkins,
1985).
Addi7onally,
due
to
emerging
and
evolving
character
of
the
concept
of
cloud
compu7ng,
we
conduct
an
online
field
study
in
the
cloud
compu7ng
community
to
define
the
term
from
a
interpreta7ve
perspec7ve.
Field
study
methods
are
recommended
when
the
researcher
adopts
an
interpreta7ve
research
paradigm
(Orlikowski
&
Baroudi,
1991).
In
the
field
study
research
method
the
researcher
does
not
manipulate
any
variable
as
he/she
only
inves7gates
a
part
of
reality
within
a
human
interac7on
context
(Jenkins,
1985).
In
the
third
phase
of
our
research
we
follow
the
design
science
research
to
create
an
ar7fact
that
connects
the
results
of
the
previous
two
phases.
In
order
to
validate
the
results
of
the
first
two
phases
we
have
conducted
a
series
of
expert
reviews
which
include
not
only
the
coordinators
of
these
thesis
but
also
several
other
experts
in
each
of
the
two
fields.
A
descrip7on
of
these
reviews
can
be
found
further
in
this
thesis
in
the
sec7on
discussing
the
research
methods
of
each
phase.
As
we
men7oned
earlier
on
this
thesis
the
first
phase
of
our
research
follows
a
conceptual-‐
analy7cal
research
approach
to
create
theory
(e.g.
our
defini7on
of
cloud
compu7ng)
about
a
certain
part
of
reality
based
on
certain
valid
assump7ons
and
premises
(Järvinen,
2003).
As
we
follow
a
interpreta7ve
paradigm
we
assume
that
the
defini7on
of
cloud
compu7ng
is
created
and
recreated
by
humans
when
they
apply
high
levels
of
ra7onality
to
their
empirical
percep7on.
For
this
reason
we
consider
not
only
several
publica7ons
from
relevant
human
actors
(e.g.
science,
vendors,
consultants,
etc.)
but
also
how
the
meaning
of
the
term
is
(re)created
by
human
interac7ons
on
online
communi7es.
Our
research
is
more
concerned
with
crea7ng
theory
than
with
tes7ng
theory.
The
reason
for
this
approach
is
that
cloud
compu7ng
is
an
emerging
paradigm
and
therefore
there
is
almost
none
previous
scien7fic
work
available.
As
this
emerging
paradigm
is
expected
to
have
significant
implica7ons
in
the
near
future,
it
is
first
necessary
to
create
cloud
theory
(e.g.
defini7on
of
cloud
compu7ng)
that
can
then
be
used
in
this
thesis
as
well
as
in
future
research.
In
this
phase
we
create
analysis
theory
due
to
the
fact
that
we
aim
to
answer
the
ques7on
“what
is
cloud
compu7ng?”
(Gregor,
2006).
In
a
conceptual
analy7cal
research
approach,
proposi7ons
are
created
from
collec7ng
and
integra7ng
exis7ng
research
results.
Theory
then
is
created
arer
observa7on
by
inducing
basic
clauses
and
deduc7ng
proposi7ons
from
them
(Jenkins,
1985).
In
our
research
we
perform
first
an
extensive
literature
review
on
term
cloud
compu7ng
to
complement
it
with
findings
from
our
observa7ons
during
our
online
field
study.
We
integrate
our
finding
in
a
set
of
common
features
that
we
further
analyze
in
detail.
Applying
deduc7ve
reasoning
we
exclude
some
of
the
features
and
include
the
rest
in
our
research
defini7on
of
cloud
compu7ng.
Once
we
have
created
our
defini7on
of
cloud
compu7ng
we
validate
it
with
community
reviews
and
expert
reviews.
In
our
concept-‐centric
search
process
we
have
searched
for
the
terms
“cloud”,
“cloud
compu7ng”,
“u7lity
compu7ng”,
“HPC”,
“IaaS”,
“PaaS”,
“SaaS”,
“as-‐a-‐service”
among
others.
In
our
author-‐centric
approach
we
have
searched
for
ar7cles
wriOen
by
field
experts
(e.g.
“Nicholas
Carr”,
“Daryl
Plummer”)
as
well
as
by
leading
IT
organiza7ons.
The
tools
that
we
used
more
intensively
during
our
search
process
are
Utrecht
University’s
Omega
search
engine
(hOp://omega.library.uu.nl),
The
ACM
digital
library
(hOp://portal.acm.org),
IEEE
Xplore
digital
library
(hOp://ieeexplore.ieee.org),
the
Web
of
Science
website
(hOp://www.webofscience.com)
and
Google
Scholar
(hOp://
scholar.google.com).
We
have
evaluated
the
ar7cles
found
by
a
backward
analysis
to
analyze
the
cita7ons
included
in
the
paper
as
well
as
by
a
forward
analysis
to
analyzing
the
cita7ons
to
that
paper
from
other
papers
found
in
the
Web
of
Science
website
and
Google
Scholar.
From
the
begging
stages
of
our
thesis
we
have
par7cipated
on
Google
Group’s
cloud
compu7ng
Community
(hOp://groups.google.com/group/cloud-‐compu7ng),
on
several
Linkedin
cloud
compu7ng
groups
(The
Cloud
Talk
Community
Forum,
cloud
compu7ng
Standards
Forum,
Cloud
Storage,
etc.)
and
on
our
TwiOer
group
of
cloud
compu7ng
experts
(hOp://twiOer.com/aciertoweb/
cloud-‐compu7ng/).
It
is
important
to
note
that
Google
Group
and
Linked
communi7es
focus
more
on
formal
discussions
and
deliverables
(cloud
specifica7ons,
standards,
etc.)
while
TwiOer’s
community
is
more
dynamic
and
includes
a
significant
larger
number
of
individual’s
contribu7ons
and
discussions.
From
our
experience
TwiOer
was
the
most
valuable
social
network
to
obtain
and
validate
knowledge.
Our
par7cipa7on
in
these
online
cloud
compu7ng
communi7es
can
be
regarded
as
an
online
field
study
as
we
do
not
manipulate
any
variable
but
instead
we
just
measure
it
within
a
human
context
(Jenkins,
1985).
Applying
field
study
techniques
on
social
networks
we
were
able
to
observe
several
discussions
between
cloud
experts
on
the
different
features
that
the
cloud
compu7ng
defini7on
should
include
and
which
types
of
models
are
available.
These
online
communi7es
have
all
a
large
number
of
members
where
some
contribute
more
than
others
to
the
community.
In
our
TwiOer
group
of
cloud
compu7ng
experts
we
have
selected
the
members
that
are
more
ac7ve
in
collabora7ng
and
sharing
informa7on.
The
most
ac7ve
community
members
are
depicted
in
appendix
D
Each
community
member
has
its
own
exper7se.
Joe
Weinman
is
for
example
considered
an
expert
in
cloud
compu7ng
economics,
Christofer
Hoff
is
a
recognized
From
our
observa7ons
we
can
interpret
that
individual’s
argumenta7ons
are
oren
in
line
with
their
employer’s
interests.
For
example
community
members
working
at
hardware
producers
(e.g.
Cisco,
NEC,
etc.)
are
more
in
favor
of
private
cloud
models
while
individuals
working
at
web
based
companies
focus
more
on
public
cloud
models
(e.g.
Google,
Amazon,
etc.).
We
have
carefully
considered
this
possible
bias
in
their
opinions
when
evalua7ng
their
argumenta7ons.
A
clear
advantage
of
this
method
is
the
large
number
of
relevant
ar7cles
that
we
have
discovered
through
community
member’s
contribu7ons.
For
example,
through
twiOer
we
were
able
to
obtain
recent
published
documents
just
hours
arer
they
were
available
online.
Without
our
par7cipa7on
on
this
online
communi7es
our
literature
study
would
have
been
limited
to
the
ar7cles
found
through
search
engines,
with
the
corresponding
crawling
delay.
Moreover,
these
plaxorms
have
enabled
us
to
interact
with
several
cloud
compu7ng
experts
around
the
globe.
For
this
reason,
we
highly
recommend
this
method
in
future
research,
specially
to
analyze
emerging
and/or
dynamic
concepts
from
an
interpreta7ve
perspec7ve.
For
crea7ng
our
defini7on
of
cloud
compu7ng
we
analyze
first
the
basic
constructs
individually
(e.g.
features)
to
apply
logical
reasoning
based
on
our
percep7on
(e.g.
literature
study)
and
our
observa7ons
from
online
cloud
compu7ng
communi7es
(e.g.
online
field
study).
From
exis7ng
papers
and
community
contribu7ons
we
have
derived
a
set
of
features
that
are
regarded
as
possible
features
of
cloud
compu7ng
solu7ons.
Applying
the
formism
research
method
(Jenkins,
1985)
we
group
similar
features
into
categories
and
select
those
categories
that
(1)
are
men7oned
by
several
relevant
actors
and
(2)
they
are
corroborated
or
rejected
by
cases
in
prac7ce.
We
interview
Mr.
Gerard
Persoon,
Business
Consultancy
Manager
at
E.nova7on
and
Mr.
Kor
Tops,
Engineering
Manager
at
the
same
organiza7on.
Mr.
Persoon
has
more
than
20
years
experience
in
IT
having
worked
previously
for
Ernst
&
Young
for
several
years.
His
exper7se
areas
are
informa7on
security,
IT
audits,
ITIL,
ISO
9001
and
func7onal
design.
Mr.
Tops
has
also
more
than
20
years
experience
in
IT
and
his
exper7se
includes
among
others
IT
infrastructure
management
and
SAN
storage
architectures.
Following
our
interpreta7ve
research
paradigm
we
cannot
only
rely
on
wriOen
defini7ons
and
a
few
expert
reviews
but
we
have
to
consider
also
how
the
meaning
of
the
term
“cloud
compu7ng”
is
currently
(re)nego7ated
between
the
most
relevant
human
actors.
For
this
reason
we
have
further
validated
our
defini7on
by
analyzing
relevant
discussions
on
the
most
relevant
online
communi7es.
Due
to
the
emerging
character
of
cloud
compu7ng,
each
of
the
features
of
our
cloud
compu7ng
defini7on
was
at
a
certain
moment
in
7me
subject
of
discussion
between
the
members
of
the
community.
Although
we
are
aware
of
possible
biases
in
their
opinions,
several
argumenta7ons
were
found
that
helped
us
in
our
logical
reasoning
when
including
or
excluding
features
from
our
defini7on
of
cloud
compu7ng.
We
decide
to
include
or
exclude
a
feature
based
on:
(1)
how
many
community
members
agree
(or
disagree)
(2)
how
many
prac7cal
cases
confirm
or
rejects
its
feasibility.
In
this
phase
we
con7nue
applying
a
conceptual-‐analy7cal
approach
to
create
theory
about
a
certain
part
of
reality
(e.g.
IT
in
Dutch
healthcare)
based
on
certain
valid
assump7ons
and
premises
(Järvinen,
2003).
We
start
by
crea7ng
analysis
theory
when
exploring
the
Dutch
healthcare
sector
in
general.
We
then
con7nue
our
research
by
crea7ng
explana7on
theory
aiming
to
answer
why,
when,
how
and
where
to
use
IT
in
the
Dutch
healthcare
context
(Gregor,
2006).
In
order
to
achieve
this
we
apply
the
literature
study
research
method.
Moreover,
we
follow
a
top-‐down
approach
exploring
first
the
current
situa7on
of
the
healthcare
sector
in
Europe
and
in
The
Netherlands
in
order
to
iden7fy
the
main
challenges
and
opportuni7es
in
this
context.
We
con7nue
then
by
focusing
on
IT
in
the
Dutch
healthcare
sector
with
further
explora7on
of
the
Dutch
electronic
pa7ent
records
system
EPD,
one
of
the
most
significant
IT
infrastructures
in
that
sector.
In
order
to
facilitate
the
construc7on
of
our
matching-‐model
in
the
next
phase
of
our
research
we
have
focused
further
on
the
EPD
cer7fica7on
requirements.
In
our
concept-‐centric
search
process
we
have
searched
for
the
terms
“healthcare
IT”,
“e-‐
Health”
and
“Dutch
healthcare
IT”
among
others.
In
our
author-‐centric
approach
we
have
searched
for
ar7cles
wriOen
by
field
experts
(e.g.
“Stroetmann”)
as
well
as
by
relevant
public
bodies
and
relevant
organiza7ons
(e.g.
“European
Commission”,
“Dutch
Ministry
of
Healthcare”,
“NICTIZ”,
etc.)
The
tools
that
we
used
more
intensively
during
our
search
process
are
Utrecht
University’s
Omega
search
engine
(hOp://omega.library.uu.nl),
The
ACM
digital
library
(hOp://portal.acm.org),
IEEE
Xplore
digital
library
(hOp://ieeexplore.ieee.org),
the
Web
of
Science
website
(hOp://
www.webofscience.com)
and
Google
Scholar
(hOp://scholar.google.com).
We
have
evaluated
the
ar7cles
found
by
a
backward
analysis
to
analyze
the
cita7ons
included
in
the
paper
as
well
as
by
a
forward
analysis
to
analyzing
the
cita7ons
to
that
paper
from
other
papers
found
in
the
Web
of
Science
website
and
Google
Scholar.
Design
science
can
be
defined
in
general
as
crea7ng
innova7ons
that
improve
humans
capabili7es
(March
&
Smith,
1995)
(Hevner
et
al.,
2004).
In
prac7ce
we
can
observe
that
most
of
the
work
carried
out
by
IS
prac77oners
focuses
on
designing
the
purposeful
alloca7on
of
resources
to
accomplish
an
organiza7onal
goal
(Hevner
et
al.,
2004).
For
this
reason
most
IT
projects
are
designed
to
improve
opera7onal
efficiency
and
effec7veness.
This
is
also
the
essence
of
the
design
science
approach
as
it
is
a
problem-‐solving
paradigm
that
focuses
on
crea7ng
ar7facts
that
support
the
effec7ve
and
efficient
use
of
informa7on
systems
in
organiza7ons
(Hevner
et
al.,
2004).
The
goal
of
our
matching-‐model
is
therefore
to
support
prac77oners
in
the
deployment
of
solu7ons
following
the
cloud
compu7ng
model
that
could
improve
organiza7onal
performance
of
healthcare
organiza7ons
in
the
na7onal
pa7ent
system
context.
According
to
Iivary's
ontology
of
design
science
the
third
phase
of
our
research
can
be
classified
as
World
3,
this
means
that
the
explana7on
to
reality
is
achieved
by
meta
IT
ar7facts
as
we
aim
to
develop
"new
types
of
theories
made
possible
by
IT
ar7facts"
(Iivari,
2007).
The
theory
we
aim
to
create
is
found
in
our
matching-‐model
where
we
aim
to
explore
the
challenges
and
opportuni7es
of
cloud
compu7ng
in
Dutch
healthcare.
Within
the
design
science
research
approach
we
can
observe
two
main
ac7vi7es:
ar7fact
building
and
ar7fact
evalua7on
(Hevner
et
al.,
2004)
(March
&
Smith,
1995)
(Iivari,
2007).
The
purpose
of
this
research
approach
can
be
therefore
found
in
two
dimensions:
crea7ng
an
ar7fact
to
demonstrate
that
such
an
ar7fact
can
be
build
and
evalua7ng
its
performance
against
specific
criteria.
The
crea7on
of
knowledge
in
design
science
is
based
on
a
set
of
basic
assump7ons
(e.g.
kernel
theories)
that
are
applied
and
modified
by
the
researcher's
experience,
crea7vity,
intui7on
and
problem-‐solving
capabili7es
(Hevner
et
al.,
2004).
We
have
elaborated
our
kernel
theories
during
the
first
research
phases
that
have
resulted
in
two
basic
constructs:
our
defini7on
of
cloud
compu7ng
and
the
lists
of
requirements
to
connect
to
the
Dutch
na7onal
pa7ent
infrastructure
(EPD).
Previous
work
on
design
science
has
iden7fied
eight
main
components
of
a
design
theory
(Gregor
&
Jones,
2007).
The
design
theory
must
state
its
purpose
and
scope
as
well
as
the
principles
of
form
and
func7on
for
the
use
of
constructs.
The
validity
of
the
theory
is
improved
by
addressing
ar7fact
mutability,
tes7ng
proposi7ons
and
jus7fying
knowledge
through
kernel
theories.
The
theory
The
purpose
of
our
design
science
theory
is
to
explore
the
feasibility
of
cloud
compu7ng
solu7ons
in
an
specific
scope
determined
by
the
characteris7cs
of
the
Dutch
healthcare
sector.
We
provide
a
extensive
descrip7on
in
phase
one
and
two
about
how
we
build
our
two
basic
constructs
and
the
kernel
theories
applied
in
the
process.
To
reduce
the
risk
of
ar7fact
mutability
we
validate
our
two
basic
constructs
before
including
them
in
our
matching-‐model.
Due
to
the
innova7ve
character
of
our
research
subject
(e.g.
cloud
compu7ng)
we
could
not
perform
any
implementa7on
or
instan7a7on
of
the
matching-‐model.
However,
these
does
not
represent
a
cri7cal
shortcoming
in
our
research
as
these
components
are
regarded
in
previous
work
as
addi7onal
non-‐core
components
(Gregor
&
Jones,
2007).
The
main
goal
of
the
ar7fact
building
research
approach
is
to
explore
if
a
certain
ar7fact
(abstract
or
concrete)
can
be
constructed
(Järvinen,
2000).
By
building
our
matching-‐model
we
demonstrate
therefore
that
such
meta-‐ar7fact
can
be
build
based
on
our
assump7ons
and
premises.
Moreover,
our
matching-‐model
can
be
used
as
an
intellectual
tool
to
support
human
problem-‐solving
and
improve
organiza7onal
capabili7es
in
the
Dutch
healthcare
context
which
is
a
common
goal
found
in
design
science
research
(Hevner
et
al.,
2004).
When
execu7ng
the
third
phase
of
our
research
we
have
followed
Hevner's
guidelines
for
design
science
in
IS
research
(Hevner
et
al.,
2004).
This
guidelines
are
based
on
the
assump7on
that
knowledge
over
a
design
problem
and
its
solu7on
is
created
when
building
and
applying
an
ar7fact.
According
to
Hevner,
design
science
research
focuses
on
the
crea7on
of
an
innova7ve
purposeful
ar7facts
for
a
specific
problem
domain
where
the
ar7fact
aims
to
solve
an
unsolved
problem
or
a
known
problem
in
a
more
efficient
or
effec7ve
way.
For
this
reason,
the
ar7fact
must
be
rigorously
defined,
formally
represented,
coherent,
internally
consistent
and
evaluated.
Hevner's
guidelines
for
design
science
research
are
depicted
in
table
3.
Guideline Descrip*on
Design-‐science
research
must
produce
a
viable
ar7fact
in
the
form
of
a
construct,
a
(1)
Design
as
an
ar7fact
model,
a
method,
or
an
instan7a7on.
The
objec7ve
of
design-‐science
research
is
to
develop
technology-‐based
solu7ons
(2)
Problem
Relevance
to
important
and
relevant
business
problems.
The
u7lity,
quality,
and
efficacy
of
a
design
ar7fact
must
be
rigorously
demonstrated
(3)
Design
Evalua7on
via
well-‐executed
evalua7on
methods.
Effec7ve
design-‐science
research
must
provide
clear
and
verifiable
contribu7ons
in
(4)
Research
Contribu7ons
the
areas
of
the
design
ar7fact,
design
founda7ons,
and/or
design
methodologies.
Design-‐science
research
relies
upon
the
applica7on
of
rigorous
methods
in
both
the
(5)
Research
Rigor
construc7on
and
evalua7on
of
the
design
ar7fact.
The
search
for
an
effec7ve
ar7fact
requires
u7lizing
available
means
to
reach
(6)
Design
as
a
Search
Process
desired
ends
while
sa7sfying
laws
in
the
problem
environment.
Design-‐science
research
must
be
presented
effec7vely
both
to
technology-‐oriented
(7)
Communica7on
of
Research
as
well
as
management-‐oriented
audiences.
It
is
important
to
note
that
this
guidelines
should
not
be
considered
mandatory
as
the
researcher
must
use
his/her
crea7ve
skills
and
judgment
to
determine
when,
where
and
how
to
apply
each
guideline
in
an
specific
research
(Hevner
et
al.,
2004).
The
applica7on
of
these
guidelines
in
our
ar7fact
building
process
is
described
further
in
this
research
when
describing
the
elabora7on
of
our
matching-‐model
in
the
third
phase
of
our
research.
According
to
previous
work,
the
resul7ng
meta-‐ar7facts
must
include
knowledge
that
enables
product
and
process
design
(Iivari,
2007).
We
believe
that
our
matching-‐model
contains
knowledge
that
can
support
prac77oners
in
the
design
of
new
(or
modified)
cloud
products
and
as
well
as
in
the
design
of
cloud
related
processes.
By
matching
a
poten7al
solu7on
with
our
cloud
compu7ng
features
and
evalua7ng
the
requirements
enforced
by
NICTIZ
an
organiza7on
can
select
the
solu7on
that
best
fits
their
needs
in
that
context.
A
final
remark
should
be
made
on
the
fact
that
the
quality
of
design
science
ar7facts
improves
when
subsequent
evalua7ons
are
performed
as
they
oren
result
in
incremental
improvements
(Hevner
et
al.,
2004)
(Gregor
&
Jones,
2007).
However,
we
could
not
improve
any
exis7ng
model
as
we
could
not
find
any
similar
meta-‐ar7fact
in
previous
literature.
For
this
reason
we
had
to
create
a
new
meta-‐ar7fact
that
can
be
evaluated
and
improved
in
further
research.
This
is
a
typical
situa7on
when
applying
design
science
to
build
new
or
innova7ve
ar7facts
as
theories
over
the
applica7on
and
impact
of
these
ar7facts
can
be
created
once
the
ar7facts
are
applied
in
prac7ce
(Hevner
et
al.,
2004).
According
to
some
authors,
the
way
companies
make
use
of
ICT
is
recently
changing
to
a
paradigm
where
infrastructures
and
applica7ons
become
u7li7es
and
will
simply
come
out
off
the
wall
like
common
u7li7es
do
(e.g.
electricity).
In
his
books
“Does
IT
maOer”
and
“ The
Big
Switch”
Nicholas
Carr
predicts
the
end
of
corporate
ICT
departments
due
to
the
increasing
standardiza7on
and
availability
of
technological
infrastructures
and
applica7ons
(Molenaar,
2009).
Mr
Carr
affirms
that
this
situa7on
will
realize
savings
of
unused
server
and
storage
capacity
as
well
as
on
human
resources.
However,
not
all
ICT
experts
agree
fully
with
Carr’s
predic7ons.
Mr
Ron
Tolido
(CTO
of
Capgemini
in
The
Netherlands)
notes
that
applica7ons
that
can
be
standardized
(the
great
majority)
should
be
contracted
off
the
wall,
realloca7ng
their
costs
to
those
essen7al
applica7ons
(the
minority)
that
contribute
to
an
organiza7on’s
compe77ve
advantage
(Molenaar,
2009).
Other
experts,
like
Prof.
dr.
Chris
Verhoef
of
Vrije
Universiteit
Amsterdam,
affirms
that
ICT
s7ll
provides
companies
with
a
The
growing
popularity
and
adop7on
of
SaaS
and
IaaS
technologies
are
clear
examples
of
the
switch
that
ICT
is
experiencing
towards
a
service
model
delivered
through
internet
technologies.
Some
important
players
in
the
ICT
industry
(e.g.
HP,
Microsor,
etc.)
are
using
terms
like
‘everything
as
a
service'
where
the
internet
is
extended
to
the
enterprise
instead
of
the
enterprise
being
just
connected
to
the
internet.
This
new
vision
requires
new
forms
of
understanding
and
organizing
enterprises
and
their
value
chains.
In
their
2008
predic7ons
(Plummer
&
McGee,
2008)
Gartner
research
an7cipated
the
growing
popularity
of
SaaS
and
Cloud
Compu7ng
as
viable
op7ons
to
internal
systems
and
outsourcing.
In
accordance
with
Gartner’s
predic7ons,
web
technologies
had
become
the
main
trigger
for
business
innova7on.
It
is
clear
that
in
the
context
of
these
new
emerging
delivery
models,
IT
capabili7es
will
evolve
significantly
due
to
disrup7ve
changes
in
what
end
users
will
buy
and
how
they
will
pay
for
it.
Network
services
and
service
orchestra7on
will
therefore
become
more
cri7cal
to
business
performance
because
they
enable
the
use
of
other
sorware
and
hardware.
In
the
annual
Gartner’s
CIO
survey
(McGee
et
al.,
2008),
strategic
ICT
focus,
the
use
of
specific
business
metrics
to
quan7fy
ICT’s
value
and
the
priori7za7on
of
ICT
projects
are
believed
to
create
the
greatest
growth
opportuni7es
for
enterprises
during
the
coming
years.
CIOs
around
the
world
believe
their
department
can
play
a
crucial
role
in
the
short
term
by
improving
business
processes
and
workforce
performance
while
controlling
costs.
On
the
long
term
technology
can
also
enable
new
strategic
capabili7es
for
organiza7ons.
This
switch
in
CIOs’
agendas
and
the
increasingly
popular
concept
of
compu7ng
u7li7es
have
inspired
this
research.
Although
tradi7onal
strategies
(e.g.
opera7onal
efficiency,
product
differen7a7on,
etc.)
remain
essen7al
requirements
for
success,
an
enterprise
needs
nowadays
to
dynamically
adapt
its
ICT
organiza7on
to
rapidly
changing
business
needs
in
order
to
aOract
and
retain
customers
(McGee
et
al.,
2008).
The
focus
is
nowadays
not
strictly
on
technological
management
but
on
7mely
changing
the
firm’s
capabili7es
to
enforce
its
compe77veness.
Not
reac7ng
or
reac7ng
too
late
to
customer’s
demand
can
have
direct
consequences
for
organiza7onal
performance.
It
is
also
important
to
note
that
“Delivering
projects
that
enable
business
growth”
and
“Linking
business
and
IT
strategies
and
plans”
have
been
CIOs’
top
two
priori7es
during
the
last
years
(2005
to
2007)
(McGee
et
al.,
2008).
These
two
main
priori7es
are
followed
by
“Improving
the
quality
of
IT
service
delivery”
and
“Demonstra7ng
the
business
value
of
IT”
among
others.
A
business
driven
ICT
organiza7on
has
therefore
become
one
of
the
most
important
objec7ves
of
current
CIOs.
Another
important
trend
no7ced
by
Gartner
is
the
idea
that
Service
Oriented
Architecture
(SOA)
will
become
the
standard
design
for
more
than
80%
of
new
and
mission-‐cri7cal
applica7ons
and
business
processes
by
2010.
Consequently
redundant
and
irrelevant
applica7ons
will
be
phaced
out.
According
to
Gartner
(McGee
et
al.,
2008),
“the
future
applica7on
environment
will
be
more
granular,
inclusive
and
fluid
to
enable
rapid
composi7on,
integra7on,
orchestra7on
and
reuse.”
In
previous
scien7fic
papers
we
can
find
six
main
types
of
research
outputs
(descrip7ons
of
reality,
constructs,
models,
methods,
instan7a7ons
and
proofs)
depending
on
the
research
approach
followed
(Järvinen,
2000).
During
our
research
we
provide
descrip7ons
of
two
parts
of
reality
(e.g.
cloud
compu7ng
and
IT
in
Dutch
healthcare)
to
construct
our
defini7on
of
cloud
compu7ng
and
our
matching-‐model.
Moreover,
we
cannot
find
the
same
combina7on
of
methods
that
we
have
applied
during
our
research
which
cons7tutes
an
addi7on
to
the
research
body
of
knowledge.
The
extensive
analysis
and
descrip7ons
about
parts
of
reality
in
phase
one
and
two
of
our
thesis
are
specially
valuable
in
research
seung
with
few
knowledge
available
about
some
phenomena
(Gregor,
2006).
We
create
our
defini7on
of
cloud
compu7ng
from
an
interpreta7ve
perspec7ve
taking
into
account
how
its
meaning
is
(re)created
by
human
interac7on
on
online
communi7es.
This
methodology
can
also
be
regarded
as
an
addi7on
to
the
body
of
knowledge
of
research
methods
as
it
has
not
yet
been
oren
applied
in
previous
research.
Moreover
by
delivering
a
consistent
defini7on
of
the
concept
we
facilitate
future
cloud
compu7ng
research.
In
general,
the
design
science
building-‐ar7fact
approach
applied
in
the
third
phase
of
our
research
aims
to
create
a
certain
abstract
or
concrete
ar7fact
(e.g.
system,
model,
method,
etc.)
(Järvinen,
2000).
Following
this
approach
we
have
created
a
matching-‐model
to
link
the
two
basic
constructs
created
in
the
first
two
phases.
As
in
previous
design
science
research
the
scien7fic
According
to
Gregor's
taxonomy
types
and
research
ques7ons
in
IS
research
the
theory
created
in
our
research
can
be
classified
as
Analysis
(phase
one),
Analysis
and
Explana7on
(phase
two)
and
Design
(phase
3)
(Gregor,
2006).
This
classifica7on
is
derived
from
the
type
of
research
ques7on
that
we
aim
to
answer.
In
our
first
research
phase
we
focus
primarily
on
what
is
cloud
compu7ng
(Analysis
theory)
while
in
the
second
phase
we
add
also
ques7ons
related
to
why,
when,
how
and
where
to
use
IT
in
Dutch
healthcare
(Explana7on
theory).
With
our
matching-‐model
we
create
Design
Theory
as
we
aim
to
answer
the
ques7on
on
how
to
use
cloud
compu7ng
in
the
EPD
context.
Theory
that
analyses
some
part
of
reality
is
specially
valuable
when
there
is
few
knowledge
about
some
phenomena
(Gregor,
2006).
This
is
also
the
case
in
our
research
as
there
is
almost
no
scien7fic
publica7ons
on
cloud
compu7ng.
Theory
for
explaining
is
oren
concerned
with
how
and
why
some
phenomena
takes
place
(Gregor,
2006).
This
is
what
we
have
aimed
to
do
in
our
second
research
phase
where
we
inves7gate
the
requirements
to
use
IT
in
Dutch
healthcare
(how)
and
the
mo7va7on
to
use
an
specific
system
(why).
In
the
design
type
of
theory
the
focus
lies
on
how
(e.g.
func7ons,
models,
methods,
etc.)
to
support
IS
development
as
it
the
case
of
our
matching-‐model(Gregor,
2006).
The
interconnec7on
between
the
types
of
theories
has
also
been
subject
of
previous
research
(Gregor,
2006).
Theories
for
Design
are
derived
from
theories
for
Explaining
and
Analyzing
among
others,
while
theories
for
Explaining
are
strictly
derived
from
theories
for
Analyzing.
These
interconnec7ons
are
also
reflected
in
our
research
as
we
have
designed
our
matching-‐model
based
on
our
previous
analysis
and
explana7on
in
building
our
basic
constructs
in
the
first
two
phases.
Previous
work
has
shown
how
pluralism
of
paradigms,
approaches
and
methodologies
is
essen7al
for
a
good
IS
research
agenda
(Chen
&
Hirschheim,
2004).
It
is
therefore
essen7al
that
researchers
consider
different
approaches
and
methods
(other
than
the
dominant
ones)
to
contribute
to
the
body
of
knowledge
of
IS
research.
This
is
reflected
on
the
fact
that
the
interpreta7ve
research
approach
is
gaining
popularity
and
acceptance
by
major
journals
(e.g.
MIS
Quarterly)
during
the
last
decade
being
applied
by
an
increasingly
number
of
published
researches.
It
is
important
to
note
that
applying
different
research
perspec7ves
can
poten7ally
lead
to
significant
improvements
in
IS
research
(Orlikowski
&
Baroudi,
1991).
Our
applica7on
of
the
interpreta7ve
approach
in
an
IS
research
leads
therefore
to
pluralism
in
IS
research
as
it
is
not
a
dominant
approach
in
that
field.
To
overcome
one
of
the
most
common
mistakes
in
design
science
research
(the
overemphasis
on
technology)
we
have
also
carefully
considered
the
organiza7onal
embedding
of
IT
in
our
research
(Hevner
et
al.,
2004).
For
this
reason,
we
have
analyze
not
only
emerging
technology
(e.g.
cloud
compu7ng
solu7ons)
but
also
how
it
can
be
applied
in
an
specific
context
(e.g.
Dutch
healthcare).
As
we
focus
our
research
on
a
specific
sector
and
country,
the
generaliza7on
and
external
validity
of
our
research
is
limited
to
all
organiza7ons
in
that
country
and
sector.
According
to
the
expert
reviews
performed,
our
results
can
be
applied
to
all
Dutch
healthcare
organiza7ons
considering
cloud
compu7ng
solu7ons
to
connect
to
the
electronic
na7onal
records
system.
Although
the
accuracy
of
our
results
has
been
evaluated
arer
each
phase
of
our
research
we
believe
that
it
should
be
further
evaluated
applying
our
model
in
a
real
life
situa7on.
Incremental
improvement
of
ar7facts
over
7me
are
typical
in
design
science
research,
specially
when
inves7ga7ng
evolving
IT
phenomena
(Hevner
et
al.,
2004).
Taking
into
account
our
research
paradigm,
approach
and
methods
we
believe
that
our
research
can
be
replicated
leading
to
the
same
results.
A
remark
should
be
made
on
the
fact
that
many
previous
design
science
research
was
accomplished
in
situa7ons
where
the
exis7ng
knowledge
base
was
insufficient
(Hevner
et
al.,
2004).
In
our
case
we
could
not
find
much
available
knowledge
regarding
cloud
compu7ng
and
its
applicability
on
a
Dutch
healthcare
seung.
For
this
reason,
we
had
to
rely
on
intui7on,
experience
and
trial-‐and-‐
error
methods
to
achieve
our
research
goal
(Hevner
et
al.,
2004).
Nevertheless,
to
improve
the
internal
validity
of
our
findings
we
have
described
our
research
approach
and
methods
in
each
phase.
A
final
remark
should
be
made
on
the
fact
in
accordance
with
our
interpreta7ve
research
perspec7ve
our
findings
are
as
a
part
of
our
human
constructed
reality
also
limited
by
our
interpreta7on
of
reality
and
our
human
reasoning
capabili7es.
Cloud
Compu7ng
is
expected
to
transform
the
IT
industry
deeply
in
the
coming
years
as
it
represents
the
first
steps
towards
U7lity
Compu7ng.
This
development
is
a
direct
consequence
of
the
increasing
standardiza7on
and
consumeriza7on
of
IT
capabili7es.
According
to
The
Wall
Street
Journal
the
Cloud
Compu7ng
industry
is
es7mated
to
reach
$42
billion
turnover
by
2012
which
represents
around
half
of
the
current
sorware
industry
worldwide
(Hinchcliffe,
2009)
(McLaughlin,
2009a).
In
a
recent
research
among
Dutch
ICT
providers,
around
70%
of
them
expect
that
their
turnover
is
going
to
increase
during
2009
(Wijkstra,
2009).
They
are
experiencing
a
shir
in
focus
of
their
IT
budgets.
Instead
of
considering
investments
in
networks,
infrastructure
and
storage
they
are
increasingly
considering
SaaS
and
Cloud
Compu7ng
as
interes7ng
outsourcing
alterna7ves
(Wijkstra,
2009).
This
is
specially
the
case
in
public,
semi-‐public
and
Health
Care
organiza7ons.
The
shir
in
investment
alterna7ves
is
depicted
in
figure
2.
Figure 2: ICT Investments areas 2009 & 2008 (Marquit Research, May 2009)
56%
49%
40%
31% 29%
21% 21% 24%
20% 19% 19%
13% 10% 10%
9%
4%
2008 2009
Although
the
concept
of
Cloud
Compu7ng
has
emerged
around
2006
it
has
already
generated
an
unprecedented
hype
in
the
IT
industry.
Almost
all
major
hardware
and
sorware
manufacturers,
consultant
organiza7ons,
analysts
and
telecom
providers
have
become
highly
involved
in
Cloud
As
almost
all
the
major
ICT
vendors
are
rolling
out
their
Cloud
Compu7ng
solu7ons
during
2009,
they
try
to
convince
enterprise
users
that
they
are
the
“one
and
only”
Cloud
Compu7ng
plaxorm
suppor7ng
their
arguments
with
yet
another
defini7on
of
the
cloud
(Golden,
2009).
It
is
therefore
needed
to
define
the
term
Cloud
Compu7ng
and
facilitate
its
comparison
with
other
compu7ng
forms
as
well
as
to
iden7fy
its
main
challenges
and
opportuni7es
(Armbrust
et
al.,
2009).
In
the
following
sec7ons
we
analyze
different
perspec7ves
on
Cloud
Compu7ng
to
combine
them
into
a
defini7on
to
be
used
further
in
our
research.
We
start
delimi7ng
the
scope
of
our
analysis
by
describing
the
most
relevant
developments
on
the
business
and
IT
fields
that
can
be
related
to
this
new
delivery
model.
Once
the
context
has
been
delimited,
we
elaborate
a
research
defini7on
of
Cloud
Compu7ng
by
analyzing
previous
defini7ons
from
scien7fic
papers,
commercial
media,
ICT
analysts,
consultants
and
standards
organiza7ons.
Based
on
our
defini7on
of
Cloud
Compu7ng,
we
con7nue
this
phase
by
providing
a
taxonomy
of
cloud
services
and
a
brief
descrip7on
of
its
most
relevant
use
paOerns
and
economic
considera7ons.
Furthermore,
we
con7nue
our
analysis
by
describing
the
risks
associated
with
this
new
model
with
a
special
focus
on
security.
We
conclude
this
phase
by
providing
a
vendor
analysis
of
the
three
most
popular
IaaS
and
PaaS
solu7ons
and
some
models
to
support
the
evalua7on
and
adop7on
of
current
offerings.
At
the
end
of
this
phase
we
present
the
conclusions
of
this
phase
and
ideas
for
further
research
in
the
field
of
Cloud
Compu7ng.
Table
4:
Top
10
Business
Priori*es
for
2009
(Gartner,
2009)
Firm’s
IT
infrastructures
have
grown
significantly
during
the
past
decades.
When
more
IT
resources
where
needed,
new
hardware
was
bought
and
placed
in
the
firm’s
data
center.
This
lack
of
workload
consolida7on
has
led
to
resource
waste
and
oren
to
unsustainable
and
inefficient
data
centers
(Siegele,
2008).
As
data
centers
grow,
more
resources,
people
and
7me
is
needed
to
properly
manage
them.
The
current
economic
recession
will
make
companies
reconsider
this
situa7on
as
firms
are
reducing
their
(IT)
budgets
and
therefore
they
are
forced
to
operate
more
efficiently
(Kirsner,
2009).
In
this
context,
Cloud
Compu7ng
can
be
a
useful
tool
to
reorganize
IT
resources
while
saving
costs
by
op7mizing
current
and
future
ICT
investments
(Spinola,
2009).
Due
to
globaliza7on,
companies
can
now
access
new
markets
and
gain
and
retain
new
customers
by
accelera7ng
innova7on
to
deliver
new
products
and
services
faster.
The
Internet
provides
access
to
a
large
amount
of
informa7on
and
it
is
being
widely
used
by
consumers
to
evaluate
their
purchasing
decisions.
As
consumers
nowadays
have
access
to
large
amounts
of
informa7on
they
are
oren
categorized
as
prosumers
(professional
consumers).
Organiza7ons
need
to
pull
consumers
towards
their
products
and
services
(e.g.
fostering
customer
engagement,
branding,
etc.)
instead
of
pushing
those
products
to
consumers
(as
it
was
done
in
the
past)
by
deploying
large
marke7ng
campaigns.
Table
5:
Top
10
Technology
Priori*es
for
2009
(Gartner,
2009)
Other
trend
triggering
the
emergence
of
Cloud
Compu7ng
are
the
customiza7on
and
service
orienta7on
character
of
the
Internet.
Instead
of
having
few
long
term
supply
rela7onships
with
high
margins
and
deep
commitment
levels
between
the
chain
par7es,
new
forms
of
supply
chains
have
emerged
focusing
more
on
having
many
short
term
supply
rela7onships
with
low
margins
and
low
commitment
between
firms
(Armbrust
et
al.,
2009).
In
this
context,
ICT
infrastructures
are
evolving
from
distributed
models
towards
centralized
models
that
are
accessible
from
everywhere
any7me
(Arnold,
2008a)
(Weiss,
2007).
We
are
currently
living
in
a
networked
era
where
we
must
be
con7nuously
online.
As
a
result,
we
can
observe
a
growing
number
of
web
enable
devices
(e.g.
Kindle,
iPhone,
etc.)
as
well
as
an
increasing
number
of
web
based
sorware
applica7ons.
Partly
due
to
these
developments,
hardware
and
sorware
are
becoming
standard
products
which
drives
prices
down
in
a
process
that
some
prac77oners
call
“the
consumeriza7on
of
IT”.
Sorware
applica7ons
have
also
evolved
significantly
over
the
last
years.
The
popularity
of
rich
internet
applica7ons
(e.g.
mashups,
web
2.0
tools,
etc.)
implie
also
new
infrastructural
needs.
Applica7ons
that
need
to
respond
real-‐7me
to
human-‐computer
interac7ons
require
a
high
level
of
As
sorware
becomes
more
complex
and
interconnected,
some
computa7onal
tasks
might
need
to
process
large
data
sets
concurrently
which
requires
high
processing
power.
These
tasks
cannot
be
carried
out
on
a
single
computer
but
need
to
be
performed
horizontally
on
supercomputers
or
grids.
Due
to
the
fact
that
these
high
level
computa7onal
resources
are
not
(financially)
accessible
to
everyone,
an
op7onal
method
could
be
to
perform
these
tasks
using
Cloud
Compu7ng.
Following
this
model
one
hour
on
100
cloud
servers
costs
the
same
that
100
hours
on
one
single
cloud
server.
Therefore
it
might
be
more
economically
interes7ng
to
process
these
tasks
on
the
cloud
(Armbrust
et
al.,
2009).
Some
of
the
most
interes7ng
developments
during
2009
were
the
emergence
and
popularity
of
netbooks
(e.g.
thin
client
laptops),
the
launch
of
Goggle’s
web
based
opera7ng
system
(OS)
Chrome
OS
and
the
increasing
SaaS
adop7on.
This
developments
indicate
a
shir
to
new
architecture
where
clients
adopt
an
interface
role
to
a
server
based
compu7ng
plaxorm.
IT
is
becoming
more
disembodied
as
resources
can
be
consumed
on-‐demand
just
for
the
task
at
hand
(Siegele,
2008).
If
we
add
the
advances
in
networking
technologies
resul7ng
in
faster
internet
connec7ons
we
can
observe
that
ICT
is
transforming
from
a
product
oriented
industry
to
a
service
oriented
market.
Collabora7on
in
the
cloud
can
be
best
explained
by
observing
the
popularity
of
mashups
applica7ons
(Cunningham
&
Wilkins,
2009).
Mashups
are
web
applica7on
on
the
cloud
that
combine
exi7ng
services
to
create
a
new
service.
This
concept
of
innova7on
trough
reuse
facilitates
the
rapid
crea7on
of
new
applica7ons
without
reinven7ng
the
wheel
one
more
7me
(Arnold,
2008a).
The
majority
of
medium
and
large
enterprises
invest
in
their
own
data
centers.
The
costs
incurred
in
running
an
on-‐premises
data
center
include
among
others
real
estate,
hardware,
power,
cooling
(50%
of
total
energy
expenses)
and
maintenance.
A
firm
needs
however
to
plan
their
data
centers
to
support
worst-‐case
scenarios,
resul7ng
in
addi7onal
costs
for
back
up
and
resource
redundancy.
In
prac7ce,
the
high
peak
situa7ons
accounted
for
when
provisioning
resources
occur
infrequently
(Weiss,
2007)
(DAuria
&
Nash,
2009)
(Cunningham
&
Wilkins,
2009).
As
a
consequence,
fully
resource
u7liza7on
is
achieved
only
in
10
percent
of
the
full
7me
the
resource
is
running.
This
means
that
90
percent
of
7me
resources
are
idle,
consuming
electricity
and
space
but
not
adding
any
value
to
the
organiza7on
(Leighton,
2009)
(Brown,
2009c).
In
the
current
environmental
context
where
energy
prices
rise
to
levels
unknown
un7l
now,
the
largest
ICT
organiza7ons
(e.g.
Google,
Microsor,
IBM,
etc.)
are
building
their
new
data
center
near
cheap
sources
of
energy
(e.g.
hydroelectric
facili7es)
and
close
to
important
Internet
nodes
to
guarantee
a
good
connec7vity
(Weiss,
2007).
From
the
trends
described
in
the
previous
paragraphs
we
can
consider
some
of
them
as
the
most
significant
factors
that
have
influenced
the
emergence
of
Cloud
Compu7ng
solu7ons.
Among
others,
SaaS,
Open
Source,
Web
2.0
applica7ons
(e.g.
web
based
collabora7on,
social
networks
and
wikis),
the
consumeriza7on
of
technology
are
iden7fied
by
Gartner
research
as
important
enablers
(Fergusson,
2008)
(Cunningham
&
Wilkins,
2009).
Moreover,
the
ubiquity
of
worldwide
broadband
access,
the
increasing
number
of
Internet
devices
(e.g.
iPhone,
Android,
Netbooks,
etc.),
the
trend
of
con7nuous
connec7vity
are
also
regarded
as
significant
influencing
factors
(Arnold,
2008b).
Nevertheless,
it
is
clear
that
Cloud
Compu7ng
represents
a
logical
evolu7on
from
the
popularity
of
web
services
and
service
oriented
architectures
(SOA)
(Holliday,
2009).
! !
Another
indicator
of
the
hype
Cloud
Compu7ng
is
crea7ng
is
the
growing
number
of
companies
launching
Cloud
Compu7ng
solu7ons
during
2009
(Hinchcliffe,
2009).
There
are
however
significant
differences
among
these
offerings.
Sun
for
example
announced
at
the
beginning
of
2009
his
new
cloud
service
which
is
API
compa7ble
at
the
storage
level
with
Amazon’s
cloud
storage
solu7on
S3.
On
the
other
hand,
in
July
2009
Microsor
presented
its
Cloud
Compu7ng
solu7on,
Windows
Azure
which
will
open
to
the
public
at
the
beginning
of
2010.
One
of
the
most
popular
hype
measurement
methods
in
the
IT
industry
is
Gartner’s
Hype
Cycle
(see
figure
4).
In
their
latest
version
(July
2009)
Gartner
places
Cloud
Compu7ng
at
the
“Peak
of
Inflated
Expecta7ons”
with
mainstream
adop7on
expected
to
take
place
in
a
period
of
two
to
five
years.
Based
on
this
model
we
can
assume
that
Cloud
Compu7ng
s7lls
need
to
experience
a
period
of
disillusionment
(Gartner’s
Trough
of
Disillusionment)
where
“over”
promises
and
misunderstandings
will
be
filtered
and
therefore
reducing
the
current
hype.
Arer
that
period,
Cloud
Compu7ng
solu7ons
will
follow
a
gradual
adop7on
process
where
the
real
benefits
become
clearer
as
they
are
proven
in
vendor’s
offerings
(Gartner’s
Slope
of
Enlightenment
and
Plateau
of
Produc7vity).
Due
to
the
hype
surrounding
the
concept
of
Cloud
Compu7ng,
some
prac77oners
tend
to
consider
it
as
the
new
revolu7on
in
technology.
However,
despite
its
indisputable
disrup7ve
character
Cloud
Compu7ng
is
rather
an
evolu7on
from
a
technology
perspec7ve
and
a
revolu7on
from
a
business
perspec7ve.
Cloud
Compu7ng
can
be
considered
as
the
logical
evolu7on
from
service
orienta7on
(e.g.
SOA,
Web
Services,
etc.),
grid
compu7ng,
server
compu7ng
and
faster
network
devices
and
speed.
From
a
business
perspec7ve,
Cloud
Compu7ng
represents
innova7ve
ways
to
reduce
capital
costs,
to
focus
on
core
IT
opera7ons
(e.g.
sources
of
differen7a7on)
and
to
enable
the
agility
needed
to
react
to
changing
market
condi7ons.
Mr
Nicholas
Carr’s
books
“ The
Big
Switch”
and
“IT
does
not
maOer”
have
been
very
influen7al
in
the
IT
community.
Mr
Carr
predicts
the
end
of
the
IT
department
as
compu7ng
technology
undergoes
a
shir
from
a
compe77ve
advantage
enabler
towards
and
u7lity
model
(like
electricity)
where
IT
infrastructure
and
applica7ons
are
delivered
off
the
wall.
This
vision
is
shared
by
some
prac77oners
(Kirsner,
2009)
and
regarded
as
incomplete
by
others
(Molenaar,
2009).
Some
experts
believe
that
standard
IT
resources
(the
great
majority)
are
good
candidates
to
be
contracted
as
an
u7lity.
However
there
are
a
number
of
IT
resources
(the
minority)
that
are
enablers
of
differen7a7on
and
should
therefore
not
be
contracted
from
third
par7es
(Molenaar,
2009).
In
his
first
book
(“IT
does
not
maOer”)
Mr
Carr
described
a
shir
that
informa7on
technology
is
experiencing
towards
a
service
model
delivered
through
Internet.
According
to
Mr
Hans
Daniels
(HewleO
Packard
director
in
The
Netherlands)
this
is
fully
in
line
with
HP’s
vision
(Molenaar,
2009).
HP
believes
that
ICT
delivery
is
going
to
evolve
in
a
“everything-‐as-‐a-‐sevice”
model
which
implies
deep
consequences
not
only
for
the
IT
department
but
also
to
the
rest
of
the
organiza7on
(e.g.
business
processes,
supply
chain
management,
etc.).
An
example
of
a
resource
that
has
gone
through
this
process
of
becoming
an
u7lity
is
electricity
(Carr,
2008)
(Baker,
2007)
(Buyya,
Yeo,
Venugopal,
et
al.,
2009).
During
the
second
world
war
manufacturing
companies
had
to
produce
their
own
electricity
to
be
able
to
manufacture
more
and
faster
than
their
compe7tors.
However,
soon
arer
the
war
finished
electricity
became
an
u7lity
and
therefore
all
the
internal’s
electricity
generators
of
firms
became
obsolete.
External
electricity
In
a
recent
white-‐paper
of
UC
Berkeley
RADSL
(“Above
the
Clouds:
A
Berkeley
View
of
Cloud
Compu7ng”)
the
authors
try
to
analyze
in
detail
the
concept
of
Cloud
Compu7ng
(Armbrust
et
al.,
2009).
According
to
Berkeley,
Cloud
Compu7ng
is
expected
to
lay
down
the
first
steps
towards
U7lity
Compu7ng,
affec7ng
the
way
hardware
and
sorware
is
designed,
purchased
and
used
(Armbrust
et
al.,
2009).
The
implica7ons
for
sorware
and
hardware
are
important:
on
one
hand,
sorware
in
the
cloud
is
delivered
as-‐a-‐service
in
contrast
to
the
tradi7onal
license
model.
On
the
other
hand,
hardware
must
be
designed
and
used
to
be
able
to
unfold
the
benefits
of
Cloud
Compu7ng
and
facilitate
its
service
model.
In
the
UC
Berkeley
RADSL
defini7on
a
clear
dis7nc7on
is
made
between
the
sorware
services
delivered
to
users
and
the
underlaying
infrastructure
(hardware
and
sorware)
UC
Berkeley
RADSL
(Armbrust
et
al.,
2009)
defines
Cloud
Compu7ng
as
applica7ons
delivered
as
a
service
over
the
Internet
(SaaS)
and
the
infrastructure
that
delivers
them.
