Towards A Healthy Cloud: Cloud Computing Solutions in Dutch Healthcare

Towards a Healthy Cloud
Cloud Computing Solutions for the Dutch Healthcare Sector
Master Thesis Business Informatics

Juan Hernández Colomina
June 2009 - February 2010
Advisors:
Ronald Batenburg & Slinger Roijackers
Advisors:
Kor Tops & Ronald van den Heuvel
Table of Contents
Introduc*on .....................................................................................................4
Research Descrip*on ........................................................................................5
Research Problem and Scope ........................................................................................5
Research Goal and Ques7ons .......................................................................................5
Research Paradigm ........................................................................................................7
Research Approach .......................................................................................................8
Research Methodology .................................................................................................10
Prac7cal and Scien7fic Contribu7on .............................................................................21
Research Validity ...........................................................................................................25
Research Phase 1: Defini*on of Cloud Compu*ng .............................................26
Context and Enabling Factors ........................................................................................28
Cloud Compu7ng Defini7on ..........................................................................................34
Taxonomy of Cloud Solu7ons ........................................................................................48
Common Use PaOerns ..................................................................................................55
Cloudnomics: Cloud Compu7ng Economics ..................................................................61
Risks of Cloud Compu7ng ..............................................................................................65
Cloud Security ...............................................................................................................72
The Cloud Compu7ng Marketplace ...............................................................................76
Selec7ng a Cloud Provider ............................................................................................90
Answers to Research Ques7ons Phase 1 .......................................................................95
Conclusion Phase 1 .......................................................................................................99
Research Phase 2: ICT in the Dutch Healthcare Sector .......................................102
Context and Scope .........................................................................................................102
The Role of Technology in Healthcare ...........................................................................114
ICT in the Dutch Healthcare sector ...............................................................................123
Electronic Pa7ent Records in The Netherlands .............................................................126
Conclusion Phase 2 .......................................................................................................154
Phase 3: Cloud Compu*ng in the EPD context ...................................................160
Design Science Research Approach ...............................................................................160
Ar7fact Crea7on ............................................................................................................163
Ar7fact Evalua7on .........................................................................................................166
Towards a Healthy Cloud Page 2 of 218 Juan Hernández Colomina

Research Conclusion .........................................................................................180
Bibliography .....................................................................................................186
Appendix A: General Thesis Informa*on ...........................................................194
Appendix B: Process Deliverable Diagram .........................................................195
Appendix C: Project Planning and Deliverables .................................................196
Appendix D: TwiRer’s cloud compu*ng community ..........................................197
Appendix E: Cloud Compu*ng Outages During 2008 .........................................198
Appendix F: Gartner’s 2009 overview of IaaS providers .....................................199
Appendix G: Healthcare Strategic Principles of the EU .......................................206
Appendix H: Enabling Technologies for Pa*ent Safety .......................................207
Appendix I: Enabling Technologies for Quality of Care .......................................208
Appendix J: Enabling Technologies for Availability ............................................209
Appendix K: Enabling Technologies for Empowerment ......................................210
Appendix L: General eHealth related defini*ons ...............................................211
Appendix M: NICTIZ’s ZSP Cer*fica*on Requirements .......................................213
Appendix N: NICTIZ’s GBZ Requirements Overview ...........................................216

Introduc*on
This thesis report describes the findings of the research performed by Juan Hernández
Colomina as part of the Master in Business Informa7cs program at Utrecht University. The main goal
of the research is to analyze the challenges and opportuni7es to adopt (current) Cloud Compu7ng
solu7ons in the Dutch healthcare sector. For this purpose, this research has been conducted from June
2009 to January 2010 in collabora7on with E.Nova7on B.V. a firm specialized in communica7on
systems and integra7on services for the healthcare and logis7c sectors in The Netherlands.
In accordance with the different research steps performed, the report is structured in four
main sec7ons: Research Descrip7on, Research Phase 1, Research Phase 2 and Research Conclusion. In
the first sec7on (Research Descrip7on) the main research goal, (sub)ques7ons, methodology, scope
and scien7fic and social relevance are introduced. The second sec7on of this report (Research Phase
1) elaborates the results of the first part of our research which focuses on Cloud Compu7ng solu7ons.
This sec7on includes not a defini7on of the concept as well as a taxonomy of current solu7ons,
common use paOerns, a brief vendor analysis and a descrip7on of the associated risks compared to
other alterna7ves.
The third part of this report (Research Phase 2) focuses on analyzing the Dutch healthcare
sector and the role of informa7on and communica7on technology (ICT) in that sector. For this purpose
we have selected one of the most significant ICT projects currently being deployed in The Netherlands,
the introduc7on of Electronic Pa7ents Records (EPR or EPD in Dutch). In the fourth and last sec7on of
this report (Research Conclusion) we combine the results of the previous two phases in analyzing the
opportuni7es and challenges for deploying Cloud Compu7ng solu7ons within the EPR context in The
Netherlands. We conclude the report with some recommenda7ons for healthcare providers, ICT
providers and Government bodies as well as some issues that could be subject of future research.

Research Descrip*on
We begin this sec7on by introducing the research problem and scope that delimit our
research. In order to achieve this goal, we present the research ques7on and sub-‐ques7ons to be
answered as well as the methodology applied in that process. The last part of this sec7on describes
the scien7fic and prac7cal contribu7on of the research.
1. Research Problem and Scope

Cloud Compu7ng represents a new technological delivery model that is expected to highly
influence organiza7ons and their use of technology in the near future. During 2009 we have observed
an increasing interest for Cloud Compu7ng solu7ons as viable alterna7ve models to reduce costs and
improve performance. However, there are certain considera7ons to be taken into account when
implemen7ng technological solu7ons in specific na7onal sectors like the Dutch healthcare sector. For
this reason, it is not only important to obtain a clear defini7on of this new paradigm but also to
understand what are the specific implica7ons in the adop7on of ICT solu7ons by Dutch Healthcare
organiza7ons.
Hitherto there are few scien7fic publica7ons on Cloud Compu7ng and they focus primarily on
providing the grounding step stones (e.g. defini7ons, actors, etc.) of this emerging field. However, in
commercial publica7ons (e.g. New York Times, CIO.com, The Economist, CNN, etc.) several ar7cles can
be found on the benefits and risks of this new delivery model. The rapid evolu7on of Cloud Compu7ng
offerings and the lack of a broadly accepted defini7on have resulted in a hype where almost every
vendor affirms they provide this type of solu7on. As a direct consequence of this blurred situa7on
customers cannot evaluate and compare solu7ons accurately.
Due to the increasing popularity of the cloud compu7ng delivery model and the lack of
previous scien7fic research in this area it is necessary to create a defini7on of the concept that can
then be further analyzed in a specific context. For this reason, the scope of this research is delimited
on one hand by the crea7on of a general Cloud Compu7ng defini7on, and on the other hand by the
risks and opportuni7es of this new paradigm for Dutch healthcare organiza7ons and policy makers.
For this reason, the problem that we aim to solve in this research is the lack of understanding of
current opportuni7es and barriers for using Cloud Compu7ng solu7ons in the Dutch healthcare sector.
By solving this problem, we aim to support policy makers, healthcare organiza7ons and ICT providers
when considering this paradigm in the Dutch healthcare context.
2. Research Goal and Ques*ons

The main goal of this research is to provide a set of recommenda7ons for policy makers,
healthcare organiza7ons and technology providers to support on one hand the development of future
legisla7ons and on the other hand the adop7on and development of Cloud Compu7ng solu7ons in the

Dutch Healthcare sector. By taking into account the current opportuni7es, challenges and policies
influencing the adop7on of ICT solu7ons in the Dutch Healthcare sector as well as the characteris7cs
of this new delivery model we aim to achieve three goals: (A) to support policy makers in the
development of new ICT related policies and regula7ons, (B) to facilitate the adop7on of Cloud
Compu7ng by Dutch healthcare organiza7ons and (C) to support ICT service providers in developing
cloud solu7ons that fit this context.
In order to achieve our research goal, a number of sub-‐steps have been accomplished first
where each step solves part of the research problem. For this purpose, we have divided our research
ques7ons in three groups:
Research Ques*ons Group 1: Defini*on of Cloud Compu*ng

What is Cloud Compu7ng? How is it defined by scien7sts, ICT vendors, consultants, analysts
and commercial publica7ons? What types of solu7ons are available? What are its main
benefits and risks? What type of cloud solu7ons are being currently offered in the market?
Research Ques*ons Group 2: The Dutch Healthcare Sector

What are the current trends, challenges and opportuni7es in the Dutch Healthcare sector?
What is the current role of ICT in the Dutch Healthcare sector? What are the main policies and
legisla7ons affec7ng the use of ICT in Dutch Healthcare organiza7ons?
Research Ques*ons Group 3: Cloud Compu*ng in Dutch Healthcare

What are the most relevant opportuni7es and challenges for adop7ng Cloud Compu7ng in
the Dutch Healthcare sector? Which type of Cloud Compu7ng solu7ons fit within the current
legisla7ve context and poli7cal agenda? How do current regula7ons facilitate or difficult the
adop7on of Cloud Compu7ng?
The first two groups of ques7ons are answered independently from each other while the third
group elaborates on the answers found on those two groups. By answering these research ques7ons
we have generate a set of recommenda7on to be taken into account when evalua7ng current Cloud
Compu7ng solu7ons for the Dutch Healthcare sector and when developing new cloud products for
that specific industry. Moreover, the recommenda7ons can also be applied in the development of new
laws and regula7ons by policy makers. The answers to these three groups of research ques7ons
provides us with the answer to our main research ques*on: how can a Dutch healthcare organiza*on
select cloud compu*ng solu*ons taking into account the requirements needed to connect to the
na*onal pa*ent records system?

3. Research Paradigm
The main purpose of IS scien7fic research is to describe, explain, predict and control reality
(Jenkins, 1985). Our research is primarily concerned with describing two parts of reality (e.g. defini7on
of cloud compu7ng and IT in Dutch healthcare) and explaining how an organiza7on can deploy such
solu7ons in that context. As we focus on studying a new phenomenon our research is exploratory by
nature. This is also reflected in the type of research ques7ons we try to answer (e.g. "What..."
ques7ons) (Järvinen, 2003).
There are several research paradigms applied in contemporary social research each having its
corresponding assump7ons, methodologies and suppor7ng theories. This diversity of approaches
enables the analysis of phenomena from different frames of reference, improving its validity and
accoun7ng for possible biases (e.g. methodology related biases) (Hirschheim & Klein, 1989). However,
on Informa7on Science (IS) research this is not always the case as the posi7vist and interpreta7ve
approaches have been the dominant approaches for many years (Orlikowski & Baroudi, 1991).
In IS research we can find previous scien7fic work on how different world views determine the
research paradigm followed the researcher (Orlikowski & Baroudi, 1991). Researcher’s believes about
physical and social reality, knowledge and the rela7onship between knowledge and the empirical
world determine his/her research philosophy (e.g. posi7vist, interpreta7ve, etc.) and consequently
influence his/her selec7on of research approach and methods (Orlikowski & Baroudi, 1991). Our
believes are described in the following list:
★ Physical and social reality: Our perspec7ves on the empirical world is that it is subjec7ve and
therefore created by human ac7ons. We assume therefore that humans (re)create the world
applying high levels of ra7onality on their percep7ons and interac7ons with other humans.
Moreover, we believe that social rela7ons are dynamic and in some cases conflicts arise from
differences in created "reali7es" .
★ Epistemology / Knowledge: We believe that knowledge is created and evaluated by human
ra7onality and it is valid once it has been empirically proven true several 7mes.
★ Rela*onship between knowledge and the empirical world: In our research we believe that
knowledge is primarily created to solve specific problems in prac7ce.
Analyzing our perspec7ves on these three areas we have to conclude that we follow a
interpreta7ve research philosophy. It differs from the posi7vist view in the assump7on of social
construc7onism, the believe that reality and our knowledge about it are social products and therefore
depend on humans to be constructed and make sense of it (Orlikowski & Baroudi, 1991) (Chen &
Hirschheim, 2004) (Myers, 1997). Applied to the IS research field, the interpreta7ve research paradigm
aims to understand “the context of the informa7on system, and the process whereby the informa7on
system influences and is influenced by the context" (Myers, 1997).

The interpreta7ve perspec7ve assumes that the world is not given but instead a subjec7ve
crea7on of human ac7ons (Chen & Hirschheim, 2004) (Myers, 1997). For this reason, interpreta7ve
researchers focus more on making sense of reality rather than discovering it as posi7vists do. Reality,
and therefore the interpreta7ons of meanings (e.g.defini7ons, concepts, etc.) are formed,
transferred, used and (re)nego7ated by humans over 7me as the context where they are created
changes (Orlikowski & Baroudi, 1991). For this reason, previous publica7ons recommend the use of
qualita7ve methods when conduc7ng research from a interpreta7ve perspec7ve (Chen & Hirschheim,
2004) (Myers, 1997).
Although many other research paradigms can be found in previous publica7ons

(e.g. posi7vism, post-‐posi7vism, cri7cal theory, neohumanism, pluralists, etc.) (Hirschheim & Klein,
1989) (Chen & Hirschheim, 2004) we believe that the interpreta7ve perspec7ve is a valid research
paradigm as it represents more accurately our world view and it has been applied already several
7mes during the last decade of IS research and (Chen & Hirschheim, 2004). The main advantages of
the interpreta7ve research approach is that it provides a view on the underlying connec7ons in social
groups and how they construct reality. However, some of the limita7ons of this approach are that it
does not consider external condi7ons, unintended consequences of ac7ons and social conflicts
(Orlikowski & Baroudi, 1991).
When aiming to achieve replicability and generalizability of research findings some authors
believe that the posi7vist paradigm might be the most appropriate (Chen & Hirschheim, 2004).
However, when the researchers goal is to provide an in-‐depth understanding of the phenomenon
under study the interpreta7ve paradigm is recommended as it enhances research from different
perspec7ves (Chen & Hirschheim, 2004). The interpreta7ve research paradigm is considered by some
authors as the only real alterna7ve to the dominant posi7vism stream (Chen & Hirschheim, 2004).
Although the posi7vism view is the dominant research perspec7ve in IS research it requires
that the phenomenon under study is single, tangible, fragment-‐able and with a clear an unique
defini7on (Orlikowski & Baroudi, 1991). This last requirement is not found in the context of our
research as there is not yet a clear and unique defini7on of cloud compu7ng. For this reason we will
try to achieve this during the first phase of our research.
4. Research Approach
A research approach can be defined as "the set of research methods that can be applied to
similar research objects and research ques7ons" (Järvinen, 2000). A research approach encompasses
therefore a group of research methods that are applied for the same goal and on the same object. We
have divided our research in three different phases aiming to answer three different types of research
ques7ons. For this reason we have selected different approaches and methods in each phase
depending on the type of research ques7ons that we aim to answer.

Previous work on research approaches has demonstrated how a researcher can select the
appropriate research methods based on the research ques7ons and the characteris7cs of the object
being inves7gated (Järvinen, 2000) (Järvinen, 2003). Applying Järvinen’s taxonomy of research
approaches to our research ques7ons we have selected a non-‐mathema7cal research approach with a
focus on studying reality. Our selec7on is based on the facts that cloud compu7ng is a emerging
delivery model being studied in few scien7fic publica7ons so we believe this part of reality needs to
be explored in a specific context. A mathema7cal approach was considered at the beginning of our
research (e.g. survey) but due to the lack of experiences with cloud compu7ng in the Dutch healthcare
sector we have selected a non-‐mathema7cal approach.
The first two phase our research follow a conceptual-‐analy7cal approach to fully understand
cloud compu7ng and the ICT in the Dutch healthcare sector context. Once we have deeply understood
these two parts of reality we con7nue our research in the third phase by applying a design science’s
innova7on building research approach that focuses on the crea7on of an ar7fact (e.g. matching-‐
model) based on the results from the previous two phases (Järvinen, 2000).
Within the conceptual-‐analy7cal research approach we can observe two research trends
(Järvinen, 2000). Some researchers focus on research ques7ons as "Which kind of theory concerning a
certain part of reality could be derived, if certain assump;ons and premises are valid?" while other
researchers aim to answer ques7ons like "Is there any common theory, which describes and explains
those phenomena?". Our research corresponds primarily with the first research stream as we aim to
derive theory (e.g. our matching-‐model) concerning a part of reality (e.g. cloud compu7ng and IT in
Dutch Healthcare) from certain assump7ons and premises (e.g. our own defini7on of cloud compu7ng
and our interpreta7on of NICTIZ requirements).
In the ar7fact building research approach the researcher inves7gates if a certain ar7fact
(abstract or concrete) can be constructed (Järvinen, 2000). The corresponding research ques7on that
this approach aims to answer is “Is it possible to build a certain ar;fact?" (Järvinen, 2000). In phase
three of our research we have followed this research approach to elaborate a meta-‐ar7fact (e.g.
matching-‐model). With our meta-‐ar7fact we try to demonstrate not only that this abstract ar7fact
can be build but also that following our matching-‐model a prac77oner can select a concrete cloud
compu7ng ar7fact to be used in the EPD context.
In the IS research field we can find several other taxonomies that are oren applied to select
the most appropriate research approach. Some examples are Nunamaker’s et al, Galliers & Land’s and
March & Smith’s frameworks (Järvinen, 2000) (Hevner, March, Park, & Ram, 2004) (Galliers & Land,
1987). According to Nunamaker’s taxonomy, our mix of conceptual-‐analy7cal and ar7fact building
approaches is considered as a theory building approach with a focus on delivering conceptual
frameworks. In Galliers & Land’s framework our research is regarded as descrip7ve interpreta7ve in
phase one and two as we focus mainly on understanding the nature of IT (Järvinen, 2008). Moreover,
applying March and Smith's framework (see table 1) our research can be classified as theory research

under the natural science approach for phase one and two, and as building approach under the design
science approach for phase three.
Table 1: March & Smith framework (Järvinen, 2000)
Design Science Natural Science

Build Evaluate Theorize Jus*fy
Constructs Phase 1 & 2
Model Phase 3
Method
Instan7a7on
As the research methods depend on the research approach followed we will discuss them per
phase of our research in the following sec7on.
5. Research Methodology
One of the key factors to select an appropriate research methodology is to recognize available
methodologies and understand their challenges and opportuni7es (Järvinen, 2008) (Jenkins, 1985)
(Chen & Hirschheim, 2004). Although surveys, laboratory experiments and case studies research
methods have been dominant in the IS research field (Orlikowski & Baroudi, 1991), qualita7ve
methods and longitudinal studies are gaining popularity as the interpreta7ve approach is gaining
popularity (Chen & Hirschheim, 2004).
Experienced IS researchers recommend to select the most appropriate methodology within
the context of the research objec7ve, an individual's research paradigm, his/her integrity, the available
knowledge on the IS field and the opera7ng paradigms available (Jenkins, 1985). Our research can be
in general considered as a interpreta7ve case study because it aims to capture and communicate (a
part of) reality in a par7cular context 7me (e.g. feasibility of cloud compu7ng in the current Dutch
healthcare system) (Jenkins, 1985).
One of the most significant barriers that we encounter when selec7ng our research methods
was the lack of available knowledge about cloud compu7ng in a Dutch healthcare seung. Other
barriers that we encountered when selec7ng our methods are the high costs and feasibility of
alterna7ve methods (e.g. survey, lab experiment, etc.), the low level of control we have over the
variables and the lack of applicable ar7facts (e.g. defini7ons, methods, models, etc.)
When performing IS research is oren very difficult to reproduce the research environment in
experimental designs and only a limited number of factors can be studied on such a seung (Galliers &
Land, 1987). Moreover, for this type of method the researcher should have control over behavioral
events. Due to the fact that we cannot reproduce the EPD context in an experiment and that we have
low control over the events we have discarded lab experiments as a viable method in our situa7on. A
survey was considered during the first months of the research but was discarded due to the fact that

there is almost no knowledge about cloud compu7ng within the research popula7on (e.g. healthcare
IT decision makers in The Netherlands).
Previous work on selec7ng the appropriate IS research methodologies has shown that applying
only empirical-‐analy7cal methods (e.g. sta7s7cal methods) the research would have serious
limita7ons as it should also include behavioral and organiza7onal considera7ons. IT is defined by some
authors as "technology used to acquire and process informa7on in support of human purposes,
typically within some organiza7onal seung" (March & Smith, 1995). Qualita7ve methods (e.g. field
work, interviews, etc.) are therefore appropriate for IS research as IT is oren studied in organiza;ons
and used by humans (Galliers & Land, 1987) (Myers, 1997).
Taking into the limita7ons previously stated, we have applied Järvinen's taxonomy to link our
research ques7ons to the most appropriate (and feasible) research methods (Järvinen, 2008). The
results of our selec7on process is depicted in table 2.
Table 2: Linking Research Ques*ons to Research Methods
Phase Type of Research

Research Methods Deliverables
# Ques*ons Approach
-‐ Literature Study

• Defini7on of Cloud Compu7ng
1 What is ...?

Conceptual-‐
-‐ Online Field Study
• Overview of characteris7cs
Analy7cal
-‐ Expert Reviews • Overview of main vendor solu7ons
• Expert review valida7on
• Descrip7on of the Dutch Healthcare sector

• Current trends, challenges and opportuni7es in the Dutch
Healthcare sector
Conceptual-‐ -‐ Literature Study
2 What is ...?
Analy7cal -‐ Expert Reviews
• The role of ICT in the Dutch Healthcare sector
• Policies and regula7ons governing the use of ICT in the
Dutch Healthcare sector
• Expert review valida7on
• Matching-‐model linking requirements with cloud

-‐ Ar7fact building / compu7ng features
Design
3 How does...?
Science
instrument • Opportuni7es and barriers for Cloud Compu7ng in the
development Dutch Healthcare sector
• Recommenda7ons for stakeholders
For clarifying purposes, we have depicted the main research ques7on and sub-‐ques7ons, the
corresponding research methodology, the research deliverables and their rela7onships in figure 1.
Moreover, based on the meta modeling technique developed by Professor Brinkkemper (Brinkkemper,
Saeki, & Harmse, 1999) we have elaborated the research phases and deliverables in a Process
Deliverable Diagram (PDD) which is depicted in appendix B. In appendix C we have also included the
GANTT diagram for the planning of each research phase.

Figure 1: Research Ques*ons and Deliverables
Our research methodology is designed per phase due to the significant differences in research
subjects in phase one and two, and the differences in the research goal of phase three. The first two
phases focusing on describing reality to understand the nature of two different parts of reality (e.g.
cloud compu7ng and Dutch healthcare) while the third phase goal is to elaborate a meta-‐ar7fact (e.g.
matching-‐model).
During the first two phases of our research we conduct descrip7ve literature studies following
the archival research methodology (Jenkins, 1985). Addi7onally, due to emerging and evolving
character of the concept of cloud compu7ng, we conduct an online field study in the cloud compu7ng
community to define the term from a interpreta7ve perspec7ve. Field study methods are
recommended when the researcher adopts an interpreta7ve research paradigm (Orlikowski &
Baroudi, 1991). In the field study research method the researcher does not manipulate any variable as
he/she only inves7gates a part of reality within a human interac7on context (Jenkins, 1985). In the
third phase of our research we follow the design science research to create an ar7fact that connects
the results of the previous two phases.
In order to validate the results of the first two phases we have conducted a series of expert
reviews which include not only the coordinators of these thesis but also several other experts in each
of the two fields. A descrip7on of these reviews can be found further in this thesis in the sec7on
discussing the research methods of each phase.

5.1. Phase 1 Approach and Methodology
There has been few scien7fic research performed on Cloud Compu7ng un7l now while the
media is offering almost on a daily basis new and some7mes contradictory defini7ons. It is therefore
crucial to obtain first a delimited defini7on of this new phenomenon by analyzing Cloud Compu7ng
vendor solu7ons and scien7fic literature as well as consultants’ and analysts' perspec7ves. Besides
developing a defini7on, it is also important to be aware of the poten7al benefits and risks associated
with this new delivery model.
As we men7oned earlier on this thesis the first phase of our research follows a conceptual-‐
analy7cal research approach to create theory (e.g. our defini7on of cloud compu7ng) about a certain
part of reality based on certain valid assump7ons and premises (Järvinen, 2003). As we follow a
interpreta7ve paradigm we assume that the defini7on of cloud compu7ng is created and recreated by
humans when they apply high levels of ra7onality to their empirical percep7on. For this reason we
consider not only several publica7ons from relevant human actors (e.g. science, vendors, consultants,
etc.) but also how the meaning of the term is (re)created by human interac7ons on online
communi7es.
Our research is more concerned with crea7ng theory than with tes7ng theory. The reason for
this approach is that cloud compu7ng is an emerging paradigm and therefore there is almost none
previous scien7fic work available. As this emerging paradigm is expected to have significant
implica7ons in the near future, it is first necessary to create cloud theory (e.g. defini7on of cloud
compu7ng) that can then be used in this thesis as well as in future research. In this phase we create
analysis theory due to the fact that we aim to answer the ques7on “what is cloud
compu7ng?” (Gregor, 2006).
In a conceptual analy7cal research approach, proposi7ons are created from collec7ng and
integra7ng exis7ng research results. Theory then is created arer observa7on by inducing basic clauses
and deduc7ng proposi7ons from them (Jenkins, 1985). In our research we perform first an extensive
literature review on term cloud compu7ng to complement it with findings from our observa7ons
during our online field study. We integrate our finding in a set of common features that we further
analyze in detail. Applying deduc7ve reasoning we exclude some of the features and include the rest
in our research defini7on of cloud compu7ng. Once we have created our defini7on of cloud
compu7ng we validate it with community reviews and expert reviews.
(A) Literature Study

As a literature review is an essen7al feature of every scien7fic work we can find several papers
on conduc7ng an accurate literature review in IT research seungs (Webster & Watson, 2002). In order
to iden7fy the relevant literature, previous work suggests that the researcher should focus on the
concepts rather than specific journals, methodologies or geographical loca7ons. For this reason, we
have applied mainly a concept-‐centric method in our search for relevant ar7cles (Webster & Watson,

2002). Furthermore, we have extended our literature list with an author-‐centric approach to explore
more ar7cles wriOen by recognized field experts (e.g. Nicholas Carr on cloud compu7ng).
In our concept-‐centric search process we have searched for the terms “cloud”, “cloud
compu7ng”, “u7lity compu7ng”, “HPC”, “IaaS”, “PaaS”, “SaaS”, “as-‐a-‐service” among others. In our
author-‐centric approach we have searched for ar7cles wriOen by field experts (e.g. “Nicholas Carr”,
“Daryl Plummer”) as well as by leading IT organiza7ons. The tools that we used more intensively
during our search process are Utrecht University’s Omega search engine (hOp://omega.library.uu.nl),
The ACM digital library (hOp://portal.acm.org), IEEE Xplore digital library (hOp://ieeexplore.ieee.org),
the Web of Science website (hOp://www.webofscience.com) and Google Scholar (hOp://
scholar.google.com). We have evaluated the ar7cles found by a backward analysis to analyze the
cita7ons included in the paper as well as by a forward analysis to analyzing the cita7ons to that paper
from other papers found in the Web of Science website and Google Scholar.
(B) Online Field Study

Following an interpreta7ve research paradigm we have taken into account not only a large
number of publica7ons from diverse actors (e.g. scien7fic, consultants, vendor, etc.) but also how the
defini7on of cloud compu7ng is (re)constructed in the cloud compu7ng community. For this reason,
we have par7cipated in several online communi7es to observe and interact with relevant humans in
crea7ng our own part of reality (e.g. defini7on of cloud compu7ng).
From the begging stages of our thesis we have par7cipated on Google Group’s cloud
compu7ng Community (hOp://groups.google.com/group/cloud-‐compu7ng), on several Linkedin cloud
compu7ng groups (The Cloud Talk Community Forum, cloud compu7ng Standards Forum, Cloud
Storage, etc.) and on our TwiOer group of cloud compu7ng experts (hOp://twiOer.com/aciertoweb/
cloud-‐compu7ng/). It is important to note that Google Group and Linked communi7es focus more on
formal discussions and deliverables (cloud specifica7ons, standards, etc.) while TwiOer’s community is
more dynamic and includes a significant larger number of individual’s contribu7ons and discussions.
From our experience TwiOer was the most valuable social network to obtain and validate knowledge.
Our par7cipa7on in these online cloud compu7ng communi7es can be regarded as an online
field study as we do not manipulate any variable but instead we just measure it within a human
context (Jenkins, 1985). Applying field study techniques on social networks we were able to observe
several discussions between cloud experts on the different features that the cloud compu7ng
defini7on should include and which types of models are available.
These online communi7es have all a large number of members where some contribute more
than others to the community. In our TwiOer group of cloud compu7ng experts we have selected the
members that are more ac7ve in collabora7ng and sharing informa7on. The most ac7ve community
members are depicted in appendix D Each community member has its own exper7se. Joe Weinman is
for example considered an expert in cloud compu7ng economics, Christofer Hoff is a recognized

security expert and Simon Wardley is a regarded as an Open Source expert worldwide. This mix of
knowledge and exper7se has supported us in our analysis on which features should be included in the
defini7on of cloud compu7ng and which not.
From our observa7ons we can interpret that individual’s argumenta7ons are oren in line with
their employer’s interests. For example community members working at hardware producers (e.g.
Cisco, NEC, etc.) are more in favor of private cloud models while individuals working at web based
companies focus more on public cloud models (e.g. Google, Amazon, etc.). We have carefully
considered this possible bias in their opinions when evalua7ng their argumenta7ons.
A clear advantage of this method is the large number of relevant ar7cles that we have
discovered through community member’s contribu7ons. For example, through twiOer we were able to
obtain recent published documents just hours arer they were available online. Without our
par7cipa7on on this online communi7es our literature study would have been limited to the ar7cles
found through search engines, with the corresponding crawling delay. Moreover, these plaxorms have
enabled us to interact with several cloud compu7ng experts around the globe. For this reason, we
highly recommend this method in future research, specially to analyze emerging and/or dynamic
concepts from an interpreta7ve perspec7ve.
For crea7ng our defini7on of cloud compu7ng we analyze first the basic constructs individually
(e.g. features) to apply logical reasoning based on our percep7on (e.g. literature study) and our
observa7ons from online cloud compu7ng communi7es (e.g. online field study). From exis7ng papers
and community contribu7ons we have derived a set of features that are regarded as possible features
of cloud compu7ng solu7ons. Applying the formism research method (Jenkins, 1985) we group similar
features into categories and select those categories that (1) are men7oned by several relevant actors
and (2) they are corroborated or rejected by cases in prac7ce.
(C) Expert Reviews

For valida7ng the results of phase one we have followed two approaches. First we conduct two
expert reviews with IT managers to discuss the possible features of our cloud compu7ng defini7on.
Second we evaluate our defini7on by observing several experts discussions on online cloud compu7ng
communi7es.
We interview Mr. Gerard Persoon, Business Consultancy Manager at E.nova7on and Mr. Kor
Tops, Engineering Manager at the same organiza7on. Mr. Persoon has more than 20 years experience
in IT having worked previously for Ernst & Young for several years. His exper7se areas are informa7on
security, IT audits, ITIL, ISO 9001 and func7onal design. Mr. Tops has also more than 20 years
experience in IT and his exper7se includes among others IT infrastructure management and SAN
storage architectures.

The interviews were unstructured in-‐depth interviews focusing on the features to be included
or excluded on the defini7on. Unstructured in-‐depth interviews are common in social sciences
research to gain deep understanding of a single concept. As experts received the results of our first
phase several weeks before the interviews took place we could directly discuss these features in
depth. With the results of our expert reviews we restructured some part of our work but no major
modifica7ons were made to our defini7on of cloud compu7ng.
Following our interpreta7ve research paradigm we cannot only rely on wriOen defini7ons and
a few expert reviews but we have to consider also how the meaning of the term “cloud compu7ng” is
currently (re)nego7ated between the most relevant human actors. For this reason we have further
validated our defini7on by analyzing relevant discussions on the most relevant online communi7es.
Due to the emerging character of cloud compu7ng, each of the features of our cloud compu7ng
defini7on was at a certain moment in 7me subject of discussion between the members of the
community. Although we are aware of possible biases in their opinions, several argumenta7ons were
found that helped us in our logical reasoning when including or excluding features from our defini7on
of cloud compu7ng. We decide to include or exclude a feature based on: (1) how many community
members agree (or disagree) (2) how many prac7cal cases confirm or rejects its feasibility.

The second phase of this research aims to iden7fy the current trends, challenges and
opportuni7es in the Dutch Healthcare sector. Among others, the current poli7cal agenda, the role of
ICT in this sector and the policies and legisla7on governing it are taken into account. By analyzing
scien7fic and commercial literature as well as the applicable laws and regula7ons this phase aims to
describe the current barriers and opportuni7es in Dutch healthcare and the role of ICT in that context.
We delimit our analysis in this phase by focusing on one of the largest and most significant ICT
projects in The Netherlands, the introduc7on of a na7onal EPR infrastructure (the EPD infrastructure).
In this phase we con7nue applying a conceptual-‐analy7cal approach to create theory about a
certain part of reality (e.g. IT in Dutch healthcare) based on certain valid assump7ons and premises
(Järvinen, 2003). We start by crea7ng analysis theory when exploring the Dutch healthcare sector in
general. We then con7nue our research by crea7ng explana7on theory aiming to answer why, when,
how and where to use IT in the Dutch healthcare context (Gregor, 2006). In order to achieve this we
apply the literature study research method.
Moreover, we follow a top-‐down approach exploring first the current situa7on of the
healthcare sector in Europe and in The Netherlands in order to iden7fy the main challenges and
opportuni7es in this context. We con7nue then by focusing on IT in the Dutch healthcare sector with
further explora7on of the Dutch electronic pa7ent records system EPD, one of the most significant IT
infrastructures in that sector. In order to facilitate the construc7on of our matching-‐model in the next
phase of our research we have focused further on the EPD cer7fica7on requirements.

(A) Literature Study
As a literature review is an essen7al feature of every scien7fic work we can find several papers
on conduc7ng an accurate literature review in IT research seungs (Webster & Watson, 2002). In order
to iden7fy the relevant literature, previous work suggests that the researcher should focus on the
concepts rather than specific journals, methodologies or geographical loca7ons. For this reason, we
have applied mainly a concept-‐centric method in our search for relevant ar7cles (Webster & Watson,
2002). Furthermore, we have extended our literature list with an author-‐centric approach to explore
more ar7cles wriOen by recognized field experts or very significant organiza7ons.
In our concept-‐centric search process we have searched for the terms “healthcare IT”, “e-‐
Health” and “Dutch healthcare IT” among others. In our author-‐centric approach we have searched for
ar7cles wriOen by field experts (e.g. “Stroetmann”) as well as by relevant public bodies and relevant
organiza7ons (e.g. “European Commission”, “Dutch Ministry of Healthcare”, “NICTIZ”, etc.)
The tools that we used more intensively during our search process are Utrecht University’s
Omega search engine (hOp://omega.library.uu.nl), The ACM digital library (hOp://portal.acm.org), IEEE
Xplore digital library (hOp://ieeexplore.ieee.org), the Web of Science website (hOp://
www.webofscience.com) and Google Scholar (hOp://scholar.google.com). We have evaluated the
ar7cles found by a backward analysis to analyze the cita7ons included in the paper as well as by a
forward analysis to analyzing the cita7ons to that paper from other papers found in the Web of
Science website and Google Scholar.
(B) Expert Reviews

Our analysis of the (Dutch) healthcare sector, the role of IT in that sector and our selec7on of
the EPD as the most significant current IT project in The Netherlands were further validated by an
expert review with Mr Bert Kabbes. Mr Kabbes is Senior Business Consultant at E.Nova7on and has
more than 20 years experience as interim director of several Dutch hospitals. The unstructured in-‐
depth interview confirmed our percep7on of the challenges and opportuni7es in the (Dutch)
healthcare sector as well as the role of IT in the EPD context. We did not perform addi7onal valida7on
on this phase as the main deliverable to be used in the next phase are the EPD requirements which
are explicitly described by NICTIZ and therefore easy to verify by anyone.

In the third phase of our research we shir our approach from conceptual-‐analy7cal to ar7fact
building (Järvinen, 2008). For this reason, in this phase we have applied the design science
methodology to construct a meta-‐ar7fact (e.g. matching-‐model) based on our previous two research
phases that support Dutch healthcare organiza7ons when deploying cloud compu7ng solu7ons to
connect to the EPD. The design science approach is one of the most popular research approaches in

the IS field and it has already been applied from an interpreta7ve perspec7ve like ours (Iivari, 2007)
(Hevner et al., 2004).
Design science can be defined in general as crea7ng innova7ons that improve humans
capabili7es (March & Smith, 1995) (Hevner et al., 2004). In prac7ce we can observe that most of the
work carried out by IS prac77oners focuses on designing the purposeful alloca7on of resources to
accomplish an organiza7onal goal (Hevner et al., 2004). For this reason most IT projects are designed
to improve opera7onal efficiency and effec7veness. This is also the essence of the design science
approach as it is a problem-‐solving paradigm that focuses on crea7ng ar7facts that support the
effec7ve and efficient use of informa7on systems in organiza7ons (Hevner et al., 2004). The goal of
our matching-‐model is therefore to support prac77oners in the deployment of solu7ons following the
cloud compu7ng model that could improve organiza7onal performance of healthcare organiza7ons in
the na7onal pa7ent system context.
According to Iivary's ontology of design science the third phase of our research can be
classified as World 3, this means that the explana7on to reality is achieved by meta IT ar7facts as we
aim to develop "new types of theories made possible by IT ar7facts" (Iivari, 2007). The theory we aim
to create is found in our matching-‐model where we aim to explore the challenges and opportuni7es of
cloud compu7ng in Dutch healthcare.
Within the design science research approach we can observe two main ac7vi7es: ar7fact
building and ar7fact evalua7on (Hevner et al., 2004) (March & Smith, 1995) (Iivari, 2007). The purpose
of this research approach can be therefore found in two dimensions: crea7ng an ar7fact to
demonstrate that such an ar7fact can be build and evalua7ng its performance against specific criteria.
(A) Ar*fact Building

According to previous research there are four types of design science products: constructs,
models, methods and implementa7ons (March & Smith, 1995). Our research aims to build a meta-‐
ar7fact (e.g. matching-‐model) to evaluate the applicability of cloud compu7ng in the Dutch healthcare
context by analyzing the support (or delimita7on) of cloud compu7ng features in EPD requirements.
The crea7on of knowledge in design science is based on a set of basic assump7ons (e.g. kernel
theories) that are applied and modified by the researcher's experience, crea7vity, intui7on and
problem-‐solving capabili7es (Hevner et al., 2004). We have elaborated our kernel theories during the
first research phases that have resulted in two basic constructs: our defini7on of cloud compu7ng and
the lists of requirements to connect to the Dutch na7onal pa7ent infrastructure (EPD).
Previous work on design science has iden7fied eight main components of a design theory
(Gregor & Jones, 2007). The design theory must state its purpose and scope as well as the principles of
form and func7on for the use of constructs. The validity of the theory is improved by addressing
ar7fact mutability, tes7ng proposi7ons and jus7fying knowledge through kernel theories. The theory

is finally put into prac7ce by following principles of implementa7on and developing an expository
instan7a7on.
The purpose of our design science theory is to explore the feasibility of cloud compu7ng
solu7ons in an specific scope determined by the characteris7cs of the Dutch healthcare sector. We
provide a extensive descrip7on in phase one and two about how we build our two basic constructs
and the kernel theories applied in the process. To reduce the risk of ar7fact mutability we validate our
two basic constructs before including them in our matching-‐model. Due to the innova7ve character of
our research subject (e.g. cloud compu7ng) we could not perform any implementa7on or instan7a7on
of the matching-‐model. However, these does not represent a cri7cal shortcoming in our research as
these components are regarded in previous work as addi7onal non-‐core components (Gregor & Jones,
2007).
Transparency on the construc7on of meta-‐ar7facts in design science is regarded by some

authors as an important requirement (Iivari, 2007). For this reason, in the first two phases we have
described in detail the process of crea7ng and the basic elements of our matching-‐model: our cloud
compu7ng defini7on and the requirements to connect to the EPD.
The main goal of the ar7fact building research approach is to explore if a certain ar7fact
(abstract or concrete) can be constructed (Järvinen, 2000). By building our matching-‐model we
demonstrate therefore that such meta-‐ar7fact can be build based on our assump7ons and premises.
Moreover, our matching-‐model can be used as an intellectual tool to support human problem-‐solving
and improve organiza7onal capabili7es in the Dutch healthcare context which is a common goal found
in design science research (Hevner et al., 2004).
When execu7ng the third phase of our research we have followed Hevner's guidelines for
design science in IS research (Hevner et al., 2004). This guidelines are based on the assump7on that
knowledge over a design problem and its solu7on is created when building and applying an
ar7fact. According to Hevner, design science research focuses on the crea7on of an innova7ve
purposeful ar7facts for a specific problem domain where the ar7fact aims to solve an unsolved
problem or a known problem in a more efficient or effec7ve way. For this reason, the ar7fact must be
rigorously defined, formally represented, coherent, internally consistent and evaluated. Hevner's
guidelines for design science research are depicted in table 3.

Table 3: Hevner’s design science research guidelines (Hevner et al., 2004)
Guideline Descrip*on
Design-‐science research must produce a viable ar7fact in the form of a construct, a
(1) Design as an ar7fact
model, a method, or an instan7a7on.
The objec7ve of design-‐science research is to develop technology-‐based solu7ons
(2) Problem Relevance
to important and relevant business problems.
The u7lity, quality, and efficacy of a design ar7fact must be rigorously demonstrated
(3) Design Evalua7on
via well-‐executed evalua7on methods.
Effec7ve design-‐science research must provide clear and verifiable contribu7ons in
(4) Research Contribu7ons
the areas of the design ar7fact, design founda7ons, and/or design methodologies.
Design-‐science research relies upon the applica7on of rigorous methods in both the
(5) Research Rigor
construc7on and evalua7on of the design ar7fact.
The search for an effec7ve ar7fact requires u7lizing available means to reach
(6) Design as a Search Process
desired ends while sa7sfying laws in the problem environment.
Design-‐science research must be presented effec7vely both to technology-‐oriented
(7) Communica7on of Research
as well as management-‐oriented audiences.
It is important to note that this guidelines should not be considered mandatory as the
researcher must use his/her crea7ve skills and judgment to determine when, where and how to apply
each guideline in an specific research (Hevner et al., 2004). The applica7on of these guidelines in our
ar7fact building process is described further in this research when describing the elabora7on of our
matching-‐model in the third phase of our research.
(B) Ar*fact Evalua*on

The field of design science in IS research is regarded in previous work as an applied science
discipline reflec7ng the importance of IT (meta-‐)ar7facts that enable the development of concrete IT
applica7ons (Iivari, 2007). This is also the main goal of our research, to develop a meta-‐ar7fact (our
matching-‐model) to facilitate the deployment of cloud compu7ng solu7ons in an specific context
(healthcare in The Netherlands). A design science ar7fact can therefore be evaluated by analyzing how
that ar7fact achieves its goal in prac7ce (u7lity and quality) and how efficient it is in achieving it
(Hevner et al., 2004). However, there are significant barriers for evalua7ng ar7facts as they are related
to the environment where they operate (March & Smith, 1995).
According to previous work, the resul7ng meta-‐ar7facts must include knowledge that enables
product and process design (Iivari, 2007). We believe that our matching-‐model contains knowledge
that can support prac77oners in the design of new (or modified) cloud products and as well as in the
design of cloud related processes. By matching a poten7al solu7on with our cloud compu7ng features
and evalua7ng the requirements enforced by NICTIZ an organiza7on can select the solu7on that best
fits their needs in that context.

It is important to note that although we could not create an instan7a7on of the matching-‐
model in prac7ce we validated its completeness and accuracy with expert reviews and es7mated its
usability, func7onality and consistency with the same method. More details on the expert reviews of
our matching-‐model can be found in the sec7on describing the third phase of our research.
A final remark should be made on the fact that the quality of design science ar7facts improves
when subsequent evalua7ons are performed as they oren result in incremental improvements
(Hevner et al., 2004) (Gregor & Jones, 2007). However, we could not improve any exis7ng model as we
could not find any similar meta-‐ar7fact in previous literature. For this reason we had to create a new
meta-‐ar7fact that can be evaluated and improved in further research. This is a typical situa7on when
applying design science to build new or innova7ve ar7facts as theories over the applica7on and
impact of these ar7facts can be created once the ar7facts are applied in prac7ce (Hevner et al., 2004).
6. Prac*cal and Scien*fic Contribu*on

(A) Prac*cal Contribu*on
The prac7cal contribu7on of this research can be found in current ICT trends and the actual
economic environment. The current global economic malaise triggered by the credit crisis during the
last quarter of 2008 has affected all kinds of companies around the world. Due to the lack of credit
and credibility in financial markets, informa7on and communica7on (ICT) firms and departments must
carefully evaluate every new project to make sure it provides the business value needed under these
circumstances. Specially during 7mes of economic recession, IT managers are increasingly required to
be crea7ve in finding solu7ons that would reduce their IT budgets (Molenaar, 2009). In this context,
ICT companies and departments are trying to evaluate all possible ways to reduce costs or to increase
performance. One of these approaches is ‘Lean IT’ (Zaal, 2009) which aims to solve the problem of ICT
“overweight” and avoid overspending. Other increasingly popular approaches are Sorware as a
Service (SaaS), Infrastructure as a Service (IaaS) and Cloud Compu7ng.
According to some authors, the way companies make use of ICT is recently changing to a
paradigm where infrastructures and applica7ons become u7li7es and will simply come out off the wall
like common u7li7es do (e.g. electricity). In his books “Does IT maOer” and “ The Big Switch” Nicholas
Carr predicts the end of corporate ICT departments due to the increasing standardiza7on and
availability of technological infrastructures and applica7ons (Molenaar, 2009). Mr Carr affirms that this
situa7on will realize savings of unused server and storage capacity as well as on human resources.
However, not all ICT experts agree fully with Carr’s predic7ons. Mr Ron Tolido (CTO of
Capgemini in The Netherlands) notes that applica7ons that can be standardized (the great majority)
should be contracted off the wall, realloca7ng their costs to those essen7al applica7ons (the minority)
that contribute to an organiza7on’s compe77ve advantage (Molenaar, 2009). Other experts, like Prof.
dr. Chris Verhoef of Vrije Universiteit Amsterdam, affirms that ICT s7ll provides companies with a

compe77ve edge to differen7ate themselves from their compe7tors by applying infrastructures and
applica7ons designed according to specific business processes and by solving specific business needs.
The growing popularity and adop7on of SaaS and IaaS technologies are clear examples of the
switch that ICT is experiencing towards a service model delivered through internet technologies. Some
important players in the ICT industry (e.g. HP, Microsor, etc.) are using terms like ‘everything as a
service' where the internet is extended to the enterprise instead of the enterprise being just
connected to the internet. This new vision requires new forms of understanding and organizing
enterprises and their value chains.
In their 2008 predic7ons (Plummer & McGee, 2008) Gartner research an7cipated the growing
popularity of SaaS and Cloud Compu7ng as viable op7ons to internal systems and outsourcing. In
accordance with Gartner’s predic7ons, web technologies had become the main trigger for business
innova7on. It is clear that in the context of these new emerging delivery models, IT capabili7es will
evolve significantly due to disrup7ve changes in what end users will buy and how they will pay for it.
Network services and service orchestra7on will therefore become more cri7cal to business
performance because they enable the use of other sorware and hardware.
In the annual Gartner’s CIO survey (McGee et al., 2008), strategic ICT focus, the use of specific
business metrics to quan7fy ICT’s value and the priori7za7on of ICT projects are believed to create the
greatest growth opportuni7es for enterprises during the coming years. CIOs around the world believe
their department can play a crucial role in the short term by improving business processes and
workforce performance while controlling costs. On the long term technology can also enable new
strategic capabili7es for organiza7ons.
This switch in CIOs’ agendas and the increasingly popular concept of compu7ng u7li7es have
inspired this research. Although tradi7onal strategies (e.g. opera7onal efficiency, product
differen7a7on, etc.) remain essen7al requirements for success, an enterprise needs nowadays to
dynamically adapt its ICT organiza7on to rapidly changing business needs in order to aOract and retain
customers (McGee et al., 2008). The focus is nowadays not strictly on technological management but
on 7mely changing the firm’s capabili7es to enforce its compe77veness. Not reac7ng or reac7ng too
late to customer’s demand can have direct consequences for organiza7onal performance.
It is also important to note that “Delivering projects that enable business growth” and “Linking
business and IT strategies and plans” have been CIOs’ top two priori7es during the last years (2005 to
2007) (McGee et al., 2008). These two main priori7es are followed by “Improving the quality of IT
service delivery” and “Demonstra7ng the business value of IT” among others. A business driven ICT
organiza7on has therefore become one of the most important objec7ves of current CIOs.

The growing popularity of Cloud Compu7ng contributes to the realiza7on of ‘real-‐7me
infrastructure’ (RTI) which results in substan7ally lower costs, higher service levels and improved
agility (McGee et al., 2008). This approach facilitates the automa7on and dynamic adjustment of an
organiza7on’s technological infrastructure to fulfill cri7cal business needs at a par7cular point in 7me
and their rapid changes in the future.
Another important trend no7ced by Gartner is the idea that Service Oriented Architecture
(SOA) will become the standard design for more than 80% of new and mission-‐cri7cal applica7ons and
business processes by 2010. Consequently redundant and irrelevant applica7ons will be phaced out.
According to Gartner (McGee et al., 2008), “the future applica7on environment will be more granular,
inclusive and fluid to enable rapid composi7on, integra7on, orchestra7on and reuse.”
(B) Scien*fic Contribu*on

A great deal of previous IS research has focused on the con7nuos rela7onships between IT,
individuals and organiza7ons with a focus on the social processes surrounding the
deployment, development, use, misuse or disuse of IT (Orlikowski & Baroudi, 1991). Our work
con7nues this path by analyzing the feasibility of emerging cloud compu7ng solu7ons in the Dutch
electronic pa7ent records system. The rela7onships between IT consumers and IT providers has been
subject of several IS researches (Orlikowski & Baroudi, 1991). As cloud compu7ng is expected to
disrup7vely transform this rela7onship, our work can be further applied in future research related to
this delivery model in Dutch healthcare environments.
In previous scien7fic papers we can find six main types of research outputs (descrip7ons of
reality, constructs, models, methods, instan7a7ons and proofs) depending on the research approach
followed (Järvinen, 2000). During our research we provide descrip7ons of two parts of reality (e.g.
cloud compu7ng and IT in Dutch healthcare) to construct our defini7on of cloud compu7ng and our
matching-‐model. Moreover, we cannot find the same combina7on of methods that we have applied
during our research which cons7tutes an addi7on to the research body of knowledge.
The extensive analysis and descrip7ons about parts of reality in phase one and two of our
thesis are specially valuable in research seung with few knowledge available about some phenomena
(Gregor, 2006). We create our defini7on of cloud compu7ng from an interpreta7ve perspec7ve taking
into account how its meaning is (re)created by human interac7on on online communi7es. This
methodology can also be regarded as an addi7on to the body of knowledge of research methods as it
has not yet been oren applied in previous research. Moreover by delivering a consistent defini7on of
the concept we facilitate future cloud compu7ng research.
In general, the design science building-‐ar7fact approach applied in the third phase of our
research aims to create a certain abstract or concrete ar7fact (e.g. system, model, method, etc.)
(Järvinen, 2000). Following this approach we have created a matching-‐model to link the two basic
constructs created in the first two phases. As in previous design science research the scien7fic

contribu7on of this part of our work can be measured by examining the suitability of our ar7fact to an
specific context and the addi7ons to the knowledge base from our research findings (Hevner et al.,
2004). In our research the suitability of our ar7fact has been es7mated by expert reviews while our
cloud compu7ng defini7on and our matching-‐model can be regarded as the most significant addi7ons
to the IS body of knowledge base.
According to Gregor's taxonomy types and research ques7ons in IS research the theory created
in our research can be classified as Analysis (phase one), Analysis and Explana7on (phase two) and
Design (phase 3) (Gregor, 2006). This classifica7on is derived from the type of research ques7on that
we aim to answer. In our first research phase we focus primarily on what is cloud compu7ng (Analysis
theory) while in the second phase we add also ques7ons related to why, when, how and where to use
IT in Dutch healthcare (Explana7on theory). With our matching-‐model we create Design Theory as we
aim to answer the ques7on on how to use cloud compu7ng in the EPD context.
Theory that analyses some part of reality is specially valuable when there is few knowledge
about some phenomena (Gregor, 2006). This is also the case in our research as there is almost no
scien7fic publica7ons on cloud compu7ng. Theory for explaining is oren concerned with how and why
some phenomena takes place (Gregor, 2006). This is what we have aimed to do in our second research
phase where we inves7gate the requirements to use IT in Dutch healthcare (how) and the mo7va7on
to use an specific system (why). In the design type of theory the focus lies on how (e.g. func7ons,
models, methods, etc.) to support IS development as it the case of our matching-‐model(Gregor,
2006).
The interconnec7on between the types of theories has also been subject of previous research
(Gregor, 2006). Theories for Design are derived from theories for Explaining and Analyzing among
others, while theories for Explaining are strictly derived from theories for Analyzing. These
interconnec7ons are also reflected in our research as we have designed our matching-‐model based on
our previous analysis and explana7on in building our basic constructs in the first two phases.
Previous work has shown how pluralism of paradigms, approaches and methodologies is
essen7al for a good IS research agenda (Chen & Hirschheim, 2004). It is therefore essen7al that
researchers consider different approaches and methods (other than the dominant ones) to contribute
to the body of knowledge of IS research. This is reflected on the fact that the interpreta7ve research
approach is gaining popularity and acceptance by major journals (e.g. MIS Quarterly) during the last
decade being applied by an increasingly number of published researches. It is important to note that
applying different research perspec7ves can poten7ally lead to significant improvements in IS research
(Orlikowski & Baroudi, 1991). Our applica7on of the interpreta7ve approach in an IS research leads
therefore to pluralism in IS research as it is not a dominant approach in that field.

7. Research Validity
In general, a research’s validity can be measured by examining the applicability of the results to
different (sub)popula7ons and other seungs (generaliza7on and external validity), the accuracy of
those results (internal validity) and reliability through replicability (Jenkins, 1985).
To overcome one of the most common mistakes in design science research (the overemphasis
on technology) we have also carefully considered the organiza7onal embedding of IT in our research
(Hevner et al., 2004). For this reason, we have analyze not only emerging technology (e.g. cloud
compu7ng solu7ons) but also how it can be applied in an specific context (e.g. Dutch healthcare).
As we focus our research on a specific sector and country, the generaliza7on and external
validity of our research is limited to all organiza7ons in that country and sector. According to the
expert reviews performed, our results can be applied to all Dutch healthcare organiza7ons considering
cloud compu7ng solu7ons to connect to the electronic na7onal records system. Although the accuracy
of our results has been evaluated arer each phase of our research we believe that it should be further
evaluated applying our model in a real life situa7on. Incremental improvement of ar7facts over 7me
are typical in design science research, specially when inves7ga7ng evolving IT phenomena (Hevner et
al., 2004). Taking into account our research paradigm, approach and methods we believe that our
research can be replicated leading to the same results.
A remark should be made on the fact that many previous design science research was
accomplished in situa7ons where the exis7ng knowledge base was insufficient (Hevner et al., 2004). In
our case we could not find much available knowledge regarding cloud compu7ng and its applicability
on a Dutch healthcare seung. For this reason, we had to rely on intui7on, experience and trial-‐and-‐
error methods to achieve our research goal (Hevner et al., 2004). Nevertheless, to improve the
internal validity of our findings we have described our research approach and methods in each phase.
A final remark should be made on the fact in accordance with our interpreta7ve research
perspec7ve our findings are as a part of our human constructed reality also limited by our
interpreta7on of reality and our human reasoning capabili7es.


Research Phase 1: Defini*on of Cloud Compu*ng
There are a lot of expecta7ons on Cloud Compu7ng as it is believed to disrup7vely transform
the deployment and management of IT resources, minimize implementa7on and opera7onal costs,
accelerate innova7on and improve applica7on’s 7me-‐to-‐market and scalability (Spinola, 2009).
According to Capgemini, Cloud Compu7ng represents a new IT delivery method that is expected to
change the way of doing business in the near future (Ross, Payling, & Gough, 2008). As users are
focusing increasingly on the capabili7es provided instead of the underlaying infrastructure it has
become more important how services are consumed rather than how they are deployed (Stevens &
PeOey, 2008).
Cloud Compu7ng is expected to transform the IT industry deeply in the coming years as it
represents the first steps towards U7lity Compu7ng. This development is a direct consequence of the
increasing standardiza7on and consumeriza7on of IT capabili7es. According to The Wall Street Journal
the Cloud Compu7ng industry is es7mated to reach $42 billion turnover by 2012 which represents
around half of the current sorware industry worldwide (Hinchcliffe, 2009) (McLaughlin, 2009a).
In a recent research among Dutch ICT providers, around 70% of them expect that their
turnover is going to increase during 2009 (Wijkstra, 2009). They are experiencing a shir in focus of
their IT budgets. Instead of considering investments in networks, infrastructure and storage they are
increasingly considering SaaS and Cloud Compu7ng as interes7ng outsourcing alterna7ves (Wijkstra,
2009). This is specially the case in public, semi-‐public and Health Care organiza7ons. The shir in
investment alterna7ves is depicted in figure 2.
Figure 2: ICT Investments areas 2009 & 2008 (Marquit Research, May 2009)
56%
49%
40%
31% 29%
21% 21% 24%
20% 19% 19%
13% 10% 10%
9%
4%
Virtualization SaaS Outsourcing Security Cloud Computing Storage Infrastructure Networks
2008 2009
Although the concept of Cloud Compu7ng has emerged around 2006 it has already generated
an unprecedented hype in the IT industry. Almost all major hardware and sorware manufacturers,
consultant organiza7ons, analysts and telecom providers have become highly involved in Cloud

Compu7ng during 2009. A great diversity of offerings has been launched recently ranging from
sorware and advise to build clouds, to sorware services or on-‐demand infrastructures.
As almost all the major ICT vendors are rolling out their Cloud Compu7ng solu7ons during
2009, they try to convince enterprise users that they are the “one and only” Cloud Compu7ng
plaxorm suppor7ng their arguments with yet another defini7on of the cloud (Golden, 2009). It is
therefore needed to define the term Cloud Compu7ng and facilitate its comparison with other
compu7ng forms as well as to iden7fy its main challenges and opportuni7es (Armbrust et al., 2009).
In the following sec7ons we analyze different perspec7ves on Cloud Compu7ng to combine
them into a defini7on to be used further in our research. We start delimi7ng the scope of our analysis
by describing the most relevant developments on the business and IT fields that can be related to this
new delivery model. Once the context has been delimited, we elaborate a research defini7on of Cloud
Compu7ng by analyzing previous defini7ons from scien7fic papers, commercial media, ICT analysts,
consultants and standards organiza7ons.
Based on our defini7on of Cloud Compu7ng, we con7nue this phase by providing a taxonomy
of cloud services and a brief descrip7on of its most relevant use paOerns and economic
considera7ons. Furthermore, we con7nue our analysis by describing the risks associated with this new
model with a special focus on security. We conclude this phase by providing a vendor analysis of the
three most popular IaaS and PaaS solu7ons and some models to support the evalua7on and adop7on
of current offerings. At the end of this phase we present the conclusions of this phase and ideas for
further research in the field of Cloud Compu7ng.

1. Context and Enabling Factors
To delimit the context of our research we begin this sec7on by describing the current trends in
business (sec7on 1.1.) and technology (sec7on 1.2.) with a focus on those that have contributed to
the emergence of the Cloud Compu7ng model. At the end of this sec7on (sec7on 1.3.) we analyze the
hype surrounding this new paradigm.
1.1. Business Trends

Based on interviews with C level execu7ves worldwide, Gartner research has elaborated a list
of the top ten business priori7es for 2009 (see table 4). These priori7es aim to cover the current
business trends that organiza7ons come across when doing business. In this subsec7on we will discuss
the main trends related to the emergence of Cloud Compu7ng.
Table 4: Top 10 Business Priori*es for 2009 (Gartner, 2009) Firm’s IT infrastructures have grown
significantly during the past decades. When
more IT resources where needed, new
hardware was bought and placed in the firm’s
data center. This lack of workload consolida7on
has led to resource waste and oren to
unsustainable and inefficient data centers
(Siegele, 2008). As data centers grow, more
resources, people and 7me is needed to
properly manage them. The current economic
recession will make companies reconsider this
situa7on as firms are reducing their (IT) budgets
and therefore they are forced to operate more
efficiently (Kirsner, 2009). In this context, Cloud Compu7ng can be a useful tool to reorganize IT
resources while saving costs by op7mizing current and future ICT investments (Spinola, 2009).
Due to globaliza7on, companies can now access new markets and gain and retain new
customers by accelera7ng innova7on to deliver new products and services faster. The Internet
provides access to a large amount of informa7on and it is being widely used by consumers to evaluate
their purchasing decisions. As consumers nowadays have access to large amounts of informa7on they
are oren categorized as prosumers (professional consumers). Organiza7ons need to pull consumers
towards their products and services (e.g. fostering customer engagement, branding, etc.) instead of
pushing those products to consumers (as it was done in the past) by deploying large marke7ng
campaigns.

