CloudingSMEs Deliverable D3.3.1 Document Templates, Spreadsheets, Tools and Techniques. CloudingSMEs FP7- No

Transcription

1 CloudingSMEs FP7- No WP2 SMEs Vision and Road mapping for Cloud Development Deliverable D2.2.1 SMEs Requirements for Cloud Development, Adoption and Evolution CloudingSMEs Document Templates, Spreadsheets, Tools and Techniques PROPRIETARY RIGHTS STATEMENT This document contains information, which is proprietary to the CloudingSMEs Consortium. Neither this document nor the information contained herein shall be used, duplicated or communicated by any means to any third party, in whole or in parts, except with prior written consent of the consortium

2 Document Details Project Acronym CloudingSMEs Grant Agreement No Project Title Deliverable Reference Number Deliverable Title Accelerating the adoption, deployment and use of Cloud Computing by SMEs CloudingSMEs--D3.3.1 Document Templates, Spreadsheets, Tools and Techniques Revision Number V0.1 Deliverable Editor(s) Authors / Contributors EBS Fotis Stamatelopoulos (EBS) Angelos Lenis (EBS) Giannis Koutsoubos (EBS) Caterina Berbenni-Rehm (PatS) Andrei Druta (PatS) Wolf Rehm (PatS) Project co-funded by the European Commission within the FP7 Framework Programme Dissemination Level PU Public Statement of originality: This deliverable contains original unpublished work except where clearly indicated otherwise. Acknowledgement of previously published material and of the work of others has been made through appropriate citation, quotation or both. Date: 6/12/2015 2/47 CloudingSMEs

3 Revision History Rev. Author(s) Organization(s) Date Changes V0.1 Fotis Stamatelopoulos, Angelos Lenis V0.2 Fotis Stamatelopoulos, Giannis Koutsoubos V0.25 Fotis Stamatelopoulos, Angelos Lenis V0.30 Caterina Berbenni-Rehm, Andrei Druta, Wolf Rehm EBS 31/01/2014 Initial Structure EBS 25/02/2014 Introduction and Initial Description of Tools EBS 28/02/2014 Section 2 Toolbox Purpose and Roadmap PatS 03/03/2014 Inputs in Section 4 about PROMIS platform and tools V0.31 Caterina Berbenni-Rehm PatS 05/03/2014 Additional comments incorporated V0.35 Fotis Stamatelopoulos, Giannis Koutsoubos V0.4 Fotis Stamatelopoulos, Angelos Lenis, Giannis Koutsoubos V0.45 Fotis Stamatelopoulos, Giannis Koutsoubos V0.50 Angelos Lenis, Fotis Stamatelopoulos EBS 12/03/2014 Inputs in Section 3 EBS 14/03/2014 Authoring of Conclusions (Section 5) and inputs to the Outlook section (Section 2) EBS 17/03/2014 Added more details on tools models and algorithms, updated tool screenshots, incorporated comments EBS 28/03/2014 Addition of Executive Summary and various edits V0.55 Wolf Rehm PROMIS 01/04/2014 Review and additional details in the tool box V0.60 Angelos Lenis, Fotis Stamatelopoulos EBS 10/04/2014 Preparation of pre-final version; Implementation of review comments V1.00 Lorenzo Accardo UEAPME 14/04/2014 Final Version for Delivery to the EC Date: 6/12/2015 3/47 CloudingSMEs

4 Abstract This deliverable describes the first (intermediate) release of CloudingSMEs toolbox, which comprises of a set of tools that are aiming at supporting Small Medium Enterprises (SMEs) in adopting and leveraging the use of the Cloud. The tools are offered as on-line programs/utilities, which will be integrated within the CloudingSMEs web sites. Some of the tools address the needs/decisions of end-user SMEs i.e. SMEs wishing to adopt and/or use cloud computing solutions. However, there are also tools that are destined to address the needs of ICT SMEs i.e. SMEs developing and providing cloud computing solutions and/or services. The development of the tools has been based on a set of initial assumptions about the SMEs needs and the type of services that are needed to cover these needs. It is intended that this first (intermediate) release of the toolbox will be appropriately refined based on feedback from the SMEs. Furthermore, the partners intend to enhance the functionalities of the tools towards providing more personalized support to the SMEs. The relevant enhancements and fine-tunings will lead to the second and final version of this deliverable, which will describe the second (final) release of the CloudingSMEs toolbox.. Date: 6/12/2015 4/47 CloudingSMEs