The
infrastructure
is
oren
organized
in
data
centers
and
is
referred
to
by
Berkely
as
the
“Cloud”.
In
a
Public
Cloud
the
infrastructure
is
publicly
accessible
following
a
pay-‐for-‐use
model
offering
what
Berkeley
calls
U7lity
Compu7ng
(e.g.
Amazon
Web
Services,
Google
AppEngine,
MS
Azure,
etc.).
According
to
Berkeley,
in
a
Private
Cloud
the
infrastructure
is
organized
in
internal
data
centers
that
are
not
publicly
available.
One
of
the
most
recurrent
defini7ons
found
in
previous
research
is
the
transparent
access
to
informa7on
technology
resources
on
a
pay-‐per-‐use
basis,
which
are
developed
and
maintained
on
an
almost
infinite
and
instant
scalable
infrastructure
managed
by
third
par7es
(Vaquero
et
al.,
2008).
Arer
analyzing
all
defini7ons,
the
authors
(Vaquero
et
al.,
2008)
found
these
concepts
in
more
than
one
ar7cle:
real-‐7me
infrastructures,
automa7c
resource
alloca7on,
resource
monitoring
and
op7miza7on,
immediate
scalability,
subscrip7on
model
(pay-‐as-‐you-‐go)
and
pair-‐wise
Service
Level
Agreements
(SLAs)
between
cloud
actors.
The
concepts
men7oned
the
most
were
scalability
and
pay-‐
per-‐use
(found
in
five
ar7cles
each)
and
virtualiza7on
(found
in
four
ar7cles).
Based
on
this
findings,
Vaquero
et
al
propose
the
following
defini7on
of
Cloud
Compu7ng:
“Clouds
are
a
large
pool
of
easily
usable
and
accessible
virtualized
resources
(such
as
hardware,
development
plaDorms
and/or
services).
These
resources
can
be
dynamically
reconfigured
to
adjust
to
a
variable
load
(scale),
allowing
also
for
an
op;mum
resource
u;liza;on.
This
pool
of
resources
is
typically
exploited
by
a
pay-‐per-‐use
model
in
which
guarantees
are
offered
by
the
Infrastructure
Provider
by
means
of
customized
SLAs.”
This
defini7on
focusses
on
the
dynamic
provisioning
of
virtually
assembled
IT
capabili7es
as-‐a-‐
service.
Although
this
defini7on
considers
that
resources
are
virtually
assemble
by
applying
hardware
virtualiza7on
(e.g.
using
an
hypervisor),
this
is
not
necessary
the
case
as
some
Cloud
providers
(e.g.
Google,
RightScale)
do
not
apply
hardware
virtualiza7on
to
their
solu7ons.
For
this
reason
we
will
consider
that
compu7ng
resources
are
virtually
assembled
in
Cloud
Compu7ng
although
not
necessarily
by
applying
hardware
virtualiza7on.
Slight
varia7ons
of
this
defini7on
are
also
found
in
other
papers
of
this
conference,
which
define
Cloud
Compu7ng
as
“dynamically
scalable
resources
provisioned
as
a
service
over
the
Internet”
(Jensen,
2009).
Other
defini7ons
focus
more
on
the
sorware
perspec7ve
defining
a
cloud
as
plaxorms
that
“offer
resource
u7liza7on
as
on-‐demand
service,
which
lays
the
founda7on
for
applica7ons
to
scale
during
run7me”.
We
will
further
analyze
these
scien7fic
defini7ons
when
crea7ng
our
own
research
defini7on
of
Cloud
Compu7ng
in
sec7on
2.7.
One
of
the
main
assump7ons
of
Cloud
Compu7ng
is
that
resources
(e.g.
data,
applica7ons,
etc.)
are
stored
on
the
Internet
as
opposed
to
internal
infrastructures
(Arnold,
2008a).
This
implies
that
the
responsibility
of
maintaining
and
upda7ng
the
infrastructure
is
transferred
to
the
corresponding
Cloud
Provider.
Another
important
implica7on
is
what
some
authors
call
the
Holy
Grail
of
informa7on
sharing:
the
enablement
of
collabora7on
and
standardized
content
distribu7on,
where
informa7on
is
easy
to
find
and
applica7ons
can
be
developed
quickly
(e.g.
RAD
/
agile
methods)
(Arnold,
2008a).
Some
media
publica7ons
have
tried
to
define
Cloud
Compu7ng
by
analyzing
its
unique
characteris7cs
compared
to
exis7ng
models
(Foley,
2009).
They
define
it
using
concepts
as
off-‐site,
virtual,
on-‐demand
subscrip7on
based,
simple,
shared
and
web-‐based
IT
capabili7es.
Off-‐site
means
that
resources
are
physically
located
in
data
centers
which
are
not
owned
by
Cloud
Users.
Through
the
use
of
virtualiza7on,
a
Cloud
User
can
freely
assemble
his
own
stack
of
databases,
storage,
networking,
etc.
Moreover,
resources
can
be
scaled
up
or
down
on-‐demand
and
are
paid
for
by
usage
based
subscrip7ons.
To
op7mally
use
the
available
physical
resources
Cloud
Providers
deploy
mul7-‐tenant
solu7ons
where
more
than
one
client
is
using
the
same
physical
resources.
Moreover,
resources
are
quickly
provisioned
trough
and
easy
to
use
web
interface
and
are
available
within
minutes
(Cunningham
&
Wilkins,
2009).
Based
on
these
characteris7cs,
the
authors
describe
Cloud
Compu7ng
as
“on-‐demand
access
to
virtualized
IT
resources
that
are
housed
outside
of
your
own
data
center,
shared
by
others,
simple
to
use,
paid
for
via
subscrip7on,
and
accessed
over
the
Web”
(Foley,
2009).
Other
publica7ons
focus
on
the
main
characteris7cs
of
the
concept
in
order
to
define
it
more
accurately.
Arer
analyzing
some
of
these
publica7ons
we
have
generated
the
following
list
of
characteris7cs:
• On-‐demand
self-‐service:
Cloud
Users
can
set
up
their
themselves
the
specific
resources
they
need
(Leighton,
2009)
(Spinola,
2009).
• Ubiquitous
Network
Access:
Cloud
services
are
available
trough
the
Internet
(Leighton,
2009)
(Spinola,
2009).
The
variety
of
Cloud
Compu7ng
defini7ons
has
created
a
lot
of
confusion
among
prac77oners.
An
interes7ng
approach
to
define
Cloud
Compu7ng
is
found
on
the
publica7on
“Compu7ng
in
the
Clouds”
by
Aaron
Weiss.
He
recognizes
that
the
different
defini7ons
are
based
on
different
views
on
the
same
phenomenon.
He
elaborates
on
some
of
this
perspec7ves
in
what
he
calls
“different
cloud
shapes”
(Weiss,
2007).
Web
based
applica7ons,
a
revival
of
the
thin-‐client,
u7lity
compu7ng,
an
on-‐
demand
grid
with
7me
based
billing
or
“distributed
or
parallel
compu7ng
designed
to
scale
complex
processes
for
improved
efficiency”
are
some
examples
of
these
different
shapes
(Weiss,
2007).
A.
Gartner
Research
According
to
Gartner,
Cloud
Compu7ng
is
not
a
new
single
model
of
compu7ng
but
rather
an
evolu7on
of
exis7ng
paradigms
and
technologies
like
U7lity
Compu7ng,
On-‐demand
services,
Grid
Compu7ng
and
SaaS
among
others
(Plummer,
2009).
Mr
Daryl
Plummer
(Gartner’s
VP
specialized
on
Cloud
Compu7ng
research)
defines
Cloud
Compu7ng
as
a
new
IT
paradigm
or
style
of
compu7ng
where
“massively
scalable
and
elas;c
IT-‐related
capabili;es
are
provided
as
a
service
using
Internet
technologies
to
mul;ple
external
customers”
(Stevens
&
PeOey,
2008)
(Plummer,
2009)
(Brodkin,
2009).
The
new
paradigm
of
Cloud
Compu7ng
is
expected
to
create
new
revolu7onary
rela7onships
between
IT
users
and
providers
(Stevens
&
PeOey,
2008).
Users
can
therefore
focus
more
on
what
the
service
provides
instead
of
how
they
are
implemented
or
hosted.
The
current
popularity
and
adop7on
of
IT
models
like
sorware
as
a
service
(SaaS)
or
Infrastructure
as
a
service
(IaaS)
reflect
how
diverse
informa7on
technology
capabili7es
can
be
delivered
on
a
global
scale
(Stevens
&
PeOey,
2008).
Cloud
Compu7ng
is
expected
to
transform
IT
delivery
from
vendor-‐user
rela7onship
to
a
provider-‐consumer
rela7onship
where
IT
services
are
merely
consumed
instead
of
acquiring
first
the
assets
and
implemen7ng
them
prior
to
consump7on
(Plummer,
2009).
According
to
Mr
Brian
Pren7ce
(Gartner’s
VP)
the
key
in
defining
Cloud
Compu7ng
offerings
is
that
they
are
web
based
services
able
to
upscale
and
downscale
on
demand
(Howarth,
2009).
This
implies
new
forms
of
customer-‐provider
rela7onships,
based
on
the
quality
of
service
provided
(e.g.
SLA)
instead
of
general
guidelines
in
end-‐user
agreements.
This
new
type
of
rela7onship
will
lead
according
to
Gartner
to
a
market
that
focus
on
price
and
quality
of
services
that
provide
differen7a7on
(Howarth,
2009).
To
clarify
any
misinterpreta7ons
of
the
term
Cloud
Compu7ng,
Gartner
has
selected
four
industry
myths
and
the
corresponding
Gartner
perspec7ve
on
them.
The
myths
and
Gartner’s
insights
are
depicted
in
table
7
(Plummer,
2009):
Table 7: Cloud Compu*ng myths linked to Gartner’s insights (Gartner, 2009)
Everything need to be in the cloud False, the dominant model for the coming 10 years will be an hybrid cloud.
Cloud Compu7ng will always safe money False, it can safe money in some cases and provide other advantages in others
Enterprise
developers
are
aware
of
the
Cloud
Compu7ng
advantages
of
self-‐service,
pay-‐as-‐
you-‐go
and
instant
deployment
of
compu7ng
resources.
For
these
reasons,
they
are
increasingly
using
Public
Clouds
for
development
purposes
bypassing
IT
opera7on’s
processes
and
procedures
(Staten,
2009).
Although
this
situa7on
accelerates
the
applica7on’s
deployment
process,
there
are
significant
risks
in
bypassing
these
organiza7onal
policies
as
they
are
meant
to
protect
customer’s
informa7on,
comply
with
laws
and
regula7ons
and
guarantee
quality
of
services.
Since
the
advantages
of
Cloud
Compu7ng
infrastructures
are
desired
by
developer,
and
to
overcome
the
risks
of
bypassing
IT
opera7ons
procedures,
Forrester
suggests
that
organiza7ons
build
Internal
Clouds
that
can
leverage
the
advantages
while
controlling
risks
(Staten,
2009).
By
deploying
this
type
of
solu7ons
organiza7ons
can
improve
their
cost
effec7veness
and
achieve
a
faster
7me-‐to-‐
market
with
new
applica7ons.
Forrester
defines
a
Internal
Cloud
as
“a
mul7tenant,
dynamically
provisioned
and
op7mized
infrastructure
with
self-‐service
developer
deployment,
hosted
within
the
safe
confines
of
your
own
data
center”
(Staten,
2009).
An
Internal
Cloud
aims
to
leverage
some
of
the
Public
Clouds
advantages
without
compromising
the
protec7ons
enabled
by
organiza7onal
policies
and
procedures.
According
to
Forrester,
the
main
characteris7cs
of
Internal
Clouds
are
self-‐service
deployment
func7onality
for
developers,
automated
workload
distribu7on,
mul7-‐tenant
resource
pools
and
workflow
management
func7onality
(Staten,
2009).
Although
Forrester
recommends
organiza7ons
to
deploy
Internal
Clouds
they
recognize
also
the
limita7ons
of
these
approach
(Staten,
2009).
In
some
cases
the
internal
infrastructure
could
be
rela7vely
small
to
be
economically
interes7ng
to
op7mize
it,
while
in
other
cases
performance
tes7ng
could
be
more
cost
efficient
on
Public
Clouds.
Moreover,
an
Internal
Cloud
is
not
the
best
environment
for
all
types
of
applica7ons.
For
this
reason,
Forrester
recommends
to
deploy
hybrid
clouds
where
internal
and
external
clouds
are
connected
and
can
benefit
from
each
other
(Staten,
2009).
C.
Capgemini
Due
to
the
variety
of
emerging
defini7ons
of
the
term
Cloud
Compu7ng,
Capgemini
recognizes
that
there
is
a
certain
level
of
confusion
among
its
clients
(Ross
et
al.,
2008).
Some
clients
believe
that
Cloud
Compu7ng
is
the
next
genera7on
of
grid
compu7ng,
others
believe
that
is
the
next
level
of
virtualiza7on
and
there
are
some
clients
that
think
that
Cloud
Compu7ng
is
a
combina7on
of
Capgemini
bases
his
defini7on
of
Cloud
Compu7ng
on
an
ar7cle
by
John
Foley
published
on
the
online
magazine
Informa7on
Week
on
September
2008:
“Cloud
compu;ng
is
the
use
of
massively
scaled
offsite
IT
resources
assembled
virtually,
accessed
over
the
internet,
used
on
demand
in
real-‐;me
or
near
real-‐;me
on
a
pay-‐per-‐use
or
subscrip;on
basis,
where
the
workloads
are
shared
among
mul;ple
customers”
(Ross
et
al.,
2008).
The
main
components
of
this
defini7on
are
the
following:
• Scalability:
Access
to
immense
infrastructures
that
would
otherwise
not
be
available.
• Off-‐site:
IT
resources
are
owned
by
a
third
party
and
used
only
when
needed.
• Assembled
Virtually:
Mul7ple
customer’s
applica7on
run
on
the
same
physical
machine.
• On-‐demand:
Resources
are
available
when
needed
and
for
the
7me
required.
• Pay-‐per-‐use:
pay
for
what
you
actually
use
and
never
for
idle
resources.
• Shared
workloads:
Economies
of
scale
to
account
for
uncorrelated
consump7on
paOers.
D.
Accenture
In
a
recent
Accenture’s
survey
among
IT
decision
makers
(Cloud
Compu7ng
-‐
Balancing
Risk
and
Reward)
58%
of
correspondent
was
convinced
that
Cloud
Compu7ng
will
cause
a
“radical
shir
in
informa7on
technology”
(Arellano,
2009).
Accenture
defines
Cloud
Compu7ng
as
the
“dynamic
provisioning
of
IT
capabili7es,
whether
hardware,
sorware,
or
services
from
a
third
party
over
the
network”.
According
to
Accenture,
if
enterprises
combine
the
benefits
of
virtualiza7on
and
mul7-‐tenant
architectures
with
a
pay-‐as-‐you-‐go
pricing
model,
Cloud
Compu7ng
represents
a
innova7ve
paradigm
that
deeply
affects
how
IT
capabili7es
(infrastructures,
plaxorms,
applica7ons,
etc.)
are
acquired,
delivered
and
supported
(Harris,
Daugherty
&
Tobolski,
2009).
In
their
15th
drar
version
on
the
defini7on
of
Cloud
Compu7ng,
NIST
describes
it
as
“a
model
for
enabling
convenient,
on-‐demand
network
access
to
a
shared
pool
of
configurable
compu;ng
resources
(e.g.
networks,
servers,
storage,
applica;ons,
and
services)
that
can
be
rapidly
provisioned
and
released
with
minimal
management
effort
or
service
provider
interac;on”.
Another
two
ini7a7ves
to
develop
(open)
Cloud
Compu7ng
standards
are
the
OGF
Open
Cloud
Compu7ng
Interface
Working
Group
(OCCI)
which
focus
on
developing
an
API
specifica7on
for
remote
management
of
Cloud
Compu7ng
infrastructure
(e.g.
IaaS
solu7ons)
and
the
in
November
2009
cons7tuted
Study
Group
on
Cloud
Compu7ng
(SGCC)
by
the
Interna7onal
Organiza7on
for
Standardiza7on
(ISO)
SubcommiOee
38
(SC
38).
Both
groups
are
expected
to
publish
drar
versions
of
their
defini7ons
during
2010.
In
a
cloud
applica7on
we
can
dis7nguish
between
three
main
roles:
cloud
users,
cloud
vendors
and
cloud
providers
(Mietzner
et
al.,
2008)
(Armbrust
et
al.,
2009)
(Vaquero
et
al.,
2008).
The
cloud
user
accesses
a
cloud
service
hosted
by
a
cloud
provider
and
created
by
a
cloud
vendor.
It
is
important
to
note
that
an
organiza7on
can
fulfill
any
combina7on
of
two
or
three
of
these
roles
(Mietzner
et
al.,
2008).
Vendors
and
providers
for
example
can
be
the
same
organiza7on
as
we
can
see
in
some
current
offerings
(e.g.
Salesforce,
Google
Apps,
etc.)
while
in
other
cases
they
might
be
different
organiza7ons
as
it
is
oren
the
case
in
PaaS
solu7ons
(e.g.
Force.com)
allowing
the
deployment
of
applica7ons
developed
by
external
sorware
vendors.
Moreover,
the
cloud
users
and
providers
can
also
be
the
same
en7ty
as
in
for
example
internal
IT
department
is
offering
an
internal
cloud.
Having
invested
in
a
data
center
is
an
important
key
enabler
for
a
firm
to
become
a
Cloud
Provider.
On
one
hand,
by
adding
a
new
revenue
source
Cloud
Providers
can
leverage
their
past
and
future
ICT
investments.
On
the
other
hand
by
using
an
infrastructure
that
has
been
already
designed,
implemented,
tested
and
improved
Cloud
Users
do
not
have
to
spend
7me
in
repea7ng
these
steps,
and
can
profit
from
an
already
proven
solu7on
offered
by
Cloud
Providers
(Armbrust
et
al.,
2009).
Addi7onal
roles
in
Cloud
Compu7ng
are
Cloud
Service
Brokers,
Cloud
Sorware
Manufacturers,
and
Cloud
Consultants
and
Integrators
among
others.
As
Cloud
Compu7ng
services
mature
over
the
years,
Gartner
predicts
a
growing
importance
of
Cloud
Service
Brokers
which
can
be
found
in
the
following
categories:
Cloud
Service
Intermedia7on,
Cloud
Service
Aggrega7on
and
Cloud
Service
Arbitrage
(PeOey,
2009b).
Cloud
Sorware
Manufacturers
like
for
example
Enomaly
or
Open
Nebula
leverage
the
tools
necessary
to
build
clouds
for
Cloud
Providers
and
Enterprises.
The
role
of
Cloud
Integrators
is
currently
being
played
by
the
leading
consultancy
organiza7ons.
Some
focus
on
guiding
enterprises
in
leveraging
Internal
Private
or
Hybrid
Clouds
(e.g.
Accenture,
Capgemini)
and
others
focus
more
on
leveraging
Public
Clouds
(e.g.
Cloudscale).
The
first
process
of
extrac7ng
the
main
components
from
defini7ons
is
shown
in
table
8.
It
is
important
to
note
that
main
components
are
not
only
extracted
from
defini7ons
but
in
some
cases
they
are
explicitly
men7oned
by
the
organiza7on
as
described
previously
in
this
report.
In
those
cases
we
have
included
the
main
components
men7oned
even
if
they
cannot
be
directly
linked
to
(parts
of)
the
defini7on.
University
of
Berkeley:
"applica7ons
delivered
as
a
service
over
the
Applica7ons,
As-‐a-‐service,
Internet
as
delivery
&
Internet
(SaaS)
and
the
infrastructure
that
delivers
them." Suppor7ng
Infrastructure
Telefonica:
“Clouds
are
a
large
pool
of
easily
usable
and
accessible
virtualized
resources
(such
as
hardware,
development
plaxorms
and/
Large
pools,
easily
usable,
easy
accessible,
or
services).
These
resources
can
be
dynamically
reconfigured
to
virtualized
resources,
dynamically
reconfigured,
adjust
to
a
variable
load
(scale),
allowing
also
for
an
op7mum
resource
scalability,
op7mum
resource
op7miza7on,
pay-‐
u7liza7on.
(...)
typically
exploited
by
a
pay-‐per-‐use
model
in
which
per-‐use
model,
customized
SLAs
guarantees
are
offered
by
the
Infrastructure
Provider
by
means
of
customized
SLAs.”
University
of
Melbourne:
"a
collec7on
of
interconnected
and
virtualised
computers
that
are
dynamically
provisioned
and
presented
Interconnected
virtualized
computers,
dynamically
as
one
or
more
unified
compu7ng
resources
based
on
service-‐level
provisioned,
unified
presenta7on
of
resources,
SLA
agreements
established
through
nego7a7on
between
the
service
based
provider
and
consumers.”
IEEE
Interna*onal
Conference
on
Cloud
Compu*ng:
“the
style
of
compu7ng
in
which
dynamically
scalable
and
oren
virtualized
Dynamic
and
scalable
resources,
oren
virtualized,
resources
are
provided
as
a
service
over
the
Internet”
(...)
“offer
as-‐a-‐service,
over
the
Internet,
on-‐demand
resource
u7liza7on
as
on-‐demand
service,
which
lays
the
founda7on
for
applica7ons
to
scale
during
run7me”
On-‐demand
self-‐service,
ubiquitous
network
access,
loca7on
independent
resource
pooling,
Media:
“on-‐demand
access
to
virtualized
IT
resources
that
are
housed
rapid
elas7city,
usage
based
pricing,
rapid
outside
of
your
own
data
center,
shared
by
others,
simple
to
use,
paid
provisioning,
shared
resources,
self-‐service
for
via
subscrip7on,
and
accessed
over
the
Web”.
func7onality,
lack
of
ownership
of
resources,
virtualized
IT
resources
Forrester:
“a
mul7tenant,
dynamically
provisioned
and
op7mized
Self-‐service
deployment,
automated
workload
infrastructure
with
self-‐service
developer
deployment,
hosted
within
distribu7on,
mul7-‐tenant
resource
pools,
workflow
the
safe
confines
of
your
own
data
center” management,
dynamic
provisioning
Gartner:
“massively
scalable
and
elas7c
IT-‐related
capabili7es
are
Service
Based,
scalable
and
elas7c,
shared,
provided
as
a
service
using
Internet
technologies
to
mul7ple
external
metered
by
use,
internet
as
delivery
channel
customers”
Capgemini:
“Cloud
compu7ng
is
the
use
of
massively
scaled
offsite
IT
Scalability,
off-‐site,
assembled
virtually,
on-‐
resources
assembled
virtually,
accessed
over
the
internet,
used
on
demand,
pay-‐per-‐use,
shared
workloads,
internet
demand
in
real-‐7me
or
near
real-‐7me
on
a
pay-‐per-‐use
or
subscrip7on
access
basis,
where
the
workloads
are
shared
among
mul7ple
customers”.
Accenture:
dynamic
provisioning
of
IT
capabili7es,
whether
hardware,
Dynamic
provisioning,
from
a
third
party,
over
the
sorware,
or
services
from
a
third
party
over
the
network.” network
Internet / Ubiquitous Network Access Berkeley University, IEEE, Media, Gartner, Capgemini, Accenture, NIST
Easily Usable / Unified Presenta7on / Self-‐service Telefonica, Melbourne University, Media, Forrester, NIST
Virtualized Resources / Assembled Virtually Telefonica, Melbourne University, IEEE, Media, Capgemini
Dynamic
/
Scalable
/
Elas7c
/
Automa7c
Telefonica,
Melbourne
University,
IEEE,
Media,
Forrester,
Gartner,
Workload
Distribu7on
/
Workflow
Management Capgemini,
Accenture,
NIST
Pay-‐per-‐use / Usage Based Pricing & Metering Telefonica, Media, Gartner, Capgemini, NIST
Lack of Ownership / Offsite / From Third Party Media, Capgemini, Accenture
As
shown
in
the
above
table,
some
components
are
found
in
almost
all
defini7ons
while
others
are
men7oned
rarely.
In
construc7ng
our
research
defini7on
of
Cloud
Compu7ng
we
have
dropped
some
of
these
components
as
they
are
only
used
by
few
par7es
and
do
not
truly
represent
the
current
solu7ons
found
in
the
market.
The
first
component
that
we
have
dropped
is
Applica7ons,
as
the
Cloud
Compu7ng
model
delivers
more
than
just
Applica7ons.
If
we
analyze
the
different
services
currently
being
offered
following
this
model
we
observe
that
besides
applica7ons
also
infrastructure
and
plaxorm
services
The
term
Large
Amount
of
Resources
has
also
been
dropped
for
two
reasons.
The
first
reason
is
that
the
term
“large”
is
rather
subjec7ve
and
can
be
contradictorily
interpreted
by
two
par7es.
A
group
of
resources
might
be
regarded
as
large
by
some
organiza7on
and
at
the
same
7me
as
small
by
another
organiza7on.
The
second
reason
is
that
there
is
not
a
minimum
limit
of
resources
to
deploy
a
Cloud
Compu7ng
solu7on.
For
example,
some
solu7ons
(e.g.
Ubuntu
Enterprise
Cloud)
can
be
deployed
on
two
computers
(or
two
virtual
images
on
one
computer).
Although
in
prac7ce
Cloud
Compu7ng
solu7ons
are
deployed
on
large
amounts
of
resources
to
enable
on-‐demand
provisioning,
scalability
and
elas7city,
it
is
not
a
necessary
requirement
as
these
benefits
can
also
be
achieved
through
other
means
(e.g.
outburs7ng
of
Private
Clouds
to
Public
Clouds).
We
also
have
dropped
the
components
Loca7on
Independent
as
well
as
Lack
of
Ownership,
Offsite,
and
From
Third
Party
as
organiza7ons
can
leverage
Internal
Clouds
(within
the
organiza7onal
limits)
and/or
Private
Clouds
(only
accessible
by
a
single
organiza7on).
We
have
further
combined
SLA
based
with
the
As-‐a-‐service
component
as
the
former
is
the
logical
embedding
of
the
later.
Service
Level
Agreements
are
used
to
nego7ate,
measure
and
improve
the
quality
of
services
provided.
Although
not
dropped
en7rely
from
the
defini7on,
Virtualized
Shared
Resources,
Resource
Op7miza7on
and
Self-‐Service
interface
are
par7ally
included
as
possible
addi7onal
elements
oren
found
in
current
solu7ons.
Although
Virtualiza7on
is
oren
applied
to
op7mize
resource
op7miza7on,
this
is
not
always
the
case
as
some
Cloud
Providers
do
not
apply
any
form
of
(hardware)
virtualiza7on
to
their
offerings
(e.g.
Google,
RightScale,
etc.).
The
existence
of
Private
and/or
Internal
Clouds
indicates
that
Shared
resources
and
Mul7-‐tenancy
are
not
essen7al
elements.
Moreover,
Resource
Op7miza7on
is
not
directly
related
to
the
services
being
offered
but
rather
to
the
op7mum
implementa7on
by
a
Cloud
Provider.
A
Cloud
User
does
not
directly
benefit
from
beOer
resource
op7miza7on
as
a
Cloud
Provider
does.
We
consider
the
Self-‐Service
interface
to
be
one
possible
implementa7on
of
the
On-‐Demand
component
and
therefore
we
cannot
include
it
in
our
defini7on
as
it
would
exclude
other
implementa7ons
(e.g.
automated
provisioning).
Taking
into
account
these
considera7ons
we
have
elaborated
the
following
research
defini7on
of
Cloud
Compu7ng
to
be
use
in
the
rest
of
this
report:
Cloud
Compu*ng
is
the
delivery
model
where
on-‐demand
elas*c
IT
capabili*es
are
offered
as-‐a-‐service
through
the
Internet
following
a
usage
based
pricing
model.
There
are
a
large
number
of
IT
capabili7es
offered
according
to
the
Cloud
Compu7ng
model.
Some
examples
of
the
most
popular
services
are
infrastructures
(IaaS
solu7ons),
plaxorms
(PaaS
solu7ons),
and
sorware
(SaaS
solu7ons).
This
common
taxonomy
of
Cloud
Compu7ng
services
takes
into
account
the
level
of
abstrac7on
from
bare
metal
(e.g.
hardware)
and
the
flexibility
provided
to
the
end
user.
From
this
perspec7ve
we
can
classify
Cloud
Compu7ng
solu7ons
into
Sorware-‐as-‐a-‐service
(SaaS),
Plaxorm-‐as-‐
a-‐service
(PaaS)
and
Infrastructure-‐as-‐a-‐service
(IaaS)
offering
respec7vely
sorware,
plaxorms
and
infrastructure
services
(Armbrust
et
al.,
2009)
(Vaquero
et
al.,
2008)
(Spinola,
2009).
It
is
important
to
note
that
as
we
go
up
the
service
stack
we
encounter
solu7ons
with
greater
levels
of
abstrac7on
and
lower
levels
of
flexibility,
while
if
we
go
down
the
service
stack
user’s
flexibility
increases
in
detriment
of
abstrac7on
from
bare
metal.
By
abstrac7on
we
mean
the
level
of
automa7on
to
end
users.
Using
IaaS
solu7ons
for
example,
the
end
user
needs
to
manage
hardware
and
opera7ng
systems
while
in
PaaS
services
the
end
user
only
manages
code
development
and
deployment.
Moreover,
end
user
of
SaaS
services
do
not
even
need
to
manage
code
deployment
when
using
the
applica7on.
It
is
important
to
note
that
higher
automa7on
(e.g.
abstrac7on)
implies
lower
flexibility
as
the
user
cannot
configure
the
parts
that
are
automated.
The
Service
Model
and
this
trade-‐off
is
depicted
on
figure
5.
It
is
important
to
note
that
these
three
types
of
services
are
not
the
only
ones
currently
being
offered.
The
model
presented
is
therefore
not
exhaus7ve
as
it
focus
on
the
most
common
IT
capabili7es
(e.g.
hardware,
sorware,
etc.).
The
large
variety
of
services
being
offered
range
from
complete
e-‐business
solu7ons
to
mail
applica7ons
and
from
CPU
cycles
to
large
compu7ng
and
algorithmic
facili7es
(Stevens
&
PeOey,
2008).
It
is
the
granularity
of
the
services
provided
from
the
cloud
that
makes
it
possible
to
align
the
required
infrastructure
and
sorware
to
the
business
needs
at
a
par7cular
point
in
7me.
As
Cloud
Providers
naturally
seek
compe77ve
differen7a7on
we
can
expect
a
process
of
Cloud
Compu7ng
PaaS-‐ifica7on.
In
this
process
SaaS
solu7ons
will
incorporate
more
flexibility
by
allowing
users
to
develop
or
customize
their
applica7ons
(becoming
a
PaaS
plaxorm)
and
IaaS
providers
will
add
features
that
speed
up
the
use
of
the
services
(e.g.
adding
run7me
environment,
framework,
etc.),
evolving
into
plaxorms.
At
the
moment
of
wri7ng
we
can
observe
this
shir
towards
cloud
plaxorms
at
Salesforce’s
force.com
(PaaS
based
on
their
SaaS
solu7ons)
and
Amazon
EC2
suppor7ng
frameworks
out-‐of-‐the-‐box
(PaaS
on
top
of
IaaS).
It
is
important
to
note
that
none
of
these
types
of
Cloud
Services
is
beOer
than
the
others.
All
levels
of
flexibility
and
abstrac7on
must
be
considered
when
developing
a
new
applica7on
in
order
to
select
the
level
best
fiOed
for
that
specific
applica7on.
Some
applica7ons
might
require
specific
hardware
configura7on
while
in
other
applica7ons
this
high
flexibility
level
could
complicate
development
and
deployment
unnecessary.
For
clarifying
purposes
we
shortly
describe
the
three
service
types
included
in
this
model:
Using
SaaS
solu7ons
might
result
in
changing
the
ownership
of
sorware,
shiring
responsibility
of
infrastructure
management
to
the
SaaS
provider,
reducing
opera7onal
costs
and/or
targe7ng
the
long
tail
of
smaller
businesses
(Chong
&
Carraro,
2006).
In
every
as-‐a-‐service
model
transferring
IT
responsibili7es
from
customer
to
provider
implies
a
different
distribu7on
of
budgets
for
sorware,
hardware
and
professional
services
(Chong
&
Carraro,
2006).
On
tradi7onal
on-‐premises
architectures,
the
budget
for
hardware
and
services
is
higher
than
in
SaaS
architectures
as
a
part
of
them
is
carried
The
long
tail
theory
states
that
a
large
group
of
low-‐volume
items
translates
into
higher
total
revenues
than
high-‐volume
ones
(Chong
&
Carraro,
2006).
Nevertheless,
most
tradi7onal
sorware
vendors
focus
on
large
customers
as
they
are
the
only
ones
that
can
afford
to
pay
the
high
level
of
customiza7on
needed
to
deploy
sorware
on-‐premises.
Due
to
the
economies
of
scale
and
mul7-‐
tenancy
achieved
by
SaaS
vendors
a
new
market
opens
to
them
that
was
previously
cost-‐ineffec7ve
to
serve
(Chong
&
Carraro,
2006).
As
SaaS
vendors
can
offer
sorware
cheaper
than
on-‐premises
they
can
benefit
from
the
high
volumes
represented
in
the
long
tail.
Customiza7on
in
SaaS
solu7ons
can
be
achieved
by
iden7fying
variability
points
that
support
the
configura7on
of
a
SaaS
applica7on
to
any
customer’s
specific
needs
(Mietzner
et
al.,
2008).
To
achieve
this
the
SaaS
vendor
can
create
an
applica7on
template
that
includes
a
series
of
variability
points
that
are
further
configured
by
the
SaaS
provider
to
create
customized
applica7ons
for
each
SaaS
customer.
There
are
therefore
two
main
types
of
ar7facts
in
a
SaaS
solu7on,
a
fixed
part
that
is
equal
for
all
tenants
and
configurable
metadata
that
enables
applica7on
customiza7on
(Mietzner
et
al.,
2008).
! SaaS
applica7ons
can
be
offered
following
different
mul7-‐tenancy
strategies
according
to
the
applica7on’s
needs
and
capabili7es
for
scalability,
configurability
and
mul7-‐tenancy
awareness
(Mietzner,
Unger,
Titze,
&
Leymann,
2009)
(Mietzner
et
al.,
2008).
Previous
research
on
SaaS
as
an
alterna7ve
to
tradi7onal
on-‐premises
sorware
has
incorporated
these
key
components
of
SaaS
into
an
architectural
model
based
on
four
maturity
levels
(Chong
&
Carraro,
2006).
In
order
to
choose
the
right
maturity
level
for
a
specific
applica7on
the
organiza7on
should
take
into
account
if
an
isolated
approach
makes
financial
sense
(business
model),
if
the
applica7on
can
be
ran
in
a
single
instance
(architecture)
and
if
the
applica7on
can
maintain
the
level
of
service
(SLAs)
without
isola7on
(opera7onal
model).
The
first
maturity
level
(ad-‐hoc)
can
be
compared
to
the
tradi7onal
ASP
model
(applica7on
service
provider)
of
sorware
delivery
(Chong
&
Carraro,
2006).
In
this
level
each
customer
has
a
separate
customized
instance
of
a
hosted
applica7on.
This
level
reduces
costs
through
the
consolida7on
of
hardware
and
overhead
costs.
In
the
second
maturity
level
(configurable)
the
SaaS
vendor
hosts
a
separate
instance
for
each
tenant
where
all
instances
use
the
same
code
The
third
level
of
maturity
(configurable
&
mul7-‐tenant
efficient)
includes
a
single
instance
serving
every
tenant
with
configurable
metadata
allowing
some
degree
of
customiza7on
(Chong
&
Carraro,
2006).
Security
is
in
this
context
crucial
to
guarantee
that
data
is
isolated
between
tenants.
Moreover,
scalability
is
achieved
ver7cally
by
moving
to
a
larger
instance.
In
the
fourth
and
last
level
of
SaaS
maturity
(Scalable,
Configurable
and
Mul7-‐tenant
efficient)
a
load-‐balanced
group
of
iden7cal
instances
is
available
with
configurable
metadata
and
isolated
data
storage
(Chong
&
Carraro,
2006).
It
is
important
to
note
that
this
maturity
level
is
the
only
one
leveraging
the
capabili7es
of
horizontal
scalability
across
the
available
instances.
According
to
previous
research
on
SaaS
mul7-‐tenancy
paOerns
(Mietzner
et
al.,
2009)
a
SaaS
service
can
be
configurable
or
non-‐configurable.
In
each
of
these
two
categories
we
can
find
three
mul7-‐tenancy
paOerns:
single
instance,
arbitrary
instance
and
mul7ple
instance
(Mietzner
et
al.,
2009).
There
are
therefore
six
different
mul7-‐tenancy
paOerns
available
ranging
from
configurable
single
instance
to
non-‐configurable
mul7ple
instances.
Arbitrary
instances
are
mixes
of
these
two
types,
where
some
tenants
share
instances
and
others
do
not.
This
might
be
to
guaranteed
the
quality
of
service
of
due
to
legal
requirements
in
some
clients.
The
following
table
(see
table
10)
reflects
some
of
the
considera7ons
that
we
can
find
in
previous
work
related
to
each
of
these
mul7-‐tenancy
paOerns:
Quality
of
service
or
(+)
Mix
of
single
and
mul7ple
instances
Arbitrary
compliance
while
(+)
Allows
fully
isola7on
when
needed
Configurable
Instance allowing
(+)
Horizontally
and
ver7cally
scalable
customiza7on (-‐)
Less
centraliza7on
than
single
instance
Customiza7on
when
(+)
Full
customiza7on
Mul7ple
applica7on
logic
is
(+)
Horizontally
scalable
Instances very
specific
tenant
(-‐)
Decentralized
deployment
and
maintenance
specific
A
service
with
the
(+)
Centralized
deployment,
maintenance
and
updates
for
Single
same
behavior
for
all
all
tenants.
Ver7cally
scalable
Instance
tenants.
(-‐)
No
isola7on
of
data
or
customiza7on
Non-‐
Configurable
Towards a Healthy Cloud Page 51 of 218 Juan Hernández Colomina
PaRern Focus Considera*ons
Although
we
consider
mul7-‐tenancy
not
an
essen7al
feature
of
cloud
compu7ng
any
cloud
vendor
or
provider
can
deploy
any
of
the
above
paOerns
in
another
type
of
cloud
solu7on
(e.g.
PaaS,
IaaS,
etc.)
to
create
mul7-‐tenant
aware
solu7ons.
This
kind
of
solu7on
is
currently
being
offered
by
Microsor’s
Azure,
Google
App
Engine,
Elastra
and
RightScale
among
others
(Leighton,
2009).
Google’s
App
Engine
is
developed
to
host
web
applica7ons
on
the
cloud
by
clearly
separa7ng
the
stateless
computa7on
layer
from
state-‐full
storage
layer
(Armbrust
et
al.,
2009).
Sorware
hosted
on
the
App
Engine
plaxorm
must
have
a
request-‐reply
behavior
to
minimize
the
resources
allocated
to
each
request.
The
mechanisms
for
guaranteeing
availability
and
automa7c
scalability
as
well
as
the
data
storage
layer
(MegaStore)
are
dependent
on
these
constrains
(Armbrust
et
al.,
2009).
Internal
clouds
are
hosted
within
an
organiza7on’s
boundaries
and
aim
to
leverage
the
firm’s
standard
processes
and
security
measures
(e.g.
firewalls,
DMZs,
etc.).
They
are
oren
limited
in
size
and
scalability
as
they
are
fully
financed
by
the
organiza7on.
This
type
of
cloud
is
best
fiOed
for
firms
that
require
full
control
and
configurability
of
their
infrastructure
and
security,
and
is
oren
used
when
business
opera7ons
are
subject
to
strict
compliance
standards
(Spinola,
2009).
Moreover,
as
the
organiza7on
does
not
depend
on
the
performance
and
availability
of
external
networks
(e.g.
Internet)
or
providers
(e.g.
Cloud
Provider),
Internal
Clouds
are
highly
recommended
for
deploying
applica7ons
that
handle
sensi7ve
data
or
need
high
availability
(Perry,
2009).
External
Clouds
are
located
outside
the
organiza7onal
domain
and
they
are
oren
more
scalable
and
cost
efficient
than
Internal
Clouds.
However,
this
might
imply
concessions
on
the
solu7on’s
security
and
customiza7on
levels
as
well
as
higher
dependancies
on
third
par7es
and
public
network’s
performance
(e.g.
Internet).
An
interes7ng
mixed
approach
between
Internal
and
External
Clouds
are
Hybrid
Clouds.
Hybrid
Clouds
are
Internal
Clouds
linked
to
External
Clouds
where
the
external
capabili7es
are
only
used
when
needed.
An
organiza7on
can
use
an
Hybrid
Cloud
to
maintain
the
required
levels
of
security
and
customiza7on
while
leveraging
External
Cloud
capabili7es
for
scalability
at
peak
workloads
(Cloud
Burs7ng)
and
fail-‐over
situa7ons.
UC
Berkeley
RADSL
defines
a
Public
Cloud
as
a
cloud
where
the
infrastructure
layer
is
available
on
demand
to
the
general
public
(Armbrust
et
al.,
2009).
This
is
what
Berkeley
refers
to
as
U;lity
Compu;ng.
When
the
service
is
not
available
to
the
general
public
but
exclusively
to
users
of
a
single
organiza7on
Berkeley
considers
it
to
be
a
Private
Cloud
(Armbrust
et
al.,
2009).
Although
Berkeley
excludes
Private
Clouds
from
their
defini7on
of
Cloud
Compu7ng,
we
do
not
fully
agree
with
Berkeley’s
perspec7ve
as
for
example
any
organiza7on
can
leverage
some
of
the
cloud
advantages
by
deploying
a
Private
Cloud
for
corporate
use
only
(Perry,
2009).
According
to
previous
research
a
Private
Cloud
is
designed
to
be
accessed
and
operated
only
by
members
of
a
specific
organiza7on,
while
a
Public
Cloud
is
oren
open
for
use
by
the
general
public
(Spinola,
2009)
(Perry,
2009).
As
Public
Clouds
make
use
of
economies-‐of-‐scale
by
leveraging
sta7s7cal
mul7plexing
and
mul7-‐tenancy,
the
savings
achieved
can
be
passed
on
to
Cloud
Users,
resul7ng
in
cheaper
offerings
than
Private
ones.
However,
they
are
managed
and
supported
by
a
Cloud
Provider,
offering
homogenous
resources
that
have
limited
configura7on
possibili7es
(Spinola,
2009).
Public
Clouds
are
recommended
in
situa7ons
of
non-‐cri7cal
SLAs
and
where
on-‐premises
infrastructures
have
limited
scaling
capabili7es
or
exper7se
(Michelson,
2009).
Private
Clouds
can
best
be
used
when
trying
to
op7mize
resource
u7liza7on,
mission
cri7cal
SLAs
or
where
highly
secure
and
fully
compliant
infrastructures
are
needed
(Michelson,
2009).
Among
others,
security,
intrusion
detec7on
and
load
balancing
are
some
examples
of
func7onali7es
that
can
be
more
efficiently
provided
by
Public
Clouds
(Howarth,
2009)
(Sheehan,
2009b).
In
situa7ons
of
high
future
demand
uncertainty
for
an
specific
applica7on
Berkeley
believes
that
deploying
a
Private
Cloud
will
lead
per
defini7on
to
data
center
underu7liza7on
due
to
the
over-‐
provisioning
needed
to
cope
with
poten7al
peaks
in
demand
(Armbrust
et
al.,
2009).
On
the
other
hand,
using
a
Public
Cloud
in
the
same
situa7on
will
automa7cally
lead
to
cost
savings
due
to
the
usage
based
pricing
(pay-‐by-‐the-‐hour)
model
(Armbrust
et
al.,
2009).
In
this
context,
an
Hybrid
Cloud
that
scales
out
to
handle
peaks
could
be
the
best
solu7on
to
guarantee
the
con7nuity
of
services
at
a
cost
efficient
manner.
This
is
what
some
prac77oners
describe
as
Cloud
Burs7ng
(Perry,
2009)
(McLaughlin,
2009a)
(Treese,
2009)
(EvereO,
2009).
It
is
important
to
note
than
even
though
a
Cloud
Users
can
scale
out
to
a
third
party
solu7on
they
s7ll
remain
responsible
for
their
corporate
data
(EvereO,
2009).
According
to
Berkeley
performing
heavy
computa7ons
on
Private
Clouds
can
also
lead
to
underu7liza7on
or
not
being
able
to
offer
the
required
computa7onal
capacity
for
the
task.
On
the
contrary,
in
Public
Clouds
one
can
fully
benefit
from
parallel
processing
for
the
same
costs
as
1000
cloud
servers
for
one
hour
cost
the
same
than
1
cloud
server
for
1000
hours
(Armbrust
et
al.,
2009).
As
several
exis7ng
use
cases
demonstrate,
organiza7ons
should
consider
Public
Clouds
in
their
cost
analysis
for
performing
heavy
computa7onal
tasks.
Other
categoriza7ons
not
described
in
this
research
are
ver7cal
(industry)
or
horizontal
clouds
(exper7se),
virtual
private
clouds
(VPC),
Cloud
Oriented
Architectures
(COA)
and
Cloud
Service
Architectures
(CSA).
It
is
important
to
note
that
this
use
paOerns
are
described
from
a
Cloud
User
perspec7ve.
However,
Cloud
Providers
can
evaluate
how
this
paOerns
are
covered
in
their
offerings
in
order
to
accelerate
the
adop7on
of
their
specific
Cloud
Compu7ng
solu7ons.
A
remark
should
be
made
on
the
fact
that
in
some
types
of
Cloud
Compu7ng
solu7ons
(e.g.
Internal
and/or
Private
Clouds)
the
Cloud
User
is
the
same
organiza7ons
as
the
Cloud
Provider.
In
the
rest
of
this
sec7on
we
elaborate
on
these
use
paOerns
to
provide
a
deeper
understanding
of
the
situa7onal
factors
mo7va7ng
the
specific
usage.
Moreover,
by
using
this
sec7on
an
organiza7on
can
evaluate
wether
the
specific
goals
can
also
be
applicable
to
their
context.
The
op7miza7on
of
capacity
planning
and
resource
u7liza7on
is
one
of
the
most
frequent
use
cases
of
Cloud
Compu7ng
(Brown,
2009a).
Tradi7onal
capacity
planning
oren
results
in
two
undesired
situa7ons:
over-‐provisioning
and
under-‐provisioning.
When
resources
are
under-‐provisioned,
demand
exceeds
the
resources
available
resul7ng
in
unsa7sfied
customers
due
to
solu7ons
not
responding
or
responding
with
a
significant
delay.
On
the
other
hand,
when
resources
are
over-‐provisioned
the
organiza7ons
suffers
directly
from
cost
inefficiencies
due
to
the
waste
of
resources.
Moreover,
buying
resources
long
before
they
are
used
always
implies
nega7ve
financial
consequences
based
on
opportunity
costs
and
the
7me
value
of
money
(e.g.
Net
Present
Value).
C l o u d
C o m p u 7 n g
c a n
b e
considered
as
just-‐in-‐7me
resource
alloca7on
which
op7mizes
capacity
planning
and
resource
u7liza7on
as
it
eliminates
the
issues
of
over-‐
and
under-‐provisioning
of
resources
(Brown,
2009a).
The
effects
on
just-‐in-‐
7me
resource
provisioning
compared
to
tradi7onal
resource
alloca7on
are
shown
in
figure
6.
As
Cloud
Users
can
allocate
extra
resources
almost
real-‐7me
at
the
same
cost
per
unit,
they
can
therefore
cover
any
unexpected
peaks
in
demand
(Broek,
2009)
(Michelson,
2009).
Elas7city,
or
in
other
words
being
able
to
upscale
or
downscale
on
demand
is
specially
interes7ng
in
situa7ons
where
the
prealloca7on
of
resources
must
cope
with
high
levels
of
demand
uncertainty
(Armbrust
et
al.,
2009).
Elas7city
can
be
considered
as
an
advance
form
of
instant
load-‐balancing
having
almost
unlimited
resources
to
spread
the
workload.
Some
examples
of
this
use
paOern
are
the
use
of
Amazon
S3
storage
for
TwiOer
avatars,
the
use
of
the
Azure
plaxorm
for
Wordpress
blogs,
and
the
sorware
scalability
achieved
by
PresidioHealth
on
the
Appistry
Cloud
IQ
plaxorm.
This
use
paOern
demonstrate
how
fast
growing
organiza7ons
can
leverage
infrastructures
to
cover
for
their
success
being
able
to
handle
unexpected
exponen7al
demand
curves.
As
Cloud
Compu7ng
can
deliver
an
almost
unlimited
amount
of
compu7ng
resources
they
are
ideal
plaxorms
to
perform
high
performance
compu7ng
tasks.
Performing
heavy
computa7ons
on
a
limited
amount
of
resources
oren
implies
large
performing
7mes.
Instead,
performing
the
same
task
but
distributed
and
concurrently
over
a
large
amount
of
resources
leads
to
significant
lower
task
fulfillment
7mes.
An
example
of
this
situa7on
can
be
found
in
extensive
calcula7ons
involving
a
large
number
of
variables.
Since
these
types
of
calcula7ons
will
take
a
lot
7me
and
resources
when
performed
at
internal
infrastructures,
organiza7ons
can
benefit
from
the
large
parallel
processing
that
cloud
solu7ons
offer.
An
important
implica7on
of
this
use
paOern
is
that
Cloud
Compu7ng
can
bring
high
volumes
of
compu7ng
power
to
people
and
organiza7ons
that
otherwise
could
never
have
such
capabili7es
to
their
disposal.
It
breaks
the
informa7on
asymmetry
from
the
past
years,
where
informa7on
was
generated
by
end
users
but
only
a
few
firms
(e.g.
Microsor,
Google,
Yahoo,
etc.)
had
the
resources
to
process
this
informa7on
and
get
advantage
from
it
(Armbrust
et
al.,
2009).
Some
examples
of
this
use
paOern
are
BT’s
calcula7ons
of
mobile
plans,
the
New
York
Times
conversion
of
their
archives,
and
the
gene7c
model
tes7ng
and
simula7ons
at
Harvard
Medical
School.
BT’s
mobile
plan
calcula7ons
were
performed
more
efficiently
on
a
cloud
plaxorm
than
ever
before
on
their
internal
infrastructure
involving
millions
of
records
in
around
3.6
terabytes
of
data
(DAuria
&
Nash,
2009).
The
New
York
Times
converted
4
terabytes
of
7ff
files
into
pdf
files
on
Amazon
EC2
with
substan7al
savings
in
7me
(days
instead
of
weeks)
and
money
(hundreds
of
dollars
instead
of
thousands).
Harvard
Medical
School
used
Amazon
EC2
to
run
gene7c
tes7ng
models
and
simula7ons
resul7ng
also
in
significant
cost
and
7me
savings.
The
separa7on
of
data
from
applica7ons
is
a
current
trend
that
will
make
Cloud
Compu7ng
more
aOrac7ve
in
the
near
future
(Hiner,
2009).
To
guarantee
con7nuity
and
availability
there
is
an
increasingly
tendency
in
web
applica7ons
to
facilitate
off-‐line
work
that
is
synced
to
the
online
environment
once
the
client
goes
back
online
(e.g.
