Cloudcomputing technology offers flexible, pay-per-use and convenient access to a pool of services and virtualised computer resources using internet connection. Despite these benefits, the adoption of cloudcomputing by Small and Medium Enterprises (SMEs) is still slow due to (perceived) security and privacy issues. Recent studies concluded that such issues could result in issues of trust for both adopters and potential adopters of cloudcomputing. While security and privacy issues are actively being researched in the area of cloudcomputing, there is little published research regarding the aspect of trust between the clients (SMEs) and their Cloud Service Providers (CSPs). The main focus of this study was to investigate the role of trust and other factors involved in the adoption and usage of cloudcomputing by SMEs. By combining the variables introduced by Diffusion of Innovation Theory (Rogers, 2003), Technology Organisation Environment Framework (Tornatzky and Fleishchner, 1990) and the Integrative Model of Organisational Trust (Mayer, et al., 1995), a conceptual model was produced. This model was tested empirically through an online survey of 269 participants consisting UK SMEs. Using the statistical software ‘SPSS’, the description of each variable was presented. The reliability of multi scale items was assessed using Cronbach’s alpha. Factor analysis was carried out to reduce the dimensions of items used for further analysis (regression). Then an ordinal regression analysis was done to examine the relationship between variables. It was found that an increase in the challenges of cloudcomputing decreases its chances of adoption. Also, an increase in the knowledge level of cloudcomputing was found to increase the chances of adopting cloudcomputing. On the other hand, trust in service provider was found to have a negative effect on the perceived usefulness of cloudcomputing. This is because majority of the respondents revealed that cloudcomputing is very useful but indicated total disagreement of trust in their CSPs. This is not an attractive finding for the CSPs. Therefore, the recommendations provided will enable to CSPs to increase trust in order to encourage the continuous use of cloudcomputing by adopters and also encourage the uptake of cloudcomputing by potential adopters.
4.1 Security, Privacy and TrustIssues
One of the main issues surrounding CloudComputingadoption is security (Carlin & Curran, 2011; Ohlman et al., 2009). The fact that cloudcomputing takes place over/across a network where users are able to gain access to computing resources via the internet from anywhere makes it ‘appear’ more vulnerable to all forms of cyber-attacks. Security has been cited in various surveys on cloudcomputingadoption in the global north as one of the key challenges that is keeping end-users away from adopting any form of the cloud (Shaikh & Haider, 2011; Gens et.al, 2009). We identified a different trend amongst the SMEs that participated in this research. Most of the companies’ CTOs or IS staff do not see security as a major threat or an obstacle in adopting the cloud. Consider this statement by one of the interviewees when asked about his thoughts on security in the cloud: “it is secured” [Interviewee 3]. Another interviewee is of the opinion that: “cloudcomputing is secured... because we have not experienced any threat so far [Interviewee 10]. Furthermore, even those that did actually express their fears about security are still using it (cloudcomputing) as part of their IT- Strategy, like this interviewee who said concerning cloud security: “I can’t say it is 100% secure… but it’s for easy accessibility, it give[s] me what I need” [Interviewee 1].
Abstract—The advent of cloudcomputing in recent years has sparked an interest from different organizations, institutions and users to take advantage of web applications. CloudComputing is a paradigm shift in IT services delivery. This shift promises large gains in agility, efficiency and flexibility at a time when demands on data centers are growing exponentially. This is a result of the new economic model for the Information Technology (IT) department that cloudcomputing promises. The model promises a shift from an organization required to invest heavily for limited IT resources that are internally managed, to a model where the organization can buy or rent resources that are managed by a cloud provider, and pay per use. Cloudcomputing also promises scalability of resources and on-demand availability of resources. Although, the adoption of cloudcomputing promises various benefits to an organization, a successful adoption of cloudcomputing in an organization requires an understanding of different dynamics and expertise in diverse domains. Currently, there are inadequate guidelines for adopting cloudcomputing and building trust. Therefore, this research project aims at developing a roadmap called ROCCA (Roadmap for CloudComputingAdoption), which provides organizations with a number of steps for adopting cloudcomputing and building trust. An associated framework called ROCCA Achievement Framework (RAF) is also proposed. RAF is a framework that uses the criteria in the ROCCA to build a framework for measuring the adherence level to the proposed roadmap.