5 Table of Contents Document Details... 2 Revision History... 3 Abstract... 4 Table of Contents... 5 Table of Tables... 6 Table of Figures... 7 Executive Summary Introduction Toolbox Development Planning Toolbox Purpose and Overview Development Process and Evolution Plan Longer Term Vision Tool Box Interactive Tools (first/initial release) Cloud Security Scorecard TCO Calculator Strategic Considerations Scorecard Cloud Services Catalogue Privacy and Data Protection Guide Guide to an Effective SLA Cloud Standards Catalogue PROMIS Platform Tools and Document Library On-line Support Services Questionnaires - Overview and structure Community of Cloud Experts (CV Data Base) Knowledge Pyramids mycommunication mycommunication Multilingualism Document Library Conclusions References Date: 6/12/2015 5/47 CloudingSMEs

6 Table of Tables Table 1: Tools of the Toolbox and the Issues/Functional Areas that they address Table 2: Questions comprising the Cloud Security Score Card Table 3: Main Components of the mycommunication Tool Date: 6/12/2015 6/47 CloudingSMEs

7 Table of Figures Figure 1: Evolution of the Toolbox (in the scope of the CloudingSMEs work plan) Figure 2: Questions of the Cloud Security Scorecard (Screenshot of Interactive Tool) Figure 3: Comparative Evaluation Results of the Cloud Security Scorecard (Screenshot of Interactive Tool) Figure 4: Input form of the TCO Calculator Figure 5: TCO Calculator Results Recommendation Figure 6: Screenshot of the input form for the Strategic Considerations Scorecard tool Figure 7: Screenshot of the results presentation of the Strategic Considerations Scorecard26 Figure 8: Screenshot from the Cloud Services Catalogue Prototype Figure 9: Checklist selection screenshot Figure 10: Example of checklist generation based on user selection Figure 11: Snapshot of the Cloud Standards Catalogue Figure 12: Snapshot of the CloudingSMEs Questionnaires developed based on the respective tools of the PROMIS toolbox Figure 13: Workflow process for consultants Figure 14: Sample Knowledge Pyramids Figure 15: Snapshot of the PROMIS toolbox Figure 16: Snapshot of the mycommunication Module Date: 6/12/2015 7/47 CloudingSMEs

8 Executive Summary Among the main objectives of CloudingSMEs is to provide support to SMEs that aim at adopting and/or exploiting cloud computing, through a practical toolbox (i.e. the CloudingSMEs toolbox) that will facilitate their cloud-related decisions. In this direction the project is committed to support SMEs in contractual, legal and cost-related issues, including privacy and security issues. The present deliverable corresponds to the first version/release of the CloudingSMEs toolbox, which provides a range of eight on-line interactive decision support tools for SMEs. The tools emphasize support in all of the above-listed areas, through enabling SMEs to identify and understand the main issues and thorny points that they should consider during the process of evaluating and/or selecting cloud services and cloud service providers. Most of the tools address the needs of end-user SMEs (demand-side), while there are also tools that are primarily destined to support ICT SMEs that engage in the provision of cloud services to their customers (supply chain). In a nutshell, the interactive tools that comprise the first version of the CloudingSMEs toolbox include: The Cloud Security Scorecard tool, which allows SMEs to audit/score the level of security offered by their cloud providers. The Privacy and Data Protection Guide tool, which provides information to SMEs about data protection issues in the cloud, including pointers to applicable legislation. The Guide to an effective SLA tool, which should support SMEs in effectively understanding and negotiating their SLAs with cloud providers. The TCO Calculator tool, which facilitates SMEs in calculating the TCO (Total Cost of Ownership) of their cloud solutions, but also in comparing this TCO with a data center solutions. The Strategic Considerations Scorecard, which provides the means to assess whether the SMEs should adopt a cloud solution or not. The Cloud Solutions Catalogue tool, which is a searchable catalogue of cloud solutions, including the purpose/functionality of its solution, the target groups, the target industry, as well as the region(s)/countries where these services are offered. The Cloud Standards Catalogue tool, which is a searchable catalogue of cloud standards and their purpose/usefulness for SMEs. As part of the initial version of the toolbox, initial prototype of all these tools have been developed, while some of the tools are already accessible via the CloudingSMEs portal. The consortium will undertake Date: 6/12/2015 8/47 CloudingSMEs

9 efforts towards improving and fine-tuning the tools, in terms of the decision support formulas used, but also in terms of aesthetics and ease of use. To this end the project will take into account feedback from the SMEs communities, which will be solicited and collected as part of the SMEs workshops of the project. Date: 6/12/2015 9/47 CloudingSMEs