1.2. Technology Trends
Beside the top ten business priori7es, Gartner research also elaborates a yearly list of the top
ten technology priori7es (see table 5). The popularity of the SaaS business model for sorware delivery
has lead to several forms of IT capabili7es “as-‐a-‐service” like Infrastructure-‐as-‐a-‐Service (IaaS) or
Plaxorms-‐as-‐a-‐service (PaaS). Cloud Compu7ng is a logical evolu7on from this point of view, and in
this sense can be considered as “compu7ng-‐as-‐a-‐service” and it includes all these exis7ng models.
One of the most important implica7ons of the Cloud Compu7ng model is the disaggrega7on of IT
capabili7es into services (Siegele, 2008).
Table 5: Top 10 Technology Priori*es for 2009 (Gartner, 2009) Other trend triggering the emergence of
Cloud Compu7ng are the customiza7on and
service orienta7on character of the Internet.
Instead of having few long term supply
rela7onships with high margins and deep
commitment levels between the chain par7es,
new forms of supply chains have emerged
focusing more on having many short term supply
rela7onships with low margins and low
commitment between firms (Armbrust et al.,
2009).
Computers have evolved significantly

during the past two decades. From the mainframe 7mes where a single computer required a whole
floor to the client-‐server architecture and thin clients, computers have experience a process of
becoming an u7lity on-‐demand where compu7ng resources are accessible from any place (Siegele,
2008). Computer capabili7es are no longer limited by physical loca7ons or available technical
knowledge as anyone can launch nowadays a en7re online business without owning any
computa7onal resources.
In this context, ICT infrastructures are evolving from distributed models towards centralized
models that are accessible from everywhere any7me (Arnold, 2008a) (Weiss, 2007). We are currently
living in a networked era where we must be con7nuously online. As a result, we can observe a
growing number of web enable devices (e.g. Kindle, iPhone, etc.) as well as an increasing number of
web based sorware applica7ons. Partly due to these developments, hardware and sorware are
becoming standard products which drives prices down in a process that some prac77oners call “the
consumeriza7on of IT”.
Sorware applica7ons have also evolved significantly over the last years. The popularity of rich
internet applica7ons (e.g. mashups, web 2.0 tools, etc.) implie also new infrastructural needs.
Applica7ons that need to respond real-‐7me to human-‐computer interac7ons require a high level of

availability and oren make use of extensive data (Armbrust et al., 2009). Hos7ng these applica7ons on
the cloud would decrease response and processing 7me improving the overall user experience.
Specially in the case of applica7ons that gather data from more than one source (e.g. mashups).
Another example is the real-‐7me web, where content is gathered on the fly from mul7ple sources and
with almost no delay between content genera7on and content indexing and presenta7on.
As sorware becomes more complex and interconnected, some computa7onal tasks might
need to process large data sets concurrently which requires high processing power. These tasks cannot
be carried out on a single computer but need to be performed horizontally on supercomputers or
grids. Due to the fact that these high level computa7onal resources are not (financially) accessible to
everyone, an op7onal method could be to perform these tasks using Cloud Compu7ng. Following this
model one hour on 100 cloud servers costs the same that 100 hours on one single cloud server.
Therefore it might be more economically interes7ng to process these tasks on the cloud (Armbrust et
al., 2009).
Some of the most interes7ng developments during 2009 were the emergence and popularity
of netbooks (e.g. thin client laptops), the launch of Goggle’s web based opera7ng system (OS) Chrome
OS and the increasing SaaS adop7on. This developments indicate a shir to new architecture where
clients adopt an interface role to a server based compu7ng plaxorm. IT is becoming more
disembodied as resources can be consumed on-‐demand just for the task at hand (Siegele, 2008). If we
add the advances in networking technologies resul7ng in faster internet connec7ons we can observe
that ICT is transforming from a product oriented industry to a service oriented market.
Collabora7on in the cloud can be best explained by observing the popularity of mashups
applica7ons (Cunningham & Wilkins, 2009). Mashups are web applica7on on the cloud that combine
exi7ng services to create a new service. This concept of innova7on trough reuse facilitates the rapid
crea7on of new applica7ons without reinven7ng the wheel one more 7me (Arnold, 2008a).
The majority of medium and large enterprises invest in their own data centers. The costs
incurred in running an on-‐premises data center include among others real estate, hardware, power,
cooling (50% of total energy expenses) and maintenance. A firm needs however to plan their data
centers to support worst-‐case scenarios, resul7ng in addi7onal costs for back up and resource
redundancy. In prac7ce, the high peak situa7ons accounted for when provisioning resources occur
infrequently (Weiss, 2007) (DAuria & Nash, 2009) (Cunningham & Wilkins, 2009). As a consequence,
fully resource u7liza7on is achieved only in 10 percent of the full 7me the resource is running. This
means that 90 percent of 7me resources are idle, consuming electricity and space but not adding any
value to the organiza7on (Leighton, 2009) (Brown, 2009c). In the current environmental context
where energy prices rise to levels unknown un7l now, the largest ICT organiza7ons (e.g. Google,
Microsor, IBM, etc.) are building their new data center near cheap sources of energy (e.g.
hydroelectric facili7es) and close to important Internet nodes to guarantee a good connec7vity (Weiss,
2007).

An interes7ng methodology to determine which technologies can be regarded as sources of
compe77ve advantage is performed on Gartner’s research “Technologies you can’t afford to
miss” (Gartner, 2009) which is depicted in table 6. As shown in the table, Cloud Compu7ng is
considered the number one strategic technology for 2010 rising up from the third posi7on in 2009 and
combining it with web-‐oriented architectures (rank 7 in 2009 report) and Enterprise Mashups (rank 8
in 2009 report). Some of the trends described in this sec7on are also included as technologies of
strategic importance for 2010.
Table 6: Strategic Technology Areas (Gartner, 2009)
Rank 2010 Technology Evolu*on from 2009 ranking

1 Cloud Compu7ng Cloud Compu7ng (3)
2 Advanced Analy7cs Business Intelligence (2)
3 Client Compu7ng Virtualiza7on (1)
4 IT for Green Green IT (4)
5 Reshaping the Data Center Virtualiza7on (1)
6 Social Compu7ng Social Sorware and Social Networking (6)
7 Security & Ac7vity Monitoring new in ranking
8 Flash Memory new in ranking
9 Virtualiza7on for Availability Virtualiza7on (1)
10 Mobile Applica7ons new in ranking
From the trends described in the previous paragraphs we can consider some of them as the
most significant factors that have influenced the emergence of Cloud Compu7ng solu7ons. Among
others, SaaS, Open Source, Web 2.0 applica7ons (e.g. web based collabora7on, social networks and
wikis), the consumeriza7on of technology are iden7fied by Gartner research as important enablers
(Fergusson, 2008) (Cunningham & Wilkins, 2009). Moreover, the ubiquity of worldwide broadband
access, the increasing number of Internet devices (e.g. iPhone, Android, Netbooks, etc.), the trend of
con7nuous connec7vity are also regarded as significant influencing factors (Arnold, 2008b).
Nevertheless, it is clear that Cloud Compu7ng represents a logical evolu7on from the popularity of
web services and service oriented architectures (SOA) (Holliday, 2009).
1.3. The Hype Around Cloud Compu*ng

When reading any ICT related publica7on it is clear that Cloud Compu7ng is crea7ng a hype
within the IT industry (Cunningham & Wilkins, 2009) (Brynko, 2008). If we look at the search volume
through Googles' search engine (provided by Google Trends) we can observe that the term first
appeared on search queries in the last half of 2007 (see figure 3). In around a year 7me, the number
of search queries mul7plied by ten which represents the large hype it created over such a short period
of 7me.

Figure 3: Cloud Compu*ng Search Volume (Google Trends, June 2009)
! !
Another indicator of the hype Cloud Compu7ng is crea7ng is the growing number of
companies launching Cloud Compu7ng solu7ons during 2009 (Hinchcliffe, 2009). There are however
significant differences among these offerings. Sun for example announced at the beginning of 2009 his
new cloud service which is API compa7ble at the storage level with Amazon’s cloud storage solu7on
S3. On the other hand, in July 2009 Microsor presented its Cloud Compu7ng solu7on, Windows Azure
which will open to the public at the beginning of 2010.
One of the most popular hype measurement methods in the IT industry is Gartner’s Hype Cycle
(see figure 4). In their latest version (July 2009) Gartner places Cloud Compu7ng at the “Peak of
Inflated Expecta7ons” with mainstream adop7on expected to take place in a period of two to five
years. Based on this model we can assume that Cloud Compu7ng s7lls need to experience a period of
disillusionment (Gartner’s Trough of Disillusionment) where “over” promises and misunderstandings
will be filtered and therefore reducing the current hype. Arer that period, Cloud Compu7ng solu7ons
will follow a gradual adop7on process where the real benefits become clearer as they are proven in
vendor’s offerings (Gartner’s Slope of Enlightenment and Plateau of Produc7vity).
Figure 4: Gartner Hype Cycle (July 2009)

Although we agree on the fact that the term Cloud Compu7ng is experiencing a
dispropor7onate hype, we also believe that it represents a shir towards a new computer paradigm
that will have significant implica7ons for the delivery of IT capabili7es in the coming years. For this
reason it is now 7me for organiza7ons of all sizes and industries to carefully evaluate it and get
acquainted with it. As major vendors embrace this new form of IT delivery, enterprises should
consider it as a viable op7on to their “Make versus Buy” analysis. Moreover, we can already find many
Fortune 500 enterprises and public organiza7ons (e.g. The Wall Street Journal, BMW, USA
government, etc.) among the early adopters of this new model.
Due to the hype surrounding the concept of Cloud Compu7ng, some prac77oners tend to
consider it as the new revolu7on in technology. However, despite its indisputable disrup7ve character
Cloud Compu7ng is rather an evolu7on from a technology perspec7ve and a revolu7on from a
business perspec7ve. Cloud Compu7ng can be considered as the logical evolu7on from service
orienta7on (e.g. SOA, Web Services, etc.), grid compu7ng, server compu7ng and faster network
devices and speed. From a business perspec7ve, Cloud Compu7ng represents innova7ve ways to
reduce capital costs, to focus on core IT opera7ons (e.g. sources of differen7a7on) and to enable the
agility needed to react to changing market condi7ons.

2. Cloud Compu*ng Defini*on
In order to obtain a research defini7on of Cloud Compu7ng we will first analyze the concept of
u7lity compu7ng (sec7on 2.1) to con7nue with the defini7ons found in scien7fic literature (sec7on
2.2), commercial publica7ons (sec7on 2.3), IT consultants and analysts reports (sec7on 2.4) and
standards organiza7ons (sec7on 2.5). Furthermore we will analyze the roles involved in Cloud
Compu7ng (sec7on 2.6) to end this sec7on by comparing the found defini7ons and filtering out the
individual common components that are used. Our final research defini7on of Cloud Compu7ng is
presented in the last sec7on (sec7on 2.7).
2.1. U*lity Compu*ng

The idea of U7lity Compu7ng was first envisioned at MIT's centennial celebra7ons in 1961 by
John McCarthy, a computer scien7st ac7vely involved in Ar7ficial Intelligence. The process of “u7lity-‐
za7on” where a resource that once was a key differen7ator becomes an u7lity and therefore its
produc7on is done by third par7es in order to achieve cost efficiency has been repeatedly observed in
last decennia's. Cloud Compu7ng is considered by many experts to be the logical evolu7on towards
compu7ng as an u7lity (Baker, 2007).
Mr Nicholas Carr’s books “ The Big Switch” and “IT does not maOer” have been very influen7al
in the IT community. Mr Carr predicts the end of the IT department as compu7ng technology
undergoes a shir from a compe77ve advantage enabler towards and u7lity model (like electricity)
where IT infrastructure and applica7ons are delivered off the wall. This vision is shared by some
prac77oners (Kirsner, 2009) and regarded as incomplete by others (Molenaar, 2009). Some experts
believe that standard IT resources (the great majority) are good candidates to be contracted as an
u7lity. However there are a number of IT resources (the minority) that are enablers of differen7a7on
and should therefore not be contracted from third par7es (Molenaar, 2009).
In his first book (“IT does not maOer”) Mr Carr described a shir that informa7on technology is
experiencing towards a service model delivered through Internet. According to Mr Hans Daniels
(HewleO Packard director in The Netherlands) this is fully in line with HP’s vision (Molenaar, 2009). HP
believes that ICT delivery is going to evolve in a “everything-‐as-‐a-‐sevice” model which implies deep
consequences not only for the IT department but also to the rest of the organiza7on (e.g. business
processes, supply chain management, etc.).
An example of a resource that has gone through this process of becoming an u7lity is
electricity (Carr, 2008) (Baker, 2007) (Buyya, Yeo, Venugopal, et al., 2009). During the second world
war manufacturing companies had to produce their own electricity to be able to manufacture more
and faster than their compe7tors. However, soon arer the war finished electricity became an u7lity
and therefore all the internal’s electricity generators of firms became obsolete. External electricity

providers could deliver it cheaper due to the economies of scale and sta7s7cal mul7plexing achieved
by delivering energy to various firms.
Another example of technology “u7lity-‐za7on” can be found in the hardware industry

(Armbrust et al., 2009). Hardware manufacturers had to invest in the produc7on of their own
semiconductors as a key advantage to produce beOer and faster hardware than their compe7tors. As
semiconductor’s manufacturing equipment became more expensive, the economic advantages of
purchasing such a facility were minimized, triggering a shir towards the externaliza7on of its
produc7on. Only companies requiring a great number of chips (e.g. Samsung, Intel, etc.) could s7ll
afford to produce their own semiconductors. As a consequence, companies emerged that were
specialized in the produc7on of semiconductors like for example Taiwan Semiconductor
Manufacturing Company (TSMC) (Armbrust et al., 2009). These specialized manufacturers can be
profitable by achieving economies of scale and mul7plexing in their offerings. This externaliza7on of
resource manufacturing allows firms to conduct business without the upfront investment, opera7onal
costs and associated risks of having their own resource manufacturing facili7es (Buyya, Yeo,
Venugopal, 2008).
2.2. Scien*fic Defini*ons

Due to its innova7ve character there are few scien7fic defini7ons of Cloud Compu7ng at the
moment of wri7ng. In this sec7on we analyze the most significant defini7ons of Cloud Compu7ng
found in scien7fic journals and other scien7fic publica7ons. For this purpose we will describe the
defini7ons provided by Berkeley’s Reliable Adap7ve Distributed Systems Laboratory (UC Berkeley
RADSL), Telefonica Research and Development, University of Melbourne and the papers presented on
the 1st IEEE Interna7onal Conference on Cloud Compu7ng.
A. University of Berkeley

UC Berkeley’s RADSL has been founded by Google, Microsor and Sun Microsystems. Among
others, their current affiliates are Amazon Web Services, Cisco Systems, Facebook, HewleO-‐Packard,
IBM, NEC, Network Appliance, Oracle, Siemens, and VMware. The organiza7on is financed by these
partners together with grant funds from several public research bodies in the USA.
In a recent white-‐paper of UC Berkeley RADSL (“Above the Clouds: A Berkeley View of Cloud
Compu7ng”) the authors try to analyze in detail the concept of Cloud Compu7ng (Armbrust et al.,
2009). According to Berkeley, Cloud Compu7ng is expected to lay down the first steps towards U7lity
Compu7ng, affec7ng the way hardware and sorware is designed, purchased and used (Armbrust et
al., 2009). The implica7ons for sorware and hardware are important: on one hand, sorware in the
cloud is delivered as-‐a-‐service in contrast to the tradi7onal license model. On the other hand,
hardware must be designed and used to be able to unfold the benefits of Cloud Compu7ng and
facilitate its service model. In the UC Berkeley RADSL defini7on a clear dis7nc7on is made between
the sorware services delivered to users and the underlaying infrastructure (hardware and sorware)

facilita7ng them (Armbrust et al., 2009). A Cloud is considered by Berkeley RADSL as that underlaying
hardware and sorware used to deliver services to consumers (e.g. SaaS).
UC Berkeley RADSL (Armbrust et al., 2009) defines Cloud Compu7ng as applica7ons delivered
as a service over the Internet (SaaS) and the infrastructure that delivers them. The infrastructure is
oren organized in data centers and is referred to by Berkely as the “Cloud”. In a Public Cloud the
infrastructure is publicly accessible following a pay-‐for-‐use model offering what Berkeley calls U7lity
Compu7ng (e.g. Amazon Web Services, Google AppEngine, MS Azure, etc.). According to Berkeley, in
a Private Cloud the infrastructure is organized in internal data centers that are not publicly available.
B. Telefonica Research & Development

Telefonica is the market leader telecom operator in Spain and in several South American
countries. In their paper “A break in the clouds: towards a cloud defini7on” (Vaquero, Rodero-‐Merino,
Caceres, & Lindner, 2008) the authors analyzed twenty-‐two scien7fic defini7ons of Cloud Compu7ng,
and grouped the main features found into their own concise defini7on. According to the authors, the
new paradigm “shirs the loca7on of this infrastructure to the network to reduce the costs associated
with the management of hardware and sorware resources”. It is important to note that all twenty two
defini7ons analyzed where found in papers published during 2008, which clearly shows the novelty
character of this paradigm.
One of the most recurrent defini7ons found in previous research is the transparent access to
informa7on technology resources on a pay-‐per-‐use basis, which are developed and maintained on an
almost infinite and instant scalable infrastructure managed by third par7es (Vaquero et al., 2008).
Arer analyzing all defini7ons, the authors (Vaquero et al., 2008) found these concepts in more than
one ar7cle: real-‐7me infrastructures, automa7c resource alloca7on, resource monitoring and
op7miza7on, immediate scalability, subscrip7on model (pay-‐as-‐you-‐go) and pair-‐wise Service Level
Agreements (SLAs) between cloud actors. The concepts men7oned the most were scalability and pay-‐
per-‐use (found in five ar7cles each) and virtualiza7on (found in four ar7cles). Based on this findings,
Vaquero et al propose the following defini7on of Cloud Compu7ng:
“Clouds are a large pool of easily usable and accessible virtualized resources (such as
hardware, development plaDorms and/or services). These resources can be dynamically
reconfigured to adjust to a variable load (scale), allowing also for an op;mum resource
u;liza;on. This pool of resources is typically exploited by a pay-‐per-‐use model in which
guarantees are offered by the Infrastructure Provider by means of customized SLAs.”
C. University of Melbourne, Australia

Another scien7fic defini7on of Cloud Compu7ng can be found in the paper “Market-‐Oriented
Cloud Compu7ng: Vision, Hype, and Reality for Delivering IT Services as Compu7ng U7li7es” (Buyya,
Yeo, Venugopal, et al., 2009) by the Grid Compu7ng and Distributed Systems (GRIDS) Laboratory of

Melbourne University. They define a cloud as "a collec;on of interconnected and virtualized computers
that are dynamically provisioned and presented as one or more unified compu;ng resources based on
service-‐level agreements established through nego;a;on between the service provider and
consumers.”
This defini7on focusses on the dynamic provisioning of virtually assembled IT capabili7es as-‐a-‐
service. Although this defini7on considers that resources are virtually assemble by applying hardware
virtualiza7on (e.g. using an hypervisor), this is not necessary the case as some Cloud providers (e.g.
Google, RightScale) do not apply hardware virtualiza7on to their solu7ons. For this reason we will
consider that compu7ng resources are virtually assembled in Cloud Compu7ng although not
necessarily by applying hardware virtualiza7on.
D. 2009 IEEE Interna*onal Conference on Cloud Compu*ng

From the 21st to the 25th of September of 2009, the first IEEE Interna7onal Conference on
Cloud Compu7ng took place in Bangalore, India. In this conference a large number of scien7fic papers
were presented on a wide variety of topics related to Cloud Compu7ng. In these papers we can find
references to the defini7ons described in this sec7on as well as to other defini7ons. One of the papers
(Cai, 2009) uses the defini7on of Cloud Compu7ng as “the style of compu7ng in which dynamically
scalable and oren virtualized resources are provided as a service over the Internet”.
Slight varia7ons of this defini7on are also found in other papers of this conference, which
define Cloud Compu7ng as “dynamically scalable resources provisioned as a service over the
Internet” (Jensen, 2009). Other defini7ons focus more on the sorware perspec7ve defining a cloud as
plaxorms that “offer resource u7liza7on as on-‐demand service, which lays the founda7on for
applica7ons to scale during run7me”. We will further analyze these scien7fic defini7ons when crea7ng
our own research defini7on of Cloud Compu7ng in sec7on 2.7.
2.3. Defini*ons in the Media

In the large number of commercial defini7ons of Cloud Compu7ng currently available, we can
observe a series of misinterpreta7ons of the term that should be carefully considered. Cloud
Compu7ng is oren wrongly used as synonym for the next genera7on of data centers, client/server
compu7ng, SaaS, Grid compu7ng, or mainframe architecture (Brown, 2009a). Although data centers
are an important element of Cloud Compu7ng, they are not the unique characteris7c that defines it.
Because most of the processing takes place on the server side, it is neither a synonym for a client/
server architecture. SaaS is one of the layers to deliver Cloud Compu7ng but a lot of solu7ons are
being offered at lower abstrac7on levels (e.g. IaaS or PaaS). The concept of Cloud Compu7ng is based
on grid compu7ng but there are also layers above the infrastructure (e.g. SaaS) that indicate that they
cannot be used as synonyms. Moreover, although Cloud Compu7ng can be considered as a form of
server compu7ng, there is no single computer handling the workload (e.g. a mainframe) but a series
of interconnected resources (Brown, 2009c).

Although Grid Compu7ng and Cloud Compu7ng are complementary in nature, there are some
significant differences. Both are collec7ons of computers (or computer resources) to leverage
collec7ve IT capabili7es. However, a grid is usually owned by various organiza7ons while a Cloud
Compu7ng environment is oren in the hands of a single firm (GridTalk, 2009). Both provide access to
remotely located compu7ng resources as-‐a-‐service. Grids are oren maintained and developed by
academics while clouds are oren exploited by commercial organiza7ons. This is the reason why access
to grids is oren free of charge, while Cloud Compu7ng is always usage based. While Cloud Compu7ng
is meant to support services on the long term, the use of a grid infrastructure is oren short and
incidental, to perform a resource intensive task at at certain point in 7me (GridTalk, 2009).
One of the main assump7ons of Cloud Compu7ng is that resources (e.g. data, applica7ons,
etc.) are stored on the Internet as opposed to internal infrastructures (Arnold, 2008a). This implies
that the responsibility of maintaining and upda7ng the infrastructure is transferred to the
corresponding Cloud Provider. Another important implica7on is what some authors call the Holy Grail
of informa7on sharing: the enablement of collabora7on and standardized content distribu7on, where
informa7on is easy to find and applica7ons can be developed quickly (e.g. RAD / agile methods)
(Arnold, 2008a).
Some media publica7ons have tried to define Cloud Compu7ng by analyzing its unique
characteris7cs compared to exis7ng models (Foley, 2009). They define it using concepts as off-‐site,
virtual, on-‐demand subscrip7on based, simple, shared and web-‐based IT capabili7es. Off-‐site means
that resources are physically located in data centers which are not owned by Cloud Users. Through the
use of virtualiza7on, a Cloud User can freely assemble his own stack of databases, storage,
networking, etc.
Moreover, resources can be scaled up or down on-‐demand and are paid for by usage based
subscrip7ons. To op7mally use the available physical resources Cloud Providers deploy mul7-‐tenant
solu7ons where more than one client is using the same physical resources. Moreover, resources are
quickly provisioned trough and easy to use web interface and are available within minutes
(Cunningham & Wilkins, 2009). Based on these characteris7cs, the authors describe Cloud Compu7ng
as “on-‐demand access to virtualized IT resources that are housed outside of your own data center,
shared by others, simple to use, paid for via subscrip7on, and accessed over the Web” (Foley, 2009).
Other publica7ons focus on the main characteris7cs of the concept in order to define it more
accurately. Arer analyzing some of these publica7ons we have generated the following list of
characteris7cs:
• On-‐demand self-‐service: Cloud Users can set up their themselves the specific resources they need
(Leighton, 2009) (Spinola, 2009).
• Ubiquitous Network Access: Cloud services are available trough the Internet (Leighton, 2009)
(Spinola, 2009).

• Loca7on independent resource pooling: Resources are not user dedicated but shared on a
common infrastructure (Spinola, 2009).
• Rapid Elas7city: Capacity can scale up or down when needed (Leighton, 2009) (Spinola, 2009)
(Kirsner, 2009).
• Usage based pricing: Cloud Users are billed for the resources they actually use (Spinola, 2009).
• Rapid provisioning: Resources are provided quickly without extensive interven7on from users
(Spinola, 2009).
• Shared Resources: To achieve cost op7miza7on, resources are shared among different users
(Spinola, 2009).
• Self-‐service func7onality: Most of the Cloud Compu7ng plaxorms offer a self-‐service interface
where end users can contract resources for the 7me they need it and discard them arerwards
(Spinola, 2009) (Sheehan, 2009b).
• Lack of ownership of Resources: “Services and sorware that run on computers you don’t need to
purchase or operate yourself” (Kirsner, 2009)
The variety of Cloud Compu7ng defini7ons has created a lot of confusion among prac77oners.
An interes7ng approach to define Cloud Compu7ng is found on the publica7on “Compu7ng in the
Clouds” by Aaron Weiss. He recognizes that the different defini7ons are based on different views on
the same phenomenon. He elaborates on some of this perspec7ves in what he calls “different cloud
shapes” (Weiss, 2007). Web based applica7ons, a revival of the thin-‐client, u7lity compu7ng, an on-‐
demand grid with 7me based billing or “distributed or parallel compu7ng designed to scale complex
processes for improved efficiency” are some examples of these different shapes (Weiss, 2007).
2.4. Defini*ons from IT Consultants and Analysts

Besides scien7fic publica7ons and commercial media outlets, we can can also find a large
number of diverse (and some7mes contradictory) defini7ons from IT consultants and IT analysts. In
this sec7on we provide an overview of how Cloud Compu7ng is defined from an IT consultant and
analysts point of view. To delimit the scope of this research we have selected the defini7ons from two
of the most respected IT analysts firms (Gartner and Forrester) and from two of largest IT consultancy
firms (Capgemini and Accenture).
A. Gartner Research
According to Gartner, Cloud Compu7ng is not a new single model of compu7ng but rather an
evolu7on of exis7ng paradigms and technologies like U7lity Compu7ng, On-‐demand services, Grid
Compu7ng and SaaS among others (Plummer, 2009). Mr Daryl Plummer (Gartner’s VP specialized on
Cloud Compu7ng research) defines Cloud Compu7ng as a new IT paradigm or style of compu7ng
where “massively scalable and elas;c IT-‐related capabili;es are provided as a service using Internet
technologies to mul;ple external customers” (Stevens & PeOey, 2008) (Plummer, 2009) (Brodkin,
2009).

Cloud Compu7ng has according to Gartner five cri7cal aOributes: service based IT capabili7es,
scalable and elas7c, shared, metered by use and leveraging Internet technologies to develop and/or
deliver those services (Plummer, 2009) (PeOey, 2009b). They are service based as Cloud Users
concerns are abstracted from Cloud Providers concerns through service interfaces. They are scalable
and elas7c as they are capable of adding or removing resources on demand when needed. The shared
character of Cloud Compu7ng resources are the most important ingredient to achieve economies of
scale by Cloud Providers. Services are billed based on usage, enabling new innova7ve payment
models. Internet plays a crucial role in Cloud Compu7ng as it is the main technology to deliver
services.
The new paradigm of Cloud Compu7ng is expected to create new revolu7onary rela7onships
between IT users and providers (Stevens & PeOey, 2008). Users can therefore focus more on what the
service provides instead of how they are implemented or hosted. The current popularity and adop7on
of IT models like sorware as a service (SaaS) or Infrastructure as a service (IaaS) reflect how diverse
informa7on technology capabili7es can be delivered on a global scale (Stevens & PeOey, 2008). Cloud
Compu7ng is expected to transform IT delivery from vendor-‐user rela7onship to a provider-‐consumer
rela7onship where IT services are merely consumed instead of acquiring first the assets and
implemen7ng them prior to consump7on (Plummer, 2009).
According to Mr Brian Pren7ce (Gartner’s VP) the key in defining Cloud Compu7ng offerings is
that they are web based services able to upscale and downscale on demand (Howarth, 2009). This
implies new forms of customer-‐provider rela7onships, based on the quality of service provided (e.g.
SLA) instead of general guidelines in end-‐user agreements. This new type of rela7onship will lead
according to Gartner to a market that focus on price and quality of services that provide
differen7a7on (Howarth, 2009). To clarify any misinterpreta7ons of the term Cloud Compu7ng,
Gartner has selected four industry myths and the corresponding Gartner perspec7ve on them. The
myths and Gartner’s insights are depicted in table 7 (Plummer, 2009):
Table 7: Cloud Compu*ng myths linked to Gartner’s insights (Gartner, 2009)
Industry Myth Gartner Insight
Clouds are hardware based services

False, Cloud is an euphemism for a abstrac7on and therefore is immaterial
offering compu7ng, network and storage
Everything need to be in the cloud False, the dominant model for the coming 10 years will be an hybrid cloud.
All remote compu7ng or off-‐premises

False, Cloud Compu7ng is a service delivery and consump7on model
hos7ng is Cloud Compu7ng
Cloud Compu7ng will always safe money False, it can safe money in some cases and provide other advantages in others

B. Forrester Research
According to Forrester an increasing number of organiza7ons are considering Internal Clouds
to complement their on-‐premises infrastructures (Staten, 2009). In a Forrester survey performed in
the third quarter of 2008 they found that 4% of the organiza7ons have already implemented an
internal cloud while 17% are implemen7ng it of budge7ng it (Staten, 2009). In order to achieve the full
poten7al of Cloud Compu7ng Forrester believes that these Internal Clouds should be dynamic
plaxorms with automated workload management and self-‐service interfaces.
Enterprise developers are aware of the Cloud Compu7ng advantages of self-‐service, pay-‐as-‐
you-‐go and instant deployment of compu7ng resources. For these reasons, they are increasingly using
Public Clouds for development purposes bypassing IT opera7on’s processes and procedures (Staten,
2009). Although this situa7on accelerates the applica7on’s deployment process, there are significant
risks in bypassing these organiza7onal policies as they are meant to protect customer’s informa7on,
comply with laws and regula7ons and guarantee quality of services.
Since the advantages of Cloud Compu7ng infrastructures are desired by developer, and to
overcome the risks of bypassing IT opera7ons procedures, Forrester suggests that organiza7ons build
Internal Clouds that can leverage the advantages while controlling risks (Staten, 2009). By deploying
this type of solu7ons organiza7ons can improve their cost effec7veness and achieve a faster 7me-‐to-‐
market with new applica7ons.
Forrester defines a Internal Cloud as “a mul7tenant, dynamically provisioned and op7mized
infrastructure with self-‐service developer deployment, hosted within the safe confines of your own
data center” (Staten, 2009). An Internal Cloud aims to leverage some of the Public Clouds advantages
without compromising the protec7ons enabled by organiza7onal policies and procedures. According
to Forrester, the main characteris7cs of Internal Clouds are self-‐service deployment func7onality for
developers, automated workload distribu7on, mul7-‐tenant resource pools and workflow management
func7onality (Staten, 2009).
Although Forrester recommends organiza7ons to deploy Internal Clouds they recognize also
the limita7ons of these approach (Staten, 2009). In some cases the internal infrastructure could be
rela7vely small to be economically interes7ng to op7mize it, while in other cases performance tes7ng
could be more cost efficient on Public Clouds. Moreover, an Internal Cloud is not the best environment
for all types of applica7ons. For this reason, Forrester recommends to deploy hybrid clouds where
internal and external clouds are connected and can benefit from each other (Staten, 2009).
C. Capgemini
Due to the variety of emerging defini7ons of the term Cloud Compu7ng, Capgemini recognizes
that there is a certain level of confusion among its clients (Ross et al., 2008). Some clients believe that
Cloud Compu7ng is the next genera7on of grid compu7ng, others believe that is the next level of
virtualiza7on and there are some clients that think that Cloud Compu7ng is a combina7on of

Plaxorm-‐as-‐a-‐Service (PaaS), Infrastructure-‐as-‐a-‐Service (IaaS) or Sorware-‐as-‐a-‐Service (SaaS). The
term Cloud Compu7ng is also considered by some Capgemini clients as a synonym of u7lity
compu7ng. According to Capgemini’s perspec7ve this confusion is logical when considering new
emergent delivery methods for IT capabili7es.
Capgemini bases his defini7on of Cloud Compu7ng on an ar7cle by John Foley published on
the online magazine Informa7on Week on September 2008: “Cloud compu;ng is the use of massively
scaled offsite IT resources assembled virtually, accessed over the internet, used on demand in real-‐;me
or near real-‐;me on a pay-‐per-‐use or subscrip;on basis, where the workloads are shared among
mul;ple customers” (Ross et al., 2008). The main components of this defini7on are the following:
• Scalability: Access to immense infrastructures that would otherwise not be available.
• Off-‐site: IT resources are owned by a third party and used only when needed.
• Assembled Virtually: Mul7ple customer’s applica7on run on the same physical machine.
• On-‐demand: Resources are available when needed and for the 7me required.
• Pay-‐per-‐use: pay for what you actually use and never for idle resources.
• Shared workloads: Economies of scale to account for uncorrelated consump7on paOers.
D. Accenture
In a recent Accenture’s survey among IT decision makers (Cloud Compu7ng -‐ Balancing Risk
and Reward) 58% of correspondent was convinced that Cloud Compu7ng will cause a “radical shir in
informa7on technology” (Arellano, 2009).
Accenture defines Cloud Compu7ng as the “dynamic provisioning of IT capabili7es, whether
hardware, sorware, or services from a third party over the network”. According to Accenture, if
enterprises combine the benefits of virtualiza7on and mul7-‐tenant architectures with a pay-‐as-‐you-‐go
pricing model, Cloud Compu7ng represents a innova7ve paradigm that deeply affects how IT
capabili7es (infrastructures, plaxorms, applica7ons, etc.) are acquired, delivered and supported
(Harris, Daugherty & Tobolski, 2009).
2.5. Defini*ons from Standards Organiza*ons

Due to the innova7ve character of Cloud Compu7ng, there are almost no defini7ons being
provided by standards organiza7ons. The only effort found is that of the Na7onal Ins7tute for
Standards in Technology (NIST) which is the equivalent of the European ISO organiza7on in the United
States. To elaborate this defini7on NIST computer scien7sts collaborated with several industry and
government representa7ves.
In their 15th drar version on the defini7on of Cloud Compu7ng, NIST describes it as “a model
for enabling convenient, on-‐demand network access to a shared pool of configurable compu;ng
resources (e.g. networks, servers, storage, applica;ons, and services) that can be rapidly provisioned
and released with minimal management effort or service provider interac;on”.

Moreover, NIST believes that Cloud Compu7ng can be described according to five essen7al
characteris7cs, three service models, and four deployment models. The five main characteris7cs are:
on-‐demand self-‐service, broad network access, resource pooling, rapid elas7city, and measured
service. The three service models iden7fied by NIST are Sorware-‐as-‐a-‐service (SaaS), Plaxorm-‐as-‐a-‐
service (PaaS) and Infrastructure-‐as-‐a-‐service (IaaS). They can be deployed in NIST perspec7ve either
on a Private Cloud, Community Cloud, Public Cloud, or on an Hybrid Cloud which combines more than
one deployment model. It is important to note that this defini7on is s7ll in drar status and it might
evolve over 7me in subsequent drar versions and/or the final version. The current NIST defini7on of
Cloud Compu7ng can be found on their official website: hOp://csrc.nist.gov/groups/SNS/cloud-‐
compu7ng/
Another two ini7a7ves to develop (open) Cloud Compu7ng standards are the OGF Open Cloud
Compu7ng Interface Working Group (OCCI) which focus on developing an API specifica7on for remote
management of Cloud Compu7ng infrastructure (e.g. IaaS solu7ons) and the in November 2009
cons7tuted Study Group on Cloud Compu7ng (SGCC) by the Interna7onal Organiza7on for
Standardiza7on (ISO) SubcommiOee 38 (SC 38). Both groups are expected to publish drar versions of
their defini7ons during 2010.
2.6. Roles in Cloud Compu*ng

In previous research (Vaquero et al., 2008) (Armbrust et al., 2009) (Mietzner et al., 2008), the
different actors involved in cloud compu7ng are described. By analyzing all actors directly involved we
can achieve a deeper understanding of the concept, delimi7ng its scope and boundaries.
In a cloud applica7on we can dis7nguish between three main roles: cloud users, cloud vendors
and cloud providers (Mietzner et al., 2008) (Armbrust et al., 2009) (Vaquero et al., 2008). The cloud
user accesses a cloud service hosted by a cloud provider and created by a cloud vendor. It is important
to note that an organiza7on can fulfill any combina7on of two or three of these roles (Mietzner et al.,
2008). Vendors and providers for example can be the same organiza7on as we can see in some current
offerings (e.g. Salesforce, Google Apps, etc.) while in other cases they might be different organiza7ons
as it is oren the case in PaaS solu7ons (e.g. Force.com) allowing the deployment of applica7ons
developed by external sorware vendors. Moreover, the cloud users and providers can also be the
same en7ty as in for example internal IT department is offering an internal cloud.
Having invested in a data center is an important key enabler for a firm to become a Cloud
Provider. On one hand, by adding a new revenue source Cloud Providers can leverage their past and
future ICT investments. On the other hand by using an infrastructure that has been already designed,
implemented, tested and improved Cloud Users do not have to spend 7me in repea7ng these steps,
and can profit from an already proven solu7on offered by Cloud Providers (Armbrust et al., 2009).

The cost of resources is one of the most important considera7ons for Cloud Providers when
considering where to locate their data centers. As the prices of manufacturing resources vary strongly
geographically and since it is cheaper to transport data over computer networks than electricity over
high-‐voltage infrastructures (Armbrust et al., 2009), Cloud Providers must carefully consider resource’s
cost prices to determine the op7mal loca7on for their data centers. Cloud Providers should consider
the price of electricity and cooling (one third of data center costs) as well as human capital costs, real
state prices and taxes in their economic calcula7ons.
Addi7onal roles in Cloud Compu7ng are Cloud Service Brokers, Cloud Sorware Manufacturers,
and Cloud Consultants and Integrators among others. As Cloud Compu7ng services mature over the
years, Gartner predicts a growing importance of Cloud Service Brokers which can be found in the
following categories: Cloud Service Intermedia7on, Cloud Service Aggrega7on and Cloud Service
Arbitrage (PeOey, 2009b). Cloud Sorware Manufacturers like for example Enomaly or Open Nebula
leverage the tools necessary to build clouds for Cloud Providers and Enterprises. The role of Cloud
Integrators is currently being played by the leading consultancy organiza7ons. Some focus on guiding
enterprises in leveraging Internal Private or Hybrid Clouds (e.g. Accenture, Capgemini) and others
focus more on leveraging Public Clouds (e.g. Cloudscale).
2.7. Research Defini*on of Cloud Compu*ng

For the purpose of this research we have considered all the previous defini7ons described in
this report to combine their main components into an overview (see table 8). From this overview we
will generate our research defini7on of Cloud Compu7ng. As some terms or concepts represent the
same idea, we have consolidated them into a single concept which represents in our opinion beOer
the characteris7c being discussed (see table 9).
The first process of extrac7ng the main components from defini7ons is shown in table 8. It is
important to note that main components are not only extracted from defini7ons but in some cases
they are explicitly men7oned by the organiza7on as described previously in this report. In those cases
we have included the main components men7oned even if they cannot be directly linked to (parts of)
the defini7on.

Table 8: Component Extrac*on from Defini*ons
Defini*on Components Extracted
University of Berkeley: "applica7ons delivered as a service over the Applica7ons, As-‐a-‐service, Internet as delivery &
Internet (SaaS) and the infrastructure that delivers them." Suppor7ng Infrastructure
Telefonica: “Clouds are a large pool of easily usable and accessible
virtualized resources (such as hardware, development plaxorms and/
Large pools, easily usable, easy accessible,
or services). These resources can be dynamically reconfigured to
virtualized resources, dynamically reconfigured,
adjust to a variable load (scale), allowing also for an op7mum resource
scalability, op7mum resource op7miza7on, pay-‐
u7liza7on. (...) typically exploited by a pay-‐per-‐use model in which
per-‐use model, customized SLAs
guarantees are offered by the Infrastructure Provider by means of
customized SLAs.”
University of Melbourne: "a collec7on of interconnected and
virtualised computers that are dynamically provisioned and presented Interconnected virtualized computers, dynamically
as one or more unified compu7ng resources based on service-‐level provisioned, unified presenta7on of resources, SLA
agreements established through nego7a7on between the service based
provider and consumers.”
IEEE Interna*onal Conference on Cloud Compu*ng: “the style of
compu7ng in which dynamically scalable and oren virtualized
Dynamic and scalable resources, oren virtualized,
resources are provided as a service over the Internet” (...) “offer
as-‐a-‐service, over the Internet, on-‐demand
resource u7liza7on as on-‐demand service, which lays the founda7on
for applica7ons to scale during run7me”
On-‐demand self-‐service, ubiquitous network
access, loca7on independent resource pooling,
Media: “on-‐demand access to virtualized IT resources that are housed
rapid elas7city, usage based pricing, rapid
outside of your own data center, shared by others, simple to use, paid
provisioning, shared resources, self-‐service
for via subscrip7on, and accessed over the Web”.
func7onality, lack of ownership of resources,
virtualized IT resources
Forrester: “a mul7tenant, dynamically provisioned and op7mized Self-‐service deployment, automated workload
infrastructure with self-‐service developer deployment, hosted within distribu7on, mul7-‐tenant resource pools, workflow
the safe confines of your own data center” management, dynamic provisioning
Gartner: “massively scalable and elas7c IT-‐related capabili7es are
Service Based, scalable and elas7c, shared,
provided as a service using Internet technologies to mul7ple external
metered by use, internet as delivery channel
customers”
Capgemini: “Cloud compu7ng is the use of massively scaled offsite IT
Scalability, off-‐site, assembled virtually, on-‐
resources assembled virtually, accessed over the internet, used on
demand, pay-‐per-‐use, shared workloads, internet
demand in real-‐7me or near real-‐7me on a pay-‐per-‐use or subscrip7on
access
basis, where the workloads are shared among mul7ple customers”.
Accenture: dynamic provisioning of IT capabili7es, whether hardware, Dynamic provisioning, from a third party, over the
sorware, or services from a third party over the network.” network
NIST: “Cloud compu7ng is a model for enabling convenient, on-‐

demand network access to a shared pool of configurable compu7ng
On-‐demand self-‐service, broad network access,
resources (e.g., networks, servers, storage, applica7ons, and services)
resource pooling, rapid elas7city, measured service.
that can be rapidly provisioned and released with minimal
management effort or service provider interac7on.”
Based on the extracted components we can proceed by crea7ng an overview of these

components and how oren they are men7oned. This second process of combining all the main
components into an overview is depicted in table 9. For clarifying purposes we have grouped similar
components into a single row.

Table 9: Cloud Compu*ng Main Components Overview
Component Extracted from defini*on
Applica7ons Berkeley University
As-‐a-‐service / Service Based Berkeley University, IEEE, Gartner, NIST
Internet / Ubiquitous Network Access Berkeley University, IEEE, Media, Gartner, Capgemini, Accenture, NIST
Suppor7ng Infrastructure Berkeley University

Large Amounts of Resources Telefonica
Easily Usable / Unified Presenta7on / Self-‐service Telefonica, Melbourne University, Media, Forrester, NIST
Easy Accessible / On-‐demand Telefonica, IEEE, Media, Capgemini, NIST
Virtualized Resources / Assembled Virtually Telefonica, Melbourne University, IEEE, Media, Capgemini
Dynamic / Scalable / Elas7c / Automa7c Telefonica, Melbourne University, IEEE, Media, Forrester, Gartner,
Workload Distribu7on / Workflow Management Capgemini, Accenture, NIST
Resource Op7miza7on / Pooling / Shared

Telefonica, Media, Forrester, Gartner, Capgemini, NIST
Resources / Mul7-‐tenant
Pay-‐per-‐use / Usage Based Pricing & Metering Telefonica, Media, Gartner, Capgemini, NIST
Customized SLAs / SLA based Telefonica, Melbourne University
Loca7on Independent Media
Lack of Ownership / Offsite / From Third Party Media, Capgemini, Accenture
As shown in the above table, some components are found in almost all defini7ons while others
are men7oned rarely. In construc7ng our research defini7on of Cloud Compu7ng we have dropped
some of these components as they are only used by few par7es and do not truly represent the current
solu7ons found in the market.
The first component that we have dropped is Applica7ons, as the Cloud Compu7ng model
delivers more than just Applica7ons. If we analyze the different services currently being offered
following this model we observe that besides applica7ons also infrastructure and plaxorm services

are being offered (IaaS provider and PaaS providers respec7vely). Consequently we also dropped the
component Suppor7ng Infrastructure as in some cases the infrastructure is the service being delivered
(e.g. IaaS solu7ons) and it is also a logical implica7on for providers (in order to deliver services
providers need to use a suppor7ng infrastructure).
The term Large Amount of Resources has also been dropped for two reasons. The first reason
is that the term “large” is rather subjec7ve and can be contradictorily interpreted by two par7es. A
group of resources might be regarded as large by some organiza7on and at the same 7me as small by
another organiza7on. The second reason is that there is not a minimum limit of resources to deploy a
Cloud Compu7ng solu7on. For example, some solu7ons (e.g. Ubuntu Enterprise Cloud) can be
deployed on two computers (or two virtual images on one computer). Although in prac7ce Cloud
Compu7ng solu7ons are deployed on large amounts of resources to enable on-‐demand provisioning,
scalability and elas7city, it is not a necessary requirement as these benefits can also be achieved
through other means (e.g. outburs7ng of Private Clouds to Public Clouds).
We also have dropped the components Loca7on Independent as well as Lack of Ownership,
Offsite, and From Third Party as organiza7ons can leverage Internal Clouds (within the organiza7onal
limits) and/or Private Clouds (only accessible by a single organiza7on). We have further combined SLA
based with the As-‐a-‐service component as the former is the logical embedding of the later. Service
Level Agreements are used to nego7ate, measure and improve the quality of services provided.
Although not dropped en7rely from the defini7on, Virtualized Shared Resources, Resource
Op7miza7on and Self-‐Service interface are par7ally included as possible addi7onal elements oren
found in current solu7ons. Although Virtualiza7on is oren applied to op7mize resource op7miza7on,
this is not always the case as some Cloud Providers do not apply any form of (hardware) virtualiza7on
to their offerings (e.g. Google, RightScale, etc.). The existence of Private and/or Internal Clouds
indicates that Shared resources and Mul7-‐tenancy are not essen7al elements.
Moreover, Resource Op7miza7on is not directly related to the services being offered but rather
to the op7mum implementa7on by a Cloud Provider. A Cloud User does not directly benefit from
beOer resource op7miza7on as a Cloud Provider does. We consider the Self-‐Service interface to be
one possible implementa7on of the On-‐Demand component and therefore we cannot include it in our
defini7on as it would exclude other implementa7ons (e.g. automated provisioning).
Taking into account these considera7ons we have elaborated the following research defini7on
of Cloud Compu7ng to be use in the rest of this report: Cloud Compu*ng is the delivery model where
on-‐demand elas*c IT capabili*es are offered as-‐a-‐service through the Internet following a usage
based pricing model. There are a large number of IT capabili7es offered according to the Cloud
Compu7ng model. Some examples of the most popular services are infrastructures (IaaS solu7ons),
plaxorms (PaaS solu7ons), and sorware (SaaS solu7ons).

3. Taxonomy of Cloud Solutions
Arer defining the term Cloud Compu7ng (see sec7on 2) and in order to obtain a clear view on
the possible implementa7ons we con7nue in this sec7on by analyzing the possible types of solu7ons
currently available in the market. For this purpose, we consider in this research three models to
classify Cloud Compu7ng solu7ons according to three different perspec7ves: what are the services
being offered (Service Model), where are the services located (Deployment Model) and who can
access those services (Access Model).
3.1. Service Model

The oren men7oned model for classifying Cloud Compu7ng solu7ons is the Service Model
which groups solu7ons according to the type of services being offered. This model is included by NIST,
scien7fic ar7cles, consultants, analysts and media publica7ons in their defini7ons of Cloud Compu7ng.
This common taxonomy of Cloud Compu7ng services takes into account the level of
abstrac7on from bare metal (e.g. hardware) and the flexibility provided to the end user. From this
perspec7ve we can classify Cloud Compu7ng solu7ons into Sorware-‐as-‐a-‐service (SaaS), Plaxorm-‐as-‐
a-‐service (PaaS) and Infrastructure-‐as-‐a-‐service (IaaS) offering respec7vely sorware, plaxorms and
infrastructure services (Armbrust et al., 2009) (Vaquero et al., 2008) (Spinola, 2009). It is important to
note that as we go up the service stack we encounter solu7ons with greater levels of abstrac7on and
lower levels of flexibility, while if we go down the service stack user’s flexibility increases in detriment
of abstrac7on from bare metal.
By abstrac7on we mean the level of automa7on to end users. Using IaaS solu7ons for example,
the end user needs to manage hardware and opera7ng systems while in PaaS services the end user
only manages code development and deployment. Moreover, end user of SaaS services do not even
need to manage code deployment when using the applica7on. It is important to note that higher
automa7on (e.g. abstrac7on) implies lower flexibility as the user cannot configure the parts that are
automated. The Service Model and this trade-‐off is depicted on figure 5.
Figure 5: Service Model
It is important to note that these three types of services are not
the only ones currently being offered. The model presented is
therefore not exhaus7ve as it focus on the most common IT
capabili7es (e.g. hardware, sorware, etc.). The large variety of
services being offered range from complete e-‐business solu7ons to
mail applica7ons and from CPU cycles to large compu7ng and
algorithmic facili7es (Stevens & PeOey, 2008). It is the granularity of
the services provided from the cloud that makes it possible to align
the required infrastructure and sorware to the business needs at a
par7cular point in 7me.

Although service offerings are not limited to these three typologies they can oren be
generalized into one of them. For example, data-‐as-‐a-‐service or BPM-‐as-‐a-‐service can be generalized
into SaaS or PaaS types, depending on the context and the exact service being offered. Moreover,
services can be build on top of other services with lower levels of abstrac7on. For example, a SaaS
applica7on can be build on top of a PaaS plaxorm (e.g. salesforce.com plugin build on force.com
plaxorm). SaaS and PaaS solu7ons can therefore also be deployed on IaaS solu7ons (e.g. Google Apps
and Google App Engine on top of Google’s Private IaaS infrastructure). When evalua7ng such
composed services Cloud Users should consider the specific characteris7cs of the solu7on at each
abstrac7on levels.
As Cloud Providers naturally seek compe77ve differen7a7on we can expect a process of Cloud
Compu7ng PaaS-‐ifica7on. In this process SaaS solu7ons will incorporate more flexibility by allowing
users to develop or customize their applica7ons (becoming a PaaS plaxorm) and IaaS providers will
add features that speed up the use of the services (e.g. adding run7me environment, framework,
etc.), evolving into plaxorms. At the moment of wri7ng we can observe this shir towards cloud
plaxorms at Salesforce’s force.com (PaaS based on their SaaS solu7ons) and Amazon EC2 suppor7ng
frameworks out-‐of-‐the-‐box (PaaS on top of IaaS).
It is important to note that none of these types of Cloud Services is beOer than the others. All
levels of flexibility and abstrac7on must be considered when developing a new applica7on in order to
select the level best fiOed for that specific applica7on. Some applica7ons might require specific
hardware configura7on while in other applica7ons this high flexibility level could complicate
development and deployment unnecessary. For clarifying purposes we shortly describe the three
service types included in this model:
A. Somware as a Service (SaaS)

SaaS can be defined as “sorware deployed as a hosted service and accessed over the Internet”
and it differs from on-‐premises sorware in the loca7on where the sorware code is stored and how
the sorware is deployed and accessed (Chong & Carraro, 2006) (Mietzner, Leymann, & Papazoglou,
2008) (Vaquero et al., 2008) (Armbrust et al., 2009). According to previous work SaaS represents a
new paradigm in sorware delivery which implies an architectural model based on mul7-‐tenancy
efficiency, massive scalability and metadata based configurability. Some of the most popular SaaS
offerings are Salesforce CRM, Cisco’s WebEx, Google’s Gmail and SAP’s Business ByDesign.
Using SaaS solu7ons might result in changing the ownership of sorware, shiring responsibility
of infrastructure management to the SaaS provider, reducing opera7onal costs and/or targe7ng the
long tail of smaller businesses (Chong & Carraro, 2006). In every as-‐a-‐service model transferring IT
responsibili7es from customer to provider implies a different distribu7on of budgets for sorware,
hardware and professional services (Chong & Carraro, 2006). On tradi7onal on-‐premises architectures,
the budget for hardware and services is higher than in SaaS architectures as a part of them is carried

by the sorware vendor. As a direct consequence the sorware vendor might include a part of these
costs in the pricing of the SaaS solu7on.
The long tail theory states that a large group of low-‐volume items translates into higher total
revenues than high-‐volume ones (Chong & Carraro, 2006). Nevertheless, most tradi7onal sorware
vendors focus on large customers as they are the only ones that can afford to pay the high level of
customiza7on needed to deploy sorware on-‐premises. Due to the economies of scale and mul7-‐
tenancy achieved by SaaS vendors a new market opens to them that was previously cost-‐ineffec7ve to
serve (Chong & Carraro, 2006). As SaaS vendors can offer sorware cheaper than on-‐premises they can
benefit from the high volumes represented in the long tail.
Customiza7on in SaaS solu7ons can be achieved by iden7fying variability points that support
the configura7on of a SaaS applica7on to any customer’s specific needs (Mietzner et al., 2008). To
achieve this the SaaS vendor can create an applica7on template that includes a series of variability
points that are further configured by the SaaS provider to create customized applica7ons for each
SaaS customer. There are therefore two main types of ar7facts in a SaaS solu7on, a fixed part that is
equal for all tenants and configurable metadata that enables applica7on customiza7on (Mietzner et
al., 2008).
! SaaS applica7ons can be offered following different mul7-‐tenancy strategies according to the
applica7on’s needs and capabili7es for scalability, configurability and mul7-‐tenancy awareness
(Mietzner, Unger, Titze, & Leymann, 2009) (Mietzner et al., 2008). Previous research on SaaS as an
alterna7ve to tradi7onal on-‐premises sorware has incorporated these key components of SaaS into
an architectural model based on four maturity levels (Chong & Carraro, 2006). In order to choose the
right maturity level for a specific applica7on the organiza7on should take into account if an isolated
approach makes financial sense (business model), if the applica7on can be ran in a single instance
(architecture) and if the applica7on can maintain the level of service (SLAs) without isola7on
(opera7onal model).
A SaaS applica7on is oren scalable, mul7-‐tenant-‐efficient and/or configurable (Chong &

Carraro, 2006) (Mietzner et al., 2009). Although not all three characteris7cs are compulsory in a SaaS
applica7on we oren find at least one of them in each SaaS solu7on. Based on how these SaaS
characteris7cs are implemented we can dis7nguish between four maturity levels: ad-‐hoc,
configurable, configurable mul7-‐tenant and scalable, configurable, mul7-‐tenant efficient (Chong &
Carraro, 2006).
The first maturity level (ad-‐hoc) can be compared to the tradi7onal ASP model (applica7on
service provider) of sorware delivery (Chong & Carraro, 2006). In this level each customer has a
separate customized instance of a hosted applica7on. This level reduces costs through the
consolida7on of hardware and overhead costs. In the second maturity level (configurable) the SaaS
vendor hosts a separate instance for each tenant where all instances use the same code

implementa7on that include detailed configura7on op7ons (Chong & Carraro, 2006). Each instance is
equal to the others but remains fully isolated. This level enables efficiency in sorware updates as the
are implemented in the code and therefore used at once by every tenant.
The third level of maturity (configurable & mul7-‐tenant efficient) includes a single instance
serving every tenant with configurable metadata allowing some degree of customiza7on (Chong &
Carraro, 2006). Security is in this context crucial to guarantee that data is isolated between tenants.
Moreover, scalability is achieved ver7cally by moving to a larger instance. In the fourth and last level
of SaaS maturity (Scalable, Configurable and Mul7-‐tenant efficient) a load-‐balanced group of iden7cal
instances is available with configurable metadata and isolated data storage (Chong & Carraro, 2006). It
is important to note that this maturity level is the only one leveraging the capabili7es of horizontal
scalability across the available instances.
According to previous research on SaaS mul7-‐tenancy paOerns (Mietzner et al., 2009) a SaaS
service can be configurable or non-‐configurable. In each of these two categories we can find three
mul7-‐tenancy paOerns: single instance, arbitrary instance and mul7ple instance (Mietzner et al.,
2009). There are therefore six different mul7-‐tenancy paOerns available ranging from configurable
single instance to non-‐configurable mul7ple instances. Arbitrary instances are mixes of these two
types, where some tenants share instances and others do not. This might be to guaranteed the quality
of service of due to legal requirements in some clients. The following table (see table 10) reflects some
of the considera7ons that we can find in previous work related to each of these mul7-‐tenancy
paOerns:
Table 10: SaaS mul*-‐tenancy paRerns
PaRern Focus Considera*ons
Offering some (+) Centralized deployment, maintenance and updates for

Single customiza7on while the fixed part of the applica7on. Ver7cally scalable.
Instance maintaining (+) Par7al isola7on and customiza7on
centraliza7on (-‐) Deployment of customiza7on cannot be centralized
Quality of service or (+) Mix of single and mul7ple instances
Arbitrary compliance while (+) Allows fully isola7on when needed
Configurable
Instance allowing (+) Horizontally and ver7cally scalable
customiza7on (-‐) Less centraliza7on than single instance
Customiza7on when
(+) Full customiza7on
Mul7ple applica7on logic is
(+) Horizontally scalable
Instances very specific tenant
(-‐) Decentralized deployment and maintenance
specific
A service with the (+) Centralized deployment, maintenance and updates for
Single
same behavior for all all tenants. Ver7cally scalable
Instance
tenants. (-‐) No isola7on of data or customiza7on
Non-‐
Configurable
PaRern Focus Considera*ons
(+) Mix of single and mul7ple instances

Guaranteeing the
Arbitrary (+) Allows fully isola7on when needed
Non-‐ quality of service or
Instance (-‐) Ver7cally scalable
Configurable compliance
(-‐) Less centraliza7on than single instance
Customiza7on when (+) Full isola7on and customiza7on

Mul7ple applica7on logic is (+) Centraliza7on with templates and variability points
Instances very specific tenant (-‐) Less centralized that the other two approaches
specific (-‐) Ver7cally scalable
Although we consider mul7-‐tenancy not an essen7al feature of cloud compu7ng any cloud
vendor or provider can deploy any of the above paOerns in another type of cloud solu7on (e.g. PaaS,
IaaS, etc.) to create mul7-‐tenant aware solu7ons.
B. Planorm as a Service (PaaS)

If we increase the level of abstrac7on from hardware to the OS and common applica7ons (e.g.
web server, load balancing, etc.) we reduce complexity but also programmer’s flexibility. Using this
delivery model customers rent vendor’s hosted infrastructure and programming tools to create their
own applica7ons (Spinola, 2009). According to NIST, the consumer uses a hos7ng environment for his
applica7ons that run in the environment but cannot control the opera7ng system, hardware or
network infrastructure. PaaS solu7ons aim to enable easy development and deployment of scalable
web applica7ons (Schiebl, 2009). They are APIs for crea7ng new applica7ons on the cloud (Michelson,
2009).
This kind of solu7on is currently being offered by Microsor’s Azure, Google App Engine, Elastra
and RightScale among others (Leighton, 2009). Google’s App Engine is developed to host web
applica7ons on the cloud by clearly separa7ng the stateless computa7on layer from state-‐full storage
layer (Armbrust et al., 2009). Sorware hosted on the App Engine plaxorm must have a request-‐reply
behavior to minimize the resources allocated to each request. The mechanisms for guaranteeing
availability and automa7c scalability as well as the data storage layer (MegaStore) are dependent on
these constrains (Armbrust et al., 2009).
C. Infrastructure as a Service (IaaS)

The lowest level of abstrac7on is provided by Infrastructure-‐as-‐a-‐service providers or as
Berkeley calls them Hardware Virtual Machines (Armbrust et al., 2009). IaaS can be defined as
hardware resources on demand (Michelson, 2009). This delivery model provides users with basic
compu7ng resources (e.g. storage, processing, etc.) on a rental basis (Spinola, 2009). According to
NIST, the consumer uses “fundamental compu7ng resources” but cannot control the underlaying
infrastructure. Although this type of model increases programmer’s flexibility with a low level of
abstrac7on it implies also that Cloud Users must administrate the en7re scope of their solu7on
themselves, including OS configura7on, backup, updates, etc. (Schiebl, 2009).

Examples of IaaS vendors are Akamai, Amazon, GoGrid and Joyent (Leighton, 2009). Amazon
offers for example their EC2 solu7on for compu7ng resources and their S3 solu7on for persistent
storage. In Amazon EC2 resources are referred to as instances and they are comparable with physical
resources. Through an Applica7on Programming Interface (API) it is possible to configure an instance
within minutes. Customers can buy the CPU cycles, MB of storage and IP connec7vity that best fit
their needs at a certain point in 7me.
3.2. Deployment Model

Another model oren found in previous research is the Deployment Model which classifies
solu7ons according to where they are located (Internal, External or Hybrid Clouds). Gartner research
describes two viewpoints on the cloud: services and technology. The service perspec7ve is
characterized by remote access to services and compu7ng resources over the internet while the
technology point of view represents another data center approach on internal enterprise systems with
no use of external off-‐premises third party capabili7es (Brodkin, 2009). According to Gartner, these
two perspec7ves are both valid but their differences should be carefully considered as well as mixed
forms of these two types (an Hybrid Cloud).
Internal clouds are hosted within an organiza7on’s boundaries and aim to leverage the firm’s
standard processes and security measures (e.g. firewalls, DMZs, etc.). They are oren limited in size
and scalability as they are fully financed by the organiza7on. This type of cloud is best fiOed for firms
that require full control and configurability of their infrastructure and security, and is oren used when
business opera7ons are subject to strict compliance standards (Spinola, 2009). Moreover, as the
organiza7on does not depend on the performance and availability of external networks (e.g. Internet)
or providers (e.g. Cloud Provider), Internal Clouds are highly recommended for deploying applica7ons
that handle sensi7ve data or need high availability (Perry, 2009).
External Clouds are located outside the organiza7onal domain and they are oren more
scalable and cost efficient than Internal Clouds. However, this might imply concessions on the
solu7on’s security and customiza7on levels as well as higher dependancies on third par7es and public
network’s performance (e.g. Internet).
An interes7ng mixed approach between Internal and External Clouds are Hybrid Clouds. Hybrid
Clouds are Internal Clouds linked to External Clouds where the external capabili7es are only used
when needed. An organiza7on can use an Hybrid Cloud to maintain the required levels of security and
customiza7on while leveraging External Cloud capabili7es for scalability at peak workloads (Cloud
Burs7ng) and fail-‐over situa7ons.