Cloud utilization requires users or organizations to trust the cloud providers . Security and reliability  are the major concerns seen to affect adoption especially in the professional realm. According to [2, 17, 18] the main concerns on cloudadoption are mainly on safe data management, reliable access control, weak systems monitoring and service availability. Delegating some of the tasks to the service provider is seen as a challenge . All these concerns revolve around the central information security values which are confidentiality, integrity and availability . It is alluded that cloudcomputingadoption preceded the technologies required to tackle the trust challenges therefore creating a gap between adoption and innovation . There is also an indication that fear on confidentiality, availability and integrity of information have been the driving factors for slow cloudadoption rate . Such fears can only be addressed by a model addressing confidentiality, integrity and availability [21, 22, 23]. Hence, there is need to formulate a strategy to increase the cloud service uptake in institutions of higher education.
According to the survey of International Data Corporation (IDC), Security, Performance and Availability are the three biggest issues in cloudadoption. The critical challenge is how it addresses security and privacy issues which occur due to movement of data and application on networks, loss of control on data, heterogeneous nature of resources and various security policies. Data stored, processing and movement of data outside the controls of an organization poses an inherent risk and making it vulnerable to various attacks. The security threats can be of two types viz. internal and external. The external risk is posed by various persons and organizations e.g. enemies or hackers that do not have direct access to the cloud. The internal security risk is a well-known issue which can be posed by organizational affiliates, contractors, current or former employees and other parties that have received access to an organization’s servers, networks and data to facilitate operations. Cloudcomputing poses privacy concerns because the service providers may access the data that is on the cloud that could accidentally or deliberately be changed or even removed posing serious business trust and legal consequences [8, 11-14].
CloudComputing has emerged as a new technique for delivering services over the internet. It is earning popularity over traditional information processing system for storing and processing huge volume of data. The cloud makes it possible for users to access their information from anywhere at any time. This is especially helpful for business that can’t afford the same amount of hardware and storage space as a bigger company. Small companies can store their information in the cloud, removing the cost of purchasing and storing memory devices. The organization who uses cloud to store their private data, they are concerned about the security, trust and privacy issues related to its adoption. In this paper we recognize the roles of security and trust in cloudcomputing environments from the viewpoint of organization who would hand over their private information to the cloudcomputing provider.
Cloudcomputing is a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software and that’s the specialty of CC. As per the definition provided by the National Institute for Standards and Technology (NIST) (Badger et al., 2011), “cloudcomputing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. CloudComputing is an Internet-based development. The cheaper and more powerful processors, together with the “software as a service” (SaaS) computing architecture, are transforming data centers into pools of computing service on a huge scale. Meanwhile, the increasing network bandwidth and reliable yet flexible network connections make it even possible that clients can now subscribe high quality services from data and software that reside solely on remote data centers. CloudComputing is a model that focuses on sharing data and computations over a scalable network of nodes. Examples of such nodes include end user computers, data centers, and Cloud Services. We term such a network of nodes as a Cloud.presence in almost all walks of human activities. Some of them are online payment of bills, online shopping, booking travelling tickets and even movie tickets online. It is also used for the vast sea of information it provides regarding any topic under the sun by students, professionals, housewives, etc.
Cloudcomputing inevitably poses new challenging security threats since traditional cryptographic primitives. Data security protection cannot be directly adopted due to users’ loss of control of data under cloudcomputing. Therefore, verification of correct data storage in the cloud must be conducted without explicit knowledge of the whole data. Secondly, cloudcomputing is not just a third party data warehouse. The data stored in the cloud may be frequently updated by the users, including insertion, deletion, modification, appending, reordering, etc. To ensure storage correctness under dynamic data update is hence of paramount importance. However, this dynamic feature also makes traditional integrity insurance techniques futile and entails new solutions. Last but not the least, the deployment of cloudcomputing is powered by data centers running in a simultaneous, cooperated and distributed manner. Individual user’s data is redundantly stored in multiple physical locations to further reduce the data integrity threats. Therefore, distributed protocols for storage correctness assurance will be of most importance in achieving a robust and secure cloud data storage system in the real world .