10 1 Introduction The CloudingSMEs toolbox is intended to design, integrate and offer a number of interactive tools that could facilitate SMEs in their cloudadoption and cloud-use decisions. It is developed as part of of the project, which (according to the project s workplan / task structure) is intended to cover the following cloud computing areas: Guidance and standards for legal and contractual issues task 3.1 of the workplan Tools for Privacy and Data Protection task 3.2 of the workplan Tools for SLA Management and Negotiation task 3.3 of the workplan Methodologies and Toolkits for Cost Benefit Analysis task 3.4 of the workplan Date: 6/12/ /47 CloudingSMEs

11 In order to cover these areas the project has undertaken the design and development of the following tools Cloud Security Scorecard Tools, which should allow SMEs to audit/score the level of security offered by their cloud providers. Privacy and Data Protection Guide A tool, which provides information to SMEs about data protection issues in the cloud, including pointers to applicable legislation. Guide to an effective SLA A tool, which should support SMEs in effectively understanding and negotiating their SLAs with cloud providers. TCO Calculator A tool, which shall facilitate SMEs in calculating the TCO (Total Cost of Ownership) of their cloud solutions, but also in comparing this TCO with a data center solutions. Strategic Considerations Scorecard Cloud Solutions Catalogue A Tool which shall provide the means to assess whether the SMEs should adopt a cloud solution or not. A tool, which will be a searchable catalogue of cloud solutions, including the purpose/functionality of its solution, the target groups, the target industry, as well as the region(s)/countries where these services are offered. Cloud Standards Catalogue A tool, which will be a searchable catalogue of cloud standards and their purpose/usefulness for SMEs. In addition to these tools, the project will support SMEs on the basis of services provided by the PROMIS platform. In particular, a range of PROMIS tools including: Pyramids to structure and share expert s knowledge in Cloud related matters, Questionnaires of different types: (i) Linear, (ii) Dynamic, Time limited, Recurring questionnaires. Communication between experts and users. Registration of consultants CVs (Curricula Vitae) to qualify as experts in the CloudingSMEs community. On-line support services e.g. Cloud expert s and legal advice. Date: 6/12/ /47 CloudingSMEs

12 Moreover, a number of supporting documents will be provided under the document library of the CloudingSMEs portal. These documents will serve as reference materials for SMEs wishing to access more detailed information about specific topics relating to cloud adoption. Note that the above list of tools constitutes an initial approach to the development of the toolbox as part of first release in March This approach is based on initial assumptions of the CloudingSMEs consortium about the merit and utility of the above-listed tools for SMEs. The tools may be revised in subsequent versions/evolutions of the toolbox, while additional tools might be added as well. The evolution of the toolbox will be based on feedback from stakeholders (including SMEs). In the following paragraphs we provide more information about the operation and use of the various tools. In particular, the structure of the deliverable is as follows: Section 2 illustrates the development process of the CloudingSMEs toolbox. It highlights the baseline assumptions that have led to the production of the first release, while also describing the plan for evolving and improving the toolbox. Section 3 describes the main tools that comprise the toolbox, which cover different functional areas and are delivered on the basis of a variety of interactive formats. Section 4 describes additional tools (originating from the PROMIS platform), which have been adapted/customized to the needs of the CloudingSMEs project. These tools are an integral element of the CloudingSMEs toolbox, given also that the latter will be fully integrated in the PROMIS platform (as part of subsequent deliverable D3.2). Section 4 describes additional tools (originating from the PROMIS platform), which have been and will be adapted/customized to the needs of the CloudingSMEs project. These tools are an integral element of the CloudingSMEs toolbox, given also that the latter will be fully integrated in the PROMIS platform (as part of subsequent deliverable D3.2). Note that Section 4 reports also on the multilingual characteristics of CloudingSMEs toolbox. Section 5 is the concluding section of the deliverable. Date: 6/12/ /47 CloudingSMEs