3.3. Access Model
The third model that we consider on this research is the Access Model that classifies solu7ons
according to who can access them (Public, Private and Hybrid Clouds). Although Private Clouds offer
the highest possible control they cannot fully leverage the full poten7al of Cloud Compu7ng. Public
Clouds on the contrary offer less control but can enable most of the values of this new paradigm
(Plummer, 2009). Gartner recommends Hybrid Clouds that can leverage some of the benefits while
maintaining the desired level of control. For this purpose organiza7ons can select the right mix of
Public and Private services that best matches their specific situa7on at hand (Plummer, 2009).
UC Berkeley RADSL defines a Public Cloud as a cloud where the infrastructure layer is available
on demand to the general public (Armbrust et al., 2009). This is what Berkeley refers to as U;lity
Compu;ng. When the service is not available to the general public but exclusively to users of a single
organiza7on Berkeley considers it to be a Private Cloud (Armbrust et al., 2009). Although Berkeley
excludes Private Clouds from their defini7on of Cloud Compu7ng, we do not fully agree with
Berkeley’s perspec7ve as for example any organiza7on can leverage some of the cloud advantages by
deploying a Private Cloud for corporate use only (Perry, 2009).
According to previous research a Private Cloud is designed to be accessed and operated only
by members of a specific organiza7on, while a Public Cloud is oren open for use by the general public
(Spinola, 2009) (Perry, 2009). As Public Clouds make use of economies-‐of-‐scale by leveraging sta7s7cal
mul7plexing and mul7-‐tenancy, the savings achieved can be passed on to Cloud Users, resul7ng in
cheaper offerings than Private ones. However, they are managed and supported by a Cloud Provider,
offering homogenous resources that have limited configura7on possibili7es (Spinola, 2009).
Public Clouds are recommended in situa7ons of non-‐cri7cal SLAs and where on-‐premises
infrastructures have limited scaling capabili7es or exper7se (Michelson, 2009). Private Clouds can best
be used when trying to op7mize resource u7liza7on, mission cri7cal SLAs or where highly secure and
fully compliant infrastructures are needed (Michelson, 2009). Among others, security, intrusion
detec7on and load balancing are some examples of func7onali7es that can be more efficiently
provided by Public Clouds (Howarth, 2009) (Sheehan, 2009b).
3.4. Hybrid Clouds

Hybrid Clouds are any possible combina7on of the previous models ranging from Internal
Private Clouds to External Public Clouds. The connec7on might be permanent or as a result of cloud
burs7ng (EvereO, 2009) (Perry, 2009) and is oren implemented using standardized or proprietary
technology (Spinola, 2009). Each type of combina7on implies specific types of risks and opportuni7es.
Analysts and consultants recommend oren an hybrid model aligned with the specific project or
situa7on at hand.

A form of hybrid clouds are hosted clouds or External Private Clouds (Spinola, 2009). They
apply the mul7-‐tenant layer on external resources but the cloud is only accessible by a single Cloud
User. This form of cloud minimizes the large capital and opera7onal expenses of Internal Clouds while
adding elas7c capabili7es. As they are dedicated clouds, they allow more configura7on and flexibility
than standard Public Clouds.
In situa7ons of high future demand uncertainty for an specific applica7on Berkeley believes
that deploying a Private Cloud will lead per defini7on to data center underu7liza7on due to the over-‐
provisioning needed to cope with poten7al peaks in demand (Armbrust et al., 2009). On the other
hand, using a Public Cloud in the same situa7on will automa7cally lead to cost savings due to the
usage based pricing (pay-‐by-‐the-‐hour) model (Armbrust et al., 2009). In this context, an Hybrid Cloud
that scales out to handle peaks could be the best solu7on to guarantee the con7nuity of services at a
cost efficient manner. This is what some prac77oners describe as Cloud Burs7ng (Perry, 2009)
(McLaughlin, 2009a) (Treese, 2009) (EvereO, 2009). It is important to note than even though a Cloud
Users can scale out to a third party solu7on they s7ll remain responsible for their corporate data
(EvereO, 2009).
According to Berkeley performing heavy computa7ons on Private Clouds can also lead to
underu7liza7on or not being able to offer the required computa7onal capacity for the task. On the
contrary, in Public Clouds one can fully benefit from parallel processing for the same costs as 1000
cloud servers for one hour cost the same than 1 cloud server for 1000 hours (Armbrust et al., 2009).
As several exis7ng use cases demonstrate, organiza7ons should consider Public Clouds in their cost
analysis for performing heavy computa7onal tasks.
Other categoriza7ons not described in this research are ver7cal (industry) or horizontal clouds
(exper7se), virtual private clouds (VPC), Cloud Oriented Architectures (COA) and Cloud Service
Architectures (CSA).
4. Common Use PaRerns

Arer having defined the concept of Cloud Compu7ng (see sec7on 2) and the different types of
solu7ons available (see sec7on 3) we con7nue in this sec7on by analyzing some of the most common
use cases that leverage this new delivery model. For this purpose we have analyzed a variety of case
studies and iden7fied the most significant use paOerns. Use paOerns in the context of this research
are regarded as the main goals of Cloud Users when adop7ng a Cloud Compu7ng solu7on.
It is important to note that this use paOerns are described from a Cloud User perspec7ve.
However, Cloud Providers can evaluate how this paOerns are covered in their offerings in order to
accelerate the adop7on of their specific Cloud Compu7ng solu7ons. A remark should be made on the
fact that in some types of Cloud Compu7ng solu7ons (e.g. Internal and/or Private Clouds) the Cloud
User is the same organiza7ons as the Cloud Provider.

An overview of the use paOerns analyzed in this research is depicted in table 11. The overview
includes three cases for each paOern and the specific solu7on applied.
Table 11: Overview of Cloud Compu*ng Use PaRerns
Use PaRern Examples & Solu*ons Applied

PresidioHealth (GoGrid)
Resource Op7miza7on Rentokil (Google Apps)
LA County (Google Apps)
PresidioHealth (Appistry IQ Cloud)
Scalability & Elas7city Wordpress (MS Azure)
TwiOer (Amazon S3)
New York Times (Amazon EC2)
High Performance Compu7ng Harvard Medical School (Amazon EC2 & Oracle)
BT (Amazon EC2)
37signals (Amazon S3)
Fail-‐over / Backup Zmanda (Amazon S3)
Jungle Disk (Amazon S3)
PresidioHealth (Appistry)
Business Agility / Faster Time To Market Siemens (Windows Azure)
SugarCRM (Windows Azure)
GoGrid (Windows Azure)
External Knowledge & Experience Associated Press (Windows Azure)
Rover Apps (Rackspace Cloud)
In the rest of this sec7on we elaborate on these use paOerns to provide a deeper
understanding of the situa7onal factors mo7va7ng the specific usage. Moreover, by using this sec7on
an organiza7on can evaluate wether the specific goals can also be applicable to their context.
4.1. Resource Op*miza*on

Every applica7on needs three main types of resources: processing, storage and
communica7on. Tradi7onal sorware delivery was achieved by prealloca7ng or reserving a fixed
amount of resources to be used by the applica7on based in predic7ons that account for possible
peaks in demand. Cloud Compu7ng opens new opportuni7es to improve the efficiency of sorware
delivery as resources are allocated on-‐demand when needed leveraging just-‐in-‐7me infrastructures
(Baker, 2007) (Michelson, 2009) (Pluijm, 2009).
The op7miza7on of capacity planning and resource u7liza7on is one of the most frequent use
cases of Cloud Compu7ng (Brown, 2009a). Tradi7onal capacity planning oren results in two undesired
situa7ons: over-‐provisioning and under-‐provisioning. When resources are under-‐provisioned, demand
exceeds the resources available resul7ng in unsa7sfied customers due to solu7ons not responding or
responding with a significant delay. On the other hand, when resources are over-‐provisioned the
organiza7ons suffers directly from cost inefficiencies due to the waste of resources. Moreover, buying
resources long before they are used always implies nega7ve financial consequences based on
opportunity costs and the 7me value of money (e.g. Net Present Value).

Figure 6: Resource Op*miza*on in Cloud Compu*ng .
C l o u d C o m p u 7 n g c a n b e
considered as just-‐in-‐7me resource
alloca7on which op7mizes capacity
planning and resource u7liza7on as it
eliminates the issues of over-‐ and
under-‐provisioning of resources
(Brown, 2009a). The effects on just-‐in-‐
7me resource provisioning compared to
tradi7onal resource alloca7on are
shown in figure 6.
Examples of this use paOern can

be found in the large number of organiza7ons adop7ng SaaS solu7ons like Google Apps (e.g. Rentokil,
Jaguar, LA County, University of Deusto, etc.) as well as in other IaaS case studies where cost
efficiencies are one of the main benefits obtained (e.g. PresidioHealth applica7ons at GoGrid’s IaaS
solu7on).
4.2. Scalability and Elas*city

Although the scalable and elas7c character of Cloud Compu7ng are the main ingredients to
achieve op7mum resource u7liza7on we consider them as an independent use paOern due to the fact
that a significant number of organiza7ons focus on rapid elas7city without the need to op7mize
resources. While the op7miza7on of capacity planning focus primarily on predictable workloads
(including predictable peaks), scalability and elas7city are ideal features for provisioning unexpected
workloads.
As Cloud Users can allocate extra resources almost real-‐7me at the same cost per unit, they
can therefore cover any unexpected peaks in demand (Broek, 2009) (Michelson, 2009). Elas7city, or in
other words being able to upscale or downscale on demand is specially interes7ng in situa7ons where
the prealloca7on of resources must cope with high levels of demand uncertainty (Armbrust et al.,
2009). Elas7city can be considered as an advance form of instant load-‐balancing having almost
unlimited resources to spread the workload.
An unique and oren overlooked characteris7c of Cloud Compu7ng is the possibility to

downscale resource provisioning. By shortening amor7za7on periods from years to hours, a firm can
react to changing business condi7ons during periods of economic recession while minimizing
investment risks (Armbrust et al., 2009). If the hardware was purchased then downscaling always
implies a financial loss for the amount of resources not used. On the contrary, when the applica7on is
hosted on the cloud a firm can downscale its resources within minutes without financial

consequences. This is specially interes7ng taking into account hardware’s speed of deprecia7on as it
loses market value immediately arer being acquired.
Some examples of this use paOern are the use of Amazon S3 storage for TwiOer avatars, the
use of the Azure plaxorm for Wordpress blogs, and the sorware scalability achieved by PresidioHealth
on the Appistry Cloud IQ plaxorm. This use paOern demonstrate how fast growing organiza7ons can
leverage infrastructures to cover for their success being able to handle unexpected exponen7al
demand curves.
4.3. High Performance Compu*ng

Another of the most common use paOerns found is the access to an almost infinite amount of
compu7ng resources to perform heavy computa7onal tasks on a 7mely and cost efficient manner. This
use paOern is mainly applied to “on and off” workloads were heavy computa7onal tasks are carried
out during a brief period of 7me.
As Cloud Compu7ng can deliver an almost unlimited amount of compu7ng resources they are
ideal plaxorms to perform high performance compu7ng tasks. Performing heavy computa7ons on a
limited amount of resources oren implies large performing 7mes. Instead, performing the same task
but distributed and concurrently over a large amount of resources leads to significant lower task
fulfillment 7mes. An example of this situa7on can be found in extensive calcula7ons involving a large
number of variables. Since these types of calcula7ons will take a lot 7me and resources when
performed at internal infrastructures, organiza7ons can benefit from the large parallel processing that
cloud solu7ons offer.
An important implica7on of this use paOern is that Cloud Compu7ng can bring high volumes of
compu7ng power to people and organiza7ons that otherwise could never have such capabili7es to
their disposal. It breaks the informa7on asymmetry from the past years, where informa7on was
generated by end users but only a few firms (e.g. Microsor, Google, Yahoo, etc.) had the resources to
process this informa7on and get advantage from it (Armbrust et al., 2009).
Some examples of this use paOern are BT’s calcula7ons of mobile plans, the New York Times
conversion of their archives, and the gene7c model tes7ng and simula7ons at Harvard Medical School.
BT’s mobile plan calcula7ons were performed more efficiently on a cloud plaxorm than ever before on
their internal infrastructure involving millions of records in around 3.6 terabytes of data (DAuria &
Nash, 2009). The New York Times converted 4 terabytes of 7ff files into pdf files on Amazon EC2 with
substan7al savings in 7me (days instead of weeks) and money (hundreds of dollars instead of
thousands). Harvard Medical School used Amazon EC2 to run gene7c tes7ng models and simula7ons
resul7ng also in significant cost and 7me savings.

4.4. Fail-‐over / Backup
One use of Cloud Compu7ng that has been observed in mission cri7cal applica7ons like
hospital’s pa7ent administra7on systems are fail-‐over and data replica7on (DAuria & Nash, 2009).
When internal infrastructures fail the produc7on environment is quickly set to the cloud solu7on
where the system is replicated.
The separa7on of data from applica7ons is a current trend that will make Cloud Compu7ng
more aOrac7ve in the near future (Hiner, 2009). To guarantee con7nuity and availability there is an
increasingly tendency in web applica7ons to facilitate off-‐line work that is synced to the online
environment once the client goes back online (e.g. Google Gears) (Hiner, 2009). Some possible fail-‐
over architectures and their implica7ons are depicted in table 12.
Table 12: Fail-‐over architectures using Cloud Compu*ng
Infrastructure Failover Availability Costs Control
Self Managed Self Managed Best Effort High High
Self Managed Cloud Best Effort + SLA Moderate Intermediate
Cloud Cloud SLA Low Low
Cloud Self Managed SLA + Best Effort Moderate Intermediate
When a firm uses his own infrastructure and his own failover mechanisms, system’s availability
is guaranteed by the company’s performance (best effort). This kind of solu7on is expensive since
monitoring, problem analysis and problem solving is carried out by the organiza7on. However, the
organiza7on has the highest degree of control in solving the situa7on at hand. In mixed models where
either the infrastructure or the failover mechanism is managed by a Cloud Provider, costs decreases in
detriment of control scope. Where organiza7ons deploy a pure cloud construc7on where
infrastructure and failover mechanisms are managed by Cloud Providers, the degree of control as well
as the costs are minimized. Following the principle of “no single point of failure” we will have to
discard the pure managed architectures and the ones using a single (or interconnected) cloud provider
as they represent a single point of failure (Armbrust et al., 2009).
There are several examples of organiza7ons leveraging Cloud solu7ons for fail-‐over and
backup. Some examples are 37signals, Zmanda and Jungle Disk. All three organiza7ons have created
backup solu7ons on top of Amazon S3 storage solu7on.
4.5. Business Agility / Faster *me to market

Another advantage of Cloud Compu7ng is that it drives innova7on cycles by reducing contract
dura7on and upfront capital investments. Taking this into account, companies can try out projects that
are regarded as “too risky” without compromising large amounts of capital (Howarth, 2009) (Broek,

2009). Moreover, once an applica7on has been deployed on the Cloud it can be delivered
simultaneously around the globe to a great variety of devices reducing deployment 7mes significantly.
Cloud Users can determine the exact level of resource needed at any moment allowing them
to scale up or down when needed. This elas7c character is unique in the sorware world and enables
companies to capitalize on market opportuni7es on a much faster pace that they otherwise could
(Hinchcliffe, 2009). Examples of this use paOern can be found in PresidioHealth with the PaaS Appistry
solu7on, and Siemens and SugarCRM that leverage Windows Azure to achieve faster applica7on
development and deployment.
4.6. External Knowledge and Experience

A some7mes overlooked use paOern of Cloud Compu7ng is the availability to leverage external
(technical) knowledge and experience. Organiza7ons that have limited technical knowledge or have
difficul7es in acquiring and maintaining that knowledge can achieve substan7al performance
improvements and cost savings by using a Cloud Provider that has that technical knowledge and
exper7se (Howarth, 2009) (Cunningham & Wilkins, 2009). Moreover, according to McKinsey research,
adop7ng a Cloud Compu7ng solu7ons can lead to savings in IT staff of around 10 to 15 percent
(DAuria & Nash, 2009).
Due to the size of Cloud Providers they can aOract the best professionals to assure
compe77veness with other offerings. As highly knowledgeable employees are scarce and expensive,
Cloud Users can beOer reallocate exper7se and money to their core business, crea7ng new solu7ons
instead of maintaining exis7ng ones (Hinchcliffe, 2009). Examples of organiza7on using Cloud
Compu7ng to leverage external knowledge and experience are hos7ng provider GoGrid which builds
solu7ons on top of Windows Azure, Associated Press which encourages external developers to build
applica7ons on Windows Azure and Rover Apps which uses the Rackspace Cloud to improve the
performance of their infrastructure.

5. Cloudnomics: Cloud Compu*ng Economics
As Cloud Compu7ng has significant economic implica7ons we analyze them further in this
sec7on. In 7mes of economic difficul7es like nowadays Cloud Compu7ng represents a cash flow
friendly approach to provide new projects with the required IT resources (Schadler, 2009) (DAuria &
Nash, 2009) (McLaughlin, 2009a) (Spinola, 2009). The elimina7on of upfront investments and the pay-‐
as-‐go billing model are probably the most important financial benefits of this new compu7ng
paradigm (Howarth, 2009) (Treese, 2009) (Leighton, 2009). Cloud services are expected to save one
third to one half of current opera7ng costs as opera7onal tasks like backup, upgrades and so on are
carried out by the Cloud Provider (DAuria & Nash, 2009) (Treese, 2009).
In table 13 the financial benefits of Cloud Compu7ng as described by Forrester research are
depicted (Forrester, 2008). In order to enable a clear understanding of the economic implica7ons of
Cloud Compu7ng we further describe in this sec7on the most relevant ones.
Table 13: The Financial Benefits of Cloud Compu*ng (Forrester, 2008)
5.1. Capital Expenses versus Operational Expenses

! In financial terms we can differen7ate two types of expenses: opera7onal expenses (OPEX) and
capital expenses (CAPEX). Opera7onal expenses are incurred when resources are needed to support
ongoing businesses while capital expenses are regarded as investments in assets and should be
accounted for in the corporate balance sheet. CAPEX investments are subject to amor7za7on periods
that spread the impact on the income statement over 7me as prescribed by (inter)na7onal laws.
Acquiring new hardware for a data center is a typical example of a CAPEX investment while
contrac7ng a Cloud Compu7ng service is an example of an OPEX expense (Schadler, 2009) (Howarth,
2009) (Hiner, 2009) (Kirsner, 2009) (Golkar, 2009) (Michelson, 2009).

This implies that investment 7mes can be reduced from the amor7za7on horizon (e.g. 4 years)
to the fiscal’s year dura7on (e.g. 1 year) as the amount spend for resources in that year is account for
directly on the yearly income statement without amor7za7on periods (Spinola, 2009).
According to Forrester, the improvement of investment horizons has specific financial

advantages specially for venture capitalists. Instead of compromising capital for years Cloud Users can
pay per month in accordance with the project’s success rate. If a project does not meet the
expecta7ons it can be stopped without compromising capital resources (Cunningham & Wilkins,
2009). This form of risk mi7ga7on and the improved cost transparency of Cloud Compu7ng are
appealing advantages for CFOs (Schadler, 2009) (Howarth, 2009) (Sheehan, 2009b).
5.2. No large upfront investments & Pay-‐as-‐you-‐go license model

One of the most important advantages of Cloud Compu7ng is the reduc7on of the upfront
capital expenses in hardware and sorware when crea7ng and deploying solu7ons (Armbrust et al.,
2009). This is specially interes7ng for new products or services where demand is highly unpredictable
and therefore tradi7onal resource alloca7on can lead to capital losses due to over-‐provisioning or
under-‐provisioning (Armbrust et al., 2009). The financial consequences of these two risks are wasted
resources or missed revenue respec7vely.
Using Cloud Compu7ng, hardware installa7on and maintenance costs are shired to Cloud
Providers. On the contrary, running your own data center implies installing and replacing every piece
of hardware manually with the corresponding opera7ng costs. Specially in countries where IT human
capital is rather expensive and difficult to find (e.g. The Netherlands) this is an interes7ng opportunity
to take into account given the transparent pay-‐as-‐you-‐go pricing offered in Cloud Compu7ng solu7ons.
As a consequence of Cloud’s elas7c character it is possible to reduce upfront investments improving
the overall cost efficiency of IT opera7ons.
5.3. Cost reduc*ons

Some of the costs associated with running a data center can be categorize as physical costs.
Examples of these physical costs are the loca7on where the data center is built, electricity, cooling
systems, etc. Recent studies have es7mated that the cost of resources per unit roughly doubles when
taking into account these physical costs (Armbrust et al., 2009). According to many experts Cloud
Compu7ng is expected to leverage a large diversity of cost savings in ICT opera7ons (Golkar, 2009).
According to a IDC research, around 70% of IT budgets are used to maintain current IT
capabili7es. Moreover, according to the US department of energy around 85% of compu7ng capacity
is idle most of the 7me (Spinola, 2009). If we also take into account the rising energy prizes it is clear
why Cloud Compu7ng can significantly contribute to cost efficiency.

Recent studies have es7mated average server u7liza7on in data centers to be between 5% and
20% (Siegele, 2008). Although this might seem inefficient, we have to take into account that peak
workload can mul7ply average u7liza7on by 2 to 10 7mes which needs to be considered when
prealloca7ng resources on-‐premises (Armbrust et al., 2009). When the infrastructure is not elas7c
then peak capacity must be embedded beforehand in each of the individual physical machines to
guarantee the availability and con7nuity of services. This means that when using solu7ons on-‐
premises around 80% to 95% of all resources are “wasted” during non-‐peak periods. The elas7c
character of the cloud eliminates the need to account for peak load beforehand since applica7ons can
automa7cally scale when needed as demand increases or decreases.
Figure 7: Worldwide Server Spending
Taking into account the divergent resource

consump7on of sorware applica7ons and its dynamic
development over 7me it does not make much sense
to buy IT capabili7es as sets of resources (e.g.
mainframes, servers, etc.), but rather as separate
resources (e.g. CPU, RAM, etc.) in the amount needed
over 7me. Using this approach the match between
resource u7liza7on and provisioning reduces resource
waste due to underu7liza7on. Moreover the risk of
under-‐provisioning resources is also mi7gated
(Armbrust et al., 2009).
5.4. Economies of Scale

The mul7 tenancy character of web based sorware allows Cloud Providers to achieve
economies of scale by sharing physical resources among as many clients as possible (Hinchcliffe, 2009)
(Broek, 2009). In Private and/or Internal Clouds this is less relevant and depends on the poten7al
savings in the current infrastructure. Among others, economies of scale can be achieved on hardware,
sorware, management, energy supplies, physical loca7ons, maintenance, backup, administra7on, etc.
According to previous research, by achieving economies of scale Cloud Users can buy their
resources at a factor 1/5 to 1/7 than they otherwise would (Armbrust et al., 2009). However, There
are significant differences on the billing methods currently applied by Cloud Providers. Billing storage
and network bandwidth consump7on is a straight forward task. as the total number of units can be
easily divided and consump7on can be measured on those units. However, depending on the
virtualiza7on level, computa7onal resources are not as simple to monitor and bill (Armbrust et al.,
2009).

Some solu7ons (e.g. Google’s AppEngine) automa7cally scales up and down to changing
consump7on demands billing customers for the number of cycles used. Other solu7ons (e.g. Amazon
Web Services) charge users on a 7mely basis (e.g. per hour) for the amount of resources available in
an instance, regardless of those resources are fully consumed or not. One of the latest developments
on cloud based billing methods is Amazon’s Spot Prices which are dynamically set by supply and
demand. Cloud Providers can experiment with these billing methods to find the one maximizes their
profits.

6. Risks of Cloud Compu*ng
With every innova7on new capabili7es emerge but they imply also new risks to users. As Cloud
Compu7ng is an emerging phenomenon Cloud Users should carefully take into account the risks
associated with this new model compared to other alterna7ves (e.g. on-‐premises). We base this risk
analysis on previous research (Armbrust et al., 2009) (ENISA, 2009) that has iden7fied a series of
security issues in Cloud Compu7ng solu7ons. Moreover, we complement these findings with other
commercial publica7ons and the perspec7ves of consultants and analysts.
We have classified cloud related risks into three groups: opera7onal risks, compliance risks and
standards related risks. For each risk we refer to some (par7al) solu7ons for risk mi7ga7on or
avoidance currently being offered by Cloud Providers. As security is probably the most men7oned risk
of Cloud Compu7ng we describe it separately in the next sec7on (see sec7on 7).
6.1. Opera*onal Risks

Opera7onal Risks are encountered by Cloud Users when using a Cloud Compu7ng solu7on. In
this sec7on we elaborate on some of the most relevant opera7onal risks in current clouds: service
availability and performance, third party and network dependencies, lack of cloud management tools
and reputa7on sharing.
A. Service Availability
The degree of service availability required is highly applica7on dependent. However, high
availability is in almost all cases a desired property that improves performance and leads to a beOer
user experience. However, although large Cloud Providers should in theory have a more reliable and
secure system than individual organiza7ons this is in prac7ce not always the case (Bakker, 2009). Even
the most redundant infrastructure can fail as reflected in the list of documented cloud incidents
included in appendix E (Leighton, 2009).
It is important to note that fully availability (100%) is impossible to guarantee when using
shared ungoverned infrastructures (e.g. Internet). Nevertheless Cloud Users should carefully compare
historic Cloud Provider’s availability rates with availability rates at their current infrastructure (e.g. on-‐
premises or at another provider). There are few enterprises in the world that can achieve higher
availability rates than the largest Cloud Providers (e.g. Google’s 99,9%, Amazon’s 99,95%, Microsor’s
99,95%, etc.).
In order to maximize service availability, one possible solu7on could be to implement one of
the mixed fail-‐over architectures described previously in this research (see Cloud Use PaOerns). If we
combine on-‐premises and cloud solu7ons where one of them is deployed as a fail-‐over we can cover
for possible service unavailability. However, this solu7on can increase opera7ng costs significantly as
everything needs to be redundantly deployed. For this reason it is important that Cloud Users balance
the level of desired availability against the costs of achieving that level.

B. Service Performance
In previous research (Armbrust et al., 2009) a analysis has been made on cloud performance
for each type of resource. UC Berkeley found that although processing (e.g. CPU) and memory (e.g.
RAM) resources can be shared between virtual machines on the cloud without performance
detriment, there is a significant performance issue in input/output (I/O) opera7ons between virtual
machines on the cloud sharing the same physical disk. This could result in some cases in I/O latencies
that could affect service performance.
Taking into account that applica7ons are becoming more data intensive and bandwidth costs
are not decreasing in price at the same rate than other hardware does, the costs of transferring data
to and from the cloud must be taken into account when considering Cloud Providers. With current
networking capabili7es, transferring large amounts of data implies large amounts of 7me and money.
Calcula7ons in previous research (Armbrust et al., 2009) have discovered that in some cases might be
more effec7ve to ship data physically instead of transferring it electronically. This approach is followed
by Amazon that allows the physical sending of data containers (e.g. DVD) with data to be stored on
their Cloud. Once the media container is received Amazon sets the data on the Cloud User’s S3 service
account free of transfer charges.
Another approach to deal with network throughput limita7ons could be to limit the amount of
data to be stored on the Cloud. As more public data sets (e.g. data.gov sets, geographical loca7ons,
zip-‐codes, etc.) become available on the cloud, a firm does not need to transfer all data to the cloud.
An applica7on can (re)use these public sets without incurring in transmission costs. Moreover, due to
the centralized character of the cloud, these public data collec7ons will be kept up to date without any
effort needed from the Cloud User.
Future developments in networking technology promises a significant increase in bandwidth
reducing the 7me and money needed to transfer large data sets. For example, in 2010 the cost of a 10
Gigabit Ethernet server connec7on is predicted to fall to around $200 (against $1000 nowadays) while
the new 40 Gigabit Ethernet and 100 Gigabit Ethernet will soon become available.
C. Third Party Dependency

Using a Public or External Cloud Compu7ng solu7on can be compared to a certain extend with
outsourcing where certain tasks (applica7on development in SaaS, infrastructure opera7ons in IaaS,
etc.) become the responsibility of the Cloud Provider. This implies some concessions from the Cloud
User when compared to on-‐premises solu7ons where the organiza7on has full control and decision
rights over the infrastructure. A Cloud User can however extend the scope of control by clearly
defining responsibili7es in their Service Level Agreements (SLAs) with Cloud Providers or by building
Internal Clouds. Moreover, Cloud Users should be aware that Cloud Providers can modify the terms of
service without the legal obliga7on of directly no7fying Cloud Users about it (Reingold & Mrazik,
2009).

In situa7ons where a firm’s (cri7cal) applica7ons and data are going to be trusted to a third
party it is also important to consider the trustworthiness and con7nuity of the provider as well as the
reliability of the offering (Bakker, 2009) (Arnold, 2008a) (Hiner, 2009) (Treese, 2009) (Leighton, 2009)
(Brynko, 2008). Cloud Users should be aware of the financial situa7on of the Cloud Provider over 7me
and develop strategies to cope with possible provider’s bankruptcy. One possible solu7on could be to
use more than one Cloud Provider where some are configured as fail-‐overs of the other one(s).
D. Network Dependency
A Cloud User is always dependent on its Internet connec7on’s reliability and speed to access
the service in terms of bandwidth and latency (Arnold, 2008a) (Bakker, 2009) (Golden, 2009).
Although some vendors have developed solu7ons that facilitate offline work that is later synchronized
when there is an Internet connec7on (e.g. Google gears) it is s7ll not a standard func7onality in all
Cloud Compu7ng offerings.
Another important considera7on is the ungoverned character of the Internet. When data is
transmiOed through this public network the route to be followed is unknown and unpredictable being
an inherent characteris7c of the TCP/IP protocol (Leighton, 2009). Depending on the specific network
situa7on at a certain point in 7me (e.g. conges7ons, malfunc7ons, etc.) the selected route can be
different, which can result in unpredictable network latencies. Although using current networking
technologies an organiza7on can transfer data across the globe with latencies of milliseconds, certain
types of applica7ons are less tolerant for latencies like for example real-‐7me trading systems. These
applica7ons are for this reason not fiOed to be hosted on the Cloud (Armbrust et al., 2009).
Although the quality of the network can be par7ally safeguarded in SLA’s (service level
agreements), it is not clear wether the economic claims arer a malfunc7on fully cover the damage
suffered (e.g. Client lost, Brand damage, etc.) (Bakker, 2009). Moreover, although SLAs can help to
prevent failures, they do not solve the problems arising from wrong designed architectures (Sheehan,
2009b).
E. Lack of Cloud Management Tools

A new paradigm like Cloud Compu7ng requires a new set of tools to monitor, op7mize and
automated infrastructures. However, currently most cloud offerings are lacking such tools providing
only simple APIs to operate it with significant limita7ons, specially in management func7onality
(McLaughlin, 2009a). Some Open Source solu7ons are currently being developed to include
management tools out of the box (e.g. Open Nebula, Eucalyptus, etc.). Organiza7ons should carefully
evaluate which cloud management tools they need and select the provider that most closely matches
the func7onality required.

F. Reputa*on Sharing
In Public Clouds the same physical infrastructure is shared among various Cloud Users. As a
consequence, the use of a Cloud Compu7ng solu7on by an user with dubious inten7ons (e.g. spam)
can affect the overall performance of that solu7on and its users (Armbrust et al., 2009). For example,
if an IP address has been blacklisted due to spam, and then the IP address is reallocated to a new
customer the new user will suffer from the other customer’s misbehavior. As this risk mainly occurs on
shared infrastructures at the network layer the use of sta7c or reserved IP addresses can address it in
most cases.
6.1. Compliance Risks

Besides opera7onal risks, Cloud Users should also consider how the envisioned Cloud solu7on
complies with the applicable laws and regula7ons in their context. The differences in na7onal
legisla7ons between the loca7ons of both Cloud User and Cloud Provider, the lack of transparency of
Cloud Provider’s opera7ons and data confiden7ality issues are among the most relevant compliance
risks when using a Cloud solu7on. In the following paragraphs we describe this risks briefly.
A. Compliance with Laws and Regula*ons

Some types of organiza7ons (e.g. Banks, Hospitals, etc.) need to comply with specific
regula7ons on how sensi7ve data is stored and the accessed. These regula7ons are developed to
safeguard privacy and avoid fraud. Some examples of these regula7ons are PCI, SAS 70, SoX and HIPAA
among many others. As current (inter)na7onal laws and legisla7ons are developed in the past for
transac7ons with physical goods, the dynamic virtual characteris7cs of Cloud Compu7ng whose
infrastructures can span various con7nents presents new challenges for prac77oners (Urquhart,
2009a) (Bakker, 2009).
It is important to note that while in past compu7ng paradigms users maintained full possession
and control over their data, Cloud Compu7ng solu7ons imply new legal considera7ons to take into
account due to the fact that the legal responsibility to protect private or confiden7al data s7ll remains
on Cloud Users. In this context, an important aspect to take into account is the geographical loca7on
of the provider and therefore the rules and regula7ons that the provider has to comply with (DAuria &
Nash, 2009) (Mansfield-‐Devine, 2008). Cloud Providers tend to place their new data centers on
loca7ons where resources are cheap which are oren developing or underdeveloped countries. These
countries might not be the best place to store sensi7ve data (Bakker, 2009).
Because a Cloud Provider can be located anywhere in the world, differences in legisla7on
become a very important barrier for adop7on (Lewis, 2009) (Reingold & Mrazik, 2009). There are for
example significant differences between the EU Data Protec7on Direc7ve and the US Patriot Act.
These differences should be considered when selec7ng a provider as for example a Cloud User in the
EU must comply with EU legisla7on while his data stored in the USA is subject to USA legisla7on
(Mansfield-‐Devine, 2008). If the Cloud Provider is for example located in the USA, then all the

informa7on stored by Cloud Provider is subject to the Patriot Act, and therefore can always be
accessed by USA governmental organiza7ons. This is not the case in the European Union, where law
enforcement does not always imply default access to sensi7ve informa7on.
A solu7on to these geo-‐localiza7on issues could be that Cloud Providers facilitate the division
of data into country blocks that will comply with the regula7ons of each individual na7on. This is
currently offered by various providers like for example Amazon which allows Cloud Users to determine
where to store their data, offering the possibili7es of their Ireland’s data center in Europe and two
data centers in the USA (west and east coast data centers). This feature is at the moment of wri7ng
being incorporated to other solu7ons like Rackspace’s Cloud and Terremark’s Enterprise Cloud among
others.
B. Lack of Transparency

Some recent cloud outages, like the one suffered by Google Apps on May 14th 2009 are
genera7ng some concerns among poten7al adopters. The main issue commented on the media is how
Cloud Users can “protect something they can’t even see” (Arellano, 2009) (Spinola, 2009). When
failures occur in a large distributed system it is very difficult to iden7fy the origin as the system cannot
be replicated on a smaller scale. If Cloud Providers do not offer enough transparency and assurance in
the form of globally accepted audit (quality) cer7fica7ons it is almost impossible to audit their
solu7ons which is a strong barrier for Cloud Users to achieve their compliance requirements.
As the level of transparency varies strongly between providers, Cloud Users should select the
provider that provides them with the desired transparency to comply with laws and regula7ons. This
could be in the form of cer7fica7ons (e.g. SAS 70, ISO, etc.) or by providing full access to the
underlaying resources. Moreover, when evalua7ng the pricing of Cloud offerings Cloud Users should
take into account the effects of informa7on asymmetry arising from the current lack of transparency
in offerings.
C. Data Confiden*ality
One of the most important barriers for the adop7on of Cloud Compu7ng is the lack of
assurance of data confiden7ality. Among others, the loca7on where data is stored, how secure it is
stored and transferred to and from the cloud, data access management and procedures for the
disposal of data are some of the concerns of Cloud Users related to data confiden7ality.
Data confiden7ality is specially a risk in cloud models where data is transferred outside the
organiza7on through public networks (e.g. Internet) and when storing data on third par7es' systems.
Transferring data outside the organiza7on implies an added risk compared to on-‐premises
infrastructures as data leaves the organiza7onal domain and its security scope (e.g. firewall) and
therefore it cannot be fully controlled by the organiza7on. It is important to note that when data
travels over public networks (e.g. Internet) there is no fully control over data confiden7ality unless
specific security measures are taken (e.g. VPN networks, Point-‐to-‐point connec7ons, encryp7on, etc.).

A popular statement on the externaliza7on of data storage is “My sensi7ve corporate data will
never be in the cloud” (Armbrust et al., 2009). Although this is an understandable point of view there
are two important remarks to be made. First of all, in the context of tradi7onal managed hos7ng the
client’s data is already stored on a third par7es’ systems so it is not much different to store them on a
Cloud Provider’s system if they as trusted as the firm’s hos7ng provider (Howarth, 2009).
Secondly, security research indicates that vulnerabili7es are more oren generated internally
than externally, by own employees. According to previous research one third of IT professionals oren
misuse their rights to access sensi7ve informa7on (Spinola, 2009) This means that storing data on the
cloud with secure access policies could even improve current data access management.
Cloud Providers have a large dedicated security departments and they invest con7nuously in
securing their infrastructure. In words of Forrester’s analyst Jason Staten: “Security is one of the core
competencies of the cloud provider” (Golkar, 2009). Taking into account this perspec7ve, trust
represents a cri7cal ingredient for the successful adop7on of Cloud Compu7ng (Hiner, 2009)
(Mansfield-‐Devine, 2008). The lack of trust with Cloud Compu7ng environments can be compared to
some extend with the first developments in ICT where informa7on on screen was regarded to be less
reliable than on paper. As this new model matures, trust will become a less relevant issue for
adop7on.
Some experts suggest the mandatory use of encryp7on to safeguard data confiden7ality
(Reingold & Mrazik, 2009) (Brynko, 2008) (Spinola, 2009). Although this is oren the case when
transferring data to and from the Cloud Provider, it is oren skipped for cloud stored data as it can
imply a significant detriment in the quality of service provided (Reingold & Mrazik, 2009).
Nevertheless, it is highly recommended that Cloud Users select a provider that applies encryp7on also
to the data stored besides delivering the quality of service needed.
6.1. Standards Related Risks

One of the most important barriers for the current adop7on of Cloud Compu7ng is the lack of
standards that can lead to vendor lock-‐in situa7ons. Although the Cloud Compu7ng paradigm is
rela7vely new, there are a large variety of Cloud offerings being introduced every month. As every
Cloud solu7on is different than the other ones, and most of them support only specific vendor’s
products (e.g. databases, programming languages, etc.) there is an increasing need for
standardiza7on to prevent vendor lock-‐in. Open cloud standards are specially needed to enable cloud
inter-‐operability and hybrid models.
A. Lack of Standards

Although the “de facto” standard will be set by the stronger Cloud Provider, it is very important
to par7cipate in the development and adop7on of formal standards as they provide choice and
flexibility to Cloud Users and avoid vendor lock-‐in situa7ons (Hinchcliffe, 2009).

A series of formal and informal organiza7ons are currently working on the development of
Cloud Compu7ng standards like the Open Cloud Consor7um (OCC), the Cloud Standards Coordina7on,
the Open Grid Forum’s Open Cloud Compu7ng Interface (OCCI) and the The Open Group Cloud Work
Group. The Open Cloud Consor7um (OCC) is a member driven organiza7on that supports the
development of standards for Cloud Compu7ng and frameworks for interopera7ng between clouds
with a focus in large data clouds. The Cloud Standards Coordina7on (cloud-‐standards.org) is a informal
wiki to document the ac7vi7es of the various groups working on Cloud Standards. The Open Cloud
Compu7ng Interface (OCCI) working group is an informal group which is currently developing an API
specifica7on for the remote management of Cloud Compu7ng infrastructures. The Open Group Cloud
Work Group aims to support enterprises of all sizes in their adop7on of Cloud Compu7ng by
developing open standards that guarantee portability and avoid vendor lock-‐in situa7ons.
In the absence of formal standards, at the IaaS level “de facto” standards are emerging which
are oren based on the underlaying virtualiza7on technologies. Amazon’s Xen based AMI format for
instances in the cloud (e.g. units of aggregated resources) and VMware’s virtual image format are two
of the most common formats that can be currently regarded as “de facto” Cloud Compu7ng standards.
B. Vendor Lock-‐in
In the early stages of any technological innova7on there is an increased risk for vendor lock-‐in
(Reingold & Mrazik, 2009). As vendors are s7ll developing their own vision on Cloud Compu7ng a
Cloud User can fall into this situa7on when vendor’s views differ significantly from each other
(McLaughlin, 2009a). Specially, the lack of Cloud Compu7ng standards can lead to vendor lock-‐in
situa7ons as organiza7ons deploy vendor formats not supported by other vendors.
Most cloud APIs are proprietary crea7ng barriers for migra7ng data and applica7on between
Cloud Providers. A Cloud User suffering from vendor lock-‐in is more fragile to raises in services prices
and to provider's bankruptcy. They would have to accept price increases as they are, and they could
be in serious trouble if their supplier goes out of business (Armbrust et al., 2009).
Some ini7a7ves to prevent data and vendor lock-‐in are the Cloud Compu7ng Interoperability
Forum and The Open Cloud Manifesto by IBM. However their pioneering efforts have not lead yet to
an industry wide trend to develop and adopt standards. This lack of standards could seriously difficult
migra7ng to another Cloud Provider in the future resul7ng in ver7cal vendor lock-‐in situa7on (Bakker,
2009) (EvereO, 2009).

7. Cloud Security
There is an interes7ng security paradox in Cloud Compu7ng compared to on-‐premises
infrastructures. While the concentra7ons of large amounts of resources and data are a more aOrac7ve
target to aOackers, Cloud solu7ons are oren more robust, scalable and cost-‐effec7ve, improving the
overall security of the solu7on (Reingold & Mrazik, 2009). Nevertheless, Cloud Users need to carefully
consider security issues arising from this new paradigm. According to the ENISA report on Cloud
Compu7ng security (ENISA, 2009), organiza7onal Cloud Users are confronted with some security
issues that are absent at on-‐premises infrastructures. In this sec7on we first look at the arguments
that suggest that Cloud Compu7ng is a more secure op7on than on-‐premises to con7nue with the
arguments that indicate the contrary.
A. Cloud Compu*ng as a more secure op*on than on-‐premises

It is oren wrongly assumed that a Cloud infrastructure is per defini7on less secure than an on-‐
premises infrastructure. Most large Cloud Providers have deployed beOer security measures than a
small or medium enterprise as their core business depends on it. Moreover, Cloud Providers affirm
that their environments are safer than local infrastructures due to the facts that they have backup
systems in place by default and perform security updates almost instantly. Some providers have
gathered technological exper7se over the years using real-‐7me detec7on systems for on-‐demand
security. Moreover, they fragment data across mul7ple loca7ons enabling more efficient disaster
recovery and storage solu7ons (Reingold & Mrazik, 2009) and as most aOacks are the result of late
sorware updates and server misconfigura7ons due to lack of 7me (Spinola, 2009) they are less likely
to take place on a cloud at providers which are highly concerned about updates and server
configura7on (c.q. it is their core business).
Another important remark that suggests beOer security in the Cloud is the effects of
economies of scale on security. The same security measures currently deployed on-‐premises (e.g.
Encryp7on, Virtual LANs, firewalls, DMZs, etc.) can also be implemented on cloud environments. As
security hardware is rather expensive and due to the economies of scale enjoyed by Cloud Providers,
cloud environments can deploy beOer (more secure) hardware and sorware improving the overall
security compared to tradi7onal data centers (Armbrust et al., 2009).
One of the most remarkable security benefits in Cloud Compu7ng iden7fied by ENISA is to
leverage the elas7c on-‐demand property of the Cloud as a protec7on against denial of service aOakcs
(DDoS). However a new security issue arises in return, the Economic Denial of Services (EDOS) aOack.
Although the service is kept available on the Cloud, the unintended use of the applica7on can
generate unexpected costs as the cloud infrastructure must s7ll be paid on a usage basis.
Nevertheless, the experience and dimensions of Cloud Providers makes them more capable to detect
and absorb these aOacks than individual companies with limited resources as they are more oren

confronted with them and they affect directly the performance of their core business (Armbrust et al.,
2009).
B. Cloud Compu*ng as a less secure op*on than on-‐premises

A cloud infrastructure containing vast amounts of data is a more aOrac7ve target for bad
inten7oned individuals (Bakker, 2009) (Treese, 2009) (Mansfield-‐Devine, 2008). By discovering and
exploi7ng one single infrastructure they could get their hands on immense amounts of informa7on
that would otherwise have take them much more effort to obtain. Moreover, the web based character
of Cloud Compu7ng solu7ons makes it more suscep7ble for network aOacks and security exploits at
browser level than non web-‐based infrastructures.
Previous research has iden7fied some security issues arising from the use of Cloud Compu7ng.
Among others, access policies, regulatory compliance, inves7ga7ve support, data loca7on, data
segrega7on, and recovery and long term viability are some of the security risks when using Cloud
Compu7ng (Mansfield-‐Devine, 2008).
• Access Policies: The single sing-‐on solu7on being deployed by many leading internet firms allows
an user to switch between cloud applica7ons without the need of login every 7me. Although this
significantly improves usability, it also represents an important security flaw due to the fact that
once the login is compromised then all applica7ons become vulnerable (Mansfield-‐Devine, 2008).
This single sing-‐on represents a single point of failure for Cloud infrastructures and it is currently
being mi7gated by Cloud Providers by using two factor authen7ca7on methods.
• Regulatory Compliance: In the area of data governance, Cloud Users need to be sure that other
cloud users will never be able to access their data (Mansfield-‐Devine, 2008). In some cases Cloud
Providers have created an infrastructure that fully complies with external regula7ons on this
maOer. As an example, Google Apps systems and processes fulfill to SAS 70 Type II audit of control
measurements to protect data. Since Cloud Users are oren not allowed to look into the Cloud’s
security infrastructure, trust on the provider and on the audit results becomes an important
enabler for adop7on (Mansfield-‐Devine, 2008) (Broek, 2009). Compliance issues arise in many
cases by the lack of transparency of Cloud Providers but also from the lack of auditors’s
technological knowledge (McLaughlin, 2009a). According to a CIO.com survey, adding a Public
Cloud to your architectural design will certainly result in more complexity and therefore less
understanding from external auditors.
• Inves*ga*ve Support: It is important to note that when selec7ng a Cloud Provider its security
model should be carefully scru7nized as the customer is oren ler to the audit findings supplied by
the provider. Cloud Users cannot respond to audit findings or examine security implementa7ons at
provider’s level. Performing a security audit on a cloud based system is almost impossible as Cloud
Providers oren do not provide full access to their infrastructure. Moreover, ENISA signals a
security risk based on the lack of contractual rights to perform security analysis (e.g. port scans
penetra7on tests, etc.) by Cloud Users. Although these analysis are oren performed by Cloud

Providers, they are not reflected in Service Level Agreements (SLA) which leads to uncertainty on
whether they are performed or not, and what are the results.
• Data Loca*on, Segrega*on, Recovery and Disposal: ENISA iden7fies some jurisdic7onal issues
related to the loca7on of data storage. Moreover, the mul7-‐tenancy and shared resources
character of Cloud Compu7ng can represent addi7onal risks for organiza7ons when isola7on
mechanisms separa7ng tenants fail (e.g. guest-‐hopping & cartographic aOacks). The integrity of
Cloud Provider’s employees should also be taken into account. As security is more oren
compromised internally and the cloud represents a large volume of data, Cloud Users must
carefully analyze how Cloud Providers protect data from internal security breaches. Procedures for
data disposal should also be taken into account. Once data is deleted by a Cloud User, the Cloud
Provider must assure that the deleted data cannot be restored, specially in shared infrastructures
where hardware is reallocated to a different user.
• Long Term Viability: The absence of standard tools, procedures, data formats and services
interfaces to guarantee data, applica7on and service portability can significantly difficult the
migra7on to other Cloud Provider or to an on-‐premises seung. This situa7on can result in high
dependency on a single Cloud Provider and therefore vendor lock-‐in situa7ons. In a situa7on of
vendor lock-‐in Cloud Users must also be aware of the risk of provider’s bankruptcy and develop
methods to recover data in such situa7ons.
• Disinvestments & Spoiler Effect of Informa*on: There is a interes7ng paradox in cloud security. As
companies have invested in highly secure and expensive measures like DMZs or firewalls, adop7ng
a cloud infrastructure will mean that these measures are not longer necessary because everything
is stored outside the organiza7on’s boundaries without direct control on the security measures to
protect it (Mansfield-‐Devine, 2008). Moreover, Cloud Users should be aware of the spoiler effect
of informa7on. While a company’s infrastructure security is not well known to outsiders, Cloud
Provider’s security measures are publicly available, making it easier for hackers to exploit
vulnerabili7es (Mansfield-‐Devine, 2008).
One of the most important trade-‐offs that Cloud Providers need to make is that of robustness
versus pragma7sm of the plaxorm (Hinchcliffe, 2009). While offering enterprise func7onali7es is very
important, they nee to deliver them in a pragma7c way to facilitate its adop7on by Cloud Users.
Moreover, when selec7ng a Cloud Provider, Cloud Users need to select the offering that provides them
with the right balance between robust security and pragma7sm for their specific situa7on.
The Jericho Forum and the Cloud Security Alliance (CSA) are laying down the first steps
towards solving the security issues of Cloud Compu7ng (EvereO, 2009). The CSA’s Security Guidance
for Cri7cal Areas of Focus in Cloud Compu7ng provides guidelines for managing risk, portability and
disaster recovery. The Jericho forum has developed a cube model linking specific security issues to
each type of cloud, specially when transferring data to and from a provider. Both, the CSA and Jericho
forum are currently working together to develop a Cloud Provider accredita7on mechanism.

In order to achieve beOer security in the cloud, Cloud Users should carefully examine contracts
with Cloud Providers, specially regarding the rights and obliga7ons of par7es as well as compliance
with laws and regula7ons. Work from the Jericho Forum, CSA and ENISA are good staring points for
Cloud Users to analyze the security of poten7al Cloud Providers. They provide guidelines and
checklists that can be used to assert the security of Cloud Compu7ng solu7ons that best fits their
needs.

8. The Cloud Compu*ng Marketplace
In the previous sec7ons of this research we have provided a defini7on of Cloud Compu7ng, the
types of cloud offerings, how they are currently being used and the risks associated with this new
paradigm. In this sec7on we con7nue our analysis by selec7ng the three most relevant providers at
infrastructure and plaxorm service levels based on our research defini7on. This will facilitate our
further analysis on the applicability to the Dutch healthcare sector in the next part of our research. We
have excluded SaaS solu7ons from this part of our analysis as they are very specific and use high levels
of abstrac7on which makes it very difficult to compare them and evaluate their applicability to the
Dutch healthcare sector. Moreover, SaaS applica7on are oren either built on PaaS solu7ons (e.g.
Salesforce applica7ons on force.com plaxorm) or they tend to become plaxorms over 7me by offering
more flexibility to end users (e.g. APIs).
We begin this sec7on by describing some general market data to con7nue with two overviews
of the features offered by the three selected IaaS and PaaS providers. We provide also a brief
descrip7on of each provider and the latest developments in their offerings. As External Public Clouds
are leading the development of Cloud Compu7ng we limit our analysis to this type of clouds.
8.1. General Market Data

The Cloud Compu7ng market has evolved significantly during 2009. Supported by increasing
adop7on by organiza7ons, major providers have incorporated new features every month and new
providers have emerged some7mes focused on ver7cal industries. According to The Wall Street
Journal the Cloud Compu7ng industry is es7mated to reach $42 billion by 2012 which represents
around half of the current sorware industry (Hinchcliffe, 2009) (McLaughlin, 2009a). Gartner
researchers are more op7mis7c on their predic7ons as they expect the Cloud Compu7ng market to
generate $56 billion by 2009 and $150 billion by 2013 (Gartner, 2009).
The popularity of end user web applica7ons based on the Cloud Compu7ng model (e.g. Gmail,
Google Apps, etc.) are an indica7on of current use and adop7on. According to a recent study of PEW
Internet Research around 69% of Americans are using some kind of cloud service (Siegele, 2008). On
the enterprise side the rate of adop7on can be observed from a recent survey performed by AppLabs.
Around 50% of the firms affirmed that they are deploying cloud infrastructures or are planning to do it
within a year (Solomon, 2009). Around 30% of these organiza7ons have already deployed a cloud
infrastructure while 20% is expec7ng to deploy it within a year. However, the remaining 50% of the
companies answered that they have no plans to use Cloud Compu7ng in the near future.
There are a large diversity of services offered following the Cloud Compu7ng model. An
extensive overview is offered by the Cloud Security Alliance and its depicted in figure 8. Another
interes7ng overview provided by Gartner is included in appendix F.

Figure 8: OpenCrowd Cloud Taxonomy and Vendors
As observed in the above figure, the large diversity of offerings can be generalized into three
main groups of services as discussed in our service model (SaaS, PaaS and IaaS) plus the tools
necessary to build them.
8.2. Selected IaaS Providers

For the purpose of this research we have limited the amount of IaaS providers to be included
in our feature comparison to the top three largest providers measured by the number of occupied
instances: Amazon, Rackspace and Joyent. We base our selec7on on the monthly es7ma7on by Guy
Rosen described on his blog The Jack of All Clouds.

Figure 9: Guy Rosen’s Cloud Market Analysis .

In the month December

(see figure 9), according to Guy
Rosen’s classifica7on Amazon was
s7ll the largest provider, followed
by Rackspace and much further
by Joyent.
Figure 10: Gartner’s Magic Quadrant

June 2009.
According to Gartner’s Magic Quadrant on Hosted

Cloud Infrastructure Services of June 2009 (see figure
10) Rackspace can be categorized as an IaaS leader
while Amazon and Joyent are considered as
visionaries. This indicates that while their
completeness of vision is rather similar, Rackspace is
able to execute their offerings beOer than Amazon and
Joyent. Gartner’s report confirms that our selected
IaaS providers not only have large growing customer
bases but also develop their Cloud Compu7ng visions
and are able to execute them. It is important to note
that other organiza7ons regarded by Gartner as
leaders (e.g. AT&T, Savvis, Terremark and IBM) focus on
leveraging Internal Private Clouds and are therefore
not suitable for our analysis.
Based on informa7on from the three selected IaaS providers we have created a table (see table
14) containing a comparison among the features offered by them at the moment of wri7ng. When
selec7ng the features to be compared we have focused on those that are more relevant to our further
analysis of their applicability to the Dutch healthcare sector. As new features are being launched every
month, the overview is limited to the services as offered on December 2009.

Table 14: Feature comparison of selected IaaS providers
Amazon Rackspace
Features Joyent
EC2 Cloud Servers
Security & Compliance
Dedicated Firewall No No No
VPN Yes No No
SAS 70 Compliance Yes Yes Yes
Control
Role-‐based access control No Yes No
Managed DNS No Yes Yes
Guaranteed Up7me in SLA 99,95% 100% 99,9%
Opera*ng Systems
Customized Opera7ng Systems Yes No No
Windows Server 2003 & 2008 Yes No No
Linux (e.g. CentOS, Redhat, Ubuntu) Yes Yes No
Storage
Persistent (block) Storage Yes Yes Yes
Drive Failure Protec7on (Backup) None Local RAID10 No
Choice of data geo-‐localiza7on Yes No No
Pricing Model
Minimum Server Size (RAM) 256 MB 1,7 GB 250 MB
Free inbound traffic Yes (**) 500 GB / month Yes
Free outbound traffic No 500 GB / month Yes
Other
Virtualiza7on Technology XenServer vCloud & XenServer vCloud

Yes, launching new Yes, without launching
Elas7city of resources Yes
instances new instances
Yes, launching new Yes, without launching
Elas7city of resources Yes
instances new instances
Yes, rBuilder and
Support for hybrid cloud models Yes (VPC) No
RightScale
(*) The provider is currently deploying this feature
(**) Available for a limited period of 7me

A. Amazon EC2 and S3
Amazon was the first organiza7on to offer compu7ng as a service launching its EC2 solu7on in
October 2007. Having deployed a immense infrastructure to support its well known retail business
Amazon decided to sell next-‐genera7on Web Services by opening up their own IT capabili7es to
external customers (Baker, 2007). They rent for example CPU cycles per hour at Amazon’s Elas7c Cloud
Compute (EC2) and storage on Amazon’s Scalable Storage Service (S3) billed per gigabyte per month.
Amazon currently has fourteen data centers spread over the globe to support more than 88 million
users. At any moment in 7me several hundreds EC2 instance are running. Cloud Compu7ng seems to
be a profitable business for Amazon as in their latest reported fiscal quarter (September 30th) it
included a revenue growth of 29% to $138 million.
The compu7ng solu7on EC2 can be categorized as a “Hardware-‐as-‐a-‐service” where users have
control over the en7re compu7ng stack. By applying virtualiza7on Amazon offers machine images with
the same degree of access as a dedicated server. By allowing users to instantly create or destroy any
machine image at any moment applica7ons can scale up and down dynamically becoming truly elas7c
(Weiss, 2007) (Holliday, 2009). A feature that differen7ates Amazon from its directly compe7tors is
that Amazon enables scalability by adding another image to the Load Balancer instead of increasing
the amount of the underlaying resources (e.g. RAM, etc.).
Amazon’s storage service S3 hosted around 64 billion objects per August 2009 ranging from 1
byte to 5 gigabytes each. This large amount of storage handles on average around 100.000 I/O
requests per second. Amazon allows third par7es to store and distribute their own (modified) AMIs
(Amazon Machine Images) trough their infrastructure which are stored on the S3 service (privately or
publicly accessible) and can be used to boot EC2 instances.
According to some IT analysts (Gartner, 2009) Amazon offers compu7ng services with high
levels of granularity applying a usage based pricing model. They are regarded by Gartner as an
“innova7ve and extraordinary agile organiza7on responding rapidly to customer demands for features
rather than following a set product road map” (Gartner, 2009).
The latest features launched by Amazon focus on solving some of the main risks in Cloud
Compu7ng: compliance and security. In order to solve issues related to the loca7on of data storage
Amazon offers tools that allows Cloud Users to determine, report and track the physical loca7on of
their data (Holliday, 2009). Regarding Cloud security Amazon EC2 offers the possibility of using mul7-‐
factor authen7ca7on by using an external authen7ca7on device next to the user's password.
Moreover, the launch of the Virtual Private Cloud feature that enables the secure integra7on of
Amazon’s offering with on-‐premises infrastructures facilita7ng the deployment of hybrid models.
Amazon currently offers three pricing models for their compu7ng instances: On-‐demand,
Reserved and Spot Price. On-‐demand is the regular pricing model. Reserved instances are on-‐demand
instances that include a discount for one to three years prepaid contracts. Spot Price represents an

innova7ve pricing op7on involving dynamic prices set by supply and demand over 7me. In the Spot
Instance pricing model launched in December 2009, each customer can set a maximum price for each
type of compu7ng instance that Amazon offers. The spot price of these instances is calculated by
Amazon based on supply (available stock of spot instances) and demand (how many customers want
that instance at that moment). If the spot price is less or equals the maximum price set by an specific
client, the instance is allocated to that client, and he or she is billed according to the spot instance
price. However, if the spot instance rises above the maximum set by the customer the instances are
automa7cally terminated and resources are reallocated to another customer.
Some days arer the Spot Price pricing model was launched the first graphical tool were
developed to track the development of spot prices over 7me. One of this tools is Cloud Exchange
(hOp://cloudexchange.org/) which provides overviews as the one depicted in figure 11 which shows
prices of all instance types and OS (Windows and Linux) on all three data centers (USA West, USA East
& Europe West).
Although the Spot Price model represents the first steps towards u7lity compu7ng and
dynamic pricing of resources comparable to the financial stock market, this approach has also some
limita7ons. First of all, as there are no guarantees on how long a customer will be using a spot
instance its applicability is limited to a specific set or workloads, like for example those that are not
7me constrained and can be easily restarted (e.g. batch processing, large data processing and
transforma7on, etc.).
Second of all, the supply of Spot Price instances is limited by Amazon, as opposed to the
“unlimited” supply of on-‐demand and reserved instances. For this reason, prices of spot instances do
not necessary need to be supply and demand driven as the quan7ty and prices of each type of
instance are determined by Amazon. Amazon can for example decide that spot prices are the only
op7on or that there is no stock of spot prices which would influence Spot Prices significantly. The
current lack of transparency on this new feature of Amazon EC2 makes it difficult to determine wether
they represent surplus capacity or they are just another pricing choice for Amazon.
Figure 11 : Cloud Exchange Spot Prices

As the Spot Price feature is also available on the Amazon’s API, developers can build
applica7ons that interact with these prices for example by increasing or decreasing their maximum
price if some condi7ons are met. Moreover, by including an abstrac7on layer in their applica7ons to
support migra7ons between providers Cloud Users could account for the possible future manipula7on
of spot prices by Amazon.
Amazon has developed during 2009 a series of partnerships with enterprise sorware
producers (e.g. Oracle, IBM, etc.). For example, in February 2009, the partnership agreement
between Amazon and IBM represented an important step towards the adop7on of Cloud Compu7ng
as a new delivery method for enterprise’s products and services. IBM offers infrastructure sorware
on-‐demand on the Amazon cloud EC2 where current IBM clients can use their exis7ng licenses also on
the EC2 plaxorm. IBM products that are available on the cloud are among others IBM DB2, Informix
Dynamic Server, WebSphere Portal, Lotus Web Content Management and WebSphere sMash. This
step to the cloud follows from a recent agreement between IBM and Juniper (a leading network
equipment manufacturer) around Tivoli, a sorware applica7on that is able to transfer workloads from
and to a public cloud. As of December 2009, Amazon has incorporated Tivoli as a standard offering on
its EC2 solu7on.
B. Rackspace
Rackspace was tradi7onally a U.K. based web hos7ng enterprise which have gained worldwide
fame for their “Fana7cal support” business model. Rackspace’s acquisi7on of Mosso added IaaS
services to their product porxolio to support the deployment of Public and Private Clouds (Cloud
Servers and Dedicated Services respec7vely). In addi7on they also offer storage services (Cloud Files)
and PaaS services (Cloud Sites). To facilitate its comparison with Amazon EC2 we will limit our analysis
to their Cloud Servers offering.
According to John Engates, CTO of Rackspace, the company aims to provide maximum
applica7on compa7bility minimizing the need to adapt sorware to be hosted on the Cloud. A central
element on their strategy is to enable the further development of Hybrid Clouds for burs7ng between
on-‐premises and off-‐premises cloud infrastructures. This is reflected for example in the fully
compa7bility of Rackspace’s API with RightScale and rPath’s rBuilder solu7ons.
During 2009 Rackspace has reported healthy growth rates. Net revenue for the quarter ending
September 2009 was reported to be $162.4 million which is 17.4% more year-‐over-‐year basis and
6.8% more compared to the previous quarter. Cloud revenue increased to $15.3 million, 17% more
than the previous quarter. Rackspace reported that Cloud related products represent approximately
10% of its total revenues (5% a year ago) managing 54,655 servers from 80,944 customers.
Cloud Servers has access to local RAID10 storage which provides protec7on against drive
failures. If any instance fails data is restored by Rackspace free of charge to another instance. They
offer also a broad variety of instances, ranging from 256 MB to 16 GB of RAM. Once an instance is

running out of resources it can be expanded without the need to start another instance. Networking
resources offered by Rackspace are dedicated and persistent public IP address (no NAT transla7on)
with a second private IP address included for free and addi7onal ones against limited costs.
One of the main differences between Rackspace and Amazon is Rackspace’s partnership with
VMware to offer VMware based images next to Xen based ones. This is the result of a strategic
alliance between VMware and AT&T, Verizon, Rackspace and BT in a federated cloud plaxorm. A
federated cloud integrates various different clouds on an ongoing premises (McLaughlin, 2009a). This
vision of federated clouds facilitates migra7ons among those clouds and therefore it reduces the
vendor lock-‐in risk. This is reflected on VMware’s vCloud open interface which is developed to
facilitate migra7ons between clouds using this format (Kel•ens, 2009).
In February 2009, VMware launched its new cloud tool vSphere. VMware’s vSphere is a Virtual
Datacenter Opera7ng System (VDC-‐OS) that is designed to support organiza7ons in conver7ng current
data centers in Private Cloud infrastructures that can eventually be connected to Public Clouds when
needed (McLaughlin, 2009a). The vision of VMware is that ICT departments in the future are going to
become internal hos7ng providers and therefore one of their most important tasks will be the
effec7ve alloca7on of resources (Kel•ens, 2009). According to VMware, the cloud OS (vSphere)
enables companies to deliver IT as a service enabling cloud burs7ng capabili7es (McLaughlin, 2009a).
According to VMware the first step in crea7ng a Private Cloud is to virtualize the current
infrastructure to then focus in delivering IT capacity to end users. By provisioning services and IT
resources to end users trough a self-‐service interface and implemen7ng usage based billing systems
an organiza7on can unleash the poten7al of Private Clouds (Sheehan, 2009b). With the launch of
vSphere, VMware is addressing the self service provisioning of IT capabili7es. Management,
automa7on and billing features will de launched in the coming year (McLaughlin, 2009a).
C. Joyent
Joyent offers on-‐demand cost compe77ve virtual servers which they call Accelerators deployed
over a layer of shared networking, rou7ng, load balancing and persistent storage. On the PaaS area
Joyent offers Smart Plaxorm to develop applica7ons and determine on the spot which instance is
required to run them. For Private Cloud deployment and management Joyent has developed their
Cloud Control sorware which is offered to enterprise customers.
Joyent leverages their partnership with Sun Microsystems by suppor7ng at the moment of
wri7ng only the Open Solaris OS. Moreover, Joyent uses Sun’s Solaris Containers and ZFS, and
networking hardware and sorware from F5 Networks and Zeus. One of the most significant Joyent’s
success stories is the one of the professional social network LinkedIN, which has 45 million users and
16 million unique monthly visitors by August 2009, more than double than a year before. The Joyent
IaaS service delivers 331 million page views per month to LinkedIN visitors (by June 2009)

Gartner recommends Joyent specially for deploying External Private Clouds aimed to deliver
rapid elas7city. However, one of Joyent’s limita7ons for organiza7ons outside the USA is that at the
moment of wri7ng Joyent’s data centers are all located in the USA. They have Tier One SAS70 cer7fied
facili7es located in Emeryville, San Diego, Andover and Dallas.
8.3. Selected PaaS Providers

In the PaaS service level we can find a increasing larger number of vendors which try to deliver
more flexibility than SaaS solu7ons while providing more abstrac7on from bare metal than IaaS
solu7ons. The main goal of these offerings is to facilitate the quick and easy design, development and
deployment of (business) applica7ons. Due to the fact that “out-‐of-‐the-‐box” SaaS solu7ons are rather
inflexible, and that most organiza7ons do not need to have full control over the underlaying
infrastructure, we can expect a trend in the Cloud Compu7ng market place towards the PaaS-‐ificaa7on
of services.
For the purpose of this research, we have selected Google App Engine, Windows Azure and
Force.com as the most relevant PaaS solu7ons. Their features are depicted in table 15.
Table 15: Feature comparison of selected PaaS providers
Features Google App Engine Windows Azure Force.com
Supported languages Java, Python .NET, PHP, Java Proprietary
Supported databases BigTable MS SQL, MySQL Proprietary
Billing Method Resource Usage Based Instance Based Applica7on Based
Code Portability No No No
Compliance not disclosed ISO 27001 ISO 27001
Data Geo-‐localiza7on No Yes No
Hybrid Models Yes (*) Yes (**) Yes
API available Yes Yes Yes
(*) Secure Data Connectors

(**) AppFabric
A. Google App Engine

According to Eric Schmidt (Google’s CEO): "Google aspires to be a large por7on of the cloud, or
a cloud that you would interact with every day". In Google’s perspec7ve Cloud Compu7ng implies a
fundamental change in the management of informa7on. Google believes that as it happened with
electricity, IT will become an u7lity in the future being supplied off-‐the-‐wall (Baker, 2007). The
paradigm of Cloud Compu7ng was long envisioned by Google’s founders a decade ago when Sergey
Brin and Larry Page described their corporate vision: "to organize the world's informa7on and make it
universally accessible."