Threat #6: Account or Service Hijacking Cloud users need to be aware of account service and traffic hijacking. Examples for attacks that may cause these threats are: man-in-the-middle, phishing, spam campaigns, and DDoS. Cloud solutions add a new threat to the landscape. If an attacker gains access to a user credentials, then she can eavesdrop on activities and transactions, manipulate data, return falsified information, and redirect the user clients to illegitimate sites. The CSA suggests to: 1. Prohibit the sharing of account credentials between users and services. 2. Leverage strong two-factor authentication techniques where possible. 3. Employ proactive monitoring to detect unauthorized activity. 4. Understandcloud provider security policies and SLAs.
High authority of the company and organizational culture has also become a big obstacle in the proper implementation of the cloudcomputing. Top authority never wants to store the important data of the company somewhere else where they are not able to control and access the data. They have misconceptions in their minds that cloudcomputing puts the organization at the risk by seeping out important details. Their mindset is such that the organization on risk averse footing, which makes it more reluctant to migrate to a cloud solution. 14. Consumption basis services charges
Although Cloudcomputing can be seen as a new phenomenon, as an evolving paradigm, but has to set to revolutionise the present technology towards the potentialised technology for making it as next generation utility. There are yet many practical problems which have to be solved. Among the many problems to be solved, some of them are security concerns with virtualization based on hypervisor, based on operating system, IP address issue. Cloudcomputing is one of the disruptive technology with profound implications for Internet services as well as for IT sector as a whole. It is very essential to have highly secured cloud, if the cloud has a common security methodology then, it will be a high value asset target for hackers because of the fact that hacking the security system will make the entire cloud vulnerable to attack. This has to be much secured in all aspects by avoiding DOS, eavesdropping, hacking public key and private key with use of AES and DES methods along with some optical devices and optical network. The datacenters also have to maintain the security of processing of data, which can be achieved by integrity and preventing the loss of data in the cloud with advanced AES and DES methods.
The security issues in Infrastructure as a Service are just can be addressed as physical security, environmental security and virtualization security. IaaS in public cloud poses the major risk whereas private cloud seems to have lesser impact. IaaS is prone to have various degrees of security. Infrastructure is also pertains to the transmission path including the hardware where data is stored. There is a high possibility that data can be routed through an intruder’s infrastructure, because in cloud environment data is transmitted through umpteen number of third party infrastructure devices . The security concerns which are threatening the internet also threaten the cloud because cloudcomputing system uses the same normal underlying internet technology to transmit the data. According to  a robust set of policies and protocols are required to help secure transmission of data within the cloud.
Cloud suppliers are the alluring focus for the programmers to assault as huge information put away on the mists. How much extreme the assault is rely on the secrecy of the information which will be uncovered. The data uncovered might be money related or other will be critical the harm will be serious if the uncovered data is close to home identified with wellbeing data, exchange mysteries and protected innovation of an individual of an association. This will deliver a serious harm. At the point when information ruptured happened organizations will be fined a few claims may likewise happen against these organizations and criminal allegations moreover. Break examinations and customer alerts can heap on basic costs. Abnormal effects, for instance, mark mischief and loss of business, can influence relationship for an extensive time span. Cloud providers regularly pass on security controls to guarantee their environment, regardless, affiliations are responsible for guaranteeing their very own data in the cloud. The CSA has recommended affiliations use multifaceted
Choose the right type of cloud for the application: public cloud, private cloud or hybrid cloud. Know how data integrity is maintained by the cloud service provider and how the integrity violations are detected and reported to the tenant. Tenant should always be able to know where the data is housed. Make sure the location of the data meets the compliance requirements. Tenants should be able to specify the access control and identities of authorized users. Tenants should ensure that the access control is allowed only on a need-to-know basis. Follow the principle of least privilege when assigning privileges. The cloud service provider should assume by default "deny all" for all data access controls. Secure federated identity management must be deployed across cloud systems. All stored data, by default, must be encrypted using strong cryptography.