Google
Gears)
(Hiner,
2009).
Some
possible
fail-‐
over
architectures
and
their
implica7ons
are
depicted
in
table
12.
When
a
firm
uses
his
own
infrastructure
and
his
own
failover
mechanisms,
system’s
availability
is
guaranteed
by
the
company’s
performance
(best
effort).
This
kind
of
solu7on
is
expensive
since
monitoring,
problem
analysis
and
problem
solving
is
carried
out
by
the
organiza7on.
However,
the
organiza7on
has
the
highest
degree
of
control
in
solving
the
situa7on
at
hand.
In
mixed
models
where
either
the
infrastructure
or
the
failover
mechanism
is
managed
by
a
Cloud
Provider,
costs
decreases
in
detriment
of
control
scope.
Where
organiza7ons
deploy
a
pure
cloud
construc7on
where
infrastructure
and
failover
mechanisms
are
managed
by
Cloud
Providers,
the
degree
of
control
as
well
as
the
costs
are
minimized.
Following
the
principle
of
“no
single
point
of
failure”
we
will
have
to
discard
the
pure
managed
architectures
and
the
ones
using
a
single
(or
interconnected)
cloud
provider
as
they
represent
a
single
point
of
failure
(Armbrust
et
al.,
2009).
There
are
several
examples
of
organiza7ons
leveraging
Cloud
solu7ons
for
fail-‐over
and
backup.
Some
examples
are
37signals,
Zmanda
and
Jungle
Disk.
All
three
organiza7ons
have
created
backup
solu7ons
on
top
of
Amazon
S3
storage
solu7on.
Cloud
Users
can
determine
the
exact
level
of
resource
needed
at
any
moment
allowing
them
to
scale
up
or
down
when
needed.
This
elas7c
character
is
unique
in
the
sorware
world
and
enables
companies
to
capitalize
on
market
opportuni7es
on
a
much
faster
pace
that
they
otherwise
could
(Hinchcliffe,
2009).
Examples
of
this
use
paOern
can
be
found
in
PresidioHealth
with
the
PaaS
Appistry
solu7on,
and
Siemens
and
SugarCRM
that
leverage
Windows
Azure
to
achieve
faster
applica7on
development
and
deployment.
Due
to
the
size
of
Cloud
Providers
they
can
aOract
the
best
professionals
to
assure
compe77veness
with
other
offerings.
As
highly
knowledgeable
employees
are
scarce
and
expensive,
Cloud
Users
can
beOer
reallocate
exper7se
and
money
to
their
core
business,
crea7ng
new
solu7ons
instead
of
maintaining
exis7ng
ones
(Hinchcliffe,
2009).
Examples
of
organiza7on
using
Cloud
Compu7ng
to
leverage
external
knowledge
and
experience
are
hos7ng
provider
GoGrid
which
builds
solu7ons
on
top
of
Windows
Azure,
Associated
Press
which
encourages
external
developers
to
build
applica7ons
on
Windows
Azure
and
Rover
Apps
which
uses
the
Rackspace
Cloud
to
improve
the
performance
of
their
infrastructure.
In
table
13
the
financial
benefits
of
Cloud
Compu7ng
as
described
by
Forrester
research
are
depicted
(Forrester,
2008).
In
order
to
enable
a
clear
understanding
of
the
economic
implica7ons
of
Cloud
Compu7ng
we
further
describe
in
this
sec7on
the
most
relevant
ones.
Table 13: The Financial Benefits of Cloud Compu*ng (Forrester, 2008)
Using
Cloud
Compu7ng,
hardware
installa7on
and
maintenance
costs
are
shired
to
Cloud
Providers.
On
the
contrary,
running
your
own
data
center
implies
installing
and
replacing
every
piece
of
hardware
manually
with
the
corresponding
opera7ng
costs.
Specially
in
countries
where
IT
human
capital
is
rather
expensive
and
difficult
to
find
(e.g.
The
Netherlands)
this
is
an
interes7ng
opportunity
to
take
into
account
given
the
transparent
pay-‐as-‐you-‐go
pricing
offered
in
Cloud
Compu7ng
solu7ons.
As
a
consequence
of
Cloud’s
elas7c
character
it
is
possible
to
reduce
upfront
investments
improving
the
overall
cost
efficiency
of
IT
opera7ons.
According
to
a
IDC
research,
around
70%
of
IT
budgets
are
used
to
maintain
current
IT
capabili7es.
Moreover,
according
to
the
US
department
of
energy
around
85%
of
compu7ng
capacity
is
idle
most
of
the
7me
(Spinola,
2009).
If
we
also
take
into
account
the
rising
energy
prizes
it
is
clear
why
Cloud
Compu7ng
can
significantly
contribute
to
cost
efficiency.
According
to
previous
research,
by
achieving
economies
of
scale
Cloud
Users
can
buy
their
resources
at
a
factor
1/5
to
1/7
than
they
otherwise
would
(Armbrust
et
al.,
2009).
However,
There
are
significant
differences
on
the
billing
methods
currently
applied
by
Cloud
Providers.
Billing
storage
and
network
bandwidth
consump7on
is
a
straight
forward
task.
as
the
total
number
of
units
can
be
easily
divided
and
consump7on
can
be
measured
on
those
units.
However,
depending
on
the
virtualiza7on
level,
computa7onal
resources
are
not
as
simple
to
monitor
and
bill
(Armbrust
et
al.,
2009).
We
have
classified
cloud
related
risks
into
three
groups:
opera7onal
risks,
compliance
risks
and
standards
related
risks.
For
each
risk
we
refer
to
some
(par7al)
solu7ons
for
risk
mi7ga7on
or
avoidance
currently
being
offered
by
Cloud
Providers.
As
security
is
probably
the
most
men7oned
risk
of
Cloud
Compu7ng
we
describe
it
separately
in
the
next
sec7on
(see
sec7on
7).
A.
Service
Availability
The
degree
of
service
availability
required
is
highly
applica7on
dependent.
However,
high
availability
is
in
almost
all
cases
a
desired
property
that
improves
performance
and
leads
to
a
beOer
user
experience.
However,
although
large
Cloud
Providers
should
in
theory
have
a
more
reliable
and
secure
system
than
individual
organiza7ons
this
is
in
prac7ce
not
always
the
case
(Bakker,
2009).
Even
the
most
redundant
infrastructure
can
fail
as
reflected
in
the
list
of
documented
cloud
incidents
included
in
appendix
E
(Leighton,
2009).
It
is
important
to
note
that
fully
availability
(100%)
is
impossible
to
guarantee
when
using
shared
ungoverned
infrastructures
(e.g.
Internet).
Nevertheless
Cloud
Users
should
carefully
compare
historic
Cloud
Provider’s
availability
rates
with
availability
rates
at
their
current
infrastructure
(e.g.
on-‐
premises
or
at
another
provider).
There
are
few
enterprises
in
the
world
that
can
achieve
higher
availability
rates
than
the
largest
Cloud
Providers
(e.g.
Google’s
99,9%,
Amazon’s
99,95%,
Microsor’s
99,95%,
etc.).
In
order
to
maximize
service
availability,
one
possible
solu7on
could
be
to
implement
one
of
the
mixed
fail-‐over
architectures
described
previously
in
this
research
(see
Cloud
Use
PaOerns).
If
we
combine
on-‐premises
and
cloud
solu7ons
where
one
of
them
is
deployed
as
a
fail-‐over
we
can
cover
for
possible
service
unavailability.
However,
this
solu7on
can
increase
opera7ng
costs
significantly
as
everything
needs
to
be
redundantly
deployed.
For
this
reason
it
is
important
that
Cloud
Users
balance
the
level
of
desired
availability
against
the
costs
of
achieving
that
level.
Taking
into
account
that
applica7ons
are
becoming
more
data
intensive
and
bandwidth
costs
are
not
decreasing
in
price
at
the
same
rate
than
other
hardware
does,
the
costs
of
transferring
data
to
and
from
the
cloud
must
be
taken
into
account
when
considering
Cloud
Providers.
With
current
networking
capabili7es,
transferring
large
amounts
of
data
implies
large
amounts
of
7me
and
money.
Calcula7ons
in
previous
research
(Armbrust
et
al.,
2009)
have
discovered
that
in
some
cases
might
be
more
effec7ve
to
ship
data
physically
instead
of
transferring
it
electronically.
This
approach
is
followed
by
Amazon
that
allows
the
physical
sending
of
data
containers
(e.g.
DVD)
with
data
to
be
stored
on
their
Cloud.
Once
the
media
container
is
received
Amazon
sets
the
data
on
the
Cloud
User’s
S3
service
account
free
of
transfer
charges.
Another
approach
to
deal
with
network
throughput
limita7ons
could
be
to
limit
the
amount
of
data
to
be
stored
on
the
Cloud.
As
more
public
data
sets
(e.g.
data.gov
sets,
geographical
loca7ons,
zip-‐codes,
etc.)
become
available
on
the
cloud,
a
firm
does
not
need
to
transfer
all
data
to
the
cloud.
An
applica7on
can
(re)use
these
public
sets
without
incurring
in
transmission
costs.
Moreover,
due
to
the
centralized
character
of
the
cloud,
these
public
data
collec7ons
will
be
kept
up
to
date
without
any
effort
needed
from
the
Cloud
User.
Future
developments
in
networking
technology
promises
a
significant
increase
in
bandwidth
reducing
the
7me
and
money
needed
to
transfer
large
data
sets.
For
example,
in
2010
the
cost
of
a
10
Gigabit
Ethernet
server
connec7on
is
predicted
to
fall
to
around
$200
(against
$1000
nowadays)
while
the
new
40
Gigabit
Ethernet
and
100
Gigabit
Ethernet
will
soon
become
available.
D. Network
Dependency
A
Cloud
User
is
always
dependent
on
its
Internet
connec7on’s
reliability
and
speed
to
access
the
service
in
terms
of
bandwidth
and
latency
(Arnold,
2008a)
(Bakker,
2009)
(Golden,
2009).
Although
some
vendors
have
developed
solu7ons
that
facilitate
offline
work
that
is
later
synchronized
when
there
is
an
Internet
connec7on
(e.g.
Google
gears)
it
is
s7ll
not
a
standard
func7onality
in
all
Cloud
Compu7ng
offerings.
Another
important
considera7on
is
the
ungoverned
character
of
the
Internet.
When
data
is
transmiOed
through
this
public
network
the
route
to
be
followed
is
unknown
and
unpredictable
being
an
inherent
characteris7c
of
the
TCP/IP
protocol
(Leighton,
2009).
Depending
on
the
specific
network
situa7on
at
a
certain
point
in
7me
(e.g.
conges7ons,
malfunc7ons,
etc.)
the
selected
route
can
be
different,
which
can
result
in
unpredictable
network
latencies.
Although
using
current
networking
technologies
an
organiza7on
can
transfer
data
across
the
globe
with
latencies
of
milliseconds,
certain
types
of
applica7ons
are
less
tolerant
for
latencies
like
for
example
real-‐7me
trading
systems.
These
applica7ons
are
for
this
reason
not
fiOed
to
be
hosted
on
the
Cloud
(Armbrust
et
al.,
2009).
Although
the
quality
of
the
network
can
be
par7ally
safeguarded
in
SLA’s
(service
level
agreements),
it
is
not
clear
wether
the
economic
claims
arer
a
malfunc7on
fully
cover
the
damage
suffered
(e.g.
Client
lost,
Brand
damage,
etc.)
(Bakker,
2009).
Moreover,
although
SLAs
can
help
to
prevent
failures,
they
do
not
solve
the
problems
arising
from
wrong
designed
architectures
(Sheehan,
2009b).
It
is
important
to
note
that
while
in
past
compu7ng
paradigms
users
maintained
full
possession
and
control
over
their
data,
Cloud
Compu7ng
solu7ons
imply
new
legal
considera7ons
to
take
into
account
due
to
the
fact
that
the
legal
responsibility
to
protect
private
or
confiden7al
data
s7ll
remains
on
Cloud
Users.
In
this
context,
an
important
aspect
to
take
into
account
is
the
geographical
loca7on
of
the
provider
and
therefore
the
rules
and
regula7ons
that
the
provider
has
to
comply
with
(DAuria
&
Nash,
2009)
(Mansfield-‐Devine,
2008).
Cloud
Providers
tend
to
place
their
new
data
centers
on
loca7ons
where
resources
are
cheap
which
are
oren
developing
or
underdeveloped
countries.
These
countries
might
not
be
the
best
place
to
store
sensi7ve
data
(Bakker,
2009).
Because
a
Cloud
Provider
can
be
located
anywhere
in
the
world,
differences
in
legisla7on
become
a
very
important
barrier
for
adop7on
(Lewis,
2009)
(Reingold
&
Mrazik,
2009).
There
are
for
example
significant
differences
between
the
EU
Data
Protec7on
Direc7ve
and
the
US
Patriot
Act.
These
differences
should
be
considered
when
selec7ng
a
provider
as
for
example
a
Cloud
User
in
the
EU
must
comply
with
EU
legisla7on
while
his
data
stored
in
the
USA
is
subject
to
USA
legisla7on
(Mansfield-‐Devine,
2008).
If
the
Cloud
Provider
is
for
example
located
in
the
USA,
then
all
the
A
solu7on
to
these
geo-‐localiza7on
issues
could
be
that
Cloud
Providers
facilitate
the
division
of
data
into
country
blocks
that
will
comply
with
the
regula7ons
of
each
individual
na7on.
This
is
currently
offered
by
various
providers
like
for
example
Amazon
which
allows
Cloud
Users
to
determine
where
to
store
their
data,
offering
the
possibili7es
of
their
Ireland’s
data
center
in
Europe
and
two
data
centers
in
the
USA
(west
and
east
coast
data
centers).
This
feature
is
at
the
moment
of
wri7ng
being
incorporated
to
other
solu7ons
like
Rackspace’s
Cloud
and
Terremark’s
Enterprise
Cloud
among
others.
As
the
level
of
transparency
varies
strongly
between
providers,
Cloud
Users
should
select
the
provider
that
provides
them
with
the
desired
transparency
to
comply
with
laws
and
regula7ons.
This
could
be
in
the
form
of
cer7fica7ons
(e.g.
SAS
70,
ISO,
etc.)
or
by
providing
full
access
to
the
underlaying
resources.
Moreover,
when
evalua7ng
the
pricing
of
Cloud
offerings
Cloud
Users
should
take
into
account
the
effects
of
informa7on
asymmetry
arising
from
the
current
lack
of
transparency
in
offerings.
C.
Data
Confiden*ality
One
of
the
most
important
barriers
for
the
adop7on
of
Cloud
Compu7ng
is
the
lack
of
assurance
of
data
confiden7ality.
Among
others,
the
loca7on
where
data
is
stored,
how
secure
it
is
stored
and
transferred
to
and
from
the
cloud,
data
access
management
and
procedures
for
the
disposal
of
data
are
some
of
the
concerns
of
Cloud
Users
related
to
data
confiden7ality.
Data
confiden7ality
is
specially
a
risk
in
cloud
models
where
data
is
transferred
outside
the
organiza7on
through
public
networks
(e.g.
Internet)
and
when
storing
data
on
third
par7es'
systems.
Transferring
data
outside
the
organiza7on
implies
an
added
risk
compared
to
on-‐premises
infrastructures
as
data
leaves
the
organiza7onal
domain
and
its
security
scope
(e.g.
firewall)
and
therefore
it
cannot
be
fully
controlled
by
the
organiza7on.
It
is
important
to
note
that
when
data
travels
over
public
networks
(e.g.
Internet)
there
is
no
fully
control
over
data
confiden7ality
unless
specific
security
measures
are
taken
(e.g.
VPN
networks,
Point-‐to-‐point
connec7ons,
encryp7on,
etc.).
Secondly,
security
research
indicates
that
vulnerabili7es
are
more
oren
generated
internally
than
externally,
by
own
employees.
According
to
previous
research
one
third
of
IT
professionals
oren
misuse
their
rights
to
access
sensi7ve
informa7on
(Spinola,
2009)
This
means
that
storing
data
on
the
cloud
with
secure
access
policies
could
even
improve
current
data
access
management.
Cloud
Providers
have
a
large
dedicated
security
departments
and
they
invest
con7nuously
in
securing
their
infrastructure.
In
words
of
Forrester’s
analyst
Jason
Staten:
“Security
is
one
of
the
core
competencies
of
the
cloud
provider”
(Golkar,
2009).
Taking
into
account
this
perspec7ve,
trust
represents
a
cri7cal
ingredient
for
the
successful
adop7on
of
Cloud
Compu7ng
(Hiner,
2009)
(Mansfield-‐Devine,
2008).
The
lack
of
trust
with
Cloud
Compu7ng
environments
can
be
compared
to
some
extend
with
the
first
developments
in
ICT
where
informa7on
on
screen
was
regarded
to
be
less
reliable
than
on
paper.
As
this
new
model
matures,
trust
will
become
a
less
relevant
issue
for
adop7on.
Some
experts
suggest
the
mandatory
use
of
encryp7on
to
safeguard
data
confiden7ality
(Reingold
&
Mrazik,
2009)
(Brynko,
2008)
(Spinola,
2009).
Although
this
is
oren
the
case
when
transferring
data
to
and
from
the
Cloud
Provider,
it
is
oren
skipped
for
cloud
stored
data
as
it
can
imply
a
significant
detriment
in
the
quality
of
service
provided
(Reingold
&
Mrazik,
2009).
Nevertheless,
it
is
highly
recommended
that
Cloud
Users
select
a
provider
that
applies
encryp7on
also
to
the
data
stored
besides
delivering
the
quality
of
service
needed.
In
the
absence
of
formal
standards,
at
the
IaaS
level
“de
facto”
standards
are
emerging
which
are
oren
based
on
the
underlaying
virtualiza7on
technologies.
Amazon’s
Xen
based
AMI
format
for
instances
in
the
cloud
(e.g.
units
of
aggregated
resources)
and
VMware’s
virtual
image
format
are
two
of
the
most
common
formats
that
can
be
currently
regarded
as
“de
facto”
Cloud
Compu7ng
standards.
B.
Vendor
Lock-‐in
In
the
early
stages
of
any
technological
innova7on
there
is
an
increased
risk
for
vendor
lock-‐in
(Reingold
&
Mrazik,
2009).
As
vendors
are
s7ll
developing
their
own
vision
on
Cloud
Compu7ng
a
Cloud
User
can
fall
into
this
situa7on
when
vendor’s
views
differ
significantly
from
each
other
(McLaughlin,
2009a).
Specially,
the
lack
of
Cloud
Compu7ng
standards
can
lead
to
vendor
lock-‐in
situa7ons
as
organiza7ons
deploy
vendor
formats
not
supported
by
other
vendors.
Most
cloud
APIs
are
proprietary
crea7ng
barriers
for
migra7ng
data
and
applica7on
between
Cloud
Providers.
A
Cloud
User
suffering
from
vendor
lock-‐in
is
more
fragile
to
raises
in
services
prices
and
to
provider's
bankruptcy.
They
would
have
to
accept
price
increases
as
they
are,
and
they
could
be
in
serious
trouble
if
their
supplier
goes
out
of
business
(Armbrust
et
al.,
2009).
Some
ini7a7ves
to
prevent
data
and
vendor
lock-‐in
are
the
Cloud
Compu7ng
Interoperability
Forum
and
The
Open
Cloud
Manifesto
by
IBM.
However
their
pioneering
efforts
have
not
lead
yet
to
an
industry
wide
trend
to
develop
and
adopt
standards.
This
lack
of
standards
could
seriously
difficult
migra7ng
to
another
Cloud
Provider
in
the
future
resul7ng
in
ver7cal
vendor
lock-‐in
situa7on
(Bakker,
2009)
(EvereO,
2009).
Another
important
remark
that
suggests
beOer
security
in
the
Cloud
is
the
effects
of
economies
of
scale
on
security.
The
same
security
measures
currently
deployed
on-‐premises
(e.g.
Encryp7on,
Virtual
LANs,
firewalls,
DMZs,
etc.)
can
also
be
implemented
on
cloud
environments.
As
security
hardware
is
rather
expensive
and
due
to
the
economies
of
scale
enjoyed
by
Cloud
Providers,
cloud
environments
can
deploy
beOer
(more
secure)
hardware
and
sorware
improving
the
overall
security
compared
to
tradi7onal
data
centers
(Armbrust
et
al.,
2009).
One
of
the
most
remarkable
security
benefits
in
Cloud
Compu7ng
iden7fied
by
ENISA
is
to
leverage
the
elas7c
on-‐demand
property
of
the
Cloud
as
a
protec7on
against
denial
of
service
aOakcs
(DDoS).
However
a
new
security
issue
arises
in
return,
the
Economic
Denial
of
Services
(EDOS)
aOack.
Although
the
service
is
kept
available
on
the
Cloud,
the
unintended
use
of
the
applica7on
can
generate
unexpected
costs
as
the
cloud
infrastructure
must
s7ll
be
paid
on
a
usage
basis.
Nevertheless,
the
experience
and
dimensions
of
Cloud
Providers
makes
them
more
capable
to
detect
and
absorb
these
aOacks
than
individual
companies
with
limited
resources
as
they
are
more
oren
Previous
research
has
iden7fied
some
security
issues
arising
from
the
use
of
Cloud
Compu7ng.
Among
others,
access
policies,
regulatory
compliance,
inves7ga7ve
support,
data
loca7on,
data
segrega7on,
and
recovery
and
long
term
viability
are
some
of
the
security
risks
when
using
Cloud
Compu7ng
(Mansfield-‐Devine,
2008).
• Access
Policies:
The
single
sing-‐on
solu7on
being
deployed
by
many
leading
internet
firms
allows
an
user
to
switch
between
cloud
applica7ons
without
the
need
of
login
every
7me.
Although
this
significantly
improves
usability,
it
also
represents
an
important
security
flaw
due
to
the
fact
that
once
the
login
is
compromised
then
all
applica7ons
become
vulnerable
(Mansfield-‐Devine,
2008).
This
single
sing-‐on
represents
a
single
point
of
failure
for
Cloud
infrastructures
and
it
is
currently
being
mi7gated
by
Cloud
Providers
by
using
two
factor
authen7ca7on
methods.
• Regulatory
Compliance:
In
the
area
of
data
governance,
Cloud
Users
need
to
be
sure
that
other
cloud
users
will
never
be
able
to
access
their
data
(Mansfield-‐Devine,
2008).
In
some
cases
Cloud
Providers
have
created
an
infrastructure
that
fully
complies
with
external
regula7ons
on
this
maOer.
As
an
example,
Google
Apps
systems
and
processes
fulfill
to
SAS
70
Type
II
audit
of
control
measurements
to
protect
data.
Since
Cloud
Users
are
oren
not
allowed
to
look
into
the
Cloud’s
security
infrastructure,
trust
on
the
provider
and
on
the
audit
results
becomes
an
important
enabler
for
adop7on
(Mansfield-‐Devine,
2008)
(Broek,
2009).
Compliance
issues
arise
in
many
cases
by
the
lack
of
transparency
of
Cloud
Providers
but
also
from
the
lack
of
auditors’s
technological
knowledge
(McLaughlin,
2009a).
According
to
a
CIO.com
survey,
adding
a
Public
Cloud
to
your
architectural
design
will
certainly
result
in
more
complexity
and
therefore
less
understanding
from
external
auditors.
• Inves*ga*ve
Support:
It
is
important
to
note
that
when
selec7ng
a
Cloud
Provider
its
security
model
should
be
carefully
scru7nized
as
the
customer
is
oren
ler
to
the
audit
findings
supplied
by
the
provider.
Cloud
Users
cannot
respond
to
audit
findings
or
examine
security
implementa7ons
at
provider’s
level.
Performing
a
security
audit
on
a
cloud
based
system
is
almost
impossible
as
Cloud
Providers
oren
do
not
provide
full
access
to
their
infrastructure.
Moreover,
ENISA
signals
a
security
risk
based
on
the
lack
of
contractual
rights
to
perform
security
analysis
(e.g.
port
scans
penetra7on
tests,
etc.)
by
Cloud
Users.
Although
these
analysis
are
oren
performed
by
Cloud
• Data
Loca*on,
Segrega*on,
Recovery
and
Disposal:
ENISA
iden7fies
some
jurisdic7onal
issues
related
to
the
loca7on
of
data
storage.
Moreover,
the
mul7-‐tenancy
and
shared
resources
character
of
Cloud
Compu7ng
can
represent
addi7onal
risks
for
organiza7ons
when
isola7on
mechanisms
separa7ng
tenants
fail
(e.g.
guest-‐hopping
&
cartographic
aOacks).
The
integrity
of
Cloud
Provider’s
employees
should
also
be
taken
into
account.
As
security
is
more
oren
compromised
internally
and
the
cloud
represents
a
large
volume
of
data,
Cloud
Users
must
carefully
analyze
how
Cloud
Providers
protect
data
from
internal
security
breaches.
Procedures
for
data
disposal
should
also
be
taken
into
account.
Once
data
is
deleted
by
a
Cloud
User,
the
Cloud
Provider
must
assure
that
the
deleted
data
cannot
be
restored,
specially
in
shared
infrastructures
where
hardware
is
reallocated
to
a
different
user.
• Long
Term
Viability:
The
absence
of
standard
tools,
procedures,
data
formats
and
services
interfaces
to
guarantee
data,
applica7on
and
service
portability
can
significantly
difficult
the
migra7on
to
other
Cloud
Provider
or
to
an
on-‐premises
seung.
This
situa7on
can
result
in
high
dependency
on
a
single
Cloud
Provider
and
therefore
vendor
lock-‐in
situa7ons.
In
a
situa7on
of
vendor
lock-‐in
Cloud
Users
must
also
be
aware
of
the
risk
of
provider’s
bankruptcy
and
develop
methods
to
recover
data
in
such
situa7ons.
• Disinvestments
&
Spoiler
Effect
of
Informa*on:
There
is
a
interes7ng
paradox
in
cloud
security.
As
companies
have
invested
in
highly
secure
and
expensive
measures
like
DMZs
or
firewalls,
adop7ng
a
cloud
infrastructure
will
mean
that
these
measures
are
not
longer
necessary
because
everything
is
stored
outside
the
organiza7on’s
boundaries
without
direct
control
on
the
security
measures
to
protect
it
(Mansfield-‐Devine,
2008).
Moreover,
Cloud
Users
should
be
aware
of
the
spoiler
effect
of
informa7on.
While
a
company’s
infrastructure
security
is
not
well
known
to
outsiders,
Cloud
Provider’s
security
measures
are
publicly
available,
making
it
easier
for
hackers
to
exploit
vulnerabili7es
(Mansfield-‐Devine,
2008).
One
of
the
most
important
trade-‐offs
that
Cloud
Providers
need
to
make
is
that
of
robustness
versus
pragma7sm
of
the
plaxorm
(Hinchcliffe,
2009).
While
offering
enterprise
func7onali7es
is
very
important,
they
nee
to
deliver
them
in
a
pragma7c
way
to
facilitate
its
adop7on
by
Cloud
Users.
Moreover,
when
selec7ng
a
Cloud
Provider,
Cloud
Users
need
to
select
the
offering
that
provides
them
with
the
right
balance
between
robust
security
and
pragma7sm
for
their
specific
situa7on.
The
Jericho
Forum
and
the
Cloud
Security
Alliance
(CSA)
are
laying
down
the
first
steps
towards
solving
the
security
issues
of
Cloud
Compu7ng
(EvereO,
2009).
The
CSA’s
Security
Guidance
for
Cri7cal
Areas
of
Focus
in
Cloud
Compu7ng
provides
guidelines
for
managing
risk,
portability
and
disaster
recovery.
The
Jericho
forum
has
developed
a
cube
model
linking
specific
security
issues
to
each
type
of
cloud,
specially
when
transferring
data
to
and
from
a
provider.
Both,
the
CSA
and
Jericho
forum
are
currently
working
together
to
develop
a
Cloud
Provider
accredita7on
mechanism.
We
begin
this
sec7on
by
describing
some
general
market
data
to
con7nue
with
two
overviews
of
the
features
offered
by
the
three
selected
IaaS
and
PaaS
providers.
We
provide
also
a
brief
descrip7on
of
each
provider
and
the
latest
developments
in
their
offerings.
As
External
Public
Clouds
are
leading
the
development
of
Cloud
Compu7ng
we
limit
our
analysis
to
this
type
of
clouds.
The
popularity
of
end
user
web
applica7ons
based
on
the
Cloud
Compu7ng
model
(e.g.
Gmail,
Google
Apps,
etc.)
are
an
indica7on
of
current
use
and
adop7on.
According
to
a
recent
study
of
PEW
Internet
Research
around
69%
of
Americans
are
using
some
kind
of
cloud
service
(Siegele,
2008).
On
the
enterprise
side
the
rate
of
adop7on
can
be
observed
from
a
recent
survey
performed
by
AppLabs.
Around
50%
of
the
firms
affirmed
that
they
are
deploying
cloud
infrastructures
or
are
planning
to
do
it
within
a
year
(Solomon,
2009).
Around
30%
of
these
organiza7ons
have
already
deployed
a
cloud
infrastructure
while
20%
is
expec7ng
to
deploy
it
within
a
year.
However,
the
remaining
50%
of
the
companies
answered
that
they
have
no
plans
to
use
Cloud
Compu7ng
in
the
near
future.
There
are
a
large
diversity
of
services
offered
following
the
Cloud
Compu7ng
model.
An
extensive
overview
is
offered
by
the
Cloud
Security
Alliance
and
its
depicted
in
figure
8.
Another
interes7ng
overview
provided
by
Gartner
is
included
in
appendix
F.
As
observed
in
the
above
figure,
the
large
diversity
of
offerings
can
be
generalized
into
three
main
groups
of
services
as
discussed
in
our
service
model
(SaaS,
PaaS
and
IaaS)
plus
the
tools
necessary
to
build
them.
Based
on
informa7on
from
the
three
selected
IaaS
providers
we
have
created
a
table
(see
table
14)
containing
a
comparison
among
the
features
offered
by
them
at
the
moment
of
wri7ng.
When
selec7ng
the
features
to
be
compared
we
have
focused
on
those
that
are
more
relevant
to
our
further
analysis
of
their
applicability
to
the
Dutch
healthcare
sector.
As
new
features
are
being
launched
every
month,
the
overview
is
limited
to
the
services
as
offered
on
December
2009.
Amazon
Rackspace
Features Joyent
EC2 Cloud
Servers
Security
&
Compliance
Dedicated Firewall No No No
VPN Yes No No
Control
Opera*ng Systems
Storage
Pricing Model
Minimum
Server
Size
(RAM) 256
MB 1,7
GB 250
MB
Free
inbound
traffic Yes
(**)
500
GB
/
month Yes
Free
outbound
traffic No 500
GB
/
month Yes
Other
The
compu7ng
solu7on
EC2
can
be
categorized
as
a
“Hardware-‐as-‐a-‐service”
where
users
have
control
over
the
en7re
compu7ng
stack.
By
applying
virtualiza7on
Amazon
offers
machine
images
with
the
same
degree
of
access
as
a
dedicated
server.
By
allowing
users
to
instantly
create
or
destroy
any
machine
image
at
any
moment
applica7ons
can
scale
up
and
down
dynamically
becoming
truly
elas7c
(Weiss,
2007)
(Holliday,
2009).
A
feature
that
differen7ates
Amazon
from
its
directly
compe7tors
is
that
Amazon
enables
scalability
by
adding
another
image
to
the
Load
Balancer
instead
of
increasing
the
amount
of
the
underlaying
resources
(e.g.
RAM,
etc.).
Amazon’s
storage
service
S3
hosted
around
64
billion
objects
per
August
2009
ranging
from
1
byte
to
5
gigabytes
each.
This
large
amount
of
storage
handles
on
average
around
100.000
I/O
requests
per
second.
Amazon
allows
third
par7es
to
store
and
distribute
their
own
(modified)
AMIs
(Amazon
Machine
Images)
trough
their
infrastructure
which
are
stored
on
the
S3
service
(privately
or
publicly
accessible)
and
can
be
used
to
boot
EC2
instances.
According
to
some
IT
analysts
(Gartner,
2009)
Amazon
offers
compu7ng
services
with
high
levels
of
granularity
applying
a
usage
based
pricing
model.
They
are
regarded
by
Gartner
as
an
“innova7ve
and
extraordinary
agile
organiza7on
responding
rapidly
to
customer
demands
for
features
rather
than
following
a
set
product
road
map”
(Gartner,
2009).
The
latest
features
launched
by
Amazon
focus
on
solving
some
of
the
main
risks
in
Cloud
Compu7ng:
compliance
and
security.
In
order
to
solve
issues
related
to
the
loca7on
of
data
storage
Amazon
offers
tools
that
allows
Cloud
Users
to
determine,
report
and
track
the
physical
loca7on
of
their
data
(Holliday,
2009).
Regarding
Cloud
security
Amazon
EC2
offers
the
possibility
of
using
mul7-‐
factor
authen7ca7on
by
using
an
external
authen7ca7on
device
next
to
the
user's
password.
Moreover,
the
launch
of
the
Virtual
Private
Cloud
feature
that
enables
the
secure
integra7on
of
Amazon’s
offering
with
on-‐premises
infrastructures
facilita7ng
the
deployment
of
hybrid
models.
Amazon
currently
offers
three
pricing
models
for
their
compu7ng
instances:
On-‐demand,
Reserved
and
Spot
Price.
On-‐demand
is
the
regular
pricing
model.
Reserved
instances
are
on-‐demand
instances
that
include
a
discount
for
one
to
three
years
prepaid
contracts.
Spot
Price
represents
an
Some
days
arer
the
Spot
Price
pricing
model
was
launched
the
first
graphical
tool
were
developed
to
track
the
development
of
spot
prices
over
7me.
One
of
this
tools
is
Cloud
Exchange
(hOp://cloudexchange.org/)
which
provides
overviews
as
the
one
depicted
in
figure
11
which
shows
prices
of
all
instance
types
and
OS
(Windows
and
Linux)
on
all
three
data
centers
(USA
West,
USA
East
&
Europe
West).
Although
the
Spot
Price
model
represents
the
first
steps
towards
u7lity
compu7ng
and
dynamic
pricing
of
resources
comparable
to
the
financial
stock
market,
this
approach
has
also
some
limita7ons.
First
of
all,
as
there
are
no
guarantees
on
how
long
a
customer
will
be
using
a
spot
instance
its
applicability
is
limited
to
a
specific
set
or
workloads,
like
for
example
those
that
are
not
7me
constrained
and
can
be
easily
restarted
(e.g.
batch
processing,
large
data
processing
and
transforma7on,
etc.).
Second
of
all,
the
supply
of
Spot
Price
instances
is
limited
by
Amazon,
as
opposed
to
the
“unlimited”
supply
of
on-‐demand
and
reserved
instances.
For
this
reason,
prices
of
spot
instances
do
not
necessary
need
to
be
supply
and
demand
driven
as
the
quan7ty
and
prices
of
each
type
of
instance
are
determined
by
Amazon.
Amazon
can
for
example
decide
that
spot
prices
are
the
only
op7on
or
that
there
is
no
stock
of
spot
prices
which
would
influence
Spot
Prices
significantly.
The
current
lack
of
transparency
on
this
new
feature
of
Amazon
EC2
makes
it
difficult
to
determine
wether
they
represent
surplus
capacity
or
they
are
just
another
pricing
choice
for
Amazon.
Amazon
has
developed
during
2009
a
series
of
partnerships
with
enterprise
sorware
producers
(e.g.
Oracle,
IBM,
etc.).
For
example,
in
February
2009,
the
partnership
agreement
between
Amazon
and
IBM
represented
an
important
step
towards
the
adop7on
of
Cloud
Compu7ng
as
a
new
delivery
method
for
enterprise’s
products
and
services.
IBM
offers
infrastructure
sorware
on-‐demand
on
the
Amazon
cloud
EC2
where
current
IBM
clients
can
use
their
exis7ng
licenses
also
on
the
EC2
plaxorm.
IBM
products
that
are
available
on
the
cloud
are
among
others
IBM
DB2,
Informix
Dynamic
Server,
WebSphere
Portal,
Lotus
Web
Content
Management
and
WebSphere
sMash.
This
step
to
the
cloud
follows
from
a
recent
agreement
between
IBM
and
Juniper
(a
leading
network
equipment
manufacturer)
around
Tivoli,
a
sorware
applica7on
that
is
able
to
transfer
workloads
from
and
to
a
public
cloud.
As
of
December
2009,
Amazon
has
incorporated
Tivoli
as
a
standard
offering
on
its
EC2
solu7on.
B.
Rackspace
Rackspace
was
tradi7onally
a
U.K.
based
web
hos7ng
enterprise
which
have
gained
worldwide
fame
for
their
“Fana7cal
support”
business
model.
Rackspace’s
acquisi7on
of
Mosso
added
IaaS
services
to
their
product
porxolio
to
support
the
deployment
of
Public
and
Private
Clouds
(Cloud
Servers
and
Dedicated
Services
respec7vely).
In
addi7on
they
also
offer
storage
services
(Cloud
Files)
and
PaaS
services
(Cloud
Sites).
To
facilitate
its
comparison
with
Amazon
EC2
we
will
limit
our
analysis
to
their
Cloud
Servers
offering.
According
to
John
Engates,
CTO
of
Rackspace,
the
company
aims
to
provide
maximum
applica7on
compa7bility
minimizing
the
need
to
adapt
sorware
to
be
hosted
on
the
Cloud.
A
central
element
on
their
strategy
is
to
enable
the
further
development
of
Hybrid
Clouds
for
burs7ng
between
on-‐premises
and
off-‐premises
cloud
infrastructures.
This
is
reflected
for
example
in
the
fully
compa7bility
of
Rackspace’s
API
with
RightScale
and
rPath’s
rBuilder
solu7ons.
During
2009
Rackspace
has
reported
healthy
growth
rates.
Net
revenue
for
the
quarter
ending
September
2009
was
reported
to
be
$162.4
million
which
is
17.4%
more
year-‐over-‐year
basis
and
6.8%
more
compared
to
the
previous
quarter.
Cloud
revenue
increased
to
$15.3
million,
17%
more
than
the
previous
quarter.
Rackspace
reported
that
Cloud
related
products
represent
approximately
10%
of
its
total
revenues
(5%
a
year
ago)
managing
54,655
servers
from
80,944
customers.
Cloud
Servers
has
access
to
local
RAID10
storage
which
provides
protec7on
against
drive
failures.
If
any
instance
fails
data
is
restored
by
Rackspace
free
of
charge
to
another
instance.
They
offer
also
a
broad
variety
of
instances,
ranging
from
256
MB
to
16
GB
of
RAM.
Once
an
instance
is
One
of
the
main
differences
between
Rackspace
and
Amazon
is
Rackspace’s
partnership
with
VMware
to
offer
VMware
based
images
next
to
Xen
based
ones.
This
is
the
result
of
a
strategic
alliance
between
VMware
and
AT&T,
Verizon,
Rackspace
and
BT
in
a
federated
cloud
plaxorm.
A
federated
cloud
integrates
various
different
clouds
on
an
ongoing
premises
(McLaughlin,
2009a).
This
vision
of
federated
clouds
facilitates
migra7ons
among
those
clouds
and
therefore
it
reduces
the
vendor
lock-‐in
risk.
This
is
reflected
on
VMware’s
vCloud
open
interface
which
is
developed
to
facilitate
migra7ons
between
clouds
using
this
format
(Kel•ens,
2009).
In
February
2009,
VMware
launched
its
new
cloud
tool
vSphere.
VMware’s
vSphere
is
a
Virtual
Datacenter
Opera7ng
System
(VDC-‐OS)
that
is
designed
to
support
organiza7ons
in
conver7ng
current
data
centers
in
Private
Cloud
infrastructures
that
can
eventually
be
connected
to
Public
Clouds
when
needed
(McLaughlin,
2009a).
The
vision
of
VMware
is
that
ICT
departments
in
the
future
are
going
to
become
internal
hos7ng
providers
and
therefore
one
of
their
most
important
tasks
will
be
the
effec7ve
alloca7on
of
resources
(Kel•ens,
2009).
According
to
VMware,
the
cloud
OS
(vSphere)
enables
companies
to
deliver
IT
as
a
service
enabling
cloud
burs7ng
capabili7es
(McLaughlin,
2009a).
According
to
VMware
the
first
step
in
crea7ng
a
Private
Cloud
is
to
virtualize
the
current
infrastructure
to
then
focus
in
delivering
IT
capacity
to
end
users.
By
provisioning
services
and
IT
resources
to
end
users
trough
a
self-‐service
interface
and
implemen7ng
usage
based
billing
systems
an
organiza7on
can
unleash
the
poten7al
of
Private
Clouds
(Sheehan,
2009b).
With
the
launch
of
vSphere,
VMware
is
addressing
the
self
service
provisioning
of
IT
capabili7es.
Management,
automa7on
and
billing
features
will
de
launched
in
the
coming
year
(McLaughlin,
2009a).
C.
Joyent
Joyent
offers
on-‐demand
cost
compe77ve
virtual
servers
which
they
call
Accelerators
deployed
over
a
layer
of
shared
networking,
rou7ng,
load
balancing
and
persistent
storage.
On
the
PaaS
area
Joyent
offers
Smart
Plaxorm
to
develop
applica7ons
and
determine
on
the
spot
which
instance
is
required
to
run
them.
For
Private
Cloud
deployment
and
management
Joyent
has
developed
their
Cloud
Control
sorware
which
is
offered
to
enterprise
customers.
Joyent
leverages
their
partnership
with
Sun
Microsystems
by
suppor7ng
at
the
moment
of
wri7ng
only
the
Open
Solaris
OS.
Moreover,
Joyent
uses
Sun’s
Solaris
Containers
and
ZFS,
and
networking
hardware
and
sorware
from
F5
Networks
and
Zeus.
One
of
the
most
significant
Joyent’s
success
stories
is
the
one
of
the
professional
social
network
LinkedIN,
which
has
45
million
users
and
16
million
unique
monthly
visitors
by
August
2009,
more
than
double
than
a
year
before.
The
Joyent
IaaS
service
delivers
331
million
page
views
per
month
to
LinkedIN
visitors
(by
June
2009)
For
the
purpose
of
this
research,
we
have
selected
Google
App
Engine,
Windows
Azure
and
Force.com
as
the
most
relevant
PaaS
solu7ons.
Their
features
are
depicted
in
table
15.
Code Portability No No No
In
a
recent
interview
with
Dave
Armstrong,
Google’s
EMEA
Cloud
Compu7ng
chief
(Broek,
2009)
he
commented
on
the
most
important
advantages
of
the
cloud:
scalability,
cost
reduc7on
and
improved
collabora7on.
Cloud
Compu7ng
allows
organiza7ons
to
focus
on
their
core
businesses
that
differen7ates
them
from
their
compe7tors.
For
this
reason,
according
to
Armstrong,
Cloud
Compu7ng
is
an
opportunity
for
every
company
in
any
sector,
including
highly
sensi7ve
businesses
like
the
banking
industry.
Companies
should
just
analyze
and
determine
beforehand
which
informa7on
is
going
to
be
stored
on
the
cloud
and
which
informa7on
will
remain
on
internal
on-‐premises
systems.
He
claims
that
there
is
no
risk
for
vendor
lock-‐in
as
data
can
be
as
easy
pulled
out
than
it
was
push
into
the
cloud.
In
his
own
words:
“You
don’t
lose
anything
by
moving
to
the
clouds.
You’re
just
doing
things
differently”
(Broek,
2009).
The
focus
of
Google
is
mainly
on
Public
Clouds
(Google
AppEngine)
providing
developers
with
an
applica7on
framework
and
hos7ng
to
build
and
deploy
their
sorware.
For
enterprise
solu7ons
Google
has
partnered
with
IBM
in
developing
cloud
solu7ons
for
the
enterprise.
Google
has
also
teamed
up
with
IBM
under
the
ini7a7ve
Google
101
to
build
an
University
Cloud
where
students
can
learn
about
large
scale
compu7ng
clouds
(Baker,
2007).
The
ini7a7ve
has
been
created
by
using
IBM’s
business
sorware
and
Google
servers.
For
educa7on
purposes
Google
has
developed
Hadoop,
an
Open
Source
version
of
MapReduce.
Although
the
Hadoop
project
was
started
by
one
of
Google’s
main
compe7tors
(Yahoo),
Google
has
worked
extensively
on
promo7ng
it
(Baker,
2007).
Google’s
inten7on
is
to
support
Hadoop
in
becoming
a
standard
for
Cloud
Compu7ng
sorware
architectures.
From
a
developer’s
perspec7ve,
Google
App
Engine
is
valued
for
its
fully
automated
and
easy
to
implement
scalability,
its
ease
of
use
Google
defines
clouds
as
“giant
clusters
of
computers
that
house
immense
sets
of
data
too
big
for
tradi;onal
computers
to
handle”
(Baker,
2007).
Google’s
infrastructure
of
globally
distributed
data
centers
has
been
crucial
for
their
pioneering
role
in
Cloud
Compu7ng
(Broek,
2009).
Their
cloud
is
con7nuously
evolving
with
investments
in
data
centers
es7mated
to
be
around
$2
billion
a
year
(Baker,
2007).
During
2007
Google
added
four
new
data
centers
to
its
Cloud
with
an
average
unit
cost
of
$600
million.
The
capacity
and
capabili7es
of
its
infrastructure
makes
it
an
ideal
plaxorm
to
perform
resource
intensive
scien7fic
jobs
that
a
decade
ago
would
have
been
performed
in
a
na7onal
lab
(Baker,
2007).
In
the
last
quarter
of
2008
Google
has
implemented
an
innova7ve
data
center
management
method
on
his
new
data
center
in
Saint-‐Ghislain,
Belgium.
The
new
data
center
has
no
chillers
to
support
its
cooling
systems.
As
chillers
require
large
amounts
of
electricity
to
operate,
this
new
method
results
in
improved
energy
efficiency.
Instead
of
using
chillers,
Google
applies
fresh
air
from
outside
the
data
center
when
temperatures
are
cool
and
it
uses
an
on-‐site
water
purifica7on
facility
to
use
water
from
a
nearby
industrial
canal
instead
of
municipal
water.
Using
this
innova7ve
set
up,
local
weather
forecas7ng
becomes
a
cri7cal
factor
in
network
and
data
center
management.
Belgium's
climate
ranges
from
18
to
22
degrees
celsius
during
summer,
while
Google
maintains
his
data
centers
above
26
degrees
celsius.
Google
es7mates
that
temperature
might
rise
above
the
acceptable
maximum
seven
days
per
year
on
average.
When
this
situa7on
occur,
Google
will
turn
their
Belgium
data
center
off
and
reallocate
compu7ng
workloads
to
other
data
centers
around
the
globe.
This
workload
management
strategy
has
been
denoted
as
“follow
the
moon”
taking
advantage
of
lower
costs
for
power
and
cooling
during
overnight
hours,
the
so
called
off-‐peak
u7lity
rates
charged
by
energy
providers.
B.
Windows
Azure
Windows
Azure
was
launched
in
2008
and
it
is
expected
to
be
open
for
public
use
by
January
2010.
Azure
supports
the
rapid
development
and
deployment
of
cloud
applica7ons
(Holliday,
2009).
In
words
of
Bob
Muglia,
president
of
the
Server
and
Tools
Business
at
Microsor:
"MicrosoU
is
converging
on
a
common
developer
plaDorm
for
both
servers
and
services".
According
to
some
journalists,
Microsor’s
strategy
is
to
become
the
most
used
cloud
opera7ng
system
(Mitchell,
2009).
Gartner
research
suggest
that
Microsor
is
planning
to
become
a
market
leader
in
tools
for
building
Private
Clouds
(e.g.
System
Center
product)
as
well
as
in
Public
Clouds
(e.g.
MS
Azure)
(Fergusson,
2008).
Azure
applica7ons
are
developed
using
.NET
and
compiled
arerwards
to
a
Common
Language
Run7me
(CLR)
to
be
used
independently
(Armbrust
et
al.,
2009).
The
level
of
abstrac7on
of
Azure
is
somewhere
between
the
Amazon’s
EC2
(low
abstrac7on)
and
Google
App
Engine
(high
abstrac7on).
The
programming
languages
and
databases
supported
on
Azure
include
non-‐Microsor
products
(e.g.
Zend,
PHP,
MySQL,
Java,
Eclipse
EDI,
etc.)
as
well
as
Microsor
languages
and
tools
(e.g.
MS
SQL,
.NET,
Visual
Studio
as-‐a-‐service,
etc.).
However,
it
is
important
to
note
that
as
most
Windows
applica7on
are
built
on
Windows
programming
tools
(e.g.
.NET)
the
migra7on
of
these
applica7ons
will
be
easier
to
Azure
than
to
any
other
plaxorm.
Although
this
development
means
a
unprecedented
change
in
Microsor
product
strategy
as
compared
to
tradi7onal
sorware
models
(client
or
on-‐premises)
(Fergusson,
2008)
it
is
important
to
note
that
Windows
Azure
is
not
a
standard
Windows
OS.
This
means
that
developers
might
need
to
adapt
their
applica7ons
to
be
able
to
run
them
on
Azure.
Microsor
recommends
organiza7ons
to
deploy
an
Hybrid
Model
to
limit
their
risks
while
leveraging
some
of
the
poten7als
of
the
cloud
paradigm.
To
support
hybrid
models
Microsor
offers
Windows
Server
AppFabric
(currently
in
Beta
status).
Developers
consider
Windows
Azure
as
a
very
simple
and
powerful
role-‐based
PaaS
solu7on.
However,
they
believe
that
Azure’s
scalability
is
currently
rather
poor
as
it
does
not
support
automa7c
scaling
of
instances.
In
Microsor’s
latest
Professional
Developers
Conference
in
November
2009,
the
company
presented
their
strategy
and
latest
development
around
the
Azure
plaxorm.
One
of
this
new
developments
is
PinPoint,
an
AppStore
for
business
apps
developed
and
deployed
in
Azure
including
third
party
add-‐ons
and
data
sets
(comparable
to
Force.com).
Another
announcement
was
project
Dallas,
a
data-‐as-‐a-‐service
solu7on
which
offers
large
data
sets
of
public
and
commercial
data
(e.g.
WHO,
NASA,
etc.)
on
a
pay-‐per-‐use
basis.
The
goal
of
this
project
is
to
enable
these
data
sets
to
be
mashed
up
by
developers
on
the
Azure
plaxorm.
Microsor
currently
supports
only
the
Windows
Server
virtual
machine
format
on
Azure.
Virtual
machine
server’s
pricing
ranges
from
12
cents
per
service
hour
for
machines
powered
by1.6-‐GHz
processors
and
1.75
GB
of
RAM
up
to
96
cents
per
service
hour
for
eight
1.6-‐GHz
chips
and
14GB
RAM.
An
example
of
an
enterprise
applica7on
that
is
already
running
on
Windows
Azure
is
Capgemini’s
ACS
applica7on
for
complex
calcula7ons
of
salaries
and
pensions
which
is
offered
as-‐a-‐
service
to
Capgemini’s
customers.
Other
case
studies
on
Azure
suggest
that
deployment
7mes
can
be
reduced
from
six
weeks
to
six
minutes
while
adap7ng
1%
of
the
total
code.
C.
Force.com
The
success
of
Force.com
is
even
greater
than
the
one
obtained
by
Salesforce.com
SaaS
offering
of
hosted
business
applica7ons.
The
company
has
recently
reported
that
55%
of
the
HTTPS
transac7ons
the
company
processes
come
through
their
API
(and
therefore
from
third
party
developed
applica7ons)
compared
to
45%
coming
from
Salesforce's
own
developed
applica7ons.