! Google’s en7re business of around $21 billion in 2008 is built and runs on the cloud (Baker,
2007). Their popular search engine, adver7sement plaxorms and email services (among others) are all
developed and maintained on the cloud. The first version of its most important product, Google’s
search engine, was developed and deployed on the cloud from the beginning. Moreover, their search
algorithm is not calculated on a central data center but concurrently on its network of distributed
computers. This extensive experience and exper7se has provide Google with an advanced posi7on in
Cloud Compu7ng.
In a recent interview with Dave Armstrong, Google’s EMEA Cloud Compu7ng chief (Broek,
2009) he commented on the most important advantages of the cloud: scalability, cost reduc7on and
improved collabora7on. Cloud Compu7ng allows organiza7ons to focus on their core businesses that
differen7ates them from their compe7tors. For this reason, according to Armstrong, Cloud Compu7ng
is an opportunity for every company in any sector, including highly sensi7ve businesses like the
banking industry. Companies should just analyze and determine beforehand which informa7on is
going to be stored on the cloud and which informa7on will remain on internal on-‐premises systems.
He claims that there is no risk for vendor lock-‐in as data can be as easy pulled out than it was push
into the cloud. In his own words: “You don’t lose anything by moving to the clouds. You’re just doing
things differently” (Broek, 2009).
The focus of Google is mainly on Public Clouds (Google AppEngine) providing developers with
an applica7on framework and hos7ng to build and deploy their sorware. For enterprise solu7ons
Google has partnered with IBM in developing cloud solu7ons for the enterprise. Google has also
teamed up with IBM under the ini7a7ve Google 101 to build an University Cloud where students can
learn about large scale compu7ng clouds (Baker, 2007). The ini7a7ve has been created by using IBM’s
business sorware and Google servers.
Although Google’s cloud is framework based, it supports a great variety of programming

languages (e.g. Java, Python) without the need to reprogram applica7ons. Currently there are more
than 80.000 applica7ons hosted in Google’s cloud (Holliday, 2009). One of the most important
programming components of Google’s sorware is MapReduce. Although the company’s search
algorithm provide the intelligence, it is the MapReduce applica7on that delivers speed to all its
products (Baker, 2007). MapReduce divides each task into very small subtasks that are carried out on
its distributed environment. By dividing the task and outsourcing it to thousands of computers, the
task is completed within milliseconds. MapReduce combines then the frac7oned results into a
significant holis7c answer.
For educa7on purposes Google has developed Hadoop, an Open Source version of
MapReduce. Although the Hadoop project was started by one of Google’s main compe7tors (Yahoo),
Google has worked extensively on promo7ng it (Baker, 2007). Google’s inten7on is to support Hadoop
in becoming a standard for Cloud Compu7ng sorware architectures. From a developer’s perspec7ve,
Google App Engine is valued for its fully automated and easy to implement scalability, its ease of use

and the usage based pricing. However, developers complain about the API narrowness, the
compulsory use of Big Table DB, the lack of support for rela7onal data bases and the lack of code
portability.
Google defines clouds as “giant clusters of computers that house immense sets of data too big
for tradi;onal computers to handle” (Baker, 2007). Google’s infrastructure of globally distributed data
centers has been crucial for their pioneering role in Cloud Compu7ng (Broek, 2009). Their cloud is
con7nuously evolving with investments in data centers es7mated to be around $2 billion a year
(Baker, 2007). During 2007 Google added four new data centers to its Cloud with an average unit cost
of $600 million. The capacity and capabili7es of its infrastructure makes it an ideal plaxorm to
perform resource intensive scien7fic jobs that a decade ago would have been performed in a na7onal
lab (Baker, 2007).
Google’s architecture includes a worldwide network of thousands cheap self-‐assembled

computers (Baker, 2007) which store the enormous amounts of data that enable fast web searching
being capable of answering billions of queries within milliseconds. In Google’s vision, reliable sorware
enables robust plaxorms and the use of inexpensive hardware (Sheehan, 2009b). This vision is reflect
on the hardware that Google uses which is maintained on demand where individual hardware
elements are replaced by beOer ones only when they stop working. According to Google, “ The reality
is that most businesses don’t gain a compe77ve advantage from maintaining their own data
centers” (Sheehan, 2009b). For those enterprises that do need to have (part of) their infrastructure
on-‐premises, Google enables the possibility of deploying Hybrid models with their Secure Data
Connector that enables Hybrid Cloud models (Holliday, 2009).
In the last quarter of 2008 Google has implemented an innova7ve data center management
method on his new data center in Saint-‐Ghislain, Belgium. The new data center has no chillers to
support its cooling systems. As chillers require large amounts of electricity to operate, this new
method results in improved energy efficiency. Instead of using chillers, Google applies fresh air from
outside the data center when temperatures are cool and it uses an on-‐site water purifica7on facility to
use water from a nearby industrial canal instead of municipal water.
Using this innova7ve set up, local weather forecas7ng becomes a cri7cal factor in network and
data center management. Belgium's climate ranges from 18 to 22 degrees celsius during summer,
while Google maintains his data centers above 26 degrees celsius. Google es7mates that temperature
might rise above the acceptable maximum seven days per year on average. When this situa7on occur,
Google will turn their Belgium data center off and reallocate compu7ng workloads to other data
centers around the globe. This workload management strategy has been denoted as “follow the
moon” taking advantage of lower costs for power and cooling during overnight hours, the so
called off-‐peak u7lity rates charged by energy providers.

A final remark should be made on the first Cloud based OS, Google’s Chrome OS. During 2009,
Google has released their Chrome browser and their Chrome OS based on the former. Both represent
a step further in the Cloud Compu7ng paradigm as now Google has opened the door to “empty” thin
clients where applica7ons and data storage are cloud based. During 2010 it will become more clear
wether this development will be embraced by users.
B. Windows Azure
Windows Azure was launched in 2008 and it is expected to be open for public use by January
2010. Azure supports the rapid development and deployment of cloud applica7ons (Holliday, 2009). In
words of Bob Muglia, president of the Server and Tools Business at Microsor: "MicrosoU is converging
on a common developer plaDorm for both servers and services". According to some journalists,
Microsor’s strategy is to become the most used cloud opera7ng system (Mitchell, 2009). Gartner
research suggest that Microsor is planning to become a market leader in tools for building Private
Clouds (e.g. System Center product) as well as in Public Clouds (e.g. MS Azure) (Fergusson, 2008).
Azure applica7ons are developed using .NET and compiled arerwards to a Common Language
Run7me (CLR) to be used independently (Armbrust et al., 2009). The level of abstrac7on of Azure is
somewhere between the Amazon’s EC2 (low abstrac7on) and Google App Engine (high abstrac7on).
The programming languages and databases supported on Azure include non-‐Microsor products (e.g.
Zend, PHP, MySQL, Java, Eclipse EDI, etc.) as well as Microsor languages and tools (e.g. MS SQL, .NET,
Visual Studio as-‐a-‐service, etc.). However, it is important to note that as most Windows applica7on
are built on Windows programming tools (e.g. .NET) the migra7on of these applica7ons will be easier
to Azure than to any other plaxorm. Although this development means a unprecedented change in
Microsor product strategy as compared to tradi7onal sorware models (client or on-‐premises)
(Fergusson, 2008) it is important to note that Windows Azure is not a standard Windows OS. This
means that developers might need to adapt their applica7ons to be able to run them on Azure.
Microsor recommends organiza7ons to deploy an Hybrid Model to limit their risks while
leveraging some of the poten7als of the cloud paradigm. To support hybrid models Microsor offers
Windows Server AppFabric (currently in Beta status).
Developers consider Windows Azure as a very simple and powerful role-‐based PaaS solu7on.
However, they believe that Azure’s scalability is currently rather poor as it does not support automa7c
scaling of instances. In Microsor’s latest Professional Developers Conference in November 2009, the
company presented their strategy and latest development around the Azure plaxorm. One of this new
developments is PinPoint, an AppStore for business apps developed and deployed in Azure including
third party add-‐ons and data sets (comparable to Force.com). Another announcement was project
Dallas, a data-‐as-‐a-‐service solu7on which offers large data sets of public and commercial data (e.g.
WHO, NASA, etc.) on a pay-‐per-‐use basis. The goal of this project is to enable these data sets to be
mashed up by developers on the Azure plaxorm.

Microsor is also working on the design of its new data centers to deliver facili7es that require
no water and have no roofs. This facili7es are aggrega7ons of container formed boxes and are
deployed in Chicago and San Antonio for the USA, Dublin and Amsterdam for Europe, and Singapore
and Hong Kong for Asia. Their Chicago 700,000 square foot data center which costed more than $500
million and can hold up to 56 containers with a total capacity of 112.000 servers. Currently Microsor
runs a more than 85.000 servers distributed across the six data centers. According to Microsor, all
data will be replicated to at least three data centers from February 2010.
Microsor currently supports only the Windows Server virtual machine format on Azure. Virtual
machine server’s pricing ranges from 12 cents per service hour for machines powered by1.6-‐GHz
processors and 1.75 GB of RAM up to 96 cents per service hour for eight 1.6-‐GHz chips and 14GB
RAM. An example of an enterprise applica7on that is already running on Windows Azure is
Capgemini’s ACS applica7on for complex calcula7ons of salaries and pensions which is offered as-‐a-‐
service to Capgemini’s customers. Other case studies on Azure suggest that deployment 7mes can be
reduced from six weeks to six minutes while adap7ng 1% of the total code.
C. Force.com
The success of Force.com is even greater than the one obtained by Salesforce.com SaaS
offering of hosted business applica7ons. The company has recently reported that 55% of the HTTPS
transac7ons the company processes come through their API (and therefore from third party
developed applica7ons) compared to 45% coming from Salesforce's own developed applica7ons.
Force.com focus primarily on enabling the easy development and deployment of custom
enterprise apps like HR, accoun7ng, sales, support, etc. According to Salesforce, organiza7ons can
deploy applica7ons five 7mes faster against 50% of the costs compared to tradi7onal sorware
development paradigms. Force.com allows developers to reuse exis7ng pre-‐defined data objects,
security models, user interfaces, business processes and automated management. Compared to .NET
and J2EE, Force.com affirms that it can deliver applica7ons 60% faster at 54% lower costs. Moreover,
Force.com enables the integra7on of on-‐premises applica7ons in an Hybrid Cloud model.
! Salesforce last reported annual revenue was $1 billion as of February 2009. By December 2008,
Salesforce had around 51.800 clients and 3.300 employees. Their last reported quarter (third fiscal
quarter of 2009) showed a 31% year-‐over-‐year customer increase to 67.900 accounts.
Their underlaying infrastructure is based on the mul7-‐tenancy principle, hos7ng more than
135.000 applica7ons build by external developers on the Force.com plaxorm performing around 200
million transac7ons daily by an es7mated 188 million lines of code. Salesforce has obtained the ISO
27001 Cer7fied Security recogni7on and guarantees 99% availability rates. Force.com infrastructure is
distributed on three global data centers that are configured for fail-‐over and disaster recovery.

On their programming layer, Force.com offers a programmable drag and drop user interface
and cloud logic, real-‐7me analy7cs, an integrated content library, real-‐7me workflow and approvals,
granular security and more than 800 integrated applica7ons. Moreover, Force.com allows user to
create (mobile compa7ble) websites for developers to distribute their applica7ons. Users without
technical or programming knowledge can deploy a database, design applica7on rules and deploy it
onto front-‐ends and dashboards within minutes. For advance applica7on development, Force.com
offers developers its own programming language, an Eclipse based IDE, an UI framework, and
development and tes7ng environments.

9. Selec*ng a Cloud Provider
The Cloud Compu7ng solu7ons offered nowadays are very diverse and each has unique
evolving characteris7cs. For this reason it is important to consider solu7ons that best fit organiza7onal
needs and re-‐evaluate the provider periodically (Leong, 2009). A methodology is therefore needed to
support the evalua7on of offerings and compare them with other op7ons. In this sec7on we provide
an brief descrip7on of some of the considera7ons that we believe an organiza7on has to take into
account when selec7ng a Cloud Provider or developing their own Cloud solu7on.
There are a number of misconcep7ons when considering Cloud Compu7ng solu7ons

(Michelson, 2009). First of all, not all applica7ons need to be clouded, the best approach is to select
those that can benefit from it. Second of all, there is no need to replace current resources if they can
be reused into an Internal or Private Cloud model. Moreover, there is also no need to change the IT
organiza7on or IT processes as long as the Cloud solu7on can fit into the exis7ng ones (Michelson,
2009).
An incremental gradual approach to adopt Cloud Compu7ng is oren recommended, for

example by running first a pilot test, then migra7ng one non-‐cri7cal applica7on and using
benchmarking against on-‐premises to decide wether to go further. This approach helps to understand
the benefits of Cloud Compu7ng step by step minimizing risks and learning by doing (Arnold, 2008a).
Figure 12 : Gartner’s model for selec*ng a Cloud Provider .
Gartner recommends to compare

providers based on a TCO basis that
includes not only hardware costs but also
human resources, licensing costs and risks
(Leong, 2009). Moreover, Gartner has
developed a methodology to evaluate
providers based on the specific needs of
an organiza7on. Among others, the
methodology considers cost, opera7onal
stability and ability to scale as well as how
the solu7on matches the firm’s applica7on
architecture, provides the level of desired customer support and meets the organiza7on’s service
level, security, privacy and compliance requirements (Leong, 2009). In order to get started with Cloud
Compu7ng, Gartner recommends the four step model depicted in figure 12 (Plummer, 2009).

A. Focus Areas When Selec*ng a Cloud Provider
Security is a major concerns by Cloud Users a must therefore carefully be scru7nized
beforehand (Brynko, 2008). Storing data outside the organiza7on is in some cases not allowed by laws
and regula7ons and end users expect appropriate protec7on of their privacy. Another important
considera7on when evalua7ng cloud solu7ons is the transparency of the code (open source vs
proprietary) to reduce the risk of vendor lock-‐in and increase applica7on portability and
interoperability (Urquhart, 2009a).
According to experienced prac77oners, the best approach to evaluate Cloud Compu7ng as a
viable alterna7ve is to consider it for each applica7on and project separately (BeOs, 2009). To facilitate
this evalua7on, a weighted scorecard approach has been suggested that considers the cri7cal factors
influencing the decision (BeOs, 2009). Some examples of situa7ons that could significant benefit from
the cloud are applica7ons with high demand vola7lity or that require fast provisioning of resources to
improve the 7me-‐to-‐market. The scorecard approach is depicted in table 16:
Table 16: Main Considera*ons When Selec*ng a Cloud Provider
Related Area Ques*on

Are any of the cloud advantages source of compe77ve advantage?
Strategy
(e.g. 7me-‐to-‐market, high scalability, etc.)
Does the project have a high degree of demand uncertainty?
Capacity
Does the project have high peaks in demand?
What is the strategic value and risks associated with the data?
Security
How vulnerable is the firm to security threats rela7ve to cloud providers?
Can the Cloud Provider provide the Recovery Point Objec7ve (RPO) and Recovery Time
Disaster Recovery
Objec7ve (RTO) needed?
What are the SLAs and track record of the Cloud Provider?
Performance Are there tools for monitoring performance?
What is the effect of latency on performance?
To what extent does the applica7on/project depends on integra7on with other
Architecture & Integra7on applica7ons or data?
Does the applica7on need to be customized to work in a cloud?
Vendor Support Does the provider offer migra7on support, and support for service/performance issues?
How compliant is the provider?
(e.g. does he meet all necessary regulatory requirements)
Vendor Compliance
Are there comparable instances mee7ng the same requirements?
Is the provider open to audits from external par7es?
Is the provider financially stable?
Vendor Health
Does he offers compensa7ons for outages and malfunc7ons?

Another interes7ng model for the adop7on of Cloud Compu7ng solu7ons has been developed
by Infosys (Dargha, 2009). To evaluate Cloud Compu7ng offerings, Infosys proposes a weighted
scorecard approach based on specific considera7ons to be taken by Cloud Users. Although the list of
considera7ons is not complete, Infosys considers it a good start point to evaluate Cloud Providers
(Dargha, 2009). The scorecard is depicted in table 17.

Table 17: Infoys Scoreboard Approach
Weighted
Considera*ons Weight Raw Score
Score
The demand of services is vola7le and unpredictable
The service usage is not frequent
There is no need for customized services or API
The applica7on to be clouded is not mission cri7cal
The applica7on is new or recently developed
The applica7on is not subject to strict compliance
The development plaxorm is not vendor specific
The applica7on does not need to be integrated
Internal or industry regula7ons allow to store data on the cloud
The firm prefers to incur in OPEX rather than CAPEX
The applica7on is tolerant to latency and other network performance issues
The priori7es of firms of different sizes are significantly different. Small firms focus on
minimizing costs and complexity by elimina7ng the need to own resources. They are willing to trust
external providers easier as they are always looking for outsourcing as many non-‐core ac7vi7es as
possible (Urquhart, 2009a). On the other hand, large enterprises are more concerned with
maintaining their exis7ng ICT investments and they carefully evaluate new investments based on
profitability (e.g. ROI) (Urquhart, 2009a). Because large organiza7ons have already invested vast
amounts of 7me and money in protec7ng and op7mizing their infrastructures they are not likely to
adopt Cloud Compu7ng un7l the same levels can be guaranteed (Urquhart, 2009a).
B. Service Model Selec*on

Many IT leaders recommend using the cloud to host only certain types of applica7ons and
informa7on as not all of them are well fiOed to be clouded. As Cloud Compu7ng has many
implica7ons for the way businesses are conducted nowadays it is important to select the cloud
services that best fit the business needs without bothering about the technical implementa7on
(Arnold, 2008a).

In order to select the type of service best suited for an specific applica7on the following
ques7ons might be considered (Edgewater):
• How standard is the applica7on? (Proprietary / Commodity)

• When was it developed? (Legacy / New Applica7on)
• What is the 7me and cost of deployment? (Fast & Low / Long & High)
• How stable is the applica7on usage? (High Scalability / Low Scalability)
• Is there a situa7on of vendor lock-‐in? (Yes / No)
Answering these ques7on we can determine which service model of Cloud Compu7ng is best
fiOed for an specific applica7on. Using these answers we can use a decision framework (see table 18)
to determine the best type of service for our situa7on (Edgewater, 2009):
Table 18: Cloud Service Model Selec*on Tool
Type of
Service Type Scalability Vendor Lock-‐in Code Deployment Costs
Applica*on
IaaS Proprietary Low Low Legacy Low
PaaS Proprietary High High New High
SaaS Commodity High High -‐ Low
C. Deployment and Access Models Selec*on

Another important choice is the loca7on of the cloud to be used (Internal or External)
(Urquhart, 2009a). Companies that believe they can get what they need from external offerings are
more likely to adopt a Public Cloud while firms that are concerned about lock-‐in, data ownership,
security and compliance would oren adopt and Hybrid or Internal Cloud (Urquhart, 2009a). An oren
recommended approach to deploy cloud solu7ons is to create an Internal Cloud first that out scale to
a External Cloud when internal resources cannot fully handle the workload and scales back in once
those extra resources are no longer needed (Michelson, 2009).
McKinsey recommends organiza7ons to build their own cloud infrastructure and although this
can be a good solu7on for some situa7ons, it reduces one of the most important advantages of Cloud
Compu7ng cost efficiency (Sheehan, 2009b). For this reason, some authors have proposed a different
approach by first examining the organiza7on’s applica7on porxolio looking for cloud candidates, to
calculate then the true costs of the internal infrastructure and therefore make founded decisions on
wether to deploy an Internal or External Cloud (Sheehan, 2009b).

The current evolu7on of Cloud Compu7ng offerings can help organiza7ons to decide the level
of hybridity that best fit their needs (Dignan, 2009). In some cases, organiza7ons can use Private
Clouds that can out scale when needed to Public Clouds and therefore improve con7nuity and
availability (Kirsner, 2009). However, most of the Hybrid offerings in the market are partnership based
and therefore limit the choice of Public Clouds to the firms involved in the specific vendor partnership.
An example is Sun’s Cloud Compu7ng plaxorm or BMCs hybrid solu7ons which among many other can
out scale strictly to Amazon’s public cloud (Dignan, 2009) (Kirsner, 2009). Another example is the
strategic partnership of VMware with several providers to support migra7ons based on the vCloud
format.
Another interes7ng approach to determine which type of access and deployment model is
best fiOed for an specific applica7on takes into account how mission cri7cal and related to core
prac7ces are the resources (Spinola, 2009). First, organiza7on need to determine which on-‐premises
IT resources and systems are mission-‐cri7cal and which are not. Second, all resource must be analyzed
to iden7fy which ones are sources of compe77ve advantage (core-‐business prac7ces) and which are
not (non-‐core prac7ces). By answering these two ques7ons, organiza7on can use table 19 to
determine which deployment and access model is best fiOed for that type of resources.
Table 19: Cloud Access and Deployment Models Selec*on Tool (Spinola, 2009)
Core vs
Mission Cri*cal Non Mission Cri*cal
Mission Cri*cal
Core Prac*ces Deploy in Private Internal Cloud Good candidate for Private Internal Cloud
Non Core Prac*ces Good candidate for Public cloud Deploy in Public cloud

10. Answers to Research Ques*ons Phase 1
To summarize our findings from this research phase we provide in this sec7on the specific
answers to the related research ques7ons.
1. What is cloud compu*ng? How do vendors, consultants, analysts, standards

organiza*ons and commercial publica*ons define Cloud Compu*ng?
As Cloud Compu7ng is a rela7ve new concept evolving rapidly over 7me, to elaborate our
research defini7on we have taken into account previous defini7ons found in scien7fic papers (Berkeley
University, Telefonica R&D, Melbourne University and IEEE), leading ICT consultants and analysts
publica7ons (Gartner, Forrester, Accenture and Capgemini), commercial media and publica7ons
by standards organiza7ons (NIST). All the defini7ons taken into account can be found in the
elabora7on of Phase 1 in this report.
From each exis7ng defini7on we have first extracted their main components or features to
group them further where seman7cally possible. Features that are not in accordance with the
possibili7es of this new paradigm (as reflected by exis7ng solu7ons) and/or are only men7on in few
publica7ons have been excluded. Moreover, features that are not a essen7al requirements as
demonstrated by some vendors have been also excluded. Arer this analysis we have elaborated the
following defini7on of Cloud Compu7ng:
Research Defini*on of Cloud Compu*ng
Cloud Compu;ng is the delivery model where on-‐demand elas;c IT capabili;es are
offered as-‐a-‐service through the Internet following a usage based pricing model.
There are a large number of IT capabili7es offered according to the Cloud Compu7ng model.
Some examples of the most popular services are infrastructures (IaaS solu7ons), plaxorms (PaaS
solu7ons), and sorware (SaaS solu7ons).
The main features found in our defini7on are: (1) IT capabili7es, (2) on-‐demand, (3) elas7c, (4)
as-‐a-‐service, (5) internet delivery and (6) usage based pricing model. We will use these features to
evaluate if a specific solu7on can be regarded as Cloud Compu7ng or not. Other non essen7al features
that have been therefore excluded from the defini7on are virtualiza7on, mul7-‐tenancy use of
resources, resource op7miza7on and self-‐service func7onality. A further explana7on on the reasons
for excluding these features as well as the analysis performed to achieve our defini7on can be found in
the sec7on over Phase 1 in this report.

2. What are its advantages / disadvantages?
The poten7al advantages of this new paradigm can be inferred from the goals that early
adopters had when adop7ng Cloud Compu7ng solu7ons. For this purpose we have analyzed several
case studies on the use of current Cloud Compu7ng solu7ons. The most common advantages found
are resource op7miza7on and elas7city, high performance compu7ng, failover and backup, business
agility and faster 7mer to market, and leveraging external knowledge and experience. As Cloud
Compu7ng has disrup7ve effects on the current delivery of IT capabili7es, we have dedicated a
separate sec7on for describing the economic considera7ons of this new paradigm. Some of the
economic benefits found are the transforma7on of capital investments into opera7onal expenses, the
reduc7on of large capital commitments for the long term, the usage based pricing for improving
opera7onal cost efficiency, the mi7ga7on of risks associated with capacity planning, and the
realiza7on of economies of scale (and therefore cheaper offerings) by Public Cloud providers.
The risks of this new paradigm have been elaborated from the specific characteris7cs of this
new paradigm as compared to other op7ons (e.g. on-‐premises solu7ons). Moreover, they have been
extensively subject of previous research by public agencies specialized on ICT security (e.g. ENISA).
When adop7ng a Cloud solu7on compared to an on-‐premises alterna7ve risks are iden7fied at
opera7onal, compliance and standards levels. Opera7onal risks include among others the dependency
on external services availability, the performance of solu7ons build over shared resources, the
dependence on external providers, the performance of public ungoverned networks (e.g. internet)
and the lack of advanced cloud management tools. At the compliance level risks can be iden7fied on
the applicability of (inter)na7onal laws and regula7ons, data confiden7ality on Public Clouds due to
failures in resource isola7on, and the lack of transparency in external infrastructures. Although some
formats (e.g. Amazon AMI for server images) are emerging as de facto standards, there are at the
moment of wri7ng no formal standards in Cloud Compu7ng. This creates a serious risk for vendor
lock-‐in as organiza7ons can not migrate to and from Cloud solu7ons without adap7ng their
applica7ons.
Security is the most important barrier men7oned by organiza7ons for the adop7on of Cloud
Compu7ng. The single sing-‐on feature offered in Cloud solu7ons represents a single point of failure for
the infrastructures and it is currently being mi7gated by Cloud Providers by using two factor
authen7ca7on methods. As External Private and Public Clouds are oren not physically accessible by
clients regulatory compliance is determined by the cer7fica7ons obtained by the provider (e.g.
SAS70). Organiza7ons must therefore rely on this cer7fica7ons for their own regulatory compliance.
The lack of contractual rights to perform security analysis implies that when an incident takes place
organiza7ons can only rely on the audit features and findings provided by the vendor.

There are several jurisdic7onal issues related to the loca7on of data storage that are par7ally
solved by providers offering data geo-‐localiza7on features. When using a External Private or Public
Cloud the integrity of Cloud Provider’s employees should also be taken into account as security is
more oren compromised internally. Procedures for data disposal should also be taken into account.
Once data is deleted by a Cloud User, the Cloud Provider must assure that the deleted data cannot be
restored, specially in shared infrastructures where the hardware is reallocated to a different user.
Another security issue can be explained by the spoiler effect of informa7on. While a company’s
infrastructure security is not well known to outsiders, Cloud Provider’s security measures are publicly
available, making it easier for hackers to exploit vulnerabili7es.
3. What types of cloud solu*ons are being currently offered in the market?
In order to create an overview of the different types of Cloud Compu7ng solu7ons currently
available in the market we have described three classifica7on models described in exis7ng
publica7ons: the Service Model which implies a trade-‐off between flexibility and abstrac7on (IaaS,
PaaS and SaaS), the Access Model according to how access to the service is delimited (Private, Public
and Hybrid) and the Deployment Model that takes into account the physical loca7on of the solu7on
(Internal, External and Hybrid).
It is important to note that besides the pure Hybrid models (e.g. Public & Private or Internal &
External) there are also several combina7ons possible as we go down the service model stack (SaaS on
PaaS or IaaS, PaaS on IaaS). Services can therefore be aggregated so we must take the individual
services individually into considera7on and aggregate our conclusions when evalua7ng possible
solu7ons. Moreover, each of these combina7ons can have also different dimensions like for example
Public SaaS on Private IaaS, or Private PaaS on Public IaaS. This might not be clear at first in current
product specifica7on but it is crucial to know the underlaying service composi7on of a solu7on in
order to evaluate it properly. We recommend organiza7ons to analyze each service layer of a solu7on
separately to find out if it is truly inline with their needs.
Each model implies different considera7ons for organiza7ons. For example in the Service
Model, when we move from SaaS to PaaS and from PaaS to IaaS the flexibility offered increases while
abstrac7on levels decrease (and vice versa). In the Access Model, organiza7ons can choose from
exclusive alloca7on of resources (Private Cloud) to mul7-‐tenancy over shared resources (Public Cloud).
It is important to note that Public Clouds represent a higher security risk that Private Clouds as
isola7on mechanisms can fail (e.g. bad neighbor and cartographic aOacks). However the exclusive use
of resources leads per defini7on to lower provider’s cost efficiency and therefore more expensive
solu7ons. In de Deployment model organiza7ons can choose to have full control over the solu7on
(Internal Cloud) or outsource some management tasks to an external organiza7on (External Cloud). As
each situa7on (e.g. project, organiza7on, etc.) requires a different set of features, organiza7ons
should carefully evaluate these models and select the one that fit their needs more accurately.

At the moment of wri7ng several incidents on Public Clouds have been reported due to the
lack of proper resource alloca7on (performance issues due to overbooking) and isola7on (cartographic
aOacks). For this reason we can conclude that Public Clouds need to evolve significantly in the coming
years in order to be ready for enterprise usage. In our opinion organiza7ons will begin using Internal
Private Clouds in the near future and evaluate the use cases for Hybrid models once this new
paradigm has been proven on a secure and fully controllable environment. Hybrid construc7ons will
evolve first by adding connec7vity to External Private Clouds and on a later stage to Public Clouds
(Internal and/or External). However, as Hybrid construc7ons are not easy to implement, we
recommend that organiza7ons should account for this feature from the first development steps of
their Internal Private Clouds, even if they are not planning to use it in the short term.
A remark should be made on the consolida7on process currently taking place in the Cloud
Compu7ng market, denoted by some prac77oners as the PaaS-‐ifica7on of Cloud Compu7ng services.
SaaS solu7ons are becoming more flexible by allowing the development and deployment of third
party applica7ons and mashups (e.g. Force.com from Salesforce) while IaaS solu7ons are including
increasing levels of automa7on that perform some of the heavy liring in infrastructure management
(e.g. Amazon).
For the purpose of our research we have selected three IaaS solu7ons (Amazon, Rackspace and
Joyent) and three PaaS solu7ons (Google App Engine, Windows Azure and Force.com) and extracted
their features for further analysis. We have excluded SaaS solu7ons from this part of our analysis as
they are very specific and use high levels of abstrac7on which makes it very difficult to compare them
and evaluate their applicability to the Dutch healthcare sector. Moreover, SaaS applica7on are oren
either built on PaaS solu7ons (e.g. Salesforce applica7ons on force.com plaxorm) or they tend to
become plaxorms over 7me by offering more flexibility to end users (e.g. APIs). A detailed descrip7on
of our feature analysis can be found in the Phase 1 sec7on of this report.

11. Conclusion Phase 1
In this phase of our research we have elaborated a defini7on of Cloud Compu7ng based on
other defini7ons given in scien7fic defini7ons and commercial media, as well as perspec7ves from the
leading IT analysts and consul7ng firms. To provide a beOer understanding of the concept we have
described three cloud taxonomy models, the most common use paOerns, some of its economic
considera7ons and the risks involved in adop7ng this new computer paradigm. In addi7on we have
included a brief descrip7on of some of the leading cloud offerings and some models that can be used
for evalua7ng vendors and their solu7ons.
The increasing demand for internet-‐based services and the current economic downturn have
created a perfect storm for organiza7ons to reevaluate the role of non-‐differen7a7ng compu7ng
resources in their infrastructure. The vision of compu7ng technology as an u7lity is gaining acceptance
between prac77oners as current innova7on are increasingly enabling this paradigm. Moreover,
organiza7ons focus nowadays more on business processes and how to op7mally support them rather
than on the underlaying resources. In this context the elas7c character of u7li7es matches current
organiza7onal needs and the capabili7es of technology as businesses of all kinds, specially internet
start-‐ups and fast growing organiza7ons, must be able to adapt to quickly changing demands. ICT
solu7ons must enable rapid scalability to scale (up and down) at the same rate than businesses.
Based on defini7ons from scien7fic publica7ons, analysts, consultants, commercial media and
the Na7onal Ins7tute of Standards in Technology (NIST) we have elaborated our own defini7on of
Cloud Compu7ng: Cloud Compu;ng is the delivery model where on-‐demand elas;c IT capabili;es are
offered as-‐a-‐service through the Internet following a usage based pricing model.
Moreover, we have described three models to categorize Cloud Compu7ng solu7ons: the
Service Model (IaaS, PaaS and SaaS), the Access Model (Private, Public, Hybrid) and the Deployment
Model (Internal, External, Hybrid). We believe that organiza7ons will begin using Private Clouds in the
near future and evaluate the use cases for Hybrid models once they have been proven on a secure
environment. However, as Hybrid construc7ons are not easy to implement, we recommend that
organiza7ons should account for this feature from the first development steps of their Private Clouds.
We also believe that the large variety of services currently offered will consolidate over 7me in
a PaaS-‐ifica7on process where SaaS solu7ons will become more flexible by allowing the development
of (third party) applica7ons and mashups (e.g. Salesforce and Force.com) and IaaS solu7ons will
include increasing levels of automa7on that perform the heavy liring of infrastructure management.
It is clear to us that Cloud Compu7ng should be considered by organiza7ons as a viable

alterna7ve to increase IT capabili7es without making long term investments in data centers. As
organiza7ons can transform their Capex investments into Opex expenses they can align resource
u7liza7on to the success of projects and business ideas, which enables innova7on. Moreover,

organiza7ons can leverage this large amounts of resources for heavy compu7ng tasks that otherwise
would be very expensive and would take a long 7me to complete.
However, in our opinion not all applica7ons will be run in the cloud and there will not be one
single standardized cloud but rather different types of cloud to server different purposes. Some clouds
will be specialized non-‐commodi7zed applica7ons and other will be deployed as Private or Hybrid
Clouds. Organiza7ons should carefully evaluate the human resource and experience needed for each
of these delivery models in order to select the best one for their situa7on.
As more and more Cloud Compu7ng offerings are emerging, developers should take into
account the possibili7es and limita7ons of deploying applica7ons on the cloud and create sorware
that supports such environments. Specifically, they should consider horizontal scalability which implies
that applica7ons are not longer bounded to the physical resources available but can run across several
physical loca7ons with almost unlimited resources.
Systems that are not regarded as compe77ve differen7ators are good candidates to be
deployed on the cloud. As they are not source of compe77ve advantage, any effort in upgrading,
maintaining or modifying such systems will not create any added valued to the organiza7on and
therefore they can be beOer outsourced to reallocate the resources to projects that do enable
differen7a7on. Moreover, when considering the type of resources consumed by each applica7on, we
can conclude that non-‐mission cri7cal applica7on’s consuming scarce resources that are also used by
cri7cal applica7ons are probably the best candidates to be placed on the cloud. It is important to note
that some IT resources (the minority) are indeed enablers of differen7a7on and should therefore not
be contracted from third par7es. Those applica7ons are key to an organiza7on’s compe77ve
advantage and therefore enable the firm to perform beOer than their compe7tors
Although the on-‐premises paradigm provides higher levels of control for organiza7ons, in
previous researches it is es7mated that 75% of IT expenses are incurred merely to keep the systems
running (Arnold, 2008a). Most IT departments have to deal with human resource scarcity which
results in a lot of new ideas that remain in the pipeline. An organiza7on can use Cloud Compu7ng to
develop services that are interes7ng for the business but that due to lack of resources are not being
aOempted.
A final considera7on must be made on the poten7al that Cloud Compu7ng has to provide
compe77ve advantage to firms. A recent study showed that firms using intensively Amazon’s cloud
services were realizing savings in storage between 20% and 50% during the last years (Armbrust et al.,
2009). When these firms reallocate the savings to their selling prices, they are able to offer cheaper
services or products to their clients while maintaining the same quality levels. In this way, companies
using cloud services can achieve compe77ve advantage in their markets by cost differen7a7on.

Before Cloud Compu7ng is widely adopted by enterprises a series of developments must take
place on the market. First of all, the great diversity of offerings will need to converge in a form of cloud
uniformity to support service and data interoperability and portability. However, the close character of
some of the current offerings are major drawback for this development. Moreover, in the future new
features that improve safety and reliability must be added to current solu7ons to convince firms that
they can regain control when desired.
Scien7fic researchers can contribute to the field by researching the main issues in the use of
this new paradigm. Certain open ques7on remain that could be further researched in the future.
According to UC Berkeley RADSL the following future issues need to be further researched:
• What will be the billing units for the higher-‐level virtualiza7on clouds?
• What will be the billing units for flash memory?
• How will network bandwidth pricing evolve?
• What are the barriers for the improvement of network bandwidth?
• Which level of abstrac7on in cloud solu7ons will be the dominant one ?
• How and when are cloud standards going to emerge?
• How would Cloud Providers differen7ate in the future (e.g. services, quality, etc.)?
Certain types of applica7on are expected to contribute to the emergence of Cloud Compu7ng
(Armbrust et al., 2009). Mobile interac7ve applica7ons, parallel batch processing and compu7ng
intensive desktop applica7ons are some examples of sorware types that are good candidates to be
hosted on the cloud. We can expect rapid developments in the future of these types of capabili7es
that can be also subject of further research.
In the remaining sec7ons of this research we use the results of this phase to analyze the
applicability of Cloud Compu7ng solu7ons to the Dutch healthcare sector. Specifically we will use the
research defini7on, taxonomies and market analysis to evaluate wether current offerings sa7sfy the
condi7ons of this ver7cal sector.

Research Phase 2: ICT in the Dutch Healthcare Sector
Now that we have defined the concept of Cloud Compu7ng and what offerings are currently
available on the market (see Phase 1 of this report) we will con7nue in this second phase by analyzing
the current trends and opportuni7es in the healthcare sector and the role of Informa7on Technology
on this sector. We will narrow our focus to the Dutch healthcare sector and specifically to one of its
most important current ICT projects, the introduc7on of a na7onal EPR system (the EPD ini7a7ve).
This analysis, together with our findings from Phase 1 will become the step stones for Phase 3, where
we will analyze the applicability of current Cloud Compu7ng solu7ons to the Dutch healthcare sector
and specifically to the EPD ini7a7ve.
In this second phase of the research we will examine the EPD infrastructure in The
Netherlands. As this type of projects in the European Union are not geographically or poli7cally
isolated but they are rather embedded in na7onal context from an interna7onal perspec7ve, we will
introduce first the scope of this research with a top-‐down approach, from the European healthcare
strategy to the Dutch healthcare perspec7ve (see sec7on 1). We con7nue then by briefly describing
the role of technology in the healthcare sector (see sec7on 2) in order to facilitate our further analysis
of ICT usage in the Dutch healthcare system with special aOen7on to the introduc7on of EPD (see
sec7on 3).
1. Context and Scope

To introduce our analysis of the Dutch healthcare sector and its use of ICT we need first to
consider the scope and context that influence current developments in the sector and the adop7on of
technology to support them. For this reason we will discuss first the specific characteris7cs of the
healthcare sector (see sec7on A), to con7nue with our analysis of European healthcare taking into
account the current concerns of European ci7zens, the current European health strategy and
objec7ves and the current challenges of this sector in the European Union (see sec7on B). We will
conclude this sec7on by describing the current developments and concerns in the Dutch healthcare
sector from a ci7zens point of view as well as from a government perspec7ve (see sec7on C).
1.1. Characteris*cs of the Healthcare Sector

The healthcare sector is probably one of the most demanding sectors and with the highest
impact on ci7zen’s quality of life. Ci7zen’s are not only the main consumers of care services but they
are (in many cases) also the source of resources (through taxes) that enable such services. The specific
character of the healthcare sector compared to other sectors can be summarized into four main
factors: 7mely decision making, broad impact on ci7zens, increasing expenses and increasing service
demand:

• Timely Decision Making: Although it is important to carefully determine which is the best solu7on
for a specific situa7on and how to implement it, delays in healthcare improvement ini7a7ves can
be directly linked to ci7zen’s injuries and deaths that could have been avoided (Gartner, 2009).
This impact of decision making on ci7zen’s lives cannot be found in all other industries.
• Broad Impact on Ci*zens: Healthcare affects all ci7zens in various ways. Either as service
consumers (e.g. pa7ents) or as service providers (e.g. tax payers). According to a recent european
opinion survey (Eurobarometer, 2008) healthcare is the firh most important issue among
European ci7zens.
• Increasing Yearly Expenses: On average healthcare expenses as percentage of gross domes7c
product (GDP) in Europe have been con7nuously rising during the past decades (from 3,1% of GPD
in 1960 to 8,8% of GDP in 2006). As healthcare expenses growth rates have been higher that GDP
growth rates, analysts expect an exponen7al increase of healthcare costs in the future reaching
15% of GDP by 2020 (Gartner, 2009).
• Increasing Service Demand: The increasing growing costs are largely originated by an increasing
demand for healthcare services. This increase in demand is caused by longer life expectancies and
aging popula7on as well as by new lifestyles which imply more (and more intensive) healthcare
services (Gartner, 2009) (Stroetmann, Jones, Dobrev, & Stroetmann, 2006). Some examples of
these new lifestyles are increasing alcohol consump7on and increasing average weight of ci7zens.
1.2. Healthcare in the European Union

In our effort to delimit the scope of our analysis, we will focus in this sec7on on the healthcare
sector at the European level. For this purpose, we will briefly describe the evalua7on of actual
European Health systems from a ci7zen perspec7ve (see sec7on B.1), the current concerns of
European ci7zens and its rela7onship with healthcare (see sec7on B.2), the European wide health
strategy and objec7ves (see sec7on B.3) and the current challenges of healthcare in Europe (see
sec7on B.4).
A. European Healthcare Systems

The health sector in Europe is very heterogenous and complex as it includes a great variety of
different na7onal healthcare systems and it serves a wide variety of customers, in some situa7ons
even across na7onal systems (Stroetmann, Jones, Dobrev, & Stroetmann, 2006). Na7onal healthcare
systems vary strongly in their public/private delivery and financing. The sector is usually highly
regulated by (inter)na7onal, regional and/or local laws and regula7ons. In most cases, healthcare
services are delivered by public, non-‐profit organiza7ons leading to the absence of compe77on and
free market mechanisms. As a result, cost efficiency is a lower priority compared to other sectors.
According to the eBusiness Watch report, the healthcare sector was by the year 2000 the most
dominant economic sector in the EU (Stroetmann & Stroetmann, 2004b). It employs more than 15
million people (9% of the total jobs in the union) and it represents 500 billion euros expenditure (more
than 6% of the total European GDP). When analyzing healthcare expenditure by the source of
financing per country we observe that The Netherlands has lower public expenditure than the

European average (68% and 74% respec7vely) while its private financing is higher than the European
mean (32% and 26% respec7vely).
In general, Europeans are highly sa7sfied with their health and the medical services in their
local areas. Around 81% of Europeans are sa7sfied with their state of health while 72% is sa7sfied
with the health services they can access locally (Eurobarometer, 2009). Beside the effects of the
economic malaise and the posi7ve evalua7on of personal health and care services provided,
“healthcare systems” is s7ll the number one non-‐economic issue for Europeans. In the two latest
european barometers (waves 70 and 71) we observe that healthcare systems are the fourth most
important issue arer three economic related issues (infla7on, economy and unemployment).
European countries are confronted with increasing long term healthcare needs due to the fact
that ci7zens live longer and the “baby boom” genera7on becomes older. For this purpose, in 2002
three guiding principles for the reform of healthcare systems were defined by the European Council:
healthcare accessibility for every ci7zen, high quality of care and long term financial sustainability.
In a special Eurobarometer report from the European Commission on healthcare in the

European Union the results of interviews with more than 28.000 Europeans from 27 different
European countries are analyzed to support the development of long term healthcare strategies by
member states (Eurobarometer, 2007). When evalua7ng hospitals, around 71% of Europeans rate the
quality of na7onal hospitals as very good (15%) or fairly good (56%). On the opposite side, around 25%
of Europeans believe that hospitals are fairly bad (20%) or very bad (5%) (Eurobarometer, 2007). In
The Netherlands, hospital’s evalua7ons score above the European average with 87% of Dutch ci7zens
claiming that their hospitals are fairly good or very good. If we observe the evalua7on of services
provided by medical specialists, we observe the same sa7sfac7on scores as with hospitals. At
European level 74% of ci7zens values the quality of specialist care as good or very good while in The
Netherlands around 83% is sa7sfied with the quality of specialist care provided.
The availability and accessibility of hospitals in the European Union is posi7vely evaluated by
Europeans (76% affirmed to be very easy or fairly easy). However, in The Netherlands, ci7zens
evaluated accessibility and availability of hospitals slightly lower than the quality of services provided
(80% answered that hospitals are very easy or fairly easy to reach) (Eurobarometer, 2007). An
important remark should be made on the fact that 8% of European ci7zens (7% in The Netherlands)
could not obtain health services when needed due to the lack of availability or accessibility of
hospitals.
The availability and accessibility of specialists care in Europe scores lower than when
evalua7ng it at hospitals (Eurobarometer, 2007). Around 62% of Europeans considers that medical
specialist care is easy or very easy accessible. In The Netherlands the percentage is slightly higher than
average as 66% of Dutch ci7zens affirm that specialist care is easy or very easy to access. Around 9% of

European ci7zens (7% in The Netherlands) could not obtain specialist’s care because they were not
accessible or available.
Family doctors and GPs are beOer evaluated by European ci7zens than hospitals and medical
specialists (Eurobarometer, 2007). From all correspondents, 84% considers the quality of care
provided by family doctors as good or very good. In The Netherlands the percentage is even higher,
with around 89% of Dutch ci7zens evalua7ng their family doctor’s quality of care as good or very
good. The same differences are observed when evalua7ng the accessibility and availability of care
provided by family doctors. Around 88% of European ci7zens and 92% of Dutch ci7zens considers that
family doctors are easy or very easy accessible and available.
B. Current Concerns of European Ci*zens

In the latest report of the Eurobarometer public opinion research by the European Commission
(Eurobarometer wave 70) the effects of the economic crisis are clearly ascertained by European
ci7zens. The average unemployment rate in the European Union is expected to rise up to 8,1% by
2010 having a significant impact on European consumer’s confidence. As a result the Economic
Sen7ment Indicator reached its lowest point since 1993 (Eurobarometer, 2008). Europeans are
primarily concerned about the deteriora7on during 2009 of na7onal employment rates and
economies, followed by the economic situa7on in the European Union and the world.
A recent report from the European Commission (The Europeans in 2009) reflects on the shir in
ci7zen’s opinion from a ‘feel-‐good’ to a ‘feel-‐bad’ situa7on in both their personal and economic
perspec7ves. The accelerated recession that we are experiencing during 2009 was not an7cipated by
economic experts and analysts. While 8,2% of Europeans did not have a job by January 2009, experts
expected those levels of unemployment by 2010. Economic growth is reaching its lowest rates since
the second World War. This nega7ve economic context is affec7ng the lives of Europeans and the
expecta7ons they have for the future (Eurobarometer, 2009).
Even though the economic crisis is having a deep impact on all aspects of society, s7ll three out
of four Europeans are sa7sfied with the life they lead (Eurobarometer, 2009). However, the percentage
of unsa7sfied Europeans is the highest since 1995. In The Netherlands 96% of ci7zens are sa7sfied
with their lives. This is significantly higher than the European average (75%) and is also the third
highest sa7sfac7on rate within the European Union.

Figure 13: Current Concerns of European Ci*zens
Although European ci7zens are

Inflation 37% now more concerned with economic issues
Economy 37%
like infla7on or unemployment, there are a
Unemployment 26%
significant number of people which considers
Crime 17%
healthcare systems to be an important
Healthcare 16%
current na7onal issue (Eurobarometer, 2009).
Pensions 10%
Immigration 9%
In the three latest Eurobarometer researches
Taxation 8% healthcare systems were the fourth (EB 67 to
Housing 8% EB 69) and firh (EB70) major concern of
Education 7% Europeans at na7onal level, arer economic
Terrorism 5% related issues and safety (e.g. crime). The
0 0,1 0,2 0,3 0,4 results are shown in figure 13.
Issues at national level (EB70)
When europeans are asked about

their concerns at personal level, healthcare becomes the third most important issue arer infla7on and
the economic situa7on (Eurobarometer, 2008). This is specially the case in The Netherlands, the only
European country where healthcare systems are the number one concern at personal level,
men7oned as first priority by 37% of all correspondents.
It is important to note that concerns about healthcare systems increases with the age of the
correspondent. This is in accordance to the dependency on healthcare services, where older ci7zen’s
are usually more dependent on healthcare than younger ones. When Europeans are consulted on
where decisions affec7ng healthcare should be made, the majority (66% of correspondent) considers
that they should be taken at na7onal level by the government (Eurobarometer, 2008).
C. European Health Strategy and Objec*ves

The right of universal access to healthcare has been recognized by the European Union in the
Charter of Fundamental Rights of the EU (European Parliament, 2000) and it has been incorporated in
the overall strategy of the European Union (European Commission, 2007). The Charter of
Fundamental Rights of the European Union (European Parliament, 2000) describes the right of
healthcare in ar7cle 35: “Everyone has the right of access to preven7ve healthcare and the right to
benefit from medical treatment under the condi7ons established by na7onal laws and prac7ces.”
The European Commission’s publica7on “ Together for Health: A Strategic Approach for the EU
2008-‐2013” describes the strategy and objec7ves that member states should follow in the coming
years to improve the quality of healthcare services. Healthcare is a essen7al element of every ci7zen’s
life and it must therefore be effec7vely supported by na7onal and european policies, laws and
regula7ons (European Commission, 2007).

Although member states are directly responsible for the care services provided to ci7zens and
the suppor7ng policies, there are certain situa7ons where coopera7ve ac7on at European level is
required (e.g. pandemics, free movement of ci7zens, etc.). Moreover, the delivery of healthcare
services is explicitly men7oned in the EC Treaty (ar7cle 152): “high level of human health protec7on
shall be ensured in the defini7on and implementa7on of all Community policies and
ac7vi7es” (European Commission, 2007). This statement has been reaffirmed in the Reform Treaty in
Lisbon the 19th of October of 2007. Besides reenforcing the importance of healthcare, the
Commission encourages member states to cooperate with other countries on health related issues.
The need for an European wide health strategy is the result of three main growing challenges
that affect the health services provided to ci7zens: demographic changes, global threats and the rapid
evolu7on of technologies (European Commission, 2007). These three challenges are related to the
European strategic objec7ves of solidarity, security and prosperity respec7vely. As the average age of
Europeans increases (for example The Netherlands expects that in 2030 around 35% of the popula7on
will be older than 55 years) the sustainability of current na7onal healthcare systems will be
significantly affected. Global threats like for example pandemics, global warming or bioterrorism
require rapid response and extensive coopera7on among all member states. The rapid evolu7on of
new technologies can enable new capabili7es for predic7ng, preven7ng and trea7ng illnesses.
The strategy developed by the European Commission includes four fundamental principles to
guide european and na7onal healthcare ini7a7ves from 2008 to 2013 (European Commission, 2007).
The principles are: (1) strategy based on shared health values, (2) health in the greatest wealth, (3)
health in all policies and (4) strengthening the European Union voice in global health. This principles
are elaborated in appendix G.
As a part of the European Commission healthcare strategy, the commission have elaborated
three strategic objec7ves to cope with current challenges. These strategic objec7ves are elaborated in
the following paragraphs:
• Fostering good health in aging Europe: Current low birth rates and increased ci7zen’s longevity
result in an increasing aging of the European popula7on (Stroetmann & Stroetmann, 2004a).
According to EC by 2050 the number of ci7zens older than 65 years will grow by 70% and the
number of ci7zens older than 80 years will grow by 170% (European Commission, 2007). This
developments will increase the demand for healthcare services while the working popula7on
decreases at the same 7me. In order to maintain the sustainability of healthcare systems it is
important to improve the health status of this aging popula7on. For this reason the commission
proposes specific ac7ons to promote healthy lifestyles and prevent and treat diseases. To achieve
this objec7ve the commission proposes four ac7ons: promote healthy lifestyles among ci7zens,
develop specific ac7on against factors affec7ng health (e.g. tobacco, alcohol, etc.), improve the
preven7on and treatment of rare diseases and improve the policies for organ dona7on and
transplanta7on.

• Protec*ng ci*zens from health threats: Safety, security and protec7on of European ci7zens
against health threats is an obliga7on of every member state as stated in the EC Ar7cle 152.
Globaliza7on, global warming and terrorists threats have added new challenges to this objec7ve
that require collabora7on between member states and interna7onal actors (European
Commission, 2007). To successfully achieve this objec7ve the commission proposes to strength the
mechanisms for detec7on and response to health threats and to research how climate change
affects ci7zens health.
• Suppor*ng dynamic health systems and new technologies: The European Commission believes
that new technologies can significantly contribute to the sustainability of current healthcare
systems. Emerging technologies like for example eHealth, genomics and biotechnologies can
improve the preven7on of illness, the delivery of care services and the treatment of ci7zens. The
commission believes that eHealth can contribute to beOer ci7zen centered care as well as to lower
costs and improve interoperability across na7onal boundaries. Moreover, eHealth can facilitate
ci7zen’s mobility within the EU and improve their safety. The proposed ac7ons are the crea7on of
a framework for safe, high quality and efficient health services, the support of member states in
managing innova7on in health systems and the support of implementa7ons and interoperability of
eHealth solu7ons.
D. Future Challenges for Healthcare in Europe
The main goal of healthcare is to provide ci7zens with 7mely and qualita7ve care. For this
reason, aligning healthcare services to the specific needs of pa7ents at a certain point in 7me is a
growing concern for all member states. Member states and healthcare organiza7ons need to cope
with the con7nuously growing demand for health services while improving the quality and efficiency
of those services. According to previous research (Gartner, 2009) this implies changing current
healthcare systems from a physician-‐centric to a pa7ent-‐centric perspec7ve. According to previous
research, policy makers and healthcare organiza7ons need to align their efforts towards the following
challenges (Gartner, 2009):
• Growing Demand: effec7vely and efficiently mee7ng growing demand.