13 2 Toolbox Development Planning 2.1 Toolbox Purpose and Overview CloudingSMEs is a support action aiming at facilitating SMEs in adopting, using and fully leveraging cloud computing. As such the project is devoted to establishing a support infrastructure on cloud computing issues, which will be freely offered to the SME community that will be built by the project. The CloudingSMEs toolbox is an essential element of this support infrastructure. Primarily, the toolbox aims at: Supporting SMEs in the cloud related decisions, through facilitating them to assess cloud computing service offerings in terms of functionality, quality and cost, as well as in terms of alignment to the SMEs strategy and goals. Indeed, SMEs can use some of the tools of the toolbox in order to assess and/or compare cloud offerings. Assisting SMEs in understanding thorny issues associated with the adoption and use of cloud computing services. Indeed, the toolbox deals with key cloud computing topics, which the SMEs should understand prior to finalizing any of their cloud-related decisions. In particular, the toolbox comprises questions, checklists and input forms, which SMEs are prompted to fill-in as part of the toolbox s operation. No matter what are the answers provided by the SMEs, the formulated questions allow the end-users to obtain insights on the main cloud adoption challenges. The toolbox comprises a set of on-line web-based interactive tools aiming at providing support to SMEs on a wide range of cloud computing issues including: Elements and contents Service Level Agreements (SLAs) and more specifically agreements between the SMEs and cloud services providers. Importance of privacy and data protection issues including relevant rules and regulations at national and EU levels. Cloud costing/pricing issues including assessment of cloud solutions against traditional data center solutions. Cost benefit analysis associated with cloud computing services. Date: 6/12/ /47 CloudingSMEs

14 The above list of issues has been already identified as part of the CloudingSMEs DoW (Description of Work) document. Nevertheless, the list is not exhaustive, since SMEs have additional needs in terms of locating/identifying appropriate cloud services provides, assessing cloud security solutions and more. Hence, the CloudingSMEs toolbox specification and implementation was aimed at providing support in most of the above issues, based on a set of on-line interactive utilities which will be made accessible (to registered SMEs) through the CloudingSMEs web site. The following table lists the tools of the CloudingSMEs toolbox and associates them with the thorny issues identified above. Tools Cloud Security Scorecard Issues/Concerns Addressed Security Issues, SLA Negotiation Issues Privacy and Data Protection Guide Privacy and Data Protection Issues, Legal Issues Guide to an effective SLA SLA Negotiation Issues TCO Calculator Cost-Benefit Analysis Issues / Pricing Issues Strategic Considerations Scorecard Cloud Solutions Catalogue Cost-Benefit Issues and SLA Negotiation Issues Cost-Benefit Analysis Issues / Pricing Issues / SLA Negotiation Issues Table 1: Tools of the Toolbox and the Issues/Functional Areas that they address In most cases the SME needs addressed by each one of the tools is nearly self-evident. For example, the cloud security scorecard facilitates SMEs in comparing different security offerings (by different cloud providers) thereby touching security issues, as well as issues relating to the security aspects of an SLA with a cloud provider. Similarly, the TCO Calculator tool enables SMEs to compare the costs of cloud solutions with the costs of traditional data center solutions targeting the same application or service. Therefore, the TCO calculator tool is clearly destined to provide support on cost-benefit analysis issues, but also on more general pricing issues of the cloud services. It should be noted that Date: 6/12/ /47 CloudingSMEs

15 Table 1above refers to the on-line tools that comprise the first version of the toolbox. The second and final version of the toolbox is likely to contain additional tools, as well as revised or enhanced versions of the above-listed on-line tools. This might results into changes to the number and type of issues addressed by each one of the tools. As already outlined, the toolbox infrastructure of the project comprises the tools stemming from the PROMIS platform. These are services supporting SMEs in accessing on-line knowledge and advices in relation to cloud computing topics/issues. Specifically, SMEs can access structured information about specific cloud computing topics through knowledge pyramids, while at the same time they can obtain on-line advice by CloudingSMEs qualified experts. Overall, the toolbox includes the following tools, which have been or will be adapted to the project s needs based on the capabilities of the PROMIS platform: Tools enabling partners and experts to structure Cloud knowledge and expertise in Pyramids. Tools for partners and experts to generate online Questionnaires for SME users. Tools for administering self generated services for/with the SME users. Pyramids with Cloud Experts knowledge made available to interested SME users. Tools for online written communication between an expert owner of knowledge (ICT, legal, business, administrative, economic) and SME users interested in such specific knowledge/expertise. Online advice from experts to SMEs requesting it. Registration of CVs and qualification of consultants and Cloud experts being prepared to provide online advice to interested SMEs. Machine translation of content implemented in the toolbox. The above-listed PROMIS tools provide additional opportunities for supporting SMEs on the basis of expert knowledge. Note however that some of the tools require the participation of experts in the provision of on-line written support. Also the CloudingSMEs portal provides a document library that organizes materials about cloud computing topics. SMEs can assess documents in this library in order to obtain in-depth information about cloud adoption and use issues. Date: 6/12/ /47 CloudingSMEs