Force.com
focus
primarily
on
enabling
the
easy
development
and
deployment
of
custom
enterprise
apps
like
HR,
accoun7ng,
sales,
support,
etc.
According
to
Salesforce,
organiza7ons
can
deploy
applica7ons
five
7mes
faster
against
50%
of
the
costs
compared
to
tradi7onal
sorware
development
paradigms.
Force.com
allows
developers
to
reuse
exis7ng
pre-‐defined
data
objects,
security
models,
user
interfaces,
business
processes
and
automated
management.
Compared
to
.NET
and
J2EE,
Force.com
affirms
that
it
can
deliver
applica7ons
60%
faster
at
54%
lower
costs.
Moreover,
Force.com
enables
the
integra7on
of
on-‐premises
applica7ons
in
an
Hybrid
Cloud
model.
! Salesforce
last
reported
annual
revenue
was
$1
billion
as
of
February
2009.
By
December
2008,
Salesforce
had
around
51.800
clients
and
3.300
employees.
Their
last
reported
quarter
(third
fiscal
quarter
of
2009)
showed
a
31%
year-‐over-‐year
customer
increase
to
67.900
accounts.
Their
underlaying
infrastructure
is
based
on
the
mul7-‐tenancy
principle,
hos7ng
more
than
135.000
applica7ons
build
by
external
developers
on
the
Force.com
plaxorm
performing
around
200
million
transac7ons
daily
by
an
es7mated
188
million
lines
of
code.
Salesforce
has
obtained
the
ISO
27001
Cer7fied
Security
recogni7on
and
guarantees
99%
availability
rates.
Force.com
infrastructure
is
distributed
on
three
global
data
centers
that
are
configured
for
fail-‐over
and
disaster
recovery.
According
to
experienced
prac77oners,
the
best
approach
to
evaluate
Cloud
Compu7ng
as
a
viable
alterna7ve
is
to
consider
it
for
each
applica7on
and
project
separately
(BeOs,
2009).
To
facilitate
this
evalua7on,
a
weighted
scorecard
approach
has
been
suggested
that
considers
the
cri7cal
factors
influencing
the
decision
(BeOs,
2009).
Some
examples
of
situa7ons
that
could
significant
benefit
from
the
cloud
are
applica7ons
with
high
demand
vola7lity
or
that
require
fast
provisioning
of
resources
to
improve
the
7me-‐to-‐market.
The
scorecard
approach
is
depicted
in
table
16:
Another
interes7ng
model
for
the
adop7on
of
Cloud
Compu7ng
solu7ons
has
been
developed
by
Infosys
(Dargha,
2009).
To
evaluate
Cloud
Compu7ng
offerings,
Infosys
proposes
a
weighted
scorecard
approach
based
on
specific
considera7ons
to
be
taken
by
Cloud
Users.
Although
the
list
of
considera7ons
is
not
complete,
Infosys
considers
it
a
good
start
point
to
evaluate
Cloud
Providers
(Dargha,
2009).
The
scorecard
is
depicted
in
table
17.
Weighted
Considera*ons Weight Raw
Score
Score
Internal or industry regula7ons allow to store data on the cloud
The firm prefers to incur in OPEX rather than CAPEX
The applica7on is tolerant to latency and other network performance issues
The
priori7es
of
firms
of
different
sizes
are
significantly
different.
Small
firms
focus
on
minimizing
costs
and
complexity
by
elimina7ng
the
need
to
own
resources.
They
are
willing
to
trust
external
providers
easier
as
they
are
always
looking
for
outsourcing
as
many
non-‐core
ac7vi7es
as
possible
(Urquhart,
2009a).
On
the
other
hand,
large
enterprises
are
more
concerned
with
maintaining
their
exis7ng
ICT
investments
and
they
carefully
evaluate
new
investments
based
on
profitability
(e.g.
ROI)
(Urquhart,
2009a).
Because
large
organiza7ons
have
already
invested
vast
amounts
of
7me
and
money
in
protec7ng
and
op7mizing
their
infrastructures
they
are
not
likely
to
adopt
Cloud
Compu7ng
un7l
the
same
levels
can
be
guaranteed
(Urquhart,
2009a).
Type
of
Service
Type Scalability Vendor
Lock-‐in Code Deployment
Costs
Applica*on
McKinsey
recommends
organiza7ons
to
build
their
own
cloud
infrastructure
and
although
this
can
be
a
good
solu7on
for
some
situa7ons,
it
reduces
one
of
the
most
important
advantages
of
Cloud
Compu7ng
cost
efficiency
(Sheehan,
2009b).
For
this
reason,
some
authors
have
proposed
a
different
approach
by
first
examining
the
organiza7on’s
applica7on
porxolio
looking
for
cloud
candidates,
to
calculate
then
the
true
costs
of
the
internal
infrastructure
and
therefore
make
founded
decisions
on
wether
to
deploy
an
Internal
or
External
Cloud
(Sheehan,
2009b).
Another
interes7ng
approach
to
determine
which
type
of
access
and
deployment
model
is
best
fiOed
for
an
specific
applica7on
takes
into
account
how
mission
cri7cal
and
related
to
core
prac7ces
are
the
resources
(Spinola,
2009).
First,
organiza7on
need
to
determine
which
on-‐premises
IT
resources
and
systems
are
mission-‐cri7cal
and
which
are
not.
Second,
all
resource
must
be
analyzed
to
iden7fy
which
ones
are
sources
of
compe77ve
advantage
(core-‐business
prac7ces)
and
which
are
not
(non-‐core
prac7ces).
By
answering
these
two
ques7ons,
organiza7on
can
use
table
19
to
determine
which
deployment
and
access
model
is
best
fiOed
for
that
type
of
resources.
Table 19: Cloud Access and Deployment Models Selec*on Tool (Spinola, 2009)
Core
vs
Mission
Cri*cal Non
Mission
Cri*cal
Mission
Cri*cal
Core Prac*ces Deploy in Private Internal Cloud Good candidate for Private Internal Cloud
Non Core Prac*ces Good candidate for Public cloud Deploy in Public cloud
From
each
exis7ng
defini7on
we
have
first
extracted
their
main
components
or
features
to
group
them
further
where
seman7cally
possible.
Features
that
are
not
in
accordance
with
the
possibili7es
of
this
new
paradigm
(as
reflected
by
exis7ng
solu7ons)
and/or
are
only
men7on
in
few
publica7ons
have
been
excluded.
Moreover,
features
that
are
not
a
essen7al
requirements
as
demonstrated
by
some
vendors
have
been
also
excluded.
Arer
this
analysis
we
have
elaborated
the
following
defini7on
of
Cloud
Compu7ng:
Cloud
Compu;ng
is
the
delivery
model
where
on-‐demand
elas;c
IT
capabili;es
are
offered
as-‐a-‐service
through
the
Internet
following
a
usage
based
pricing
model.
There
are
a
large
number
of
IT
capabili7es
offered
according
to
the
Cloud
Compu7ng
model.
Some
examples
of
the
most
popular
services
are
infrastructures
(IaaS
solu7ons),
plaxorms
(PaaS
solu7ons),
and
sorware
(SaaS
solu7ons).
The
main
features
found
in
our
defini7on
are:
(1)
IT
capabili7es,
(2)
on-‐demand,
(3)
elas7c,
(4)
as-‐a-‐service,
(5)
internet
delivery
and
(6)
usage
based
pricing
model.
We
will
use
these
features
to
evaluate
if
a
specific
solu7on
can
be
regarded
as
Cloud
Compu7ng
or
not.
Other
non
essen7al
features
that
have
been
therefore
excluded
from
the
defini7on
are
virtualiza7on,
mul7-‐tenancy
use
of
resources,
resource
op7miza7on
and
self-‐service
func7onality.
A
further
explana7on
on
the
reasons
for
excluding
these
features
as
well
as
the
analysis
performed
to
achieve
our
defini7on
can
be
found
in
the
sec7on
over
Phase
1
in
this
report.
The
risks
of
this
new
paradigm
have
been
elaborated
from
the
specific
characteris7cs
of
this
new
paradigm
as
compared
to
other
op7ons
(e.g.
on-‐premises
solu7ons).
Moreover,
they
have
been
extensively
subject
of
previous
research
by
public
agencies
specialized
on
ICT
security
(e.g.
ENISA).
When
adop7ng
a
Cloud
solu7on
compared
to
an
on-‐premises
alterna7ve
risks
are
iden7fied
at
opera7onal,
compliance
and
standards
levels.
Opera7onal
risks
include
among
others
the
dependency
on
external
services
availability,
the
performance
of
solu7ons
build
over
shared
resources,
the
dependence
on
external
providers,
the
performance
of
public
ungoverned
networks
(e.g.
internet)
and
the
lack
of
advanced
cloud
management
tools.
At
the
compliance
level
risks
can
be
iden7fied
on
the
applicability
of
(inter)na7onal
laws
and
regula7ons,
data
confiden7ality
on
Public
Clouds
due
to
failures
in
resource
isola7on,
and
the
lack
of
transparency
in
external
infrastructures.
Although
some
formats
(e.g.
Amazon
AMI
for
server
images)
are
emerging
as
de
facto
standards,
there
are
at
the
moment
of
wri7ng
no
formal
standards
in
Cloud
Compu7ng.
This
creates
a
serious
risk
for
vendor
lock-‐in
as
organiza7ons
can
not
migrate
to
and
from
Cloud
solu7ons
without
adap7ng
their
applica7ons.
Security
is
the
most
important
barrier
men7oned
by
organiza7ons
for
the
adop7on
of
Cloud
Compu7ng.
The
single
sing-‐on
feature
offered
in
Cloud
solu7ons
represents
a
single
point
of
failure
for
the
infrastructures
and
it
is
currently
being
mi7gated
by
Cloud
Providers
by
using
two
factor
authen7ca7on
methods.
As
External
Private
and
Public
Clouds
are
oren
not
physically
accessible
by
clients
regulatory
compliance
is
determined
by
the
cer7fica7ons
obtained
by
the
provider
(e.g.
SAS70).
Organiza7ons
must
therefore
rely
on
this
cer7fica7ons
for
their
own
regulatory
compliance.
The
lack
of
contractual
rights
to
perform
security
analysis
implies
that
when
an
incident
takes
place
organiza7ons
can
only
rely
on
the
audit
features
and
findings
provided
by
the
vendor.
3. What
types
of
cloud
solu*ons
are
being
currently
offered
in
the
market?
In
order
to
create
an
overview
of
the
different
types
of
Cloud
Compu7ng
solu7ons
currently
available
in
the
market
we
have
described
three
classifica7on
models
described
in
exis7ng
publica7ons:
the
Service
Model
which
implies
a
trade-‐off
between
flexibility
and
abstrac7on
(IaaS,
PaaS
and
SaaS),
the
Access
Model
according
to
how
access
to
the
service
is
delimited
(Private,
Public
and
Hybrid)
and
the
Deployment
Model
that
takes
into
account
the
physical
loca7on
of
the
solu7on
(Internal,
External
and
Hybrid).
It
is
important
to
note
that
besides
the
pure
Hybrid
models
(e.g.
Public
&
Private
or
Internal
&
External)
there
are
also
several
combina7ons
possible
as
we
go
down
the
service
model
stack
(SaaS
on
PaaS
or
IaaS,
PaaS
on
IaaS).
Services
can
therefore
be
aggregated
so
we
must
take
the
individual
services
individually
into
considera7on
and
aggregate
our
conclusions
when
evalua7ng
possible
solu7ons.
Moreover,
each
of
these
combina7ons
can
have
also
different
dimensions
like
for
example
Public
SaaS
on
Private
IaaS,
or
Private
PaaS
on
Public
IaaS.
This
might
not
be
clear
at
first
in
current
product
specifica7on
but
it
is
crucial
to
know
the
underlaying
service
composi7on
of
a
solu7on
in
order
to
evaluate
it
properly.
We
recommend
organiza7ons
to
analyze
each
service
layer
of
a
solu7on
separately
to
find
out
if
it
is
truly
inline
with
their
needs.
Each
model
implies
different
considera7ons
for
organiza7ons.
For
example
in
the
Service
Model,
when
we
move
from
SaaS
to
PaaS
and
from
PaaS
to
IaaS
the
flexibility
offered
increases
while
abstrac7on
levels
decrease
(and
vice
versa).
In
the
Access
Model,
organiza7ons
can
choose
from
exclusive
alloca7on
of
resources
(Private
Cloud)
to
mul7-‐tenancy
over
shared
resources
(Public
Cloud).
It
is
important
to
note
that
Public
Clouds
represent
a
higher
security
risk
that
Private
Clouds
as
isola7on
mechanisms
can
fail
(e.g.
bad
neighbor
and
cartographic
aOacks).
However
the
exclusive
use
of
resources
leads
per
defini7on
to
lower
provider’s
cost
efficiency
and
therefore
more
expensive
solu7ons.
In
de
Deployment
model
organiza7ons
can
choose
to
have
full
control
over
the
solu7on
(Internal
Cloud)
or
outsource
some
management
tasks
to
an
external
organiza7on
(External
Cloud).
As
each
situa7on
(e.g.
project,
organiza7on,
etc.)
requires
a
different
set
of
features,
organiza7ons
should
carefully
evaluate
these
models
and
select
the
one
that
fit
their
needs
more
accurately.
A
remark
should
be
made
on
the
consolida7on
process
currently
taking
place
in
the
Cloud
Compu7ng
market,
denoted
by
some
prac77oners
as
the
PaaS-‐ifica7on
of
Cloud
Compu7ng
services.
SaaS
solu7ons
are
becoming
more
flexible
by
allowing
the
development
and
deployment
of
third
party
applica7ons
and
mashups
(e.g.
Force.com
from
Salesforce)
while
IaaS
solu7ons
are
including
increasing
levels
of
automa7on
that
perform
some
of
the
heavy
liring
in
infrastructure
management
(e.g.
Amazon).
For
the
purpose
of
our
research
we
have
selected
three
IaaS
solu7ons
(Amazon,
Rackspace
and
Joyent)
and
three
PaaS
solu7ons
(Google
App
Engine,
Windows
Azure
and
Force.com)
and
extracted
their
features
for
further
analysis.
We
have
excluded
SaaS
solu7ons
from
this
part
of
our
analysis
as
they
are
very
specific
and
use
high
levels
of
abstrac7on
which
makes
it
very
difficult
to
compare
them
and
evaluate
their
applicability
to
the
Dutch
healthcare
sector.
Moreover,
SaaS
applica7on
are
oren
either
built
on
PaaS
solu7ons
(e.g.
Salesforce
applica7ons
on
force.com
plaxorm)
or
they
tend
to
become
plaxorms
over
7me
by
offering
more
flexibility
to
end
users
(e.g.
APIs).
A
detailed
descrip7on
of
our
feature
analysis
can
be
found
in
the
Phase
1
sec7on
of
this
report.
The
increasing
demand
for
internet-‐based
services
and
the
current
economic
downturn
have
created
a
perfect
storm
for
organiza7ons
to
reevaluate
the
role
of
non-‐differen7a7ng
compu7ng
resources
in
their
infrastructure.
The
vision
of
compu7ng
technology
as
an
u7lity
is
gaining
acceptance
between
prac77oners
as
current
innova7on
are
increasingly
enabling
this
paradigm.
Moreover,
organiza7ons
focus
nowadays
more
on
business
processes
and
how
to
op7mally
support
them
rather
than
on
the
underlaying
resources.
In
this
context
the
elas7c
character
of
u7li7es
matches
current
organiza7onal
needs
and
the
capabili7es
of
technology
as
businesses
of
all
kinds,
specially
internet
start-‐ups
and
fast
growing
organiza7ons,
must
be
able
to
adapt
to
quickly
changing
demands.
ICT
solu7ons
must
enable
rapid
scalability
to
scale
(up
and
down)
at
the
same
rate
than
businesses.
Based
on
defini7ons
from
scien7fic
publica7ons,
analysts,
consultants,
commercial
media
and
the
Na7onal
Ins7tute
of
Standards
in
Technology
(NIST)
we
have
elaborated
our
own
defini7on
of
Cloud
Compu7ng:
Cloud
Compu;ng
is
the
delivery
model
where
on-‐demand
elas;c
IT
capabili;es
are
offered
as-‐a-‐service
through
the
Internet
following
a
usage
based
pricing
model.
Moreover,
we
have
described
three
models
to
categorize
Cloud
Compu7ng
solu7ons:
the
Service
Model
(IaaS,
PaaS
and
SaaS),
the
Access
Model
(Private,
Public,
Hybrid)
and
the
Deployment
Model
(Internal,
External,
Hybrid).
We
believe
that
organiza7ons
will
begin
using
Private
Clouds
in
the
near
future
and
evaluate
the
use
cases
for
Hybrid
models
once
they
have
been
proven
on
a
secure
environment.
However,
as
Hybrid
construc7ons
are
not
easy
to
implement,
we
recommend
that
organiza7ons
should
account
for
this
feature
from
the
first
development
steps
of
their
Private
Clouds.
We
also
believe
that
the
large
variety
of
services
currently
offered
will
consolidate
over
7me
in
a
PaaS-‐ifica7on
process
where
SaaS
solu7ons
will
become
more
flexible
by
allowing
the
development
of
(third
party)
applica7ons
and
mashups
(e.g.
Salesforce
and
Force.com)
and
IaaS
solu7ons
will
include
increasing
levels
of
automa7on
that
perform
the
heavy
liring
of
infrastructure
management.
However,
in
our
opinion
not
all
applica7ons
will
be
run
in
the
cloud
and
there
will
not
be
one
single
standardized
cloud
but
rather
different
types
of
cloud
to
server
different
purposes.
Some
clouds
will
be
specialized
non-‐commodi7zed
applica7ons
and
other
will
be
deployed
as
Private
or
Hybrid
Clouds.
Organiza7ons
should
carefully
evaluate
the
human
resource
and
experience
needed
for
each
of
these
delivery
models
in
order
to
select
the
best
one
for
their
situa7on.
As
more
and
more
Cloud
Compu7ng
offerings
are
emerging,
developers
should
take
into
account
the
possibili7es
and
limita7ons
of
deploying
applica7ons
on
the
cloud
and
create
sorware
that
supports
such
environments.
Specifically,
they
should
consider
horizontal
scalability
which
implies
that
applica7ons
are
not
longer
bounded
to
the
physical
resources
available
but
can
run
across
several
physical
loca7ons
with
almost
unlimited
resources.
Systems
that
are
not
regarded
as
compe77ve
differen7ators
are
good
candidates
to
be
deployed
on
the
cloud.
As
they
are
not
source
of
compe77ve
advantage,
any
effort
in
upgrading,
maintaining
or
modifying
such
systems
will
not
create
any
added
valued
to
the
organiza7on
and
therefore
they
can
be
beOer
outsourced
to
reallocate
the
resources
to
projects
that
do
enable
differen7a7on.
Moreover,
when
considering
the
type
of
resources
consumed
by
each
applica7on,
we
can
conclude
that
non-‐mission
cri7cal
applica7on’s
consuming
scarce
resources
that
are
also
used
by
cri7cal
applica7ons
are
probably
the
best
candidates
to
be
placed
on
the
cloud.
It
is
important
to
note
that
some
IT
resources
(the
minority)
are
indeed
enablers
of
differen7a7on
and
should
therefore
not
be
contracted
from
third
par7es.
Those
applica7ons
are
key
to
an
organiza7on’s
compe77ve
advantage
and
therefore
enable
the
firm
to
perform
beOer
than
their
compe7tors
Although
the
on-‐premises
paradigm
provides
higher
levels
of
control
for
organiza7ons,
in
previous
researches
it
is
es7mated
that
75%
of
IT
expenses
are
incurred
merely
to
keep
the
systems
running
(Arnold,
2008a).
Most
IT
departments
have
to
deal
with
human
resource
scarcity
which
results
in
a
lot
of
new
ideas
that
remain
in
the
pipeline.
An
organiza7on
can
use
Cloud
Compu7ng
to
develop
services
that
are
interes7ng
for
the
business
but
that
due
to
lack
of
resources
are
not
being
aOempted.
A
final
considera7on
must
be
made
on
the
poten7al
that
Cloud
Compu7ng
has
to
provide
compe77ve
advantage
to
firms.
A
recent
study
showed
that
firms
using
intensively
Amazon’s
cloud
services
were
realizing
savings
in
storage
between
20%
and
50%
during
the
last
years
(Armbrust
et
al.,
2009).
When
these
firms
reallocate
the
savings
to
their
selling
prices,
they
are
able
to
offer
cheaper
services
or
products
to
their
clients
while
maintaining
the
same
quality
levels.
In
this
way,
companies
using
cloud
services
can
achieve
compe77ve
advantage
in
their
markets
by
cost
differen7a7on.
Scien7fic
researchers
can
contribute
to
the
field
by
researching
the
main
issues
in
the
use
of
this
new
paradigm.
Certain
open
ques7on
remain
that
could
be
further
researched
in
the
future.
According
to
UC
Berkeley
RADSL
the
following
future
issues
need
to
be
further
researched:
• What
will
be
the
billing
units
for
the
higher-‐level
virtualiza7on
clouds?
• What
will
be
the
billing
units
for
flash
memory?
• How
will
network
bandwidth
pricing
evolve?
• What
are
the
barriers
for
the
improvement
of
network
bandwidth?
• Which
level
of
abstrac7on
in
cloud
solu7ons
will
be
the
dominant
one
?
• How
and
when
are
cloud
standards
going
to
emerge?
• How
would
Cloud
Providers
differen7ate
in
the
future
(e.g.
services,
quality,
etc.)?
Certain
types
of
applica7on
are
expected
to
contribute
to
the
emergence
of
Cloud
Compu7ng
(Armbrust
et
al.,
2009).
Mobile
interac7ve
applica7ons,
parallel
batch
processing
and
compu7ng
intensive
desktop
applica7ons
are
some
examples
of
sorware
types
that
are
good
candidates
to
be
hosted
on
the
cloud.
We
can
expect
rapid
developments
in
the
future
of
these
types
of
capabili7es
that
can
be
also
subject
of
further
research.
In
the
remaining
sec7ons
of
this
research
we
use
the
results
of
this
phase
to
analyze
the
applicability
of
Cloud
Compu7ng
solu7ons
to
the
Dutch
healthcare
sector.
Specifically
we
will
use
the
research
defini7on,
taxonomies
and
market
analysis
to
evaluate
wether
current
offerings
sa7sfy
the
condi7ons
of
this
ver7cal
sector.
In
this
second
phase
of
the
research
we
will
examine
the
EPD
infrastructure
in
The
Netherlands.
As
this
type
of
projects
in
the
European
Union
are
not
geographically
or
poli7cally
isolated
but
they
are
rather
embedded
in
na7onal
context
from
an
interna7onal
perspec7ve,
we
will
introduce
first
the
scope
of
this
research
with
a
top-‐down
approach,
from
the
European
healthcare
strategy
to
the
Dutch
healthcare
perspec7ve
(see
sec7on
1).
We
con7nue
then
by
briefly
describing
the
role
of
technology
in
the
healthcare
sector
(see
sec7on
2)
in
order
to
facilitate
our
further
analysis
of
ICT
usage
in
the
Dutch
healthcare
system
with
special
aOen7on
to
the
introduc7on
of
EPD
(see
sec7on
3).
According
to
the
eBusiness
Watch
report,
the
healthcare
sector
was
by
the
year
2000
the
most
dominant
economic
sector
in
the
EU
(Stroetmann
&
Stroetmann,
2004b).
It
employs
more
than
15
million
people
(9%
of
the
total
jobs
in
the
union)
and
it
represents
500
billion
euros
expenditure
(more
than
6%
of
the
total
European
GDP).
When
analyzing
healthcare
expenditure
by
the
source
of
financing
per
country
we
observe
that
The
Netherlands
has
lower
public
expenditure
than
the
In
general,
Europeans
are
highly
sa7sfied
with
their
health
and
the
medical
services
in
their
local
areas.
Around
81%
of
Europeans
are
sa7sfied
with
their
state
of
health
while
72%
is
sa7sfied
with
the
health
services
they
can
access
locally
(Eurobarometer,
2009).
Beside
the
effects
of
the
economic
malaise
and
the
posi7ve
evalua7on
of
personal
health
and
care
services
provided,
“healthcare
systems”
is
s7ll
the
number
one
non-‐economic
issue
for
Europeans.
In
the
two
latest
european
barometers
(waves
70
and
71)
we
observe
that
healthcare
systems
are
the
fourth
most
important
issue
arer
three
economic
related
issues
(infla7on,
economy
and
unemployment).
European
countries
are
confronted
with
increasing
long
term
healthcare
needs
due
to
the
fact
that
ci7zens
live
longer
and
the
“baby
boom”
genera7on
becomes
older.
For
this
purpose,
in
2002
three
guiding
principles
for
the
reform
of
healthcare
systems
were
defined
by
the
European
Council:
healthcare
accessibility
for
every
ci7zen,
high
quality
of
care
and
long
term
financial
sustainability.
The
availability
and
accessibility
of
hospitals
in
the
European
Union
is
posi7vely
evaluated
by
Europeans
(76%
affirmed
to
be
very
easy
or
fairly
easy).
However,
in
The
Netherlands,
ci7zens
evaluated
accessibility
and
availability
of
hospitals
slightly
lower
than
the
quality
of
services
provided
(80%
answered
that
hospitals
are
very
easy
or
fairly
easy
to
reach)
(Eurobarometer,
2007).
An
important
remark
should
be
made
on
the
fact
that
8%
of
European
ci7zens
(7%
in
The
Netherlands)
could
not
obtain
health
services
when
needed
due
to
the
lack
of
availability
or
accessibility
of
hospitals.
The
availability
and
accessibility
of
specialists
care
in
Europe
scores
lower
than
when
evalua7ng
it
at
hospitals
(Eurobarometer,
2007).
Around
62%
of
Europeans
considers
that
medical
specialist
care
is
easy
or
very
easy
accessible.
In
The
Netherlands
the
percentage
is
slightly
higher
than
average
as
66%
of
Dutch
ci7zens
affirm
that
specialist
care
is
easy
or
very
easy
to
access.
Around
9%
of
Family
doctors
and
GPs
are
beOer
evaluated
by
European
ci7zens
than
hospitals
and
medical
specialists
(Eurobarometer,
2007).
From
all
correspondents,
84%
considers
the
quality
of
care
provided
by
family
doctors
as
good
or
very
good.
In
The
Netherlands
the
percentage
is
even
higher,
with
around
89%
of
Dutch
ci7zens
evalua7ng
their
family
doctor’s
quality
of
care
as
good
or
very
good.
The
same
differences
are
observed
when
evalua7ng
the
accessibility
and
availability
of
care
provided
by
family
doctors.
Around
88%
of
European
ci7zens
and
92%
of
Dutch
ci7zens
considers
that
family
doctors
are
easy
or
very
easy
accessible
and
available.
A
recent
report
from
the
European
Commission
(The
Europeans
in
2009)
reflects
on
the
shir
in
ci7zen’s
opinion
from
a
‘feel-‐good’
to
a
‘feel-‐bad’
situa7on
in
both
their
personal
and
economic
perspec7ves.
The
accelerated
recession
that
we
are
experiencing
during
2009
was
not
an7cipated
by
economic
experts
and
analysts.
While
8,2%
of
Europeans
did
not
have
a
job
by
January
2009,
experts
expected
those
levels
of
unemployment
by
2010.
Economic
growth
is
reaching
its
lowest
rates
since
the
second
World
War.
This
nega7ve
economic
context
is
affec7ng
the
lives
of
Europeans
and
the
expecta7ons
they
have
for
the
future
(Eurobarometer,
2009).
Even
though
the
economic
crisis
is
having
a
deep
impact
on
all
aspects
of
society,
s7ll
three
out
of
four
Europeans
are
sa7sfied
with
the
life
they
lead
(Eurobarometer,
2009).
However,
the
percentage
of
unsa7sfied
Europeans
is
the
highest
since
1995.
In
The
Netherlands
96%
of
ci7zens
are
sa7sfied
with
their
lives.
This
is
significantly
higher
than
the
European
average
(75%)
and
is
also
the
third
highest
sa7sfac7on
rate
within
the
European
Union.
It
is
important
to
note
that
concerns
about
healthcare
systems
increases
with
the
age
of
the
correspondent.
This
is
in
accordance
to
the
dependency
on
healthcare
services,
where
older
ci7zen’s
are
usually
more
dependent
on
healthcare
than
younger
ones.
When
Europeans
are
consulted
on
where
decisions
affec7ng
healthcare
should
be
made,
the
majority
(66%
of
correspondent)
considers
that
they
should
be
taken
at
na7onal
level
by
the
government
(Eurobarometer,
2008).
The
European
Commission’s
publica7on
“ Together
for
Health:
A
Strategic
Approach
for
the
EU
2008-‐2013”
describes
the
strategy
and
objec7ves
that
member
states
should
follow
in
the
coming
years
to
improve
the
quality
of
healthcare
services.
Healthcare
is
a
essen7al
element
of
every
ci7zen’s
life
and
it
must
therefore
be
effec7vely
supported
by
na7onal
and
european
policies,
laws
and
regula7ons
(European
Commission,
2007).
The
need
for
an
European
wide
health
strategy
is
the
result
of
three
main
growing
challenges
that
affect
the
health
services
provided
to
ci7zens:
demographic
changes,
global
threats
and
the
rapid
evolu7on
of
technologies
(European
Commission,
2007).
These
three
challenges
are
related
to
the
European
strategic
objec7ves
of
solidarity,
security
and
prosperity
respec7vely.
As
the
average
age
of
Europeans
increases
(for
example
The
Netherlands
expects
that
in
2030
around
35%
of
the
popula7on
will
be
older
than
55
years)
the
sustainability
of
current
na7onal
healthcare
systems
will
be
significantly
affected.
Global
threats
like
for
example
pandemics,
global
warming
or
bioterrorism
require
rapid
response
and
extensive
coopera7on
among
all
member
states.
The
rapid
evolu7on
of
new
technologies
can
enable
new
capabili7es
for
predic7ng,
preven7ng
and
trea7ng
illnesses.
The
strategy
developed
by
the
European
Commission
includes
four
fundamental
principles
to
guide
european
and
na7onal
healthcare
ini7a7ves
from
2008
to
2013
(European
Commission,
2007).
The
principles
are:
(1)
strategy
based
on
shared
health
values,
(2)
health
in
the
greatest
wealth,
(3)
health
in
all
policies
and
(4)
strengthening
the
European
Union
voice
in
global
health.
This
principles
are
elaborated
in
appendix
G.
As
a
part
of
the
European
Commission
healthcare
strategy,
the
commission
have
elaborated
three
strategic
objec7ves
to
cope
with
current
challenges.
These
strategic
objec7ves
are
elaborated
in
the
following
paragraphs:
• Fostering
good
health
in
aging
Europe:
Current
low
birth
rates
and
increased
ci7zen’s
longevity
result
in
an
increasing
aging
of
the
European
popula7on
(Stroetmann
&
Stroetmann,
2004a).
According
to
EC
by
2050
the
number
of
ci7zens
older
than
65
years
will
grow
by
70%
and
the
number
of
ci7zens
older
than
80
years
will
grow
by
170%
(European
Commission,
2007).
This
developments
will
increase
the
demand
for
healthcare
services
while
the
working
popula7on
decreases
at
the
same
7me.
In
order
to
maintain
the
sustainability
of
healthcare
systems
it
is
important
to
improve
the
health
status
of
this
aging
popula7on.
For
this
reason
the
commission
proposes
specific
ac7ons
to
promote
healthy
lifestyles
and
prevent
and
treat
diseases.
To
achieve
this
objec7ve
the
commission
proposes
four
ac7ons:
promote
healthy
lifestyles
among
ci7zens,
develop
specific
ac7on
against
factors
affec7ng
health
(e.g.
tobacco,
alcohol,
etc.),
improve
the
preven7on
and
treatment
of
rare
diseases
and
improve
the
policies
for
organ
dona7on
and
transplanta7on.
According
to
data
from
2004,
the
costs
of
the
Dutch
healthcare
system
are
es7mated
to
be
around
45
billion
euros
per
year,
represen7ng
9,2%
of
the
na7onal
gross
domes7c
product
(GDP)
(Prou
&
Smit,
2006).
The
three
main
cost
areas
are
hospitals
(29%),
elderly
care
(18%)
and
pharmaceu7cals
(11%).
As
the
Dutch
system
is
predominantly
private,
care
service
providers
nego7ate
directly
with
health
insurers.
In
2006,
public
coverage
for
ci7zens
earning
less
than
a
predefined
threshold
(65%
of
popula7on)
was
ended,
leading
to
a
new
system
of
compulsory
private
na7onal
insurance
with
basic
care
for
everyone.
Insurers
must
offer
the
basic
package
to
every
ci7zen
that
request
it,
while
they
can
compete
with
other
insurers
by
offering
addi7onal
care
services
(Prou
&
Smit,
2006).
Dutch
ci7zens
pay
an
annual
fee
of
around
2.000
euros
with
a
refund
of
around
300
euros
per
ci7zen
if
no
healthcare
services
are
consumed
during
a
year.
Within
the
basic
coverage
all
primary
and
secondary
care
is
included.
An
interes7ng
research
on
recent
developments
in
the
Dutch
healthcare
system
has
been
carried
out
by
the
Nivel
ins7tute,
an
organiza7on
specialized
in
healthcare
related
research
in
The
Netherlands
(Nivel,
2009).
According
to
Nivel,
Dutch
healthcare
organiza7ons
are
going
through
a
deep
transforma7on
process
that
affects
not
only
those
organiza7ons
but
every
professional
that
collaborates
with
them.
The
size
of
Dutch
healthcare
organiza7ons
has
increased
over
the
past
decades
due
to
merges
and
acquisi7ons
(Nivel,
2009),
resul7ng
in
larger
hierarchical
organiza7ons
that
create
more
distance
between
top
execu7ves
and
care
professionals
complica7ng
their
management.
In
The
Netherlands,
hospital’s
top
execu7ves
leave
their
posi7ons
on
average
2,8
years
arer
they
started
in
that
func7on
(Nivel,
2009).
This
is
remarkably
low
compared
to
other
sectors
and
countries.
Unhealthy
behaviors
and
situa7ons
are
directly
related
to
an
increase
in
demand
of
healthcare
services
(Nivel,
2009).
One
of
these
situa7ons
is
caused
by
viral
infec7ons
within
Dutch
hospital
(MRSA)
that
have
double
in
number
of
infec7ons
between
2002
and
2006.
This
type
of
infec7on
is
hard
to
find
outside
hospitals
and
the
bacteria
has
developed
over
the
years
resistance
against
tradi7onal
medica7on
(e.g.
penicillin).
Other
types
of
situa7ons
that
have
been
researched
by
Nivel
are
the
treatment
of
post
stroke
depression
(a
phenomenon
that
occurs
in
around
30%
of
the
cases),
the
increasing
number
of
pa7ents
with
sexual
or
rela7onship
problems,
the
treatment
of
chronic
sicknesses
(e.g.
HIV),
the
rela7on
between
professional
female
athletes
and
the
amount
of
injuries,
the
health
status
of
rural
versus
urban
ci7zens
and
the
effect
of
personal
movement
on
health.
One
of
the
most
important
challenges
signaled
by
Nivel
is
the
lack
of
medical
professionals
and
medical
educators
in
the
(near)
future
due
to
demographic
developments.
As
the
Dutch
popula7on
is
The
Dutch
minister
of
Health
recognizes
the
social
importance
of
healthcare
accessibility
and
quality
as
every
ci7zen
needs
these
services
some7me
in
their
lives
(Klink
&
Bussemaker,
2008).
In
a
leOer
to
the
Dutch
parliament
in
2008
he
recognizes
the
pressure
on
the
current
system
due
to
the
steady
increase
in
demand
and
cost
of
care
services
(Klink
&
Bussemaker,
2008).
Ci7zens
are
increasingly
demanding
higher
quality
of
care
services
at
lower
prices
while
at
the
same
7me
they
are
becoming
less
tolerant
for
errors
or
unexpected
circumstances.
Due
to
the
evolu7on
of
medical
prac7ces,
physicians
can
treat
(cri7cal)
medical
condi7ons
more
efficiently
and
accurately,
resul7ng
in
longer
ci7zen’s
life
expectancy.
However,
elderly
people
require
more
intensive
care
services
than
younger
ones,
and
they
oren
suffer
from
mul7ple
and
(in
some
cases)
chronic
health
condi7ons
(Klink,
2009).
This
indicates
that
the
demand
for
healthcare
services
is
changing,
requiring
more
mul7disciplinary
services
leveraged
by
collabora7on.
To
cope
with
these
socio
demographic
developments,
healthcare
needs
to
improve
opera7onal
efficiency,
or
in
other
words
it
needs
to
provide
more
and
beOer
services
with
less
human
and
capital
resources
(Klink,
2009).
The
Ministry
believes
that
innova7on,
its
diffusion
and
applica7on
are
cri7cal
factors
to
deal
with
these
challenges.
For
this
reason,
the
Dutch
government
has
launched
a
series
of
ini7a7ves
focused
on
the
crea7on
of
a
healthcare
innova7on
plaxorm
and
policies
to
support
innova7on
through
the
use
of
ICT.
It
is
not
only
important
that
innova7ons
emerge
but
also
that
they
are
quickly
implemented
and
adopted
to
leverage
benefits
for
ci7zens,
pa7ents
and
organiza7ons
(Klink
&
Bussemaker,
2008).
The
Dutch
Ministry
of
Health
defines
innova7on
with
the
following
formula:
innova7on
equals
improvement
mul7plied
by
implementa7on.
The
government’s
role
is
to
create
a
climate
where
innova7ons
emerge
and
are
rapidly
spread,
and
to
guide
innova7ons
in
solving
current
healthcare
challenges.
According
to
the
Dutch
minister
of
Health,
con7nuous
improvements
in
healthcare
quality
and
opera7onal
efficiency
are
necessary
to
meet
(future)
ci7zen’s
demands
(Klink,
2009).
Quality
improvements
imply
measuring,
knowing,
evalua7ng
and
improving
current
performance.
The
Dutch
Ministry
of
Health
has
the
inten7on
to
restructure
the
current
health
system
including
the
shir
of
power
from
providers
to
consumers
and
the
shir
of
control
from
public
bodies
to
insurers
(Tange,
2008).
The
EPD
ini7a7ve
can
be
regarded
as
the
first
steps
towards
this
redesign.
To
support
innova7on
in
the
healthcare
sector,
the
Dutch
Ministry
of
Health
is
planning
to
a
significant
amount
of
resources
during
the
coming
years
(Klink,
2009).
While
in
2008
the
budget
for
healthcare
innova7on
was
around
14
million
euros,
in
2009
it
increased
to
29
million
euros.
This
trend
will
con7nue
in
the
coming
years
where
42
million
euros
will
be
allocated
in
2010,
55
million
euros
in
2011
and
60
million
euros
in
2012.
There
is
great
variety
of
heterogenous
na7onal
healthcare
systems
within
the
EU
aimed
to
serve
a
large
diversity
of
ci7zens.
One
of
the
main
differences
between
those
na7onal
systems
is
the
mix
of
public
versus
private
delivery
and
funding
of
care
services.
While
a
pure
public
model
eliminates
free-‐markets
forces
(e.g.
cost
efficiency,
innova7on,
etc.),
a
full
private
model
on
the
other
hand
is
oren
regarded
as
more
expensive
and
in
some
cases
it
limits
the
access
to
services
based
purely
on
financial
reasoning
(e.g.
low
ROI
for
rare
disease
research).
The
healthcare
sector
in
The
Netherlands
is
predominantly
private,
where
public
financing
is
significantly
below
the
EU
average.
It
is
important
to
note
that
independently
of
the
financing
model
used,
ci7zens
are
consumers
as
well
as
providers
in
healthcare
as
they
finance
it
through
taxes
and/or
insurance
bills
and
consume
those
services
when
they
need
them.
Moreover,
the
healthcare
sector
has
significant
impact
on
(inter)
na7onal
economies
as
it
employs
more
than
15
million
people
(9%
of
the
total
EU
jobs
by
2000)
and
represents
around
500
billion
euros
yearly
(more
than
6%
of
the
total
EU
GDP
by
2000).
Due
to
the
broad
impact
on
ci7zen’s
quality
of
life,
the
healthcare
sector
must
focus
on
7mely
decision
making
as
delays
in
care
services
can
have
fatal
consequences
for
pa7ents.
Besides
7mely
decision
making,
the
healthcare
sector
is
also
characterized
by
two
main
developments:
increasing
demand
of
services
and
increasing
yearly
expenses.
Healthcare
yearly
expenses
have
been
growing
significantly
during
the
last
years,
in
most
cases
at
greater
pace
than
GDP’s
growth
rates.
If
expenses
con7nue
to
grow
at
the
same
rate,
we
can
expect
healthcare
costs
to
account
for
15%
of
EU
GDP
by
2020.
As
a
consequence,
in
order
to
sustain
current
systems
while
maintaining
quality
governments
Healthcare
has
been
during
the
past
years
the
first
non-‐economic
issue
for
European
ci7zens.
A
great
majority
of
EU
ci7zens
are
sa7sfied
with
their
health
and
the
quality
of
health
services
they
can
access.
At
EU
level
around
three
out
of
four
Europeans
evaluate
the
services
provided
by
Hospitals
and
Specialists
posi7vely.
In
The
Netherlands,
quality
sa7sfac7on
scores
are
even
higher
than
the
EU
average.
However,
it
is
important
to
note
that
from
a
EU
ci7zen
perspec7ve
there
is
a
significant
gap
between
the
quality
of
care
services
provided
and
their
availability
and
accessibility.
In
general,
ci7zens
value
the
quality
of
services
higher
than
their
accessibility
and
availability.
Specially
the
accessibility
and
availability
of
Specialists
services
scores
significant
lower
than
the
quality
of
the
services
obtained.
Around
8%
of
EU
ci7zens
claim
they
could
not
access
care
services
provided
by
Hospitals
and
Specialists.
EU
ci7zens
are
currently
very
concerned
about
the
effects
of
the
economic
crisis
as
economic
growth
rates
are
the
lowest
since
World
War
two,
unemployment
rates
are
expected
to
raise
to
8,1%
by
2010
and
the
Economic
Sen7ment
Indicator
has
reached
its
lowest
levels
since
1993.
Even
though
the
percentage
of
unsa7sfied
Europeans
is
the
highest
since
1995,
three
out
of
four
EU
ci7zens
are
s7ll
sa7sfied
with
their
lives.
In
The
Netherlands,
almost
all
ci7zens
(96%)
are
sa7sfied
with
their
lives
which
is
significantly
higher
that
the
EU
average
(75%)
being
also
the
third
highest
sa7sfac7on
score
in
the
EU.
The
Netherlands
is
the
only
EU
country
where
healthcare
systems
are
the
number
one
concern
at
personal
level.
It
is
important
to
note
that
concerns
about
healthcare
systems
increases
with
ci7zen’s
age
as
dependency
and
consump7on
on
those
services
increases.
According
to
the
European
Commission,
there
are
three
main
developments
that
require
modifica7ons
of
the
current
healthcare
systems:
demographic
changes,
global
threats
and
the
rapid
evolu7on
of
technology.
In
The
Netherlands
around
35%
of
ci7zens
will
be
older
than
55
by
2030.
Pandemics,
global
warming
and
terrorism
are
some
examples
of
global
threats
affec7ng
healthcare.
By
leveraging
new
technology
developments,
organiza7ons
can
enable
new
ways
of
predic7ng,
preven7ng
and
trea7ng
illnesses.
In
order
to
guide
member
states
in
developing
new
healthcare
reforms,
the
EU
Council
proposes
three
basic
principles:
healthcare
accessibility
for
every
ci7zen,
high
quality
of
care
and
long
term
financial
sustainability.
Moreover,
these
principles
have
been
complemented
by
the
EU
Commission
with
four
statements
that
should
be
taken
into
account
when
developing
new
legisla7on
:
(1)
strategy
based
on
shared
health
values,
(2)
health
in
the
greatest
wealth,
(3)
health
in
all
policies
and
(4)
strengthening
the
European
Union
voice
in
global
health.
In
the
future,
EU
health
systems
will
face
important
challenges
that
can
affect
the
quality
and
availability
of
services
provided.
First
of
all,
countries
need
to
deploy
measures
to
effec7vely
and
efficiently
meet
growing
demand.
Second
of
all,
in
order
to
improve
the
availability
of
care,
na7ons
need
to
facilitate
equal
access
to
ci7zens,
reducing
wai7ng
7mes
and
improving
resource
u7liza7on.
Third,
member
states
need
to
further
develop
their
ability
to
mi7gate
or
avoid
large
scale
healthcare
risks
like
pandemics,
bioterrorism
and
health
consequences
of
climate
change.
Fourth,
in
order
to
guarantee
and
improve
the
quality
of
care,
countries
need
to
develop
effec7ve
and
efficient
healthcare
systems
that
improve
customer
sa7sfac7on.
Firh,
services
should
be
based
on
evidence
that
reduce
the
risk
of
harm.
Sixth,
systems
must
evolve
towards
a
pa7ent-‐centric
model
reinforcing
the
pa7ent’s
role
in
healthcare.
Last
but
no
least,
na7ons
must
foster
coordina7on
and
informa7on
sharing
among
healthcare
providers
to
guarantee
the
con7nuity
of
care.
The
Dutch
healthcare
system
is
one
of
the
most
priva7zed
systems
in
the
EU.
From
a
yearly
healthcare
budget
of
45
billion
euros
(9,2%
of
Dutch
GDP)
around
40%
is
financed
by
private
organiza7ons
and
60%
is
financed
by
the
government.
This
percentage
of
private
funding
is
the
third
largest
of
the
EU.
The
majority
of
the
budget
is
spend
on
hospitals
(33%
of
the
total
budget),
elderly
care
ins7tu7ons
and
pharmacies.
In
The
Netherlands,
the
financial
sustainability
of
the
healthcare
system
is
also
under
pressure
due
to
demographic
changes
(longer
life
expectancies)
and
the
increasing
quality
of
services
demanded
by
ci7zens
at
lower
costs.
Other
issues
affec7ng
the
current
system
are
the
lack
of
medical
professionals
as
popula7on
ages,
the
decreasing
ci7zen’s
tolerance
for
medical
errors
and
the
increasing
costs
of
healthcare
resources.
As
a
result
care
organiza7ons
need
to
collaborate
more
intensively
in
order
to
deliver
more
and
beOer
care
with
less
human
and
capital
resources.
According
to
research
performed
by
Harvard
Business
Review
(McAfee
&
Brynjolfsson,
2008)
the
link
between
technology
and
compe77ve
advantage
has
become
much
stronger
since
the
mid
1990s.
Organiza7ons
that
invest
in
the
right
ICT
ini7a7ves
perform
significantly
beOer
than
firms
that
do
not
invest
in
those
ICT
capabili7es.
This
is
also
the
case
in
the
healthcare
sector
where
some
emerging
eHealth
technologies
have
resulted
in
improved
performance
(Gartner,
2009).
Some
examples
are
the
Electronic
Transfer
of
Prescrip7ons
(ETP),
Computer
Based
Pa7ent
Records
(CPR)
also
known
as
Electronic
Medical
Records
(EMR)
and
Electronic
Health
Records
(EHR).
Successful
implementa7ons
of
these
technologies
within
the
EU
can
be
found
in
Sweden
(ETP),
Denmark
(EHR)
and
the
Spanish
province
of
Andalusia
(EHR).
The
success
of
this
implementa7ons
are
not
only
due
to
the
technology
itself
but
also
to
the
cultural
change
involved.
Other
research
has
demonstrated
how
using
the
right
approach,
context
and
implementa7on
process,
ICT
can
improve
the
quality,
accessibility
and
efficiency
of
healthcare
delivery
(Stroetmann
et
al.,
2006).
To
further
elaborate
on
the
role
of
technology
in
the
healthcare
sector
we
will
describe
the
current
use
of
eHealth
in
Europe
(sec7on
A)
and
its
main
opportuni7es,
challenges,
drivers
and
barriers
(sec7on
B)
to
con7nue
with
a
descrip7on
of
the
cri7cal
success
factors
for
the
adop7on
of
technology
in
the
healthcare
sector
(sec7on
C).
The
ini7a7ve
“eHealth
for
a
Healthier
Europe
-‐
opportuni7es
for
a
beOer
use
of
healthcare
resources”
was
launched
by
the
Swedish
government
in
2008
to
research
how
healthcare
can
be
supported
and
improved
by
the
use
of
technology
and
how
technology
is
connected
to
poli7cal
goals.
From
July
2009
to
December
2009
Sweden
represented
the
Presidency
of
the
Council
of
the
European
Union.
The
methodology
applied
was
to
link
the
benefits
of
con7nued
implementa7on
of
technologies
with
the
current
medical
and
technology
status
in
six
member
states
by
gathering
data
from
60
clinical
studies
and
11
eHealth
technologies
(Gartner,
2009).
According
to
this
research,
there
are
significant
poten7al
healthcare
improvements
using
electronic
healthcare
(eHealth)
as
a
catalyst
due
to
the
fact
that
for
the
five
poli7cal
goals
analyzed
by
Gartner
the
technology
adop7on
rates
were
below
30%
(Gartner,
2009).
Some
examples
of
technologies
that
could
contribute
to
improve
European
healthcare
are:
Another
interes7ng
yearly
report
on
the
adop7on,
development
and
impact
of
electronic
business
(eBusiness)
technologies
within
the
European
Union
is
The
eBusiness
Watch
(Stroetmann
&
Stroetmann,
2004a).
The
reports
are
periodically
extended
with
industry
specific
reports
to
support
the
needs
and
challenges
of
a
specific
sector.
Although
the
last
eBusiness
Watch
report
focusing
on
the
healthcare
sector
was
carried
out
in
2004
some
of
the
challenges
are
s7ll
valid
today.
According
to
the
research,
eHealth
technology
has
evolved
in
the
last
years
to
become
the
third
largest
industry
in
the
EU.
Some
researchers
(Stroetmann
et
al.,
2006)
expect
that
by
2010
eHealth
expending
can
account
for
5%
of
the
total
health
budget
of
member
states.
The
eBusiness
Watch
report
defines
eHealth
as
“the
applica7on
of
informa7on
and
communica7on
technologies
across
the
whole
range
of
func7ons
that
affect
the
health
sector”.
This
is
a
broad
defini7on
that
includes
a
great
variety
of
solu7ons
like
for
example
tools
for
health
authori7es,
personalized
health
pa7ent
systems,
networks,
telemedicine
services,
etc.
The
main
goals
of
these
tools
are
to
improve
medical
outcomes
and
ci7zen’s
quality
of
life
as
well
as
to
reduce
the
costs
in
pursuing
these
objec7ves.
A
special
issue
of
the
eBusiness
Watch
report
on
ICT
in
hospital
ac7vi7es
elaborates
the
adop7on,
implica7ons
and
issues
of
ICT
in
hospital
ac7vi7es
within
the
EU
(Ebusiness
Watch,
2006).
Although
hospital’s
adop7on
of
ICT
is
higher
compared
to
other
medium
and
small
size
healthcare
enterprises,
it
mostly
focuses
on
collabora7on
and
on
purchasing
goods
and
services
(e.g.
networks,
e-‐
collabora7on,
e-‐procurement,
etc.).
There
are
not
many
hospitals
which
have
adopted
customer
facing
technologies
like
online
booking
or
e-‐marke7ng.