• Availability of Care: equal access, less wai7ng 7mes and beOer resource u7liza7on.
• Con*nuity of Care: coordina7on and informa7on sharing among healthcare providers.
• Empowerment: pa7ent-‐centric healthcare reinforcing the pa7ent’s role in healthcare.
• Pa*ent Safety: evidence based services that reduce the risk of harm.
• Quality of Care: effec7ve and efficient healthcare that improves customer sa7sfac7on.
• Large Scale Risks: ability to mi7gate or avoid large scale healthcare risks like pandemics,
bioterrorism and health consequences of climate change.
1.3. The Dutch Healthcare System

The main actors in the Dutch healthcare sector are pa7ents, healthcare providers, insurance
companies, pa7ent associa7ons, informa7on systems providers and government organiza7ons (Stap,
Verhoosel, Bekkum, & Mos, 2007). The Dutch healthcare system is one of the most priva7zed systems
within the EU. The percentage of private expenditure related to GDP in health is the third largest in
the EU (around 3,7% of Dutch GDP) (Ebusiness Watch, 2006). Only Switzerland and Greece have

higher private financing of health services related to their GDPs. From the total Dutch health
expenditure around 33% is used to finance hospital ac7vi7es which is in line with the EU average
(Ebusiness Watch, 2006). As in the rest of the EU, the financial sustainability of Dutch health system is
at risk due to socio demographic developments, while at the same 7me ci7zens expect that the
quality of care services improve over 7me.
According to data from 2004, the costs of the Dutch healthcare system are es7mated to be
around 45 billion euros per year, represen7ng 9,2% of the na7onal gross domes7c product (GDP)
(Prou & Smit, 2006). The three main cost areas are hospitals (29%), elderly care (18%) and
pharmaceu7cals (11%). As the Dutch system is predominantly private, care service providers nego7ate
directly with health insurers. In 2006, public coverage for ci7zens earning less than a predefined
threshold (65% of popula7on) was ended, leading to a new system of compulsory private na7onal
insurance with basic care for everyone. Insurers must offer the basic package to every ci7zen that
request it, while they can compete with other insurers by offering addi7onal care services (Prou &
Smit, 2006). Dutch ci7zens pay an annual fee of around 2.000 euros with a refund of around 300 euros
per ci7zen if no healthcare services are consumed during a year. Within the basic coverage all primary
and secondary care is included.
An interes7ng research on recent developments in the Dutch healthcare system has been
carried out by the Nivel ins7tute, an organiza7on specialized in healthcare related research in The
Netherlands (Nivel, 2009). According to Nivel, Dutch healthcare organiza7ons are going through a
deep transforma7on process that affects not only those organiza7ons but every professional that
collaborates with them. The size of Dutch healthcare organiza7ons has increased over the past
decades due to merges and acquisi7ons (Nivel, 2009), resul7ng in larger hierarchical organiza7ons
that create more distance between top execu7ves and care professionals complica7ng their
management. In The Netherlands, hospital’s top execu7ves leave their posi7ons on average 2,8 years
arer they started in that func7on (Nivel, 2009). This is remarkably low compared to other sectors and
countries.
Unhealthy behaviors and situa7ons are directly related to an increase in demand of healthcare
services (Nivel, 2009). One of these situa7ons is caused by viral infec7ons within Dutch hospital
(MRSA) that have double in number of infec7ons between 2002 and 2006. This type of infec7on is
hard to find outside hospitals and the bacteria has developed over the years resistance against
tradi7onal medica7on (e.g. penicillin). Other types of situa7ons that have been researched by Nivel
are the treatment of post stroke depression (a phenomenon that occurs in around 30% of the cases),
the increasing number of pa7ents with sexual or rela7onship problems, the treatment of chronic
sicknesses (e.g. HIV), the rela7on between professional female athletes and the amount of injuries,
the health status of rural versus urban ci7zens and the effect of personal movement on health.
One of the most important challenges signaled by Nivel is the lack of medical professionals and
medical educators in the (near) future due to demographic developments. As the Dutch popula7on is

aging and some are working part 7me more oren, researchers expect that the healthcare sector will
need 25% more professionals by 2025. This challenge is likely to accelerate collabora7on rates among
healthcare prac77oners and therefore the adop7on of na7on wide EPD.
The Dutch minister of Health recognizes the social importance of healthcare accessibility and
quality as every ci7zen needs these services some7me in their lives (Klink & Bussemaker, 2008). In a
leOer to the Dutch parliament in 2008 he recognizes the pressure on the current system due to the
steady increase in demand and cost of care services (Klink & Bussemaker, 2008). Ci7zens are
increasingly demanding higher quality of care services at lower prices while at the same 7me they are
becoming less tolerant for errors or unexpected circumstances.
Due to the evolu7on of medical prac7ces, physicians can treat (cri7cal) medical condi7ons
more efficiently and accurately, resul7ng in longer ci7zen’s life expectancy. However, elderly people
require more intensive care services than younger ones, and they oren suffer from mul7ple and (in
some cases) chronic health condi7ons (Klink, 2009). This indicates that the demand for healthcare
services is changing, requiring more mul7disciplinary services leveraged by collabora7on.
To cope with these socio demographic developments, healthcare needs to improve opera7onal
efficiency, or in other words it needs to provide more and beOer services with less human and capital
resources (Klink, 2009). The Ministry believes that innova7on, its diffusion and applica7on are cri7cal
factors to deal with these challenges. For this reason, the Dutch government has launched a series of
ini7a7ves focused on the crea7on of a healthcare innova7on plaxorm and policies to support
innova7on through the use of ICT. It is not only important that innova7ons emerge but also that they
are quickly implemented and adopted to leverage benefits for ci7zens, pa7ents and organiza7ons
(Klink & Bussemaker, 2008). The Dutch Ministry of Health defines innova7on with the following
formula: innova7on equals improvement mul7plied by implementa7on. The government’s role is to
create a climate where innova7ons emerge and are rapidly spread, and to guide innova7ons in solving
current healthcare challenges.
According to the Dutch minister of Health, con7nuous improvements in healthcare quality and
opera7onal efficiency are necessary to meet (future) ci7zen’s demands (Klink, 2009). Quality
improvements imply measuring, knowing, evalua7ng and improving current performance. The Dutch
Ministry of Health has the inten7on to restructure the current health system including the shir of
power from providers to consumers and the shir of control from public bodies to insurers (Tange,
2008). The EPD ini7a7ve can be regarded as the first steps towards this redesign.
To support innova7on in the healthcare sector, the Dutch Ministry of Health is planning to a
significant amount of resources during the coming years (Klink, 2009). While in 2008 the budget for
healthcare innova7on was around 14 million euros, in 2009 it increased to 29 million euros. This trend
will con7nue in the coming years where 42 million euros will be allocated in 2010, 55 million euros in
2011 and 60 million euros in 2012.

The implementa7on of the Electronic Health Records (EHR) infrastructure in The Netherlands
(the EPD project) was ini7ated by the Minister of Health to improve the access and quality of
healthcare as well as the cost efficiency of the current system (Deutsch & Turisco, 2009). The aging
character of the Dutch society and the mobile character of its ci7zens are some of the contextual
factors that can be considered as enablers of this project. Taking into account these circumstances, the
Dutch Ministry of healthcare determined that informa7on access, informa7on sharing and
communica7on between providers are the cri7cal factors in order to enable more efficient and
effec7ve healthcare services (Deutsch & Turisco, 2009). This situa7on lead to the founda7on of the
Na7onal IT Ins7tute for Healthcare (NICTIZ), an organiza7on responsible for developing and
implemen7ng a na7onal EHR infrastructure.
1.4. Sec*on Summary

In this sec7on we have described the specific characteris7cs of the (EU) healthcare sector, the
evalua7on of current European healthcare systems by ci7zens and the rela7ve importance of health
issues compared to other issues within the European Union. Moreover, we have briefly described the
European wide healthcare strategy and objec7ves and the challenges that EU health systems are
facing in the near future. For the purpose of this research we have further described the
characteris7cs of the Dutch healthcare system.
There is great variety of heterogenous na7onal healthcare systems within the EU aimed to
serve a large diversity of ci7zens. One of the main differences between those na7onal systems is the
mix of public versus private delivery and funding of care services. While a pure public model
eliminates free-‐markets forces (e.g. cost efficiency, innova7on, etc.), a full private model on the other
hand is oren regarded as more expensive and in some cases it limits the access to services based
purely on financial reasoning (e.g. low ROI for rare disease research). The healthcare sector in The
Netherlands is predominantly private, where public financing is significantly below the EU average.
It is important to note that independently of the financing model used, ci7zens are consumers
as well as providers in healthcare as they finance it through taxes and/or insurance bills and consume
those services when they need them. Moreover, the healthcare sector has significant impact on (inter)
na7onal economies as it employs more than 15 million people (9% of the total EU jobs by 2000) and
represents around 500 billion euros yearly (more than 6% of the total EU GDP by 2000).
Due to the broad impact on ci7zen’s quality of life, the healthcare sector must focus on 7mely
decision making as delays in care services can have fatal consequences for pa7ents. Besides 7mely
decision making, the healthcare sector is also characterized by two main developments: increasing
demand of services and increasing yearly expenses. Healthcare yearly expenses have been growing
significantly during the last years, in most cases at greater pace than GDP’s growth rates. If expenses
con7nue to grow at the same rate, we can expect healthcare costs to account for 15% of EU GDP by
2020. As a consequence, in order to sustain current systems while maintaining quality governments

need to either reallocate resources from other purposes (e.g. educa7on, transport, etc.) or increase
taxes. This increase in costs is mostly caused by the increase in care services demand due to higher
ci7zen’s life expectancy, lower birth rates and current lifestyles (e.g. larger alcohol consump7on and
higher ci7zen’s weight). In order to cope with these developments, the healthcare sector must
con7nuously find new ways to improve the quality and efficiency of services to deliver beOer services
to more ci7zens with the same amount of resources.
Healthcare has been during the past years the first non-‐economic issue for European ci7zens. A
great majority of EU ci7zens are sa7sfied with their health and the quality of health services they can
access. At EU level around three out of four Europeans evaluate the services provided by Hospitals
and Specialists posi7vely. In The Netherlands, quality sa7sfac7on scores are even higher than the EU
average. However, it is important to note that from a EU ci7zen perspec7ve there is a significant gap
between the quality of care services provided and their availability and accessibility. In general,
ci7zens value the quality of services higher than their accessibility and availability. Specially the
accessibility and availability of Specialists services scores significant lower than the quality of the
services obtained. Around 8% of EU ci7zens claim they could not access care services provided by
Hospitals and Specialists.
EU ci7zens are currently very concerned about the effects of the economic crisis as economic
growth rates are the lowest since World War two, unemployment rates are expected to raise to 8,1%
by 2010 and the Economic Sen7ment Indicator has reached its lowest levels since 1993. Even though
the percentage of unsa7sfied Europeans is the highest since 1995, three out of four EU ci7zens are s7ll
sa7sfied with their lives. In The Netherlands, almost all ci7zens (96%) are sa7sfied with their lives
which is significantly higher that the EU average (75%) being also the third highest sa7sfac7on score in
the EU. The Netherlands is the only EU country where healthcare systems are the number one
concern at personal level. It is important to note that concerns about healthcare systems increases
with ci7zen’s age as dependency and consump7on on those services increases.
According to the European Commission, there are three main developments that require
modifica7ons of the current healthcare systems: demographic changes, global threats and the rapid
evolu7on of technology. In The Netherlands around 35% of ci7zens will be older than 55 by 2030.
Pandemics, global warming and terrorism are some examples of global threats affec7ng healthcare. By
leveraging new technology developments, organiza7ons can enable new ways of predic7ng,
preven7ng and trea7ng illnesses.
In order to guide member states in developing new healthcare reforms, the EU Council
proposes three basic principles: healthcare accessibility for every ci7zen, high quality of care and long
term financial sustainability. Moreover, these principles have been complemented by the EU
Commission with four statements that should be taken into account when developing new legisla7on :
(1) strategy based on shared health values, (2) health in the greatest wealth, (3) health in all policies
and (4) strengthening the European Union voice in global health.

To improve the sustainability of current systems the EU proposes three Strategic Objec7ves: (1)
Fostering good health in aging Europe by improving ci7zen’s health and therefore reducing demand of
services, (2) Protec7ng ci7zens from health threats which requires collabora7on across na7onal
borders and is an obliga7on of every member state, and (3) Suppor7ng dynamic health systems and
new technologies to improve preven7on, delivery, treatment and enable cost efficiencies.
In the future, EU health systems will face important challenges that can affect the quality and
availability of services provided. First of all, countries need to deploy measures to effec7vely and
efficiently meet growing demand. Second of all, in order to improve the availability of care, na7ons
need to facilitate equal access to ci7zens, reducing wai7ng 7mes and improving resource u7liza7on.
Third, member states need to further develop their ability to mi7gate or avoid large scale healthcare
risks like pandemics, bioterrorism and health consequences of climate change. Fourth, in order to
guarantee and improve the quality of care, countries need to develop effec7ve and efficient
healthcare systems that improve customer sa7sfac7on. Firh, services should be based on evidence
that reduce the risk of harm. Sixth, systems must evolve towards a pa7ent-‐centric model reinforcing
the pa7ent’s role in healthcare. Last but no least, na7ons must foster coordina7on and informa7on
sharing among healthcare providers to guarantee the con7nuity of care.
The Dutch healthcare system is one of the most priva7zed systems in the EU. From a yearly
healthcare budget of 45 billion euros (9,2% of Dutch GDP) around 40% is financed by private
organiza7ons and 60% is financed by the government. This percentage of private funding is the third
largest of the EU. The majority of the budget is spend on hospitals (33% of the total budget), elderly
care ins7tu7ons and pharmacies. In The Netherlands, the financial sustainability of the healthcare
system is also under pressure due to demographic changes (longer life expectancies) and the
increasing quality of services demanded by ci7zens at lower costs. Other issues affec7ng the current
system are the lack of medical professionals as popula7on ages, the decreasing ci7zen’s tolerance for
medical errors and the increasing costs of healthcare resources. As a result care organiza7ons need to
collaborate more intensively in order to deliver more and beOer care with less human and capital
resources.
According to the Dutch Minister of healthcare, con7nuous improvements in quality and

opera7onal efficiency are necessary to meet future healthcare demand. For this reason, the Dutch
government has ini7ated a healthcare reform since 2006, where every ci7zen must obtain a na7onal
private insurance that provides him or her access to basic healthcare. This transforma7on is aimed to
shir the power from providers to consumers and shir the control from public bodies to insurers. The
need to improve opera7onal efficiency is also reflected on the introduc7on of the EPD system for the
exchange of medical informa7on across the country. The purpose of this project is to improve the
access and quality of healthcare while achieving cost efficiencies by leveraging collabora7on between
care organiza7ons. The government believes that innova7on and its diffusion and applica7on are
cri7cal success factors to achieve these goals.

2. The Role of Technology in Healthcare
According to previous work, EHR systems are necessary to cope with current and future
healthcare challenges (Deutsch & Turisco, 2009). Previously research has shown how successfully
leveraging ICT in organiza7ons can result in improved effec7veness and therefore superior
performance. For this purpose, organiza7ons need to consider healthcare issues as well as general
issues, crea7ng a culture of openness, posi7ve autude, pragma7sm, shared goal-‐seung and learning
(Gartner, 2009). By implemen7ng the right solu7on in a specific situa7on, eHealth can be a catalyst for
healthcare transforma7on with substan7al poten7al benefits.
According to research performed by Harvard Business Review (McAfee & Brynjolfsson, 2008)
the link between technology and compe77ve advantage has become much stronger since the mid
1990s. Organiza7ons that invest in the right ICT ini7a7ves perform significantly beOer than firms that
do not invest in those ICT capabili7es. This is also the case in the healthcare sector where some
emerging eHealth technologies have resulted in improved performance (Gartner, 2009). Some
examples are the Electronic Transfer of Prescrip7ons (ETP), Computer Based Pa7ent Records (CPR)
also known as Electronic Medical Records (EMR) and Electronic Health Records (EHR). Successful
implementa7ons of these technologies within the EU can be found in Sweden (ETP), Denmark (EHR)
and the Spanish province of Andalusia (EHR). The success of this implementa7ons are not only due to
the technology itself but also to the cultural change involved.
Other research has demonstrated how using the right approach, context and implementa7on
process, ICT can improve the quality, accessibility and efficiency of healthcare delivery (Stroetmann et
al., 2006). To further elaborate on the role of technology in the healthcare sector we will describe the
current use of eHealth in Europe (sec7on A) and its main opportuni7es, challenges, drivers and
barriers (sec7on B) to con7nue with a descrip7on of the cri7cal success factors for the adop7on of
technology in the healthcare sector (sec7on C).
2.1. eHealth in Europe

Ini7a7ves at European level for the implementa7on of electronic health systems are supported
under the ini7a7ve “Smart Open Services, Open eHealth” (NICTIZ, 2009). Based on the principle of a
single European market, the EU has elaborated three key policy objec7ves in healthcare: the crea7on
of a European eHealth area, free pa7ent mobility and empowering ci7zens through eHealth tools and
services (Stroetmann et al., 2006). Although healthcare is one of the most informa7on intensive
sectors in Europe, it does not leverage ICT developments as much as other sectors do. This implies
that there is significant poten7al for rapid and sustainable growth by applying ICT in this sector
(Stroetmann et al., 2006). ICT is therefore regarded as a cri7cal enabler for the further development of
European health systems.

The eHealth market represents around 2% of total healthcare expenditure in Europe during
2006 (Stroetmann et al., 2006). This is a low percentage when compared to other healthcare related
markets (e.g. medical devices). The difficulty to calculate the economic value of eHealth is one of the
main factors that are slowing its adop7on in Europe. However, experts predict that the eHealth market
will double its size in the near future (Stroetmann et al., 2006).
The ini7a7ve “eHealth for a Healthier Europe -‐ opportuni7es for a beOer use of healthcare
resources” was launched by the Swedish government in 2008 to research how healthcare can be
supported and improved by the use of technology and how technology is connected to poli7cal goals.
From July 2009 to December 2009 Sweden represented the Presidency of the Council of the European
Union. The methodology applied was to link the benefits of con7nued implementa7on of technologies
with the current medical and technology status in six member states by gathering data from 60 clinical
studies and 11 eHealth technologies (Gartner, 2009). According to this research, there are significant
poten7al healthcare improvements using electronic healthcare (eHealth) as a catalyst due to the fact
that for the five poli7cal goals analyzed by Gartner the technology adop7on rates were below 30%
(Gartner, 2009). Some examples of technologies that could contribute to improve European
healthcare are:
• Electronic Transfer of Prescrip7ons to eliminate or reduce the 5 million yearly outpa7ent

prescrip7on errors in the European Union.
• Computerized Physician Order Entry and Clinical Decision Support to eliminate or reduce the
100,000 yearly inpa7ent adverse drug events. In turn this would free up 700,000 bed-‐days yearly
by increasing throughput and decreasing wai7ng 7mes. This poten7al benefit could result in €300
million yearly savings.
• Electronic Pa7ent Records (EPR) which could save up to €3,7 billion yearly by increasing
throughput and decreasing wai7ng 7mes and freeing 9 million bed-‐days yearly.
Another interes7ng yearly report on the adop7on, development and impact of electronic
business (eBusiness) technologies within the European Union is The eBusiness Watch (Stroetmann &
Stroetmann, 2004a). The reports are periodically extended with industry specific reports to support
the needs and challenges of a specific sector. Although the last eBusiness Watch report focusing on
the healthcare sector was carried out in 2004 some of the challenges are s7ll valid today. According to
the research, eHealth technology has evolved in the last years to become the third largest industry in
the EU. Some researchers (Stroetmann et al., 2006) expect that by 2010 eHealth expending can
account for 5% of the total health budget of member states. The eBusiness Watch report defines
eHealth as “the applica7on of informa7on and communica7on technologies across the whole range of
func7ons that affect the health sector”. This is a broad defini7on that includes a great variety of
solu7ons like for example tools for health authori7es, personalized health pa7ent systems, networks,
telemedicine services, etc. The main goals of these tools are to improve medical outcomes and
ci7zen’s quality of life as well as to reduce the costs in pursuing these objec7ves.

Healthcare systems in the EU need to be prepared for the aging of their ci7zens as the baby
boomer genera7on will soon not be part anymore of the working popula7on. This creates significant
pressure on the sustainability and efficiency of current healthcare systems. Moreover the pervasive
character of chronic sicknesses (e.g. Cancer, Adis, etc.), the increased average weight of ci7zens and
the rapid spread of sicknesses (e.g. the H1N1 pandemic) are also developments that affect the future
demand of care services. At European and na7onal levels several ini7a7ves have been launched to
cope with these issues by leveraging ICT. One of this ini7a7ves is the introduc7on of EHR (or EMR)
integra7ng all health related relevant informa7on of a single pa7ent (Stroetmann & Stroetmann,
2004a). This ini7a7ve implies a shir from paper based medical records to electronic records that can
be easily accessed to all actors, and in some cases to the pa7ent as well.
A special issue of the eBusiness Watch report on ICT in hospital ac7vi7es elaborates the
adop7on, implica7ons and issues of ICT in hospital ac7vi7es within the EU (Ebusiness Watch, 2006).
Although hospital’s adop7on of ICT is higher compared to other medium and small size healthcare
enterprises, it mostly focuses on collabora7on and on purchasing goods and services (e.g. networks, e-‐
collabora7on, e-‐procurement, etc.). There are not many hospitals which have adopted customer
facing technologies like online booking or e-‐marke7ng.
The most important drivers for the adop7on of technology by hospitals are the expecta7ons
from health insurers, gaining compe77ve advantage and the pressure of compe77on (Ebusiness
Watch, 2006). The two most significant barriers men7oned by hospitals are security and the cost of
technology, followed by the size of the organiza7on, legal issues, system compa7bility and the lack of
reliable providers. The most frequent ICT system used by hospitals is the Hospital Informa7on System
(HIS). A HIS system is a type of Enterprise Resource Planning (ERP) system with a focus on hospital
ac7vi7es. It manages the large amount of informa7on to support communica7on, knowledge
management and process efficiency (Ebusiness Watch, 2006). However, technology can also
contribute to the achievement of two main goals in healthcare, con7nuity and availability of care
services.
A final remark should be made on the data security paradox in hospital opera7ons. Although
pa7ent data need to be readily available for exchange, it also needs to be protected against
unauthorized usage, dele7on or modifica7on. The use of secure server technology, digital signatures,
firewalls and public keys in hospitals is twice as high as in other sectors (Ebusiness Watch, 2006).
2.2. eHealth Opportuni*es, Challenges, Drivers and Barriers

The adop7on of technology in the healthcare sector is lower and slower than in other sectors.
Healthcare organiza7ons can be regarded as late adopters of technology. The reasons for this situa7on
can be found in the challenges that healthcare organiza7ons face. The European eBusiness Watch
report iden7fies a series of challenges and opportuni7es for the adop7on of eBusiness in the
healthcare sector (Stroetmann et al., 2006):

Table 20: Opportuni*es and Challenges of eHealth
Opportuni*es Challenges
•Piggy-‐back on eHealth infrastructure developments
•Increasing compe77on due to interoperability
•Gain compe77ve advantage from coopera7on in the value chain
•Legal, regulatory and security issues
•Reduce costs and improve services through beOer supply chain
•Ensure staff monitoring and training
management
•Adopt a long term view on future developments
•Enhance marke7ng of services and client loyalty through
•Reduce size disadvantages through collabora7on
communica7on
Moreover, the report of the European Commission iden7fies also a series of drivers and
barriers to the adop7on of eBusiness in the European healthcare sector:
Table 21: Drivers and Barriers of eHealth
Drivers Barriers
•Health system guidance and leadership •Lack of opportunity awareness
•Compe77on •Size of organiza7ons
•User friendliness and func7onality •Interoperability deficits
•Good prac7ces •Financing of eBusiness
•Standardiza7on •Legal, security and privacy issues
By increasing the availability of accurate, complete and relevant clinical data healthcare
providers can improve the quality of their services and deliver them more efficiently and effec7vely
(Deutsch & Turisco, 2009). For this reason healthcare is currently experiencing a transforma7on from a
physician-‐centric to a pa7ent-‐centric orienta7on that could be accelerated by the right use of the right
informa7on technology.
In previous researches a number of advantages have been iden7fied linked to the use of EHR
systems connected to health informa7on exchange (HIE) systems (Deutsch & Turisco, 2009). These
advantages can be grouped around the two main goals of healthcare: improve pa7ent safety and
improve cost efficiency of processes. EHR systems can improve pa7ent safety by elimina7ng
transcrip7on errors, medical errors and adverse medica7on events (e.g. allergies). Efficiency
advantages can be found in the reduc7on of redundant tests, improved administra7ve efficiency and
faster processing of pa7ents, prescrip7ons and hospital discharges. Moreover, being able to access
current pa7ent data on a real-‐7me basis leads to new forms of consulta7on which are more effec7ve
and efficient than face-‐to-‐face contact.
Some examples of technologies linked to documented benefits in healthcare can be found in
previous research (Gartner, 2009). Based on poli7cal goals the technologies are linked to documented
benefits with the excep7on of Con7nuity of Care. The poten7al benefits are es7mates from
documented benefits in one or more EU member states that could be extrapolated to other countries.
The results of Gartner’s research for each poli7cal goal are shown in appendix H to appendix K
(Gartner, 2009). Due to the large number of documented benefits, it is important to consider first
those technologies that have enabled the most benefits in the past. Some of these eHealth

technologies with high poten7al are Electronic Medical Records, Computerized Physician Order Entry
and Clinical Decision Support systems.
In another research on the benefits and costs of eHealth in ten European sites (Stroetmann et
al., 2006) researchers quan7fied them by using a Cost Benefit Analysis (CBA) which allows individual
site assessments as well as comparing various sites. The researchers found that improved quality can
be traced back to five factors: beOer informed ci7zens and providers, informa7on that streamlines
care processes, 7meliness of care, safety and effec7veness. Researchers found that all cases under
study reflect posi7ve economic impact measured as net benefits at present value. The average
payback period was 4 years, being the main beneficiaries healthcare providers (52%), ci7zens (43%)
and third party payers (e.g. insurers) (5%).
In some countries the adop7on of health informa7on exchange systems (HIEs) have been slow
and with moderate success. Previous research has found that the top three obstacles for the adop7on
of HIEs in the USA are (1) the funding and par7cipa7on of those ini7a7ves, (2) the legal and regulatory
context, and (3) the technical issues (Deutsch & Turisco, 2009).
2.3. Technology Adop*on in Healthcare

Many countries are enforcing policies to improve the quality and efficiency of healthcare
through the use of ICT solu7ons (Schoen et al., 2006). Some examples are prac7ce and systemwide
informa7on systems to track pa7ents as they visit different points of care, to support disease
management, to prevent duplica7on and medica7on errors, and to 7mely access pa7ent informa7on
(Schoen et al., 2006).
In the 2009 HIMSS conference we can find some expert’s presenta7ons regarding the current
use of informa7on technology at healthcare organiza7ons. According to one of these presenta7ons
(Duke, Hartz, & Jacobs, 2009) Health Informa7on Technology (HIT) nowadays is s7ll predominantly
paper based, using systems that are oren not interoperable. Although there is an increasing public
pressure on moderniza7on and economic efficiency of healthcare delivery, technological
implementa7ons are s7ll taking more 7me than expected and at higher costs than were budgeted
beforehand.
Some na7onal regula7ons, like the American Recovery and Reinvestment Act (ARRA) of 2009,
clearly state that the main goal of technical innova7ons is to achieve added value. For this purpose,
future IT implementa7ons must take into account not only the adop7on of technological innova7ons
but also the complete (business) process reengineering from paper based processes to digital
workflow management. The use of technology in healthcare should therefore aim to achieve real
value (e.g. ROI) measured in quality of healthcare, process efficiency and revenue (Duke et al., 2009).
The evolu7on of IT transforma7on according to this process-‐technology approach to clinical
transforma7on is depicted in the figure 14.

Figure 14: IT transforma*on model (Duke et al., 2009)
The different process maturity levels (green blocks) and corresponding technological
implica7ons (blue blocks) can be iden7fied by observing the current situa7on:
• Maturity Level 1: The organiza7on cannot fully trust its processes and is suffering from data
overload where few informa7on is regarded as useful. By automa7ng transac7ons processes can
be improved shiring the organiza7on to the next level.
• Maturity Level 2: The focus at this point is to improve processes to be able to do increase process
efficiency. By crea7ng informa7on silos, useful informa7on can be gathered and stored
appropriately.
• Maturity Level 3: Once a certain level of efficiency has been achieved, the organiza7on can focus
on process reengineering to modify current prac7ces and achieve opera7onal effec7veness.
Process redesign can at this level be facilitated by IT processes.
• Maturity Level 4: Organiza7ons that achieve this level of maturity are able to collaborate outside
the organiza7onal boundaries and technology becomes an strategic advantage.
When considering new technological adop7ons from a added value point of view some
authors (Duke et al., 2009) propose the use of well known financial ra7os like the benefit-‐cost ra7o,
payback period, net present value (NPV) and the internal rate of return. Although these indicators are
regarded useful when evalua7ng investment alterna7ves they do not account for intangible costs and
benefits. For this reason their use should be limited to complementary measurements to guide
decision making. Some examples of intangibles benefits that financial ra7os ignore are compe77ve
advantage, brand awareness, regulatory compliance, employee sa7sfac7on and improved
management.

In the implementa7on of Electronic Health Records systems in the United States a number of
Cri7cal Success Factors (CSFs) have been iden7fied (Duke et al., 2009). The factors can be grouped into
four main areas: Leadership, Management, Func7onality and Technology. The CSFs are shown in the
table 22:
Table 22: Cri*cal Success Factors for the adop*on of Electronic Health Records
Related Area Cri*cal Success Factor
•Management commitment reflected in shared vision

•Accordance with organiza7onal strategic objec7ves
Leadership
•Mul7disciplinary governance commiOee ac7vely involved
•Clear objec7ves and business case
•Support from senior execu7ves as if it is a clinical project
•Added value is clear for employees
•Good project management with detailed planning and real 7me monitoring and repor7ng.
Management •Resources and commitment for redesign focusing on process quality, efficiency and reliability
•Training, ini7al and ongoing
•Adequate communica7on throughout the whole project.
•Transparency and feedback to all end users is cri7cal.
•Cri7cal to organiza7onal processes

•Broad intended user group
Func*onality
•Support for clinical workflow
•Horizontal integra7on and use of the system
•Compa7bility with other technologies in place and alignment with clinical processes
•High availability on demand. No latency.
Technology
•Security, confiden7ality and data integrity
•Interoperability
Another approach to evaluate the cri7cal success factors for the adop7on of technology can be
found in Gartner research (Gartner, 2009). In order to successfully adopt a new technological solu7ons
organiza7ons need to take into account (among other factors) the complexity, governance, local
condi7ons, stakeholder engagement, vendor engagement, adaptability and measurement of the
envisioned solu7on (Gartner, 2009). In the healthcare sector, in addi7on to these concerns, adopters
need to consider the complexity of the medical process, the high sensi7vity of medical and personal
data and the need for proven technology due to the low tolerance for errors.
The European Commission conducted an empirical survey among healthcare organiza7ons to
evaluate their percep7on on the importance of eBusiness applica7on areas (Stroetmann et al., 2006).
The applica7ons that are considered highly or very relevant for the healthcare sector are
collabora7on, informa7on exchange, online purchasing, efficient e-‐procurement, and web services
based integra7on of IT components. Moreover a number of applica7ons are considered to have
average relevance in the healthcare sector: e-‐learning, human resource management and virtual
private networks. Organiza7ons expect that interac7ve pa7ent informa7on and involvement, and

electronic networking with other actors and organiza7ons are the two most relevant factors in the
near future. The most relevant adop7on barriers signaled by healthcare firms are the size of
organiza7ons and the complexity and cost of technology.
2.4. Sec*on Summary

In order to facilitate our analysis on the applicability of Cloud Compu7ng solu7ons in the
healthcare sector, we have described in this sec7on the current role of technology in European
healthcare, the most relevant opportuni7es, challenges, drivers and barriers, as well as some cri7cal
success factors for the successful adop7on of technology in this sector.
As it is also the case in other sectors, business and IT alignment of organiza7onal strategy and
processes is crucial for leveraging IT solu7ons. Previous research has found that applying the right
approach and implementa7on methodology for a specific situa7on organiza7ons can improve the
quality, accessibility and efficiency of healthcare delivery. Some documented cases indicate that
organiza7ons that invest in the right ICT ini7a7ves (e.g. eHealth) perform significantly beOer than
firms that do not invest in those ICT capabili7es. The poten7al for improvement in this sector is rather
large due to the fact that although the healthcare sector is one of the most informa7on intensive
industries it does not leverage IT solu7ons as much as other sectors do. Moreover, in order to deal
with current challenges (e.g. aging popula7on, pervasive chronic sicknesses, rapid spread of sicknesses
globally, etc.) and guarantee the sustainability of healthcare systems, organiza7ons need to take
advantage of technological developments.
The benefits of technology in healthcare have also been extensively documented. Significant
improvements in quality, cost efficiency, process throughput and the reduc7on of medical errors have
been directly linked to implementa7ons of Electronic Transfer of Prescrip7ons, EPR and Computerized
Physician Order Entry and Clinical Decision Support systems. Other research from Gartner iden7fies
significant high poten7al benefits in the adop7on of Electronic Medical Records, Computerized
Physician Order Entry and Clinical Decision Support systems. Other research based on financial cost
benefit analysis has also demonstrated significant benefits arising from successful ICT
implementa7ons like for example beOer informed ci7zens and providers, streamlined processes,
7meliness of care and improved safety and effec7veness.
Organiza7ons can improve the quality, efficiency and effec7veness of care services by
increasing the availability of accurate, complete and relevant clinical data (e.g. EHR system). Quality is
improves as medical errors, adverse medica7on errors and prescrip7on errors are reduced. Efficiency
is improved when redundant tests are eliminated, the administra7on process is streamlined, and the
organiza7on is able to process pa7ents, prescrip7ons and hospitaliza7ons faster.
The main barriers encountered by organiza7ons when adop7ng IT solu7ons are the security
and the cost of technology. Although informa7on needs to be exchangeable across organiza7ons it
also needs to be protected from unauthorized use. Other barriers found in previous research are the

lack of opportunity awareness, the size of the organiza7on, the lack of interoperability with current
systems and legal and privacy issues.
The adop7on of technology is mo7vated by the increasing compe77on, the demand for user
friendly services and extensive func7onality, previous good prac7ces and standards. Organiza7on can
take advantage of technological solu7ons by leveraging current infrastructure investments, gaining
compe77ve advantage from coopera7on in the value chain, reducing costs by improving supply chain
management and crea7ng economies of scale and synergies through collabora7on. When leveraging
solu7ons organiza7ons need to take into account legal, regulatory and security issues as well as the
training and monitoring of staff on the envisioned solu7on.
IT implementa7ons must include the adop7on of technology as well as complete (business)
process reengineering from paper based processes to digital workflow management. As the use of
technology in healthcare must aim to achieve real added value (e.g. ROI) measured in quality of
healthcare, process efficiency and revenue, organiza7ons should align process maturity with
technologies that enables higher value crea7on in the transforma7on process. The ul7mate goal of
this transforma7on process is to enable collabora7on outside the organiza7onal boundaries while
leveraging technology as a strategic advantage.
In previous research a number of cri7cal success factors (CSFs) have been iden7fied for
leveraging IT solu7ons. The CSFs can be classified into four areas: management, leadership,
func7onality and technology. In the management area some of the CSFs are the support from senior
management, clear added value, good project management, employee training and communica7on
and a clear focus on process quality, efficiency and reliability. Organiza7onal leaders must develop a
shared project vision with clear objec7ves and business case and align it with the firm’s strategy as
well as with corporate governance.
The func7onality of the solu7on must focus on suppor7ng organiza7onal and clinical processes
as well as a broad user group and horizontal integra7on. On the technology area, the solu7on must
ensure compa7bility with current systems, and guarantee a high level of availability, security and
interoperability. Other CSFs found in previous research are the level of organiza7onal and medical
complexity, the stakeholder and vendor engagement, the adaptability of the solu7on to be adopted,
the sensi7ve character of pa7ent data and the need for proven technology due to the low ci7zen’s
tolerance for medical errors and the high impact of those errors.
According to healthcare organiza7ons tools that facilitate collabora7on, informa7on exchange,
eProcurement and web services are the most relevant for the sector. Specially, interac7ve pa7ent
informa7on and involvement and electronic communica7ons are the two most relevant factors in the
near future.

3. ICT in the Dutch Healthcare sector
Healthcare professionals need the right informa7on, at the right 7me and at the right place.
For this reason, ICT is considered by the Dutch government as an important enabler to cope with
healthcare challenges not only by suppor7ng medical research but also improving opera7onal
efficiency, specially in an informa7on intensive sector like healthcare (Klink & Bussemaker, 2008). As a
consequence, during the past years there has been a growing governmental interest to support
healthcare services with ICT (Stap et al., 2007).
An example of this interest is the introduc7on of EPR in The Netherlands, which is known as
the Elektronisch Pa7ënten Dossier (the EPD project). The EPD is currently an important priority for the
government to improve quality, accessibility and affordability of healthcare services. However, due to
the priva7za7on of the Dutch healthcare sector, the government has limited enforcing power in how
healthcare organiza7ons work (Stap et al., 2007) affec7ng the adop7on of this type of infrastructure.
The NICTIZ ins7tute, the Na7onal Ins7tute for ICT in Healthcare (in Dutch, Na7onaal ICT
Ins7tuut in de Zorg) was founded in 2002 to s7mulate the use of ICT in the Dutch healthcare sector.
NICTIZ is responsible for the realiza7on of the na7onal EPD infrastructure in collabora7on with
pa7ent’s associa7ons, healthcare providers, insurers, ICT providers and public bodies. Under their
slogan: “BeOer healthcare trough beOer informa7on” the main goal of NICTIZ is to support healthcare
organiza7ons in leveraging ICT solu7ons and to enable the condi7ons for electronic exchange of
pa7ent informa7on.
NICTIZ is responsible for developing and maintaining the AORTA basic infrastructure to
facilitate the secure exchange of medical informa7on (e.g. EPD records). Moreover, NICTIZ is
responsible for the standards used and cer7fica7on programs for ICT providers and healthcare
organiza7ons. Within the EPD ini7a7ve, two components have been first implemented, the Electronic
Transfer of GP Observa7ons WDH (Waarneem Dossier Huisartsen) and the Electronic Transfer of
Prescrip7ons EMD (Electronisch Medica7e Dossier) (Stap et al., 2007).
The EPD ini7a7ve was launched to improve the quality of medical services by providing 7mely,
accurate and secure informa7on exchange. Electronic Pa7ent Records (e.g. EPD records) are a specific
type of Electronic Health Records (EHR) systems. An EHR is a collec7on of personal medical
informa7on that is stored during the en7re life7me of a person. This informa7on is stored and
exchanged in digital form on secure infrastructures.
The main goal of an EHR system is to guarantee con7nuity of care to a pa7ent as it reflects his
or her medical situa7on at a specific point in 7me. Although this is also one of the goals of the EPD
ini7a7ve, it is primarily designed to support a specific healthcare process or treatment. Due to the fact
that the EPD combines informa7on which is generated and stored at the source (e.g. the care

provider) it does not provide a complete overview of a pa7ents health situa7on but rather the
relevant parts needed to accomplish an specific healthcare task (Stap et al., 2007).
Informa7on technology can improve healthcare by suppor7ng decision making and facilita7ng
pa7ent’s assessment and monitoring. Moreover, ICT can enable innova7on and the efficient use of
physical and human resources (Schoen et al., 2006). One of the main success factors iden7fied in
previous implementa7ons is the alignment between those who benefit from the new system and
those who pay for it (Deutsch & Turisco, 2009). This is not the case in The Netherlands where the
healthcare sector is priva7zed while the EHR implementa7on has been paid by the Dutch government,
including the Na7onal Switch Point (Landelijke Schakel Punt, LSP), which is offered free of charge to
healthcare providers.
The demand of care services in the Dutch healthcare sector will grow significantly in the near
future due to the demographic evolu7on of its ci7zens (e.g. aging popula7on, higher average weight,
etc.). Collabora7on is also becoming increasingly important among healthcare prac77oners in order to
treat rapid spreading threats (e.g. H1N1 virus) or to improve the treatment of care intensive
sicknesses (e.g. Cancer, AIDS, etc.). In order to cope with these challenges, the Dutch government has
launched new laws and regula7ons, new financing models and has fostered ICT innova7on in
healthcare (NICTIZ, 2009).
3.1. ICT in General Prac**oners Offices

Primary care professionals are the first point of contact for pa7ents playing a crucial role in
preven7on and ongoing care (Schoen et al., 2006). In the Dutch healthcare system general
prac77oners (GPs) or family prac77oners (FPs) are the gatekeepers of healthcare services as pa7ents
must be referred by them to be able to access further specialized treatments. Moreover, pa7ents can
not access various GPs at the same 7me as they need to register at one GP beforehand.
The Dutch healthcare system counts with around 9.000 family doctors (GPs) with specialist
training in family medicine (Prou & Smit, 2006). GPs are the gatekeepers of the system as they must
authorize every pa7ent in order to be further treated by hospitals or specialists. As a result, 95% of
primary care condi7ons are solved at GPs (Prou & Smit, 2006). Around 88% of GPs work alone or in
prac7ces of two to three doctors. Outside office hours, pa7ents can obtain help from primary care
coopera7ves, serving up to 90% of Dutch ci7zens. The computeriza7on of GPs prac7ces in The
Netherlands is high. Around 97% of GPs use a computer based GP informa7on system for use in
primary care. Around 90% of prescrip7ons are generated electronically (Prou & Smit, 2006).
According to a research from the Commonwealth Fund in The Netherlands, almost all GPs
(98% according to data from 2006) use electronic medical record systems in their prac7ces (Schoen et
al., 2006). However, when we look at collabora7on only 45% of all GPs can share records electronically
with clinicians outside their prac7ce, 32% can access medical records when outside of office, and 8%
provide pa7ents with access to their medical records. Although the great majority of GPs in The

Netherlands can prescribe medica7on electronically and have electronic access to pa7ent’s test results
(85% and 78% respec7vely) only few of them (around 10%) has access to pa7ent’s hospital records
and can order tests electronically (Schoen et al., 2006).
A large number of GPs (93%) receives electronic alerts when a poten7al medica7on problem
takes place and they send electronic alerts to pa7ents for preven7ve of follow up care (61%) (Schoen
et al., 2006). On the other hand, only a minority of GPs (16%) receive electronic alerts to provide
pa7ents with test results. The majority of GPs can easily obtain electronic lists of pa7ents by diagnosis
(63%) and lists of all medica7ons taken per pa7ent (59%).
As GPs manage the referring-‐to-‐specialist process and the longitudinal care history they are
cri7cal for the coordina7on of care services over 7me (Schoen et al., 2006). When care service span
various prac77oners some7mes pa7ents in The Netherlands suffer problems from lack of coordina7on
(41%) and unavailable medical records (15%). Around 7% of Dutch GPs have to repeat tests some7mes
because the findings cannot be found anymore. In almost all cases (96%) GPs affirm that they get
informa7on back from referred professionals.
In this research we delimit our analysis from now on to one of the largest ICT implementa7ons
in Dutch healthcare, the introduc7on of a na7onal infrastructure for the exchange of electronic
medical records known in Dutch as the EPD. The government plans to make the use of this
infrastructure compulsory by law to all healthcare organiza7ons in The Netherlands, including GPs,
hospitals, pharmacies, etc. At the moment of wri7ng the EPD project has completed the first pilots
successfully while healthcare organiza7ons are deploying cer7fied solu7ons that can connect to this
infrastructure.

4. Electronic Pa*ent Records in The Netherlands
The project for the introduc7on of Electronic Pa7ent Records (EPD in Dutch) in The
Netherlands was officially launched by the Dutch Ministry of Health in September 2008, when a law
came into force allowing the use of ci7zen’s social security numbers (in Dutch burgerservicenummer
or BSN number) in the healthcare sector (NICTIZ, 2009). The EPD project aims to implement a basic
“empty” infrastructure containing strictly index and reference systems that connects all individual
sources were pa7ent informa7on is registered and stored (for example at a GP office or hospital)
(Tange, 2008).
The main goal of this inter-‐organiza7onal infrastructure is to share pa7ent medical informa7on
in a fast and reliable way in order to prevent communica7on errors and therefore to improve the
quality of care provided to ci7zens (Tange, 2008). As informa7on is stored and maintained at its origin,
it is always kept up to date by minimizing the delay between the origin of informa7on and its
registra7on. The index system is implemented at the na7onal switch point (in Dutch Landelijk Schakel
Punt or LSP) that contains pointers to all registered EPD records of each pa7ent.
When a clinician needs medical informa7on about a specific pa7ent, the index systems pulls
the informa7on on demand from the provider’s systems and sends it to the clinician reques7ng it. The
switch point is at all 7mes empty, containing only the informa7on needed to gather the data (index
and reference system) from a provider’s systems (Tange, 2008).
Once the EPD project has been completed, all healthcare providers and insurers will benefit
from secure electronic informa7on exchange of pa7ent’s data (Prou & Smit, 2006). Although there
are some healthcare regional networks already in place, they exchange informa7on according to the
EDIFACT standard. These regional networks are going to be integrated in the na7onal infrastructure
which exchanges informa7on following the HL7 version 3 standard. The Ministry of Health plans to
reuse these regional networks as aggrega7on channels to connect to the na7onal switching point
(Prou & Smit, 2006).
Collabora7on between healthcare service providers has been subject of a lot of research in The
Netherlands (Nivel, 2009). The recent introduc7on of electronic pa7ent records (EPD) is believed to
affect the supply and organiza7on of services in the Dutch healthcare sector. Previous research has
observed a higher rate of collabora7on among healthcare actors (Nivel, 2009). Around 50% of Dutch
GPs are physically working next to other actors (e.g. pharmacy, physiotherapist, etc.) while 30% of all
GPs have actually formal collabora7on agreements with other actors. Moreover, according to Nivel
research clinics with more than one doctor collaborate more with other professionals than clinics
where a single clinician is located.

Electronic pa7ent records (EPD) must contain informa7on that is complete, reliable, and well
structured (Nivel, 2009). This is not an easy task as pa7ent informa7on is registered and stored by
individual clinics or GPs using their own nota7ons and conven7ons. In order to facilitate the exchange
of informa7on (EPD) with other professionals, the Associa7on of Dutch GPs (Nederlands Huisartsen
Genootschap) has published in 2004 a set of guidelines that every prac77oner should follow in order
to support the exchange of informa7on with other clinicians.
4.1. The EPD Agenda

In order to cope with the (future) challenges of healthcare, the Dutch government launched
two ini7a7ves: an electronic pa7ent record system (the so called EPD) and an ICT basic infrastructure
to facilitate the exchange of informa7on in the healthcare value chain. ICT solu7ons that support
healthcare delivery, sickness preven7on, clinical examina7on and healthcare logis7cs are considered
to be part of the EPD project (NICTIZ, 2009). The basic ICT infrastructure to be used includes
standards, agreements, contracts and tools that facilitate the exchange of informa7on in the
healthcare sector (NICTIZ, 2009).
For the introduc7on of the na7onal EPD infrastructure, a governance body has been created to
define the project agenda, facilitate decision making and control the implementa7on (NICTIZ, 2009).
The governance includes two bodies: the plaxorm for ICT and innova7on (Plaxorm ICT & Innova7e)
and the steering commiOee ICT & innova7on (Stuurgroep ICT & Innova7e). The plaxorm is responsible
for defining the agenda while the main func7on of the steering commiOee is decision making and the
direct management of implementa7on projects. The governance body is responsible for the execu7on
of the project and individual programs. Every subprogram is managed by Program Advise CommiOees
(PAC) where the most relevant stakeholders for that specific project are represented. Each program
compromises five itera7ve phases: awareness, decision prepara7on, design and valida7on,
development and tes7ng and implementa7on.
The incremental approach of the EPD implementa7on includes a diverse number of ini7a7ves
to be completed in the planning horizon from 2008 to 2013 (NICTIZ, 2009). Figure 15 depicts an
overview of these ini7a7ves grouped in the EPD agenda (NICTIZ, 2009):

Figure 15: EPD Program Overview
The deployment of the EPD infrastructure follows an incremental top-‐down approach star7ng
with two func7onali7es: the exchange of informa7on regarding pa7ent’s drug prescrip7ons (EMD,
Electronisch Medica7edossier in Dutch) and GPs observa7ons from service encounters at point of
service loca7ons (WDH, Waarneemdossier Huisartsen in Dutch) (NICTIZ, 2009). At the moment of
wri7ng, the implementa7on and pilot projects for these two types of informa7on have been
successfully accomplished and they will be rolled out soon at na7onal level.
4.2. Stakeholders in the EPD ini*a*ve

The Dutch government has passed a law in 2009 making the use of the na7onal infrastructure
compulsory. However, par7cipants need to obtain the required cer7fica7on obtaining financial
incen7ves for those using cer7fied informa7on systems (Tange, 2008). The most relevant actors that
are affected by the EPD ini7a7ve are the Dutch government, healthcare providers, tax payers, pa7ents
and pa7ent’s organiza7ons, poli7cal par7es, GP organiza7ons, IT vendors and others (Tange, 2008).
The stakeholders and their support for the project is depicted in figure 16.

Figure 16: EPD stakeholders support (Tange, 2008)
The Government is the main ini7ator and advocate of the project. Some healthcare providers
(e.g. GPs) support the idea but are opposed to the na7onal infrastructure and prefer regional ones,
while other providers (e.g. hospitals) remain indifferent. In general, pa7ents and poli7cal par7es
support the idea as they agree with the advantages of the new infrastructure. Nevertheless, the EPD
ini7a7ve have found some opposi7on from prac77oners and ci7zens. According to a recent research
by the associa7on of GPs, only 4,2% of Dutch ci7zens agrees with the exchange of their electronic
pa7ent record through the na7onal switching point (ICTzorg, 2009) (WAKE-‐UP, 2009). Although this
research can not be regarded as scien7fic as is strongly biased, it reflects the cri7cal role of GPs as first
point of contact and informers.
4.3. Defini*ons
A number of concepts must first be defined to fully understand the EPD infrastructure. Theses
defini7ons can be categorized into general defini7ons and EPD related defini7ons. General defini7ons
are included in appendix L. The most relevant EPD related defini7ons are further elaborated in table
23.

Table 23: Basic EPD Architecture
Acronym Term Descrip*on

The Electronic Pa7ent Records (EPD) infrastructure aims to support the exchange of
accurate and 7mely medical informa7on among healthcare providers at na7onal
Electronisch Pa7enten level under two condi7ons: the pa7ent has approved the exchange of data and the
EPD
Dossier healthcare provider has been authorized (as it has a treatment rela7onship with the
pa7ent). The first two func7onali7es to be deployed are the electronic exchange of
medica7ons and medical observa7ons dossiers.
Na7onal basic infrastructure to facilitate the exchange of medical records. It includes
AORTA -‐
two registers (UZI & SBV-‐Z) and the na7onal switching point (LSP).
Ci7zen’s na7onal unique iden7fica7on number. Healthcare providers are obliged by
BSN Burgerservice-‐nummer law (from the 1st of June, 2009) to use this numbers in their administra7on as well
as when exchanging pa7ent related data.
Public en7ty responsible for assigning, maintaining and verifying ci7zen’s BSN
Sectorale Berichten numbers. The CIBG public body is responsible for this register. The register is
SBV-‐Z
Voorziening in de Zorg connected to the local ci7zen administra7on systems (Gemeentelijke
Basisadministra7e Persoonsgegevens, GBA)
Na7onal unique iden7fica7on number for healthcare provider. It can be found in two
Unieke Zorgverlener forms: electronic UZI card and UZI server cer7ficate. UZI cards are used to iden7fy
UZI
Iden7fica7e individuals and UZI server cer7ficates are used to iden7fy the servers connected to
the na7onal switching point LSP.
The na7onal switching point to facilitate the secure electronic exchange of actual
LSP Landelijke Schakelpunt pa7ent informa7on at na7onal level. The LSP is an indexing system containing
pointers on where to find actual informa7on from a specific pa7ent.
A good managed health informa7on system. A type of informa7on system that has
Goed Beheerd
GBZ obtained the GBZ cer7fica7on due to compliance with all applica7on,
Zorgsysteem
implementa7on and exploita7on requirements as defined by NICTIZ.
Zorginforma7e-‐ A healthcare informa7on system that has obtained the XIS sorware cer7fica7on as
XIS
systeem defined by NICTIZ.
Healthcare connec7vity provider that facilitates a secure connec7on between the
ZSP Zorgservice-‐providers
GBZ and the LSP.
Public body responsible for the AORTA basic infrastructure, including the
Na7onaal ICT Ins7tuut
NICTIZ management of the switching point (LSP) and the specifica7ons of requirements for
in de Zorg
healthcare providers.
There is few consistency in the use of general terms like EHR or ICEHR around the globe. Many
countries use their own acronyms which are oren very similar to the EHR defini7on. Some examples
of the different terms use are: Electronic Pa7ent Records (EPR) in England, Computerized Pa7ent
Record (CPR) in the USA, Electronic Health Care Record (EHCR), Electronic Client Record (ECR), Virtual
EHR, Personal Health Record (PHR), Digital Medical Record (DMR) and Computerized Medical Records
(CMR).
ECR is a delimita7on if the term EHR for non-‐medical health informa7on (e.g. social worker,
physiotherapist, etc.). A Virtual EHR can be defined as a real-‐7me assembled EHR. The DMR is defined
as “a web-‐based record maintained by a healthcare provider or health plan. The DMR can have the
func7onality of the EMR, EPR or EHR”. CDR is a term mostly used in Canada to define “an opera7onal
data store that holds and manages clinical data collected from service encounters at point of service
loca7ons (e.g. hospitals, clinics, etc.)”. CMR can be defined as “a computerized record created by
image scanning or op7cal character recogni7on (OCR) of a paper-‐based healthcare record”.

The bri7sh Na7onal Health Service (NHS) defines EPR as “an electronic record of periodic
healthcare of a single individual, provided mainly by one ins7tu7on” (ISO, 2005). This defini7on is
applied in different countries with slightly different interpreta7ons. In the USA, it is referred to as
Computerized Pa7ent Record (CPR). In Europe, the term Electronic Health Care Record (EHCR) is
widely used as a synonym for EHR. This term is also used in the CEN standard 13606 but is being
increasingly replaced in use by EHR.
4.4. Legisla*ve Context

There are two important Dutch laws seung the scope for the na7onal introduc7on of the EPD:
one law to regulate the use of ci7zen’s social security numbers in healthcare “Wet gebruik
burgerservicenummer in de zorg” and one law to determine the specific characteris7cs of the new
infrastructure “Wet op het EPD”. The first law came into force the 8th of April of 2008. The second law
was approved in 2009 (NICTIZ, 2009) and will soon come into force arer parliament approval.
Besides these two laws that were specifically created for the EPD project, a series of exis7ng
laws and regula7ons must also be taken into account as they highly influence some aspects of the
infrastructure (NICTIZ, 2009). Some examples are the laws “Wet Bescherming Persoonsgegevens” that
specifies how personal informa7on must be handle, the “Wet op Geneeskundige
behandelingsovereenkomst” that regulates clinical encounters, the “Wet op de beroepen in de
individuele gezondheidzorg” related to independent clinicians and the “Kwaliteitswet zorginstellingen”
to guarantee the quality of healthcare services delivered.
Although the use of BSN numbers have already been embedded in current laws and legisla7on
(see law Wbsn-‐z), the overall use of the EPD infrastructure is at the moment of wri7ng regulated by
bilateral agreements between NICTIZ and each healthcare provider. The Dutch government is planning
to introduce in the coming years new legisla7on that will govern the use of the EPD infrastructure
(Informa7epunt EPD, 2009). As the main goal of the EPD is to share informa7on that can reduce the
probability of medical errors resul7ng from incomplete or inaccurate pa7ent informa7on (es7mated
on 19.000 unnecessary hospitaliza7ons yearly) it is very important that all healthcare providers are
included in the system. For this reason, the Dutch government will enforce par7cipa7on of all
healthcare providers by law.
Only healthcare providers that have a treatment rela7onship with a pa7ent can retrieve his/
her data from the EPD infrastructure. This requirement is controlled by (1) checking if that provider
has previously enlisted informa7on on the LSP regarding that pa7ent or (2) by checking if the pa7ent is
registered at the provider’s administra7on and reques7ng confirma7on from the provider that there is
a treatment rela7onship and the customer has authorized the exchange of informa7on
(Informa7epunt EPD, 2009).

4.5. Standards
The AORTA infrastructure has been developed to encourage communica7on and informa7on
sharing in the Dutch healthcare sector. The infrastructure has been developed by NICTIZ to facilitate
the secure and reliable exchange of medical records between healthcare providers at na7onal level
(Stap et al., 2007). For the exchange of informa7on, a number of standards have been selected. The
message specifica7ons comply with the HL7 version 3 standard, services are specified in WSDL (Web
Service Descrip7on Language) and SOAP (Simple Object Access Protocol) and communica7on follows
the HTTPs and TCP/IP protocols. The concepts in process descrip7ons and informa7on models are
described according to the CEN EN 13606 standard (Stap et al., 2007). The standard HL7 version 3
specifies requirements regarding communica7on, informa7on, processes and methodologies.
Although there is interna7onal pressure to comply with the EU standard CEN 13606, the Dutch
government has chosen for this project the American standard HL7 version 3. At the moment of
wri7ng there are interna7onal ini7a7ves to merge these two standards but no results have been
achieved yet (Tange, 2008).
The European norm EN 13606 is a standard created by the European Commission of

Normaliza7on (CEN, Comité Européen de Normalisa7on) for the exchange of electronic medical
informa7on in a Electronic Health Records system (Stap et al., 2007). The standard is not compulsory
for member states but it is recommended to include it in na7onal legisla7on when developing EHR
infrastructures. The syntax, structure and seman7cs of EN 13606 have a lot in common with the HL7
version 3 standard developed by ANSI (American Na7onal Standard Ins7tute). The differences are
currently being harmonized by the Electronic Healthcare Records Group.
A clear dis7nc7on should be made between registering and exchanging medical informa7on
(Stap et al., 2007). Registering medical informa7on includes recording, modifying and elimina7ng
informa7on in Health Informa7on Systems (HIS). De CEN standard EN 13606 focuses on the
communica7on of medical records between informa7on systems. The standard’s goal is to create an
interface that translates informa7on from an sender’s informa7on system into a exchangeable format
(e.g. EN 13606 format) that can be translated again into the recipient’s informa7on system (Stap et al.,
2007).
Through the use of 13606 adapters the exchange of informa7on is made independent from the
structure, syntax and meaning of informa7on stored in individual provider’s systems. The 13606
interfaces are responsible for coding and decoding informa7on in the provider’s systems to an EN
13606 structure, syntax and meaning (Stap et al., 2007). De standard defines what informa7on is
exchanged and how does that informa7on looks like but it does not define the communica7on form to
be used. The use of the EN 13606 standard is depicted in the figure 17.

Figure 17: Usage of CEN 13606 Standard
The primary goal of this standard is to specify the structure, syntax and seman7cs of medical
data to be exchanged by healthcare service providers (Stap et al., 2007). Healthcare organiza7ons can
rely on standards to develop applica7ons that can seamlessly communicate with other providers. The
standard has five parts responsible for different aspects of the structure, syntax and seman7cs of
informa7on. This five parts and their corresponding coverage of these aspects are depicted in figure
18. Moreover, we briefly describe each of the five parts for clarifying purposes.
Figure 18: Components of CEN 13606 Standard
• Part 1, the reference model: this part of the standard specifies the generic model for exchange of
EHR data which is the basic structure for all the exchangeable medical informa7on. The structure is
created by hierarchically decomposing an EHR extract which is the whole medical record of a
pa7ent or a part of it. An EHR extract contains one or more folders containing one or more
composi7ons each. A composi7on contains one or more sec7ons and one or more nested
subsec7ons with entries. An entry contains one or more elements and/or a cluster of elements
(Stap et al., 2007).
• Part 2, archetypes interchange: the second part of the standard is concerned with the syntax,
structure and seman7cs of informa7on. It does not include medical informa7on but rather the

tools to define medical concepts and its rela7onships that can be understood and used by
different care providers. Once an archetype has been created it can be directly used by healthcare
providers. During the informa7on exchange instances of archetypes are communicated which
contains the data over a specific pa7ent (Stap et al., 2007).
• Part 3, reference archetypes and terminology: In this third part of the standard the seman7cs of
the aOributes from the first part are specified. It determines which values the aOributes can have
to facilitate its correct interpreta7on when they are exchanged. Moreover, it defines reference
archetypes to be used with openEHR and HL7 version 3. This defini7ons of archetypes are meant
to provide examples on how to use those archetypes with openEHR and HL7 (Stap et al., 2007).
• Part 4, security requirements and distribu*on rules: Security and reliability are two important
requirements for exchanging medical informa7on. This part of the standard focuses on describing
a security and access model for a EHR extrac7on, specifying what is needed when exchanging such
an extract (Stap et al., 2007). The standard includes role based access control, access rules, access
management, informa7on sensi7vity assessment and access policies.
• Part 5, interface specifica*ons: this last part of the standard specifies the interfaces to the
func7onality described in the other four parts of the standard. It includes defini7ons of three
interface domains: request EHR extract, request archetype and request audit log extract (Stap et
al., 2007).
4.6. Interoperability
According to the ISO-‐TR-‐20514 standard there are two specializa7ons (or types) of basic EHRs,
shareable EHRs and non-‐shareable EHRs. Moreover, there is one specific type of shareable EHRs, the
integrated ICEHR. In order to share informa7on in integrated ICEHR we need to consider two types of
interoperability: func7onal and seman7c interoperability. Func7onal interoperability is the capability
of two or more systems to exchange informa7on. Seman7c interoperability is the capability of
understanding the informa7on being shared according to the previously defined domain model (ISO,
2005). Seman7c interoperability is an essen7al requirement for automated informa7on processing
and it implies agreements between sender and receiver regarding standardizes EHR reference models,
service interface models, domain specific concept models and terminologies (ISO, 2005).
In order to provide effec7ve integrated care services the informa7on gathered must be 7mely
exchanged among care providers. The standardiza7on of domain concepts, terminologies and
archetypes is essen7al to facilitate interoperability (ISO, 2005). The fundamental characteris7c of an
ICEHR is a standardized logical informa7on model based on widely accepted standards (e.g. ISO, CEN
& HL7). A logical informa7on model determines the structure and rela7onship of informa7on and it is
plaxorm and technology independent.
Interoperability of heterogenous informa7on systems is crucial for the success of the EPD
ini7a7ve (NICTIZ, 2009). In order to achieve inter-‐organiza7onal system interoperability it is necessary
to define beforehand the standards to be used in processes (procedures and guidelines),
communica7on (messages, reports, overviews, security, etc.) and languages (structure, terminology
and coding). The basic infrastructure of the EPD project includes the following communica7on

standards: usage of BSN numbers to iden7fy pa7ents, usage of UZI card to iden7fy providers, technical
implementa7on of communica7on within the infrastructure and the requirements to become a
system provider (GBZ or Goed Beheer Zorgsysteem in Dutch).
In the Dutch healthcare sector some processes take place at regional level without requiring
connec7vity with other infrastructures outside that region. These regional infrastructures do not oren
comply with the security requirements and standards defined by the EPD project. However they need
to be integrated in the na7onal infrastructure in order to facilitate the exchange of informa7on across
regions (NICTIZ, 2009). In order to integrate this regional efforts in the na7onal infrastructure, a series
of collabora7ve ini7a7ves have been launched that include care providers, insurers, ICT organiza7ons
and local public bodies. Due to the reduced size of this regional collabora7ons implementa7ons are
accomplished faster and innova7ons emerge fluently (NICTIZ, 2009).
4.7. AORTA Basic Architecture & Interac*ons

In order to provide an overview of the EPD infrastructure, we have created an architecture
diagram of the AORTA basic infrastructure including all components involved and their basic
interac7ons (see figure 19). For clarifying purposes the architecture includes only two qualified GBZ
healthcare providers, each with his own ZSP provider. Moreover, the interac7ons depicted represent a
single healthcare encounter of one pa7ent and the process of retrieving pa7ent data at another
encounter with another healthcare provider.
AORTA is the na7onal basic infrastructure to support the exchange of informa7on in the Dutch
healthcare sector. The AORTA infrastructure includes the na7onal switching point (LSP), where
cer7fied healthcare providers (GBZ) can connect using their cer7fied infrastructure (ZSP) and their
cer7fied sorware (XIS). These main components of the AORTA infrastructure are further elaborated
on table 24 (Tange, 2008):
Table 24: AORTA Components
AORTA Component Elements

Two authoriza7on
Ci7zen’s social security numbers (BSN) and providers id (UZI)
systems
For healthcare providers (GBZ), connec7on service providers (ZSP) and sorware (XIS). It is not
possible to connect to the na7onal switching point without having these cer7fica7ons. The
Three cer7fica7on
cer7fica7ons include three type of requirements: func7onal (how to register and exchange
programs
informa7on), implementa7on (how to connect, security and technical performance) and
exploita7on (procedures to keep informa7on accurate, 7mely and secure).
The LSP (Landelijke Schakel Punt in Dutch) is financed and maintained by Nic7z. It connects the
different source systems at na7onal level being the central component of the na7onal
A na7onal switching infrastructure where cer7fied systems (GBZ) can connect to exchange data on a point-‐to-‐point
point basis. The func7ons of the LSP are to authen7cate and authorize providers and cer7fied systems
(GBZ), to subscribe pa7ent in its index and to route requests and replies of standardized data
sets. Moreover, it registers all data accessed and by whom.
A library of messages Based on version 3 of the HL7 medical communica7ons standard

In figure 19 the EPD workflows between all actors are depicted (Informa7epunt EPD, 2009).
Figure 19: Basic EPD Architecture
The different exchanges of informa7on depicted in figure 19 are:
(C) At a healthcare encounter, the healthcare provider register the pa7ent data in his own
administra7on and informa7on system.
(D) The healthcare provider enlists the data on the na7onal switching point (LSP). Enlis7ng means
in this context communica7ng the fact that the specific organiza7on (iden7fied by UZI
number) has data related to that specific pa7ent (iden7fied by BSN number). The “real”
pa7ent data (e.g. medical condi7ons, medicines prescribed, etc.) remains at all 7mes at the
organiza7on’s informa7on system.
(E) Other healthcare providers can access the pa7ent’s data if they have a care rela7onship with
the pa7ent. For this purpose, they request first from the LSP a list of which providers have
informa7on regarding an specific pa7ent.
(F) Arer the pa7ent has been informed and he/she has authorized the exchange of informa7on,
the provider can retrieve the pa7ent data from the other provider(s).
From the architecture diagram we can iden7fy three main steps that every healthcare provider
must complete before being connected to the EPD infrastructure: deploy the use of BSN numbers,
obtain the GBZ cer7fica7on and implement the connec7on to the LSP (by using an external cer7fied
ZSP provider or by obtaining the ZSP cer7fica7on).