16 2.2 Development Process and Evolution Plan The present deliverable reports on the first (intermediate) release of the toolbox. A successive version of this deliverable will provide the second (and final) release of the CloudingSMEs toolbox. In terms of the webbased interactive tools of the toolbox, these two releases have been planned as part of the CloudingSMEs work plan and on the basis of the following evolution stages and milestones: Stage 1 - Early Prototype Implementation / Usage of Simple Models for Calculations and Comparisons: As part of this initial stage the CloudingSMEs consortium has relied on some initial assumptions about the needs of the SMEs in terms of cloud adoption and use, but also in terms of possible ways to support their decision making. The tools presented in the present release of this deliverable are based on these assumptions and serve as a basis for interacting with the SMEs community of the project about the form of on-line support that should be provided to them by the CloudingSMEs project. Stage 2 - Improvement and Fine-Tuning of the tools based on SME feedback / Personalization of the tools according to SMEs profiling data: Following the release of the deliverable and for the next 6-8 months, the project will focus on improving and fine-tuning the implementations of the tools taking into account: o SMEs Feedback: Feedback received from the SMEs communities o as part of on-line interactions (i.e. via the web site), but mainly as part of the workshops for SME communities that will be organized by the SME associations of the project. This feedback will be taken into account in order to make structural, aesthetic and functionalityrelated improvements to the tools. Profiling Data and Information: CloudingSMEs will endeavor to personalize the operation of the tools on the basis of SMEs profile information. The main sources for receiving this information are the registration process of the CloudingSMEs portal, as well as additional questionnaires that will be delivered/administered to the SMEs on-line. The profile information will be used on order to classify the SMEs into various categories (e.g., according to size, business sector, cloud computing knowledge) and accordingly to produce variations of the tools for each different (identified) SME profile. Stage 3 Adaptation of the tools based on data received/analyzed from their on-line use: This will be the final development stage of the interactive tools, which Date: 6/12/ /47 CloudingSMEs

17 will attempt to exploit on-line feedback from SMEs that actually used the (interactive) tools, along with analysis of their answers / inputs provided through the tools. The aim of this analysis will be to derive (crowd-sourced like) knowledge, which could be exploited towards refactoring and fine-tuning the tools, especially in terms of the formulas used to calculate the indicative evaluation scores. However, this step/stage will be subject to the availability of a critical mass of data from SMEs. In case such data will not be available, the project will employ empirical techniques for adaptation and personalization, while postponing the possibility of exploiting crowd-sourced knowledge for the sustainability phase of the project (i.e. following the conclusion of the CloudingSMEs contract). This is a viable and realistic contingency plan for the third stage of the tools development. An overview of this staged development/evolution process for the interactive tools of the CloudingSMEs toolbox is provided in Figure 1 Figure 1: Evolution of the Toolbox (in the scope of the CloudingSMEs work plan) Note that during the second and third stages, the partners will also work towards creating the necessary infrastructure for multi-linguicism in order to ensure that localized versions of the tools can be produced. This is an essential step towards the large scale penetration of the tools. 2.3 Longer Term Vision The vision of the CloudingSMEs consortium in terms of its Cloud Computing Toolbox is to become a valuable and credible source of SME s support on cloud computing issues. Hence, in the longer term (i.e. as part of the exploitation and sustainability phase of the project) the partners will endeavor to continually improve the tools, but also to devise a realistic model for their sustainability. This may include the roll-out of a subset of the tools as a paid service for (registered-only) SMEs, in Date: 6/12/ /47 CloudingSMEs

18 addition to the tools that will be offered as free services to the CloudingSMEs community. The conditions under which such fee-based services could be established and provided to the SME community of the project will be explored as part of the exploitation activities of the project (in WP6). Note that the interactive tools of the CloudingSMEs toolbox could serve as a vehicle for the longer term sustainability of the project s results, including their wider use by European SMEs. The partners will attempt to devise relevant business models for exploiting and sustaining the toolbox following the completion of the project. These plans will be created as part of the exploitation activities of the project in WP6 and will be reflected in relevant deliverables. Date: 6/12/ /47 CloudingSMEs