The
most
important
drivers
for
the
adop7on
of
technology
by
hospitals
are
the
expecta7ons
from
health
insurers,
gaining
compe77ve
advantage
and
the
pressure
of
compe77on
(Ebusiness
Watch,
2006).
The
two
most
significant
barriers
men7oned
by
hospitals
are
security
and
the
cost
of
technology,
followed
by
the
size
of
the
organiza7on,
legal
issues,
system
compa7bility
and
the
lack
of
reliable
providers.
The
most
frequent
ICT
system
used
by
hospitals
is
the
Hospital
Informa7on
System
(HIS).
A
HIS
system
is
a
type
of
Enterprise
Resource
Planning
(ERP)
system
with
a
focus
on
hospital
ac7vi7es.
It
manages
the
large
amount
of
informa7on
to
support
communica7on,
knowledge
management
and
process
efficiency
(Ebusiness
Watch,
2006).
However,
technology
can
also
contribute
to
the
achievement
of
two
main
goals
in
healthcare,
con7nuity
and
availability
of
care
services.
A
final
remark
should
be
made
on
the
data
security
paradox
in
hospital
opera7ons.
Although
pa7ent
data
need
to
be
readily
available
for
exchange,
it
also
needs
to
be
protected
against
unauthorized
usage,
dele7on
or
modifica7on.
The
use
of
secure
server
technology,
digital
signatures,
firewalls
and
public
keys
in
hospitals
is
twice
as
high
as
in
other
sectors
(Ebusiness
Watch,
2006).
Opportuni*es Challenges
•Piggy-‐back
on
eHealth
infrastructure
developments
•Increasing
compe77on
due
to
interoperability
•Gain
compe77ve
advantage
from
coopera7on
in
the
value
chain
•Legal,
regulatory
and
security
issues
•Reduce
costs
and
improve
services
through
beOer
supply
chain
•Ensure
staff
monitoring
and
training
management
•Adopt
a
long
term
view
on
future
developments
•Enhance
marke7ng
of
services
and
client
loyalty
through
•Reduce
size
disadvantages
through
collabora7on
communica7on
Moreover,
the
report
of
the
European
Commission
iden7fies
also
a
series
of
drivers
and
barriers
to
the
adop7on
of
eBusiness
in
the
European
healthcare
sector:
Drivers Barriers
•Health
system
guidance
and
leadership •Lack
of
opportunity
awareness
•Compe77on •Size
of
organiza7ons
•User
friendliness
and
func7onality •Interoperability
deficits
•Good
prac7ces •Financing
of
eBusiness
•Standardiza7on •Legal,
security
and
privacy
issues
By
increasing
the
availability
of
accurate,
complete
and
relevant
clinical
data
healthcare
providers
can
improve
the
quality
of
their
services
and
deliver
them
more
efficiently
and
effec7vely
(Deutsch
&
Turisco,
2009).
For
this
reason
healthcare
is
currently
experiencing
a
transforma7on
from
a
physician-‐centric
to
a
pa7ent-‐centric
orienta7on
that
could
be
accelerated
by
the
right
use
of
the
right
informa7on
technology.
In
previous
researches
a
number
of
advantages
have
been
iden7fied
linked
to
the
use
of
EHR
systems
connected
to
health
informa7on
exchange
(HIE)
systems
(Deutsch
&
Turisco,
2009).
These
advantages
can
be
grouped
around
the
two
main
goals
of
healthcare:
improve
pa7ent
safety
and
improve
cost
efficiency
of
processes.
EHR
systems
can
improve
pa7ent
safety
by
elimina7ng
transcrip7on
errors,
medical
errors
and
adverse
medica7on
events
(e.g.
allergies).
Efficiency
advantages
can
be
found
in
the
reduc7on
of
redundant
tests,
improved
administra7ve
efficiency
and
faster
processing
of
pa7ents,
prescrip7ons
and
hospital
discharges.
Moreover,
being
able
to
access
current
pa7ent
data
on
a
real-‐7me
basis
leads
to
new
forms
of
consulta7on
which
are
more
effec7ve
and
efficient
than
face-‐to-‐face
contact.
Some
examples
of
technologies
linked
to
documented
benefits
in
healthcare
can
be
found
in
previous
research
(Gartner,
2009).
Based
on
poli7cal
goals
the
technologies
are
linked
to
documented
benefits
with
the
excep7on
of
Con7nuity
of
Care.
The
poten7al
benefits
are
es7mates
from
documented
benefits
in
one
or
more
EU
member
states
that
could
be
extrapolated
to
other
countries.
The
results
of
Gartner’s
research
for
each
poli7cal
goal
are
shown
in
appendix
H
to
appendix
K
(Gartner,
2009).
Due
to
the
large
number
of
documented
benefits,
it
is
important
to
consider
first
those
technologies
that
have
enabled
the
most
benefits
in
the
past.
Some
of
these
eHealth
In
another
research
on
the
benefits
and
costs
of
eHealth
in
ten
European
sites
(Stroetmann
et
al.,
2006)
researchers
quan7fied
them
by
using
a
Cost
Benefit
Analysis
(CBA)
which
allows
individual
site
assessments
as
well
as
comparing
various
sites.
The
researchers
found
that
improved
quality
can
be
traced
back
to
five
factors:
beOer
informed
ci7zens
and
providers,
informa7on
that
streamlines
care
processes,
7meliness
of
care,
safety
and
effec7veness.
Researchers
found
that
all
cases
under
study
reflect
posi7ve
economic
impact
measured
as
net
benefits
at
present
value.
The
average
payback
period
was
4
years,
being
the
main
beneficiaries
healthcare
providers
(52%),
ci7zens
(43%)
and
third
party
payers
(e.g.
insurers)
(5%).
In
some
countries
the
adop7on
of
health
informa7on
exchange
systems
(HIEs)
have
been
slow
and
with
moderate
success.
Previous
research
has
found
that
the
top
three
obstacles
for
the
adop7on
of
HIEs
in
the
USA
are
(1)
the
funding
and
par7cipa7on
of
those
ini7a7ves,
(2)
the
legal
and
regulatory
context,
and
(3)
the
technical
issues
(Deutsch
&
Turisco,
2009).
In
the
2009
HIMSS
conference
we
can
find
some
expert’s
presenta7ons
regarding
the
current
use
of
informa7on
technology
at
healthcare
organiza7ons.
According
to
one
of
these
presenta7ons
(Duke,
Hartz,
&
Jacobs,
2009)
Health
Informa7on
Technology
(HIT)
nowadays
is
s7ll
predominantly
paper
based,
using
systems
that
are
oren
not
interoperable.
Although
there
is
an
increasing
public
pressure
on
moderniza7on
and
economic
efficiency
of
healthcare
delivery,
technological
implementa7ons
are
s7ll
taking
more
7me
than
expected
and
at
higher
costs
than
were
budgeted
beforehand.
Some
na7onal
regula7ons,
like
the
American
Recovery
and
Reinvestment
Act
(ARRA)
of
2009,
clearly
state
that
the
main
goal
of
technical
innova7ons
is
to
achieve
added
value.
For
this
purpose,
future
IT
implementa7ons
must
take
into
account
not
only
the
adop7on
of
technological
innova7ons
but
also
the
complete
(business)
process
reengineering
from
paper
based
processes
to
digital
workflow
management.
The
use
of
technology
in
healthcare
should
therefore
aim
to
achieve
real
value
(e.g.
ROI)
measured
in
quality
of
healthcare,
process
efficiency
and
revenue
(Duke
et
al.,
2009).
The
evolu7on
of
IT
transforma7on
according
to
this
process-‐technology
approach
to
clinical
transforma7on
is
depicted
in
the
figure
14.
The
different
process
maturity
levels
(green
blocks)
and
corresponding
technological
implica7ons
(blue
blocks)
can
be
iden7fied
by
observing
the
current
situa7on:
• Maturity
Level
1:
The
organiza7on
cannot
fully
trust
its
processes
and
is
suffering
from
data
overload
where
few
informa7on
is
regarded
as
useful.
By
automa7ng
transac7ons
processes
can
be
improved
shiring
the
organiza7on
to
the
next
level.
• Maturity
Level
2:
The
focus
at
this
point
is
to
improve
processes
to
be
able
to
do
increase
process
efficiency.
By
crea7ng
informa7on
silos,
useful
informa7on
can
be
gathered
and
stored
appropriately.
• Maturity
Level
3:
Once
a
certain
level
of
efficiency
has
been
achieved,
the
organiza7on
can
focus
on
process
reengineering
to
modify
current
prac7ces
and
achieve
opera7onal
effec7veness.
Process
redesign
can
at
this
level
be
facilitated
by
IT
processes.
• Maturity
Level
4:
Organiza7ons
that
achieve
this
level
of
maturity
are
able
to
collaborate
outside
the
organiza7onal
boundaries
and
technology
becomes
an
strategic
advantage.
When
considering
new
technological
adop7ons
from
a
added
value
point
of
view
some
authors
(Duke
et
al.,
2009)
propose
the
use
of
well
known
financial
ra7os
like
the
benefit-‐cost
ra7o,
payback
period,
net
present
value
(NPV)
and
the
internal
rate
of
return.
Although
these
indicators
are
regarded
useful
when
evalua7ng
investment
alterna7ves
they
do
not
account
for
intangible
costs
and
benefits.
For
this
reason
their
use
should
be
limited
to
complementary
measurements
to
guide
decision
making.
Some
examples
of
intangibles
benefits
that
financial
ra7os
ignore
are
compe77ve
advantage,
brand
awareness,
regulatory
compliance,
employee
sa7sfac7on
and
improved
management.
Table 22: Cri*cal Success Factors for the adop*on of Electronic Health Records
•Support
from
senior
execu7ves
as
if
it
is
a
clinical
project
•Added
value
is
clear
for
employees
•Good
project
management
with
detailed
planning
and
real
7me
monitoring
and
repor7ng.
Management •Resources
and
commitment
for
redesign
focusing
on
process
quality,
efficiency
and
reliability
•Training,
ini7al
and
ongoing
•Adequate
communica7on
throughout
the
whole
project.
•Transparency
and
feedback
to
all
end
users
is
cri7cal.
•Compa7bility
with
other
technologies
in
place
and
alignment
with
clinical
processes
•High
availability
on
demand.
No
latency.
Technology
•Security,
confiden7ality
and
data
integrity
•Interoperability
Another
approach
to
evaluate
the
cri7cal
success
factors
for
the
adop7on
of
technology
can
be
found
in
Gartner
research
(Gartner,
2009).
In
order
to
successfully
adopt
a
new
technological
solu7ons
organiza7ons
need
to
take
into
account
(among
other
factors)
the
complexity,
governance,
local
condi7ons,
stakeholder
engagement,
vendor
engagement,
adaptability
and
measurement
of
the
envisioned
solu7on
(Gartner,
2009).
In
the
healthcare
sector,
in
addi7on
to
these
concerns,
adopters
need
to
consider
the
complexity
of
the
medical
process,
the
high
sensi7vity
of
medical
and
personal
data
and
the
need
for
proven
technology
due
to
the
low
tolerance
for
errors.
The
European
Commission
conducted
an
empirical
survey
among
healthcare
organiza7ons
to
evaluate
their
percep7on
on
the
importance
of
eBusiness
applica7on
areas
(Stroetmann
et
al.,
2006).
The
applica7ons
that
are
considered
highly
or
very
relevant
for
the
healthcare
sector
are
collabora7on,
informa7on
exchange,
online
purchasing,
efficient
e-‐procurement,
and
web
services
based
integra7on
of
IT
components.
Moreover
a
number
of
applica7ons
are
considered
to
have
average
relevance
in
the
healthcare
sector:
e-‐learning,
human
resource
management
and
virtual
private
networks.
Organiza7ons
expect
that
interac7ve
pa7ent
informa7on
and
involvement,
and
As
it
is
also
the
case
in
other
sectors,
business
and
IT
alignment
of
organiza7onal
strategy
and
processes
is
crucial
for
leveraging
IT
solu7ons.
Previous
research
has
found
that
applying
the
right
approach
and
implementa7on
methodology
for
a
specific
situa7on
organiza7ons
can
improve
the
quality,
accessibility
and
efficiency
of
healthcare
delivery.
Some
documented
cases
indicate
that
organiza7ons
that
invest
in
the
right
ICT
ini7a7ves
(e.g.
eHealth)
perform
significantly
beOer
than
firms
that
do
not
invest
in
those
ICT
capabili7es.
The
poten7al
for
improvement
in
this
sector
is
rather
large
due
to
the
fact
that
although
the
healthcare
sector
is
one
of
the
most
informa7on
intensive
industries
it
does
not
leverage
IT
solu7ons
as
much
as
other
sectors
do.
Moreover,
in
order
to
deal
with
current
challenges
(e.g.
aging
popula7on,
pervasive
chronic
sicknesses,
rapid
spread
of
sicknesses
globally,
etc.)
and
guarantee
the
sustainability
of
healthcare
systems,
organiza7ons
need
to
take
advantage
of
technological
developments.
The
benefits
of
technology
in
healthcare
have
also
been
extensively
documented.
Significant
improvements
in
quality,
cost
efficiency,
process
throughput
and
the
reduc7on
of
medical
errors
have
been
directly
linked
to
implementa7ons
of
Electronic
Transfer
of
Prescrip7ons,
EPR
and
Computerized
Physician
Order
Entry
and
Clinical
Decision
Support
systems.
Other
research
from
Gartner
iden7fies
significant
high
poten7al
benefits
in
the
adop7on
of
Electronic
Medical
Records,
Computerized
Physician
Order
Entry
and
Clinical
Decision
Support
systems.
Other
research
based
on
financial
cost
benefit
analysis
has
also
demonstrated
significant
benefits
arising
from
successful
ICT
implementa7ons
like
for
example
beOer
informed
ci7zens
and
providers,
streamlined
processes,
7meliness
of
care
and
improved
safety
and
effec7veness.
Organiza7ons
can
improve
the
quality,
efficiency
and
effec7veness
of
care
services
by
increasing
the
availability
of
accurate,
complete
and
relevant
clinical
data
(e.g.
EHR
system).
Quality
is
improves
as
medical
errors,
adverse
medica7on
errors
and
prescrip7on
errors
are
reduced.
Efficiency
is
improved
when
redundant
tests
are
eliminated,
the
administra7on
process
is
streamlined,
and
the
organiza7on
is
able
to
process
pa7ents,
prescrip7ons
and
hospitaliza7ons
faster.
The
main
barriers
encountered
by
organiza7ons
when
adop7ng
IT
solu7ons
are
the
security
and
the
cost
of
technology.
Although
informa7on
needs
to
be
exchangeable
across
organiza7ons
it
also
needs
to
be
protected
from
unauthorized
use.
Other
barriers
found
in
previous
research
are
the
The
adop7on
of
technology
is
mo7vated
by
the
increasing
compe77on,
the
demand
for
user
friendly
services
and
extensive
func7onality,
previous
good
prac7ces
and
standards.
Organiza7on
can
take
advantage
of
technological
solu7ons
by
leveraging
current
infrastructure
investments,
gaining
compe77ve
advantage
from
coopera7on
in
the
value
chain,
reducing
costs
by
improving
supply
chain
management
and
crea7ng
economies
of
scale
and
synergies
through
collabora7on.
When
leveraging
solu7ons
organiza7ons
need
to
take
into
account
legal,
regulatory
and
security
issues
as
well
as
the
training
and
monitoring
of
staff
on
the
envisioned
solu7on.
IT
implementa7ons
must
include
the
adop7on
of
technology
as
well
as
complete
(business)
process
reengineering
from
paper
based
processes
to
digital
workflow
management.
As
the
use
of
technology
in
healthcare
must
aim
to
achieve
real
added
value
(e.g.
ROI)
measured
in
quality
of
healthcare,
process
efficiency
and
revenue,
organiza7ons
should
align
process
maturity
with
technologies
that
enables
higher
value
crea7on
in
the
transforma7on
process.
The
ul7mate
goal
of
this
transforma7on
process
is
to
enable
collabora7on
outside
the
organiza7onal
boundaries
while
leveraging
technology
as
a
strategic
advantage.
In
previous
research
a
number
of
cri7cal
success
factors
(CSFs)
have
been
iden7fied
for
leveraging
IT
solu7ons.
The
CSFs
can
be
classified
into
four
areas:
management,
leadership,
func7onality
and
technology.
In
the
management
area
some
of
the
CSFs
are
the
support
from
senior
management,
clear
added
value,
good
project
management,
employee
training
and
communica7on
and
a
clear
focus
on
process
quality,
efficiency
and
reliability.
Organiza7onal
leaders
must
develop
a
shared
project
vision
with
clear
objec7ves
and
business
case
and
align
it
with
the
firm’s
strategy
as
well
as
with
corporate
governance.
The
func7onality
of
the
solu7on
must
focus
on
suppor7ng
organiza7onal
and
clinical
processes
as
well
as
a
broad
user
group
and
horizontal
integra7on.
On
the
technology
area,
the
solu7on
must
ensure
compa7bility
with
current
systems,
and
guarantee
a
high
level
of
availability,
security
and
interoperability.
Other
CSFs
found
in
previous
research
are
the
level
of
organiza7onal
and
medical
complexity,
the
stakeholder
and
vendor
engagement,
the
adaptability
of
the
solu7on
to
be
adopted,
the
sensi7ve
character
of
pa7ent
data
and
the
need
for
proven
technology
due
to
the
low
ci7zen’s
tolerance
for
medical
errors
and
the
high
impact
of
those
errors.
According
to
healthcare
organiza7ons
tools
that
facilitate
collabora7on,
informa7on
exchange,
eProcurement
and
web
services
are
the
most
relevant
for
the
sector.
Specially,
interac7ve
pa7ent
informa7on
and
involvement
and
electronic
communica7ons
are
the
two
most
relevant
factors
in
the
near
future.
An
example
of
this
interest
is
the
introduc7on
of
EPR
in
The
Netherlands,
which
is
known
as
the
Elektronisch
Pa7ënten
Dossier
(the
EPD
project).
The
EPD
is
currently
an
important
priority
for
the
government
to
improve
quality,
accessibility
and
affordability
of
healthcare
services.
However,
due
to
the
priva7za7on
of
the
Dutch
healthcare
sector,
the
government
has
limited
enforcing
power
in
how
healthcare
organiza7ons
work
(Stap
et
al.,
2007)
affec7ng
the
adop7on
of
this
type
of
infrastructure.
The
NICTIZ
ins7tute,
the
Na7onal
Ins7tute
for
ICT
in
Healthcare
(in
Dutch,
Na7onaal
ICT
Ins7tuut
in
de
Zorg)
was
founded
in
2002
to
s7mulate
the
use
of
ICT
in
the
Dutch
healthcare
sector.
NICTIZ
is
responsible
for
the
realiza7on
of
the
na7onal
EPD
infrastructure
in
collabora7on
with
pa7ent’s
associa7ons,
healthcare
providers,
insurers,
ICT
providers
and
public
bodies.
Under
their
slogan:
“BeOer
healthcare
trough
beOer
informa7on”
the
main
goal
of
NICTIZ
is
to
support
healthcare
organiza7ons
in
leveraging
ICT
solu7ons
and
to
enable
the
condi7ons
for
electronic
exchange
of
pa7ent
informa7on.
NICTIZ
is
responsible
for
developing
and
maintaining
the
AORTA
basic
infrastructure
to
facilitate
the
secure
exchange
of
medical
informa7on
(e.g.
EPD
records).
Moreover,
NICTIZ
is
responsible
for
the
standards
used
and
cer7fica7on
programs
for
ICT
providers
and
healthcare
organiza7ons.
Within
the
EPD
ini7a7ve,
two
components
have
been
first
implemented,
the
Electronic
Transfer
of
GP
Observa7ons
WDH
(Waarneem
Dossier
Huisartsen)
and
the
Electronic
Transfer
of
Prescrip7ons
EMD
(Electronisch
Medica7e
Dossier)
(Stap
et
al.,
2007).
The
EPD
ini7a7ve
was
launched
to
improve
the
quality
of
medical
services
by
providing
7mely,
accurate
and
secure
informa7on
exchange.
Electronic
Pa7ent
Records
(e.g.
EPD
records)
are
a
specific
type
of
Electronic
Health
Records
(EHR)
systems.
An
EHR
is
a
collec7on
of
personal
medical
informa7on
that
is
stored
during
the
en7re
life7me
of
a
person.
This
informa7on
is
stored
and
exchanged
in
digital
form
on
secure
infrastructures.
The
main
goal
of
an
EHR
system
is
to
guarantee
con7nuity
of
care
to
a
pa7ent
as
it
reflects
his
or
her
medical
situa7on
at
a
specific
point
in
7me.
Although
this
is
also
one
of
the
goals
of
the
EPD
ini7a7ve,
it
is
primarily
designed
to
support
a
specific
healthcare
process
or
treatment.
Due
to
the
fact
that
the
EPD
combines
informa7on
which
is
generated
and
stored
at
the
source
(e.g.
the
care
Informa7on
technology
can
improve
healthcare
by
suppor7ng
decision
making
and
facilita7ng
pa7ent’s
assessment
and
monitoring.
Moreover,
ICT
can
enable
innova7on
and
the
efficient
use
of
physical
and
human
resources
(Schoen
et
al.,
2006).
One
of
the
main
success
factors
iden7fied
in
previous
implementa7ons
is
the
alignment
between
those
who
benefit
from
the
new
system
and
those
who
pay
for
it
(Deutsch
&
Turisco,
2009).
This
is
not
the
case
in
The
Netherlands
where
the
healthcare
sector
is
priva7zed
while
the
EHR
implementa7on
has
been
paid
by
the
Dutch
government,
including
the
Na7onal
Switch
Point
(Landelijke
Schakel
Punt,
LSP),
which
is
offered
free
of
charge
to
healthcare
providers.
The
demand
of
care
services
in
the
Dutch
healthcare
sector
will
grow
significantly
in
the
near
future
due
to
the
demographic
evolu7on
of
its
ci7zens
(e.g.
aging
popula7on,
higher
average
weight,
etc.).
Collabora7on
is
also
becoming
increasingly
important
among
healthcare
prac77oners
in
order
to
treat
rapid
spreading
threats
(e.g.
H1N1
virus)
or
to
improve
the
treatment
of
care
intensive
sicknesses
(e.g.
Cancer,
AIDS,
etc.).
In
order
to
cope
with
these
challenges,
the
Dutch
government
has
launched
new
laws
and
regula7ons,
new
financing
models
and
has
fostered
ICT
innova7on
in
healthcare
(NICTIZ,
2009).
The
Dutch
healthcare
system
counts
with
around
9.000
family
doctors
(GPs)
with
specialist
training
in
family
medicine
(Prou
&
Smit,
2006).
GPs
are
the
gatekeepers
of
the
system
as
they
must
authorize
every
pa7ent
in
order
to
be
further
treated
by
hospitals
or
specialists.
As
a
result,
95%
of
primary
care
condi7ons
are
solved
at
GPs
(Prou
&
Smit,
2006).
Around
88%
of
GPs
work
alone
or
in
prac7ces
of
two
to
three
doctors.
Outside
office
hours,
pa7ents
can
obtain
help
from
primary
care
coopera7ves,
serving
up
to
90%
of
Dutch
ci7zens.
The
computeriza7on
of
GPs
prac7ces
in
The
Netherlands
is
high.
Around
97%
of
GPs
use
a
computer
based
GP
informa7on
system
for
use
in
primary
care.
Around
90%
of
prescrip7ons
are
generated
electronically
(Prou
&
Smit,
2006).
According
to
a
research
from
the
Commonwealth
Fund
in
The
Netherlands,
almost
all
GPs
(98%
according
to
data
from
2006)
use
electronic
medical
record
systems
in
their
prac7ces
(Schoen
et
al.,
2006).
However,
when
we
look
at
collabora7on
only
45%
of
all
GPs
can
share
records
electronically
with
clinicians
outside
their
prac7ce,
32%
can
access
medical
records
when
outside
of
office,
and
8%
provide
pa7ents
with
access
to
their
medical
records.
Although
the
great
majority
of
GPs
in
The
A
large
number
of
GPs
(93%)
receives
electronic
alerts
when
a
poten7al
medica7on
problem
takes
place
and
they
send
electronic
alerts
to
pa7ents
for
preven7ve
of
follow
up
care
(61%)
(Schoen
et
al.,
2006).
On
the
other
hand,
only
a
minority
of
GPs
(16%)
receive
electronic
alerts
to
provide
pa7ents
with
test
results.
The
majority
of
GPs
can
easily
obtain
electronic
lists
of
pa7ents
by
diagnosis
(63%)
and
lists
of
all
medica7ons
taken
per
pa7ent
(59%).
As
GPs
manage
the
referring-‐to-‐specialist
process
and
the
longitudinal
care
history
they
are
cri7cal
for
the
coordina7on
of
care
services
over
7me
(Schoen
et
al.,
2006).
When
care
service
span
various
prac77oners
some7mes
pa7ents
in
The
Netherlands
suffer
problems
from
lack
of
coordina7on
(41%)
and
unavailable
medical
records
(15%).
Around
7%
of
Dutch
GPs
have
to
repeat
tests
some7mes
because
the
findings
cannot
be
found
anymore.
In
almost
all
cases
(96%)
GPs
affirm
that
they
get
informa7on
back
from
referred
professionals.
In
this
research
we
delimit
our
analysis
from
now
on
to
one
of
the
largest
ICT
implementa7ons
in
Dutch
healthcare,
the
introduc7on
of
a
na7onal
infrastructure
for
the
exchange
of
electronic
medical
records
known
in
Dutch
as
the
EPD.
The
government
plans
to
make
the
use
of
this
infrastructure
compulsory
by
law
to
all
healthcare
organiza7ons
in
The
Netherlands,
including
GPs,
hospitals,
pharmacies,
etc.
At
the
moment
of
wri7ng
the
EPD
project
has
completed
the
first
pilots
successfully
while
healthcare
organiza7ons
are
deploying
cer7fied
solu7ons
that
can
connect
to
this
infrastructure.
The
main
goal
of
this
inter-‐organiza7onal
infrastructure
is
to
share
pa7ent
medical
informa7on
in
a
fast
and
reliable
way
in
order
to
prevent
communica7on
errors
and
therefore
to
improve
the
quality
of
care
provided
to
ci7zens
(Tange,
2008).
As
informa7on
is
stored
and
maintained
at
its
origin,
it
is
always
kept
up
to
date
by
minimizing
the
delay
between
the
origin
of
informa7on
and
its
registra7on.
The
index
system
is
implemented
at
the
na7onal
switch
point
(in
Dutch
Landelijk
Schakel
Punt
or
LSP)
that
contains
pointers
to
all
registered
EPD
records
of
each
pa7ent.
When
a
clinician
needs
medical
informa7on
about
a
specific
pa7ent,
the
index
systems
pulls
the
informa7on
on
demand
from
the
provider’s
systems
and
sends
it
to
the
clinician
reques7ng
it.
The
switch
point
is
at
all
7mes
empty,
containing
only
the
informa7on
needed
to
gather
the
data
(index
and
reference
system)
from
a
provider’s
systems
(Tange,
2008).
Once
the
EPD
project
has
been
completed,
all
healthcare
providers
and
insurers
will
benefit
from
secure
electronic
informa7on
exchange
of
pa7ent’s
data
(Prou
&
Smit,
2006).
Although
there
are
some
healthcare
regional
networks
already
in
place,
they
exchange
informa7on
according
to
the
EDIFACT
standard.
These
regional
networks
are
going
to
be
integrated
in
the
na7onal
infrastructure
which
exchanges
informa7on
following
the
HL7
version
3
standard.
The
Ministry
of
Health
plans
to
reuse
these
regional
networks
as
aggrega7on
channels
to
connect
to
the
na7onal
switching
point
(Prou
&
Smit,
2006).
Collabora7on
between
healthcare
service
providers
has
been
subject
of
a
lot
of
research
in
The
Netherlands
(Nivel,
2009).
The
recent
introduc7on
of
electronic
pa7ent
records
(EPD)
is
believed
to
affect
the
supply
and
organiza7on
of
services
in
the
Dutch
healthcare
sector.
Previous
research
has
observed
a
higher
rate
of
collabora7on
among
healthcare
actors
(Nivel,
2009).
Around
50%
of
Dutch
GPs
are
physically
working
next
to
other
actors
(e.g.
pharmacy,
physiotherapist,
etc.)
while
30%
of
all
GPs
have
actually
formal
collabora7on
agreements
with
other
actors.
Moreover,
according
to
Nivel
research
clinics
with
more
than
one
doctor
collaborate
more
with
other
professionals
than
clinics
where
a
single
clinician
is
located.
For
the
introduc7on
of
the
na7onal
EPD
infrastructure,
a
governance
body
has
been
created
to
define
the
project
agenda,
facilitate
decision
making
and
control
the
implementa7on
(NICTIZ,
2009).
The
governance
includes
two
bodies:
the
plaxorm
for
ICT
and
innova7on
(Plaxorm
ICT
&
Innova7e)
and
the
steering
commiOee
ICT
&
innova7on
(Stuurgroep
ICT
&
Innova7e).
The
plaxorm
is
responsible
for
defining
the
agenda
while
the
main
func7on
of
the
steering
commiOee
is
decision
making
and
the
direct
management
of
implementa7on
projects.
The
governance
body
is
responsible
for
the
execu7on
of
the
project
and
individual
programs.
Every
subprogram
is
managed
by
Program
Advise
CommiOees
(PAC)
where
the
most
relevant
stakeholders
for
that
specific
project
are
represented.
Each
program
compromises
five
itera7ve
phases:
awareness,
decision
prepara7on,
design
and
valida7on,
development
and
tes7ng
and
implementa7on.
The
incremental
approach
of
the
EPD
implementa7on
includes
a
diverse
number
of
ini7a7ves
to
be
completed
in
the
planning
horizon
from
2008
to
2013
(NICTIZ,
2009).
Figure
15
depicts
an
overview
of
these
ini7a7ves
grouped
in
the
EPD
agenda
(NICTIZ,
2009):
The
deployment
of
the
EPD
infrastructure
follows
an
incremental
top-‐down
approach
star7ng
with
two
func7onali7es:
the
exchange
of
informa7on
regarding
pa7ent’s
drug
prescrip7ons
(EMD,
Electronisch
Medica7edossier
in
Dutch)
and
GPs
observa7ons
from
service
encounters
at
point
of
service
loca7ons
(WDH,
Waarneemdossier
Huisartsen
in
Dutch)
(NICTIZ,
2009).
At
the
moment
of
wri7ng,
the
implementa7on
and
pilot
projects
for
these
two
types
of
informa7on
have
been
successfully
accomplished
and
they
will
be
rolled
out
soon
at
na7onal
level.
The
Government
is
the
main
ini7ator
and
advocate
of
the
project.
Some
healthcare
providers
(e.g.
GPs)
support
the
idea
but
are
opposed
to
the
na7onal
infrastructure
and
prefer
regional
ones,
while
other
providers
(e.g.
hospitals)
remain
indifferent.
In
general,
pa7ents
and
poli7cal
par7es
support
the
idea
as
they
agree
with
the
advantages
of
the
new
infrastructure.
Nevertheless,
the
EPD
ini7a7ve
have
found
some
opposi7on
from
prac77oners
and
ci7zens.
According
to
a
recent
research
by
the
associa7on
of
GPs,
only
4,2%
of
Dutch
ci7zens
agrees
with
the
exchange
of
their
electronic
pa7ent
record
through
the
na7onal
switching
point
(ICTzorg,
2009)
(WAKE-‐UP,
2009).
Although
this
research
can
not
be
regarded
as
scien7fic
as
is
strongly
biased,
it
reflects
the
cri7cal
role
of
GPs
as
first
point
of
contact
and
informers.
4.3. Defini*ons
A
number
of
concepts
must
first
be
defined
to
fully
understand
the
EPD
infrastructure.
Theses
defini7ons
can
be
categorized
into
general
defini7ons
and
EPD
related
defini7ons.
General
defini7ons
are
included
in
appendix
L.
The
most
relevant
EPD
related
defini7ons
are
further
elaborated
in
table
23.
There
is
few
consistency
in
the
use
of
general
terms
like
EHR
or
ICEHR
around
the
globe.
Many
countries
use
their
own
acronyms
which
are
oren
very
similar
to
the
EHR
defini7on.
Some
examples
of
the
different
terms
use
are:
Electronic
Pa7ent
Records
(EPR)
in
England,
Computerized
Pa7ent
Record
(CPR)
in
the
USA,
Electronic
Health
Care
Record
(EHCR),
Electronic
Client
Record
(ECR),
Virtual
EHR,
Personal
Health
Record
(PHR),
Digital
Medical
Record
(DMR)
and
Computerized
Medical
Records
(CMR).
ECR
is
a
delimita7on
if
the
term
EHR
for
non-‐medical
health
informa7on
(e.g.
social
worker,
physiotherapist,
etc.).
A
Virtual
EHR
can
be
defined
as
a
real-‐7me
assembled
EHR.
The
DMR
is
defined
as
“a
web-‐based
record
maintained
by
a
healthcare
provider
or
health
plan.
The
DMR
can
have
the
func7onality
of
the
EMR,
EPR
or
EHR”.
CDR
is
a
term
mostly
used
in
Canada
to
define
“an
opera7onal
data
store
that
holds
and
manages
clinical
data
collected
from
service
encounters
at
point
of
service
loca7ons
(e.g.
hospitals,
clinics,
etc.)”.
CMR
can
be
defined
as
“a
computerized
record
created
by
image
scanning
or
op7cal
character
recogni7on
(OCR)
of
a
paper-‐based
healthcare
record”.
Besides
these
two
laws
that
were
specifically
created
for
the
EPD
project,
a
series
of
exis7ng
laws
and
regula7ons
must
also
be
taken
into
account
as
they
highly
influence
some
aspects
of
the
infrastructure
(NICTIZ,
2009).
Some
examples
are
the
laws
“Wet
Bescherming
Persoonsgegevens”
that
specifies
how
personal
informa7on
must
be
handle,
the
“Wet
op
Geneeskundige
behandelingsovereenkomst”
that
regulates
clinical
encounters,
the
“Wet
op
de
beroepen
in
de
individuele
gezondheidzorg”
related
to
independent
clinicians
and
the
“Kwaliteitswet
zorginstellingen”
to
guarantee
the
quality
of
healthcare
services
delivered.
Although
the
use
of
BSN
numbers
have
already
been
embedded
in
current
laws
and
legisla7on
(see
law
Wbsn-‐z),
the
overall
use
of
the
EPD
infrastructure
is
at
the
moment
of
wri7ng
regulated
by
bilateral
agreements
between
NICTIZ
and
each
healthcare
provider.
The
Dutch
government
is
planning
to
introduce
in
the
coming
years
new
legisla7on
that
will
govern
the
use
of
the
EPD
infrastructure
(Informa7epunt
EPD,
2009).
As
the
main
goal
of
the
EPD
is
to
share
informa7on
that
can
reduce
the
probability
of
medical
errors
resul7ng
from
incomplete
or
inaccurate
pa7ent
informa7on
(es7mated
on
19.000
unnecessary
hospitaliza7ons
yearly)
it
is
very
important
that
all
healthcare
providers
are
included
in
the
system.
For
this
reason,
the
Dutch
government
will
enforce
par7cipa7on
of
all
healthcare
providers
by
law.
Only
healthcare
providers
that
have
a
treatment
rela7onship
with
a
pa7ent
can
retrieve
his/
her
data
from
the
EPD
infrastructure.
This
requirement
is
controlled
by
(1)
checking
if
that
provider
has
previously
enlisted
informa7on
on
the
LSP
regarding
that
pa7ent
or
(2)
by
checking
if
the
pa7ent
is
registered
at
the
provider’s
administra7on
and
reques7ng
confirma7on
from
the
provider
that
there
is
a
treatment
rela7onship
and
the
customer
has
authorized
the
exchange
of
informa7on
(Informa7epunt
EPD,
2009).
Although
there
is
interna7onal
pressure
to
comply
with
the
EU
standard
CEN
13606,
the
Dutch
government
has
chosen
for
this
project
the
American
standard
HL7
version
3.
At
the
moment
of
wri7ng
there
are
interna7onal
ini7a7ves
to
merge
these
two
standards
but
no
results
have
been
achieved
yet
(Tange,
2008).
A
clear
dis7nc7on
should
be
made
between
registering
and
exchanging
medical
informa7on
(Stap
et
al.,
2007).
Registering
medical
informa7on
includes
recording,
modifying
and
elimina7ng
informa7on
in
Health
Informa7on
Systems
(HIS).
De
CEN
standard
EN
13606
focuses
on
the
communica7on
of
medical
records
between
informa7on
systems.
The
standard’s
goal
is
to
create
an
interface
that
translates
informa7on
from
an
sender’s
informa7on
system
into
a
exchangeable
format
(e.g.
EN
13606
format)
that
can
be
translated
again
into
the
recipient’s
informa7on
system
(Stap
et
al.,
2007).
Through
the
use
of
13606
adapters
the
exchange
of
informa7on
is
made
independent
from
the
structure,
syntax
and
meaning
of
informa7on
stored
in
individual
provider’s
systems.
The
13606
interfaces
are
responsible
for
coding
and
decoding
informa7on
in
the
provider’s
systems
to
an
EN
13606
structure,
syntax
and
meaning
(Stap
et
al.,
2007).
De
standard
defines
what
informa7on
is
exchanged
and
how
does
that
informa7on
looks
like
but
it
does
not
define
the
communica7on
form
to
be
used.
The
use
of
the
EN
13606
standard
is
depicted
in
the
figure
17.
The
primary
goal
of
this
standard
is
to
specify
the
structure,
syntax
and
seman7cs
of
medical
data
to
be
exchanged
by
healthcare
service
providers
(Stap
et
al.,
2007).
Healthcare
organiza7ons
can
rely
on
standards
to
develop
applica7ons
that
can
seamlessly
communicate
with
other
providers.
The
standard
has
five
parts
responsible
for
different
aspects
of
the
structure,
syntax
and
seman7cs
of
informa7on.
This
five
parts
and
their
corresponding
coverage
of
these
aspects
are
depicted
in
figure
18.
Moreover,
we
briefly
describe
each
of
the
five
parts
for
clarifying
purposes.
• Part
1,
the
reference
model:
this
part
of
the
standard
specifies
the
generic
model
for
exchange
of
EHR
data
which
is
the
basic
structure
for
all
the
exchangeable
medical
informa7on.
The
structure
is
created
by
hierarchically
decomposing
an
EHR
extract
which
is
the
whole
medical
record
of
a
pa7ent
or
a
part
of
it.
An
EHR
extract
contains
one
or
more
folders
containing
one
or
more
composi7ons
each.
A
composi7on
contains
one
or
more
sec7ons
and
one
or
more
nested
subsec7ons
with
entries.
An
entry
contains
one
or
more
elements
and/or
a
cluster
of
elements
(Stap
et
al.,
2007).
• Part
2,
archetypes
interchange:
the
second
part
of
the
standard
is
concerned
with
the
syntax,
structure
and
seman7cs
of
informa7on.
It
does
not
include
medical
informa7on
but
rather
the
4.6. Interoperability
According
to
the
ISO-‐TR-‐20514
standard
there
are
two
specializa7ons
(or
types)
of
basic
EHRs,
shareable
EHRs
and
non-‐shareable
EHRs.
Moreover,
there
is
one
specific
type
of
shareable
EHRs,
the
integrated
ICEHR.
In
order
to
share
informa7on
in
integrated
ICEHR
we
need
to
consider
two
types
of
interoperability:
func7onal
and
seman7c
interoperability.
Func7onal
interoperability
is
the
capability
of
two
or
more
systems
to
exchange
informa7on.
Seman7c
interoperability
is
the
capability
of
understanding
the
informa7on
being
shared
according
to
the
previously
defined
domain
model
(ISO,
2005).
Seman7c
interoperability
is
an
essen7al
requirement
for
automated
informa7on
processing
and
it
implies
agreements
between
sender
and
receiver
regarding
standardizes
EHR
reference
models,
service
interface
models,
domain
specific
concept
models
and
terminologies
(ISO,
2005).
In
order
to
provide
effec7ve
integrated
care
services
the
informa7on
gathered
must
be
7mely
exchanged
among
care
providers.
The
standardiza7on
of
domain
concepts,
terminologies
and
archetypes
is
essen7al
to
facilitate
interoperability
(ISO,
2005).
The
fundamental
characteris7c
of
an
ICEHR
is
a
standardized
logical
informa7on
model
based
on
widely
accepted
standards
(e.g.
ISO,
CEN
&
HL7).
A
logical
informa7on
model
determines
the
structure
and
rela7onship
of
informa7on
and
it
is
plaxorm
and
technology
independent.
Interoperability
of
heterogenous
informa7on
systems
is
crucial
for
the
success
of
the
EPD
ini7a7ve
(NICTIZ,
2009).
In
order
to
achieve
inter-‐organiza7onal
system
interoperability
it
is
necessary
to
define
beforehand
the
standards
to
be
used
in
processes
(procedures
and
guidelines),
communica7on
(messages,
reports,
overviews,
security,
etc.)
and
languages
(structure,
terminology
and
coding).
The
basic
infrastructure
of
the
EPD
project
includes
the
following
communica7on
In
the
Dutch
healthcare
sector
some
processes
take
place
at
regional
level
without
requiring
connec7vity
with
other
infrastructures
outside
that
region.
These
regional
infrastructures
do
not
oren
comply
with
the
security
requirements
and
standards
defined
by
the
EPD
project.
However
they
need
to
be
integrated
in
the
na7onal
infrastructure
in
order
to
facilitate
the
exchange
of
informa7on
across
regions
(NICTIZ,
2009).
In
order
to
integrate
this
regional
efforts
in
the
na7onal
infrastructure,
a
series
of
collabora7ve
ini7a7ves
have
been
launched
that
include
care
providers,
insurers,
ICT
organiza7ons
and
local
public
bodies.
Due
to
the
reduced
size
of
this
regional
collabora7ons
implementa7ons
are
accomplished
faster
and
innova7ons
emerge
fluently
(NICTIZ,
2009).
AORTA
is
the
na7onal
basic
infrastructure
to
support
the
exchange
of
informa7on
in
the
Dutch
healthcare
sector.
The
AORTA
infrastructure
includes
the
na7onal
switching
point
(LSP),
where
cer7fied
healthcare
providers
(GBZ)
can
connect
using
their
cer7fied
infrastructure
(ZSP)
and
their
cer7fied
sorware
(XIS).
These
main
components
of
the
AORTA
infrastructure
are
further
elaborated
on
table
24
(Tange,
2008):
The different exchanges of informa7on depicted in figure 19 are:
(C) At
a
healthcare
encounter,
the
healthcare
provider
register
the
pa7ent
data
in
his
own
administra7on
and
informa7on
system.
(D) The
healthcare
provider
enlists
the
data
on
the
na7onal
switching
point
(LSP).
Enlis7ng
means
in
this
context
communica7ng
the
fact
that
the
specific
organiza7on
(iden7fied
by
UZI
number)
has
data
related
to
that
specific
pa7ent
(iden7fied
by
BSN
number).
The
“real”
pa7ent
data
(e.g.
medical
condi7ons,
medicines
prescribed,
etc.)
remains
at
all
7mes
at
the
organiza7on’s
informa7on
system.
(E) Other
healthcare
providers
can
access
the
pa7ent’s
data
if
they
have
a
care
rela7onship
with
the
pa7ent.
For
this
purpose,
they
request
first
from
the
LSP
a
list
of
which
providers
have
informa7on
regarding
an
specific
pa7ent.
(F) Arer
the
pa7ent
has
been
informed
and
he/she
has
authorized
the
exchange
of
informa7on,
the
provider
can
retrieve
the
pa7ent
data
from
the
other
provider(s).
From
the
architecture
diagram
we
can
iden7fy
three
main
steps
that
every
healthcare
provider
must
complete
before
being
connected
to
the
EPD
infrastructure:
deploy
the
use
of
BSN
numbers,
obtain
the
GBZ
cer7fica7on
and
implement
the
connec7on
to
the
LSP
(by
using
an
external
cer7fied
ZSP
provider
or
by
obtaining
the
ZSP
cer7fica7on).
The
EPD
infrastructure
contains
a
series
of
controls
to
detect
unauthorized
access.
These
security
checks
are
distributed
across
the
infrastructure
and
focus
on
each
of
the
possible
weak
points.
The
overall
security
system
is
called
GKI
(Grootschalige
Ketenbrede
Indringerstest)
and
it
includes
three
security
policies:
PvE
GBZ,
PvE
ZSP
and
PvE
LSP.
These
policies
and
controls
are
depicted
in
figure
20.
Figure 20: Security Policies and Controls in the EPD Infrastructure
Control Control
SBV-Z UZI
BSN UZI
Register Register
HOSTING
ZSP LSP
XIS
As
shown
in
figure
20,
security
controls
have
been
placed
at
every
individual
component
of
the
EPD
chain:
the
healthcare
organiza7on
(GBZ)
aiming
to
connect
to
the
switching
point
(LSP),
the
sorware
applica7on
facilita7ng
the
connec7on
(XIS),
the
cer7fied
service
provider
that
facilitates
the
Pa7ent
iden7fica7on
in
the
Dutch
healthcare
sector
is
registered
using
Ci7zen
Service
Number
(Burger
Service
Nummer,
BSN).
Although
this
number
is
used
for
several
purposes
(e.g.
taxes,
work
permits,
etc.)
it
was
not
authorized
to
be
used
in
healthcare.
For
this
reason,
current
legisla7on
had
to
be
modified,
a
process
that
took
three
years
to
be
completed
(Deutsch
&
Turisco,
2009).
In
order
to
protect
pa7ent’s
privacy,
to
ensure
that
data
is
kept
up-‐to-‐date
and
to
improve
the
overall
security
of
the
new
system,
pa7ent
data
is
not
stored
in
a
central
system
but
instead
real-‐7me
gathered
and
assembled
by
prac77oners
when
needed
(NICTIZ,
2009)
(Informa7epunt
EPD,
2009)
(Prou
&
Smit,
2006).
Only
healthcare
providers
that
have
a
treatment
rela7onship
with
a
pa7ent
can
retrieve
his/
her
data
from
the
EPD
infrastructure
(Informa7epunt
EPD,
2009).
To
protect
pa7ent’s
privacy,
pa7ents
have
the
right
to
be
informed
and
must
be
able
to
block
his
dossier
(fully
or
par7ally)
from
exchange
with
healthcare
providers
(all
or
some)
(Deutsch
&
Turisco,
2009).
When
pa7ent
data
is
enlisted
for
the
first
7me
on
the
LSP,
the
pa7ent
must
be
informed
on
the
consequences
and
he/she
must
authorize
the
exchange.
The
blocking
(and
unblocking)
right
can
be
applied
by
the
ci7zen
at
any
7me.
Due
to
current
privacy
legisla7on
in
The
Netherlands,
before
enlis7ng
any
pa7ent
dossier
in
the
LSP
for
the
first
7me,
the
organiza7on
must
inform
the
corresponding
public
body:
the
College
Bescherming
Persoonsgegevens
(CBP).
The
na7onal
switching
point
can
be
compared
with
a
traffic
control
tower
which
contains
a
reference
index
to
locate
where
informa7on
about
a
specific
pa7ent
can
be
found
and
wether
it
can
be
retrieved.
It
uses
ci7zen’s
social
security
number
(BSN
numbers)
to
iden7fy
the
subject
at
hand,
and
it
uses
UZI
numbers
to
iden7fy
the
provider
reques7ng
the
informa7on
and
wether
he
is
authorized
to
retrieve
that
specific
informa7on
(Prou
&
Smit,
2006).
Moreover,
the
Dutch
government
provides
full
audit
results
to
pa7ents
regarding
access
and
modifica7ons
of
their
records,
including
logs
on
who
accessed
the
data
and
what
type
of
informa7on
was
viewed
by
each
person.
Moreover,
pa7ents
can
determine
if
they
want
to
opt
in,
opt
out
or
opt
in
with
restric7ons
(Deutsch
&
Turisco,
2009).
An
important
mistake
made
by
the
Dutch
government
in
the
development
of
their
EHR
was
not
to
achieve
7mely
consensus
from
pa7ents
(Deutsch
&
Turisco,
2009).
The
government
tried
to
obtain
pa7ent’s
general
agreement
once
the
system
was
built
and
ready
to
be
rolled
out
by
sending
pa7ents
a
leOer
of
permission.
This
resulted
in
pa7ents
being
surprised
and
returning
300.000
incomplete
or
inaccurate
leOers
which
lead
to
significant
delays
in
rolling
out
the
new
EHR.
A
GBZ
is
a
health
informa7on
system
(or
a
collec7on
of
systems)
which
can
be
used
to
exchange
pa7ent
informa7on
with
other
healthcare
providers
through
the
na7onal
infrastructure
AORTA
(Informa7epunt
EPD,
2009).
Providers
connect
to
other
providers
through
the
na7onal
switching
point
(LSP).
To
connect
to
the
switching
point
providers
need
to
use
a
secure
data
communica7on
network
provided
by
a
ZSP
qualified
provider.
The
switching
point
is
a
reference
index
system
that
contains
informa7on
about
what
type
of
pa7ent
informa7on
is
stored
on
each
healthcare
provider’s
system.
For
authen7ca7on
purposes,
providers
need
to
use
their
UZI
cards
and
server
cer7ficates
when
connec7ng
to
the
LSP.
Moreover,
the
LSP
stores
extended
logging
on
what
informa7on
is
accessed
by
each
provider.
According
to
the
PvE
GBZ
documenta7on,
a
GBZ
is
a
XIS
applica7on
or
a
collec7on
of
XIS
applica7ons,
including
the
related
pa7ent
dossiers,
that
are
available
to
a
healthcare
provider,
facilita7ng
the
exchange
of
pa7ent
data
through
a
health
informa7on
management
system
(ZIM),
communica7ng
with
ZIM
through
a
network
address,
and
is
authen7cated
by
one
UZI
server
cer7ficate
which
has
been
assigned
to
the
responsible
organiza7on
(Tesink,
2009).
This
includes
the
measures
to
guarantee
that
data
is
only
accessed
by
authorized
individuals,
and
the
manuals
and
procedures
for
the
users
and
administrators
of
those
facili7es.
In
other
words,
a
GBZ
includes
the
ICT
capabili7es
used
by
a
healthcare
provider
where
one
or
more
XIS
cer7fied
applica7ons
are
connected
to
the
na7onal
switching
point.
The
main
goal
of
the
GBZ
cer7fica7on
is
to
ensure
that
pa7ent
data
exchanged
through
the
na7onal
switching
point
fully
complies
with
the
requirements
of
integrity
and
confiden7ality
(Tesink,
2009).
The
importance
of
delimi7ng
the
scope
of
a
GBZ
organiza7on
is
explicitly
elaborated
in
na7onal
policies
(IE
BVL
e04)
(Tesink,
2009).
• The
fron7ers
of
the
GBZ
system
within
the
organiza7onal
ICT
infrastructure.
• When
and
how
pa7ent
data
cross
that
fron7er.
• Data
Confiden7ality:
How
is
ensured
that
pa7ent
data
is
not
accesses
by
unauthorized
individuals
or
organiza7ons.
• Data
Integrity:
How
is
ensured
that
pa7ent
data
is
not
received
from
unauthorized
individuals
or
organiza7ons.
• How
is
ensured
that
unauthorized
individuals
are
blocked
from
physical
access
to
parts
of
or
the
whole
GBZ
system.