4.8. Security and Privacy Considera*ons
Security, reliability and privacy are important challenges when implemen7ng inter-‐
organiza7onal infrastructures, specially in the healthcare sector. To deal with these challenges, the
Dutch government has developed a model of trust that covers laws, regula7ons, informa7on security
and control that determines who and in which circumstances can share informa7on (NICTIZ, 2009).
The technology applied must ensure that informa7on is securely stored and transmiOed. An
appropriate access control policy must guarantee that informa7on is accessed only by authorized
users (ISO, 2005).
The EPD infrastructure contains a series of controls to detect unauthorized access. These
security checks are distributed across the infrastructure and focus on each of the possible weak
points. The overall security system is called GKI (Grootschalige Ketenbrede Indringerstest) and it
includes three security policies: PvE GBZ, PvE ZSP and PvE LSP. These policies and controls are depicted
in figure 20.
Figure 20: Security Policies and Controls in the EPD Infrastructure
Control Control
SBV-Z UZI
BSN UZI
Register Register
Control Control Control

GBZ XIS LSP
GBZ Control
ZSP
HOSTING
ZSP LSP
XIS
PvE GBZ PvE ZSP PvE LSP
Security Policies EPD
As shown in figure 20, security controls have been placed at every individual component of the
EPD chain: the healthcare organiza7on (GBZ) aiming to connect to the switching point (LSP), the
sorware applica7on facilita7ng the connec7on (XIS), the cer7fied service provider that facilitates the

data communica7on (ZSP), the switching point (LSP) and both external registers (SBV-‐Z & UZI) that
facilitate the iden7fica7on of ci7zens and healthcare providers respec7vely. For the main three blocks
(GBZ, ZSP & LSP) specific security policies have been developed. The controls and policies main goal is
to detect unauthorized access to any of the components which therefore could compromise the en7re
EPD chain.
Pa7ent iden7fica7on in the Dutch healthcare sector is registered using Ci7zen Service Number
(Burger Service Nummer, BSN). Although this number is used for several purposes (e.g. taxes, work
permits, etc.) it was not authorized to be used in healthcare. For this reason, current legisla7on had to
be modified, a process that took three years to be completed (Deutsch & Turisco, 2009). In order to
protect pa7ent’s privacy, to ensure that data is kept up-‐to-‐date and to improve the overall security of
the new system, pa7ent data is not stored in a central system but instead real-‐7me gathered and
assembled by prac77oners when needed (NICTIZ, 2009) (Informa7epunt EPD, 2009) (Prou & Smit,
2006).
Only healthcare providers that have a treatment rela7onship with a pa7ent can retrieve his/
her data from the EPD infrastructure (Informa7epunt EPD, 2009). To protect pa7ent’s privacy, pa7ents
have the right to be informed and must be able to block his dossier (fully or par7ally) from exchange
with healthcare providers (all or some) (Deutsch & Turisco, 2009). When pa7ent data is enlisted for
the first 7me on the LSP, the pa7ent must be informed on the consequences and he/she must
authorize the exchange. The blocking (and unblocking) right can be applied by the ci7zen at any 7me.
Due to current privacy legisla7on in The Netherlands, before enlis7ng any pa7ent dossier in the LSP
for the first 7me, the organiza7on must inform the corresponding public body: the College
Bescherming Persoonsgegevens (CBP).
The na7onal switching point can be compared with a traffic control tower which contains a
reference index to locate where informa7on about a specific pa7ent can be found and wether it can
be retrieved. It uses ci7zen’s social security number (BSN numbers) to iden7fy the subject at hand,
and it uses UZI numbers to iden7fy the provider reques7ng the informa7on and wether he is
authorized to retrieve that specific informa7on (Prou & Smit, 2006). Moreover, the Dutch
government provides full audit results to pa7ents regarding access and modifica7ons of their records,
including logs on who accessed the data and what type of informa7on was viewed by each person.
Moreover, pa7ents can determine if they want to opt in, opt out or opt in with restric7ons (Deutsch &
Turisco, 2009).
An important mistake made by the Dutch government in the development of their EHR was
not to achieve 7mely consensus from pa7ents (Deutsch & Turisco, 2009). The government tried to
obtain pa7ent’s general agreement once the system was built and ready to be rolled out by sending
pa7ents a leOer of permission. This resulted in pa7ents being surprised and returning 300.000
incomplete or inaccurate leOers which lead to significant delays in rolling out the new EHR.

4.9. GBZ: Good Managed Health Informa*on Systems
The Netherlands has established a cer7fica7on program for EHRs and connec7on service
providers. The cer7fica7on is based on three types of requirements: func7onal, implementa7on and
u7liza7on requirements (Deutsch & Turisco, 2009). Func7onal requirements specify how to store and
exchange informa7on, implementa7on requirements are concerned with security and connec7vity
issues, and u7liza7on requirements focus on processes and measures to maintain informa7on in the
EHR as accurate, 7mely and secure as possible.
A. Defini*on of a GBZ organiza*on

GBZ is the Dutch acronym for “Goed Beheer Zorgsysteem” which can be translated to English
as “Good Managed Health System”. Dutch healthcare organiza7ons are responsible for mee7ng all
GBZ requirements in order to obtain this cer7fica7on that allows them to connect to the na7onal
switching point (LSP) of the EPD infrastructure (NICTIZ, 2006) (NICTIZ, 2005).
A GBZ is a health informa7on system (or a collec7on of systems) which can be used to
exchange pa7ent informa7on with other healthcare providers through the na7onal infrastructure
AORTA (Informa7epunt EPD, 2009). Providers connect to other providers through the na7onal
switching point (LSP). To connect to the switching point providers need to use a secure data
communica7on network provided by a ZSP qualified provider. The switching point is a reference index
system that contains informa7on about what type of pa7ent informa7on is stored on each healthcare
provider’s system. For authen7ca7on purposes, providers need to use their UZI cards and server
cer7ficates when connec7ng to the LSP. Moreover, the LSP stores extended logging on what
informa7on is accessed by each provider.
According to the PvE GBZ documenta7on, a GBZ is a XIS applica7on or a collec7on of XIS
applica7ons, including the related pa7ent dossiers, that are available to a healthcare provider,
facilita7ng the exchange of pa7ent data through a health informa7on management system (ZIM),
communica7ng with ZIM through a network address, and is authen7cated by one UZI server
cer7ficate which has been assigned to the responsible organiza7on (Tesink, 2009). This includes the
measures to guarantee that data is only accessed by authorized individuals, and the manuals and
procedures for the users and administrators of those facili7es. In other words, a GBZ includes the ICT
capabili7es used by a healthcare provider where one or more XIS cer7fied applica7ons are connected
to the na7onal switching point.
The main goal of the GBZ cer7fica7on is to ensure that pa7ent data exchanged through the
na7onal switching point fully complies with the requirements of integrity and confiden7ality (Tesink,
2009). The importance of delimi7ng the scope of a GBZ organiza7on is explicitly elaborated in na7onal
policies (IE BVL e04) (Tesink, 2009).

A GBZ organiza7on must be able to iden7fy always:
• The fron7ers of the GBZ system within the organiza7onal ICT infrastructure.
• When and how pa7ent data cross that fron7er.
• Data Confiden7ality: How is ensured that pa7ent data is not accesses by unauthorized individuals
or organiza7ons.
• Data Integrity: How is ensured that pa7ent data is not received from unauthorized individuals or
organiza7ons.
• How is ensured that unauthorized individuals are blocked from physical access to parts of or the
whole GBZ system.
The fron7er of a GBZ organiza7on is delimited by the sorware and system used to connect, the
use cases where pa7ent data leaves the organiza7on and the security measures taken to prevent
unauthorized access and unauthorized delivery. Moreover, the hardware used must have enough
capacity to handle all requests within the required response 7mes. Moreover there must be enough
disk space to store all logs. Once data has been received from another qualified healthcare provider,
the GBZ must strictly facilitate the following four ac7ons (AE OPV e11) (Tesink, 2009): storing data as
addi7on to the pa7ent dossier temporarily (for a maximum of 48 hours) where it can be modified it or
deleted it.
B. Examples of GBZ systems

For clarifying purposes four examples of GBZ systems are illustrated in this sec7on. They
include a PC based system (e.g. used by a GP) in figure 21, a client/server system (e.g. used by a
Pharmacy) in figure 22, a mul7ple client/server system with a communica7on server (e.g. used by a
hospital) in figure 23 and a Applica7on Service Provider (HAP) model in figure 24.
Figure 21: Example of PC Based GBZ Figure 22: Example of Client/Server GBZ

Figure 23: Example of Mul*ple Client/Server GBZ Figure 24: Example of Applica*on Service Provider GBZ
C. GBZ Cer*fica*on Requirements

To facilitate the evalua7on of GBZ requirements, NICTIZ has developed a checklist that can be
used by healthcare organiza7ons to evaluate the readiness to obtain the GBZ cer7ficate. Only
organiza7ons that can answer posi7vely all ques7ons should apply for the cer7fica7on as they are
certain to meet all requirements. The checklist is included in appendix I. In the context of this research
(cloud compu7ng in Dutch healthcare), availability requirements are the most important boOleneck
and therefore they should be carefully evaluated. A GBZ must comply with the following availability
requirements (NICTIZ, 2005):
• A A GmBZ must be able to handle messages 24 hours per day and 7 days per week.
• A maximum of 1 small outage per month and it must be solved within 15 minutes.
• The aximum of 2 large outages per year and they must be solved within 1 day.
• In the overall yearly availability must be minimal 99,4%.
• 15 minutes case of new pa7ent data, a GBZ must register it at the na7onal switching point (LSP) within
in the case of new data, and within 1 day in the case of updates or data that has been
already registered at least once.
• The response 7mes of communica7ons between a GBZ system and a health informa7on broker
(ZIM) regarding informa7on requests and responses are the following:
➡ Request message of data overview: 0,5 seconds.
➡ Response message with data overview: 0,5 seconds.
➡ Request message of pa7ent data: 0,5 seconds.
➡ Response message with pa7ent data gathered: on average 2 seconds.
➡ Response message with pa7ent data to the requester: 0,5 seconds.

For clarifying purposes, the response 7mes applicable to GBZ organiza7ons are depicted in
figure 25 and 26.
Figure 25: Request / Responses Times for Data Overviews
Request / Response times for Data Overview
(a) 0,5 seconds
REQUEST
GBZ ZIM
RESPONSE
(b) 0,5 seconds 1 second
Figure 26: Request / Responses Times for Retrieving Pa*ent Data
Request / Response times for Patient Data
(c) 0,5 seconds 0,5 seconds
REQUEST REQUEST
GBZ
GBZ ZIM
GBZ
RESPONSE RESPONSE
(e) 0,5 seconds 1 second (d) 2 seconds
There are three main layers of GBZ requirements: applica7on and data layer, server layer and
communica7on layer. Moreover, the standard NEN7510 is used to guarantee appropriate informa7on
security (NICTIZ, 2005). The requirements per layer are depicted in the following table 25:

Table 25: NEN7510 Requirements
Layer Requirements
•Use of UZI cards to access health data in the na7onal infrastructure
•Logging of data retrieved and delivered from/to other organiza7ons including role based access logs.
Applica*on
•Daily backup procedures and data restore procedures.
& Data
•Storage of pa7ent data based on BSN numbers (ci7zen’s social security numbers).
•Data must be sing-‐in at the LSP before use in the na7onal index system (Verwijsindex VWI).
•Every GBZ must be registered at the na7onal UZI register and obtain an UZI issued server cer7ficate.
•To connect to the LSP every GBZ must iden7fy itself with their UZI server cer7ficate.
•The authen7ca7on of GBZ takes place through SSL version 3.0 or TLS version 1.0 standards.
•Storing the private key of the cer7ficate on the server must include encryp7on mechanisms.
Server
•Each GBZ can exclusively communicate through their ZSPs to the LSP.
•Access to the opera7ng system or to the GBZ must be protected with login and password combina7on.
•The system administrator must ensure that the opera7ng system of a GBZ is securely deployed and updated.
•File and mail servers must be protected by an7 virus sorware.
•Incoming and outgoing requests must be accurately handle.

•No request must be lost even if the receiver is not available at a certain moment.
Communi-‐ •The following standards must be followed: HL7 version 3, SOAP 1.1 / WSDL 1.1 and HTTP(S) / TCP/IP
ca*on •Communica7ons must be protected by firewalls.
•If VPN connec7ons are used all other Internet traffic must be blocked.
•Communica7ons must be encrypted by using SSL version 3 / TLS version 1.0 and a session key of 128 bits.
D. GBZ Cer*fica*on Process

In order to obtain the GBZ cer7fica7on, providers need to comply with a series of
requirements specified by NICTIZ on their document “Programa van Eisen voor een goed beheer
zorgsysteem (GBZ)” (Informa7epunt EPD, 2009). There are five main process steps to obtain the GBZ
cer7fica7on: adap7ng the local ICT infrastructure, adap7ng the organiza7on, registra7on, BSN
numbers implementa7on and GBZ cer7fica7on (Informa7epunt EPD, 2009). The steps and some
descrip7on of the deliverables from NEN7510 are shown in table 26. An overview of all GBZ
requirements is included in appendix N.
Table 26: NEN7510 Requirements
Step Descrip*on
One of the main requirements to be able to connect to the na7onal switching point (LSP) is to embed
the use of BSN numbers in internal ICT systems and administra7on. This includes the technical
implementa7on in the internal ICT infrastructure as well as the connec7on to the register (SBV-‐Z).
Adap*ng the
Another important requirement is that the connec7on between the qualified healthcare provider (GBZ)
(internal) ICT
and the na7onal switching point (LSP) must be carried out through a data communica7on network
infrastructure
provided by a qualified provider (ZSP). Moreover, the applica7on connec7ng to the LSP must have
obtained the XIS cer7fica7on. In order to comply with these requirements healthcare providers might
need to adapt their current ICT infrastructure.

Besides the technical adapta7on, healthcare providers need to adapt also their organiza7onal processes,
including training employees and modifying exis7ng work instruc7ons, manuals and process
descrip7ons. The organiza7on must ensure that there are work instruc7ons and user manuals available
related to: the use of the (new) XIS sorware, the use of BSN numbers, the process of enlis7ng pa7ent
Adap*ng the
dossiers, the process of consul7ng pa7ent dossiers, the use of UZI cards and the process of informing
organiza*on
pa7ents about the EPD infrastructure and their rights. The organiza7on needs to train employees to
work with this process modifica7ons in order to ensure accurate process performance. Moreover, the
organiza7on must deploy processes that enable availability, maintenance, management and security of
the (new) ICT infrastructure.
Once the internal ICT infrastructure and processes have been adapted, the organiza7on is ready to
Registra*on and submit their enrollment request to the EPD. This includes registering the organiza7on as qualified
Enrollment healthcare provider, reques7ng the UZI tools (card, reader and server cer7ficate) and submiung the
request for connec7on to the EPD infrastructure
From the 1st of June 2009 every healthcare provider in The Netherlands is obliged by law to use ci7zen’s
BSN numbers in their administra7on and informa7on systems. This is also a requirements to be met
before connec7ng to the EPD infrastructure. In order to embed BSN numbers, organiza7ons need to use
Embedding the the UZI tools (card, reader and server cer7ficate) for authen7ca7on purposes. The use of these tools
use of BSN have already been documented in the related work instruc7ons and process descrip7on (see Adap7ng
numbers the organiza7on above). Moreover, the organiza7on’s ICT systems have already been adapted to include
BSN numbers (see Adap7ng the ICT infrastructure above) to facilitate: the request of a pa7ent’s BSN
number from the registry (SBV-‐Z), the storage of that BSN number in the internal administra7on, and to
be able to exchange pa7ent informa7on based on a BSN number.
The last step before connec7ng to the EPD infrastructure is to obtain the GBZ cer7fica7on. The GBZ
GBZ
cer7fica7on includes requirements that can be grouped into: applica7on requirements, implementa7on
cer*fica*on
requirements and management requirements.
4.10. ZSP: Healthcare Communica*on Service Providers

A cer7fied ZSP organiza7on enables the secure connec7on of a GBZ to the na7onal switching
point (LSP). NICTIZ has specified the requirements for ZSP cer7fica7on in their document “Programa
van Eisen voor een Zorgserviceprovider (ZSP)” (NICTIZ, 2009). NICTIZ defines a ZSP as a legal en7ty
that provides services to healthcare provider by connec7ng a GBZ to the LSP through a data
communica7on network (DCN). Besides the data communica7on network a ZSP also includes the
devices needed to realize the connec7on to the LSP.
Moreover, the ZSP must provide a series of services to GBZs and the LSP including a service
desk to communicate malfunc7ons and planned maintenance, and to support the con7nuity of the
services provided (NICTIZ, 2009). The main responsibili7es of the ZSP is to manage the connec7on of
the GBZ to the LSP using a preven7ve, correc7ve and adap7ve approach. The requirements can be
grouped into func7onal, implementa7on and exploita7on requirements. A complete overview of all
requirements is included in appendix M. Those requirements defined as op7onal or no longer
applicable in the current document version have been excluded from the overview.
4.11. XIS: Cer*fies Health Informa*on Systems

The XIS cer7fica7on is a essen7al element of the GBZ cer7fica7on. Healthcare organiza7ons
are free to choose the sorware provider that best meet their needs. The only requirement is that the
sorware used has obtained a XIS cer7fica7on. Every provider that facilitates sorware connec7vity to

the na7onal infrastructure must obtain the XIS cer7fica7on for its sorware. To obtain the cer7fica7on,
NICTIZ runs a series of test scripts to evaluate the sorware connec7on to the na7onal switching point
(LSP). If all scripts are completed successfully, NICTIZ issues the XIS cer7fica7on to the sorware
producer (NICTIZ, 2006). The XIS specifica7on describes the requirements for messaging and security.
The cer7fica7on is obtained once by the sorware producer for a specific sorware product. The same
sorware can further be installed in various healthcare organiza7ons without the need to obtain the
XIS cer7fica7on for each deployment.
4.12. Current Status of the EPD project

The introduc7on of Electronic Pa7ent Records in The Netherlands (the so called EPD project)
was launched by the Ministry of Health (Ministerie van Volksgezondheid, Welzijn en Sports) in
collabora7on with the Na7onal ICT Ins7tute in Healthcare (NICTIZ) and the CIBG, a public organiza7on
responsible for a number of public registers (e.g. UZI & SBV-‐Z registers) (Informa7epunt EPD, 2009).
The project is carried out following an incremental approach where first two selected
func7onali7es are deployed. For this reason, the Ministry has chosen the medica7on and observa7on
dossiers to be the first ones deployed (Informa7epunt EPD, 2009).
By 2008, significant progress has been made on the EPD introduc7on (NICTIZ, 2009). The
na7onal infrastructure and standards suppor7ng the first two selected func7onali7es (EMD and WDH)
have been completed. Pilot projects in selected regions have been successfully realized, while a large
number of healthcare organiza7ons and ICT providers have successfully completed the accredita7on
process to be connected to the basic infrastructure (LSP, Landelijke Schakel Punt in Dutch). Following
these two func7onali7es, the project will con7nue by adding informa7on related to emergency care,
lab informa7on and diabetes treatments.
The law for the use of ci7zen’s social security numbers (BSN numbers) in healthcare came into
force the 1st of June 2009. From that moment all healthcare providers, ins7tu7ons and insurers in The
Netherlands must work according to this law (Klink & Bussemaker, 2008). According to TNS research
around two thirds of all healthcare organiza7ons have taken measures to use BSN numbers by June
2009. The rest expects to be ready to use BSN numbers by the end of the year 2009 (MVWS, 2009).
There are two main applica7ons that providers need to use when working with BSN numbers.
One to iden7fy and/or control the BSN number of a pa7ent (SBV-‐Z) and a second one to check if the
pa7ent is insured (Vecozo). These two applica7ons have experienced a significant increase in demand,
resul7ng in some technical malfunc7ons. The health ministry will work in the coming months to
improve the robustness of these two applica7ons improving the availability of the SBV-‐Z and UZI
registers which do not comply yet with the requirement of 24x7 up7me (Klink & Bussemaker, 2008)
(MVWS, 2009). By June 2009, around 45% of healthcare ICT providers have obtained the cer7fica7on
for the use of BSN numbers (BSN Zorg Keurmerk) (Klink, 2009) (MVWS, 2009).

As providers need to iden7fy themselves to connect to the EPD infrastructure, there have been
a large number of requests for provider’s iden7fica7on cards (UZI cards) resul7ng in processing delays
(Klink & Bussemaker, 2008). This boOleneck has already been iden7fied in the early stages of the EPD
implementa7on. Although the delay has been par7ally reduced it does not yet fully comply with the
agreed terms (MVWS, 2009). UZI cards and server cer7ficates are now distributed within the agreed
7mes, but the preceding process of evalua7ng subscrip7ons for healthcare providers suffers a delay of
10 days above the previously agreed 14 days.
The total number of healthcare providers to be connected to na7onal switching point (LSP) is
6.368 composed of 4.321 GP offices, 127 GP posts, 1.825 pharmacies and 95 hospitals. Un7l the
second quarter of 2009, around 100 providers have been connected (MVWS, 2009). The ministry
expects to connect an addi7onal 900 providers by the end of 2009, including 450 GP offices, 50 GP
posts, 400 pharmacies and 15 hospitals. During the first half of 2010, the ministry expects to connect
another 2.500 providers. By the second quarter of 2009, the na7onal EPD infrastructure provides
informa7on of around 360.000 pa7ents. The data has been successfully exchanged around 400.000
7mes un7l June 2009 (MVWS, 2009).
Every ci7zen has the right to refuse that his or her pa7ent data is exchanged through the
switching point (LSP). Un7l June 2009, more than 350.000 ci7zens are excluded at their own request
(Klink, 2009).
The financial costs of the EPD project have been recently reported by the Ministry of health
(Klink, 2009). By January 2009, around 90 million euros have been expended in development and
deployment of the EPD infrastructure. This amount can be further subdivided into 67 million for the
development of the na7onal infrastructure (LSP, UZI registry and BSN control system),11 million euros
to support deployment, pilots and evalua7ons, 3,6 million euros for communica7on and 7,9 million
euros for subsidies to providers. The Ministry is also planning to research the Total Cost if Ownership
(TCO) of ICT in the healthcare sector. The conclusions of this research will be presented by the end of
2009 (Klink, 2009).
An extension of the EPD project currently being planned by the Ministry of Health is pa7ent
access to his or her data being shared through the na7onal infrastructure (Klink, 2009). The goal is to
provide ci7zens not only with access to view their data but also to be able to digitally refuse the
disclosure of his or her personal data. Moreover, as the first two func7onali7es have been deployed
with success, the next steps in the EPD agenda will be ini7ated in the near future.

4.13. Sec*on Summary
According to the Dutch government, ICT is an important enabler to cope with current and
future challenges in healthcare (e.g. age distribu7on, pervasive and care intensive illnesses, etc.) as
well as to improve the sustainability (e.g. cost efficiency) of the current system. On one hand
healthcare organiza7ons can leverage ICT solu7ons to support medical research and prac7ces, while
on the other hand they can be applied to improve the cost efficiency of the system. The growing
governmental interest on leveraging ICT for healthcare is reflected for example on the introduc7on of
electronic pa7ent records (the EPD project) which aims to improve the quality, accessibility and
affordability of care services. However, the Dutch government has limited enforcing power on how
healthcare organiza7ons operate as the Dutch health system is predominantly private.
In order to s7mulate the use of ICT in Dutch healthcare the government created the NICTIZ
organiza7on which is responsible for the realiza7on of the EPD infrastructure in collabora7on with
pa7ent’s associa7ons, healthcare providers, insurers, ICT providers and public ins7tu7ons. The main
goal of NICTIZ is to develop and maintain the basic infrastructure (AORTA) that supports the na7onal
exchange of electronic pa7ent records, including the related standards and cer7fica7on programs.
The EPD project was primarily launched to improve the quality of care by enabling 7mely,
accurate and secure informa7on exchange among healthcare providers. It is important to note that
electronic pa7ent records are a delimited type of electronic health records that include informa7on to
support a specific treatment or care process rather than providing a holis7c view of a pa7ent’s health
status. For this reason, the informa7on exchanged through the EPD infrastructure is limited to the
relevant parts needed at a certain moment in 7me by a healthcare provider.
Family doctors (General Prac77oners or GPs) are one of the most important actors in the
Dutch healthcare system. They are the first point of contact for pa7ents (except in case of
emergencies) and they have the decision power to refer pa7ents (or not) to other specialists. The
9.000 family doctors in The Netherlands currently solve around 95% of all primary care condi7ons.
There is a clear need for electronic collabora7on between GPs and other medical actors as the great
majority of them work alone or share their office with one or two other clinicians. When analyzing the
use of ICT in GP offices, we observe high levels of computeriza7on when genera7ng prescrip7ons,
using electronic medical records, accessing test results or maintaining their own administra7on in
computer based informa7on systems. However, we find lower levels of automa7za7on when
accessing a pa7ent’s medica7on history.
Although collabora7on between clinicians is becoming more important due to the increasing
number of sicknesses that require mul7-‐disciplinary approaches, only half of the GPs can share
records electronically with prac77oners outside their workplace. Very few GPs receive electronic
alerts to provide pa7ents with test results, access a pa7ent’s hospital record, order tests electronically
or provide pa7ents with access to their test results electronically. The need for electronic collabora7on

is also reflected on the fact that almost half of the popula7on have experienced medical problems due
to the lack of coordina7on among prac77oners. Around one out of ten GPs have repeated tests
because the results were not available. Collabora7on is therefore cri7cal to improve the quality of care
and achieve cost efficiencies.
In order to foster collabora7on between healthcare actors, the Dutch government has
launched the EPD ini7a7ve in 2008. The main goal of this ini7a7ve is to improve the quality of care
services by sharing medical informa7on in a fast and reliable manner. By 7mely sharing accurate
pa7ent informa7on clinicians can prevent communica7on errors that can have fatal consequences for
a pa7ent’s health.
The EPD ini7a7ve includes several sub-‐projects that are being implemented following a top-‐
down incremental approach from 2008 to 2013. The first two func7onali7es to be implemented are
electronic pa7ent drug prescrip7on records (EMD, Electronisch Medica7edossier) and GPs observa7on
records from service encounters at point of service loca7ons (WDH, Waarneemdossier Huisartsen).
The EPD project is managed by two governance bodies, the plaxorm for ICT and innova7on for
defining the EPD agenda and the steering commiOee ICT & innova7on responsible for decision making
and the direct management of implementa7on projects.
The EPD infrastructure consists of a basic “empty” infrastructure (AORTA) containing index and
reference systems (LSP) that connects all individual sources were pa7ent informa7on is registered and
stored. It is important to note that pa7ent informa7on is not stored on a central repository but it
remains at its origin (e.g. hospital, GP office, etc.) and it is gathered on demand. With this
construc7on, data can be kept always updated minimizing the delay between informa7on genera7on
and its availability to other prac77oners.
The actors related to the EPD project are very diverse and with different perspec7ves on the
project. The ministry of health and pa7ent organiza7ons are among the actors that are highly
suppor7ve of the ini7a7ve and have strong influence on its adop7on. GP organiza7ons on the other
hand are not very suppor7ve. This can become a significant barrier for adop7on as they also have a lot
of influence on the use of the envisioned system.
There are several laws related to the EPD regula7ng the use of ci7zen’s numbers in healthcare
(Wet gebruik burgerservicenummer in de zorg), the characteris7cs of the infrastructure (Wet op het
EPD), the use of personal informa7on (Wet Bescherming Persoonsgegevens) and the treatment of
pa7ents (Wet op Geneeskundige behandelingsovereenkomst) among others. It is important to note
that par7cipa7on of healthcare organiza7ons is currently non-‐compulsory and contractually regulated
by bilateral agreements between NICTIZ and each individual provider. The government plans to
enforce par7cipa7on by law in the coming years as for the success of the system all providers need to
be connected to the infrastructure. Exis7ng regional switching points will be integrated on the na7onal
switching point (LSP).

The standards used on the EPD infrastructure are HL7 version 3 for message specifica7ons,
WSDL and SOAP for web-‐service descrip7ons and access, HTTPs and TCP/IP for communica7ons and
the CEN 13606 for concepts in process descrip7ons and informa7on models. NICTIZ has chosen these
standards to facilitate the exchange of informa7on independently from the structure, syntax and
seman7cs used at individual provider’s systems.
In order to guarantee interoperability between provider’s systems, the EPD ini7a7ve has
established three cer7fica7ons that healthcare providers must obtain before connec7ng to the
na7onal infrastructure. These programs are the Good Managed Healthcare Organiza7on (GBZ)
cer7fica7on, the Healthcare Service Provider cer7fica7on (ZSP) and the Cer7fied Health Informa7on
System cer7fica7on (XIS). The XIS cer7fica7on is meant to ensure that sorware connec7ng to the
na7onal infrastructure complies with the requirements established by NICTIZ. The ZSP cer7fica7on is
designed to enabled the secure connec7on of a GBZ cer7fied healthcare provider (an his XIS cer7fied
sorware) to the na7onal switching point (LSP). The GBZ cer7fica7on aims to ensure that exchanged
pa7ent data complies with the requirements of integrity and confiden7ality. GBZ requirements are
divided into three layers: applica7on, communica7on and server. The requirements focus mainly in
guaranteeing the accuracy, availability and security of informa7on exchanges.
AORTA is the basic infrastructure suppor7ng the exchange of informa7on. It includes two
registers (BSN and UZI registers) for actor iden7fica7on purposes and one switching point (LSP) where
providers can connect if they have obtained the required cer7fica7on (XIS, GBZ and ZSP). For each
type of cer7fica7on specific requirements are described in three areas: func7onality (how to store and
exchange informa7on), implementa7on (security and connec7vity issues) and exploita7on (processes
and measures to keep informa7on as accurate, 7mely and secure as possible). These requirements are
mandatory to obtain and maintain the cer7fica7on.
Security, reliability and privacy are crucial elements of every inter-‐organiza7onal infrastructure.
This is specially relevant in the healthcare sector due to its high impact of ci7zen’s lives. For this
reason, NICTIZ has placed controls at each component of the infrastructure and has developed three
security policies for GBZs, ZSPs and the LSP. Access to pa7ent’s informa7on is limited to providers that
have a treatment rela7on with that pa7ent, based on previous encounters and/or arer explicit
authoriza7on from that pa7ent. Moreover, pa7ents can at any moment in 7me block access to some
or all his/her data and/or limit or block the access of certain providers to that data. To facilitate
forensic analysis, pa7ents can obtain an audit report containing informa7on on who has accessed
their data, what data has been accessed or modified and when.
Arer successfully having completed the first two pilots, the two ini7al func7onali7es are being
rolled out to all providers. Un7l June 2009, more than 350.000 ci7zens have been excluded from the
infrastructure at their own request. At that 7me, the EPD contained informa7on about more than
360.000 pa7ents serving 400.000 exchanges of informa7on.

5.1. What are the current trends, challenges and opportuni*es in the Dutch
Healthcare sector?
The healthcare sector has not only a high impact on ci7zen’s lives but also on their na7onal
economies. One of the main differences between the healthcare sector and other sectors is that
ci7zens are both consuming and funding care services (through taxes and/or insurance bills). Although
the healthcare sector in The Netherlands is one of the most priva7zed systems in the EU its
sustainability is challenged by the increasing demand of care services as well as by the decreasing
ci7zen’s tolerance for medical errors. Healthcare is the number one non-‐economic issue for Dutch
ci7zens. Although in general ci7zens are sa7sfied with the quality of care services obtained, there is a
significant gap between the quality of services and their accessibility and availability specially for
specialist’s care.
The demand of services increases among other developments due to demographic changes
(e.g. longer life expectancies and lower birth rates), pervasive and difficult to treat sicknesses (e.g.
cancer), the rapid spread of illnesses (e.g. H1N1) and new unhealthy lifestyles (e.g. higher average
weight and increasing alcohol consump7on). In order to deal with these issues, healthcare
organiza7ons need to con7nuously find new methods for delivering qualita7ve services to more
ci7zens with the same amount of resources by predic7ng, preven7ng and trea7ng illnesses more
efficiently and effec7vely. Mostly as a result of the growing demand of services, yearly healthcare
costs are also increasing significantly, in some cases even faster the na7onal GDP. Collabora7on
between medical prac77oners is a increasingly important requirement not only to guarantee the
sustainability of current healthcare systems but also to 7mely react to global threats while improving
the con7nuity of care services delivered to ci7zens.
In order to cope with current and future challenges the Dutch healthcare sector needs to
con7nuously improve the quality and opera7onal efficiency of care services. For this purpose, the
Dutch Ministry of Health has ini7ated a reform of the healthcare system in 2006 with the introduc7on
of a compulsory private insurance for each ci7zen. As a part of this transforma7on, the Dutch
government has started in 2008 with the introduc7on of an na7onal electronic pa7ent record system
(EPD) in order to improve the quality and accessibility of healthcare on a cost efficient manner.

5.2. What is the current role of ICT in the Dutch Healthcare sector?
There is a significant poten7al for improvement in leveraging ICT solu7ons in healthcare.
Although the healthcare sector is one of the most informa7on intensive ones, the use of technological
innova7ons is below other less informa7on intensive industries. Nevertheless, there is a large number
of documented benefits linked to the adop7on of certain ICT solu7ons like for example improved
quality, cost efficiencies, larger process throughputs, the reduc7on of medical errors, beOer informed
ci7zens and providers, streamlined processes, improved safety and 7mely care delivery. The proper
use of technology can help to foster healthy ci7zen’s behavior and to protect them from large scale
threats while increasing the availability of services and mee7ng growing demand on an effec7ve and
efficient manner.
Dutch healthcare system currently solving around 95% of all primary care condi7ons. There is a clear
need for electronic collabora7on between GPs and other medical actors as the great majority of them
work alone or share their office with one or two other clinicians. When analyzing the use of ICT in GP
offices, we observe for example low levels of automa7za7on when accessing a pa7ent’s medica7on
history while only 50% of all GPs can share informa7on electronically with prac77oners outside their
workplace. Moreover, very few GPs can access a pa7ent’s hospital record, order tests electronically or
provide pa7ents with electronic access to their test results.
From a Dutch ci7zen perspec7ve there is also a clear need for increasing computeriza7on to
enable collabora7on between clinicians. Almost 50% of all Dutch ci7zens have experienced medical
problems due to the lack of coordina7on while around 10% of the GPs have had to repeat tests
because the results of previous tests were no longer available.
The Dutch government considers ICT as an important enabler to cope with current challenges
in healthcare while improving the system’s sustainability. Not only can technology support medical
prac7ces to improve quality but it also can enable significant improvements in opera7onal cost
efficiency. This perspec7ve is reflected on the introduc7on of electronic pa7ent records (EPD project)
which aims to improve the quality, accessibility and affordability of care by enabling 7mely, accurate
and secure informa7on exchange between healthcare organiza7ons. However, it is important to note
that due to the private character of the Dutch healthcare sector, the government has liOle enforcing
power in how healthcare organiza7ons work. For this reason, the Dutch government has created the
NICTIZ organiza7on responsible for s7mula7ng the use of ICT in healthcare as well as for the
realiza7on of the EPD project in collabora7on with other healthcare actors. The main goal of NICTIZ is
to develop and maintain the basic infrastructure (AORTA) suppor7ng the electronic exchange of
medical data (EPD), including the needed standards and cer7fica7ons. In order to limit the scope of
our research we have focused our analysis on this project which is one of the largest and most
significant ICT projects in the Dutch healthcare sector.

In previous research we can find significant benefits from the use of electronic medical records
systems. By increasing the availability of accurate, complete and relevant clinical data organiza7ons
can reduce medical errors in diagnosis, medica7on and treatments and thus improving the quality of
services. Moreover, by sharing informa7on among prac77oners, redundant tests are eliminated and
processes are streamlined resul7ng in a significant larger throughput. In previous work we can also
find a series of barriers for the adop7on of technology in healthcare. The most important barriers are
security and the cost of technology, followed by the lack of interoperability with exis7ng solu7ons and
legal and privacy issues.
The introduc7on of the EPD infrastructure implies high levels of computeriza7on not only for
governmental bodies but also for healthcare providers of all kinds and sizes. However, the size of a
provider can influence the adop7on of this system as many clinics are too small for leveraging high
investments in IT. For this reason, organiza7ons need to find new ways to reduce the costs of
technology by for example outsourcing it or joining forces with other clinicians to achieve economies
of scale.
Technology can support healthcare organiza7ons in achieving their two most relevant goals:
improve the quality of services and cost efficiency. Healthcare providers can for example leverage
technology to improve the quality of care services by automa7ng processes (thus reducing human
mistakes), by enabling 7mely decision making (based on the 7mely exchange of accurate pa7ent
informa7on) and bridging the current gap between the quality of services and their accessibility and
availability (e.g. telemedicine for specialists care). Moreover, organiza7ons can achieve cost
efficiencies by enabling affordable (global) collabora7on, by automa7ng tasks to op7mize human
resources costs (specially in areas where salaries are rela7vely high like The Netherlands) and by
achieving economies of scale and synergies (delivering qualita7ve and efficient services to more
ci7zens with the same amount of resources). According to healthcare organiza7ons tools that facilitate
collabora7on, informa7on exchange, eProcurement and web services are the most relevant for the
sector. Specially, interac7ve pa7ent informa7on and involvement and electronic communica7ons are
the two most relevant factors in the near future.
5.3. What are the main policies and legisla*ons affec*ng the use of ICT in Dutch
Healthcare organiza*ons?
The adop7on of the EPD system by healthcare organiza7ons is currently non-‐compulsory and
contractually regulated by bilateral agreements between NICTIZ and each individual provider. The
government plans to enforce par7cipa7on by law in the coming years as for the success of the system
all providers need to be connected to the infrastructure. Nevertheless, in order to be able to connect
to the EPD infrastructure, healthcare providers must obtain three cer7fica7ons (XIS, GBZ and ZSP)
elaborated by NICTIZ. For each type of cer7fica7on specific requirements are described in three areas:
func7onality (how to store and exchange informa7on), implementa7on (security and connec7vity
issues) and exploita7on (processes and measures to keep informa7on as accurate, 7mely and secure

as possible). These requirements are mandatory to obtain and maintain the cer7fica7on and therefore
to connect to the EPD infrastructure.
security policies for GBZs, ZSPs and the LSP.

6. Conclusion Phase 2
The main goal of this second phase in our research is to perform an analysis of the current
trends, challenges and opportuni7es in the Dutch healthcare sector and the role of informa7on
technology in that context. The phase is divided into three main blocks. In the first block we have
delimited the context and scope of our analysis by taking into account the European and Dutch
healthcare systems and the specific characteris7cs of that sector. The second block contains an
analysis on the role of ICT in European healthcare. The third and last block provides a study on the use
of ICT in the Dutch healthcare sector, with a special focus on one of its most important current
projects: the introduc7on of a na7onal electronic pa7ent records system. In this last part we have
taken into account the main policies and regula7ons governing the use of ICT on that project.
The healthcare sector has not only a high impact on ci7zen’s lives but also on their na7onal
economies. One of the main differences between the healthcare sector and other sectors is that
ci7zens are both consuming and funding care services. Through taxes and/or insurances ci7zens pay
for the services they might consume when needed. Moreover, as the main product of care services is
to improve ci7zen’s quality of life, it is crucial that healthcare organiza7ons are able to make decision
on a 7mely basis. The healthcare industry is also one of the most economically significant industries as
it represents more than 9% of all jobs in the EU and more than 6% of the EU GDP.
Healthcare systems in the European Union are very heterogenous and have diverse mixes of
public and private funding and delivery. Although there is not an op7mum single model, a pure public
model eliminates free-‐market mechanisms which enable innova7on and cost efficiency through
compe77on. On the other hand, a solely private model is oren more expensive as healthcare
organiza7ons aim to obtain increasingly yearly net profits and therefore focus their efforts on the
most profitable ac7vi7es. As a result access to healthcare services (e.g. research, treatment, etc.) for
pa7ents with rare diseases can be limited due to its low profitability.
Regardless of the specific system in place, the sustainability of almost all systems is challenged
by the increasing demand care services as well as by the decreasing ci7zen’s tolerance for medical
errors. The demand of services increases among other developments due to demographic changes
(e.g. longer life expectancies and lower birth rates), pervasive and difficult to treat sicknesses (e.g.
cancer), the rapid spread of illnesses (e.g. H1N1) and new unhealthy lifestyles (e.g. higher average
weight and increasing alcohol consump7on). In order to deal with these issues, healthcare
organiza7ons need to con7nuously find new methods for delivering qualita7ve services to more
ci7zens with the same amount of resources by predic7ng, preven7ng and trea7ng illnesses more
efficiently and effec7vely. Mostly as a result of the increasing service demand, yearly healthcare costs
are also increasing significantly, in some cases even faster the na7onal GDP. Some experts predict
healthcare costs to account for 15% of EU GDP by 2020. This affects the sustainability of current
systems if they are not reformed.

Taking into account the above developments the European Commission believes that na7onal
governments must aim to deliver high qualita7ve care services accessible to every ci7zen under a
sustainable healthcare system. In order to achieve this, the commission suggests that member states
embed healthcare issues in all policies, developing a strategy based on shared health values.
In a recent EU research we can observe that although healthcare is the number one non-‐
economic issue for ci7zens, they are rather sa7sfied with the quality of services provided by
healthcare organiza7on. Nevertheless, there is a significant gap between quality of services and their
accessibility and availability reflected in lower sa7sfac7on scores specially for specialist’s care.
Although Dutch ci7zens are even more sa7sfied with quality than the EU average they also reflect
some discontent with the access to specialists. It is important to note that the importance of
healthcare for ci7zens can be related to their age as older ci7zens consume more care services than
younger ones. Due to the fact that the overall age is currently increasing we can expect in the future a
growing ci7zen’s concern for healthcare.
The increasing demand and costs of care services reflect the need of collabora7on between
clinicians. Collabora7on is a important requirement not only to guarantee the sustainability of current
healthcare systems but also to 7mely react to global threats while improving the con7nuity of care
services delivered to ci7zens. The proper use of technology can help to foster healthy ci7zen’s
behavior and to protect them from large scale threats while increasing the availability of services and
mee7ng growing demand on an effec7ve and efficient manner. For example, current (internet)
technologies can leverage collabora7on in a cost efficient manner, improving care services con7nuity
and accessibility.
The healthcare sector in The Netherlands is predominantly private with public funding
significantly below EU average. In order to cope with current and future challenges the Dutch
healthcare sector needs to con7nuously improve the quality and opera7onal efficiency of care
services. For this purpose, the Dutch Ministry of Health has ini7ated a reform of the healthcare system
in 2006 with the introduc7on of a compulsory private insurance for each ci7zen. The transforma7on is
aimed to shir the power from healthcare providers to consumers, and the control from public bodies
to insurers. As a part of this transforma7on, the Dutch government has started in 2008 with the
introduc7on of an na7onal electronic pa7ent record system (EPD) to facilitate the 7mely exchange of
accurate medical informa7on. The main goal of this project is to leverage collabora7on in order to
improve the quality and accessibility of healthcare on a cost efficient manner.
As it is the case in other industries, business and IT alignment is crucial for successful
leveraging technological solu7ons in healthcare. By using the right approach and implementa7on
methodology for each specific situa7on, organiza7ons can improve the quality, accessibility and
efficiency of healthcare delivery. It has been oren demonstrated that those firms that invest in the
right ICT solu7ons perform significantly beOer than other ones that do not invest on those solu7ons.
According to healthcare organiza7ons tools that facilitate collabora7on, informa7on exchange,

eProcurement and web services are the most relevant for the sector. Specially, interac7ve pa7ent
informa7on and involvement and electronic communica7ons are the two most relevant factors in the
near future.
There is a significant poten7al for improvement in leveraging ICT solu7ons in healthcare.

Although the healthcare sector is one of the most informa7on intensive ones, the use of technological
innova7ons is below other less informa7on intensive industries. Nevertheless, there is a large number
of documented benefits linked to the adop7on of certain ICT solu7ons like for example improved
quality, cost efficiencies, larger process throughputs, the reduc7on of medical errors, beOer informed
ci7zens and providers, streamlined processes, improved safety and 7mely care delivery.
The specific advantages of electronic medical records systems have also been subject of
previous research. By increasing the availability of accurate, complete and relevant clinical data
organiza7ons can reduce medical errors in diagnosis, medica7on and treatments and thus improving
the quality of services. Moreover, by sharing informa7on among prac77oners, redundant tests are
eliminated and processes are streamlined resul7ng in a significant larger throughput (more pa7ents
processed with the same resources). In previous work we can also find a series of barriers for the
adop7on of technology in healthcare. The most important barriers are security and the cost of
technology, followed by the lack of interoperability with exis7ng solu7ons and legal and privacy issues.
Organiza7ons can leverage ICT solu7ons by reusing exis7ng investments in technology, gaining
compe77ve advantage from value chain coopera7on, improving supply chain management and
benefi7ng from economies of scale and synergies through collabora7on. Moreover, a number of
cri7cal success factors (CSFs) have been iden7fied in previous research for guiding healthcare
organiza7ons in the adop7on of technology. These CSFs are grouped in four areas: management,
leadership, func7onality and technology. The support from senior management, a clear added value,
good project management, employee training and communica7on and a clear focus on process
quality, efficiency and reliability are the most relevant factors at management level. Organiza7onal
leaders must develop a shared project vision with clear objec7ves and business case and align them
with the firm’s strategy as well as with corporate governance. The func7onality of the solu7on must
focus on suppor7ng organiza7onal and clinical processes as well as a broad user group and horizontal
integra7on. On the technology area, the solu7on must ensure compa7bility with current systems, and
guarantee a high level of availability, security and interoperability.
From a Dutch government perspec7ve ICT is regarded as an important enabler to cope with
current challenges in healthcare while improving its sustainability. Not only can technology support
medical prac7ces to improve quality but it also can enable significant cost efficiencies in medical
prac7ces. This perspec7ve is reflected on the introduc7on of electronic pa7ent records (EPD project)
which aims to improve the quality, accessibility and affordability of care services. However, it is
important to note that due to the private character of the Dutch healthcare sector, the government
has liOle enforcing power in how healthcare organiza7ons work. For this reason, the Dutch

government has created the NICTIZ organiza7on responsible for s7mula7ng the use of ICT in
healthcare as well as for the realiza7on of the EPD project in collabora7on with other healthcare
actors (e.g. pa7ent’s organiza7ons, insurers, healthcare providers, etc.). The main goal of NICTIZ is to
develop and maintain the basic infrastructure (AORTA) suppor7ng the electronic exchange of medical
data (EPD), including the needed standards and cer7fica7ons. The EPD ini7a7ve was created to
improve the quality of care by enabling 7mely, accurate and secure informa7on exchange between
healthcare organiza7ons.
Dutch healthcare system currently solving around 95% of all primary care condi7ons. There is a clear
need for electronic collabora7on between GPs and other medical actors as the great majority of them
work alone or share their office with one or two other clinicians. When analyzing the use of ICT in GP
offices, we observe for example low levels of automa7za7on when accessing a pa7ent’s medica7on
history while only 50% of all GPs can share informa7on electronically with prac77oners outside their
workplace. Moreover, very few GPs can access a pa7ent’s hospital record, order tests electronically or
provide pa7ents with electronic access to their test results.
From a Dutch ci7zen perspec7ve there is also a clear need for increasing computeriza7on to enable
collabora7on between clinicians. Almost 50% of all Dutch ci7zens have experienced medical problems
due to the lack of coordina7on while around 10% of the GPs have had to repeat tests because the
results of previous tests were no longer available.
The introduc7on of medical pa7ent records (EPD) in The Netherlands is being carried out
following a top-‐down incremental approach. At the moment of wri7ng the first two func7onali7es
(prescrip7on history and GP observa7ons) are being rolled out arer having completed their pilot
phases successfully. The EPD basic infrastructure (AORTA) consists of a basic “empty” switching point
(LSP) containing index and reference systems that connects all individual sources were pa7ent
informa7on is registered and stored. It is important to note that pa7ent informa7on is not stored on a
central repository but it remains at its origin (e.g. hospital, GP office, etc.) and it is gathered on
demand. With this construc7on, data can be kept always updated minimizing the delay between
informa7on genera7on and its availability to other prac77oners.
The actors related to the EPD project are very diverse and with different perspec7ves on the
project. Some actors with high influence on adop7on support the ini7a7ve (e.g. government and
pa7ent organiza7ons) while others actors with high influence are less suppor7ve (e.g. GP
organiza7ons). In our opinion, the lack of support of GPs can be linked to the lack of control and trust
when relying on externally generated informa7on. The adop7on of the EPD system by healthcare
organiza7ons is currently non-‐compulsory and contractually regulated by bilateral agreements
between NICTIZ and each individual provider. The government plans to enforce par7cipa7on by law in
the coming years as for the success of the system all providers need to be connected to the
infrastructure. Another important remark is that ci7zens can at any moment in 7me block their

informa7on en7rely or par7ally from exchange between all or some providers. Un7l June 2009, more
than 350.000 ci7zens have been excluded from the infrastructure at their own request. At that 7me
the EPD contained informa7on about more than 360.000 pa7ents serving more than 400.000
exchanges of informa7on between providers.
AORTA is the basic infrastructure suppor7ng the exchange of informa7on. It includes two
registers (BSN and UZI registers) for actor iden7fica7on purposes and one switching point (LSP) where
providers can connect if they have obtained the required cer7fica7on (XIS, GBZ and ZSP). For each
type of cer7fica7on specific requirements are described in three areas: func7onality (how to store and
exchange informa7on), implementa7on (security and connec7vity issues) and exploita7on (processes
and measures to keep informa7on as accurate, 7mely and secure as possible). These requirements are
mandatory to obtain and maintain the cer7fica7on.
The standards used on the EPD infrastructure are HL7 version 3 for message specifica7ons,
WSDL and SOAP for web-‐service descrip7ons and access, HTTPs and TCP/IP for communica7ons and
the CEN 13606 for concepts in process descrip7ons and informa7on models. NICTIZ has chosen these
standards to facilitate the exchange of informa7on independently from the structure, syntax and
seman7cs used at individual provider’s systems. In order to guarantee interoperability between
provider’s systems, the EPD ini7a7ve has established three cer7fica7on programs that healthcare
providers must obtain before connec7ng to the na7onal infrastructure. These programs are the Good
Managed Healthcare Organiza7on (GBZ) cer7fica7on, the Healthcare Service Provider cer7fica7on
(ZSP) and the Cer7fied Health Informa7on System cer7fica7on (XIS). The XIS cer7fica7on is meant to
ensure that sorware connec7ng to the na7onal infrastructure complies with the requirements
established by NICTIZ. The ZSP cer7fica7on is designed to enabled the secure connec7on of a GBZ
cer7fied healthcare provider (an his XIS cer7fied sorware) to the na7onal switching point (LSP). The
GBZ cer7fica7on aims to ensure that exchanged pa7ent data complies with the requirements of
integrity and confiden7ality. GBZ requirements are divided into three layers: applica7on,
communica7on and server. The requirements focus mainly in guaranteeing the accuracy, availability
and security of informa7on exchanges.
security policies for GBZs, ZSPs and the LSP. Access to pa7ent’s informa7on is limited to providers that
have a treatment rela7on with that pa7ent, based on previous encounters and/or arer explicit
authoriza7on from that pa7ent.
The introduc7on of the EPD infrastructure implies high levels of computeriza7on not only for
governmental bodies but also for healthcare providers of all kinds and sizes. However, the size of a
provider can influence the adop7on of this system as many clinics are too small for leveraging high
investments in IT. For this reason, organiza7ons need to find new ways to reduce the costs of

technology by for example outsourcing it or joining forces with other clinicians to achieve economies
of scale.
Technology can support healthcare organiza7ons in achieving their two most relevant goals:
improve the quality of services and cost efficiency. In other sectors, technology has played a crucial
role in achieving both of these targets. Healthcare providers can for example leverage technology to
improve the quality of care services by automa7ng processes (thus reducing human mistakes), by
enabling 7mely decision making (based on the 7mely exchange of accurate pa7ent informa7on) and
bridging the current gap between the quality of services and their accessibility and availability (e.g.
telemedicine for specialists care). Moreover, organiza7ons can achieve cost efficiencies by enabling
affordable (global) collabora7on, by automa7ng tasks to op7mize human resources costs (specially in
areas where salaries are rela7vely high like The Netherlands) and by achieving economies of scale and
synergies (delivering qualita7ve and efficient services to more ci7zens with the same amount of
resources).

Phase 3: Cloud Compu*ng in the EPD context
In this last phase of our research we combine the findings from our previous two phases to
iden7fy the most relevant challenges and opportuni7es for adop7ng cloud compu7ng solu7ons in the
Dutch na7onal pa7ent records system context. For this purpose we create an ar7fact following the
design science research that can support organiza7ons in selec7ng cloud solu7ons that comply with
the corresponding legal requirements.
We start this sec7on by describing the research methodology followed in this phase (e.g.
design science) as it differs significantly from two previous ones. We con7nue then presen7ng our
ar7fact’s construc7on and evalua7on to conclude with the answers to the research ques7ons related
to this phase of our research.
1. Design Science Research Approach

When execu7ng the third phase of our research we have followed Hevner's guidelines for
design science in IS research (Hevner et al., 2004). This guidelines are based on the assump7on that
knowledge over a design problem and its solu7on is created when building and applying an
ar7fact. According to Hevner, design science research focuses on the crea7on of an innova7ve
purposeful ar7facts for a specific problem domain where the ar7fact aims to solve an unsolved
problem or a known problem in a more efficient or effec7ve way. In this sec7on we provide an
elabora7on of these guidelines and how we have applied them in our research.
Guideline 1: Design as an ar*fact

In the design science research field, IT ar7facts are defined as constructs, models, methods
and instan7a7ons created to solve specific unsolved problems or known problems more efficiently
and effec7vely (Hevner et al., 2004). The ar7facts are then evaluated according to how useful they are
in solving that specific problem. Constructs are defined as the language in which problems and
solu7ons are defined and they are applied in models to represent a real world situa7on. Methods are
the processes that guide us to the solu7on while instan7a7ons show how constructs, models or
methods can be applied in prac7ce to demonstrate the ar7fact’s feasibility and suitability.
The ar7facts created in our research are two main constructs in phase one and two (our
defini7on of Cloud Compu7ng and EPD requirements), a model in this third phase (our matching-‐
model) and methods (the processes that we followed to create our defini7on of Cloud Compu7ng and
our matching-‐model). The overall goal of this part of our research is to create a meta-‐ar7fact (our
matching model) as a solu7on to an unknown problem: if a Dutch healthcare organiza7on can use
cloud compu7ng solu7ons to connect to the na7onal electronic pa7ent system.

The matching model can be used by Dutch healthcare organiza7on to select solu7ons that
comply with NICTIZ requirements. Moreover, cloud providers can use the matching model to develop
new solu7ons or modify exis7ng ones that could be used in the EPD context. A remark should be
made on the fact that we do not provide any instan7a7ons of our matching-‐model due to the fact that
there are not yet Cloud Compu7ng solu7ons deployed in the EPD context. Nevertheless, according to
Hevner et al (Hevner et al., 2004) all four types of ar7facts are equally important and valid outputs of
design science research.
Guideline 2: Problem relevance

As in previous design science research the purpose of our research is to acquire knowledge
and understanding to enable the development and implementa7on of technology based solu7ons for
unsolved problems (Hevner et al., 2004). The problem we aim to solve is to evaluate the feasibility of
cloud compu7ng solu7ons taking into account the constrains imposed by the Dutch na7onal pa7ent
records systems (EPD). As there are not yet known implementa7ons of cloud solu7ons that connect to
the EPD this problem is new and unknown at the moment of wri7ng. The problem is important
because Cloud Compu7ng is an emerging technological paradigm that is expected to leverage
significant improvements in opera7onal efficiency and effec7veness. As these are also two of the most
important goals in current Dutch healthcare, cloud compu7ng represents a business opportunity to
decrease cost or maximize revenue when using IT capabili7es in this context.
Guideline 3: Design Evalua*on

According to previous work the u7lity, quality and efficacy of a design ar7fact must be carefully
evaluated (Hevner et al., 2004). For this purpose we have first carefully evaluated our basic constructs
(e.g. defini7on of Cloud Compu7ng and EPD requirements) before including them in our matching-‐
model and we have evaluated the matching-‐model with expert reviews.
The expert reviews consisted of unstructured in-‐depth interviews with two experts: Mr Gerard
Persoon and Mr. Bert Kabbes. Both have more than 20 years experience in business consultancy in the
Dutch healthcare sector and Mr. Kabbes has been interim director of several large Dutch hospitals. The
in-‐depth interviews include the evalua7on of our ar7fact's func7onality, completeness, consistency,
accuracy and usability. Other aOributes like performance, reliability, and organiza7onal fit were
excluded from our valida7on because the experts are not aware of any implementa7on of Cloud
Compu7ng solu7ons in the EPD context. The reviews of the model were very posi7ve and some
realloca7ons of requirements to different features were performed.
Although a deeper ar7fact evalua7on could have been achieved by performing an instan7a7on
of the model in prac7ce, we could not find any case in prac7ce to apply our model. Moreover,
although there are several wriOen cases on HIPAA compliant US healthcare organiza7ons we could not
find any case study on a EPD cloud compu7ng solu7on to instan7ate our model.

Guideline 4: Research Contribu*ons
According to previous work on design science research must include clear and verifiable
contribu7ons in the areas of design ar7fact, design founda7ons, and/or design methodologies (Hevner
et al., 2004). The main contribu7on of our research can be found on theses three areas. On one hand
we have designed an unique ar7fact as we cannot find any similar ar7fact in previous work. In the
founda7ons area we have created a series of validated constructs in the first two phases that extend
and improve respec7vely the Cloud Compu7ng and IT in Dutch healthcare knowledge bases. In the
design methodology area our contribu7on can be found in the process of crea7ng our matching-‐
model from an interpreta7ve perspec7ve and based on the assump7ons made throughout this thesis.
Guideline 5: Research Rigor

Research rigor can be evaluated by analyzing how the researcher applies exis7ng theore7cal
founda7ons and research methodologies in deriving research findings (Hevner et al., 2004). To
improve our research rigor we have described the process of construc7ng our basic elements and
validated them before genera7ng our matching-‐model. We have applied not only exis7ng literature
but also how the defini7on of cloud compu7ng is (re)created through human interac7ons by the most
relevant actors.
Guideline 6: Design Science as a Search Process

An effec7ve ar7fact is considered to use available means to reach a desired end state while
complying with constrains determined by the problem’s environment (Hevner et al., 2004). Our
matching-‐model uses available knowledge to facilitate the deployment of Cloud Compu7ng solu7ons
that comply with the requirements enforced by the Dutch healthcare context (EPD requirements). It is
important to note that our matching-‐model does not represent a overall solu7on to the problem but it
just aims to support prac77oners and researchers in further explora7ons of this type of delivery
models in this type of context. Moreover, as effec7ve design research requires knowledge and
understanding of both the applica7on domain and the solu7on domain (Hevner et al., 2004) we have
analyzed both separately in our search process to discover if Cloud Compu7ng applica7ons can be
applied in the Dutch healthcare domain.
Guideline 7: Communica*on of the research

Previous work suggests that research findings must be communicated to technology and
management audiences (Hevner et al., 2004). For this reason we have wriOen our thesis with both
reader in mind. In our opinion our wri7ng style, vocabulary and argumenta7ons can be understood by
business and IT audiences.