Cloud is a network of processing elements or servers that has infrastructure to provide processing and storage facilities to clients throughout the world over the internet. The technology is spreading instantly in all domains. For instance, common users are utilizing public cloud services in the form of Google ® Drive, Dropbox ® , One- Drive ® and Media Fire ® for data storage . Similarly, commercial level cloud technology is also boosting it- self. Many small, medium to large organizations are utilizing private cloud services for their businesses. Rather than investing huge amount for finance to develop infrastructures, platforms, software applications and operat- ing systems; they obtain all these as well as get administrative and management services in the form of web apps from cloud service providers in private manner. Community Cloud is another service in which group of organi- zations uses cloud facility. Hybrid cloud has both public as well as private cloud facilities. For secure computing it utilizes the private cloud environment whereas noncritical activities and operations are done on public cloud .
Data migration challenges: The key challenge involved in data migration to cloud environments is matching the incoming data to the particular storage protocol and infrastructure being used. The enterprise may have data stored on an iSCSI SAN, for example, but the cloud environment may be Fibre Channel. The cloud infrastructure and protocol translations are a requirement for the migration to be successful. Another challenge is to perform the data migration with reasonable performance. Stretching out a migration over days or even weeks becomes the data center dilemma. The migration solution has to increase the efficiency to allow for business change and allowing for agility to decrease the likelihood of errors in the process and confining precious IT administrative resources. The IT administrator has to insure flexibility and meet the requirement to migrate data while applications continue to remain "online," as well as minimize the number of times an application needs to be stopped and restarted.
Research about cloudcomputing in the public sector was limited (Janssen and John, 2011), although there was some evidence of the benefits of cloudcomputing (Ali et al. 2015a; Buyya et al. 2009; Marston et al. 2011; Tripathi & Parihar 2011; Zhang et al. 2010). There was a dearth of studies that provide an in-depth and holistic investigation of the factors that need to be considered when organizations such as Australian regional municipal governments are planning to adopt cloudcomputing (Low et al. 2011; Misra & Mondal 2011). This limitation has hindered strategy development for adoption of cloudcomputing in local governments ( Department on Innovation Industry Science and Research 2011). There are calls for research related to cloudcomputingadoption to guide implementation decisions from regional municipal governments to request further research (Department of Innovation Industry Science and Research 2011).The current gap has led us to the following research problem: What are the actual factors to be considered by Australian regional municipal governments when planning to adopt cloudcomputing?
Technology consultants and service providers should take necessary actions to mitigate the feelings of uncertainties associated with adoption of cloudcomputing. The location of the data storage is one of the uncertainties around cloudcomputing. Factors such as internet connectivity, cost, security, trust, integration, backup, provider dependability, employee knowledge, and transportability are significant concerns when planning to adopt cloudcomputing in a business. The service provider should be capable of delivering secure and reliable environments in the most accessible, economical, and convincing way. This leads to a supportive environment for the business. Service providers should provide the technical support 24/7 to minimise the concerns of customers on data stored remotely away from their locations. Some of the Regional councils had not felt that they were adequate enough for cloudcomputingadoption due to many reasons. One possible explanation for this is that service providers identify alternating environment of IT industry, and they are playing a vital role in order to be an active facilitator for these services. At the same time, they don’t want their valuable investments of hardware and software to be affected. This can make stakeholders have a negative impression on service providers, who themselves have no clear aims and stance about these cloudcomputing technologies. It can be
Cloudcomputing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Cloudcomputing is a type of computing that relies on sharing computing resources rather than having local services on personal devices to handle applications. In cloudcomputing, the word cloud is used as a metaphor for the internet. So the phrase Cloud means a type of internet based computing, where different services, storages and applications are delivered to an organization’s computers and devices through the internet .
PaaS is a cloud service which provide a platform for customers allowing them to develop, run and manage web applications without having the complexity of creating and maintaining the infrastructures associated with the application . PaaS provides all the necessary requirements needed in a life cycle of development and delivery of web application. With PaaS the consumers are able to manage application and data while the provider manages runtime, middleware, operating systems, virtualization, server, storage and networking . The user can customize the development tools provided by the vendors. This service also offers the mechanisms of service management, such as monitoring, workflow management, reservation and discovery.