The
fron7er
of
a
GBZ
organiza7on
is
delimited
by
the
sorware
and
system
used
to
connect,
the
use
cases
where
pa7ent
data
leaves
the
organiza7on
and
the
security
measures
taken
to
prevent
unauthorized
access
and
unauthorized
delivery.
Moreover,
the
hardware
used
must
have
enough
capacity
to
handle
all
requests
within
the
required
response
7mes.
Moreover
there
must
be
enough
disk
space
to
store
all
logs.
Once
data
has
been
received
from
another
qualified
healthcare
provider,
the
GBZ
must
strictly
facilitate
the
following
four
ac7ons
(AE
OPV
e11)
(Tesink,
2009):
storing
data
as
addi7on
to
the
pa7ent
dossier
temporarily
(for
a
maximum
of
48
hours)
where
it
can
be
modified
it
or
deleted
it.
Figure 21: Example of PC Based GBZ Figure 22: Example of Client/Server GBZ
• A
A
GmBZ
must
be
able
to
handle
messages
24
hours
per
day
and
7
days
per
week.
• A
maximum
of
1
small
outage
per
month
and
it
must
be
solved
within
15
minutes.
• The
aximum
of
2
large
outages
per
year
and
they
must
be
solved
within
1
day.
• In
the
overall
yearly
availability
must
be
minimal
99,4%.
• 15
minutes case
of
new
pa7ent
data,
a
GBZ
must
register
it
at
the
na7onal
switching
point
(LSP)
within
in
the
case
of
new
data,
and
within
1
day
in
the
case
of
updates
or
data
that
has
been
already
registered
at
least
once.
• The
response
7mes
of
communica7ons
between
a
GBZ
system
and
a
health
informa7on
broker
(ZIM)
regarding
informa7on
requests
and
responses
are
the
following:
➡ Request
message
of
data
overview:
0,5
seconds.
➡ Response
message
with
data
overview:
0,5
seconds.
➡ Request
message
of
pa7ent
data:
0,5
seconds.
➡ Response
message
with
pa7ent
data
gathered:
on
average
2
seconds.
➡ Response
message
with
pa7ent
data
to
the
requester:
0,5
seconds.
REQUEST
GBZ ZIM
RESPONSE
REQUEST REQUEST
GBZ
GBZ ZIM
GBZ
RESPONSE RESPONSE
There
are
three
main
layers
of
GBZ
requirements:
applica7on
and
data
layer,
server
layer
and
communica7on
layer.
Moreover,
the
standard
NEN7510
is
used
to
guarantee
appropriate
informa7on
security
(NICTIZ,
2005).
The
requirements
per
layer
are
depicted
in
the
following
table
25:
Layer Requirements
•Use
of
UZI
cards
to
access
health
data
in
the
na7onal
infrastructure
•Logging
of
data
retrieved
and
delivered
from/to
other
organiza7ons
including
role
based
access
logs.
Applica*on
•Daily
backup
procedures
and
data
restore
procedures.
&
Data
•Storage
of
pa7ent
data
based
on
BSN
numbers
(ci7zen’s
social
security
numbers).
•Data
must
be
sing-‐in
at
the
LSP
before
use
in
the
na7onal
index
system
(Verwijsindex
VWI).
•Every
GBZ
must
be
registered
at
the
na7onal
UZI
register
and
obtain
an
UZI
issued
server
cer7ficate.
•To
connect
to
the
LSP
every
GBZ
must
iden7fy
itself
with
their
UZI
server
cer7ficate.
•The
authen7ca7on
of
GBZ
takes
place
through
SSL
version
3.0
or
TLS
version
1.0
standards.
•Storing
the
private
key
of
the
cer7ficate
on
the
server
must
include
encryp7on
mechanisms.
Server
•Each
GBZ
can
exclusively
communicate
through
their
ZSPs
to
the
LSP.
•Access
to
the
opera7ng
system
or
to
the
GBZ
must
be
protected
with
login
and
password
combina7on.
•The
system
administrator
must
ensure
that
the
opera7ng
system
of
a
GBZ
is
securely
deployed
and
updated.
•File
and
mail
servers
must
be
protected
by
an7
virus
sorware.
Step Descrip*on
One
of
the
main
requirements
to
be
able
to
connect
to
the
na7onal
switching
point
(LSP)
is
to
embed
the
use
of
BSN
numbers
in
internal
ICT
systems
and
administra7on.
This
includes
the
technical
implementa7on
in
the
internal
ICT
infrastructure
as
well
as
the
connec7on
to
the
register
(SBV-‐Z).
Adap*ng
the
Another
important
requirement
is
that
the
connec7on
between
the
qualified
healthcare
provider
(GBZ)
(internal)
ICT
and
the
na7onal
switching
point
(LSP)
must
be
carried
out
through
a
data
communica7on
network
infrastructure
provided
by
a
qualified
provider
(ZSP).
Moreover,
the
applica7on
connec7ng
to
the
LSP
must
have
obtained
the
XIS
cer7fica7on.
In
order
to
comply
with
these
requirements
healthcare
providers
might
need
to
adapt
their
current
ICT
infrastructure.
Moreover,
the
ZSP
must
provide
a
series
of
services
to
GBZs
and
the
LSP
including
a
service
desk
to
communicate
malfunc7ons
and
planned
maintenance,
and
to
support
the
con7nuity
of
the
services
provided
(NICTIZ,
2009).
The
main
responsibili7es
of
the
ZSP
is
to
manage
the
connec7on
of
the
GBZ
to
the
LSP
using
a
preven7ve,
correc7ve
and
adap7ve
approach.
The
requirements
can
be
grouped
into
func7onal,
implementa7on
and
exploita7on
requirements.
A
complete
overview
of
all
requirements
is
included
in
appendix
M.
Those
requirements
defined
as
op7onal
or
no
longer
applicable
in
the
current
document
version
have
been
excluded
from
the
overview.
By
2008,
significant
progress
has
been
made
on
the
EPD
introduc7on
(NICTIZ,
2009).
The
na7onal
infrastructure
and
standards
suppor7ng
the
first
two
selected
func7onali7es
(EMD
and
WDH)
have
been
completed.
Pilot
projects
in
selected
regions
have
been
successfully
realized,
while
a
large
number
of
healthcare
organiza7ons
and
ICT
providers
have
successfully
completed
the
accredita7on
process
to
be
connected
to
the
basic
infrastructure
(LSP,
Landelijke
Schakel
Punt
in
Dutch).
Following
these
two
func7onali7es,
the
project
will
con7nue
by
adding
informa7on
related
to
emergency
care,
lab
informa7on
and
diabetes
treatments.
The
law
for
the
use
of
ci7zen’s
social
security
numbers
(BSN
numbers)
in
healthcare
came
into
force
the
1st
of
June
2009.
From
that
moment
all
healthcare
providers,
ins7tu7ons
and
insurers
in
The
Netherlands
must
work
according
to
this
law
(Klink
&
Bussemaker,
2008).
According
to
TNS
research
around
two
thirds
of
all
healthcare
organiza7ons
have
taken
measures
to
use
BSN
numbers
by
June
2009.
The
rest
expects
to
be
ready
to
use
BSN
numbers
by
the
end
of
the
year
2009
(MVWS,
2009).
There
are
two
main
applica7ons
that
providers
need
to
use
when
working
with
BSN
numbers.
One
to
iden7fy
and/or
control
the
BSN
number
of
a
pa7ent
(SBV-‐Z)
and
a
second
one
to
check
if
the
pa7ent
is
insured
(Vecozo).
These
two
applica7ons
have
experienced
a
significant
increase
in
demand,
resul7ng
in
some
technical
malfunc7ons.
The
health
ministry
will
work
in
the
coming
months
to
improve
the
robustness
of
these
two
applica7ons
improving
the
availability
of
the
SBV-‐Z
and
UZI
registers
which
do
not
comply
yet
with
the
requirement
of
24x7
up7me
(Klink
&
Bussemaker,
2008)
(MVWS,
2009).
By
June
2009,
around
45%
of
healthcare
ICT
providers
have
obtained
the
cer7fica7on
for
the
use
of
BSN
numbers
(BSN
Zorg
Keurmerk)
(Klink,
2009)
(MVWS,
2009).
The
total
number
of
healthcare
providers
to
be
connected
to
na7onal
switching
point
(LSP)
is
6.368
composed
of
4.321
GP
offices,
127
GP
posts,
1.825
pharmacies
and
95
hospitals.
Un7l
the
second
quarter
of
2009,
around
100
providers
have
been
connected
(MVWS,
2009).
The
ministry
expects
to
connect
an
addi7onal
900
providers
by
the
end
of
2009,
including
450
GP
offices,
50
GP
posts,
400
pharmacies
and
15
hospitals.
During
the
first
half
of
2010,
the
ministry
expects
to
connect
another
2.500
providers.
By
the
second
quarter
of
2009,
the
na7onal
EPD
infrastructure
provides
informa7on
of
around
360.000
pa7ents.
The
data
has
been
successfully
exchanged
around
400.000
7mes
un7l
June
2009
(MVWS,
2009).
Every
ci7zen
has
the
right
to
refuse
that
his
or
her
pa7ent
data
is
exchanged
through
the
switching
point
(LSP).
Un7l
June
2009,
more
than
350.000
ci7zens
are
excluded
at
their
own
request
(Klink,
2009).
The
financial
costs
of
the
EPD
project
have
been
recently
reported
by
the
Ministry
of
health
(Klink,
2009).
By
January
2009,
around
90
million
euros
have
been
expended
in
development
and
deployment
of
the
EPD
infrastructure.
This
amount
can
be
further
subdivided
into
67
million
for
the
development
of
the
na7onal
infrastructure
(LSP,
UZI
registry
and
BSN
control
system),11
million
euros
to
support
deployment,
pilots
and
evalua7ons,
3,6
million
euros
for
communica7on
and
7,9
million
euros
for
subsidies
to
providers.
The
Ministry
is
also
planning
to
research
the
Total
Cost
if
Ownership
(TCO)
of
ICT
in
the
healthcare
sector.
The
conclusions
of
this
research
will
be
presented
by
the
end
of
2009
(Klink,
2009).
An
extension
of
the
EPD
project
currently
being
planned
by
the
Ministry
of
Health
is
pa7ent
access
to
his
or
her
data
being
shared
through
the
na7onal
infrastructure
(Klink,
2009).
The
goal
is
to
provide
ci7zens
not
only
with
access
to
view
their
data
but
also
to
be
able
to
digitally
refuse
the
disclosure
of
his
or
her
personal
data.
Moreover,
as
the
first
two
func7onali7es
have
been
deployed
with
success,
the
next
steps
in
the
EPD
agenda
will
be
ini7ated
in
the
near
future.
In
order
to
s7mulate
the
use
of
ICT
in
Dutch
healthcare
the
government
created
the
NICTIZ
organiza7on
which
is
responsible
for
the
realiza7on
of
the
EPD
infrastructure
in
collabora7on
with
pa7ent’s
associa7ons,
healthcare
providers,
insurers,
ICT
providers
and
public
ins7tu7ons.
The
main
goal
of
NICTIZ
is
to
develop
and
maintain
the
basic
infrastructure
(AORTA)
that
supports
the
na7onal
exchange
of
electronic
pa7ent
records,
including
the
related
standards
and
cer7fica7on
programs.
The
EPD
project
was
primarily
launched
to
improve
the
quality
of
care
by
enabling
7mely,
accurate
and
secure
informa7on
exchange
among
healthcare
providers.
It
is
important
to
note
that
electronic
pa7ent
records
are
a
delimited
type
of
electronic
health
records
that
include
informa7on
to
support
a
specific
treatment
or
care
process
rather
than
providing
a
holis7c
view
of
a
pa7ent’s
health
status.
For
this
reason,
the
informa7on
exchanged
through
the
EPD
infrastructure
is
limited
to
the
relevant
parts
needed
at
a
certain
moment
in
7me
by
a
healthcare
provider.
Family
doctors
(General
Prac77oners
or
GPs)
are
one
of
the
most
important
actors
in
the
Dutch
healthcare
system.
They
are
the
first
point
of
contact
for
pa7ents
(except
in
case
of
emergencies)
and
they
have
the
decision
power
to
refer
pa7ents
(or
not)
to
other
specialists.
The
9.000
family
doctors
in
The
Netherlands
currently
solve
around
95%
of
all
primary
care
condi7ons.
There
is
a
clear
need
for
electronic
collabora7on
between
GPs
and
other
medical
actors
as
the
great
majority
of
them
work
alone
or
share
their
office
with
one
or
two
other
clinicians.
When
analyzing
the
use
of
ICT
in
GP
offices,
we
observe
high
levels
of
computeriza7on
when
genera7ng
prescrip7ons,
using
electronic
medical
records,
accessing
test
results
or
maintaining
their
own
administra7on
in
computer
based
informa7on
systems.
However,
we
find
lower
levels
of
automa7za7on
when
accessing
a
pa7ent’s
medica7on
history.
Although
collabora7on
between
clinicians
is
becoming
more
important
due
to
the
increasing
number
of
sicknesses
that
require
mul7-‐disciplinary
approaches,
only
half
of
the
GPs
can
share
records
electronically
with
prac77oners
outside
their
workplace.
Very
few
GPs
receive
electronic
alerts
to
provide
pa7ents
with
test
results,
access
a
pa7ent’s
hospital
record,
order
tests
electronically
or
provide
pa7ents
with
access
to
their
test
results
electronically.
The
need
for
electronic
collabora7on
In
order
to
foster
collabora7on
between
healthcare
actors,
the
Dutch
government
has
launched
the
EPD
ini7a7ve
in
2008.
The
main
goal
of
this
ini7a7ve
is
to
improve
the
quality
of
care
services
by
sharing
medical
informa7on
in
a
fast
and
reliable
manner.
By
7mely
sharing
accurate
pa7ent
informa7on
clinicians
can
prevent
communica7on
errors
that
can
have
fatal
consequences
for
a
pa7ent’s
health.
The
EPD
ini7a7ve
includes
several
sub-‐projects
that
are
being
implemented
following
a
top-‐
down
incremental
approach
from
2008
to
2013.
The
first
two
func7onali7es
to
be
implemented
are
electronic
pa7ent
drug
prescrip7on
records
(EMD,
Electronisch
Medica7edossier)
and
GPs
observa7on
records
from
service
encounters
at
point
of
service
loca7ons
(WDH,
Waarneemdossier
Huisartsen).
The
EPD
project
is
managed
by
two
governance
bodies,
the
plaxorm
for
ICT
and
innova7on
for
defining
the
EPD
agenda
and
the
steering
commiOee
ICT
&
innova7on
responsible
for
decision
making
and
the
direct
management
of
implementa7on
projects.
The
EPD
infrastructure
consists
of
a
basic
“empty”
infrastructure
(AORTA)
containing
index
and
reference
systems
(LSP)
that
connects
all
individual
sources
were
pa7ent
informa7on
is
registered
and
stored.
It
is
important
to
note
that
pa7ent
informa7on
is
not
stored
on
a
central
repository
but
it
remains
at
its
origin
(e.g.
hospital,
GP
office,
etc.)
and
it
is
gathered
on
demand.
With
this
construc7on,
data
can
be
kept
always
updated
minimizing
the
delay
between
informa7on
genera7on
and
its
availability
to
other
prac77oners.
The
actors
related
to
the
EPD
project
are
very
diverse
and
with
different
perspec7ves
on
the
project.
The
ministry
of
health
and
pa7ent
organiza7ons
are
among
the
actors
that
are
highly
suppor7ve
of
the
ini7a7ve
and
have
strong
influence
on
its
adop7on.
GP
organiza7ons
on
the
other
hand
are
not
very
suppor7ve.
This
can
become
a
significant
barrier
for
adop7on
as
they
also
have
a
lot
of
influence
on
the
use
of
the
envisioned
system.
There
are
several
laws
related
to
the
EPD
regula7ng
the
use
of
ci7zen’s
numbers
in
healthcare
(Wet
gebruik
burgerservicenummer
in
de
zorg),
the
characteris7cs
of
the
infrastructure
(Wet
op
het
EPD),
the
use
of
personal
informa7on
(Wet
Bescherming
Persoonsgegevens)
and
the
treatment
of
pa7ents
(Wet
op
Geneeskundige
behandelingsovereenkomst)
among
others.
It
is
important
to
note
that
par7cipa7on
of
healthcare
organiza7ons
is
currently
non-‐compulsory
and
contractually
regulated
by
bilateral
agreements
between
NICTIZ
and
each
individual
provider.
The
government
plans
to
enforce
par7cipa7on
by
law
in
the
coming
years
as
for
the
success
of
the
system
all
providers
need
to
be
connected
to
the
infrastructure.
Exis7ng
regional
switching
points
will
be
integrated
on
the
na7onal
switching
point
(LSP).
In
order
to
guarantee
interoperability
between
provider’s
systems,
the
EPD
ini7a7ve
has
established
three
cer7fica7ons
that
healthcare
providers
must
obtain
before
connec7ng
to
the
na7onal
infrastructure.
These
programs
are
the
Good
Managed
Healthcare
Organiza7on
(GBZ)
cer7fica7on,
the
Healthcare
Service
Provider
cer7fica7on
(ZSP)
and
the
Cer7fied
Health
Informa7on
System
cer7fica7on
(XIS).
The
XIS
cer7fica7on
is
meant
to
ensure
that
sorware
connec7ng
to
the
na7onal
infrastructure
complies
with
the
requirements
established
by
NICTIZ.
The
ZSP
cer7fica7on
is
designed
to
enabled
the
secure
connec7on
of
a
GBZ
cer7fied
healthcare
provider
(an
his
XIS
cer7fied
sorware)
to
the
na7onal
switching
point
(LSP).
The
GBZ
cer7fica7on
aims
to
ensure
that
exchanged
pa7ent
data
complies
with
the
requirements
of
integrity
and
confiden7ality.
GBZ
requirements
are
divided
into
three
layers:
applica7on,
communica7on
and
server.
The
requirements
focus
mainly
in
guaranteeing
the
accuracy,
availability
and
security
of
informa7on
exchanges.
AORTA
is
the
basic
infrastructure
suppor7ng
the
exchange
of
informa7on.
It
includes
two
registers
(BSN
and
UZI
registers)
for
actor
iden7fica7on
purposes
and
one
switching
point
(LSP)
where
providers
can
connect
if
they
have
obtained
the
required
cer7fica7on
(XIS,
GBZ
and
ZSP).
For
each
type
of
cer7fica7on
specific
requirements
are
described
in
three
areas:
func7onality
(how
to
store
and
exchange
informa7on),
implementa7on
(security
and
connec7vity
issues)
and
exploita7on
(processes
and
measures
to
keep
informa7on
as
accurate,
7mely
and
secure
as
possible).
These
requirements
are
mandatory
to
obtain
and
maintain
the
cer7fica7on.
Security,
reliability
and
privacy
are
crucial
elements
of
every
inter-‐organiza7onal
infrastructure.
This
is
specially
relevant
in
the
healthcare
sector
due
to
its
high
impact
of
ci7zen’s
lives.
For
this
reason,
NICTIZ
has
placed
controls
at
each
component
of
the
infrastructure
and
has
developed
three
security
policies
for
GBZs,
ZSPs
and
the
LSP.
Access
to
pa7ent’s
informa7on
is
limited
to
providers
that
have
a
treatment
rela7on
with
that
pa7ent,
based
on
previous
encounters
and/or
arer
explicit
authoriza7on
from
that
pa7ent.
Moreover,
pa7ents
can
at
any
moment
in
7me
block
access
to
some
or
all
his/her
data
and/or
limit
or
block
the
access
of
certain
providers
to
that
data.
To
facilitate
forensic
analysis,
pa7ents
can
obtain
an
audit
report
containing
informa7on
on
who
has
accessed
their
data,
what
data
has
been
accessed
or
modified
and
when.
Arer
successfully
having
completed
the
first
two
pilots,
the
two
ini7al
func7onali7es
are
being
rolled
out
to
all
providers.
Un7l
June
2009,
more
than
350.000
ci7zens
have
been
excluded
from
the
infrastructure
at
their
own
request.
At
that
7me,
the
EPD
contained
informa7on
about
more
than
360.000
pa7ents
serving
400.000
exchanges
of
informa7on.
5.1. What
are
the
current
trends,
challenges
and
opportuni*es
in
the
Dutch
Healthcare
sector?
The
healthcare
sector
has
not
only
a
high
impact
on
ci7zen’s
lives
but
also
on
their
na7onal
economies.
One
of
the
main
differences
between
the
healthcare
sector
and
other
sectors
is
that
ci7zens
are
both
consuming
and
funding
care
services
(through
taxes
and/or
insurance
bills).
Although
the
healthcare
sector
in
The
Netherlands
is
one
of
the
most
priva7zed
systems
in
the
EU
its
sustainability
is
challenged
by
the
increasing
demand
of
care
services
as
well
as
by
the
decreasing
ci7zen’s
tolerance
for
medical
errors.
Healthcare
is
the
number
one
non-‐economic
issue
for
Dutch
ci7zens.
Although
in
general
ci7zens
are
sa7sfied
with
the
quality
of
care
services
obtained,
there
is
a
significant
gap
between
the
quality
of
services
and
their
accessibility
and
availability
specially
for
specialist’s
care.
The
demand
of
services
increases
among
other
developments
due
to
demographic
changes
(e.g.
longer
life
expectancies
and
lower
birth
rates),
pervasive
and
difficult
to
treat
sicknesses
(e.g.
cancer),
the
rapid
spread
of
illnesses
(e.g.
H1N1)
and
new
unhealthy
lifestyles
(e.g.
higher
average
weight
and
increasing
alcohol
consump7on).
In
order
to
deal
with
these
issues,
healthcare
organiza7ons
need
to
con7nuously
find
new
methods
for
delivering
qualita7ve
services
to
more
ci7zens
with
the
same
amount
of
resources
by
predic7ng,
preven7ng
and
trea7ng
illnesses
more
efficiently
and
effec7vely.
Mostly
as
a
result
of
the
growing
demand
of
services,
yearly
healthcare
costs
are
also
increasing
significantly,
in
some
cases
even
faster
the
na7onal
GDP.
Collabora7on
between
medical
prac77oners
is
a
increasingly
important
requirement
not
only
to
guarantee
the
sustainability
of
current
healthcare
systems
but
also
to
7mely
react
to
global
threats
while
improving
the
con7nuity
of
care
services
delivered
to
ci7zens.
In
order
to
cope
with
current
and
future
challenges
the
Dutch
healthcare
sector
needs
to
con7nuously
improve
the
quality
and
opera7onal
efficiency
of
care
services.
For
this
purpose,
the
Dutch
Ministry
of
Health
has
ini7ated
a
reform
of
the
healthcare
system
in
2006
with
the
introduc7on
of
a
compulsory
private
insurance
for
each
ci7zen.
As
a
part
of
this
transforma7on,
the
Dutch
government
has
started
in
2008
with
the
introduc7on
of
an
na7onal
electronic
pa7ent
record
system
(EPD)
in
order
to
improve
the
quality
and
accessibility
of
healthcare
on
a
cost
efficient
manner.
Family
doctors
(General
Prac77oners
or
GPs)
are
one
of
the
most
important
actors
in
the
Dutch
healthcare
system
currently
solving
around
95%
of
all
primary
care
condi7ons.
There
is
a
clear
need
for
electronic
collabora7on
between
GPs
and
other
medical
actors
as
the
great
majority
of
them
work
alone
or
share
their
office
with
one
or
two
other
clinicians.
When
analyzing
the
use
of
ICT
in
GP
offices,
we
observe
for
example
low
levels
of
automa7za7on
when
accessing
a
pa7ent’s
medica7on
history
while
only
50%
of
all
GPs
can
share
informa7on
electronically
with
prac77oners
outside
their
workplace.
Moreover,
very
few
GPs
can
access
a
pa7ent’s
hospital
record,
order
tests
electronically
or
provide
pa7ents
with
electronic
access
to
their
test
results.
From
a
Dutch
ci7zen
perspec7ve
there
is
also
a
clear
need
for
increasing
computeriza7on
to
enable
collabora7on
between
clinicians.
Almost
50%
of
all
Dutch
ci7zens
have
experienced
medical
problems
due
to
the
lack
of
coordina7on
while
around
10%
of
the
GPs
have
had
to
repeat
tests
because
the
results
of
previous
tests
were
no
longer
available.
The
Dutch
government
considers
ICT
as
an
important
enabler
to
cope
with
current
challenges
in
healthcare
while
improving
the
system’s
sustainability.
Not
only
can
technology
support
medical
prac7ces
to
improve
quality
but
it
also
can
enable
significant
improvements
in
opera7onal
cost
efficiency.
This
perspec7ve
is
reflected
on
the
introduc7on
of
electronic
pa7ent
records
(EPD
project)
which
aims
to
improve
the
quality,
accessibility
and
affordability
of
care
by
enabling
7mely,
accurate
and
secure
informa7on
exchange
between
healthcare
organiza7ons.
However,
it
is
important
to
note
that
due
to
the
private
character
of
the
Dutch
healthcare
sector,
the
government
has
liOle
enforcing
power
in
how
healthcare
organiza7ons
work.
For
this
reason,
the
Dutch
government
has
created
the
NICTIZ
organiza7on
responsible
for
s7mula7ng
the
use
of
ICT
in
healthcare
as
well
as
for
the
realiza7on
of
the
EPD
project
in
collabora7on
with
other
healthcare
actors.
The
main
goal
of
NICTIZ
is
to
develop
and
maintain
the
basic
infrastructure
(AORTA)
suppor7ng
the
electronic
exchange
of
medical
data
(EPD),
including
the
needed
standards
and
cer7fica7ons.
In
order
to
limit
the
scope
of
our
research
we
have
focused
our
analysis
on
this
project
which
is
one
of
the
largest
and
most
significant
ICT
projects
in
the
Dutch
healthcare
sector.
The
introduc7on
of
the
EPD
infrastructure
implies
high
levels
of
computeriza7on
not
only
for
governmental
bodies
but
also
for
healthcare
providers
of
all
kinds
and
sizes.
However,
the
size
of
a
provider
can
influence
the
adop7on
of
this
system
as
many
clinics
are
too
small
for
leveraging
high
investments
in
IT.
For
this
reason,
organiza7ons
need
to
find
new
ways
to
reduce
the
costs
of
technology
by
for
example
outsourcing
it
or
joining
forces
with
other
clinicians
to
achieve
economies
of
scale.
Technology
can
support
healthcare
organiza7ons
in
achieving
their
two
most
relevant
goals:
improve
the
quality
of
services
and
cost
efficiency.
Healthcare
providers
can
for
example
leverage
technology
to
improve
the
quality
of
care
services
by
automa7ng
processes
(thus
reducing
human
mistakes),
by
enabling
7mely
decision
making
(based
on
the
7mely
exchange
of
accurate
pa7ent
informa7on)
and
bridging
the
current
gap
between
the
quality
of
services
and
their
accessibility
and
availability
(e.g.
telemedicine
for
specialists
care).
Moreover,
organiza7ons
can
achieve
cost
efficiencies
by
enabling
affordable
(global)
collabora7on,
by
automa7ng
tasks
to
op7mize
human
resources
costs
(specially
in
areas
where
salaries
are
rela7vely
high
like
The
Netherlands)
and
by
achieving
economies
of
scale
and
synergies
(delivering
qualita7ve
and
efficient
services
to
more
ci7zens
with
the
same
amount
of
resources).
According
to
healthcare
organiza7ons
tools
that
facilitate
collabora7on,
informa7on
exchange,
eProcurement
and
web
services
are
the
most
relevant
for
the
sector.
Specially,
interac7ve
pa7ent
informa7on
and
involvement
and
electronic
communica7ons
are
the
two
most
relevant
factors
in
the
near
future.
5.3. What
are
the
main
policies
and
legisla*ons
affec*ng
the
use
of
ICT
in
Dutch
Healthcare
organiza*ons?
The
adop7on
of
the
EPD
system
by
healthcare
organiza7ons
is
currently
non-‐compulsory
and
contractually
regulated
by
bilateral
agreements
between
NICTIZ
and
each
individual
provider.
The
government
plans
to
enforce
par7cipa7on
by
law
in
the
coming
years
as
for
the
success
of
the
system
all
providers
need
to
be
connected
to
the
infrastructure.
Nevertheless,
in
order
to
be
able
to
connect
to
the
EPD
infrastructure,
healthcare
providers
must
obtain
three
cer7fica7ons
(XIS,
GBZ
and
ZSP)
elaborated
by
NICTIZ.
For
each
type
of
cer7fica7on
specific
requirements
are
described
in
three
areas:
func7onality
(how
to
store
and
exchange
informa7on),
implementa7on
(security
and
connec7vity
issues)
and
exploita7on
(processes
and
measures
to
keep
informa7on
as
accurate,
7mely
and
secure
Security,
reliability
and
privacy
are
crucial
elements
of
every
inter-‐organiza7onal
infrastructure.
This
is
specially
relevant
in
the
healthcare
sector
due
to
its
high
impact
of
ci7zen’s
lives.
For
this
reason,
NICTIZ
has
placed
controls
at
each
component
of
the
infrastructure
and
has
developed
three
security
policies
for
GBZs,
ZSPs
and
the
LSP.
The
healthcare
sector
has
not
only
a
high
impact
on
ci7zen’s
lives
but
also
on
their
na7onal
economies.
One
of
the
main
differences
between
the
healthcare
sector
and
other
sectors
is
that
ci7zens
are
both
consuming
and
funding
care
services.
Through
taxes
and/or
insurances
ci7zens
pay
for
the
services
they
might
consume
when
needed.
Moreover,
as
the
main
product
of
care
services
is
to
improve
ci7zen’s
quality
of
life,
it
is
crucial
that
healthcare
organiza7ons
are
able
to
make
decision
on
a
7mely
basis.
The
healthcare
industry
is
also
one
of
the
most
economically
significant
industries
as
it
represents
more
than
9%
of
all
jobs
in
the
EU
and
more
than
6%
of
the
EU
GDP.
Healthcare
systems
in
the
European
Union
are
very
heterogenous
and
have
diverse
mixes
of
public
and
private
funding
and
delivery.
Although
there
is
not
an
op7mum
single
model,
a
pure
public
model
eliminates
free-‐market
mechanisms
which
enable
innova7on
and
cost
efficiency
through
compe77on.
On
the
other
hand,
a
solely
private
model
is
oren
more
expensive
as
healthcare
organiza7ons
aim
to
obtain
increasingly
yearly
net
profits
and
therefore
focus
their
efforts
on
the
most
profitable
ac7vi7es.
As
a
result
access
to
healthcare
services
(e.g.
research,
treatment,
etc.)
for
pa7ents
with
rare
diseases
can
be
limited
due
to
its
low
profitability.
Regardless
of
the
specific
system
in
place,
the
sustainability
of
almost
all
systems
is
challenged
by
the
increasing
demand
care
services
as
well
as
by
the
decreasing
ci7zen’s
tolerance
for
medical
errors.
The
demand
of
services
increases
among
other
developments
due
to
demographic
changes
(e.g.
longer
life
expectancies
and
lower
birth
rates),
pervasive
and
difficult
to
treat
sicknesses
(e.g.
cancer),
the
rapid
spread
of
illnesses
(e.g.
H1N1)
and
new
unhealthy
lifestyles
(e.g.
higher
average
weight
and
increasing
alcohol
consump7on).
In
order
to
deal
with
these
issues,
healthcare
organiza7ons
need
to
con7nuously
find
new
methods
for
delivering
qualita7ve
services
to
more
ci7zens
with
the
same
amount
of
resources
by
predic7ng,
preven7ng
and
trea7ng
illnesses
more
efficiently
and
effec7vely.
Mostly
as
a
result
of
the
increasing
service
demand,
yearly
healthcare
costs
are
also
increasing
significantly,
in
some
cases
even
faster
the
na7onal
GDP.
Some
experts
predict
healthcare
costs
to
account
for
15%
of
EU
GDP
by
2020.
This
affects
the
sustainability
of
current
systems
if
they
are
not
reformed.
In
a
recent
EU
research
we
can
observe
that
although
healthcare
is
the
number
one
non-‐
economic
issue
for
ci7zens,
they
are
rather
sa7sfied
with
the
quality
of
services
provided
by
healthcare
organiza7on.
Nevertheless,
there
is
a
significant
gap
between
quality
of
services
and
their
accessibility
and
availability
reflected
in
lower
sa7sfac7on
scores
specially
for
specialist’s
care.
Although
Dutch
ci7zens
are
even
more
sa7sfied
with
quality
than
the
EU
average
they
also
reflect
some
discontent
with
the
access
to
specialists.
It
is
important
to
note
that
the
importance
of
healthcare
for
ci7zens
can
be
related
to
their
age
as
older
ci7zens
consume
more
care
services
than
younger
ones.
Due
to
the
fact
that
the
overall
age
is
currently
increasing
we
can
expect
in
the
future
a
growing
ci7zen’s
concern
for
healthcare.
The
increasing
demand
and
costs
of
care
services
reflect
the
need
of
collabora7on
between
clinicians.
Collabora7on
is
a
important
requirement
not
only
to
guarantee
the
sustainability
of
current
healthcare
systems
but
also
to
7mely
react
to
global
threats
while
improving
the
con7nuity
of
care
services
delivered
to
ci7zens.
The
proper
use
of
technology
can
help
to
foster
healthy
ci7zen’s
behavior
and
to
protect
them
from
large
scale
threats
while
increasing
the
availability
of
services
and
mee7ng
growing
demand
on
an
effec7ve
and
efficient
manner.
For
example,
current
(internet)
technologies
can
leverage
collabora7on
in
a
cost
efficient
manner,
improving
care
services
con7nuity
and
accessibility.
The
healthcare
sector
in
The
Netherlands
is
predominantly
private
with
public
funding
significantly
below
EU
average.
In
order
to
cope
with
current
and
future
challenges
the
Dutch
healthcare
sector
needs
to
con7nuously
improve
the
quality
and
opera7onal
efficiency
of
care
services.
For
this
purpose,
the
Dutch
Ministry
of
Health
has
ini7ated
a
reform
of
the
healthcare
system
in
2006
with
the
introduc7on
of
a
compulsory
private
insurance
for
each
ci7zen.
The
transforma7on
is
aimed
to
shir
the
power
from
healthcare
providers
to
consumers,
and
the
control
from
public
bodies
to
insurers.
As
a
part
of
this
transforma7on,
the
Dutch
government
has
started
in
2008
with
the
introduc7on
of
an
na7onal
electronic
pa7ent
record
system
(EPD)
to
facilitate
the
7mely
exchange
of
accurate
medical
informa7on.
The
main
goal
of
this
project
is
to
leverage
collabora7on
in
order
to
improve
the
quality
and
accessibility
of
healthcare
on
a
cost
efficient
manner.
As
it
is
the
case
in
other
industries,
business
and
IT
alignment
is
crucial
for
successful
leveraging
technological
solu7ons
in
healthcare.
By
using
the
right
approach
and
implementa7on
methodology
for
each
specific
situa7on,
organiza7ons
can
improve
the
quality,
accessibility
and
efficiency
of
healthcare
delivery.
It
has
been
oren
demonstrated
that
those
firms
that
invest
in
the
right
ICT
solu7ons
perform
significantly
beOer
than
other
ones
that
do
not
invest
on
those
solu7ons.
According
to
healthcare
organiza7ons
tools
that
facilitate
collabora7on,
informa7on
exchange,
The
specific
advantages
of
electronic
medical
records
systems
have
also
been
subject
of
previous
research.
By
increasing
the
availability
of
accurate,
complete
and
relevant
clinical
data
organiza7ons
can
reduce
medical
errors
in
diagnosis,
medica7on
and
treatments
and
thus
improving
the
quality
of
services.
Moreover,
by
sharing
informa7on
among
prac77oners,
redundant
tests
are
eliminated
and
processes
are
streamlined
resul7ng
in
a
significant
larger
throughput
(more
pa7ents
processed
with
the
same
resources).
In
previous
work
we
can
also
find
a
series
of
barriers
for
the
adop7on
of
technology
in
healthcare.
The
most
important
barriers
are
security
and
the
cost
of
technology,
followed
by
the
lack
of
interoperability
with
exis7ng
solu7ons
and
legal
and
privacy
issues.
Organiza7ons
can
leverage
ICT
solu7ons
by
reusing
exis7ng
investments
in
technology,
gaining
compe77ve
advantage
from
value
chain
coopera7on,
improving
supply
chain
management
and
benefi7ng
from
economies
of
scale
and
synergies
through
collabora7on.
Moreover,
a
number
of
cri7cal
success
factors
(CSFs)
have
been
iden7fied
in
previous
research
for
guiding
healthcare
organiza7ons
in
the
adop7on
of
technology.
These
CSFs
are
grouped
in
four
areas:
management,
leadership,
func7onality
and
technology.
The
support
from
senior
management,
a
clear
added
value,
good
project
management,
employee
training
and
communica7on
and
a
clear
focus
on
process
quality,
efficiency
and
reliability
are
the
most
relevant
factors
at
management
level.
Organiza7onal
leaders
must
develop
a
shared
project
vision
with
clear
objec7ves
and
business
case
and
align
them
with
the
firm’s
strategy
as
well
as
with
corporate
governance.
The
func7onality
of
the
solu7on
must
focus
on
suppor7ng
organiza7onal
and
clinical
processes
as
well
as
a
broad
user
group
and
horizontal
integra7on.
On
the
technology
area,
the
solu7on
must
ensure
compa7bility
with
current
systems,
and
guarantee
a
high
level
of
availability,
security
and
interoperability.
From
a
Dutch
government
perspec7ve
ICT
is
regarded
as
an
important
enabler
to
cope
with
current
challenges
in
healthcare
while
improving
its
sustainability.
Not
only
can
technology
support
medical
prac7ces
to
improve
quality
but
it
also
can
enable
significant
cost
efficiencies
in
medical
prac7ces.
This
perspec7ve
is
reflected
on
the
introduc7on
of
electronic
pa7ent
records
(EPD
project)
which
aims
to
improve
the
quality,
accessibility
and
affordability
of
care
services.
However,
it
is
important
to
note
that
due
to
the
private
character
of
the
Dutch
healthcare
sector,
the
government
has
liOle
enforcing
power
in
how
healthcare
organiza7ons
work.
For
this
reason,
the
Dutch
Family
doctors
(General
Prac77oners
or
GPs)
are
one
of
the
most
important
actors
in
the
Dutch
healthcare
system
currently
solving
around
95%
of
all
primary
care
condi7ons.
There
is
a
clear
need
for
electronic
collabora7on
between
GPs
and
other
medical
actors
as
the
great
majority
of
them
work
alone
or
share
their
office
with
one
or
two
other
clinicians.
When
analyzing
the
use
of
ICT
in
GP
offices,
we
observe
for
example
low
levels
of
automa7za7on
when
accessing
a
pa7ent’s
medica7on
history
while
only
50%
of
all
GPs
can
share
informa7on
electronically
with
prac77oners
outside
their
workplace.
Moreover,
very
few
GPs
can
access
a
pa7ent’s
hospital
record,
order
tests
electronically
or
provide
pa7ents
with
electronic
access
to
their
test
results.
From
a
Dutch
ci7zen
perspec7ve
there
is
also
a
clear
need
for
increasing
computeriza7on
to
enable
collabora7on
between
clinicians.
Almost
50%
of
all
Dutch
ci7zens
have
experienced
medical
problems
due
to
the
lack
of
coordina7on
while
around
10%
of
the
GPs
have
had
to
repeat
tests
because
the
results
of
previous
tests
were
no
longer
available.
The
introduc7on
of
medical
pa7ent
records
(EPD)
in
The
Netherlands
is
being
carried
out
following
a
top-‐down
incremental
approach.
At
the
moment
of
wri7ng
the
first
two
func7onali7es
(prescrip7on
history
and
GP
observa7ons)
are
being
rolled
out
arer
having
completed
their
pilot
phases
successfully.
The
EPD
basic
infrastructure
(AORTA)
consists
of
a
basic
“empty”
switching
point
(LSP)
containing
index
and
reference
systems
that
connects
all
individual
sources
were
pa7ent
informa7on
is
registered
and
stored.
It
is
important
to
note
that
pa7ent
informa7on
is
not
stored
on
a
central
repository
but
it
remains
at
its
origin
(e.g.
hospital,
GP
office,
etc.)
and
it
is
gathered
on
demand.
With
this
construc7on,
data
can
be
kept
always
updated
minimizing
the
delay
between
informa7on
genera7on
and
its
availability
to
other
prac77oners.
The
actors
related
to
the
EPD
project
are
very
diverse
and
with
different
perspec7ves
on
the
project.
Some
actors
with
high
influence
on
adop7on
support
the
ini7a7ve
(e.g.
government
and
pa7ent
organiza7ons)
while
others
actors
with
high
influence
are
less
suppor7ve
(e.g.
GP
organiza7ons).
In
our
opinion,
the
lack
of
support
of
GPs
can
be
linked
to
the
lack
of
control
and
trust
when
relying
on
externally
generated
informa7on.
The
adop7on
of
the
EPD
system
by
healthcare
organiza7ons
is
currently
non-‐compulsory
and
contractually
regulated
by
bilateral
agreements
between
NICTIZ
and
each
individual
provider.
The
government
plans
to
enforce
par7cipa7on
by
law
in
the
coming
years
as
for
the
success
of
the
system
all
providers
need
to
be
connected
to
the
infrastructure.
Another
important
remark
is
that
ci7zens
can
at
any
moment
in
7me
block
their
AORTA
is
the
basic
infrastructure
suppor7ng
the
exchange
of
informa7on.
It
includes
two
registers
(BSN
and
UZI
registers)
for
actor
iden7fica7on
purposes
and
one
switching
point
(LSP)
where
providers
can
connect
if
they
have
obtained
the
required
cer7fica7on
(XIS,
GBZ
and
ZSP).
For
each
type
of
cer7fica7on
specific
requirements
are
described
in
three
areas:
func7onality
(how
to
store
and
exchange
informa7on),
implementa7on
(security
and
connec7vity
issues)
and
exploita7on
(processes
and
measures
to
keep
informa7on
as
accurate,
7mely
and
secure
as
possible).
These
requirements
are
mandatory
to
obtain
and
maintain
the
cer7fica7on.
The
standards
used
on
the
EPD
infrastructure
are
HL7
version
3
for
message
specifica7ons,
WSDL
and
SOAP
for
web-‐service
descrip7ons
and
access,
HTTPs
and
TCP/IP
for
communica7ons
and
the
CEN
13606
for
concepts
in
process
descrip7ons
and
informa7on
models.
NICTIZ
has
chosen
these
standards
to
facilitate
the
exchange
of
informa7on
independently
from
the
structure,
syntax
and
seman7cs
used
at
individual
provider’s
systems.
In
order
to
guarantee
interoperability
between
provider’s
systems,
the
EPD
ini7a7ve
has
established
three
cer7fica7on
programs
that
healthcare
providers
must
obtain
before
connec7ng
to
the
na7onal
infrastructure.
These
programs
are
the
Good
Managed
Healthcare
Organiza7on
(GBZ)
cer7fica7on,
the
Healthcare
Service
Provider
cer7fica7on
(ZSP)
and
the
Cer7fied
Health
Informa7on
System
cer7fica7on
(XIS).
The
XIS
cer7fica7on
is
meant
to
ensure
that
sorware
connec7ng
to
the
na7onal
infrastructure
complies
with
the
requirements
established
by
NICTIZ.
The
ZSP
cer7fica7on
is
designed
to
enabled
the
secure
connec7on
of
a
GBZ
cer7fied
healthcare
provider
(an
his
XIS
cer7fied
sorware)
to
the
na7onal
switching
point
(LSP).
The
GBZ
cer7fica7on
aims
to
ensure
that
exchanged
pa7ent
data
complies
with
the
requirements
of
integrity
and
confiden7ality.
GBZ
requirements
are
divided
into
three
layers:
applica7on,
communica7on
and
server.
The
requirements
focus
mainly
in
guaranteeing
the
accuracy,
availability
and
security
of
informa7on
exchanges.
Security,
reliability
and
privacy
are
crucial
elements
of
every
inter-‐organiza7onal
infrastructure.
This
is
specially
relevant
in
the
healthcare
sector
due
to
its
high
impact
of
ci7zen’s
lives.
For
this
reason,
NICTIZ
has
placed
controls
at
each
component
of
the
infrastructure
and
has
developed
three
security
policies
for
GBZs,
ZSPs
and
the
LSP.
Access
to
pa7ent’s
informa7on
is
limited
to
providers
that
have
a
treatment
rela7on
with
that
pa7ent,
based
on
previous
encounters
and/or
arer
explicit
authoriza7on
from
that
pa7ent.
The
introduc7on
of
the
EPD
infrastructure
implies
high
levels
of
computeriza7on
not
only
for
governmental
bodies
but
also
for
healthcare
providers
of
all
kinds
and
sizes.
However,
the
size
of
a
provider
can
influence
the
adop7on
of
this
system
as
many
clinics
are
too
small
for
leveraging
high
investments
in
IT.
For
this
reason,
organiza7ons
need
to
find
new
ways
to
reduce
the
costs
of
Technology
can
support
healthcare
organiza7ons
in
achieving
their
two
most
relevant
goals:
improve
the
quality
of
services
and
cost
efficiency.
In
other
sectors,
technology
has
played
a
crucial
role
in
achieving
both
of
these
targets.
Healthcare
providers
can
for
example
leverage
technology
to
improve
the
quality
of
care
services
by
automa7ng
processes
(thus
reducing
human
mistakes),
by
enabling
7mely
decision
making
(based
on
the
7mely
exchange
of
accurate
pa7ent
informa7on)
and
bridging
the
current
gap
between
the
quality
of
services
and
their
accessibility
and
availability
(e.g.
telemedicine
for
specialists
care).
Moreover,
organiza7ons
can
achieve
cost
efficiencies
by
enabling
affordable
(global)
collabora7on,
by
automa7ng
tasks
to
op7mize
human
resources
costs
(specially
in
areas
where
salaries
are
rela7vely
high
like
The
Netherlands)
and
by
achieving
economies
of
scale
and
synergies
(delivering
qualita7ve
and
efficient
services
to
more
ci7zens
with
the
same
amount
of
resources).
We
start
this
sec7on
by
describing
the
research
methodology
followed
in
this
phase
(e.g.
design
science)
as
it
differs
significantly
from
two
previous
ones.
We
con7nue
then
presen7ng
our
ar7fact’s
construc7on
and
evalua7on
to
conclude
with
the
answers
to
the
research
ques7ons
related
to
this
phase
of
our
research.
The
ar7facts
created
in
our
research
are
two
main
constructs
in
phase
one
and
two
(our
defini7on
of
Cloud
Compu7ng
and
EPD
requirements),
a
model
in
this
third
phase
(our
matching-‐
model)
and
methods
(the
processes
that
we
followed
to
create
our
defini7on
of
Cloud
Compu7ng
and
our
matching-‐model).
The
overall
goal
of
this
part
of
our
research
is
to
create
a
meta-‐ar7fact
(our
matching
model)
as
a
solu7on
to
an
unknown
problem:
if
a
Dutch
healthcare
organiza7on
can
use
cloud
compu7ng
solu7ons
to
connect
to
the
na7onal
electronic
pa7ent
system.
The
expert
reviews
consisted
of
unstructured
in-‐depth
interviews
with
two
experts:
Mr
Gerard
Persoon
and
Mr.
Bert
Kabbes.
Both
have
more
than
20
years
experience
in
business
consultancy
in
the
Dutch
healthcare
sector
and
Mr.
Kabbes
has
been
interim
director
of
several
large
Dutch
hospitals.
The
in-‐depth
interviews
include
the
evalua7on
of
our
ar7fact's
func7onality,
completeness,
consistency,
accuracy
and
usability.
Other
aOributes
like
performance,
reliability,
and
organiza7onal
fit
were
excluded
from
our
valida7on
because
the
experts
are
not
aware
of
any
implementa7on
of
Cloud
Compu7ng
solu7ons
in
the
EPD
context.
The
reviews
of
the
model
were
very
posi7ve
and
some
realloca7ons
of
requirements
to
different
features
were
performed.
Although
a
deeper
ar7fact
evalua7on
could
have
been
achieved
by
performing
an
instan7a7on
of
the
model
in
prac7ce,
we
could
not
find
any
case
in
prac7ce
to
apply
our
model.
Moreover,
although
there
are
several
wriOen
cases
on
HIPAA
compliant
US
healthcare
organiza7ons
we
could
not
find
any
case
study
on
a
EPD
cloud
compu7ng
solu7on
to
instan7ate
our
model.
For
clarifying
purposes
we
have
chosen
a
coding
scheme
to
iden7fy
the
corresponding
requirement.
GBZ
requirements
are
code
as
“GBZ-‐id”
where
“id”
represents
the
requirement
iden7fica7on
number
in
appendix
N.
ZSP
requirements
are
coded
as
“ZSP-‐id”
where
“id”
indicates
the
corresponding
code
in
appendix
M.
ZSP
codes
include
three
leOers
to
iden7fy
the
category
followed
by
two
numbers
to
iden7fy
the
specific
requirement
within
that
category.
As
our
goal
is
to
explore
opportuni7es
and
incompa7bili7es
between
the
cloud
compu7ng
delivery
model
and
the
EPD
cer7fica7on
requirements
we
have
classified
the
requirements
according
to
how
the
feature
is
supported
by
a
requirement
(column
supported
by)
as
well
as
how
the
feature
is
delimited
(or
excluded)
by
a
requirement
(column
delimited
by).
Within
the
“delimited
by”
category
we
dis7nguish
between
those
requirements
that
directly
affect
a
feature
and
requirements
that
indirectly
limit
the
implementa7on
of
a
feature.
We
consider
that
a
feature
is
supported
by
a
requirement
when
the
feature
capabili7es
are
explicitly
required
by
cer7fica7on
requirements.
We
believe
that
a
feature
is
delimited
when
a
requirement
determines
some
aspect
(or
the
totality)
of
its
implementa7on
(e.g.
hybrid
cloud,
private
cloud,
public
cloud,
etc.).
Some
requirements
are
not
included
in
our
matching
model
as
they
do
not
limit
or
support
any
of
the
features.
Moreover,
requirements
can
be
linked
to
more
than
one
feature
but
they
always
either
delimit
or
support
that
feature.
The
usage-‐based
pricing
model
is
the
only
feature
not
supported
or
limited
by
any
requirement
as
organiza7ons
are
free
to
choose
any
economic
model
to
purchase
IT
capabili7es
in
the
EPD
context.
Our
matching-‐model
is
presented
in
table
27.
Directly Indirectly
ZSP-‐CON-‐01,
ZSP-‐
On-‐demand BSC-‐01,
ZSP-‐BSC-‐02,
ZSP-‐CON-‐11
GBZ-‐5.1,
GBZ-‐5.7
ZSP-‐CON-‐01,
ZSP-‐
Elas7c BSC-‐01,
ZSP-‐BSC-‐02,
ZSP-‐CON-‐11
GBZ-‐5.1,
GBZ-‐5.7
ZSP-‐DNS-‐01,
ZSP-‐DNS-‐02,
ZSP-‐DNS-‐04,
ZSP-‐DNS-‐05,
ZSP-‐DNS-‐06,
ZSP-‐CON-‐05,
Internet
delivery ZSP-‐CON-‐06,
ZSP-‐CON-‐08,
ZSP-‐CON-‐03,
ZSP-‐CON-‐07
ZSP-‐CON-‐09,
ZSP-‐CON-‐10,
ZSP-‐BVL-‐05,
ZSP-‐RSP-‐01
&
ZSP-‐RSP-‐03
ZSP
DNS
requirements
(ZSP-‐DNS-‐id)
delimit
indirectly
how
an
applica7on
can
connect
to
the
EPD
using
domain
name
protocols.