2. Ar*fact Crea*on
Following the design science research approach we have created a meta-‐ar7fact (a matching
model) to link the results of our previous two phases (see table 27). On one side of our matching-‐
model (the y axis) we have placed the features we have found in our defini7on of Cloud Compu7ng
during the first phase of our research. On the other side (the x axis) we have placed the EPD
requirements iden7fied during the second phase of our research according to their support or
limita7on of the corresponding cloud compu7ng feature.
For clarifying purposes we have chosen a coding scheme to iden7fy the corresponding
requirement. GBZ requirements are code as “GBZ-‐id” where “id” represents the requirement
iden7fica7on number in appendix N. ZSP requirements are coded as “ZSP-‐id” where “id” indicates the
corresponding code in appendix M. ZSP codes include three leOers to iden7fy the category followed
by two numbers to iden7fy the specific requirement within that category.
As our goal is to explore opportuni7es and incompa7bili7es between the cloud compu7ng
delivery model and the EPD cer7fica7on requirements we have classified the requirements according
to how the feature is supported by a requirement (column supported by) as well as how the feature is
delimited (or excluded) by a requirement (column delimited by). Within the “delimited by” category
we dis7nguish between those requirements that directly affect a feature and requirements that
indirectly limit the implementa7on of a feature.
We consider that a feature is supported by a requirement when the feature capabili7es are
explicitly required by cer7fica7on requirements. We believe that a feature is delimited when a
requirement determines some aspect (or the totality) of its implementa7on (e.g. hybrid cloud, private
cloud, public cloud, etc.). Some requirements are not included in our matching model as they do not
limit or support any of the features. Moreover, requirements can be linked to more than one feature
but they always either delimit or support that feature. The usage-‐based pricing model is the only
feature not supported or limited by any requirement as organiza7ons are free to choose any economic
model to purchase IT capabili7es in the EPD context. Our matching-‐model is presented in table 27.

Table 27: Matching-‐model for cloud compu*ng in the EPD context
Cloud Features Enforced By Delimited By
Directly Indirectly
ZSP-‐CON-‐01, ZSP-‐
On-‐demand BSC-‐01, ZSP-‐BSC-‐02, ZSP-‐CON-‐11
GBZ-‐5.1, GBZ-‐5.7
ZSP-‐CON-‐01, ZSP-‐
Elas7c BSC-‐01, ZSP-‐BSC-‐02, ZSP-‐CON-‐11
GBZ-‐5.1, GBZ-‐5.7
ZSP-‐BVL-‐01 ZSP-‐BVL-‐02 ZSP-‐BVL-‐03

ZSP-‐BVL-‐06 ZSP-‐BVL-‐07 ZSP-‐
BVL-‐08, ZSP-‐BSC-‐06, ZSP-‐BSC-‐07,
ZSP-‐GBO-‐01 & ZSP-‐GBO-‐02,
ZSP-‐BSC-‐08, ZSP-‐ORG-‐01, ZSP-‐
ZSP-‐RSP-‐01, ZSP-‐RSP-‐03,
As-‐a-‐service BEH-‐07, ZSP-‐BEH-‐08, GBZ-‐1.1,
ZSP-‐BEH-‐03, ZSP-‐BEH-‐04,
GBZ-‐1.2, GBZ.3.8, GBZ-‐3.10,
ZSP-‐BEH-‐05
GBZ-‐4.1, GBZ-‐4.2, GBZ-‐4.4,
GBZ-‐4.6, GBZ-‐4.7, GBZ-‐4.8
GBZ-‐6.1, GBZ-‐6.2, GBZ-‐6.3
ZSP-‐DNS-‐01, ZSP-‐DNS-‐02,
ZSP-‐DNS-‐04, ZSP-‐DNS-‐05,
ZSP-‐DNS-‐06, ZSP-‐CON-‐05,
Internet delivery ZSP-‐CON-‐06, ZSP-‐CON-‐08,
ZSP-‐CON-‐03, ZSP-‐CON-‐07
ZSP-‐CON-‐09, ZSP-‐CON-‐10,
ZSP-‐BVL-‐05, ZSP-‐RSP-‐01 &
ZSP-‐RSP-‐03
Usage-‐based pricing not applicable not applicable not applicable
As the EPD is a decentralized infrastructure, connec7vity requirements include features that

maximize the infrastructure’s availability and con7nuity. Some examples are the need to be able to
handle all messages (ZSP-‐CON-‐01, GBZ-‐5.7), limi7ng the delay of NAT rou7ng (ZSP-‐CON-‐11) or 24x7
availability (ZSP-‐BSC-‐01, GBZ-‐5.1) with a very limited number of outages per year if specific recovery
7mes are met (ZSP-‐BSC-‐02). The on-‐demand and elas7c feature of cloud compu7ng are very useful
factors to comply with this type of requirements.
ZSP DNS requirements (ZSP-‐DNS-‐id) delimit indirectly how an applica7on can connect to the
EPD using domain name protocols. Although EPD requirements include advanced DNS configura7on
almost all available solu7ons offer these configura7on op7ons.
The most significant limita7ons to the use of cloud compu7ng solu7ons in the EPD context are
found in the connec7vity area as the use of components that use the public internet network (ZSP-‐
CON-‐07) is prohibited. This excludes all public cloud solu7ons and many private providers that do not
offer private leased connec7ons (e.g. point-‐to-‐point) in The Netherlands. Moreover, the use of fixed IP
addresses (ZSP-‐CON-‐03) is not a common feature in public cloud solu7ons re-‐enforcing the need for

private offerings. Other connec7vity requirements delimit indirectly the use of Internet as a delivery
plaxorm but there are basic capabili7es available in almost all infrastructures (ZSP-‐CON-‐05, ZSP-‐
CON-‐06, ZSP-‐CON-‐08, etc.)
In the cloud compu7ng model (part of) an IT capability is delivered as-‐a-‐service where the
provider owns the capability and rents it to the user for a specific purpose. For this reason, security of
the cloud provider is a very important issue to consider in the EPD context delimi7ng directly the as-‐a-‐
service model to organiza7ons that can provide this kind of assurance. ZSP requirements related to
security are to be evaluated at the provider level where he needs to have a security policy (ZSP-‐
BVL-‐01) embedded in the organiza7on (ZSP-‐BVL-‐02), followed by employees (ZSP-‐BVL-‐03), Moreover,
it should include an access policy (ZSP-‐BVL-‐06), a con7nuity management plan (ZSP-‐BVL-‐07) and a
con7ngency plan in case of security incidents (ZSP-‐BVL-‐08).
Response 7me requirements (ZSP-‐RSP-‐01 & ZSP-‐RSP-‐03) implies indirectly serious limita7ons
on the as-‐a-‐service feature and on the Internet delivery feature. Current public clouds for example do
not comply with the maximum delay allowed in HTTP communica7ons.
Some ZSP organiza7onal requirements delimit directly which types of organiza7ons can
connect to the EPD (ZSP-‐ORG-‐01, ZSP-‐ORG-‐03) as they exclude directly the as-‐a-‐service model where
the provider is not a registered Dutch organiza7on located in The Netherlands or a cer7fied
organiza7on (GBZ-‐1.1 & GBZ-‐1.2).
In order to comply with ZSP management requirements the as-‐a-‐service solu7on must include
a 24x7 available system administrator (ZSP-‐BEH-‐01), measuring and repor7ng capabili7es (ZSP-‐BEH-‐03,
ZSP-‐BEH-‐04 & ZSP-‐BEH-‐05) and facilitate migra7ons to other solu7ons (ZSP-‐BEH-‐07 & ZSP-‐BEH-‐08).
The majority of current cloud offerings have con7nuos monitoring and include measuring and
repor7ng capabili7es. The as-‐a-‐service feature is therefore indirectly affected by these features.
However, the support for migra7ons is not found in all types of cloud services. The majority of public
cloud solu7ons facilitate the migra7on to their solu7on but not to another solu7on. The as-‐a-‐service
feature is therefore directly affected by migra7on requirements.
The requirements related to the level of user support and the handling of issues is a strong
requirement that indirectly excludes public clouds because the as-‐a-‐service model does not normally
includes this type of personalized support (ZSP-‐GBO-‐01 & ZSP-‐GBO-‐02). Communica7on issues in
cases of malfunc7ons and recoveries (ZSP-‐BSC-‐06 & ZSP-‐BSC-‐08) as well as the fixed schedule for
maintenance (ZSP-‐BSC-‐07) are also strong limita7ons to the type of solu7on to be used. Current public
clouds for example communicate outages and recoveries through a website and do not have a fixed
maintenance schedule.
Several GBZ requirements are concerned with protec7ng the EPD infrastructure against
unauthorized access, misuse and errors (GBZ.3.8, GBZ-‐3.10, GBZ-‐4.1, GBZ-‐4.2, GBZ-‐4.4, GBZ-‐4.6,

GBZ-‐4.7, GBZ-‐4.8, GBZ-‐6.1, GBZ-‐6.2, GBZ-‐6.3). All these features have a strong impact on how the as-‐a-‐
service feature is implemented as the provider needs to include the capabili7es needed for
compliance.
3. Ar*fact Evalua*on
The field of design science in IS research is regarded in previous work as an applied science
discipline reflec7ng the importance of IT (meta-‐)ar7facts that enable the development of concrete IT
applica7ons (Iivari, 2007). This is also the main goal of our research, to develop a meta-‐ar7fact (our
matching-‐model) to facilitate the deployment of cloud compu7ng solu7ons in an specific context
(healthcare in The Netherlands). A design science ar7fact can therefore be evaluated by analyzing how
that ar7fact achieves its goal in prac7ce (u7lity and quality) and how efficient it is in achieving it
(Hevner et al., 2004). However, there are significant barriers for evalua7ng ar7facts as they are related
to the environment where they operate (March & Smit, 1995).
According to previous work, the resul7ng meta-‐ar7facts must include knowledge that enables
product and process design (Iivari, 2007). We believe that our matching-‐model contains knowledge
that can support prac77oners in the design of new (or modified) cloud products and as well as in the
design of cloud related processes. By matching a poten7al solu7on with our cloud compu7ng features
and evalua7ng the requirements enforced by NICTIZ an organiza7on can select the solu7on that best
fits their needs in that context.
In order to evaluate our ar7fact in prac7ce we need to find a Dutch healthcare organiza7on
that it is considering cloud compu7ng solu7ons. We could not find such an organiza7on which means
that our matching-‐model should be further evaluated in prac7ce. Nevertheless, taking into account
that we build our model based on two already validated constructs created in phase one and two of
our research and that we validate the matching-‐model with expert reviews, we can draw some
conclusions regarding the completeness and accuracy of our matching-‐model based on the
assump7ons made during our research. It is important to note that we could not found specific
metrics to measure our variables and therefore the evalua7on of the ar7fact is qualita7ve by nature.
Qualita7ve research methods use qualita7ve data (e.g. interviews, documents, observa7on
data, etc.) to understand and explain social phenomena (Myers, 1997). Although they are typical social
sciences research methods they are increasingly popular in IS research, specially when inves7ga7ng
(new) managerial and organiza7onal issues. Moreover, qualita7ve methods are oren found in
research performed from an interpre7ve perspec7ve like in our research (Myers, 1997). The main
purpose of this type of methods is to inves7gate phenomena taking into account the par7cipant's
perspec7ve and the specific social and ins7tu7onal context (Myers, 1997).

The expert reviews consisted of unstructured in-‐depth interviews with two experts: Mr Gerard
Persoon and Mr. Bert Kabbes. Both have more than 20 years experience in business consultancy in the
Dutch healthcare sector and Mr. Kabbes has been interim director of several large Dutch hospitals. The
experts were asked to evaluate the ar7fact’s quality (e.g. completeness and effec7veness) by analyzing
(A) if all relevant requirements and cloud compu7ng features are included in the model and (B) if we
make the right assump7ons when evalua7ng and placing requirements in our model. In design science
completeness and effec7veness of an ar7fact can be evaluated by how it sa7sfies the requirements
and constraints of the problem it was meant to solve (Hevner et al., 2004). For this reason, experts
were asked to evaluate our matching-‐model taking into account our defini7on of cloud compu7ng and
EPD requirements.
According to previous work when there is not a previous outcome of tan ar7fact, as it is also
the case in our research, its poten7al usefulness must be es7mated (Järvinen, 2008). Due to the lack
of cloud compu7ng implementa7ons in Dutch healthcare the experts were asked to give their
es7ma7on of the model’s usability, func7onality and consistency by applying logical reasoning and
their own experience. Other aOributes like performance, reliability, and organiza7onal fit were
excluded from our valida7on as they need to evaluated once the model has been applied in prac7ce.
Nevertheless we have provided some assurance about our ar7fact’s relevance by considering business
needs from environmental factors (e.g. people, organiza7on and technology) during our research
(Hevner et al., 2004).
Experts had no remarks concerning the completeness and effec7veness of our matching-‐
model. as they believe that it contains all relevant features and requirements and they are placed
using appropriate logical reasoning. Moreover, the experts reflected that our model could be useful,
func7onal and consistent but they agreed on the fact that this should be further evaluated in prac7ce.
It is important to note that the quality of design science ar7facts improves when subsequent
evalua7ons are performed as they oren result in incremental improvements (Hevner et al., 2004)
(Gregor & Jones, 2007). However, we could not improve any exis7ng model as we could not find any
similar meta-‐ar7fact in previous literature. For this reason we had to create a new meta-‐ar7fact that
can be evaluated and improved in further research. This is a typical situa7on when applying design
science to build new or innova7ve ar7facts as theories over the applica7on and impact of these
ar7facts can be created once the ar7facts are applied in prac7ce (Hevner et al., 2004).

4.1. What are the most relevant opportuni*es and challenges for adop*ng Cloud
Compu*ng in the Dutch Healthcare sector?
Current developments in healthcare and in na7onal economies have created the perfect storm
for the adop7on of Cloud Compu7ng. The current economic downturn, demographic and social
developments, pervasive sicknesses and global threats are among the challenges that reflect the
con7nuous need for cost efficiency and 7mely qualita7ve services in healthcare. Collabora7on
between prac77oners is increasingly becoming an essen7al requirement to cope with these
developments. From our analysis in phases 1 and 2 we observe a match between opportuni7es
offered by Cloud Compu7ng models and challenges that Dutch healthcare organiza7ons are facing
now and in the future. In order to improve the sustainability of the healthcare system, healthcare
organiza7ons can leverage Cloud Compu7ng solu7ons to achieve their two most relevant goals: cost
efficiency and quality improvements.
As described in phase 1 according to previous research around 80% of IT budgets are used to
keep the lights on (maintaining compu7ng resources) while the average server u7liza7on is es7mated
by several researches to be between 5% and 20%. This poten7al cost efficiency improvement is
specially interes7ng for small healthcare organiza7ons as their budgets are significantly lower than
larger ones and they are directly affected by the increase in demand of services (GPs in The
Netherlands solve around 95% of primary care condi7ons). However, large healthcare organiza7ons
can achieve larger savings as their budgets are larger and therefore there is more scope for
improvement. For this reason large organiza7ons should also consider the use case of Cloud
Compu7ng solu7ons to op7mize resource u7liza7on.
An specific example on how small and large healthcare organiza7ons can achieve cost
efficiency by leveraging SaaS solu7ons is the use of Google Apps as a replacement for Microsor’s
Office tools. Google Apps licenses are much cheaper than Office licenses and they are fully compa7ble
with Microsor’s file formats (e.g. doc, ppt, etc.). Moreover, as informa7on is stored remotely clinicians
can work from everywhere and they can use the collabora7on features offered by Google Apps to
enable simultaneous collabora7on on the same document. However, sensi7ve pa7ent informa7on
should not be stored on this solu7on as it is not clear where is physically stored (Google uses a
distributed file system) and it could be against na7onal regula7ons that limit the storage of pa7ent
informa7on to the na7onal boundaries. Dutch ICT providers can solve this issue by deploying similar
solu7ons where informa7on is stored securely within the Dutch territory. Nevertheless, in the past
years we have seen a significant number of enterprises migra7ng to Google SaaS solu7ons like for
example Rover, Rentokil, the University of Melbourne or Utrecht University.

Another example of how large organiza7ons can also leverage Cloud Compu7ng solu7ons for
cost efficiency is the op7mum resource u7liza7on enabled by deploying Internal Private Clouds. In a
fully controllable on-‐premises environment organiza7ons can deploy tools that allow automa7c
provisioning and scalability over mul7-‐tenant resources. With this approach, large organiza7ons can
op7mize the use of previous ICT investments resul7ng in significant improvements in opera7onal cost
efficiency and agility. Some tools that can support organiza7ons in this approach are Open Nebula,
Eucalyptus, Ubuntu Enterprise Cloud and OpenQRM.
Healthcare organiza7ons can also leverage Cloud Compu7ng solu7ons to access an almost
unlimited amount of resources to perform heavy computa7onal tasks (e.g. HPC) that in some cases
cannot be accomplished on-‐premises due to the large capital investment they require. The usage
based pricing model of Cloud Compu7ng enables organiza7ons to use very large amounts of resources
for short periods of 7me. Several case studies have demonstrated this advantage not only in the
medical research field but also when performing large batch file conversions and tes7ng ICT
infrastructures among others (e.g. Harvard Medical Research, NYT, Soasta, etc.).
Quality and cost efficiency in care services can also be achieved by enabling efficient
collabora7on between clinicians. For this purpose SaaS tools can contribute to connect prac77oners
and centralize knowledge. Another op7on for leveraging collabora7on is given by the EPD project, an
“empty” infrastructure consis7ng of an index system that enables the retrieval of pa7ent informa7on
on-‐demand from decentralized repositories (each of the connected organiza7on’s system). With this
approach prac77oners can access each others previous work in order to build their prac7ces on these
findings. This results per defini7on on improved cost efficiency (e.g. reused test results, less redundant
treatments, etc.) as well on quality improvements (e.g. no contradictory and poten7ally dangerous
treatments, less medical errors, etc.).
Another poten7al improvement when using Cloud Compu7ng solu7ons in Dutch healthcare is
the improvement in care service availability and con7nuity. The 7mely decision making character of
healthcare due to the high impact it has on ci7zen’s lives implies that prac77oner need accurate
medical informa7on on-‐demand to perform their jobs beOer and more efficiently. For this reason,
medical informa7on must be always available to clinicians in order to guarantee the delivery of care
services to ci7zens. As reflected in some of the case studies analyzed in this report, organiza7ons can
leverage Cloud Compu7ng solu7ons for affordable failover and backup mechanisms that improve the
con7nuity of care services. Moreover, the elas7c character of Cloud Compu7ng solu7ons guarantees
that ICT systems and infrastructures will never suffer from down7mes due to planning errors in
resource provisioning and alloca7on.
An interes7ng use case for leveraging Cloud Compu7ng solu7ons in healthcare is to be able to
guarantee the con7nuity of care services in case of large health threats or catastrophes (e.g.
pandemics, bioterrorism, earthquakes, etc.). In these situa7ons the demand of care services increases
unexpectedly and rapidly crea7ng in some cases a workload that cannot be handle by non-‐elas7c

models. The elas7c character of Cloud solu7ons can solve this issue as more resources are allocated
instantly as the demand of care services rises. Moreover, cost efficiency is also improved as resources
are scaled down when demand decreases (once the situa7on is back to normal). It is important to
note that on-‐demand elas7city of resources leads per defini7on to larger process throughputs which is
a necessary development in order to deal with the increasing demand of services.
Organiza7ons are constantly challenged by ever changing market condi7ons. This requires
them not only to leverage opera7onal agility by adap7ng their processes over 7me but also to use the
right tools at the right 7me for each specific situa7on. To meet this needs external and internal
sorware providers must reduce the 7me-‐to-‐market of their new applica7ons significantly. By using a
PaaS environment for the rapid development and deployment of applica7ons these tools can be
delivered on a 7mely basis. This results in significantly lower 7me-‐to-‐market as deployment,
maintenance and upgrades have minimum impact on the tool’s availability. A healthcare oriented case
study related to this usage of Cloud Compu7ng can be found at PresidioHealth, a HIPAA compliant
sorware company which is able to build and deploy SaaS applica7ons 20% faster than before using
PaaS.
The use of Cloud Compu7ng solu7ons in healthcare is influenced by the size of organiza7ons.
In general small healthcare organiza7ons (e.g. GPs, Specialists Clinics, etc.) should focus on cost
efficiency by leveraging the usage based pricing model of Cloud Compu7ng solu7ons. Large
organiza7ons (e.g. Hospitals, etc.) on the other hand should focus more on resource op7miza7on by
building Internal Private Clouds or by using Cloud solu7ons to perform heavy computa7onal on a cost
efficient basis (e.g. medical research). For this purpose, hybrid models for non-‐mission cri7cal data or
when persistent data is maintained on-‐premises in a n-‐7er architecture (see PresidioHealth case
study) are the most recommended use cases for large organiza7ons.
According to healthcare organiza7ons, the most significant barriers for the adop7on of
technology in this sector are security and the cost of technology followed by the lack of
interoperability with exis7ng solu7ons and legal and privacy issues. Public Clouds improve the cost of
technology for Cloud Users due to service mul7-‐tenancy and Private Clouds achieve the same goal due
to resource op7miza7on. Moreover, the security offered by large Cloud Providers might also be in
some cases beOer than in certain situa7ons (e.g. small businesses, home networks of doctors, etc.)
but legal and privacy issues and the lack of interoperability due to the lack of standards are cri7cal
issues that disqualify the largest Public Cloud offerings at the moment of wri7ng.
Documented issues in current Public Clouds solu7ons include security incidents, privacy leaks,
availability and performance of services. Security in current IaaS Public Clouds has been compromised
in the last year by cartography and bad neighbor aOacks that can affect service reliability and
performance. Moreover, it is not clear yet what are the procedures for data dele7on and how the full
isola7on of tenants guarantees performance. This are important issues in the EPD context.

The performance (e.g. latency) of the largest Public IaaS offerings is also a cri7cal issue being in
some cases too poor to meet cer7fica7on requirements. However, the next networking technology
will enable higher bandwidth therefore minimizing the effect of network latency when boOlenecks are
generated at the public internet level. Dutch healthcare organiza7ons can select a Cloud Provider in
their own country to minimize the effect of latency on performance.
During 2009 there has been a number of outages in Public SaaS, PaaS and IaaS offerings witch
dura7on and recovery 7mes unacceptable in the EPD context. The lack of features for the proper
isola7on from the public internet (e.g. point-‐to-‐point connec7ons) is also another cri7cal issue that
that makes current Public Clouds not applicable to the EPD context. Nevertheless, na7onal Cloud
Providers specialized in healthcare might offer such solu7ons on a customized basis.
For this reasons we recommend the use of large Public Clouds (Internal or External) by Dutch
healthcare organiza7ons exclusively for selected uses cases involving non-‐mission cri7cal or non-‐
sensi7ve data. Some examples of these cases are tes7ng applica7ons with dummy data, high
performance compu7ng with encrypted or non-‐persistent data, fail-‐over for applica7ons that do not
use pa7ent or sensi7ve data (e.g. Medical Model Analysis, Gene7c Tests, etc.). Private Clouds on the
contrary are well suited for crea7ng solu7ons that comply with NICTIZ cer7fica7ons. We elaborate on
some of the most relevant tools for building Private Clouds in the next sec7on (see sec7on 5,
recommenda7on for Cloud Providers). We recommend healthcare organiza7ons to evaluate this tools
if they plan to build a Private Cloud to connect to the EPD.
4.2. Which type of Cloud Compu*ng solu*ons fit within the current legisla*ve
context and poli*cal agenda in The Netherlands?
The Dutch Government is very aware of the challenges that the healthcare system is currently
facing. Focus on quality improvements and opera7onal efficiency is repeatedly reflected in their
policies and legisla7ons. For this purpose, the Dutch Ministry of Health has ini7ated a reform of the
healthcare system in 2006 with the introduc7on of a compulsory private insurance for each ci7zen.
The transforma7on is aimed to shir the power from healthcare providers to consumers, and the
control from public bodies to insurers.
As a part of this transforma7on, the Dutch government has started in 2008 with the
introduc7on of an na7onal electronic pa7ent record system (EPD) to facilitate the 7mely exchange of
accurate medical informa7on. The main goal of this project is to improve the quality and accessibility
of healthcare on a cost efficient manner by enabling collabora7on between medical prac77oners. All
three goals (quality, accessibility, and cost efficiency) are also the most common goals found in Cloud
Compu7ng adop7on case studies. For this purpose we have limited the scope of our research to the
applicability of Cloud Compu7ng in the EPD context.

The Dutch government believes that if healthcare organiza7ons have 7mely and secure access
to relevant, complete and accurate clinical data (e.g. previous health encounters, test results, etc.)
they can improve the quality, accessibility and affordability of care services they provide to ci7zens.
The EPD is developed to provided these features to Dutch healthcare organiza7ons. An example of the
poten7al benefits of the EPD is the reduc7on of medical errors in diagnosis, medica7on and
treatments by increasing the availability of accurate, complete and relevant clinical data.
As the government has currently no enforcing power to make the use of the EPD compulsory,
the Ministry of Health has created NICTIZ, an organiza7on to support healthcare organiza7ons in their
use of ICT. NICTIZ has developed a cer7fica7on program to regulate secure access to the EPD
infrastructure. Healthcare organiza7ons that want to connect to the EPD need to obtain the GBZ
cer7fica7on which includes the use of XIS cer7fied sorware and ZSP cer7fied connec7vity. The XIS and
ZSP cer7fica7ons are obtained by the sorware manufacturer and the network provider used to
connect to the EPD respec7vely. However, if a healthcare organiza7ons develop their own sorware
and want to connect directly to the EPD they need to obtain these two cer7fica7ons previously to the
GBZ cer7fica7on.
NICTIZ cer7fica7on requirements determine the feasible Cloud Compu7ng models that Dutch
healthcare organiza7ons can apply to connect to the EPD. Therefore there are three possible Cloud
Compu7ng models (or any combina7on of them): Cloud GBZ, Cloud ZSP and Cloud XIS.
A. Cloud GBZ Example

A Cloud GBZ is a health informa7on systems that can connect to the EPD and runs on a Cloud
Compu7ng plaxorm as defined in this research. The informa7on system must provide all Cloud
Compu7ng features described in phase 1 of this research and comply with all GBZ cer7fica7on
requirements established by NICTIZ (see appendix N).
GBZ requirements are grouped in five main areas: prac7cal, organiza7onal, data management,
access, connec7on and security. Prac7cal requirements describe the profile of organiza7ons that are
allowed to access the EPD and delimit the scope of applica7ons and network providers that can be
used. Only healthcare organiza7ons that have completed the UZI registra7on process and have wriOen
agreements with their ZSP cer7fied network provider and their XIS cer7fied sorware provider can
connect through their XIS applica7on to the EPD. To further analyze the feasibility of the Cloud GBZ
model, we assume that the organiza7on is using XIS and ZSP cer7fied providers as they are further
elaborated in the Cloud XIS and Cloud ZSP models later on this sec7on.
Organiza7onal requirements describe the organiza7onal processes and resources needed to
maintain GBZ compliance including training, procedures, documenta7on, support, governance,
security, accountability, etc. Requirements in the data management area focus on the use, accuracy
and protec7on of pa7ent data. They include requirements for the proper iden7fica7on of pa7ents,
dossier management, rights and ini7al registra7on of pa7ents, data storage, data integrity, control and

security. Storage plays a crucial role in data management as GBZ organiza7ons must not only store
data during the legal storing 7me but also provide data overviews, daily back ups and discard
procedures. The requirements in the access group are created to determine who and how individuals
can access the EPD. They include procedures, restric7ons and controls for the use of UZI cards, UZI
readers, UZI server cer7ficate, log management, delega7on of responsibili7es, pa7ent (ini7al)
approval, data disposal and data integrity.
Connec7vity requirements refer to the appointment of responsibili7es related to configuring

and maintaining EPD connec7vity. They include requirements to determine the minimum allowed
availability (including maintenance), power con7nuity, 7me synchroniza7on, domain name and IP
address configura7on, and the accurate alloca7on of resources to guarantee availability and response
7mes. The security requirements area focuses on protec7ng the EPD against unauthorized access or
filling by controlling the protec7on of (XIS) sorware interfaces.
Arer analyzing all GBZ requirements we have selected the ones that could delimit the possible
characteris7cs of a Cloud GBZ solu7on. In prac7cal terms, a Cloud GBZ must be able to allow the
installa7on of secure server cer7ficates, to deploy XIS cer7fied sorware and to connect to the EPD
through a cer7fied ZSP connec7on (e.g. on-‐premises or external). All supported opera7ng systems in
current Cloud Compu7ng IaaS offerings include the configura7on of server cer7ficates. The
applicability of XIS and ZSP models are elaborated further in this sec7on.
At the applica7on layer it must be clear which interfaces connect to the EPD as they must be
properly protected against data leakage and unauthorized access. For this purpose, the applica7on
must contain features for logging, audit and control and the par7al or total block of pa7ent data
exchange. In order to enable secure access to the EPD, the applica7on must also provide support for
the use of UZI cards, UZI reader and UZI server cer7ficate including monitoring and repor7ng features,
log management and usage control. These features are dependent on the XIS sorware connec7ng to
the EPD. Current IaaS and PaaS solu7ons enable the development of such applica7ons in various
programming languages (e.g. Java, Python, etc.).
The Cloud GBZ must ensure data availability, correctness and security. For this reason, isola7on
of the XIS applica7on and pa7ent data are crucial requirements and they can be accessed exclusively
for EPD purposes. Based on recent security issues reported in the last year on Public Clouds (e.g.
cartography and bad neighbor vulnerabili7es, data leaks, data losses, etc.) we believe that at the
moment of wri7ng that Public Cloud models (Internal or External) do not fully comply with these
isola7on requirements and with na7onal laws and regula7ons.
To guarantee the con7nuity and availability of the EPD connec7on, the Cloud GBZ
infrastructure must con7nuously perform above the agreed level, with a maximum of 1 outage per
month with no more than 15 minutes down7me, a maximum of 2 outages per year with no more than
1 day down7me and a maximum amount of planned maintenance of 12 7mes per year with a

maximum down7me of 1 hour. Almost all current Cloud Compu7ng offerings have proven higher
availability scores over the last year and guarantee them in SLAs. However, some Public Cloud outages
and maintenance have resulted in longer recovery and maintenance 7mes than the maximum
allowed.
The infrastructure must also be able to scale resources in order to handle, the exchange of (HL7)
messages and SSL sessions with response 7mes below the agreed maximum. Moreover, the
infrastructure must include measures against power shortage (e.g. UPS) and NTP 7me synchroniza7on
with an allowed devia7on of one second. In order to enhance security, each connec7on to the EPD
must always use a dedicated IP address and domain name and every XIS sorware interface must be
properly protected (e.g. firewall, DMZs, etc.). Moreover, the Cloud GBZ must provide scalable storage,
daily back ups, stored data overviews and procedures for effec7ve data disposal.
All Cloud Compu7ng providers offer large scalability of resources as it is one of the most
commercially interes7ng features of such solu7ons. Some them offer automa7c scalability based on
pre-‐defined paOerns which enables fully availability in all possible situa7ons. Cloud data centers have
also taken measures against power failures (e.g. UPS fail-‐over, replica7on, etc.) and in some cases even
more advanced than enterprise solu7ons. Daily back-‐ups, NTP 7me synchroniza7on, data overviews,
and IP and domain name configura7on are standard features in available Cloud Compu7ng solu7ons.
Response 7mes are an important issue for current Public Cloud models. For example, arer the
introduc7on of spot prices, Amazon’s IaaS offering experienced response 7mes much larger than the
maximum allowed. Another issue is data disposal procedures in Public Clouds. As resources are
reallocated to other customers, it is not clear how current providers eliminated data before
realloca7on. Although there have not been any reported leaks of this type, it is not clear wether data
is later available to the next customer. Public Cloud providers need to improve their transparency on
this issue as most enterprises need this kind of assurance.
An example of a possible Cloud GBZ solu7ons is Adastra in its managed hos7ng version
together with LSPconnect a plugin to connect to the EPD infrastructure. Both products are offered by
E.nova7on B.V. in The Netherlands. Adastra is a XIS cer7fied informa7on management system for
organiza7ons that provide primary care arer office hours (huisartsenposten in Dutch). The applica7on
is offered to Dutch healthcare organiza7ons in two forms: on-‐premises or in a managed hosted version
(SaaS). The SaaS model is developed to allow users to leverage E.nova7on’s data center for full
availability and con7nuity of care on a cost efficient manner. E.nova7on has two data centers where
data is replicated between them using a SAN storage solu7on. Together with the LSPconnect plugin on
its managed hos7ng version they both make a SaaS solu7on that offers a XIS cer7fied applica7on and
a ZSP cer7fied connec7on. As these are essen7al requirements to obtain the GBZ cer7fica7on
organiza7ons can use these two products to comply with most of the EPD technical requirements.

B. Cloud ZSP Example
A Cloud ZSP is a connectIon to the EPD that runs on a Cloud Compu7ng plaxorm as defined in
this research. The connec7on must offer all Cloud Compu7ng features described in phase 1 of this
research and comply with all ZSP cer7fica7on requirements established by NICTIZ (see appendix M).
Dutch healthcare organiza7ons can choose to implement their own ZSP cer7fied connec7on to
the EPD or use a external provider for this purpose. A external Cloud ZSP is interes7ng specially for
small organiza7ons (e.g. GPs, specialists clinic, etc.) where the costs of a direct connec7on to the EPD
are too high. The majority of small organiza7ons do not have enough resources (e.g. capital, human
resources, ICT, etc.) to comply with ZSP requirements. For example, for a GP working alone on his own
prac7ce it is very complex and expensive to implement 24x7 availability, firewalls, etc. By leveraging
the external knowledge and experience as well as the resources of the Cloud ZSP provider they can
implement cost efficient EPD connec7vity.
The main purpose of the Cloud ZSP provider is to facilitate the exchange of electronic
messages between their clients (GBZs) and the na7onal switching point (LSP) including connec7ons to
tes7ng and produc7on LSP environments. To achieve this goal ZSP requirements focus on the
func7onality, implementa7on and exploita7on of the connec7on.
The func7onality of data communica7ons must comply with two groups of requirements:
connec7vity and domain name system requirements. The connec7on of the LSP must use a fixed pre-‐
assigned IP address an comply with a set or predefined physical requirements (e.g. UTP, duplex mode,
fixed speed, etc.) without making (par7al) use of the public internet network. The connec7on must be
able to connect to the UZI register through the LSP’s rou7ng func7onality and to Cer7ficate
Authori7es (CAs). Domain name server requirements include registering GBZs hosts and domain
names, forwarding DNS zones, management of authorita7ve primary and secondary DNS servers,
reverse DNS zones and the configura7on of the LSP’s DNS server as slave for each subdomain.
The implementa7on of the connec7on must also comply with a series of security, availability
and response 7mes considera7ons. ZSP organiza7ons must have security policies embedded in the
organiza7on regarding employees, physical security (e.g. network devices), access management,
protec7on against internet threats (e.g. virus, spam, hackers, etc.), security incidents and con7nuity
management. In general terms the ZSP connec7on must be available 24 hours per day and 7 days per
week, with a specific maximum number of allowed malfunc7ons and recovery 7mes per type of
malfunc7on. Moreover, the con7nuity of the connec7on and DNS services must be guaranteed by
providing sufficient backup and fail-‐over mechanisms to cope with hardware malfunc7ons. The Cloud
ZSP must communicate any malfunc7on, its progress and recovery to all connected GBZs and the LSP.
Response 7mes of network round trips between GBZs and the LSP must be in 90% of all cases bellow
200 milliseconds. For this purpose, network traffic to the LSP must be priori7zed.

Exploita7on requirements focus on the ongoing use and maintenance of the ZSP connec7on
and they include organiza7onal, management and user support considera7ons. Most of them do not
affect the solu7on to be applied as they include contractual and administra7ve requirements to report
and solve malfunc7ons, maintenance and other outages. The Cloud ZSP must provide points of
contact for user support and system administrators as well as migra7on support to and from other ZSP
providers. User support should be priori7zed according to service levels and must be able to handle all
issues reported by connected GBZs.
When analyzing the applicability of Cloud Compu7ng we observe that isola7on from the public
internet network is an issue in current Public Clouds. Although secure VPN connec7ons in Hybrid
Clouds are possible (e.g. Amazon’s Virtual Private Cloud) effec7ve public internet isola7on can only be
achieved by for example point-‐to-‐point connec7ons which are feature currently not available in Public
Clouds. Moreover, as SSL is supported in almost all cases the implementa7on of connec7ons to the
UZI register and CAs can also be implemented. Regarding DNS management, current IaaS solu7ons
offer all the required func7onality. The only issue we observe is that fixed speed is only offered by
some current Public Cloud providers.
Looking at current Public Cloud offerings we must also conclude that although they apply high
end security tools (e.g. data encryp7on, firewalls, spam and virus protec7on, back-‐ups, etc.), the
isola7on and performance of mul7-‐tenant resources s7ll needs to be improved. For example, during
the last years cartography aOacks and bad neighbor vulnerabili7es have been reported on Amazon’s
EC2. Although the guaranteed availability of Public Clouds currently complies with the maximum
allowed malfunc7ons, recovery 7mes even during planned maintenance is in some cases larger than
allowed. Another important issue in Public Clouds is the lack of transparency in security architectures,
malfunc7ons, their progress and their solu7on. Most providers (e.g. Amazon) communicate
malfunc7ons through a web dashboard or website instead of contac7ng users directly. They also do
not publish a lot of security specifica7ons to avoid suffering aOacks based on that knowledge (spoiler
effect of informa7on).
Response 7mes are a crucial issue for the use of current Public IaaS solu7ons. In figure 27. The
single trip responses from the USA to Amazon’s EC2 cloud are measured from November 2009 to
January 2010. The effect of the spot pricing models is clearly observed in the increase in response
7mes from an average of 50 ms before the introduc7on to much above 200 ms arerwards. In any case
the op7mum level of 50 ms is s7ll the maximum allowed by cer7fica7on as the 200 ms round trip from
GBZ to LSP means 100 ms round trip to each and therefore four 50 ms single trips.

Figure 27: Ping latency to Amazon EC2 amer spot price introduc*on
(Source: https://www.cloudkick.com/blog/2010/jan/12/visual-ec2-latency/)
A example of a current Cloud ZSP solu7on is E.nova7on’s LSPconnect plugin to link GBZs and
the LSP through a ZSP cer7fied connec7on. The offering is offered both on-‐premises or hosted at
E.nova7on’s data center, possibly in combina7on with other solu7ons (e.g. Adastra SaaS solu7on). As
the managed hosted version of LSPconnect is ZSP cer7fied to connect to the EPD, it complies with our
defini7on of Cloud Compu7ng in a Private External PaaS model so it can be considered a Cloud ZSP
solu7on. This is specially interes7ng for small healthcare organiza7ons in order to achieve cost
efficient EPD connec7vity without the need to cer7fy their connec7ons or applica7ons.
C. Cloud XIS Example

All XIS cer7fica7on requirements can be accounted for in the development of the applica7on.
Most of the current XIS cer7fied sorware has been developed using the most common programming
languages (e.g. Java, .NET, etc.). As these languages are also supported in all IaaS and PaaS offerings it
is therefore possible to build XIS (SaaS) applica7ons on them. An example could be the managed
version of Adastra which is XIS cer7fied and in also offered as-‐a-‐service at E.Nova7on’s data center
which complies with our defini7on of Cloud Compu7ng.
A final remark should be made on the fact that the EPD infrastructure is a Cloud Compu7ng
environment from each healthcare provider’s perspec7ve where features are forced by requirements
in the NICTIZ cer7fica7on program. For example, scalability and elas7city is enforced in requirement to
have enough storage and bandwidth to handle all message exchanges. The on-‐demand feature is
guaranteed by requirements related to back-‐ups, fail-‐over and con7nuity of opera7ons,. Moreover,
ZSP solu7ons are oren offered as-‐a-‐service by external ICT providers and their solu7ons use the
internet as the network plaxorm. The usage based pricing model can be included in EPD cer7fied
solu7ons by ICT providers although this is currently not oren the case.

4.3. How do current regula*ons facilitate or difficult the adop*on of Cloud
Compu*ng?
In our research we have focused on the introduc7on of a electronic pa7ent records
infrastructure (the EPD), one of the largest and most significant ICT projects in the Dutch healthcare
sector. Regula7ons that determine the technical requirements needed to connect to the EPD are
developed by NICTIZ in GBZ, ZSP and XIS cer7fica7on programs. We have analyzed these requirements
previously in this research and although the majority of them are realis7c and found in other secure
inter-‐organiza7onal infrastructures, some requirements have a clear focus on na7onal large healthcare
organiza7ons (e.g. hospitals, etc.) and na7onal ICT providers. First, the ICT investments needed to
comply with all NICTIZ requirements are in most cases too high for small and medium organiza7ons.
On the other hand, required network response 7mes and speed, customized support and dedicated
limit the available providers to na7onal ICT provider specialized in healthcare and with custom
solu7ons that meet all the needs.
As small organiza7ons (e.g. GPs, etc.) need to find ways to meet all the requirements on a cost
efficient basis, there are large opportuni7es for intermediaries that deliver part of the solu7on (e.g. a
cer7fied ZSP connec7on, a cer7fied XIS applica7on, etc.). These intermediaries deliver the same
solu7on to more than one client, therefore capitalizing the investment as sales volume rises. Although
this enables cost efficiency for all individual customers, it represents a cost inefficiency for the whole
system as these intermediaries increase overall costs with their profit margins. If requirements were
more easy and less expensive to implement there will not be intermediaries, therefore reducing the
overall cost.
Cloud Compu7ng solu7ons outside NL are excluded by legisla7on as pa7ent data must be
stored within the Dutch na7onal domain. As a consequence, the largest and more mature Public Cloud
vendors are excluded as they are oren locate in the United States. These providers in the USA have
demonstrated several HIPAA compliant best prac7ces. Even the USA government has created a Private
External Cloud to be used by all governmental bodies and is planning to enforce the use of this cloud
by law by 2010.
It is important to note that par7cipa7on of all healthcare providers is a cri7cal success factor
for EPD ini7a7ve. Although at the moment of wri7ng the use of ICT in Healthcare is not yet enforced
by Dutch law, the Dutch government is planning to improve this in the coming years by making EPD
par7cipa7on compulsory to all healthcare organiza7ons. The Dutch government should carefully
examine Cloud Compu7ng best prac7ces of the USA when developing future laws and legisla7on,
taking into account the effects of globaliza7on and improving the limita7ons of data localiza7on and
response 7mes.

Although the cer7fica7on program and architecture of the EPD infrastructure provides enough
flexibility to implement many different solu7ons, it implies also a added security risk for the whole
system. If n providers connect to the EPD there can be n different construc7ons in place as long as
they comply with the requirements. Some might deploy high end hardware or contract leading ICT
providers, others might use less reliable hardware or contract smaller ICT providers. This means that in
the current situa7on the EPD is as strong as it weakest link. This also implies a significant cost
inefficiency for the whole system represented by the sum of differences between the investments
made by the weakest GBZ and the investments of all other connected GBZs.

Research Conclusion
The main research ques7on in our research was to inves7gate the feasibility of cloud
compu7ng solu7ons to connect to the Dutch healthcare na7onal pa7ents records system. We started
our research by crea7ng our own defini7on of cloud compu7ng as it is a rapidly emerging IT delivery
model and there are therefore no defini7ons found in previous scien7fic work. We explored not only
its features but also its main advantages, risks and use cases among other considera7ons. In the
second phase of our research we shired our focus to analyze the Dutch healthcare sector and the role
of IT in that sector, focusing further on one of its most significant IT infrastructures, the na7onal
electronic records system EPD. To facilitate our feasibility analysis we constructed a matching-‐model in
the third phase of our research.
The findings of our research indicate that there are several opportuni7es for using cloud
compu7ng solu7ons that can connect to the na7onal pa7ent records infrastructure (EPD). The on-‐
demand and elas7c features of this delivery model are cri7cal to achieve the levels of availability and
con7nuity that are required by cer7fica7on to be able to connect to the EPD. However, there are also
several limita7ons to this new delivery model that exclude the majority of current cloud solu7ons.
Nevertheless, this means also that there are several opportuni7es for IT providers in The Netherlands
to develop new cloud compliant solu7ons for the EPD.
The first significant limita7on of the as-‐as-‐service model in the EPD context versus the on-‐
premises model is that the cloud provider needs to be a Dutch organiza7on and store all data in The
Netherlands. Moreover, performance and network response 7mes requirements indicate that the
provider's data center needs to be very efficient and not geographically dispersed outside The
Netherlands.
In our opinion the most significant barriers for the as-‐a-‐service model in the EPD context are
found in connec7vity, security, transparency and support requirements. The provider must be able to
offer a private leased line and have a strong security policy in place. Although we believe that
providers use effec7ve security measures they do not disclose many details related their security
strategy. Analyzing current offerings we have to conclude that there are no current public cloud
offerings that offers the required level of transparency. The level of personalized support in outages,
recoveries and maintenance required by cer7fica7on are also serious barrier and not included in
current as-‐a-‐service offerings.
As we can observe in our matching-‐model most of requirements delimit directly the as-‐a-‐
service feature and indirectly the Internet delivery feature while we can find several requirements that
enforce the scalability and on-‐demand features. This unbalanced situa7on reflects in our opinion that
EPD requirements requires high performance under high controlled situa7ons when communica7ng
or collabora7ng with third par7es (as-‐a-‐service and Internet delivery).

Although cloud compu7ng can highly contribute to improve availability and scalability, EPD
requirements limit its use to private (internal or external) clouds offered by Dutch providers and that
offer a high level of personaliza7on and customiza7on. Due to the high costs related to this level of
customiza7on we believe that only specialized cloud providers can offer a compliant solu7on.
Based on our research conclusion we further elaborate some recommenda7ons for healthcare
organiza7ons, gobernment bodies and ICT providers in the remaining of this sec7on.
1. Recommenda*ons For Healthcare Organiza*ons

There is a lot of hype surrounding the term Cloud Compu7ng which has resulted into a lot of
misunderstandings and wrong assump7ons by Cloud Users. Some think that it is merely a hype around
exis7ng technology while others believe that it will have a disrup7ve effect on ICT delivery.
Nevertheless, there are several best prac7ces that demonstrate how this new paradigm can be
applied while complying with healthcare regula7ons like HIPAA. Smart hybrid construc7ons where
persistent data remains on-‐premises at all 7mes are some examples of solu7ons possible in this area.
According to healthcare organiza7ons, the most significant barriers for the adop7on of
technology in this sector are security and the cost of technology followed by the lack of
interoperability with exis7ng solu7ons and legal and privacy issues. Although the security offered by
large Cloud Providers might also be in some cases beOer than in certain situa7ons (e.g. small
businesses, home networks of doctors, etc.) legal and privacy issues and the lack of interoperability
due to the lack of standards are s7ll major issues when using the largest Cloud Providers.
We recommend Dutch healthcare organiza7ons to choose a provider specialized in the Dutch
healthcare sector that allows the level of customiza7on necessary to comply with EPD requirements
and minimizes barriers like the effect of network latency, performance, etc. It is important to note the
EPD connec7vity requires some special features such as a connec7on that is properly isolated from
the public internet (e.g. a point-‐to-‐point connec7on), strict latency and fully isola7on from other
applica7ons to protect the infrastructure from unauthorized access.
The use of Cloud Compu7ng solu7ons leads per defini7on of lower cost of technology as it
enables beOer resource u7liza7on in Private Clouds and economies of scale through service mul7-‐
tenancy in Public Clouds. In order to offer a compu7ng capability as-‐a-‐service it must reach such
standardiza7on levels that consump7on can be seamlessly monitored, measured and billed.
We recommend the use of the largest Public Clouds (Internal or External) by Dutch healthcare
organiza7ons exclusively for selected uses cases involving non-‐mission cri7cal or non-‐sensi7ve data.
Some examples of these cases are tes7ng applica7ons with dummy data, high performance compu7ng
with encrypted or non-‐persistent data, fail-‐over for applica7ons that do not use pa7ent or sensi7ve
data (e.g. Medical Model Analysis, Gene7c Tests, etc.).

We believe that Cloud Compu7ng solu7ons can support Dutch healthcare organiza7ons in
achieving their most cri7cal goals: cost efficiency, quality, con7nuity and availability of care services.
These feature are oren found in exis7ng use cases and best prac7ces. However, organiza7ons must be
very careful when selec7ng External Cloud Providers and should avoid the use of the major Public
Clouds as they do not offer the requirements needed to comply with na7onal regula7ons.
Moreover, they do not provide demonstrated mechanisms for resource isola7on, security and
data integrity. For this reason we recommend healthcare organiza7ons to deploy Private Clouds as
pilot projects to leverage some of the benefits of Cloud Compu7ng (e.g. resource op7miza7on, agility,
etc.) while maintaining full control over security and configura7on. Although we recommend Internal
Private Clouds when when there is enough poten7al for resource (e.g. hardware, sorware, etc.)
op7miza7on, External Private Clouds can be applied if the provider is located in The Netherlands and
complies with ZSP and XIS cer7fica7on requirements. In the recommenda7ons for Cloud Providers we
recommend some of the most popular tools to build Private Clouds that organiza7ons can use.
Large healthcare organiza7ons (e.g. hospitals, etc.) can for example build GBZ cer7fied Internal
Private Clouds that connect directly to the EPD. With this model they op7mize resources while
suppor7ng compliance with many requirements (e.g. scalability, availability, security, etc.). External
Private Clouds are more interes7ng for small healthcare organiza7ons as they do not have the
resources (e.g. ICT, capital, human resources, etc.) to leverage Internal models cost efficiently. It is
important to note that in any External model organiza7ons should use strong encryp7on when
transferring and storing sensi7ve data.
A final recommenda7on for organiza7ons building their own Cloud Compu7ng environment is
to account for hybrid models from the design phase, even if it will not be used for the 7me being. This
will enable many interes7ng features (e.g. horizontal scalability, out-‐burs7ng, fail-‐over, etc.) of Cloud
Compu7ng once Public offerings improve their current shortcomings. From our own experience we
can affirm that this type of features are very difficult to implement once the solu7on has mature and
become more complex and difficult to manage.
2. Recommenda*ons For Government

Our general recommenda7on to the Dutch government is to invest more 7me and money in
researching ini7a7ves to improve the healthcare system’s economic sustainability while improving
care services availability and quality. There are many case studies demonstra7ng how commercial
organiza7ons have leveraged ICT solu7ons to achieve any of these goals. The government should
carefully analyze these best prac7ces and promote the findings among healthcare organiza7ons. ICT is
going to have a crucial role in the transforma7on process towards pa7ent centric healthcare.
A behavior that Dutch public representa7ves should avoid is to evaluate technology in the
media without being correctly informed about it or without falling under their responsibili7es. An
example of this behavior is the comments of the secretary of interior Mrs Bijleveld which claimed that

Cloud Compu7ng is not secure for government adop7on. Mrs Bijleveld obviously is not aware of the
several USA government best prac7ces (data.gov, apps.gov and the IT Dashboard among others) and
the reported public spending improvements (e.g. data center consolida7on, leveraging ci7zen
developers, transparency, etc.) without compromising security.
We recommend the Dutch government to carefully analyze current USA best prac7ces, and
research the applicability of any form of government cloud in The Netherlands. A clear example of the
benefits that this could bring is the data center consolida7on that has taken place in the USA
government. However, and in accordance with Chain Computeriza7on theory, a government cloud
should not be used for centralized storage but to facilitate other type of resources (e.g. applica7ons,
frameworks, plaxorm, etc.). The approach of the EPD where data is stored as close as possible to its
origin should therefore be maintained as data is kept up to date.
The current cer7fica7on system for connec7ng to the EPD can also be improved to facilitate
the cer7fica7on of small and medium healthcare providers without the need of ICT intermediaries
which result in cost inefficiencies. If ICT providers are needed, geographical limita7ons should be
replaced by func7onal requirements which expands the number of feasible providers, resul7ng
therefore in cheaper solu7ons due to price compe77on forces.
3. Recommenda*on for Cloud Providers

There are several opportuni7es for Cloud Providers to offer solu7ons for the EPD
infrastructure. Although we consider current large Public Clouds (e.g. Amazon, Rackspace, etc.) as not
ready yet to be used in the EPD context, there are several tools available to build clouds that can
comply with NICTIZ cer7fica7on requirements (e.g. GBZ, ZSP and XIS) and can be offered to Dutch
healthcare organiza7ons. This way Cloud Providers can build Private Clouds (Internal or External) that
deliver a Cloud XIS (e.g. a SaaS cer7fied applica7on), a Cloud ZSP (e.g. a PaaS cer7fied plaxorm) and/
or a Cloud GBZ to Cloud Users.
Some recommenda7ons for current Public Cloud providers could be to improve transparency
of data disposal methods and security, as well as performance and con7nuity of service by improving
the dura7on of malfunc7ons and maintenance. Moreover, they can specialize in consul7ng services
for the selec7on and implementa7on of GBZ compliant Internal Private Clouds for example for
hospitals, or adopt the emerging roles of cloud brokers aggrega7ng and reselling services or inter-‐
cloud connec7vity services.
Build Your Own EPD Cloud: Proprietary versus Open Source Solu*ons
New Cloud Providers and organiza7ons that plan to build their own (Internal or Private) Cloud
have several tools available for this objec7ve. Some of these tools are proprietary while others are
provided under the Open Source licensing model. Organiza7ons should carefully consider these two
op7ons as they result in significantly different TCOs in licensing, maintenance, upgrades, etc.

Nevertheless using both types of technologies an organiza7on can build a cloud solu7on that can be
cer7fied for connec7ng to the EPD infrastructure.
One of the most significant developments in proprietary tools to build clouds is VMware’s
Acadia joint venture with Cisco and EMC. The partnership aims to accelerate the transi7on of data
centers from physical to virtualized and ul7mately to Cloud Compu7ng. They offer the unified delivery
of products (vBlocks), service and support on building Clouds by using Cisco’s networking and
communica7on (UCS) solu7ons, EMC storage solu7ons and VMware’s virtualiza7on plaxorm vSphere.
As all three organiza7ons in the Acadia alliance are market leaders in their own segment (e.g.
networking, storage and virtualiza7on), these tools can leverage a very robust and stable solu7on that
will only improve over 7me as the join venture realizes its poten7al synergies. However, these
solu7ons are also rather expensive compared to other alterna7ves (Xen, Juniper, F5, etc.) as they are
oren regarded as enterprise solu7ons. We recommend this tools only for organiza7ons that already
have substan7al investments in these technologies (e.g. VMware, Cisco, etc.) that the costs of
disinvestment are greater than the extra costs for deploying this new product (vBlocks).
For organiza7ons that do not have substan7al vendor related investments in place we
recommend to start experimen7ng with Open Source tools for building their own Private Cloud.
Among the available Open Source tools we recommend Ubuntu Enterprise Cloud, Eucalyptus,
OpenQRM and OpenNebula as they are the most mature tools that enterprises are using nowadays to
deploy their own clouds. Ubuntu Enterprise Cloud (UEC) is included with Ubuntu Server Edi7on and
integrates a number of open source projects (including Eucalyptus) which makes it a turnkey package
to deploy a Private Cloud. We recommend UEC for small and medium organiza7ons with limited
infrastructure and/or ICT capabili7es (e.g. human resources, skills, experience, etc.) as it is very simple
and fast to deploy (within ten minutes and without advanced IT skills). UEC supports also the smallest
clouds (two computers or virtual machines).
Eucalyptus (Elas7c U7lity Compu7ng Architecture Linking Your Programs To Useful Systems) is
an Open Source sorware for deploying Cloud Compu7ng solu7ons over compu7ng clusters that is
compa7ble with Public Clouds (e.g. Amazon interfaces). It uses commonly available Linux tools and
Web-‐service technologies as well as support for all major proprietary and Open Source virtualiza7on
standards (e.g. Xen, KVM, vSphere, ESX and ESXi). We recommend this tool for organiza7ons have the
IT skills and resources needed to deploy and configure a Private or Hybrid Cloud from the command
line (without GUIs, Menus, etc.). It is specially interes7ng for organiza7ons that plan to leverage
Hybrid Cloud func7onali7es in the near future as it currently supports Amazon’s EC2, S3 and EBS
services.
OpenQRM a tool for the delivery of virtual clusters through a single-‐management console and
a well defined API which can be used to integrate third-‐party solu7ons. OpenQRM can create an
image of a physical server, write that image to a SAN solu7on and then run the virtual instances on

demand from that SAN. We recommend this tool specially for organiza7ons that already have
significant investments in SAN solu7ons and plan to integrate them in their cloud.
OpenNebula is an Open Source tool kit for managing any virtual infrastructure in a data-‐center
or cluster and is able to support the deployment of Hybrid models to combine local infrastructures
with Public Clouds. We recommend OpenNebula for organiza7ons that focus on leveraging Hybrid
Clouds for heavy computa7onal tasks (e.g. High Performance Compu7ng) as this tool has already been
proven successful in documented case studies at NASA.
The Importance of Open Cloud Standards

A last remark should be made on the need for open standards in cloud services that will
reduce the risk of vendor lock-‐in by facilita7ng service portability and the interconnec7on of several
cloud offerings. A lot of current risks associated with the Cloud Compu7ng model can be (par7ally)
solved by deploying solu7ons on mul7ples clouds (e.g. third-‐party dependency, availability, vendor
bankruptcy, etc.). Cloud Users can benefit from this approach only when these clouds use the same
standards and therefore it is cost efficient to migrate between them. At the moment of wri7ng this is
not the case as almost every solu7on uses its own standard and most of them are hardware vendor
oriented.
For this reason we strongly recommend Cloud Providers to adhere to the Open Cloud
Manifesto ini7a7ve (hOp://www.opencloudmanifesto.org/) and the DMTF Open Cloud Standards
Incubator (www.dmx.org/cloud) and apply their principles on their solu7ons.
The Open Cloud Manifesto has developed a set of core principles for Cloud Providers to enable
a standards based Open Cloud. These principles focus on (1) beOer security through higher provider’s
transparency, (2) data and applica7on interoperability and portability by applying standard interfaces
for model independent solu7ons (Public Clouds, Private Clouds, etc.) which enables migra7ons to and
from the cloud and between Cloud Providers and models, (3) standardized mechanisms for ICT
resource governance and management and (4) consistent standards to monitor service performance
across mul7ple providers.
The DMTF standards focus on the interfaces between Cloud Providers and Cloud Users and
between Cloud Providers and developers to enable the accurate management of underlaying
resources. These interoperability standards are needed to reduce the risk of vendor lock-‐in and
leverage agility by mul7-‐provider solu7ons. Both ini7a7ves have emerged from the Cloud Compu7ng
community and include both Cloud Users and Cloud Providers among their members.

Bibliography
Arellano, N. (2009, Jul 5). Cloud control – Top cloud computing risks and how to handle them.
ITBusiness.ca , 1-‐2.
Armbrust, M., Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., et al. (2009, Feb 10). Above the
Clouds: A Berkeley View of Cloud Computing. Whitepaper UC Berkeley Reliable Adaptive
Distributed Systems Laboratory , 23.
Arnold, E. (2008). Get your head out of the clouds. Searcher , 16 (10), 50-‐53.
Arnold, E. (2008, May 1). Leveraging Clouds to Make You More EfXicient: How SaaS-‐y are you?
Online , 6.
Aron, D. (2009, Jun 24). IT Strategy is Critical in Volatile Times. Gartner Webinar , 1-‐23.
Babcock, C. (2009, Jun 26). Cloud Computing Advocates Detail Its Future . InformationWeek , 1-‐3.
Baker, S. (2007). Google and the wisdom of clouds. Business Week (4064), 48-‐55.
Bakker, J. (2009, Feb 14). Vijf redenen om de cloud te mijden | Webwereld. Webwereld.nl , 2.
Betts, M. (2009, Apr 23). Cloud computing: How to decide 'when to cloud'. Computerworld , 1-‐2.
Blankena, F. (2009, Feb 20). Flinke start-‐up kan best zonder servers. Automatisering Gids , 1-‐1.
Brinkkemper, S., Saeki, M., & Harmsen, F. (1999). Meta-‐modeling based assembly techniques for
situational method engineering. Information Systems, 24(3), 209-‐228.
Brodkin, J. (2009, Sep 30). Cloud computing hype spurs confusion, Gartner says. Computerworld ,
1-‐2.
Broek, M. (2009, Jul 15). Dave Armstrong (Google EMEA) over cloud computing.
Marketingfacts.nl , 1-‐2.
Brown, M. (2009, Oct 13). Capacity planning and the cloud. Computerworld , 1-‐2.
Brown, M. (2009, Feb 9). Cloud computing interoperability. Computerworld , 1-‐1.
Brown, M. (2009, Oct 7). What cloud computing isn't. Computerworld , 1-‐2.
Brynko, B. (2008, Nov 7). Cloud Computing: Knowing the Ground Rules. Information Today , 1-‐2.
Buyya, R., Yeo, C., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud Computing and Emerging
IT Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility. Future
Generation Computer Systems, 25(6), 17.
Buyya, R., Yeo, C., & Venugopal, S. (2008). Market-‐Oriented Cloud Computing: Vision, Hype, and
Reality for Delivering IT Services as Computing Utilities. Proceedings of the 10th IEEE
International Conference on High Peformance Computing and Communications.
Cai. (2009). Customer Centric Cloud Service Model and a Case Study on Commerce as a Service.
2009 IEEE International Conference on Cloud Computing.
Carr, N. (2008, Jan 15). The Big Switch. Norton & Co Ltd , 22.

Chamberlin, T., & Leong, L. (2009, Jul 2). Magic Quadrant for Web Hosting and Hosted Cloud
System Infrastructure Services. Gartner Research , 1-‐11.
Chen, W., & Hirschheim, R. (2004). A paradigmatic and methodological examination of
information systems research from 1991 to 2001. Information Systems Journal, 14, 197-‐235.
Chong, F., & Carraro, G. (2006). Architecture Strategies for Catching the Long Tail. MSDN
Architecture Center, 1-‐15.
Croon, M., Duijts, J., & Leenards, P. (2009, Jan 9). Modern beheer: andere frameworks.
Automatisering Gids , 1-‐1.
Cunningham, P., & Wilkins, J. (2009). A walk in the cloud. Information Management , January-
February 2009, 1-‐8.
Dargha, R. (2009, Apr 14). Cloud Computing -‐ Key Considerations for Adoption. Infosys
Technologies , 1-‐8.
DAuria, J., & Nash, K. (2009, Jul 6). Cloud Computing Special Part 2: Cloud Control. CIO.com , 1-‐8.
Deutsch, D. H., & Turisco, F. (2009). CSC Accomplishing EHR/HIE (eHealth): Lessons from Europe.
CSC, 1-‐14.
Dignan, L. (2009, Jul 15). BMC to link up with Amazon Web Services for hybrid cloud
deployments. ZDnet , 1-‐1.
DMTF (2009) Interoperable Clouds: A White Paper from the Open Cloud Standards Incubator.
http://www.dmtf.org/about/cloud-‐incubator/DSP_IS0101_1.0.0.pdf
Drakos, N. (2009, Jul 1). Technology Trends You Can’t Afford to Ignore. Gartner Webinar , 1-‐32.
Dubie, D. (2009, Jul 7). Gartner adjusts 2009 IT spend downward again. Network World , 1-‐1.
Duke, J., Hartz, E., & Jacobs, B. (2009). The secret sauce: achieving ROI that justiXies the initial
investment. Presentation at the 2009 HIMSS conference.
Ebusiness Watch. (2006). ICT and e-‐Business in Hospital Activities. e-‐Business Watch 2006,
1-‐198.
Edgewatertech. (2009, Mar 23). Cloud Computing Trends: Thinking Ahead (Part 1) .
Edgewatertech , 1-‐3.
Eurobarometer. (2007). Health and long-‐term care in the European Union. European Comission,
1-‐247.
Eurobarometer. (2009). The Europeans in 2009. European Comission, 1-‐144.
Eurobarometer. (2008). Eurobarometer Wave 70. European Comission, 1-‐87.
European Commission. (2007). Together for Health: A Strategic Approach for the EU 2008-‐2013.
Commission of the European Communities.