19 3 Tool Box Interactive Tools (first/initial release) 3.1 Cloud Security Scorecard Overview and Purpose The purpose of this tool is to facilitate SME companies in their assessments of cloud security offerings. It is intended to help them score (and possibly compare) different cloud solutions against their security functionalities and characteristics. Hence, the tool is primarily addressed to end-user SMEs wishing to understand, evaluate and compare the security offerings/services of different services providers Nature The tool resembles a web-based scorecard. It accepts as input the SMEs responses to a number of questions about the security offerings/features of one or more cloud providers. Accordingly, it calculates (as output) a score for each security offering. The score is used classify the security offering in one among three categories (Strong, Fair, Poor). Note that the tool enables end-users to compare different security offerings, through responding to the given set of questions for each one of the offerings to be compared Questions The following table lists the questions that comprise the cloud security scorecard. It also lists the possible/allowed answers to each of the questions, along with the relevant weight of each question in the calculation of the total/overall score. No. Questions Weight Possible Answers 1 Is the cloud provider s infrastructure audited by third-parties? High YES / NO 2 Does the cloud provider offer data portability as part of its services? 3 Does the cloud provider specify penalties and liabilities for a potential data or system breach? Low Medium YES / NO YES / NO 4 Does the cloud provider allow you to inspect the cloud facility? Medium YES / NO 5 Does the cloud provider provide encryption and key management? 6 Is the cloud provider implementing single-sign on (i.e. access with one set of credentials) to the applications and services that it provides to you? High Medium YES / NO YES / NO 7 Can the cloud provider accommodate your own security policies? Low NO/ PARTIALLY/ YES 8 Does the cloud provider make provisions for cross-border data transfers? Medium YES / NO Date: 6/12/ /47 CloudingSMEs

20 9 Does the provider guarantee that your data will remain private? High YES / NO 10 Does the cloud provider offer application firewalls? High YES / NO 11 Could the cloud provider partition your applications and services from other users/customers? Medium YES / NO 12 Are the above issues taken into account and included in the SLA? High NONE / FEW OF THEM / MOST OF THEM / ALL OF THEM 13 Is the cloud service vendor ISO certified 1 High YES / NO Table 2: Questions comprising the Cloud Security Score Card Score Calculation Model The score calculation will be always based on models open and transparent to the CloudingSMEs community. The model employed in the initial prototype is based on empirical knowledge of the cloud experts of the consortium (EBS, EuroCloud) regarding cloud security, as well as on some initial assumptions associated with the impact of various factors on the quality of cloud security services. In the scope of subsequent development phases, changes to the model will occur based on feedback from relevant stakeholders/communities and/or domain experts (if available). The project will enable stakeholders to provide such feedback based on an appropriate web-based form. Currently, the scoring algorithm (implemented in this initial version of the tool) is based on the following principles: Each question carries a weight and each answer option carries a score. Score: Sum(question.weight * optionselectedscore). MaxScore: Sum(question.weight * max(optionscores)). We extract % percentage by Score*100/MaxScore. Score % >=70% is characterized as Excellent. 30< Score % < 70 is characterized as OK/Fair. Score % < 30 is characterized as Poor. 1 Vendor has an Information Security Management System (ISMS) that is compliant with ISO and the best practices detailed in ISO Date: 6/12/ /47 CloudingSMEs

21 Answers and questions are dynamically configured. Currently the implementation uses the following configuration: Question Weight Option1 Option1 score Option2 Option2 score Option3 Option3 Score Option4 Option4 score 1. Is the cloud provider's infrastructure audited by thirdparties? 2. Does the cloud provider offer data portability as part of its services? 3. Does the cloud provider specify penalties and liabilities for a potential data or system breach? 4. Does the cloud provider allow you to inspect the cloud facility? 5. Does the cloud provider provide encryption and key management? 6. Is the cloud provider implementing single-sign on (i.e. access with one set of credentials) to the applications and services that it provides to you? 3 NO 0 YES 10 3 NO 0 YES 10 3 NO 0 YES 10 3 NO 0 YES 10 3 NO 0 YES 10 3 NO 0 YES Can the cloud provider accommodate your own security policies? 3 ΝΟ 0 PARTI- ALLY 5 YES Does the cloud provider make provisions for crossborder data transfers? 9. Does the provider guarantee that your data will remain private? 3 NO 0 YES 10 3 NO 0 YES Does the cloud provider offer application firewalls? 3 ΝΟ 0 PARTI- ALLY 5 YES Does the cloud provider implements identity management services (i.e. authentication, single-sign on, data analysis)? 12. Could the cloud provider partition your applications and services from other users/customers? 3 NO 0 ΥΕS 10 3 NO 0 ΥΕS Are the above issues taken into account and included in the SLA? 3 NONE 0 FEW OF THEM 3 MOST OF THEM 6 ALL OFΤΗΕΜ Is the cloud service vendor ISO certified? 3 NO 0 ΥΕS 10 Date: 6/12/ /47 CloudingSMEs