Although
EPD
requirements
include
advanced
DNS
configura7on
almost
all
available
solu7ons
offer
these
configura7on
op7ons.
The
most
significant
limita7ons
to
the
use
of
cloud
compu7ng
solu7ons
in
the
EPD
context
are
found
in
the
connec7vity
area
as
the
use
of
components
that
use
the
public
internet
network
(ZSP-‐
CON-‐07)
is
prohibited.
This
excludes
all
public
cloud
solu7ons
and
many
private
providers
that
do
not
offer
private
leased
connec7ons
(e.g.
point-‐to-‐point)
in
The
Netherlands.
Moreover,
the
use
of
fixed
IP
addresses
(ZSP-‐CON-‐03)
is
not
a
common
feature
in
public
cloud
solu7ons
re-‐enforcing
the
need
for
In
the
cloud
compu7ng
model
(part
of)
an
IT
capability
is
delivered
as-‐a-‐service
where
the
provider
owns
the
capability
and
rents
it
to
the
user
for
a
specific
purpose.
For
this
reason,
security
of
the
cloud
provider
is
a
very
important
issue
to
consider
in
the
EPD
context
delimi7ng
directly
the
as-‐a-‐
service
model
to
organiza7ons
that
can
provide
this
kind
of
assurance.
ZSP
requirements
related
to
security
are
to
be
evaluated
at
the
provider
level
where
he
needs
to
have
a
security
policy
(ZSP-‐
BVL-‐01)
embedded
in
the
organiza7on
(ZSP-‐BVL-‐02),
followed
by
employees
(ZSP-‐BVL-‐03),
Moreover,
it
should
include
an
access
policy
(ZSP-‐BVL-‐06),
a
con7nuity
management
plan
(ZSP-‐BVL-‐07)
and
a
con7ngency
plan
in
case
of
security
incidents
(ZSP-‐BVL-‐08).
Response
7me
requirements
(ZSP-‐RSP-‐01
&
ZSP-‐RSP-‐03)
implies
indirectly
serious
limita7ons
on
the
as-‐a-‐service
feature
and
on
the
Internet
delivery
feature.
Current
public
clouds
for
example
do
not
comply
with
the
maximum
delay
allowed
in
HTTP
communica7ons.
Some
ZSP
organiza7onal
requirements
delimit
directly
which
types
of
organiza7ons
can
connect
to
the
EPD
(ZSP-‐ORG-‐01,
ZSP-‐ORG-‐03)
as
they
exclude
directly
the
as-‐a-‐service
model
where
the
provider
is
not
a
registered
Dutch
organiza7on
located
in
The
Netherlands
or
a
cer7fied
organiza7on
(GBZ-‐1.1
&
GBZ-‐1.2).
In
order
to
comply
with
ZSP
management
requirements
the
as-‐a-‐service
solu7on
must
include
a
24x7
available
system
administrator
(ZSP-‐BEH-‐01),
measuring
and
repor7ng
capabili7es
(ZSP-‐BEH-‐03,
ZSP-‐BEH-‐04
&
ZSP-‐BEH-‐05)
and
facilitate
migra7ons
to
other
solu7ons
(ZSP-‐BEH-‐07
&
ZSP-‐BEH-‐08).
The
majority
of
current
cloud
offerings
have
con7nuos
monitoring
and
include
measuring
and
repor7ng
capabili7es.
The
as-‐a-‐service
feature
is
therefore
indirectly
affected
by
these
features.
However,
the
support
for
migra7ons
is
not
found
in
all
types
of
cloud
services.
The
majority
of
public
cloud
solu7ons
facilitate
the
migra7on
to
their
solu7on
but
not
to
another
solu7on.
The
as-‐a-‐service
feature
is
therefore
directly
affected
by
migra7on
requirements.
The
requirements
related
to
the
level
of
user
support
and
the
handling
of
issues
is
a
strong
requirement
that
indirectly
excludes
public
clouds
because
the
as-‐a-‐service
model
does
not
normally
includes
this
type
of
personalized
support
(ZSP-‐GBO-‐01
&
ZSP-‐GBO-‐02).
Communica7on
issues
in
cases
of
malfunc7ons
and
recoveries
(ZSP-‐BSC-‐06
&
ZSP-‐BSC-‐08)
as
well
as
the
fixed
schedule
for
maintenance
(ZSP-‐BSC-‐07)
are
also
strong
limita7ons
to
the
type
of
solu7on
to
be
used.
Current
public
clouds
for
example
communicate
outages
and
recoveries
through
a
website
and
do
not
have
a
fixed
maintenance
schedule.
Several
GBZ
requirements
are
concerned
with
protec7ng
the
EPD
infrastructure
against
unauthorized
access,
misuse
and
errors
(GBZ.3.8,
GBZ-‐3.10,
GBZ-‐4.1,
GBZ-‐4.2,
GBZ-‐4.4,
GBZ-‐4.6,
3. Ar*fact
Evalua*on
The
field
of
design
science
in
IS
research
is
regarded
in
previous
work
as
an
applied
science
discipline
reflec7ng
the
importance
of
IT
(meta-‐)ar7facts
that
enable
the
development
of
concrete
IT
applica7ons
(Iivari,
2007).
This
is
also
the
main
goal
of
our
research,
to
develop
a
meta-‐ar7fact
(our
matching-‐model)
to
facilitate
the
deployment
of
cloud
compu7ng
solu7ons
in
an
specific
context
(healthcare
in
The
Netherlands).
A
design
science
ar7fact
can
therefore
be
evaluated
by
analyzing
how
that
ar7fact
achieves
its
goal
in
prac7ce
(u7lity
and
quality)
and
how
efficient
it
is
in
achieving
it
(Hevner
et
al.,
2004).
However,
there
are
significant
barriers
for
evalua7ng
ar7facts
as
they
are
related
to
the
environment
where
they
operate
(March
&
Smit,
1995).
According
to
previous
work,
the
resul7ng
meta-‐ar7facts
must
include
knowledge
that
enables
product
and
process
design
(Iivari,
2007).
We
believe
that
our
matching-‐model
contains
knowledge
that
can
support
prac77oners
in
the
design
of
new
(or
modified)
cloud
products
and
as
well
as
in
the
design
of
cloud
related
processes.
By
matching
a
poten7al
solu7on
with
our
cloud
compu7ng
features
and
evalua7ng
the
requirements
enforced
by
NICTIZ
an
organiza7on
can
select
the
solu7on
that
best
fits
their
needs
in
that
context.
In
order
to
evaluate
our
ar7fact
in
prac7ce
we
need
to
find
a
Dutch
healthcare
organiza7on
that
it
is
considering
cloud
compu7ng
solu7ons.
We
could
not
find
such
an
organiza7on
which
means
that
our
matching-‐model
should
be
further
evaluated
in
prac7ce.
Nevertheless,
taking
into
account
that
we
build
our
model
based
on
two
already
validated
constructs
created
in
phase
one
and
two
of
our
research
and
that
we
validate
the
matching-‐model
with
expert
reviews,
we
can
draw
some
conclusions
regarding
the
completeness
and
accuracy
of
our
matching-‐model
based
on
the
assump7ons
made
during
our
research.
It
is
important
to
note
that
we
could
not
found
specific
metrics
to
measure
our
variables
and
therefore
the
evalua7on
of
the
ar7fact
is
qualita7ve
by
nature.
Qualita7ve
research
methods
use
qualita7ve
data
(e.g.
interviews,
documents,
observa7on
data,
etc.)
to
understand
and
explain
social
phenomena
(Myers,
1997).
Although
they
are
typical
social
sciences
research
methods
they
are
increasingly
popular
in
IS
research,
specially
when
inves7ga7ng
(new)
managerial
and
organiza7onal
issues.
Moreover,
qualita7ve
methods
are
oren
found
in
research
performed
from
an
interpre7ve
perspec7ve
like
in
our
research
(Myers,
1997).
The
main
purpose
of
this
type
of
methods
is
to
inves7gate
phenomena
taking
into
account
the
par7cipant's
perspec7ve
and
the
specific
social
and
ins7tu7onal
context
(Myers,
1997).
According
to
previous
work
when
there
is
not
a
previous
outcome
of
tan
ar7fact,
as
it
is
also
the
case
in
our
research,
its
poten7al
usefulness
must
be
es7mated
(Järvinen,
2008).
Due
to
the
lack
of
cloud
compu7ng
implementa7ons
in
Dutch
healthcare
the
experts
were
asked
to
give
their
es7ma7on
of
the
model’s
usability,
func7onality
and
consistency
by
applying
logical
reasoning
and
their
own
experience.
Other
aOributes
like
performance,
reliability,
and
organiza7onal
fit
were
excluded
from
our
valida7on
as
they
need
to
evaluated
once
the
model
has
been
applied
in
prac7ce.
Nevertheless
we
have
provided
some
assurance
about
our
ar7fact’s
relevance
by
considering
business
needs
from
environmental
factors
(e.g.
people,
organiza7on
and
technology)
during
our
research
(Hevner
et
al.,
2004).
Experts
had
no
remarks
concerning
the
completeness
and
effec7veness
of
our
matching-‐
model.
as
they
believe
that
it
contains
all
relevant
features
and
requirements
and
they
are
placed
using
appropriate
logical
reasoning.
Moreover,
the
experts
reflected
that
our
model
could
be
useful,
func7onal
and
consistent
but
they
agreed
on
the
fact
that
this
should
be
further
evaluated
in
prac7ce.
It
is
important
to
note
that
the
quality
of
design
science
ar7facts
improves
when
subsequent
evalua7ons
are
performed
as
they
oren
result
in
incremental
improvements
(Hevner
et
al.,
2004)
(Gregor
&
Jones,
2007).
However,
we
could
not
improve
any
exis7ng
model
as
we
could
not
find
any
similar
meta-‐ar7fact
in
previous
literature.
For
this
reason
we
had
to
create
a
new
meta-‐ar7fact
that
can
be
evaluated
and
improved
in
further
research.
This
is
a
typical
situa7on
when
applying
design
science
to
build
new
or
innova7ve
ar7facts
as
theories
over
the
applica7on
and
impact
of
these
ar7facts
can
be
created
once
the
ar7facts
are
applied
in
prac7ce
(Hevner
et
al.,
2004).
4.1. What
are
the
most
relevant
opportuni*es
and
challenges
for
adop*ng
Cloud
Compu*ng
in
the
Dutch
Healthcare
sector?
Current
developments
in
healthcare
and
in
na7onal
economies
have
created
the
perfect
storm
for
the
adop7on
of
Cloud
Compu7ng.
The
current
economic
downturn,
demographic
and
social
developments,
pervasive
sicknesses
and
global
threats
are
among
the
challenges
that
reflect
the
con7nuous
need
for
cost
efficiency
and
7mely
qualita7ve
services
in
healthcare.
Collabora7on
between
prac77oners
is
increasingly
becoming
an
essen7al
requirement
to
cope
with
these
developments.
From
our
analysis
in
phases
1
and
2
we
observe
a
match
between
opportuni7es
offered
by
Cloud
Compu7ng
models
and
challenges
that
Dutch
healthcare
organiza7ons
are
facing
now
and
in
the
future.
In
order
to
improve
the
sustainability
of
the
healthcare
system,
healthcare
organiza7ons
can
leverage
Cloud
Compu7ng
solu7ons
to
achieve
their
two
most
relevant
goals:
cost
efficiency
and
quality
improvements.
As
described
in
phase
1
according
to
previous
research
around
80%
of
IT
budgets
are
used
to
keep
the
lights
on
(maintaining
compu7ng
resources)
while
the
average
server
u7liza7on
is
es7mated
by
several
researches
to
be
between
5%
and
20%.
This
poten7al
cost
efficiency
improvement
is
specially
interes7ng
for
small
healthcare
organiza7ons
as
their
budgets
are
significantly
lower
than
larger
ones
and
they
are
directly
affected
by
the
increase
in
demand
of
services
(GPs
in
The
Netherlands
solve
around
95%
of
primary
care
condi7ons).
However,
large
healthcare
organiza7ons
can
achieve
larger
savings
as
their
budgets
are
larger
and
therefore
there
is
more
scope
for
improvement.
For
this
reason
large
organiza7ons
should
also
consider
the
use
case
of
Cloud
Compu7ng
solu7ons
to
op7mize
resource
u7liza7on.
An
specific
example
on
how
small
and
large
healthcare
organiza7ons
can
achieve
cost
efficiency
by
leveraging
SaaS
solu7ons
is
the
use
of
Google
Apps
as
a
replacement
for
Microsor’s
Office
tools.
Google
Apps
licenses
are
much
cheaper
than
Office
licenses
and
they
are
fully
compa7ble
with
Microsor’s
file
formats
(e.g.
doc,
ppt,
etc.).
Moreover,
as
informa7on
is
stored
remotely
clinicians
can
work
from
everywhere
and
they
can
use
the
collabora7on
features
offered
by
Google
Apps
to
enable
simultaneous
collabora7on
on
the
same
document.
However,
sensi7ve
pa7ent
informa7on
should
not
be
stored
on
this
solu7on
as
it
is
not
clear
where
is
physically
stored
(Google
uses
a
distributed
file
system)
and
it
could
be
against
na7onal
regula7ons
that
limit
the
storage
of
pa7ent
informa7on
to
the
na7onal
boundaries.
Dutch
ICT
providers
can
solve
this
issue
by
deploying
similar
solu7ons
where
informa7on
is
stored
securely
within
the
Dutch
territory.
Nevertheless,
in
the
past
years
we
have
seen
a
significant
number
of
enterprises
migra7ng
to
Google
SaaS
solu7ons
like
for
example
Rover,
Rentokil,
the
University
of
Melbourne
or
Utrecht
University.
Healthcare
organiza7ons
can
also
leverage
Cloud
Compu7ng
solu7ons
to
access
an
almost
unlimited
amount
of
resources
to
perform
heavy
computa7onal
tasks
(e.g.
HPC)
that
in
some
cases
cannot
be
accomplished
on-‐premises
due
to
the
large
capital
investment
they
require.
The
usage
based
pricing
model
of
Cloud
Compu7ng
enables
organiza7ons
to
use
very
large
amounts
of
resources
for
short
periods
of
7me.
Several
case
studies
have
demonstrated
this
advantage
not
only
in
the
medical
research
field
but
also
when
performing
large
batch
file
conversions
and
tes7ng
ICT
infrastructures
among
others
(e.g.
Harvard
Medical
Research,
NYT,
Soasta,
etc.).
Quality
and
cost
efficiency
in
care
services
can
also
be
achieved
by
enabling
efficient
collabora7on
between
clinicians.
For
this
purpose
SaaS
tools
can
contribute
to
connect
prac77oners
and
centralize
knowledge.
Another
op7on
for
leveraging
collabora7on
is
given
by
the
EPD
project,
an
“empty”
infrastructure
consis7ng
of
an
index
system
that
enables
the
retrieval
of
pa7ent
informa7on
on-‐demand
from
decentralized
repositories
(each
of
the
connected
organiza7on’s
system).
With
this
approach
prac77oners
can
access
each
others
previous
work
in
order
to
build
their
prac7ces
on
these
findings.
This
results
per
defini7on
on
improved
cost
efficiency
(e.g.
reused
test
results,
less
redundant
treatments,
etc.)
as
well
on
quality
improvements
(e.g.
no
contradictory
and
poten7ally
dangerous
treatments,
less
medical
errors,
etc.).
Another
poten7al
improvement
when
using
Cloud
Compu7ng
solu7ons
in
Dutch
healthcare
is
the
improvement
in
care
service
availability
and
con7nuity.
The
7mely
decision
making
character
of
healthcare
due
to
the
high
impact
it
has
on
ci7zen’s
lives
implies
that
prac77oner
need
accurate
medical
informa7on
on-‐demand
to
perform
their
jobs
beOer
and
more
efficiently.
For
this
reason,
medical
informa7on
must
be
always
available
to
clinicians
in
order
to
guarantee
the
delivery
of
care
services
to
ci7zens.
As
reflected
in
some
of
the
case
studies
analyzed
in
this
report,
organiza7ons
can
leverage
Cloud
Compu7ng
solu7ons
for
affordable
failover
and
backup
mechanisms
that
improve
the
con7nuity
of
care
services.
Moreover,
the
elas7c
character
of
Cloud
Compu7ng
solu7ons
guarantees
that
ICT
systems
and
infrastructures
will
never
suffer
from
down7mes
due
to
planning
errors
in
resource
provisioning
and
alloca7on.
An
interes7ng
use
case
for
leveraging
Cloud
Compu7ng
solu7ons
in
healthcare
is
to
be
able
to
guarantee
the
con7nuity
of
care
services
in
case
of
large
health
threats
or
catastrophes
(e.g.
pandemics,
bioterrorism,
earthquakes,
etc.).
In
these
situa7ons
the
demand
of
care
services
increases
unexpectedly
and
rapidly
crea7ng
in
some
cases
a
workload
that
cannot
be
handle
by
non-‐elas7c
Organiza7ons
are
constantly
challenged
by
ever
changing
market
condi7ons.
This
requires
them
not
only
to
leverage
opera7onal
agility
by
adap7ng
their
processes
over
7me
but
also
to
use
the
right
tools
at
the
right
7me
for
each
specific
situa7on.
To
meet
this
needs
external
and
internal
sorware
providers
must
reduce
the
7me-‐to-‐market
of
their
new
applica7ons
significantly.
By
using
a
PaaS
environment
for
the
rapid
development
and
deployment
of
applica7ons
these
tools
can
be
delivered
on
a
7mely
basis.
This
results
in
significantly
lower
7me-‐to-‐market
as
deployment,
maintenance
and
upgrades
have
minimum
impact
on
the
tool’s
availability.
A
healthcare
oriented
case
study
related
to
this
usage
of
Cloud
Compu7ng
can
be
found
at
PresidioHealth,
a
HIPAA
compliant
sorware
company
which
is
able
to
build
and
deploy
SaaS
applica7ons
20%
faster
than
before
using
PaaS.
The
use
of
Cloud
Compu7ng
solu7ons
in
healthcare
is
influenced
by
the
size
of
organiza7ons.
In
general
small
healthcare
organiza7ons
(e.g.
GPs,
Specialists
Clinics,
etc.)
should
focus
on
cost
efficiency
by
leveraging
the
usage
based
pricing
model
of
Cloud
Compu7ng
solu7ons.
Large
organiza7ons
(e.g.
Hospitals,
etc.)
on
the
other
hand
should
focus
more
on
resource
op7miza7on
by
building
Internal
Private
Clouds
or
by
using
Cloud
solu7ons
to
perform
heavy
computa7onal
on
a
cost
efficient
basis
(e.g.
medical
research).
For
this
purpose,
hybrid
models
for
non-‐mission
cri7cal
data
or
when
persistent
data
is
maintained
on-‐premises
in
a
n-‐7er
architecture
(see
PresidioHealth
case
study)
are
the
most
recommended
use
cases
for
large
organiza7ons.
According
to
healthcare
organiza7ons,
the
most
significant
barriers
for
the
adop7on
of
technology
in
this
sector
are
security
and
the
cost
of
technology
followed
by
the
lack
of
interoperability
with
exis7ng
solu7ons
and
legal
and
privacy
issues.
Public
Clouds
improve
the
cost
of
technology
for
Cloud
Users
due
to
service
mul7-‐tenancy
and
Private
Clouds
achieve
the
same
goal
due
to
resource
op7miza7on.
Moreover,
the
security
offered
by
large
Cloud
Providers
might
also
be
in
some
cases
beOer
than
in
certain
situa7ons
(e.g.
small
businesses,
home
networks
of
doctors,
etc.)
but
legal
and
privacy
issues
and
the
lack
of
interoperability
due
to
the
lack
of
standards
are
cri7cal
issues
that
disqualify
the
largest
Public
Cloud
offerings
at
the
moment
of
wri7ng.
Documented
issues
in
current
Public
Clouds
solu7ons
include
security
incidents,
privacy
leaks,
availability
and
performance
of
services.
Security
in
current
IaaS
Public
Clouds
has
been
compromised
in
the
last
year
by
cartography
and
bad
neighbor
aOacks
that
can
affect
service
reliability
and
performance.
Moreover,
it
is
not
clear
yet
what
are
the
procedures
for
data
dele7on
and
how
the
full
isola7on
of
tenants
guarantees
performance.
This
are
important
issues
in
the
EPD
context.
During
2009
there
has
been
a
number
of
outages
in
Public
SaaS,
PaaS
and
IaaS
offerings
witch
dura7on
and
recovery
7mes
unacceptable
in
the
EPD
context.
The
lack
of
features
for
the
proper
isola7on
from
the
public
internet
(e.g.
point-‐to-‐point
connec7ons)
is
also
another
cri7cal
issue
that
that
makes
current
Public
Clouds
not
applicable
to
the
EPD
context.
Nevertheless,
na7onal
Cloud
Providers
specialized
in
healthcare
might
offer
such
solu7ons
on
a
customized
basis.
For
this
reasons
we
recommend
the
use
of
large
Public
Clouds
(Internal
or
External)
by
Dutch
healthcare
organiza7ons
exclusively
for
selected
uses
cases
involving
non-‐mission
cri7cal
or
non-‐
sensi7ve
data.
Some
examples
of
these
cases
are
tes7ng
applica7ons
with
dummy
data,
high
performance
compu7ng
with
encrypted
or
non-‐persistent
data,
fail-‐over
for
applica7ons
that
do
not
use
pa7ent
or
sensi7ve
data
(e.g.
Medical
Model
Analysis,
Gene7c
Tests,
etc.).
Private
Clouds
on
the
contrary
are
well
suited
for
crea7ng
solu7ons
that
comply
with
NICTIZ
cer7fica7ons.
We
elaborate
on
some
of
the
most
relevant
tools
for
building
Private
Clouds
in
the
next
sec7on
(see
sec7on
5,
recommenda7on
for
Cloud
Providers).
We
recommend
healthcare
organiza7ons
to
evaluate
this
tools
if
they
plan
to
build
a
Private
Cloud
to
connect
to
the
EPD.
4.2. Which
type
of
Cloud
Compu*ng
solu*ons
fit
within
the
current
legisla*ve
context
and
poli*cal
agenda
in
The
Netherlands?
The
Dutch
Government
is
very
aware
of
the
challenges
that
the
healthcare
system
is
currently
facing.
Focus
on
quality
improvements
and
opera7onal
efficiency
is
repeatedly
reflected
in
their
policies
and
legisla7ons.
For
this
purpose,
the
Dutch
Ministry
of
Health
has
ini7ated
a
reform
of
the
healthcare
system
in
2006
with
the
introduc7on
of
a
compulsory
private
insurance
for
each
ci7zen.
The
transforma7on
is
aimed
to
shir
the
power
from
healthcare
providers
to
consumers,
and
the
control
from
public
bodies
to
insurers.
As
a
part
of
this
transforma7on,
the
Dutch
government
has
started
in
2008
with
the
introduc7on
of
an
na7onal
electronic
pa7ent
record
system
(EPD)
to
facilitate
the
7mely
exchange
of
accurate
medical
informa7on.
The
main
goal
of
this
project
is
to
improve
the
quality
and
accessibility
of
healthcare
on
a
cost
efficient
manner
by
enabling
collabora7on
between
medical
prac77oners.
All
three
goals
(quality,
accessibility,
and
cost
efficiency)
are
also
the
most
common
goals
found
in
Cloud
Compu7ng
adop7on
case
studies.
For
this
purpose
we
have
limited
the
scope
of
our
research
to
the
applicability
of
Cloud
Compu7ng
in
the
EPD
context.
As
the
government
has
currently
no
enforcing
power
to
make
the
use
of
the
EPD
compulsory,
the
Ministry
of
Health
has
created
NICTIZ,
an
organiza7on
to
support
healthcare
organiza7ons
in
their
use
of
ICT.
NICTIZ
has
developed
a
cer7fica7on
program
to
regulate
secure
access
to
the
EPD
infrastructure.
Healthcare
organiza7ons
that
want
to
connect
to
the
EPD
need
to
obtain
the
GBZ
cer7fica7on
which
includes
the
use
of
XIS
cer7fied
sorware
and
ZSP
cer7fied
connec7vity.
The
XIS
and
ZSP
cer7fica7ons
are
obtained
by
the
sorware
manufacturer
and
the
network
provider
used
to
connect
to
the
EPD
respec7vely.
However,
if
a
healthcare
organiza7ons
develop
their
own
sorware
and
want
to
connect
directly
to
the
EPD
they
need
to
obtain
these
two
cer7fica7ons
previously
to
the
GBZ
cer7fica7on.
NICTIZ
cer7fica7on
requirements
determine
the
feasible
Cloud
Compu7ng
models
that
Dutch
healthcare
organiza7ons
can
apply
to
connect
to
the
EPD.
Therefore
there
are
three
possible
Cloud
Compu7ng
models
(or
any
combina7on
of
them):
Cloud
GBZ,
Cloud
ZSP
and
Cloud
XIS.
GBZ
requirements
are
grouped
in
five
main
areas:
prac7cal,
organiza7onal,
data
management,
access,
connec7on
and
security.
Prac7cal
requirements
describe
the
profile
of
organiza7ons
that
are
allowed
to
access
the
EPD
and
delimit
the
scope
of
applica7ons
and
network
providers
that
can
be
used.
Only
healthcare
organiza7ons
that
have
completed
the
UZI
registra7on
process
and
have
wriOen
agreements
with
their
ZSP
cer7fied
network
provider
and
their
XIS
cer7fied
sorware
provider
can
connect
through
their
XIS
applica7on
to
the
EPD.
To
further
analyze
the
feasibility
of
the
Cloud
GBZ
model,
we
assume
that
the
organiza7on
is
using
XIS
and
ZSP
cer7fied
providers
as
they
are
further
elaborated
in
the
Cloud
XIS
and
Cloud
ZSP
models
later
on
this
sec7on.
Organiza7onal
requirements
describe
the
organiza7onal
processes
and
resources
needed
to
maintain
GBZ
compliance
including
training,
procedures,
documenta7on,
support,
governance,
security,
accountability,
etc.
Requirements
in
the
data
management
area
focus
on
the
use,
accuracy
and
protec7on
of
pa7ent
data.
They
include
requirements
for
the
proper
iden7fica7on
of
pa7ents,
dossier
management,
rights
and
ini7al
registra7on
of
pa7ents,
data
storage,
data
integrity,
control
and
Arer
analyzing
all
GBZ
requirements
we
have
selected
the
ones
that
could
delimit
the
possible
characteris7cs
of
a
Cloud
GBZ
solu7on.
In
prac7cal
terms,
a
Cloud
GBZ
must
be
able
to
allow
the
installa7on
of
secure
server
cer7ficates,
to
deploy
XIS
cer7fied
sorware
and
to
connect
to
the
EPD
through
a
cer7fied
ZSP
connec7on
(e.g.
on-‐premises
or
external).
All
supported
opera7ng
systems
in
current
Cloud
Compu7ng
IaaS
offerings
include
the
configura7on
of
server
cer7ficates.
The
applicability
of
XIS
and
ZSP
models
are
elaborated
further
in
this
sec7on.
At
the
applica7on
layer
it
must
be
clear
which
interfaces
connect
to
the
EPD
as
they
must
be
properly
protected
against
data
leakage
and
unauthorized
access.
For
this
purpose,
the
applica7on
must
contain
features
for
logging,
audit
and
control
and
the
par7al
or
total
block
of
pa7ent
data
exchange.
In
order
to
enable
secure
access
to
the
EPD,
the
applica7on
must
also
provide
support
for
the
use
of
UZI
cards,
UZI
reader
and
UZI
server
cer7ficate
including
monitoring
and
repor7ng
features,
log
management
and
usage
control.
These
features
are
dependent
on
the
XIS
sorware
connec7ng
to
the
EPD.
Current
IaaS
and
PaaS
solu7ons
enable
the
development
of
such
applica7ons
in
various
programming
languages
(e.g.
Java,
Python,
etc.).
The
Cloud
GBZ
must
ensure
data
availability,
correctness
and
security.
For
this
reason,
isola7on
of
the
XIS
applica7on
and
pa7ent
data
are
crucial
requirements
and
they
can
be
accessed
exclusively
for
EPD
purposes.
Based
on
recent
security
issues
reported
in
the
last
year
on
Public
Clouds
(e.g.
cartography
and
bad
neighbor
vulnerabili7es,
data
leaks,
data
losses,
etc.)
we
believe
that
at
the
moment
of
wri7ng
that
Public
Cloud
models
(Internal
or
External)
do
not
fully
comply
with
these
isola7on
requirements
and
with
na7onal
laws
and
regula7ons.
To
guarantee
the
con7nuity
and
availability
of
the
EPD
connec7on,
the
Cloud
GBZ
infrastructure
must
con7nuously
perform
above
the
agreed
level,
with
a
maximum
of
1
outage
per
month
with
no
more
than
15
minutes
down7me,
a
maximum
of
2
outages
per
year
with
no
more
than
1
day
down7me
and
a
maximum
amount
of
planned
maintenance
of
12
7mes
per
year
with
a
The
infrastructure
must
also
be
able
to
scale
resources
in
order
to
handle,
the
exchange
of
(HL7)
messages
and
SSL
sessions
with
response
7mes
below
the
agreed
maximum.
Moreover,
the
infrastructure
must
include
measures
against
power
shortage
(e.g.
UPS)
and
NTP
7me
synchroniza7on
with
an
allowed
devia7on
of
one
second.
In
order
to
enhance
security,
each
connec7on
to
the
EPD
must
always
use
a
dedicated
IP
address
and
domain
name
and
every
XIS
sorware
interface
must
be
properly
protected
(e.g.
firewall,
DMZs,
etc.).
Moreover,
the
Cloud
GBZ
must
provide
scalable
storage,
daily
back
ups,
stored
data
overviews
and
procedures
for
effec7ve
data
disposal.
All
Cloud
Compu7ng
providers
offer
large
scalability
of
resources
as
it
is
one
of
the
most
commercially
interes7ng
features
of
such
solu7ons.
Some
them
offer
automa7c
scalability
based
on
pre-‐defined
paOerns
which
enables
fully
availability
in
all
possible
situa7ons.
Cloud
data
centers
have
also
taken
measures
against
power
failures
(e.g.
UPS
fail-‐over,
replica7on,
etc.)
and
in
some
cases
even
more
advanced
than
enterprise
solu7ons.
Daily
back-‐ups,
NTP
7me
synchroniza7on,
data
overviews,
and
IP
and
domain
name
configura7on
are
standard
features
in
available
Cloud
Compu7ng
solu7ons.
Response
7mes
are
an
important
issue
for
current
Public
Cloud
models.
For
example,
arer
the
introduc7on
of
spot
prices,
Amazon’s
IaaS
offering
experienced
response
7mes
much
larger
than
the
maximum
allowed.
Another
issue
is
data
disposal
procedures
in
Public
Clouds.
As
resources
are
reallocated
to
other
customers,
it
is
not
clear
how
current
providers
eliminated
data
before
realloca7on.
Although
there
have
not
been
any
reported
leaks
of
this
type,
it
is
not
clear
wether
data
is
later
available
to
the
next
customer.
Public
Cloud
providers
need
to
improve
their
transparency
on
this
issue
as
most
enterprises
need
this
kind
of
assurance.
An
example
of
a
possible
Cloud
GBZ
solu7ons
is
Adastra
in
its
managed
hos7ng
version
together
with
LSPconnect
a
plugin
to
connect
to
the
EPD
infrastructure.
Both
products
are
offered
by
E.nova7on
B.V.
in
The
Netherlands.
Adastra
is
a
XIS
cer7fied
informa7on
management
system
for
organiza7ons
that
provide
primary
care
arer
office
hours
(huisartsenposten
in
Dutch).
The
applica7on
is
offered
to
Dutch
healthcare
organiza7ons
in
two
forms:
on-‐premises
or
in
a
managed
hosted
version
(SaaS).
The
SaaS
model
is
developed
to
allow
users
to
leverage
E.nova7on’s
data
center
for
full
availability
and
con7nuity
of
care
on
a
cost
efficient
manner.
E.nova7on
has
two
data
centers
where
data
is
replicated
between
them
using
a
SAN
storage
solu7on.
Together
with
the
LSPconnect
plugin
on
its
managed
hos7ng
version
they
both
make
a
SaaS
solu7on
that
offers
a
XIS
cer7fied
applica7on
and
a
ZSP
cer7fied
connec7on.
As
these
are
essen7al
requirements
to
obtain
the
GBZ
cer7fica7on
organiza7ons
can
use
these
two
products
to
comply
with
most
of
the
EPD
technical
requirements.
Dutch
healthcare
organiza7ons
can
choose
to
implement
their
own
ZSP
cer7fied
connec7on
to
the
EPD
or
use
a
external
provider
for
this
purpose.
A
external
Cloud
ZSP
is
interes7ng
specially
for
small
organiza7ons
(e.g.
GPs,
specialists
clinic,
etc.)
where
the
costs
of
a
direct
connec7on
to
the
EPD
are
too
high.
The
majority
of
small
organiza7ons
do
not
have
enough
resources
(e.g.
capital,
human
resources,
ICT,
etc.)
to
comply
with
ZSP
requirements.
For
example,
for
a
GP
working
alone
on
his
own
prac7ce
it
is
very
complex
and
expensive
to
implement
24x7
availability,
firewalls,
etc.
By
leveraging
the
external
knowledge
and
experience
as
well
as
the
resources
of
the
Cloud
ZSP
provider
they
can
implement
cost
efficient
EPD
connec7vity.
The
main
purpose
of
the
Cloud
ZSP
provider
is
to
facilitate
the
exchange
of
electronic
messages
between
their
clients
(GBZs)
and
the
na7onal
switching
point
(LSP)
including
connec7ons
to
tes7ng
and
produc7on
LSP
environments.
To
achieve
this
goal
ZSP
requirements
focus
on
the
func7onality,
implementa7on
and
exploita7on
of
the
connec7on.
The
func7onality
of
data
communica7ons
must
comply
with
two
groups
of
requirements:
connec7vity
and
domain
name
system
requirements.
The
connec7on
of
the
LSP
must
use
a
fixed
pre-‐
assigned
IP
address
an
comply
with
a
set
or
predefined
physical
requirements
(e.g.
UTP,
duplex
mode,
fixed
speed,
etc.)
without
making
(par7al)
use
of
the
public
internet
network.
The
connec7on
must
be
able
to
connect
to
the
UZI
register
through
the
LSP’s
rou7ng
func7onality
and
to
Cer7ficate
Authori7es
(CAs).
Domain
name
server
requirements
include
registering
GBZs
hosts
and
domain
names,
forwarding
DNS
zones,
management
of
authorita7ve
primary
and
secondary
DNS
servers,
reverse
DNS
zones
and
the
configura7on
of
the
LSP’s
DNS
server
as
slave
for
each
subdomain.
The
implementa7on
of
the
connec7on
must
also
comply
with
a
series
of
security,
availability
and
response
7mes
considera7ons.
ZSP
organiza7ons
must
have
security
policies
embedded
in
the
organiza7on
regarding
employees,
physical
security
(e.g.
network
devices),
access
management,
protec7on
against
internet
threats
(e.g.
virus,
spam,
hackers,
etc.),
security
incidents
and
con7nuity
management.
In
general
terms
the
ZSP
connec7on
must
be
available
24
hours
per
day
and
7
days
per
week,
with
a
specific
maximum
number
of
allowed
malfunc7ons
and
recovery
7mes
per
type
of
malfunc7on.
Moreover,
the
con7nuity
of
the
connec7on
and
DNS
services
must
be
guaranteed
by
providing
sufficient
backup
and
fail-‐over
mechanisms
to
cope
with
hardware
malfunc7ons.
The
Cloud
ZSP
must
communicate
any
malfunc7on,
its
progress
and
recovery
to
all
connected
GBZs
and
the
LSP.
Response
7mes
of
network
round
trips
between
GBZs
and
the
LSP
must
be
in
90%
of
all
cases
bellow
200
milliseconds.
For
this
purpose,
network
traffic
to
the
LSP
must
be
priori7zed.
When
analyzing
the
applicability
of
Cloud
Compu7ng
we
observe
that
isola7on
from
the
public
internet
network
is
an
issue
in
current
Public
Clouds.
Although
secure
VPN
connec7ons
in
Hybrid
Clouds
are
possible
(e.g.
Amazon’s
Virtual
Private
Cloud)
effec7ve
public
internet
isola7on
can
only
be
achieved
by
for
example
point-‐to-‐point
connec7ons
which
are
feature
currently
not
available
in
Public
Clouds.
Moreover,
as
SSL
is
supported
in
almost
all
cases
the
implementa7on
of
connec7ons
to
the
UZI
register
and
CAs
can
also
be
implemented.
Regarding
DNS
management,
current
IaaS
solu7ons
offer
all
the
required
func7onality.
The
only
issue
we
observe
is
that
fixed
speed
is
only
offered
by
some
current
Public
Cloud
providers.
Looking
at
current
Public
Cloud
offerings
we
must
also
conclude
that
although
they
apply
high
end
security
tools
(e.g.
data
encryp7on,
firewalls,
spam
and
virus
protec7on,
back-‐ups,
etc.),
the
isola7on
and
performance
of
mul7-‐tenant
resources
s7ll
needs
to
be
improved.
For
example,
during
the
last
years
cartography
aOacks
and
bad
neighbor
vulnerabili7es
have
been
reported
on
Amazon’s
EC2.
Although
the
guaranteed
availability
of
Public
Clouds
currently
complies
with
the
maximum
allowed
malfunc7ons,
recovery
7mes
even
during
planned
maintenance
is
in
some
cases
larger
than
allowed.
Another
important
issue
in
Public
Clouds
is
the
lack
of
transparency
in
security
architectures,
malfunc7ons,
their
progress
and
their
solu7on.
Most
providers
(e.g.
Amazon)
communicate
malfunc7ons
through
a
web
dashboard
or
website
instead
of
contac7ng
users
directly.
They
also
do
not
publish
a
lot
of
security
specifica7ons
to
avoid
suffering
aOacks
based
on
that
knowledge
(spoiler
effect
of
informa7on).
Response
7mes
are
a
crucial
issue
for
the
use
of
current
Public
IaaS
solu7ons.
In
figure
27.
The
single
trip
responses
from
the
USA
to
Amazon’s
EC2
cloud
are
measured
from
November
2009
to
January
2010.
The
effect
of
the
spot
pricing
models
is
clearly
observed
in
the
increase
in
response
7mes
from
an
average
of
50
ms
before
the
introduc7on
to
much
above
200
ms
arerwards.
In
any
case
the
op7mum
level
of
50
ms
is
s7ll
the
maximum
allowed
by
cer7fica7on
as
the
200
ms
round
trip
from
GBZ
to
LSP
means
100
ms
round
trip
to
each
and
therefore
four
50
ms
single
trips.
(Source: https://www.cloudkick.com/blog/2010/jan/12/visual-ec2-latency/)
A
example
of
a
current
Cloud
ZSP
solu7on
is
E.nova7on’s
LSPconnect
plugin
to
link
GBZs
and
the
LSP
through
a
ZSP
cer7fied
connec7on.
The
offering
is
offered
both
on-‐premises
or
hosted
at
E.nova7on’s
data
center,
possibly
in
combina7on
with
other
solu7ons
(e.g.
Adastra
SaaS
solu7on).
As
the
managed
hosted
version
of
LSPconnect
is
ZSP
cer7fied
to
connect
to
the
EPD,
it
complies
with
our
defini7on
of
Cloud
Compu7ng
in
a
Private
External
PaaS
model
so
it
can
be
considered
a
Cloud
ZSP
solu7on.
This
is
specially
interes7ng
for
small
healthcare
organiza7ons
in
order
to
achieve
cost
efficient
EPD
connec7vity
without
the
need
to
cer7fy
their
connec7ons
or
applica7ons.
A
final
remark
should
be
made
on
the
fact
that
the
EPD
infrastructure
is
a
Cloud
Compu7ng
environment
from
each
healthcare
provider’s
perspec7ve
where
features
are
forced
by
requirements
in
the
NICTIZ
cer7fica7on
program.
For
example,
scalability
and
elas7city
is
enforced
in
requirement
to
have
enough
storage
and
bandwidth
to
handle
all
message
exchanges.
The
on-‐demand
feature
is
guaranteed
by
requirements
related
to
back-‐ups,
fail-‐over
and
con7nuity
of
opera7ons,.
Moreover,
ZSP
solu7ons
are
oren
offered
as-‐a-‐service
by
external
ICT
providers
and
their
solu7ons
use
the
internet
as
the
network
plaxorm.
The
usage
based
pricing
model
can
be
included
in
EPD
cer7fied
solu7ons
by
ICT
providers
although
this
is
currently
not
oren
the
case.
As
small
organiza7ons
(e.g.
GPs,
etc.)
need
to
find
ways
to
meet
all
the
requirements
on
a
cost
efficient
basis,
there
are
large
opportuni7es
for
intermediaries
that
deliver
part
of
the
solu7on
(e.g.
a
cer7fied
ZSP
connec7on,
a
cer7fied
XIS
applica7on,
etc.).
These
intermediaries
deliver
the
same
solu7on
to
more
than
one
client,
therefore
capitalizing
the
investment
as
sales
volume
rises.
Although
this
enables
cost
efficiency
for
all
individual
customers,
it
represents
a
cost
inefficiency
for
the
whole
system
as
these
intermediaries
increase
overall
costs
with
their
profit
margins.
If
requirements
were
more
easy
and
less
expensive
to
implement
there
will
not
be
intermediaries,
therefore
reducing
the
overall
cost.
Cloud
Compu7ng
solu7ons
outside
NL
are
excluded
by
legisla7on
as
pa7ent
data
must
be
stored
within
the
Dutch
na7onal
domain.
As
a
consequence,
the
largest
and
more
mature
Public
Cloud
vendors
are
excluded
as
they
are
oren
locate
in
the
United
States.
These
providers
in
the
USA
have
demonstrated
several
HIPAA
compliant
best
prac7ces.
Even
the
USA
government
has
created
a
Private
External
Cloud
to
be
used
by
all
governmental
bodies
and
is
planning
to
enforce
the
use
of
this
cloud
by
law
by
2010.
It
is
important
to
note
that
par7cipa7on
of
all
healthcare
providers
is
a
cri7cal
success
factor
for
EPD
ini7a7ve.
Although
at
the
moment
of
wri7ng
the
use
of
ICT
in
Healthcare
is
not
yet
enforced
by
Dutch
law,
the
Dutch
government
is
planning
to
improve
this
in
the
coming
years
by
making
EPD
par7cipa7on
compulsory
to
all
healthcare
organiza7ons.
The
Dutch
government
should
carefully
examine
Cloud
Compu7ng
best
prac7ces
of
the
USA
when
developing
future
laws
and
legisla7on,
taking
into
account
the
effects
of
globaliza7on
and
improving
the
limita7ons
of
data
localiza7on
and
response
7mes.
The
findings
of
our
research
indicate
that
there
are
several
opportuni7es
for
using
cloud
compu7ng
solu7ons
that
can
connect
to
the
na7onal
pa7ent
records
infrastructure
(EPD).
The
on-‐
demand
and
elas7c
features
of
this
delivery
model
are
cri7cal
to
achieve
the
levels
of
availability
and
con7nuity
that
are
required
by
cer7fica7on
to
be
able
to
connect
to
the
EPD.
However,
there
are
also
several
limita7ons
to
this
new
delivery
model
that
exclude
the
majority
of
current
cloud
solu7ons.
Nevertheless,
this
means
also
that
there
are
several
opportuni7es
for
IT
providers
in
The
Netherlands
to
develop
new
cloud
compliant
solu7ons
for
the
EPD.
The
first
significant
limita7on
of
the
as-‐as-‐service
model
in
the
EPD
context
versus
the
on-‐
premises
model
is
that
the
cloud
provider
needs
to
be
a
Dutch
organiza7on
and
store
all
data
in
The
Netherlands.
Moreover,
performance
and
network
response
7mes
requirements
indicate
that
the
provider's
data
center
needs
to
be
very
efficient
and
not
geographically
dispersed
outside
The
Netherlands.
In
our
opinion
the
most
significant
barriers
for
the
as-‐a-‐service
model
in
the
EPD
context
are
found
in
connec7vity,
security,
transparency
and
support
requirements.
The
provider
must
be
able
to
offer
a
private
leased
line
and
have
a
strong
security
policy
in
place.
Although
we
believe
that
providers
use
effec7ve
security
measures
they
do
not
disclose
many
details
related
their
security
strategy.
Analyzing
current
offerings
we
have
to
conclude
that
there
are
no
current
public
cloud
offerings
that
offers
the
required
level
of
transparency.
The
level
of
personalized
support
in
outages,
recoveries
and
maintenance
required
by
cer7fica7on
are
also
serious
barrier
and
not
included
in
current
as-‐a-‐service
offerings.
As
we
can
observe
in
our
matching-‐model
most
of
requirements
delimit
directly
the
as-‐a-‐
service
feature
and
indirectly
the
Internet
delivery
feature
while
we
can
find
several
requirements
that
enforce
the
scalability
and
on-‐demand
features.
This
unbalanced
situa7on
reflects
in
our
opinion
that
EPD
requirements
requires
high
performance
under
high
controlled
situa7ons
when
communica7ng
or
collabora7ng
with
third
par7es
(as-‐a-‐service
and
Internet
delivery).
Based
on
our
research
conclusion
we
further
elaborate
some
recommenda7ons
for
healthcare
organiza7ons,
gobernment
bodies
and
ICT
providers
in
the
remaining
of
this
sec7on.
According
to
healthcare
organiza7ons,
the
most
significant
barriers
for
the
adop7on
of
technology
in
this
sector
are
security
and
the
cost
of
technology
followed
by
the
lack
of
interoperability
with
exis7ng
solu7ons
and
legal
and
privacy
issues.
Although
the
security
offered
by
large
Cloud
Providers
might
also
be
in
some
cases
beOer
than
in
certain
situa7ons
(e.g.
small
businesses,
home
networks
of
doctors,
etc.)
legal
and
privacy
issues
and
the
lack
of
interoperability
due
to
the
lack
of
standards
are
s7ll
major
issues
when
using
the
largest
Cloud
Providers.
We
recommend
Dutch
healthcare
organiza7ons
to
choose
a
provider
specialized
in
the
Dutch
healthcare
sector
that
allows
the
level
of
customiza7on
necessary
to
comply
with
EPD
requirements
and
minimizes
barriers
like
the
effect
of
network
latency,
performance,
etc.
It
is
important
to
note
the
EPD
connec7vity
requires
some
special
features
such
as
a
connec7on
that
is
properly
isolated
from
the
public
internet
(e.g.
a
point-‐to-‐point
connec7on),
strict
latency
and
fully
isola7on
from
other
applica7ons
to
protect
the
infrastructure
from
unauthorized
access.
The
use
of
Cloud
Compu7ng
solu7ons
leads
per
defini7on
of
lower
cost
of
technology
as
it
enables
beOer
resource
u7liza7on
in
Private
Clouds
and
economies
of
scale
through
service
mul7-‐
tenancy
in
Public
Clouds.
In
order
to
offer
a
compu7ng
capability
as-‐a-‐service
it
must
reach
such
standardiza7on
levels
that
consump7on
can
be
seamlessly
monitored,
measured
and
billed.
We
recommend
the
use
of
the
largest
Public
Clouds
(Internal
or
External)
by
Dutch
healthcare
organiza7ons
exclusively
for
selected
uses
cases
involving
non-‐mission
cri7cal
or
non-‐sensi7ve
data.
Some
examples
of
these
cases
are
tes7ng
applica7ons
with
dummy
data,
high
performance
compu7ng
with
encrypted
or
non-‐persistent
data,
fail-‐over
for
applica7ons
that
do
not
use
pa7ent
or
sensi7ve
data
(e.g.
Medical
Model
Analysis,
Gene7c
Tests,
etc.).
Moreover,
they
do
not
provide
demonstrated
mechanisms
for
resource
isola7on,
security
and
data
integrity.
For
this
reason
we
recommend
healthcare
organiza7ons
to
deploy
Private
Clouds
as
pilot
projects
to
leverage
some
of
the
benefits
of
Cloud
Compu7ng
(e.g.
resource
op7miza7on,
agility,
etc.)
while
maintaining
full
control
over
security
and
configura7on.
Although
we
recommend
Internal
Private
Clouds
when
when
there
is
enough
poten7al
for
resource
(e.g.
hardware,
sorware,
etc.)
op7miza7on,
External
Private
Clouds
can
be
applied
if
the
provider
is
located
in
The
Netherlands
and
complies
with
ZSP
and
XIS
cer7fica7on
requirements.
In
the
recommenda7ons
for
Cloud
Providers
we
recommend
some
of
the
most
popular
tools
to
build
Private
Clouds
that
organiza7ons
can
use.
Large
healthcare
organiza7ons
(e.g.
hospitals,
etc.)
can
for
example
build
GBZ
cer7fied
Internal
Private
Clouds
that
connect
directly
to
the
EPD.
With
this
model
they
op7mize
resources
while
suppor7ng
compliance
with
many
requirements
(e.g.
scalability,
availability,
security,
etc.).
External
Private
Clouds
are
more
interes7ng
for
small
healthcare
organiza7ons
as
they
do
not
have
the
resources
(e.g.
ICT,
capital,
human
resources,
etc.)
to
leverage
Internal
models
cost
efficiently.
It
is
important
to
note
that
in
any
External
model
organiza7ons
should
use
strong
encryp7on
when
transferring
and
storing
sensi7ve
data.
A
final
recommenda7on
for
organiza7ons
building
their
own
Cloud
Compu7ng
environment
is
to
account
for
hybrid
models
from
the
design
phase,
even
if
it
will
not
be
used
for
the
7me
being.
This
will
enable
many
interes7ng
features
(e.g.
horizontal
scalability,
out-‐burs7ng,
fail-‐over,
etc.)
of
Cloud
Compu7ng
once
Public
offerings
improve
their
current
shortcomings.
From
our
own
experience
we
can
affirm
that
this
type
of
features
are
very
difficult
to
implement
once
the
solu7on
has
mature
and
become
more
complex
and
difficult
to
manage.
A
behavior
that
Dutch
public
representa7ves
should
avoid
is
to
evaluate
technology
in
the
media
without
being
correctly
informed
about
it
or
without
falling
under
their
responsibili7es.
An
example
of
this
behavior
is
the
comments
of
the
secretary
of
interior
Mrs
Bijleveld
which
claimed
that
We
recommend
the
Dutch
government
to
carefully
analyze
current
USA
best
prac7ces,
and
research
the
applicability
of
any
form
of
government
cloud
in
The
Netherlands.
A
clear
example
of
the
benefits
that
this
could
bring
is
the
data
center
consolida7on
that
has
taken
place
in
the
USA
government.
However,
and
in
accordance
with
Chain
Computeriza7on
theory,
a
government
cloud
should
not
be
used
for
centralized
storage
but
to
facilitate
other
type
of
resources
(e.g.
applica7ons,
frameworks,
plaxorm,
etc.).
The
approach
of
the
EPD
where
data
is
stored
as
close
as
possible
to
its
origin
should
therefore
be
maintained
as
data
is
kept
up
to
date.