European Parliament. (2000). The Charter of Fundamental Rights of the European Union. OfXicial
Journal of the European Communities.
Everett, C. (2009). Cloud computing -‐ A question of trust. Computer Fraud & Security Bulletin ,
2009 (6), 5-‐7.
Feiman, J. (2008, Feb 11). Business Initiatives That Avoid IT Cost Cuts and Promote Investment.
Gartner Research , 4.
Fergusson, S. (2008). The future of cloud computing. eWeek (17), 2.
Foley, J. (2009, Jul 15). A DeXinition Of Cloud Computing -‐ Plug Into The Cloud. InformationWeek ,
1-‐3.
Galliers, R. D., & Land, F. F. (1987). Choosing Appropiate Information Systems Research
Methodologies. Communications of the ACM, 30(11), 900-‐902.
Gartner. (2009). eHealth for a Healthier Europe -‐ opportunities for a better use of healthcare
resources. se2009.eu, 1-‐84.
Golden, B. (2009, Jul 8). Cloud and Web 2.0 Insights from Structure 09 Conference. IDG news
service , 1-‐2.
Golkar, C. (2009, Jul 15). Top Business and Technology Questions in Cloud Computing.
BeyeNetwork , 1-‐7.
Graham, C. (2007, Sep 6). IT Leaders Top Three Reasons to Invest in Information Infrastructure.
Gartner Research , 4.
Gregor, S., & Jones, D. (2007). The Anatomy of a Design Theory. Journal of the Association for
Information Systems, 8(5), 312-‐335.
Gregor, S. (2006). The Nature of Theory in Information Systems. Management Information Systems
Quarterly, 30(3), 611-‐642.
GridTalk. (2009, Jan 30). GridBrieXing Grid Computing in Five Minutes. GridTalk , 1-‐4.
Group, C. (2009, Jul 2). Cloud Computing Use Cases. Cloud Computing Use Cases Discussion Group ,
1-‐22.
Harris, J., Daugherty, P., & Tobolski, J. (2009). What the Enterprise Needs to Know About Cloud
Computing. Accenture.
Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design Science in Information Systems
Research. MIS Quarterly, 28(1), 75-‐105.
Hinchcliffe, D. (2009, Mar 26). Cloud computing and the return of the platform wars. ZDnet , 1-‐6.
Hiner, J. (2009, Jun 19). Four reasons why business will take to the cloud. ZDnet , 1-‐2.
Hirschheim, R., & Klein, H. K. (1989). Four paradigms of information systems development.
Communications of the ACM, 32.

Hoeffnagel, W. (2009, Jul 16). Gartner brengt aanbieders van cloud computing in kaart.
Datacenter Works , 1-‐10.
Holliday, J. (2009, Jun 26). Cloud Computing -‐ Show Me the Money. 2009 JavaOne Conference , 1-‐3.
Howarth, B. (2009, Jul 6). Cloud Computing Special Part 1: Looking For The Silver Lining .
CIO.com , 1-‐8.
ICTzorg. (2009). Gekleurd onderzoek anti-‐EPD huisartsen: 95,8 procent wil geen EPD.
ICTzorg.com.
Informatiepunt EPD. (2008). GBZ vragenlijst verkorte versie. Informatiepunt EPD BSN in de zorg
en landelijke EPD.
Informatiepunt EPD. (2009). Handboek Landelijk Elektronisch Patientendossier (EPD).
Informatiepunt EPD. BSN in de zorg en landelijke EPD, 1-‐206.
ISO TR20514 (2005). Electronic health record -‐ deXinition, scope and context.
Iivari, J. (2007). A Paradigmatic Analysis of Information Systems As a Design Science.
Scandinavian Journal of Information Systems, 19(2), 39-‐64.
Järvinen, P. (2008). Mapping Research Questions to Research Methods. Advances in Information
Systems Research, Education and Practice, 274, 29-‐41.
Järvinen, P. (2003). The stepwise algorithm for selecting an appropriate research method.
University of Tampere, Finland, 1-‐12.
Järvinen, P. (2000). Research Questions Guiding Selection of an Appropriate Research Method.
Hansen, Bichler and Mahrer (eds.), Proceedings of the 8th European Conference on
Information Systems 2000, 124-‐131.
Järvinen, P. (2000). On a variety of research output types. Proceedings of IRIS23, 1-‐17.
Jenkins, A. M. (1985). Research Methodologies and MIS Research. Research Methods in
Information Systems, 103-‐117.
Jensen. (2009). On Technical Security Issues in Cloud Computing. 2009 IEEE International
Conference on Cloud Computing.
KelXkens, G. (2009, Feb 24). VMware in hoger sferen met vSphere. Automatisering Gids , 1-‐1.
Kirsner, S. (2009, Mar 15). Entrepreneurs look to clouds. The Boston Globe , 1-‐2.
Klink, A. (2009). Voortgangsrapportage elektronisch patientendossier. Ministerie
Volksgezondheid Welzijn en Sport.
Klink, A., & Bussemaker, J. (2008). Innovatie in preventie en zorg. Ministerie van Volksgezondheid,
Welzijn en Sport.
Leighton, T. (2009, Jul 14). Cloud Computing Framework. Network Computing , 1-‐6.

Leong, L. (2009, Apr 20). How to Select a Cloud Computing Infrastructure Provider. Gartner
Research , 1-‐9.
Lewis, S. (2009, Jul 8). Cloud Computing Brings New Legal Challenges. New York Law Journal , 1-‐3.
March, S., & Smith, G. F. (1995). Design and natural-‐science research on information technology.
Decision Support Systems, 15(4), 251-‐266
MansXield-‐Devine, S. (2008). Danger in the clouds. Network Security , 2008 (12), 9-‐11.
Myers, M. D. (1997). Qualitative research in information systems. MIS Quarterly, 21(2), 241-‐242
McAfee, A., & Brynjolfsson, E. (2008). Investing in the IT That Makes a Competitive Difference.
Harvard Business Review July-‐August 2008, 98-‐107.
McGee, K., Ambrose, C., Apfel, A., Burton, B., Cearley, D., Fenn, J., et al. (2008, Sep 15). The 2007
Gartner Scenario An Annual Report on the Current State and Future. Gartner Research , 31.
McLaughlin, L. (2009, Oct 21). Cloud Computing Survey: IT Leaders See Big Promise, Have Big
Security Questions. CIO.com , 1-‐5.
McLaughlin, L. (2009, Apr 21). VMware vSphere: Does It Solve IT's Biggest Worries About Cloud?
CIO.com , 1-‐5.
Meijs, S. (2009, Feb 12). IBM stapt op de wolk van Amazon | Webwereld. Webwereld.nl , 1.
Michelson, B. (2009, Apr 20). Cloud Slam: Songnian Zhou, Platform, Clouds Moving Into the
Enterprise. EbizQ , 1-‐8.
Mietzner, R., Leymann, F., & Papazoglou, M. (2008). DeXining Composite ConXigurable SaaS
Application Packages Using SCA, Variability Descriptors and Multi-‐tenancy Patterns. The
Third International Conference on Internet and Web Applications and Services, 156-‐161.
Mietzner, R., Unger, T., Titze, R., & Leymann, F. (2009). Combining Different Multi-‐tenancy Patterns
in Service-‐Oriented Applications. Proceedings of the IEEE International Enterprise Distributed
Object Computing Conference 2009, 131-‐140.
Mitchell, R. (2009, Mar 20). Windows: OfXicial client of the cloud. Computerworld , 1-‐1.
Molenaar, T. (2009, Feb 3). Nicholas Carr levert half werk. Computable , 1.
MVWS. (2009). Rapportage Invoering Landelijk EPD Q2 2009. Ministerie van Volksgezondheid,
Welzijn en Sport.
NICTIZ. (2009). ICT in de zorg: resultaten, ontwikkelingen en agenda. NICTIZ.
NICTIZ. (2006). Vraag en antwoord LSP en XIS typegoedkeuring. NICTIZ.
NICTIZ. (2005). Richtlijn Goed Beheerde Zorgsystemen, De Voorwaarden voor Landelijke e-‐
Communicatie. NICTIZ.
NICTIZ. (2009). Programma van Eisen voor een Zorgserviceprovider (ZSP). NICTIZ, 1-‐40.
NIVEL. (2009). Jaarboek 2008. Nivel Research.

Open Cloud Manifesto (2009) http://www.opencloudmanifesto.org/
Orlikowski, W. J., & Baroudi, J. J. (1991). Studying Information Technology in Organizations:
Research Approaches and Assumptions. Information Systems Research 2, 1-‐28.
Perry, G. (2009, Feb 25). Vocabulary of Cloud Computing. Cloudcomputing.sys-con.com , 3.
Pettey. (2009, May 15). Gartner IdentiXies the Top 10 Strategic Technologies for 2009. Gartner
Newsroom , 1-‐4.
Pettey. (2009, Jul 9). Gartner Says Cloud Consumers Need Brokerages. Gartner Newsroom , 1-‐4.
Pettey, C. (2009, Jul 8). Gartner Survey Shows Many Users are Underwhelmed by Their
Experiences of SaaS. Gartner Newsroom , 1-‐3.
Pluijm, H. (2009, May 8). ‘Ook legacy kan naar de cloud’. Automatisering Gids , 1-‐2.
Plummer, D. (2009, May 27). The Real Truth About Cloud, SaaS and Saving Money Now. Gartner
Webinar , 1-‐24.
Plummer, D., & McGee, K. (2008, Jan 29). Gartner Predicts 2008 and Beyond. Gartner Research , 5.
Plummer, D., Cearley, D., & Smith, D. (2009, Jun 19). Cloud Computing Confusion Leads to
Opportunity. Gartner Research , 1-‐4.
Protti, D., & Smit, C. (2006). The Netherlands: Another European Country Where GP's Have Been
Using EMRs For Over Twenty Years. Health Care Information Management & Communication,
20.
Pultz, J. (2009, Mar 11). How to SigniXicantly Reduce IT Infrastructure and Operations (I&O)
Costs. Gartner Webinar , 1-‐26.
Pultz, J. (2008, Oct 28). How to SigniXicantly Reduce Network Costs in These Turbulent Times.
Gartner Webinar , 1-‐18.
Reingold, B., & Mrazik, R. (2009, Jun 4). Cloud Computing: The Intersection of Massive Scalability,
Data Security and Privacy. Legal Works , 1-‐5.
Robertson, B. (2009, Mar 25). EA and Cost Optimization: Saving Your Company and Yourself!
Gartner Webinar , 1-‐27.
Ross, W., Payling, R., & Gough, A. (2008, Jan 1). An Early View of Cloud Computing. Capgemini
Outsourcing Services , 16.
Schadler, T. (2009, Dec 19). Bespaar kosten door cloud computing. Automatisering Gids , 1-‐2.
Schiebl, J. (2009, Jun 11). Cloud Computing demystiXied . Skylore , 1-‐5.
Schoen, C., Osborn, R., Huynh, P. T., Doty, M., Peugh, J., & Zapert, K. (2006). On The Front Lines of
Care: Primary Care Doctors' OfXice Systems, Experiences And Views In Seven Countries.
Health Affairs, 25, 555-‐571.

Scott, D. (2007, Apr 2). Core Topics and Key Issues for IT Operations Management 2007. Gartner
Research , 11.
Sheehan, M. (2009, Jul 14). Do You Have a Load Balanced Network? ServePath , 1-‐3.
Sheehan, M. (2009, May 1). McKinsey’s McCrazy! Flying through the Clouds with Eyes 1/2 Closed .
GoGrid , 1-‐6.
Siegele, L. (2008, Oct 23). Let It Rise: A Special Report on Corporate IT . The Economist .
Smith, M. (2009, Feb 18). Best Practices for Applying Lean in IT. Gartner Webinar , 1-‐19.
Solomon, S. (2009, Jun 30). Survey: Cloud computing hits big time. ZDnet , 1-‐1.
Spinola, M. (2009, Jun 15). An Essential Guide to Possibilities and Risks of Cloud Computing -‐ A
Pragmatic Effective and Hype Free Approach For Strategic Enterprise Decision Making.
CloudBook , 1-‐18.
Stap, R., Verhoosel, J., Bekkum, M. v., & Mos, E. (2007). De Europese norm EN 13606. TNO
Informatie en Communicatietechnologie, 1-‐30.
Staten, J. (2009, Apr 13). Deliver cloud beneXits inside your walls. Forrester research , 1-‐14.
Stevens, H., & Pettey, C. (2008, Jun 26). Gartner Says Cloud Computing Will Be As InXluential As E-‐
business. Gartner Research , 2.
Stroetmann, K., & Stroetmann, V. N. (2004). Electronic Business in the Health and Social Services
Sector -‐ Key Issues, Case Studies, Conclusions. The European e-‐Business Market Watch 2004,
1-‐112.
Stroetmann, K. A., Jones, T., Dobrev, A., & Stroetmann, V. N. (2006). eHealth is Worth it: The
economic beneXits of implemented eHEalth solutions at ten European sites. Commission of
the European Communities Information Society & Media Directorate-‐General.
Stroetmann, K. A., & Stroetmann, V. N. (2004). Electronic Business in the Heath and Social
Services Sector -‐ The quantitative picture. The European e-‐Business Market Watch 2004,
1-‐91.
SYS-‐CON. (2009, Jun 11). 100 Players in the Cloud Computing Ecosystem. Cloud Computing
Journal , 1-‐9.
SYS-‐CON. (2009, Jun 11). Cloud Computing Expo: Cloudera One Ups Amazon . Cloud Computing
Journal , 1-‐2.
SYS-‐CON. (2009, Jun 11). Public, Hosted, and Internal Clouds DeXined. Cloud Computing Journal ,
1-‐2.
SYS-‐CON. (2009, Jul 7). Top Cloud Computing Solutions People are Looking For in 2009 . Cloud
Computing Journal , 1-‐2.

Tange, H. (2008). Health Policy Monitor: Electronic Patient Records in The Netherlands.
Bertelsmann Stiftung.
Tesink, W. (2009). GBZ-‐grenzen. NICTIZ.
Treese, W. (2009, Dec 20). Movin to the Cloud. netWorker , 1-‐3.
Urquhart, J. (2009, Jul 14). Lawyers shine light on real cloud concerns. CNET , 1-‐4.
Urquhart, J. (2009, Jul 7). Three debates that will beneXit cloud computing. CNET , 1-‐4.
Vaquero, L., Rodero-‐Merino, L., Caceres, J., & Lindner, M. (2008). A break in the clouds: towards a
cloud deXinition. SIGCOMM Computer Communication Review , 39 (1).
Vries, F., & Bergh, A. (2009, Mar 6). Hoe applicatiesourcing te contracteren? Automatisering Gids ,
1-‐4.
WAKE-‐UP. (2009). Resultaten L-‐EPD Pilot-‐onderzoek. Comite WAKE UP.
Webster, J., & Watson, R. T. (2002). Analyzing the past to prepare for the future: Writing a
literature review. MIS Quarterly, 26(2), 13-‐23.
Weiss, A. (2007). Computing in the clouds. netWorker , 11 (4).
Wijkstra, J. (2009, Jun 5). Leveranciers verwachten veel van cloud en SaaS. Automatisering Gids ,
1-‐3.
Woods, D. (2009, Jul 7). Questioning Oracle's Cloud. Forbes , 1-‐2.
Zaal, R. (2009). 'Dikke' IT: Het baat niet, maar schaadt wel. Automatisering Gids (2), 1.
Zaal, R. (2009, Jun 6). ‘De wolk’ blijft nog jaren vormeloos. Automatisering Gids , 1-‐1.

Appendix A: General Thesis Informa7on
Student Name: Juan Hernández Colomina
Student Number: 0322512
E-‐mail: jhernand@cs.uu.nl
Thesis Blog: www.cloudme.eu
Master Program: Master in Business Informa7cs
Star;ng Year: 2007-‐2008
Title of Thesis: Towards a Healthy Cloud: An Analysis of Cloud Compu7ng
Solu7ons for the Dutch Healthcare Sector
Planned Start Date: 1st of June 2009
Planned End Date: 28th of January 2010
External Organiza;on: E.Nova7on
External Supervisor: Kor Tops (Manager Engineering)
Internal Supervisor: Ronald Batenburg
Internal Supervisor 2: Slinger Roijanckens

Appendix B: Process Deliverable Diagram

Appendix C: Project Planning and Deliverables

Appendix D: TwiOer’s cloud compu7ng community
TwiRer Nickname Real Name Organiza*on Posi*on
swardley Simon Wardley Canonical (Ubuntu) Sorware Services Manager
samcharrington Sam Charrington Appistry Product Manager
jamesurquhart James Urquhart Cisco Product Marke7ng and blogger at cnet.com
Beaker Christofer Hoff Cisco Director Cloud & Virtualiza7on Solu7ons
krishnan Krish Nan Diversity Limited Lead Analyst, researcher & blogger
Jakewk Jake Kaldenbaugh NEC Director, Strategy & Business Development
ShlomoSwidler Shlomo Swidler Orchestratus Founder
befreax Thijs Metsch Sun / Oracle Cloud Sorware Engineer. OCCI Founder.
joeweinman Joe Weinman AT&T Business Development & Strategist
JSchroedl Jason Schroedl newScale VP of Corporate & Product Marke7ng
Lounibos Tom Lounibos SOASTA CEO
ranybias Randy Bias Cloudscaler CTO
GeorgeReese George Reese enStratus CTO & O’reilly Cloud author.
ruv Reuven Cohen Enomaly Founder
samj Sam Johnston Google Technical Program Manager
guyro Guy Rosen Vircado Co-‐founder & blogger
jayfry3 Jay Fry CA Strategy VP cloud business
SimonYates Simon Yates Forrester VP CIO group
Staten7 James Staten Forrester Industry Analist
usnistgov NIST NIST Standards Organiza7on
simonabrahams Simon Abrahams Rackspace Marke7ng Director
Werner Werner Vogels Amazon CTO
borjasotomayor Borja Sotomayor University of Chicago PhD researcher
lmclaughlin Laura McLaughlin CIO.com Senior News Editor
je…arr Jeff Barr Amazon Web Services Evangelist
opennebula Open Nebula Open Nebula cloud compu7ng open source toolkit
tombiO Tom BiOman Gartner cloud compu7ng and Virtualiza7on Analyst.

Appendix E: Cloud Compu7ng Outages During 2008
Source: hRp://wiki.cloudcompu*ng.org/wiki/CloudCompu*ng:Incidents_Database

Appendix F: Gartner’s 2009 overview of IaaS providers
Provider Strengths Cau*ons
Amazon + EC2 has revolu7onized the market with -‐ Support is a paid feature, and while it is
granular, by-‐the-‐hour pricing for virtual responsive and expert, it is primarily
servers. It also has a CDN service coupled geared toward technically knowledgeable
with its S3 storage service. users. Amazon does not offer managed or
+ Amazon Web Services (AWS) dominate the professional services.
public percep7on of cloud infrastructure -‐ Amazon cannot provide private
services. connec7vity, private VLANs or "hybrid
+ Amazon is innova7ve and extraordinarily cloud" solu7ons.
agile, responding rapidly to customer -‐ Amazon does not allow third-‐party audits
demands for features, rather than following of its infrastructure, although it does plan
a set product road map. to obtain SAS 70 cer7fica7on for its data
+ An ecosystem of third-‐party vendors offer centers.
tools and services that extend the -‐ Amazon meets enterprise needs such as
capabili7es of Amazon's plaxorm. Also, invoices on a one-‐off basis. It does not
Amazon has extensive partnerships with normally customize terms and condi7ons.
sorware vendors, who provide prebuilt
packages (Amazon Machine Images) for the
EC2 environment.
+ Recommended use cases: self-‐managed. The
AWS offerings encompass both cloud system
and applica7on infrastructure. Each service
should be evaluated separately; customers
can adopt individual services without
needing to use the others.
AT&T + AT&T offers a wide range of Web-‐hos7ng -‐ Customer service has improved
services, typically priced at a slight premium. significantly in the last year, but is s7ll
Its Synap7c Hos7ng u7lity plaxorm is highly variable in quality.
compe77vely priced. -‐ AT&T is oren inflexible in both sales and
+ AT&T has very strong technical competence, service, and support is primarily reac7ve.
reflected in both solu7ons engineering and -‐ The sales process can be difficult, complex
opera7ons. and slow.
+ AT&T has one of the beOer customer service -‐ Customers who need to connect their
portals. hosted infrastructure to a non-‐AT&T
+ AT&T has a substan7al global data center network should obtain a wriOen
footprint, as well as a global content delivery agreement of coopera7on from AT&T
network.
+ AT&T has the broadest and deepest cloud
compu7ng vision of any carrier. It has an
ambi7ous and comprehensive road map of
services that are highly integrated with its
network capabili7es.
+ Recommended use cases: self-‐managed;
mainstream managed; highly complex; global
porxolio; enterprise applica7ons.

CSC + CSC offers managed hos7ng services at -‐ Quality of account management depends
average prices. Its roots as a full-‐service IT on customer size and loca7on.
outsourcer result in a depth of services, -‐ Communica7ons between different
including ver7cal applica7on support, staff opera7on and product groups can be poor,
augmenta7on offerings and a broad, deep leading to tasks "falling between the
suite of security offerings. cracks."
+ CSC has made significant investments in -‐ CSC is a fast follower rather than a
virtualized plaxorms and u7lity compu7ng technology innovator.
services, including a unique and innova7ve
workflow-‐driven provisioning system for
cloud infrastructure.
+ CSC has made significant strides in improving
the quality of its products and customer
service portal, and its future road map is
ambi7ous.
+ Recommended use cases: mainstream
managed; enterprise applica7ons.
GoGrid + GoGrid (previously ServePath) offers -‐ Although GoGrid has mul7ple data centers,
coloca7on, managed hos7ng, CDN services the GoGrid service is currently only
and a Xen-‐based selfmanaged cloud hos7ng available in its San Francisco data center.
service called GoGrid. Its prices are very GoGrid will be available in Europe by the
compe77ve. end of 2009.
+ The GoGrid service offers a 100% up7me -‐ GoGrid's primary compe77on is Amazon's
service-‐level agreement and highly EC2, and GoGrid faces considerable
responsive customer service. challenges in matching Amazon's pace of
+ GoGrid has a produc7zed "hybrid cloud" innova7on and easy access to capital for
offering, combining GoGrid virtual servers infrastructure build-‐out.
with dedicated database servers, coloca7on
space and private connec7vity.
+ GoGrid has a clean, aOrac7ve, easy-‐to-‐use
Web-‐based user interface.
+ GoGrid has pursued interoperability as a key
strategy. Its provisioning applica7on
programming interface (API) is supported by
third-‐party tools, such as RightScale. It also
plans to offer its technology as a managed
service within the data centers of partner
service providers and individual customers.
mainstream managed.

IBM + IBM offers very high-‐end managed hos7ng -‐ IBM's services are highly customized,
services. It excels in delivering complex resul7ng in high prices and lengthy sales
configura7ons, specially those requiring cycles.
addi7onal IT services. -‐ IBM hos7ng contracts are lengthy and
+ IBM can provide excellent applica7on hos7ng complex, and frequently include inflexible
and management for ERP, CRM and other terms and condi7ons that shir the risk
complex environments. onto the client and away from IBM.
+ IBM offers a component-‐based u7lity hos7ng Service-‐level agreements are customized to
plaxorm, as well as public cloud system each individual contract. Cloud contracts
infrastructure services such as Compu7ng on are shorter, simpler and more
Demand for scien7fic compu7ng and similar standardized.
needs, and Informa7on Protec7on Services -‐ IBM uses partners to deliver smaller
for cloud-‐based business con7nuity. configura7ons, which increases client
+ Recommended use cases: highly complex; communica7on issues and impairs quality
global porxolio; enterprise applica7ons. control.
-‐ IBM has a comprehensive strategy for
cloud compu7ng, across its many lines of
business. IBM's cloud system infrastructure
services road map is primarily focused on
private clouds.
Joyent + Joyent provides on-‐demand, cost-‐ -‐ Joyent's support, while very responsive and
compe77ve virtual servers called highly expert, is reac7ve. It offers managed
Accelerators. It can provide physically services on a 7me and materials basis.
dedicated Accelerators, as well as colocated -‐ Joyent's professional services are limited
equipment, to customers who have specific and focused on high-‐scalability projects.
needs for such servers. -‐ Joyent sells primarily online. Rather than
+ Joyent's technology stack includes numerous field sales, it relies on sorware vendor and
technologies from Sun, including Solaris integrator partnerships to reach enterprise
Containers and ZFS. customers.
+ Joyent's strategy for scaling infrastructure -‐ Although Joyent plans to expand globally, it
emphasizes the role of network elements, currently only has data centers in the U.S.
par7cularly applica7on delivery controllers
from F5 Networks (hardware) and Zeus
(sorware)
+ Recommended use cases: self-‐managed.
Layered + Layered Technologies' compe77vely-‐priced -‐ Layered Tech is in the midst of a business
Technologies service offerings include dedicated hos7ng as transforma7on focused on moving the
well as VDC services based on 3Tera's company up-‐market.
AppLogic and Parallels' Virtuozzo Containers, -‐ Layered Tech currently primarily serves the
and Microsor Hyper-‐V-‐based u7lity hos7ng. small and midsize business (SMB) segment,
Its managed services are offered in 7ers. not the enterprise.
+ Layered Tech's customer service is rela7vely -‐ Layered Tech's lack of brand awareness and
responsive and proac7ve, compared to other sales presence places it at a compe77ve
providers of self-‐managed and simple disadvantage in the market.
managed hos7ng. -‐ Layered Tech's large menu of service
+ Layered Tech has invested substan7ally in offerings can create buyer confusion.
automa7on, and offers fast provisioning as
well as API accessibility.
mainstream managed.

Media Temple + Media Temple has a diverse but integrated -‐ Media Temple offers managed hos7ng
product porxolio that spans shared, virtual (which it brands "cx") to a limited number
private and dedicated hos7ng, with an of customers, seeking a closer partnership
upgrade path between them. with the customer's IT staff.
+ Media Temple's compe77vely-‐priced services -‐ Media Temple's technology plaxorm is
are usually bought on-‐demand, without a built on top of Parallels, limi7ng its
contract. aOrac7veness to enterprise customers.
+ Media Temple understands its core target -‐ Media Temple experienced recurring
market of interac7ve agencies, adver7sing outages with the first genera7on of its "gs"
agencies, media companies and social media shared hos7ng service. This service has
publishers. since been re-‐architected; new customers
+ Recommended use cases: self-‐managed. are provisioned on the second-‐genera7on
MediaTemple should also be considered for service.
marke7ng microsites where low-‐cost elas7c -‐ Media Temple only has data centers in the
scalability is a requirement. U.S.
NaviSite + NaviSite's diverse product porxolio -‐ NaviSite's complex product porxolio can
addresses both infrastructure and applica7on confuse the buying process.
management needs. It also offers a content -‐ NaviSite's marke7ng and sales presence is
delivery network. Its prices are average. limited and hinders the company when
+ NaviSite has an innova7ve, specialized compe7ng against larger, more established
product road map that takes advantage of providers.
the company's applica7on management -‐ NaviSite's only non-‐U.S. data center is in
capabili7es. the U.K.
+ NaviSite's cloud compu7ng strategy is based -‐ NaviSite is a moderate-‐size provider, and is
on its AppStructure plaxorm, which trying to spread its resources over a very
encompasses not only VMware-‐based broad set of service offerings.
infrastructure, but also collabora7on and
integra7on capabili7es.
+ Recommended use cases: mainstream
managed; highly complex; global porxolio;
enterprise applica7ons.
OpSource + OpSource has been focused solely on SaaS -‐ OpSource's quality of service delivery and
enablement. Its compe77vely-‐priced services support is inconsistent. The more
are specifically targeted at SaaS provider customized the solu7on, the greater the
needs, although it plans to expand into more challenges encountered in delivery.
general cloud infrastructure offerings. -‐ OpSource has experienced recent outages
+ OpSource provides adjunct services to SaaS due to its storage fabric. It has since re-‐
providers, such as an on-‐demand billing architected its storage services.
plaxorm, integra7on services (branded -‐ OpSource is expanding into general cloud
"OpSource Connect"), custom applica7on infrastructure services, but to date, its
management and help desk support. offerings have been focused on a narrow
+ Recommended use cases: SaaS infrastructure market segment.
(mainstream managed and highly complex -‐ OpSource's only non-‐U.S. data center is in
hos7ng). the U.K., although it can offer services
across a broader footprint via its
partnership with NTT.

Quality + Quality Technology Services offers wholesale -‐ Quality Tech only has data centers in the
Technology and retail coloca7on, managed hos7ng U.S.
Services (including a u7lity hos7ng plaxorm, "QVI"), -‐ Quality Tech's product road map is very
and media services, at very compe77ve conserva7ve. The company invests in
prices. technologies once they have achieved
+ Quality Tech grew through the acquisi7on of widespread mainstream adop7on.
ITC Deltacom's eDeltacom business, IBM's -‐ Quality Tech's customer portal has only
coloca7on business and Globix's hos7ng basic func7onality.
business. It is an IBM partner for SMB
hos7ng; IBM is a key channel, and extends
Quality Tech's capabili7es.
mainstream managed.
Rackspace + Rackspace offers managed hos7ng and cloud -‐ Rackspace's sales and support quality has
infrastructure services at compe77ve prices. become inconsistent, due to its extremely
It also has a Limelight Networks CDN rapid growth.
partnership that can be used in conjunc7on -‐ Rackspace is at its best when it is delivering
with its cloud storage service. formally produc7zed offerings, not one-‐off
+ Rackspace has industry-‐leading customer customized arrangements.
service. It is proac7ve, highly responsive and -‐ Although Rackspace is a strong player in
"high touch," interac7ng frequently with its the enterprise segment, its product
customers. porxolio, professional services and
+ Rackspace has a broad and ambi7ous cloud customer portal are more limited than
road map which integrates the full range of those of other leading providers.
its service offerings. -‐ Although Rackspace is a global provider, it
+ Rackspace has par7cularly strong support for has a limited geographic footprint in North
open source technologies. America.
porxolio.

Savvis + Savvis offers a broad range of hos7ng -‐ Savvis's customer service has improved
services, including a VMware-‐based u7lity recently, but it must demonstrate that
plaxorm called "Dedicated and Open Cloud these improvements are sustainable.
Compute" (formerly Virtual Intelligent -‐ Savvis has ra7onalized its product offerings,
Hos7ng). Its services are priced at a slight but the breadth of op7ons can s7ll lead to
premium. buyer confusion.
+ Savvis's quality of sales and service delivery -‐ Savvis has refocused its sales force on
is good. It is very good at exploi7ng selling managed hos7ng, rather than
technology and has an excellent customer coloca7on, but coloca7on remains a
service portal. distrac7on for its sales team.
+ Savvis has an ambi7ous road map for cloud
infrastructure offerings, as well as SaaS-‐
enablement services that include a
marketplace and other complementary
services.
+ Savvis is par7cularly strong in the financial
ver7cal, for which it offers specialized
products and services that take advantage of
its network.
porxolio; enterprise applica7ons.
SorLayer + SorLayer offers fast-‐provisioned dedicated -‐ SorLayer does not offer any managed
and Xen-‐based cloud hos7ng at compe77ve services. Its customer support does not
prices. It also has an Internap CDN hand-‐hold; customers are expected to be
partnership that can be used in conjunc7on technically proficient and willing to read
with its cloud storage service. the documenta7on.
+ SorLayer has an extensive product road -‐ SorLayer does not allow hardware
map. It includes many value-‐added services excep7ons to its standard configura7ons.
with all configura7ons, such as TippingPoint-‐ -‐ SorLayer sells primarily online. It engages
based intrusion preven7on and distributed in very limited marke7ng and sales, and
denial of service (DDoS) mi7ga7on, and local has liOle brand recogni7on.
and global load-‐balancing.
+ SorLayer has an extensive customer portal
with an array of tools for self-‐management of
both dedicated and virtual devices.
Func7onality can also be accessed via an API.
+ SorLayer uses its wiki to provide thorough,
well-‐organized documenta7on.
+ Recommended use cases: self-‐managed.

SunGard + SunGard Availability Services has deep and -‐ SunGard's customer service processes can
broad exper7se in business con7nuity, but result in a "hot potato" scenario between
also has a significant coloca7on and mul7ple opera7ons groups, where no one
managed hos7ng business. Its prices are accepts responsibility and accountability
average. for solving the customer's problem.
+ SunGard is very process-‐oriented and highly SunGard is presently transforming its
conscious of enterprise security customer service model to address these
requirements. issues.
+ SunGard con7nues to expand and improve -‐ SunGard can be inflexible, and some7mes
its product porxolio, and can capably struggles to manage high-‐growth, high-‐
manage a broad range of requirements. change environments.
+ Recommended use cases: mainstream -‐ SunGard's near-‐term cloud infrastructure
managed; enterprise applica7ons. road map is primarily focused on business
con7nuity capabili7es, although it will be
expanding into other cloud compute
services.
Terremark + Terremark is a leader in virtualized, VMware-‐ -‐ Although Terremark is a global provider, it
based infrastructure services, with its has a limited geographic footprint in North
Infinistructure u7lity hos7ng and Enterprise America.
Cloud VDC offerings. It also offers carrier-‐ -‐ Terremark's service porxolio is not as
neutral coloca7on. Its prices are average. broad as its largest compe7tors.
+ Terremark is a technology innovator with
very good customer service, a good customer
portal and extensive automa7on. It has a
well-‐thought-‐out and aggressive cloud
infrastructure road map that is focused on
enterprise requirements.
+ Terremark offers superb engineering
support. It is willing to take on "bleeding-‐
edge" technologies, legacy infrastructures
and other unusual requirements.
+ Terremark is par7cularly strong in the
government ver7cal. Its "NAP of the Capital
Region" data center is specialized for serving
U.S. federal government needs.
porxolio.

Appendix G: Healthcare Strategic Principles of the EU
(European Commission, 2007) (European Parliament, 2000)
EU Principle Descrip*on Proposed Approach
Na7onal and european health policies (A) Improve the adop7on of fundamental
must focus on clear values. In June 2006, health values
the European Council elaborated a list of (B) Create a system of EC health
common values and principles: indicators by exchanging health
Strategy based on shared universality, access to good quality care, related informa7on among member
health values equity and solidarity . Moreover, the states
European Charter of Fundamental Rights (C) Decrease current inequi7es in
explicitly recognizes every ci7zen’s rights of healthcare services within the EU
access to preven7ve care and to benefit (D) Promote health literacy programs for
from medical treatment. different age groups.
Healthcare is also crucial to achieve

economic produc7vity and prosperity. Development of a program of analy7cal
Health in the greatest Inves7ng in healthcare should be studies of the economic rela7onships
wealth considered an investment and should between ci7zen’s health, health
include investments in preven7ng, investments and economic prosperity.
protec7ng and improving ci7zens health.
It is important to consider health related Strength the integra7on of health
issues not only in the development of concerns into all policies of the EC,
Health in all policies health policies but also in all european member states and regional authori7es.
policies to leverage cross sectorial
synergies.
The importance of sustained collec7ve

leadership in global health is crucial in (A) Enhance the EC status and
order to provide ci7zen’s with beOer coopera7on in interna7onal
Strengthening the EU voice
healthcare services. The EC suggest that organiza7ons
in global health
worldwide health can be improved by (B) Promote the implementa7on of
globally sharing EC values, experience and interna7onal health agreements.
exper7se in health related issues.

Appendix H: Enabling Technologies for Pa7ent Safety
Technology Documented Benefit
• 83% reduc7on in 90 day readmission rate for Conges7ve Heart Failure (CHF) pa7ents
Electronic Medical Records (EMR)
• 32% reduc7on in diabe7c death
• 60 % reduc7on in poten7al adverse drug events

• 41% reduc7on in drug interac7on errors
Computerized Physician Order Entry
• 39% increase in formulary drug compliance
(CPOE)
• 17% reduc7on in Adverse Drug Events (ADE)
• 84% reduc7on in missing dose medica7on errors
Electronic Transfer of Prescrip7ons

• 15% reduc7on in prescrip7on error
(ETP)
Business Intelligence (BI) • 10.3% reduc7on in Hospital Acquired Infec7ons (HAI)
RFID and Barcoding • 83% reduc7on in medica7on errors due to mistaken iden7ty

Appendix I: Enabling Technologies for Quality of Care
• 10% increase in number of pa7ents seen by GP

• 9% reduc7on in the growth rate of acute admissions
• 32% reduc7on in diabe7c death
Electronic Medical Records (EMR) • 52% rise in pa7ents with documented self management goals
• 7% reduc7on in average length of stay in hospital
• 48% reduc7on in duplicate laboratory/chemistry tests
• 17% reduc7on in Adverse Drug Events (ADE)

• 39% increase in formulary drug compliance
Computerized Physician Order
• 60 % reduc7on in poten7al adverse drug events
Entry (CPOE)
• 84% reduc7on in missing dose medica7on errors
• 41% reduc7on in drug interac7on errors
Electronic Transfer of • 15% reduc7on in prescrip7on error

Prescrip7ons (ETP)
Business Intelligence (BI) • 10.3% reduc7on in Hospital Acquired Infec7ons (HAI)
• 22% gain in clinical staff produc7vity

• 83% reduc7on in medica7on errors due to mistaken iden7ty
RFID and Barcoding
• 75% reduc7on in cases of medicines running out where RFID is used for stock control and
inventory management
• 7% decrease in number of GP appointments replaced by telephone contacts
Electronic Health Records (EHR)
• Reduc7on of 816 inappropriate referrals to secondary care per year per primary care unit
Electronic Appointment Booking • 33% reduc7on of Did Not AOends (DNA)
• 16% reduc7on in wai7ng 7mes for first outpa7ent appointment
• 60% improvement in radiologist produc7vity measured in number of tests read per
Picture Archiving and radiologist
Communica7on Systems (PACS) • 99% reduc7on in lost images
• 99% reduc7on in number of repeat imaging tests
Personal Healthcare Records • 55% reduc7on in hospital admissions for Conges7ve Heart Failure (CHF)
(PHR)
Pa7ent Portals • 50% reduc7on in admin staff 7me spent filing and managing forms
• 25% reduc7on in average number of bed days for admissions for chronic condi7ons
Telemedicine
• 19% reduc7on in hospital admissions for chronic condi7ons

Appendix J: Enabling Technologies for Availability
Electronic Medical Records (EMR) • 10% increase in number of pa7ents seen by GP
• 9% reduc7on in the growth rate of acute admissions
• 7% reduc7on in average length of stay in hospital
RFID and Barcoding • 20% increase in the number of pa7ents discharged by noon
Electronic Health Records (EHR) • 7% decrease in number of GP appointments replaced by telephone contacts
Electronic Appointment Booking • Reduc7on of 816 inappropriate referrals to secondary care per year per primary care unit
• 33% reduc7on of Did Not AOends (DNA)
• 16% reduc7on in wai7ng 7mes for first outpa7ent appointment
Picture Archiving and • 46.5% increase in volumes of tests (increase in throughput)
Communica7on Systems (PACS) • 60% improvement in radiologist produc7vity measured in number of tests read per
radiologist
Personal Healthcare Records (PHR) • 35% reduc7on in number of redundant tests
• 55% reduc7on in hospital admissions for Conges7ve Heart Failure (CHF)
Pa7ent Portals • 9,7% reduc7on in number of GP appointments
Telemedicine • 25% reduc7on in average number of bed days for admissions for chronic condi7ons
• 19% reduc7on in hospital admissions for chronic condi7ons

Appendix K: Enabling Technologies for Empowerment
Electronic Medical Records (EMR) • 52% rise in pa7ents with documented self management goals
Electronic Health Records (EHR) • 7% decrease in number of GP appointments replaced by telephone contacts
Pa7ent Portals • 9,7% reduc7on in number of GP appointments

Appendix L: General eHealth related defini7ons
Concept Defini*on Source
The interac7on between pa7ents and health-‐service providers, ins7tu7on-‐to-‐

ins7tu7on transmission of data, or peer-‐to peer communica7on between pa7ents
and/or health professionals. Examples include health informa7on networks, European
eHealth
electronic health records, telemedicine services, wearable and portable systems Commission
which communicate, health portals, and many other ICT based tools assis7ng disease
preven7on, diagnosis, treatment, health monitoring and lifestyle management.
A longitudinal health record that provides physician and pa7ent access to clinical
details registered during one or more treatments. The main goal of EHR is to maintain
Electronic a integrated record of a pa7ents health status in order to support the con7nuity and
Health efficiency of care services to be provided. It also facilitates communica7on among Gartner
Record (EHR) care professionals and therefore it benefits both pa7ents and clinicians. Other
secondary uses of EHR are for example research, educa7on, quality management,
billing, etc.
Electronic
A repository of a pa7ent’s health data which is oren registered by a single
Medical
organiza7on or ins7tu7on. An EMR is a narrower healthcare record than an EHR. Gartner
Record
Typically, an EMR contains a part of the EHR but described in a more extensive way.
(EMR)
A domain specific model that defines the structure and business rules of the concept.
Archetype ISO-‐TR-‐20514
Examples of medical archetypes are “family history”, “blood pressure”, etc.
Technical A computable expression of a domain specific concept in the form of structured
ISO-‐TR-‐20514
Archetypes constrains statements based on some reference informa7on model.
Architecture A set of descrip7ve representa7ons for describing and object and maintaining it. ISO-‐TR-‐20514
Clinical Data
A data store that registers and manages clinical data collected at care service
Repository ISO-‐TR-‐20514
loca7ons (e.g. hospitals, pharmacies, GPs, etc.).
(CDR)
Electronic
Health
The generic structural components from which all EHRs are built, defined in terms of
Record ISO-‐TR-‐20514
an informa7on model.
Architecture
(EHRA)
Unit of communica7on of all or part of the EHR consis7ng of one or more EHR
EHR extract ISO-‐TR-‐20514
composi7ons.
EHR node A physical loca7on where EHRs are stored and maintained. ISO-‐TR-‐20514

Concept Defini*on Source
The set of components that form the mechanism by which EHRs are created, used,
stored and retrieved. It includes people, data, rules and procedures, processing and
storage devices, and communica7on and support facili7es. It can also be defined as a
system for recording, retrieving and manipula7ng informa7on in EHRs. They can be
non-‐shareable local systems (EHR), shareable regional or na7onal systems (ICEHR),
EHR system ISO-‐TR-‐20514
and (inter)na7onal indexes of ICEHR. The most significant components of an EHR
infrastructures are data messaging services, locator applica7on, secure network
infrastructure, connec7vity services to end user’s applica7ons, a central data
repository, a pa7ent portal with view and/or update func7onality, and a data
warehouse for research purposes.
A repository of informa7on about the health state of a pa7ent in computer

processable form. It includes both shareable and non shareable EHRs. If the EHR is
shareable it can be exchanged at three levels: between clinical disciplines or users,
Basic EHR ISO-‐TR-‐20514
between different applica7ons at a single EHR node, and across different EHR nodes.
The capability of EHRs to be shared across different nodes is the basic element
suppor7ng Integrated Care Electronic Health Record (ICEHR).
Integrated
A repository of informa7on about the health state of a pa7ent in computer
Care
processable form, where the informa7on is stored and transmiOed securely and it is
Electronic
accessible by mul7ple authorized users. The registered informa7on is retrospec7ve, ISO-‐TR-‐20514
Health
concurrent and prospec7ve, providing a complete, longitudinal and persistent record
Record
of all past, present and future care services regarding an specific pa7ent.
(ICEHR)
Personal A special type of EHR where the PHR is under the control of the subject of care and
Health the informa7on registered is (partly) submiOed by the pa7ent. It can complement
ISO-‐TR-‐20514
Records EHR by including output from pa7ents and providing control of personal informa7on
(PHR) by the subject under study.

Appendix M: NICTIZ’s ZSP Cer7fica7on Requirements
ZSP Func*onal Requirements (Data Communica*on)
Category Code Requirement
CON-‐01 Facilitate all electronic message exchange between GBZ(s) and the LSP
CON-‐02 Enable GBZ access to tes7ng and produc7on LSP environments
Use fixed DCN’s IP address as assigned by the LSP (the IP address becomes responsibility of
CON-‐03
the ZSP)
Apply UTP connec7on with a speed of 10/100/1000 Mb/s where speed and duplex mode are
CON-‐05
configured as fixed and the connec7on is realized at layer 3 (IP rou7ng layer)
Install and manage network component at layer 2 or 3 at the GBZ loca7on to enable domain
CON-‐06
differen7a7on and monitoring
Connec7vity
Do not use (sub)component must be used that makes (par7al) use of the public internet
CON-‐07
network
CON-‐08 Enable access of GBZ(s) to the UZI register through the LSP’s rou7ng func7onality.
Facilitate access of GBZ(s) to the Cer7ficate Authori7es of the LSP’s server cer7ficate through
CON-‐09
the LSP rou7ng func7on, and access to other CAs of the trust chain for LDAP and OCSP
CON-‐10 Route IP addresses assigned by the LSP to the LSP entry points
CON-‐11 Use of NAT (Network Address Transla7on) can not have nega7ve impact on the connec7on(s)
Register at DNS servers: all hosts and domain names of connected GBZs, and the forwarding
DNS-‐01
of all DNS zones to the LSP (if ZSP not authorita7ve)
Manage authorita7ve DNS servers: primary and secondary DNS server, reverse DNS zone for
DNS-‐02 each DNS forward, LSP as slave DNS server for each subdomain (forward and reverse DNS
entries)
Domain
Name Create subdomains with a maximum of 15 characters and with meaningful seman7cs for the
DNS-‐03
System user, with a maximum of 3 subdomain levels
DNS-‐04 Update DNS cache when requested by LSP
DNS-‐05 Minimize DNS caching by using appropriate TTL configura7on
DNS-‐06 Forward zones in AORTA-‐ZORG.NL to the LSP DNS if the ZSP is not authorita7ve.

ZSP Implementa*on Requirements
BVL-‐01 Create and implement an informa7on security policy
BVL-‐02 Embed security in the organiza7on
BVL-‐03 Define security requirements to be followed by employees
BVL-‐04 Define security requirements for physical security (e.g. devices)

Security Protect LSP and GBZ(s) from spam, viruses and other threats that can gain access through the
BVL-‐05
DCN
BVL-‐06 Define access security policy
BVL-‐07 Define requirements regarding con7nuity management
BVL-‐08 Define requirements regarding security incidents
BSC-‐01 Ensure system availability 24 hours per day and 7 days per week
Ensure that malfunc7on frequency and recovery comply with the specifica7ons of the LSP
per type of malfunc7on:
-‐ Class 1 outages: 4 7mes per year (if recovery 7me < 15 min), 2 7mes per year (if recovery
7me < 12 hours & > 15 min) and 1 7me per year (if recovery 7me < 4 days & > 12 hours).
BSC-‐04
7me < 12 hours & > 15 min) and 2 7mes per year (if recovery 7me < 4 days & > 12 hours).
Availability 7me < 12 hours & > 15 min) and 4 7mes per year (if recovery 7me < 4 days & > 12 hours).
Deploy back up procedures to guarantee con7nuity of connec7vity and DNS services if a
BSC-‐05
(hardware) component fails
Communicate to the GBZ any par7al or fully discon7nuity of service, including reach,
BSC-‐06
progress and recovery
BSC-‐07 Schedule planned maintenance between 03:00 AM and 07:00 AM
BSC-‐08 Communicate each recovery from malfunc7on to the LSP and GBZ(s)
Ensure that network round trip delay between GBZ(s) and LSP is no more than 200
RSP-‐01
Response milliseconds in 90% of the cases
Times
RSP-‐03 Enable priori7za7on of network traffic to the LSP

ZSP Exploita*on Requirements
Ensure that ZSP is registered at the Dutch chamber of commerce (Kamer van
ORG-‐01
Koophandel).
ORG-‐02 Posi7on the ZSP as main subcontractor when using third party services
ORG-‐03 Par7cipate in discussion sessions organized by the LSP
Ensure a good service desk: reachable on work days from 08:00 AM to 05:00 PM (with an
Organiza7on ORG-‐05 emergency number outside this 7me frame) and being able to es7mate recovery 7mes
and to report recovery progress.
Classify malfunc7ons: Class 1 if DCN is unreachable, Class 2 if limited func7onality and
ORG-‐06
Class 3 if it is fully func7onal with some outages.
Solve malfunc7ons: immediately (Class 1), within 4 hours (Class 2) or within 24 hours
ORG-‐07
(Class 3)
Ensure that the contact data (e.g. telephone number) of the DCN’s system administrator
BEH-‐01
is known by the system administrator of the LSP where it can be contacted 24x7
BEH-‐02 Ensure capabili7es to localize the domain of a malfunc7on in the network
Measure and report to the LSP used and available bandwidth per connec7on per GBZ
BEH-‐03
(measurements of minimal 20 connec7ons concurrently if available)
BEH-‐04 Report monthly to the LSP the frequency and dura7on of network outages
Management
BEH-‐05 Report monthly to the LSP and GBZs the recovery 7mes of all outages
Ensure that planned maintenance (if affects func7onality) is communicated to LSP and
BEH-‐06
GBZs at least 5 working days in advance.
Support the migra7on to another ZSP to be completed within 3 weeks arer the new
BEH-‐07
ZSP’s infrastructure is ready
BEH-‐08 Facilitate migra7ons to other ZSPs to guarantee con7nuity of services
GBO-‐01 Deliver user support with a service level that matches the priority of issues
User Support
GBO-‐02 Handle and manage all issues signaled by GBZs

Appendix N: NICTIZ’s GBZ Requirements Overview
Area Requirement
1.1. Healthcare informa7on system has the XIS cer7fica7on.
1.2. A ZSP cer7fied network provider is used.
Organiza7on has been subscribed in the UZI register and has received UZI
Prac7cal 1.3.
cards, card readers and UZI server cer7ficate.
Requirements
1.4. WriOen agreements with related third par7es.
The organiza7on uses the EPD infrastructure for the goal determined by the
1.5.
used XIS applica7on.
2.1. Some employee is direct responsible for con7nuos GBZ compliance regarding
direct and delegated responsibili7es.
2.2. Employees are trained to work with the EPD and have wriOen procedures and
user manuals (i) (ii). An employee is directly responsible for employee
training, manuals and procedures.
2.3. Organiza7on provides first line support and incident registra7on during office
hours. An employee is directly responsible for this.
Organiza7onal
Embedding 2.4. The organiza7on has a list of error codes provided by the switching point and
the related ac7on to be taken.
2.5. Organiza7onal policy and measures to ensure data availability, correctness
and security (data not accessed by unauthorized people). An employee is
directly responsible for these policies and to ensure its compliance.
2.6. Applica7ons connected to the EPD are tested before being used in
produc7on. An employee is directly responsible for this.
3.1. Procedures for using BSN numbers.
3.2. Delimited scope of GBZ and dossier management.
3.3. Regular control to check if pa7ent data has been ini7ated.
3.4. To protect the GBZ environment, the organiza7on has an overview of XIS
interfaces, interfaces are protected against data leakage and data on the
na7onal EPD is protected against unauthorized access.
3.5. Regarding data submission to the na7onal switching point, the organiza7on
has an overview of which data has been submiOed, a policy to determine
which data is going to be submiOed and it performs periodic random control
checks.
Data 3.6. The organiza7on is able to protect complete o par7al pa7ent data from
Management exchange in the EPD, informing the pa7ent about the consequences.

Data
Management
Area Requirement
3.7. The organiza7on is able to submit informa7on which is stored within the legal
storing 7me. Including an overview of the data stored, a daily remote back up
of the data, and a policy to discard data when the legal storing 7me has
passed.
3.8. Regarding the integrity of data, the organiza7on must ensure that the data
submiOed corresponds with the related pa7ent dossier.
3.9. The organiza7on informs pa7ents about the exchange of his/her data on the
na7onal infrastructure.
3.10. The organiza7on ensures that pa7ent data is exclusively exchanged through
the na7onal EPD infrastructure.
4.1. Controlled use of UZI cards by employees. Providing training and tools for the
correct use and performing control checks and sanc7ons to ensure this.
4.2. Access log of pa7ent data. Delega7ons are properly managed by: having a
direct responsible employee for managing delega7ons, employees obtain
proper delega7on, employees are controlled on the appropriate exercise of
delega7ons, delega7ons are controlled and preven7ng that employees obtain
conflic7ng delega7ons.
4.3. Inform pa7ents over EPD and obtain pa7ents approval before exchanging his/
her informa7on.
4.4. Instruc7ons to protect pa7ent data from unauthorized access.

Access
4.5. The use of UZI cards is limited to the interfaces between the UZI card, the UZI
reader en the informa7on system in every work sta7on.
4.6. The connec7on to the switching point takes place through a server that uses
the UZI server cer7ficate, which is protected according to the policies of the
UZI register and there are procedures and instruc7ons for administrators.
4.7. Data obtained through the EPD infrastructure is deleted arer use, including
half processed data en data temporary saved on devices.
4.8. The exchange of informa7on is regularly controlled, including log
management and checks to detect unauthorized access.
5.1. 24x7 accessibility and management with a maximum of 1 outage per month
with no more than 15 minutes down7me, and a maximum of 2 outages per
year with no more than 1 day down7me.
5.2. A system administrator is directly responsible for seung up and maintaining
connec7vity to and from the EPD infrastructure.
5.3. The system administrator ensures the accurate use of DCN, IP address,
domain name, HL7 messages and NTP 7me synchroniza7on.
5.4. There is a plausible protec7on against energy shortage.
5.5. The 7me used by the server can vary a maximum of 1 second from the used
NTP server 7me.
Connec7on
Area Requirement
Connec7on
5.6. When configuring IP addresses and/or domain names the system
administrator must ensure that they comply with ZIM tests and ZIM
opera7onal context, that they are not internally used for other purposes, and
that planned maintenance takes place a maximum of 12 7mes per year with a
maximum down7me of 1 hour.
5.7. Regarding capacity planning the system administrator must ensure that there
is enough compu7ng capacity to support the exchange of messages, to
support all SSL sessions and to comply with the agreed response 7mes.
Average response 7mes are periodically analyzed and registered in wriOen.
5.8. The system administrator must ensure that when requested by na7onal EPD
system administrator the UZI cer7ficates and related applica7ons are loaded,
configured and stopped.
6.1. Overview of XIS interfaces.
Security 6.2. Protec7ng interfaces against leaks.
6.3. Protec7ng the EPD against unauthorized filling or access.
(i) The training program of employees should at least include the following items:
- Informing pa7ents on the use of BSN numbers and the exchange of their informa7on at na7onal level.
- Informing pa7ents on the possibility to exclude their data from exchange at na7onal level.
- Process to be carried out if a pa7ent wants to exclude his data from exchange.
- How to look a BSN number up and link it to the corresponding internal index.
- How to deal with difficult names and diacri7cal marks.
- Understanding the importance of and requirements for accurate dossiers.
- Condi7ons for the use of the EPD.
- Rules and alerts when login terms are not followed.
- Responsibili7es regarding informa7on requests.
- Condi7ons that allow to copy gathered informa7on to local informa7on systems.
- Condi7ons for delega7ons of use and how to avoid unauthorized delega7ons.
- The process of transferring a full pa7ent’s dossier.
- How to handle error messages and problems and how to contact the help desk
- How to report suspicion or certainty of weak points or threats to the EPD
(ii) The procedures and user manuals should at least include the following items:
- Informing pa7ents on the exchange of informa7on at na7onal level
- Informing pa7ents on the possibility to exclude their data from exchange at na7onal level.
- Process to be carried out if a pa7ent wants to exclude his data from exchange.
- Procedure to look BSN numbers up and link them to internal index numbers
- Reques7ng, denying, replacing, blocking and communica7ng lost of UZI cards
- Copying requested data to local informa7on systems
- Delega7on of access to the EPD
- Transfer of dossiers
- Possible error codes and the ac7on to be taken
- How to contact the help desk
- How to report suspicious or real weak points or threats to the na7onal infrastructure
- A detailed list of error codes and consequent ac7ons provided by the switching point

Towards A Healthy Cloud: Cloud Computing Solutions in Dutch Healthcare

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Towards A Healthy Cloud: Cloud Computing Solutions in Dutch Healthcare

Hochgeladen von

Copyright:

Verfügbare Formate

Towards a Healthy Cloud

Cloud Computing Solutions for the Dutch Healthcare Sector

Master Thesis Business Informatics

Towards a Healthy Cloud Page 2 of 218 Juan Hernández Colomina

Towards a Healthy Cloud Page 3 of 218 Juan Hernández Colomina

Towards a Healthy Cloud Page 4 of 218 Juan Hernández Colomina

1. Research Problem and Scope

2. Research Goal and Ques*ons

Towards a Healthy Cloud Page 5 of 218 Juan Hernández Colomina

Research Ques*ons Group 1: Deﬁni*on of Cloud Compu*ng

Research Ques*ons Group 2: The Dutch Healthcare Sector

Research Ques*ons Group 3: Cloud Compu*ng in Dutch Healthcare

Towards a Healthy Cloud Page 6 of 218 Juan Hernández Colomina

Towards a Healthy Cloud Page 7 of 218 Juan Hernández Colomina

Although many other research paradigms can be found in previous publica7ons

Towards a Healthy Cloud Page 8 of 218 Juan Hernández Colomina

Towards a Healthy Cloud Page 9 of 218 Juan Hernández Colomina

Table 1: March & Smith framework (Järvinen, 2000)

Design Science Natural Science

Towards a Healthy Cloud Page 10 of 218 Juan Hernández Colomina

Table 2: Linking Research Ques*ons to Research Methods

Phase Type of Research

-­‐ Literature Study

1 What is ...?

• Descrip7on of the Dutch Healthcare sector

• Matching-­‐model linking requirements with cloud

Towards a Healthy Cloud Page 11 of 218 Juan Hernández Colomina

Towards a Healthy Cloud Page 12 of 218 Juan Hernández Colomina

(A) Literature Study

Towards a Healthy Cloud Page 13 of 218 Juan Hernández Colomina

(B) Online Field Study

Towards a Healthy Cloud Page 14 of 218 Juan Hernández Colomina

(C) Expert Reviews

Towards a Healthy Cloud Page 15 of 218 Juan Hernández Colomina

5.2. Phase 2 Approach and Methodology

Towards a Healthy Cloud Page 16 of 218 Juan Hernández Colomina

(B) Expert Reviews

5.3. Phase 3 Approach and Methodology

Towards a Healthy Cloud Page 17 of 218 Juan Hernández Colomina

(A) Ar*fact Building

Towards a Healthy Cloud Page 18 of 218 Juan Hernández Colomina

Transparency on the construc7on of meta-­‐ar7facts in design science is regarded by some

Towards a Healthy Cloud Page 19 of 218 Juan Hernández Colomina

(B) Ar*fact Evalua*on

Towards a Healthy Cloud Page 20 of 218 Juan Hernández Colomina

6. Prac*cal and Scien*ﬁc Contribu*on

Towards a Healthy Cloud Page 21 of 218 Juan Hernández Colomina

Towards a Healthy Cloud Page 22 of 218 Juan Hernández Colomina

(B) Scien*ﬁc Contribu*on

Towards a Healthy Cloud Page 23 of 218 Juan Hernández Colomina

Towards a Healthy Cloud Page 24 of 218 Juan Hernández Colomina

Towards a Healthy Cloud Page 25 of 218 Juan Hernández Colomina

Virtualization SaaS Outsourcing Security Cloud Computing Storage Infrastructure Networks

Towards a Healthy Cloud Page 26 of 218 Juan Hernández Colomina

Towards a Healthy Cloud Page 27 of 218 Juan Hernández Colomina

1.1. Business Trends

Towards a Healthy Cloud Page 28 of 218 Juan Hernández Colomina

Computers have evolved signiﬁcantly

Towards a Healthy Cloud Page 29 of 218 Juan Hernández Colomina

Towards a Healthy Cloud Page 30 of 218 Juan Hernández Colomina

Table 6: Strategic Technology Areas (Gartner, 2009)

Rank 2010 Technology Evolu*on from 2009 ranking

1.3. The Hype Around Cloud Compu*ng

Research Quesons Group 1: Deﬁnion of Cloud Compu*ng

Research Quesons Group 3: Cloud Compung in Dutch Healthcare

-‐ Literature Study

• Matching-‐model linking requirements with cloud

Transparency on the construc7on of meta-‐ar7facts in design science is regarded by some

(B) Arfact Evaluaon

6. Praccal and Scienﬁc Contribu*on

(B) Scienﬁc Contribuon

2.1. Ulity Compung

Another example of technology “u7lity-‐za7on” can be found in the hardware industry

2.2. Scienﬁc Deﬁnions

D. 2009 IEEE Internaonal Conference on Cloud Compung

All remote compu7ng or oﬀ-‐premises

2.5. Deﬁnions from Standards Organizaons

2.7. Research Deﬁnion of Cloud Compung

NIST: “Cloud compu7ng is a model for enabling convenient, on-‐

As-‐a-‐service / Service Based Berkeley University, IEEE, Gartner, NIST

Easy Accessible / On-‐demand Telefonica, IEEE, Media, Capgemini, NIST

A SaaS applica7on is oren scalable, mul7-‐tenant-‐eﬃcient and/or conﬁgurable (Chong &

Table 10: SaaS mul*-‐tenancy paRerns

4.1. Resource Opmizaon