22 3.1.5 Implementation Status An initial version of the scorecard has been implemented as an interactive web-based tool and is already accessible via the CloudingSMEs portal / website. A couple of relevant screenshots follow. Specifically, Figure 2 depicts a snapshot of the questions that are presented to the user of the tool (i.e. the SME), which Figure 3 illustrates the comparative results/scoring produced by the tools once the user/sme inputs data in the questionnaire about multiple providers (i.e. fills in the questionnaire for multiple cloud providers). Figure 2: Questions of the Cloud Security Scorecard (Screenshot of Interactive Tool) Figure 3: Comparative Evaluation Results of the Cloud Security Scorecard (Screenshot of Interactive Tool) Date: 6/12/ /47 CloudingSMEs

23 3.2 TCO Calculator Overview and Purpose The purpose of this tool is to enable SMEs to compare the cost (in terms of Net-Present-Value (NPV)) of cloud-based solutions to the respective costs of a traditional data center solution that could provide/support the same services as the cloud solution. In this way the TCO calculator enables SMEs to make an initial estimate of potential cost benefits that could result from the adoption of the cloud solutions instead of a traditional data center solution. In addition to the calculations per se, this tool is expected to provide valuable insights to SMEs assessing the cost benefits of (potential) cloud solutions, since it helps them understand the cost components of the various solutions Nature The tool prompts SMEs to provide estimates for various data center costs, as well as for the various cost components of the cloud solution. Accordingly it will produce a ballpark comparison of the Total Cost of Ownership (TCO) for both the data center and the cloud solution. In the sequel, we provide a list of TCO components for both options (data center, cloud provider), which the tool takes into account towards the TCO calculation of the two alternative options: Cost-components of the Data Center Solution: Server costs. Storage costs. Network costs. Backup and archive costs. Disaster recovery costs. Platform costs. Software maintenance costs (for packaged software). Software maintenance costs (for in-house software). Operational support personnel cost. Infrastructure software costs. Data center infrastructure costs. Cost-components of the Cloud Solution: Pay-as-you-go-fees. Private Cloud Costs (for private cloud solutions only). Note that the TCO calculation is based on NPV (Net-Present-Value) calculation (taking into account the WACC (Weighted Average Cost of Capital (WACC)). Furthermore, the tool illustrates prerequisites in order Date: 6/12/ /47 CloudingSMEs

24 to make the comparison valid (e.g., the availability of workloads and applications that could be moved into the cloud) Implementation Status A first version of the TCO calculator has been implemented as a webbased tool, which is already integrated within the CloudingSMEs portal. Figure 4 illustrates a snapshot of the form for inputting data associated with the TCO calculator (i.e. costs associated with a data center and a respective cloud based solution). Figure 4: Input form of the TCO Calculator Also, Figure 5 depicts the results produced by the tool in terms of NPV calculation, but also in terms of the overall suggestion (in favor or against a cloud solution) provided to the end-user of the tool. Figure 5: TCO Calculator Results Recommendation Date: 6/12/ /47 CloudingSMEs

25 3.3 Strategic Considerations Scorecard Overview and Purpose The purpose of this tool is to provide indications/guidelines to SMEs on whether cloud adoption could be a good option for them. To this end, SMEs will provide information on a number of strategic factors that relate to cloud deployments Nature The tool is essentially a scoring utility, which calculates a Cloud Appropriateness Score (CAS) (or alternative Cloud Adoption Score) indicating whether an SME should strongly consider cloud adoption or not. In particular, the higher the CAS score, the most likely that the SME could benefit from cloud adoption. The calculation of the CAS score will be calculated on the basis of a weighted formula that will take into account the status of different strategic factors for the SMEs. For each strategic factor the SMEs will specify: A weight signifying its relevant importance for cloud adoption. Scores associated with the different options of these strategic factors. The above-mentioned weights and scores will be used for calculating the CAS score. The strategic factors (along with some options for them) include: Workload (Small, Medium, High). It is assumed that enterprises with high workloads are more likely to favor cloud computing solutions. Cost of Data Center per User (Small, Medium, High). It is assumed that enterprises with high data center costs are more likely to adopt cloud computing solutions. Burstiness and Fluctuation of Workload (Small, Medium, High). It is assumed that enterprises with high burstiness and fluctuation in their workloads are more likely to adopt cloud computing solutions. Availability of Resources in the company's existing data center (Very Low, Low, Medium, High). It is assumed that enterprises with low availability of resources in their data center are more likely to adopt cloud computing solutions. Cloud Adoption by Competitors (Low, Medium, High). In cases where an enterprise s competitors are adopting cloud solutions, it is considered strategically more appropriate for the enterprise to do so as well. Pressure to reduce capital expenses (Yes, No, Don't know). Company s under pressure to reduce capital expenses are more likely to adopt cloud computing solutions. Planning to develop/deploy new ICT technology in the coming months (Yes, No, May Be). The deployment of new ICT technology is Date: 6/12/ /47 CloudingSMEs