The
current
cer7fica7on
system
for
connec7ng
to
the
EPD
can
also
be
improved
to
facilitate
the
cer7fica7on
of
small
and
medium
healthcare
providers
without
the
need
of
ICT
intermediaries
which
result
in
cost
inefficiencies.
If
ICT
providers
are
needed,
geographical
limita7ons
should
be
replaced
by
func7onal
requirements
which
expands
the
number
of
feasible
providers,
resul7ng
therefore
in
cheaper
solu7ons
due
to
price
compe77on
forces.
Some
recommenda7ons
for
current
Public
Cloud
providers
could
be
to
improve
transparency
of
data
disposal
methods
and
security,
as
well
as
performance
and
con7nuity
of
service
by
improving
the
dura7on
of
malfunc7ons
and
maintenance.
Moreover,
they
can
specialize
in
consul7ng
services
for
the
selec7on
and
implementa7on
of
GBZ
compliant
Internal
Private
Clouds
for
example
for
hospitals,
or
adopt
the
emerging
roles
of
cloud
brokers
aggrega7ng
and
reselling
services
or
inter-‐
cloud
connec7vity
services.
Build
Your
Own
EPD
Cloud:
Proprietary
versus
Open
Source
Solu*ons
New
Cloud
Providers
and
organiza7ons
that
plan
to
build
their
own
(Internal
or
Private)
Cloud
have
several
tools
available
for
this
objec7ve.
Some
of
these
tools
are
proprietary
while
others
are
provided
under
the
Open
Source
licensing
model.
Organiza7ons
should
carefully
consider
these
two
op7ons
as
they
result
in
significantly
different
TCOs
in
licensing,
maintenance,
upgrades,
etc.
One
of
the
most
significant
developments
in
proprietary
tools
to
build
clouds
is
VMware’s
Acadia
joint
venture
with
Cisco
and
EMC.
The
partnership
aims
to
accelerate
the
transi7on
of
data
centers
from
physical
to
virtualized
and
ul7mately
to
Cloud
Compu7ng.
They
offer
the
unified
delivery
of
products
(vBlocks),
service
and
support
on
building
Clouds
by
using
Cisco’s
networking
and
communica7on
(UCS)
solu7ons,
EMC
storage
solu7ons
and
VMware’s
virtualiza7on
plaxorm
vSphere.
As
all
three
organiza7ons
in
the
Acadia
alliance
are
market
leaders
in
their
own
segment
(e.g.
networking,
storage
and
virtualiza7on),
these
tools
can
leverage
a
very
robust
and
stable
solu7on
that
will
only
improve
over
7me
as
the
join
venture
realizes
its
poten7al
synergies.
However,
these
solu7ons
are
also
rather
expensive
compared
to
other
alterna7ves
(Xen,
Juniper,
F5,
etc.)
as
they
are
oren
regarded
as
enterprise
solu7ons.
We
recommend
this
tools
only
for
organiza7ons
that
already
have
substan7al
investments
in
these
technologies
(e.g.
VMware,
Cisco,
etc.)
that
the
costs
of
disinvestment
are
greater
than
the
extra
costs
for
deploying
this
new
product
(vBlocks).
For
organiza7ons
that
do
not
have
substan7al
vendor
related
investments
in
place
we
recommend
to
start
experimen7ng
with
Open
Source
tools
for
building
their
own
Private
Cloud.
Among
the
available
Open
Source
tools
we
recommend
Ubuntu
Enterprise
Cloud,
Eucalyptus,
OpenQRM
and
OpenNebula
as
they
are
the
most
mature
tools
that
enterprises
are
using
nowadays
to
deploy
their
own
clouds.
Ubuntu
Enterprise
Cloud
(UEC)
is
included
with
Ubuntu
Server
Edi7on
and
integrates
a
number
of
open
source
projects
(including
Eucalyptus)
which
makes
it
a
turnkey
package
to
deploy
a
Private
Cloud.
We
recommend
UEC
for
small
and
medium
organiza7ons
with
limited
infrastructure
and/or
ICT
capabili7es
(e.g.
human
resources,
skills,
experience,
etc.)
as
it
is
very
simple
and
fast
to
deploy
(within
ten
minutes
and
without
advanced
IT
skills).
UEC
supports
also
the
smallest
clouds
(two
computers
or
virtual
machines).
Eucalyptus
(Elas7c
U7lity
Compu7ng
Architecture
Linking
Your
Programs
To
Useful
Systems)
is
an
Open
Source
sorware
for
deploying
Cloud
Compu7ng
solu7ons
over
compu7ng
clusters
that
is
compa7ble
with
Public
Clouds
(e.g.
Amazon
interfaces).
It
uses
commonly
available
Linux
tools
and
Web-‐service
technologies
as
well
as
support
for
all
major
proprietary
and
Open
Source
virtualiza7on
standards
(e.g.
Xen,
KVM,
vSphere,
ESX
and
ESXi).
We
recommend
this
tool
for
organiza7ons
have
the
IT
skills
and
resources
needed
to
deploy
and
configure
a
Private
or
Hybrid
Cloud
from
the
command
line
(without
GUIs,
Menus,
etc.).
It
is
specially
interes7ng
for
organiza7ons
that
plan
to
leverage
Hybrid
Cloud
func7onali7es
in
the
near
future
as
it
currently
supports
Amazon’s
EC2,
S3
and
EBS
services.
OpenQRM
a
tool
for
the
delivery
of
virtual
clusters
through
a
single-‐management
console
and
a
well
defined
API
which
can
be
used
to
integrate
third-‐party
solu7ons.
OpenQRM
can
create
an
image
of
a
physical
server,
write
that
image
to
a
SAN
solu7on
and
then
run
the
virtual
instances
on
OpenNebula
is
an
Open
Source
tool
kit
for
managing
any
virtual
infrastructure
in
a
data-‐center
or
cluster
and
is
able
to
support
the
deployment
of
Hybrid
models
to
combine
local
infrastructures
with
Public
Clouds.
We
recommend
OpenNebula
for
organiza7ons
that
focus
on
leveraging
Hybrid
Clouds
for
heavy
computa7onal
tasks
(e.g.
High
Performance
Compu7ng)
as
this
tool
has
already
been
proven
successful
in
documented
case
studies
at
NASA.
For
this
reason
we
strongly
recommend
Cloud
Providers
to
adhere
to
the
Open
Cloud
Manifesto
ini7a7ve
(hOp://www.opencloudmanifesto.org/)
and
the
DMTF
Open
Cloud
Standards
Incubator
(www.dmx.org/cloud)
and
apply
their
principles
on
their
solu7ons.
The
Open
Cloud
Manifesto
has
developed
a
set
of
core
principles
for
Cloud
Providers
to
enable
a
standards
based
Open
Cloud.
These
principles
focus
on
(1)
beOer
security
through
higher
provider’s
transparency,
(2)
data
and
applica7on
interoperability
and
portability
by
applying
standard
interfaces
for
model
independent
solu7ons
(Public
Clouds,
Private
Clouds,
etc.)
which
enables
migra7ons
to
and
from
the
cloud
and
between
Cloud
Providers
and
models,
(3)
standardized
mechanisms
for
ICT
resource
governance
and
management
and
(4)
consistent
standards
to
monitor
service
performance
across
mul7ple
providers.
The
DMTF
standards
focus
on
the
interfaces
between
Cloud
Providers
and
Cloud
Users
and
between
Cloud
Providers
and
developers
to
enable
the
accurate
management
of
underlaying
resources.
These
interoperability
standards
are
needed
to
reduce
the
risk
of
vendor
lock-‐in
and
leverage
agility
by
mul7-‐provider
solu7ons.
Both
ini7a7ves
have
emerged
from
the
Cloud
Compu7ng
community
and
include
both
Cloud
Users
and
Cloud
Providers
among
their
members.
E-‐mail: jhernand@cs.uu.nl
Title of Thesis: Towards a Healthy Cloud: An Analysis of Cloud Compu7ng
jamesurquhart James Urquhart Cisco Product Marke7ng and blogger at cnet.com
krishnan Krish Nan Diversity Limited Lead Analyst, researcher & blogger
befreax Thijs Metsch Sun / Oracle Cloud Sorware Engineer. OCCI Founder.
opennebula Open Nebula Open Nebula cloud compu7ng open source toolkit
Amazon + EC2
has
revolu7onized
the
market
with
-‐ Support
is
a
paid
feature,
and
while
it
is
granular,
by-‐the-‐hour
pricing
for
virtual
responsive
and
expert,
it
is
primarily
servers.
It
also
has
a
CDN
service
coupled
geared
toward
technically
knowledgeable
with
its
S3
storage
service. users.
Amazon
does
not
offer
managed
or
+ Amazon
Web
Services
(AWS)
dominate
the
professional
services.
public
percep7on
of
cloud
infrastructure
-‐ Amazon
cannot
provide
private
services.
connec7vity,
private
VLANs
or
"hybrid
+ Amazon
is
innova7ve
and
extraordinarily
cloud"
solu7ons.
agile,
responding
rapidly
to
customer
-‐ Amazon
does
not
allow
third-‐party
audits
demands
for
features,
rather
than
following
of
its
infrastructure,
although
it
does
plan
a
set
product
road
map. to
obtain
SAS
70
cer7fica7on
for
its
data
+ An
ecosystem
of
third-‐party
vendors
offer
centers.
tools
and
services
that
extend
the
-‐ Amazon
meets
enterprise
needs
such
as
capabili7es
of
Amazon's
plaxorm.
Also,
invoices
on
a
one-‐off
basis.
It
does
not
Amazon
has
extensive
partnerships
with
normally
customize
terms
and
condi7ons.
sorware
vendors,
who
provide
prebuilt
packages
(Amazon
Machine
Images)
for
the
EC2
environment.
+ Recommended
use
cases:
self-‐managed.
The
AWS
offerings
encompass
both
cloud
system
and
applica7on
infrastructure.
Each
service
should
be
evaluated
separately;
customers
can
adopt
individual
services
without
needing
to
use
the
others.
AT&T + AT&T
offers
a
wide
range
of
Web-‐hos7ng
-‐ Customer
service
has
improved
services,
typically
priced
at
a
slight
premium.
significantly
in
the
last
year,
but
is
s7ll
Its
Synap7c
Hos7ng
u7lity
plaxorm
is
highly
variable
in
quality.
compe77vely
priced. -‐ AT&T
is
oren
inflexible
in
both
sales
and
+ AT&T
has
very
strong
technical
competence,
service,
and
support
is
primarily
reac7ve.
reflected
in
both
solu7ons
engineering
and
-‐ The
sales
process
can
be
difficult,
complex
opera7ons. and
slow.
+ AT&T
has
one
of
the
beOer
customer
service
-‐ Customers
who
need
to
connect
their
portals. hosted
infrastructure
to
a
non-‐AT&T
+ AT&T
has
a
substan7al
global
data
center
network
should
obtain
a
wriOen
footprint,
as
well
as
a
global
content
delivery
agreement
of
coopera7on
from
AT&T
network.
+ AT&T
has
the
broadest
and
deepest
cloud
compu7ng
vision
of
any
carrier.
It
has
an
ambi7ous
and
comprehensive
road
map
of
services
that
are
highly
integrated
with
its
network
capabili7es.
+ Recommended
use
cases:
self-‐managed;
mainstream
managed;
highly
complex;
global
porxolio;
enterprise
applica7ons.
CSC + CSC
offers
managed
hos7ng
services
at
-‐ Quality
of
account
management
depends
average
prices.
Its
roots
as
a
full-‐service
IT
on
customer
size
and
loca7on.
outsourcer
result
in
a
depth
of
services,
-‐ Communica7ons
between
different
including
ver7cal
applica7on
support,
staff
opera7on
and
product
groups
can
be
poor,
augmenta7on
offerings
and
a
broad,
deep
leading
to
tasks
"falling
between
the
suite
of
security
offerings. cracks."
+ CSC
has
made
significant
investments
in
-‐ CSC
is
a
fast
follower
rather
than
a
virtualized
plaxorms
and
u7lity
compu7ng
technology
innovator.
services,
including
a
unique
and
innova7ve
workflow-‐driven
provisioning
system
for
cloud
infrastructure.
+ CSC
has
made
significant
strides
in
improving
the
quality
of
its
products
and
customer
service
portal,
and
its
future
road
map
is
ambi7ous.
+ Recommended
use
cases:
mainstream
managed;
enterprise
applica7ons.
GoGrid + GoGrid
(previously
ServePath)
offers
-‐ Although
GoGrid
has
mul7ple
data
centers,
coloca7on,
managed
hos7ng,
CDN
services
the
GoGrid
service
is
currently
only
and
a
Xen-‐based
selfmanaged
cloud
hos7ng
available
in
its
San
Francisco
data
center.
service
called
GoGrid.
Its
prices
are
very
GoGrid
will
be
available
in
Europe
by
the
compe77ve. end
of
2009.
+ The
GoGrid
service
offers
a
100%
up7me
-‐ GoGrid's
primary
compe77on
is
Amazon's
service-‐level
agreement
and
highly
EC2,
and
GoGrid
faces
considerable
responsive
customer
service. challenges
in
matching
Amazon's
pace
of
+ GoGrid
has
a
produc7zed
"hybrid
cloud"
innova7on
and
easy
access
to
capital
for
offering,
combining
GoGrid
virtual
servers
infrastructure
build-‐out.
with
dedicated
database
servers,
coloca7on
space
and
private
connec7vity.
+ GoGrid
has
a
clean,
aOrac7ve,
easy-‐to-‐use
Web-‐based
user
interface.
+ GoGrid
has
pursued
interoperability
as
a
key
strategy.
Its
provisioning
applica7on
programming
interface
(API)
is
supported
by
third-‐party
tools,
such
as
RightScale.
It
also
plans
to
offer
its
technology
as
a
managed
service
within
the
data
centers
of
partner
service
providers
and
individual
customers.
+ Recommended
use
cases:
self-‐managed;
mainstream
managed.
IBM + IBM
offers
very
high-‐end
managed
hos7ng
-‐ IBM's
services
are
highly
customized,
services.
It
excels
in
delivering
complex
resul7ng
in
high
prices
and
lengthy
sales
configura7ons,
specially
those
requiring
cycles.
addi7onal
IT
services. -‐ IBM
hos7ng
contracts
are
lengthy
and
+ IBM
can
provide
excellent
applica7on
hos7ng
complex,
and
frequently
include
inflexible
and
management
for
ERP,
CRM
and
other
terms
and
condi7ons
that
shir
the
risk
complex
environments. onto
the
client
and
away
from
IBM.
+ IBM
offers
a
component-‐based
u7lity
hos7ng
Service-‐level
agreements
are
customized
to
plaxorm,
as
well
as
public
cloud
system
each
individual
contract.
Cloud
contracts
infrastructure
services
such
as
Compu7ng
on
are
shorter,
simpler
and
more
Demand
for
scien7fic
compu7ng
and
similar
standardized.
needs,
and
Informa7on
Protec7on
Services
-‐ IBM
uses
partners
to
deliver
smaller
for
cloud-‐based
business
con7nuity. configura7ons,
which
increases
client
+ Recommended
use
cases:
highly
complex;
communica7on
issues
and
impairs
quality
global
porxolio;
enterprise
applica7ons. control.
-‐ IBM
has
a
comprehensive
strategy
for
cloud
compu7ng,
across
its
many
lines
of
business.
IBM's
cloud
system
infrastructure
services
road
map
is
primarily
focused
on
private
clouds.
Joyent + Joyent
provides
on-‐demand,
cost-‐ -‐ Joyent's
support,
while
very
responsive
and
compe77ve
virtual
servers
called
highly
expert,
is
reac7ve.
It
offers
managed
Accelerators.
It
can
provide
physically
services
on
a
7me
and
materials
basis.
dedicated
Accelerators,
as
well
as
colocated
-‐ Joyent's
professional
services
are
limited
equipment,
to
customers
who
have
specific
and
focused
on
high-‐scalability
projects.
needs
for
such
servers. -‐ Joyent
sells
primarily
online.
Rather
than
+ Joyent's
technology
stack
includes
numerous
field
sales,
it
relies
on
sorware
vendor
and
technologies
from
Sun,
including
Solaris
integrator
partnerships
to
reach
enterprise
Containers
and
ZFS. customers.
+ Joyent's
strategy
for
scaling
infrastructure
-‐ Although
Joyent
plans
to
expand
globally,
it
emphasizes
the
role
of
network
elements,
currently
only
has
data
centers
in
the
U.S.
par7cularly
applica7on
delivery
controllers
from
F5
Networks
(hardware)
and
Zeus
(sorware)
+
Recommended
use
cases:
self-‐managed.
Layered
+ Layered
Technologies'
compe77vely-‐priced
-‐ Layered
Tech
is
in
the
midst
of
a
business
Technologies service
offerings
include
dedicated
hos7ng
as
transforma7on
focused
on
moving
the
well
as
VDC
services
based
on
3Tera's
company
up-‐market.
AppLogic
and
Parallels'
Virtuozzo
Containers,
-‐ Layered
Tech
currently
primarily
serves
the
and
Microsor
Hyper-‐V-‐based
u7lity
hos7ng.
small
and
midsize
business
(SMB)
segment,
Its
managed
services
are
offered
in
7ers. not
the
enterprise.
+ Layered
Tech's
customer
service
is
rela7vely
-‐ Layered
Tech's
lack
of
brand
awareness
and
responsive
and
proac7ve,
compared
to
other
sales
presence
places
it
at
a
compe77ve
providers
of
self-‐managed
and
simple
disadvantage
in
the
market.
managed
hos7ng. -‐ Layered
Tech's
large
menu
of
service
+ Layered
Tech
has
invested
substan7ally
in
offerings
can
create
buyer
confusion.
automa7on,
and
offers
fast
provisioning
as
well
as
API
accessibility.
+ Recommended
use
cases:
self-‐managed;
mainstream
managed.
Media
Temple + Media
Temple
has
a
diverse
but
integrated
-‐ Media
Temple
offers
managed
hos7ng
product
porxolio
that
spans
shared,
virtual
(which
it
brands
"cx")
to
a
limited
number
private
and
dedicated
hos7ng,
with
an
of
customers,
seeking
a
closer
partnership
upgrade
path
between
them. with
the
customer's
IT
staff.
+ Media
Temple's
compe77vely-‐priced
services
-‐ Media
Temple's
technology
plaxorm
is
are
usually
bought
on-‐demand,
without
a
built
on
top
of
Parallels,
limi7ng
its
contract. aOrac7veness
to
enterprise
customers.
+ Media
Temple
understands
its
core
target
-‐ Media
Temple
experienced
recurring
market
of
interac7ve
agencies,
adver7sing
outages
with
the
first
genera7on
of
its
"gs"
agencies,
media
companies
and
social
media
shared
hos7ng
service.
This
service
has
publishers. since
been
re-‐architected;
new
customers
+ Recommended
use
cases:
self-‐managed.
are
provisioned
on
the
second-‐genera7on
MediaTemple
should
also
be
considered
for
service.
marke7ng
microsites
where
low-‐cost
elas7c
-‐ Media
Temple
only
has
data
centers
in
the
scalability
is
a
requirement. U.S.
NaviSite + NaviSite's
diverse
product
porxolio
-‐ NaviSite's
complex
product
porxolio
can
addresses
both
infrastructure
and
applica7on
confuse
the
buying
process.
management
needs.
It
also
offers
a
content
-‐ NaviSite's
marke7ng
and
sales
presence
is
delivery
network.
Its
prices
are
average. limited
and
hinders
the
company
when
+ NaviSite
has
an
innova7ve,
specialized
compe7ng
against
larger,
more
established
product
road
map
that
takes
advantage
of
providers.
the
company's
applica7on
management
-‐ NaviSite's
only
non-‐U.S.
data
center
is
in
capabili7es. the
U.K.
+ NaviSite's
cloud
compu7ng
strategy
is
based
-‐ NaviSite
is
a
moderate-‐size
provider,
and
is
on
its
AppStructure
plaxorm,
which
trying
to
spread
its
resources
over
a
very
encompasses
not
only
VMware-‐based
broad
set
of
service
offerings.
infrastructure,
but
also
collabora7on
and
integra7on
capabili7es.
+ Recommended
use
cases:
mainstream
managed;
highly
complex;
global
porxolio;
enterprise
applica7ons.
OpSource + OpSource
has
been
focused
solely
on
SaaS
-‐ OpSource's
quality
of
service
delivery
and
enablement.
Its
compe77vely-‐priced
services
support
is
inconsistent.
The
more
are
specifically
targeted
at
SaaS
provider
customized
the
solu7on,
the
greater
the
needs,
although
it
plans
to
expand
into
more
challenges
encountered
in
delivery.
general
cloud
infrastructure
offerings. -‐ OpSource
has
experienced
recent
outages
+ OpSource
provides
adjunct
services
to
SaaS
due
to
its
storage
fabric.
It
has
since
re-‐
providers,
such
as
an
on-‐demand
billing
architected
its
storage
services.
plaxorm,
integra7on
services
(branded
-‐ OpSource
is
expanding
into
general
cloud
"OpSource
Connect"),
custom
applica7on
infrastructure
services,
but
to
date,
its
management
and
help
desk
support. offerings
have
been
focused
on
a
narrow
+ Recommended
use
cases:
SaaS
infrastructure
market
segment.
(mainstream
managed
and
highly
complex
-‐ OpSource's
only
non-‐U.S.
data
center
is
in
hos7ng). the
U.K.,
although
it
can
offer
services
across
a
broader
footprint
via
its
partnership
with
NTT.
Quality
+ Quality
Technology
Services
offers
wholesale
-‐ Quality
Tech
only
has
data
centers
in
the
Technology
and
retail
coloca7on,
managed
hos7ng
U.S.
Services (including
a
u7lity
hos7ng
plaxorm,
"QVI"),
-‐ Quality
Tech's
product
road
map
is
very
and
media
services,
at
very
compe77ve
conserva7ve.
The
company
invests
in
prices. technologies
once
they
have
achieved
+ Quality
Tech
grew
through
the
acquisi7on
of
widespread
mainstream
adop7on.
ITC
Deltacom's
eDeltacom
business,
IBM's
-‐ Quality
Tech's
customer
portal
has
only
coloca7on
business
and
Globix's
hos7ng
basic
func7onality.
business.
It
is
an
IBM
partner
for
SMB
hos7ng;
IBM
is
a
key
channel,
and
extends
Quality
Tech's
capabili7es.
+ Recommended
use
cases:
self-‐managed;
mainstream
managed.
Rackspace + Rackspace
offers
managed
hos7ng
and
cloud
-‐ Rackspace's
sales
and
support
quality
has
infrastructure
services
at
compe77ve
prices.
become
inconsistent,
due
to
its
extremely
It
also
has
a
Limelight
Networks
CDN
rapid
growth.
partnership
that
can
be
used
in
conjunc7on
-‐ Rackspace
is
at
its
best
when
it
is
delivering
with
its
cloud
storage
service. formally
produc7zed
offerings,
not
one-‐off
+ Rackspace
has
industry-‐leading
customer
customized
arrangements.
service.
It
is
proac7ve,
highly
responsive
and
-‐ Although
Rackspace
is
a
strong
player
in
"high
touch,"
interac7ng
frequently
with
its
the
enterprise
segment,
its
product
customers. porxolio,
professional
services
and
+ Rackspace
has
a
broad
and
ambi7ous
cloud
customer
portal
are
more
limited
than
road
map
which
integrates
the
full
range
of
those
of
other
leading
providers.
its
service
offerings. -‐ Although
Rackspace
is
a
global
provider,
it
+ Rackspace
has
par7cularly
strong
support
for
has
a
limited
geographic
footprint
in
North
open
source
technologies. America.
+ Recommended
use
cases:
self-‐managed;
mainstream
managed;
highly
complex;
global
porxolio.
Savvis + Savvis
offers
a
broad
range
of
hos7ng
-‐ Savvis's
customer
service
has
improved
services,
including
a
VMware-‐based
u7lity
recently,
but
it
must
demonstrate
that
plaxorm
called
"Dedicated
and
Open
Cloud
these
improvements
are
sustainable.
Compute"
(formerly
Virtual
Intelligent
-‐ Savvis
has
ra7onalized
its
product
offerings,
Hos7ng).
Its
services
are
priced
at
a
slight
but
the
breadth
of
op7ons
can
s7ll
lead
to
premium. buyer
confusion.
+ Savvis's
quality
of
sales
and
service
delivery
-‐ Savvis
has
refocused
its
sales
force
on
is
good.
It
is
very
good
at
exploi7ng
selling
managed
hos7ng,
rather
than
technology
and
has
an
excellent
customer
coloca7on,
but
coloca7on
remains
a
service
portal. distrac7on
for
its
sales
team.
+ Savvis
has
an
ambi7ous
road
map
for
cloud
infrastructure
offerings,
as
well
as
SaaS-‐
enablement
services
that
include
a
marketplace
and
other
complementary
services.
+ Savvis
is
par7cularly
strong
in
the
financial
ver7cal,
for
which
it
offers
specialized
products
and
services
that
take
advantage
of
its
network.
+ Recommended
use
cases:
self-‐managed;
mainstream
managed;
highly
complex;
global
porxolio;
enterprise
applica7ons.
SorLayer + SorLayer
offers
fast-‐provisioned
dedicated
-‐ SorLayer
does
not
offer
any
managed
and
Xen-‐based
cloud
hos7ng
at
compe77ve
services.
Its
customer
support
does
not
prices.
It
also
has
an
Internap
CDN
hand-‐hold;
customers
are
expected
to
be
partnership
that
can
be
used
in
conjunc7on
technically
proficient
and
willing
to
read
with
its
cloud
storage
service. the
documenta7on.
+ SorLayer
has
an
extensive
product
road
-‐ SorLayer
does
not
allow
hardware
map.
It
includes
many
value-‐added
services
excep7ons
to
its
standard
configura7ons.
with
all
configura7ons,
such
as
TippingPoint-‐ -‐ SorLayer
sells
primarily
online.
It
engages
based
intrusion
preven7on
and
distributed
in
very
limited
marke7ng
and
sales,
and
denial
of
service
(DDoS)
mi7ga7on,
and
local
has
liOle
brand
recogni7on.
and
global
load-‐balancing.
+ SorLayer
has
an
extensive
customer
portal
with
an
array
of
tools
for
self-‐management
of
both
dedicated
and
virtual
devices.
Func7onality
can
also
be
accessed
via
an
API.
+ SorLayer
uses
its
wiki
to
provide
thorough,
well-‐organized
documenta7on.
+ Recommended
use
cases:
self-‐managed.
SunGard + SunGard
Availability
Services
has
deep
and
-‐ SunGard's
customer
service
processes
can
broad
exper7se
in
business
con7nuity,
but
result
in
a
"hot
potato"
scenario
between
also
has
a
significant
coloca7on
and
mul7ple
opera7ons
groups,
where
no
one
managed
hos7ng
business.
Its
prices
are
accepts
responsibility
and
accountability
average. for
solving
the
customer's
problem.
+ SunGard
is
very
process-‐oriented
and
highly
SunGard
is
presently
transforming
its
conscious
of
enterprise
security
customer
service
model
to
address
these
requirements. issues.
+ SunGard
con7nues
to
expand
and
improve
-‐ SunGard
can
be
inflexible,
and
some7mes
its
product
porxolio,
and
can
capably
struggles
to
manage
high-‐growth,
high-‐
manage
a
broad
range
of
requirements. change
environments.
+ Recommended
use
cases:
mainstream
-‐ SunGard's
near-‐term
cloud
infrastructure
managed;
enterprise
applica7ons. road
map
is
primarily
focused
on
business
con7nuity
capabili7es,
although
it
will
be
expanding
into
other
cloud
compute
services.
Terremark + Terremark
is
a
leader
in
virtualized,
VMware-‐ -‐ Although
Terremark
is
a
global
provider,
it
based
infrastructure
services,
with
its
has
a
limited
geographic
footprint
in
North
Infinistructure
u7lity
hos7ng
and
Enterprise
America.
Cloud
VDC
offerings.
It
also
offers
carrier-‐ -‐ Terremark's
service
porxolio
is
not
as
neutral
coloca7on.
Its
prices
are
average. broad
as
its
largest
compe7tors.
+ Terremark
is
a
technology
innovator
with
very
good
customer
service,
a
good
customer
portal
and
extensive
automa7on.
It
has
a
well-‐thought-‐out
and
aggressive
cloud
infrastructure
road
map
that
is
focused
on
enterprise
requirements.
+ Terremark
offers
superb
engineering
support.
It
is
willing
to
take
on
"bleeding-‐
edge"
technologies,
legacy
infrastructures
and
other
unusual
requirements.
+ Terremark
is
par7cularly
strong
in
the
government
ver7cal.
Its
"NAP
of
the
Capital
Region"
data
center
is
specialized
for
serving
U.S.
federal
government
needs.
+ Recommended
use
cases:
self-‐managed;
mainstream
managed;
highly
complex;
global
porxolio.
Na7onal
and
european
health
policies
(A) Improve
the
adop7on
of
fundamental
must
focus
on
clear
values.
In
June
2006,
health
values
the
European
Council
elaborated
a
list
of
(B) Create
a
system
of
EC
health
common
values
and
principles:
indicators
by
exchanging
health
Strategy
based
on
shared
universality,
access
to
good
quality
care,
related
informa7on
among
member
health
values equity
and
solidarity
.
Moreover,
the
states
European
Charter
of
Fundamental
Rights
(C) Decrease
current
inequi7es
in
explicitly
recognizes
every
ci7zen’s
rights
of
healthcare
services
within
the
EU
access
to
preven7ve
care
and
to
benefit
(D) Promote
health
literacy
programs
for
from
medical
treatment.
different
age
groups.
It
is
important
to
consider
health
related
Strength
the
integra7on
of
health
issues
not
only
in
the
development
of
concerns
into
all
policies
of
the
EC,
Health
in
all
policies health
policies
but
also
in
all
european
member
states
and
regional
authori7es.
policies
to
leverage
cross
sectorial
synergies.
• 83%
reduc7on
in
90
day
readmission
rate
for
Conges7ve
Heart
Failure
(CHF)
pa7ents
Electronic
Medical
Records
(EMR)
• 32%
reduc7on
in
diabe7c
death
Business Intelligence (BI) • 10.3% reduc7on in Hospital Acquired Infec7ons (HAI)
RFID and Barcoding • 83% reduc7on in medica7on errors due to mistaken iden7ty
Business Intelligence (BI) • 10.3% reduc7on in Hospital Acquired Infec7ons (HAI)
• 7%
decrease
in
number
of
GP
appointments
replaced
by
telephone
contacts
Electronic
Health
Records
(EHR)
• 22%
gain
in
clinical
staff
produc7vity
• Reduc7on
of
816
inappropriate
referrals
to
secondary
care
per
year
per
primary
care
unit
Electronic
Appointment
Booking • 33%
reduc7on
of
Did
Not
AOends
(DNA)
• 16%
reduc7on
in
wai7ng
7mes
for
first
outpa7ent
appointment
• 60%
improvement
in
radiologist
produc7vity
measured
in
number
of
tests
read
per
Picture
Archiving
and
radiologist
Communica7on
Systems
(PACS) • 99%
reduc7on
in
lost
images
• 99%
reduc7on
in
number
of
repeat
imaging
tests
Personal
Healthcare
Records
• 55%
reduc7on
in
hospital
admissions
for
Conges7ve
Heart
Failure
(CHF)
(PHR)
Pa7ent Portals • 50% reduc7on in admin staff 7me spent filing and managing forms
• 25%
reduc7on
in
average
number
of
bed
days
for
admissions
for
chronic
condi7ons
Telemedicine
• 19%
reduc7on
in
hospital
admissions
for
chronic
condi7ons
Electronic
Medical
Records
(EMR) • 10%
increase
in
number
of
pa7ents
seen
by
GP
• 9%
reduc7on
in
the
growth
rate
of
acute
admissions
• 83%
reduc7on
in
90
day
readmission
rate
for
Conges7ve
Heart
Failure
(CHF)
pa7ents
• 7%
reduc7on
in
average
length
of
stay
in
hospital
RFID and Barcoding • 20% increase in the number of pa7ents discharged by noon
Electronic
Health
Records
(EHR) • 7%
decrease
in
number
of
GP
appointments
replaced
by
telephone
contacts
• 22%
gain
in
clinical
staff
produc7vity
Electronic
Appointment
Booking • Reduc7on
of
816
inappropriate
referrals
to
secondary
care
per
year
per
primary
care
unit
• 33%
reduc7on
of
Did
Not
AOends
(DNA)
• 16%
reduc7on
in
wai7ng
7mes
for
first
outpa7ent
appointment
Picture
Archiving
and
• 46.5%
increase
in
volumes
of
tests
(increase
in
throughput)
Communica7on
Systems
(PACS) • 60%
improvement
in
radiologist
produc7vity
measured
in
number
of
tests
read
per
radiologist
Personal
Healthcare
Records
(PHR) • 35%
reduc7on
in
number
of
redundant
tests
• 55%
reduc7on
in
hospital
admissions
for
Conges7ve
Heart
Failure
(CHF)
Telemedicine • 25%
reduc7on
in
average
number
of
bed
days
for
admissions
for
chronic
condi7ons
• 19%
reduc7on
in
hospital
admissions
for
chronic
condi7ons
Electronic Medical Records (EMR) • 52% rise in pa7ents with documented self management goals
Electronic Health Records (EHR) • 7% decrease in number of GP appointments replaced by telephone contacts
A
longitudinal
health
record
that
provides
physician
and
pa7ent
access
to
clinical
details
registered
during
one
or
more
treatments.
The
main
goal
of
EHR
is
to
maintain
Electronic
a
integrated
record
of
a
pa7ents
health
status
in
order
to
support
the
con7nuity
and
Health
efficiency
of
care
services
to
be
provided.
It
also
facilitates
communica7on
among
Gartner
Record
(EHR) care
professionals
and
therefore
it
benefits
both
pa7ents
and
clinicians.
Other
secondary
uses
of
EHR
are
for
example
research,
educa7on,
quality
management,
billing,
etc.
Electronic
A
repository
of
a
pa7ent’s
health
data
which
is
oren
registered
by
a
single
Medical
organiza7on
or
ins7tu7on.
An
EMR
is
a
narrower
healthcare
record
than
an
EHR.
Gartner
Record
Typically,
an
EMR
contains
a
part
of
the
EHR
but
described
in
a
more
extensive
way.
(EMR)
A
domain
specific
model
that
defines
the
structure
and
business
rules
of
the
concept.
Archetype ISO-‐TR-‐20514
Examples
of
medical
archetypes
are
“family
history”,
“blood
pressure”,
etc.
Technical
A
computable
expression
of
a
domain
specific
concept
in
the
form
of
structured
ISO-‐TR-‐20514
Archetypes constrains
statements
based
on
some
reference
informa7on
model.
Architecture A set of descrip7ve representa7ons for describing and object and maintaining it. ISO-‐TR-‐20514
Clinical
Data
A
data
store
that
registers
and
manages
clinical
data
collected
at
care
service
Repository
ISO-‐TR-‐20514
loca7ons
(e.g.
hospitals,
pharmacies,
GPs,
etc.).
(CDR)
Electronic
Health
The
generic
structural
components
from
which
all
EHRs
are
built,
defined
in
terms
of
Record
ISO-‐TR-‐20514
an
informa7on
model.
Architecture
(EHRA)
Unit
of
communica7on
of
all
or
part
of
the
EHR
consis7ng
of
one
or
more
EHR
EHR
extract ISO-‐TR-‐20514
composi7ons.
EHR node A physical loca7on where EHRs are stored and maintained. ISO-‐TR-‐20514
The
set
of
components
that
form
the
mechanism
by
which
EHRs
are
created,
used,
stored
and
retrieved.
It
includes
people,
data,
rules
and
procedures,
processing
and
storage
devices,
and
communica7on
and
support
facili7es.
It
can
also
be
defined
as
a
system
for
recording,
retrieving
and
manipula7ng
informa7on
in
EHRs.
They
can
be
non-‐shareable
local
systems
(EHR),
shareable
regional
or
na7onal
systems
(ICEHR),
EHR
system ISO-‐TR-‐20514
and
(inter)na7onal
indexes
of
ICEHR.
The
most
significant
components
of
an
EHR
infrastructures
are
data
messaging
services,
locator
applica7on,
secure
network
infrastructure,
connec7vity
services
to
end
user’s
applica7ons,
a
central
data
repository,
a
pa7ent
portal
with
view
and/or
update
func7onality,
and
a
data
warehouse
for
research
purposes.
Integrated
A
repository
of
informa7on
about
the
health
state
of
a
pa7ent
in
computer
Care
processable
form,
where
the
informa7on
is
stored
and
transmiOed
securely
and
it
is
Electronic
accessible
by
mul7ple
authorized
users.
The
registered
informa7on
is
retrospec7ve,
ISO-‐TR-‐20514
Health
concurrent
and
prospec7ve,
providing
a
complete,
longitudinal
and
persistent
record
Record
of
all
past,
present
and
future
care
services
regarding
an
specific
pa7ent.
(ICEHR)
Personal
A
special
type
of
EHR
where
the
PHR
is
under
the
control
of
the
subject
of
care
and
Health
the
informa7on
registered
is
(partly)
submiOed
by
the
pa7ent.
It
can
complement
ISO-‐TR-‐20514
Records
EHR
by
including
output
from
pa7ents
and
providing
control
of
personal
informa7on
(PHR) by
the
subject
under
study.
CON-‐01 Facilitate all electronic message exchange between GBZ(s) and the LSP
CON-‐02 Enable GBZ access to tes7ng and produc7on LSP environments
Use
fixed
DCN’s
IP
address
as
assigned
by
the
LSP
(the
IP
address
becomes
responsibility
of
CON-‐03
the
ZSP)
Apply
UTP
connec7on
with
a
speed
of
10/100/1000
Mb/s
where
speed
and
duplex
mode
are
CON-‐05
configured
as
fixed
and
the
connec7on
is
realized
at
layer
3
(IP
rou7ng
layer)
Install
and
manage
network
component
at
layer
2
or
3
at
the
GBZ
loca7on
to
enable
domain
CON-‐06
differen7a7on
and
monitoring
Connec7vity
Do
not
use
(sub)component
must
be
used
that
makes
(par7al)
use
of
the
public
internet
CON-‐07
network
CON-‐08 Enable access of GBZ(s) to the UZI register through the LSP’s rou7ng func7onality.
Facilitate
access
of
GBZ(s)
to
the
Cer7ficate
Authori7es
of
the
LSP’s
server
cer7ficate
through
CON-‐09
the
LSP
rou7ng
func7on,
and
access
to
other
CAs
of
the
trust
chain
for
LDAP
and
OCSP
CON-‐10 Route IP addresses assigned by the LSP to the LSP entry points
CON-‐11 Use of NAT (Network Address Transla7on) can not have nega7ve impact on the connec7on(s)
Register
at
DNS
servers:
all
hosts
and
domain
names
of
connected
GBZs,
and
the
forwarding
DNS-‐01
of
all
DNS
zones
to
the
LSP
(if
ZSP
not
authorita7ve)
Manage
authorita7ve
DNS
servers:
primary
and
secondary
DNS
server,
reverse
DNS
zone
for
DNS-‐02 each
DNS
forward,
LSP
as
slave
DNS
server
for
each
subdomain
(forward
and
reverse
DNS
entries)
Domain
Name
Create
subdomains
with
a
maximum
of
15
characters
and
with
meaningful
seman7cs
for
the
DNS-‐03
System user,
with
a
maximum
of
3
subdomain
levels
DNS-‐06 Forward zones in AORTA-‐ZORG.NL to the LSP DNS if the ZSP is not authorita7ve.
BSC-‐01 Ensure system availability 24 hours per day and 7 days per week
Ensure
that
malfunc7on
frequency
and
recovery
comply
with
the
specifica7ons
of
the
LSP
per
type
of
malfunc7on:
-‐ Class
1
outages:
4
7mes
per
year
(if
recovery
7me
<
15
min),
2
7mes
per
year
(if
recovery
7me
<
12
hours
&
>
15
min)
and
1
7me
per
year
(if
recovery
7me
<
4
days
&
>
12
hours).
BSC-‐04
-‐ Class
2
outages:
12
7mes
per
year
(if
recovery
7me
<
15
min),
4
7mes
per
year
(if
recovery
7me
<
12
hours
&
>
15
min)
and
2
7mes
per
year
(if
recovery
7me
<
4
days
&
>
12
hours).
-‐ Class
3
outages:
12
7mes
per
year
(if
recovery
7me
<
15
min),
12
7mes
per
year
(if
recovery
Availability 7me
<
12
hours
&
>
15
min)
and
4
7mes
per
year
(if
recovery
7me
<
4
days
&
>
12
hours).
Deploy
back
up
procedures
to
guarantee
con7nuity
of
connec7vity
and
DNS
services
if
a
BSC-‐05
(hardware)
component
fails
Communicate
to
the
GBZ
any
par7al
or
fully
discon7nuity
of
service,
including
reach,
BSC-‐06
progress
and
recovery
BSC-‐07 Schedule planned maintenance between 03:00 AM and 07:00 AM
BSC-‐08 Communicate each recovery from malfunc7on to the LSP and GBZ(s)
Ensure
that
network
round
trip
delay
between
GBZ(s)
and
LSP
is
no
more
than
200
RSP-‐01
Response
milliseconds
in
90%
of
the
cases
Times
RSP-‐03 Enable
priori7za7on
of
network
traffic
to
the
LSP
Ensure
that
ZSP
is
registered
at
the
Dutch
chamber
of
commerce
(Kamer
van
ORG-‐01
Koophandel).
ORG-‐02 Posi7on the ZSP as main subcontractor when using third party services
Ensure
a
good
service
desk:
reachable
on
work
days
from
08:00
AM
to
05:00
PM
(with
an
Organiza7on ORG-‐05 emergency
number
outside
this
7me
frame)
and
being
able
to
es7mate
recovery
7mes
and
to
report
recovery
progress.
Classify
malfunc7ons:
Class
1
if
DCN
is
unreachable,
Class
2
if
limited
func7onality
and
ORG-‐06
Class
3
if
it
is
fully
func7onal
with
some
outages.
Solve
malfunc7ons:
immediately
(Class
1),
within
4
hours
(Class
2)
or
within
24
hours
ORG-‐07
(Class
3)
Ensure
that
the
contact
data
(e.g.
telephone
number)
of
the
DCN’s
system
administrator
BEH-‐01
is
known
by
the
system
administrator
of
the
LSP
where
it
can
be
contacted
24x7
BEH-‐02 Ensure capabili7es to localize the domain of a malfunc7on in the network
Measure
and
report
to
the
LSP
used
and
available
bandwidth
per
connec7on
per
GBZ
BEH-‐03
(measurements
of
minimal
20
connec7ons
concurrently
if
available)
BEH-‐04 Report
monthly
to
the
LSP
the
frequency
and
dura7on
of
network
outages
Management
BEH-‐05 Report
monthly
to
the
LSP
and
GBZs
the
recovery
7mes
of
all
outages
Ensure
that
planned
maintenance
(if
affects
func7onality)
is
communicated
to
LSP
and
BEH-‐06
GBZs
at
least
5
working
days
in
advance.
Support
the
migra7on
to
another
ZSP
to
be
completed
within
3
weeks
arer
the
new
BEH-‐07
ZSP’s
infrastructure
is
ready
BEH-‐08 Facilitate migra7ons to other ZSPs to guarantee con7nuity of services
GBO-‐01 Deliver
user
support
with
a
service
level
that
matches
the
priority
of
issues
User
Support
GBO-‐02 Handle
and
manage
all
issues
signaled
by
GBZs
Organiza7on
has
been
subscribed
in
the
UZI
register
and
has
received
UZI
Prac7cal
1.3.
cards,
card
readers
and
UZI
server
cer7ficate.
Requirements
1.4. WriOen
agreements
with
related
third
par7es.
The
organiza7on
uses
the
EPD
infrastructure
for
the
goal
determined
by
the
1.5.
used
XIS
applica7on.
2.1. Some
employee
is
direct
responsible
for
con7nuos
GBZ
compliance
regarding
direct
and
delegated
responsibili7es.
2.2. Employees
are
trained
to
work
with
the
EPD
and
have
wriOen
procedures
and
user
manuals
(i)
(ii).
An
employee
is
directly
responsible
for
employee
training,
manuals
and
procedures.
2.3. Organiza7on
provides
first
line
support
and
incident
registra7on
during
office
hours.
An
employee
is
directly
responsible
for
this.
Organiza7onal
Embedding
2.4. The
organiza7on
has
a
list
of
error
codes
provided
by
the
switching
point
and
the
related
ac7on
to
be
taken.
2.5. Organiza7onal
policy
and
measures
to
ensure
data
availability,
correctness
and
security
(data
not
accessed
by
unauthorized
people).
An
employee
is
directly
responsible
for
these
policies
and
to
ensure
its
compliance.
2.6. Applica7ons
connected
to
the
EPD
are
tested
before
being
used
in
produc7on.
An
employee
is
directly
responsible
for
this.
3.3. Regular control to check if pa7ent data has been ini7ated.
3.4. To
protect
the
GBZ
environment,
the
organiza7on
has
an
overview
of
XIS
interfaces,
interfaces
are
protected
against
data
leakage
and
data
on
the
na7onal
EPD
is
protected
against
unauthorized
access.
3.5. Regarding
data
submission
to
the
na7onal
switching
point,
the
organiza7on
has
an
overview
of
which
data
has
been
submiOed,
a
policy
to
determine
which
data
is
going
to
be
submiOed
and
it
performs
periodic
random
control
checks.
Data
3.6. The
organiza7on
is
able
to
protect
complete
o
par7al
pa7ent
data
from
Management exchange
in
the
EPD,
informing
the
pa7ent
about
the
consequences.
3.7. The
organiza7on
is
able
to
submit
informa7on
which
is
stored
within
the
legal
storing
7me.
Including
an
overview
of
the
data
stored,
a
daily
remote
back
up
of
the
data,
and
a
policy
to
discard
data
when
the
legal
storing
7me
has
passed.
3.8. Regarding
the
integrity
of
data,
the
organiza7on
must
ensure
that
the
data
submiOed
corresponds
with
the
related
pa7ent
dossier.
3.9. The
organiza7on
informs
pa7ents
about
the
exchange
of
his/her
data
on
the
na7onal
infrastructure.
3.10. The
organiza7on
ensures
that
pa7ent
data
is
exclusively
exchanged
through
the
na7onal
EPD
infrastructure.
4.1. Controlled
use
of
UZI
cards
by
employees.
Providing
training
and
tools
for
the
correct
use
and
performing
control
checks
and
sanc7ons
to
ensure
this.
4.2. Access
log
of
pa7ent
data.
Delega7ons
are
properly
managed
by:
having
a
direct
responsible
employee
for
managing
delega7ons,
employees
obtain
proper
delega7on,
employees
are
controlled
on
the
appropriate
exercise
of
delega7ons,
delega7ons
are
controlled
and
preven7ng
that
employees
obtain
conflic7ng
delega7ons.
4.3. Inform
pa7ents
over
EPD
and
obtain
pa7ents
approval
before
exchanging
his/
her
informa7on.
4.6. The
connec7on
to
the
switching
point
takes
place
through
a
server
that
uses
the
UZI
server
cer7ficate,
which
is
protected
according
to
the
policies
of
the
UZI
register
and
there
are
procedures
and
instruc7ons
for
administrators.
4.7. Data
obtained
through
the
EPD
infrastructure
is
deleted
arer
use,
including
half
processed
data
en
data
temporary
saved
on
devices.
4.8. The
exchange
of
informa7on
is
regularly
controlled,
including
log
management
and
checks
to
detect
unauthorized
access.
5.1. 24x7
accessibility
and
management
with
a
maximum
of
1
outage
per
month
with
no
more
than
15
minutes
down7me,
and
a
maximum
of
2
outages
per
year
with
no
more
than
1
day
down7me.
5.2. A
system
administrator
is
directly
responsible
for
seung
up
and
maintaining
connec7vity
to
and
from
the
EPD
infrastructure.
5.3. The
system
administrator
ensures
the
accurate
use
of
DCN,
IP
address,
domain
name,
HL7
messages
and
NTP
7me
synchroniza7on.
5.5. The
7me
used
by
the
server
can
vary
a
maximum
of
1
second
from
the
used
NTP
server
7me.
Connec7on
Towards a Healthy Cloud Page 217 of 218 Juan Hernández Colomina
Area Requirement
Connec7on
5.6. When
configuring
IP
addresses
and/or
domain
names
the
system
administrator
must
ensure
that
they
comply
with
ZIM
tests
and
ZIM
opera7onal
context,
that
they
are
not
internally
used
for
other
purposes,
and
that
planned
maintenance
takes
place
a
maximum
of
12
7mes
per
year
with
a
maximum
down7me
of
1
hour.
5.7. Regarding
capacity
planning
the
system
administrator
must
ensure
that
there
is
enough
compu7ng
capacity
to
support
the
exchange
of
messages,
to
support
all
SSL
sessions
and
to
comply
with
the
agreed
response
7mes.
Average
response
7mes
are
periodically
analyzed
and
registered
in
wriOen.
5.8. The
system
administrator
must
ensure
that
when
requested
by
na7onal
EPD
system
administrator
the
UZI
cer7ficates
and
related
applica7ons
are
loaded,
configured
and
stopped.
(i)
The
training
program
of
employees
should
at
least
include
the
following
items:
- Informing
pa7ents
on
the
use
of
BSN
numbers
and
the
exchange
of
their
informa7on
at
na7onal
level.
- Informing
pa7ents
on
the
possibility
to
exclude
their
data
from
exchange
at
na7onal
level.
- Process
to
be
carried
out
if
a
pa7ent
wants
to
exclude
his
data
from
exchange.
- How
to
look
a
BSN
number
up
and
link
it
to
the
corresponding
internal
index.
- How
to
deal
with
difficult
names
and
diacri7cal
marks.
- Understanding
the
importance
of
and
requirements
for
accurate
dossiers.
- Condi7ons
for
the
use
of
the
EPD.
- Rules
and
alerts
when
login
terms
are
not
followed.
- Responsibili7es
regarding
informa7on
requests.
- Condi7ons
that
allow
to
copy
gathered
informa7on
to
local
informa7on
systems.
- Condi7ons
for
delega7ons
of
use
and
how
to
avoid
unauthorized
delega7ons.
- The
process
of
transferring
a
full
pa7ent’s
dossier.
- How
to
handle
error
messages
and
problems
and
how
to
contact
the
help
desk
- How
to
report
suspicion
or
certainty
of
weak
points
or
threats
to
the
EPD
(ii) The
procedures
and
user
manuals
should
at
least
include
the
following
items:
- Informing
pa7ents
on
the
exchange
of
informa7on
at
na7onal
level
- Informing
pa7ents
on
the
possibility
to
exclude
their
data
from
exchange
at
na7onal
level.
- Process
to
be
carried
out
if
a
pa7ent
wants
to
exclude
his
data
from
exchange.
- Procedure
to
look
BSN
numbers
up
and
link
them
to
internal
index
numbers
- Reques7ng,
denying,
replacing,
blocking
and
communica7ng
lost
of
UZI
cards
- Copying
requested
data
to
local
informa7on
systems
- Delega7on
of
access
to
the
EPD
- Transfer
of
dossiers
- Possible
error
codes
and
the
ac7on
to
be
taken
- How
to
contact
the
help
desk
- How
to
report
suspicious
or
real
weak
points
or
threats
to
the
na7onal
infrastructure
- A
detailed
list
of
error
codes
and
consequent
ac7ons
provided
by
the
switching
point