26 seen as a strategic opportunity to adopt and leverage the benefits of cloud computing solutions. Current value from existing data center operations (Low, Medium, High). Enterprises that get low value from their existing data center are more likely to adopt cloud computing solutions Implementation Status An initial implementation of the Strategic Considerations Scorecard solution is available and linked to the CloudingSMEs web site / portal. Figure 6: Screenshot of the input form for the Strategic Considerations Scorecard tool Two snapshots of the current implementation are provided in Figure 6 (depicting the data input process/form) and Figure 7 (depicting how the results/suggestions are displayed to the end-user. Figure 7: Screenshot of the results presentation of the Strategic Considerations Scorecard Date: 6/12/ /47 CloudingSMEs

27 3.3.4 Score Calculation Model Similarly to other tools, the Strategic Consideration Scorecard implementation uses a score calculation model based on question weights and answer-option scores. The methodology and principles for exposing and evolving the scoring algorithms are exactly as in the case of the (earlier presented) Cloud Security Scorecard tool. Currently, the model uses the following parameters and recommendation algorithms: Score = Sum (question.weight * answer.optionselectedscore). If Score > 0 then the recommendation is pro cloud; if Score < 0 the recommendation is pro datacenter. MinimumScore = sum (q.weight*min(options)). MaximumScore = sum (q.weight*max(options)). Cloud Adoption Score = score-minimumscore/maximumscore- MinimumScore. Question Weight Option1 Option1 score Option2 Option2 score Option3 Option3 Score Option4 Option4 score 1. Major concerns for 3 Privacy -20 Security -10 SLA Workload 3 Low -20 Medium 0 High Data center operational cost per user 4. Data center operational cost per application 3 Low -20 Medium 5 High 20 3 Low -20 Medium 5 High Availability of Resources in the company's existing data center 3 Very Low 20 Low 10 Medium -10 High Current value from existing data center operations 7. Cloud Adoption By Competitors 3 Low -20 Medium 0 High 20 3 Low -20 Medium 0 High Pressure to reduce capital expenses 3 Yes 20 No -20 Do not know 5 9. Planning to develop/deploy new ICT technology in the coming months 3 Yes 20 No -20 Maybe 0 These parameters will be reviewed and validated via experimentation and feedback from users and experts. 3.4 Cloud Services Catalogue Overview and Purpose The purpose of this tool is to allow SMEs to find cloud services that could be appropriate for their needs. To this end, the tool creates and maintains a catalogue/directory of cloud solutions/services and of their vendors along with their metadata. Accordingly, it also provides a search facility Date: 6/12/ /47 CloudingSMEs

28 enabling SMEs to search the various solutions on the basis of various criteria. The service specifies a schema with the metadata of the various services. On the basis of this schema, CloudingSMEs will offer tools and services enabling cloud solution providers and vendors to register their solutions, thereby seamlessly expanding the catalogue. In the course of the productive deployment and operation of the tool, emphasis will be paid in the registration of solutions that are offered to certain countries or regions, in order to allow SMEs to access information about localized services (at national or regional levels) Nature The tool acts as a search facility that provides search functionality over a directory/database of metadata about cloud solutions. The metadata kept comprise the following (non-exhaustive attributes): Title of the solution/service. Short description of the solution/service. Extended description of the solution/service. Name of the Vendor/Provider. URL of the Vendor/Provider and/or of the solution/service itself. Information about pricing (options, models, prices). Classification of the solution as IaaS/PaaS/SaaS/Other. Region/Country where the solution/service is offered. Supported Standards. Other characteristics/information (as free text). Other attributes will be specified as well. Based on the above attributes a data format (XML or JSON schema) for describing a specific cloud solution/service is specified. This schema serves as a basis for implementing services enabling: Addition of new solutions/services to the directory. Update of existing solutions/services already residing within the directory. At latter stages, this tool will be supported by a data entry & maintenance application that will be accessible to registered cloud services providers for updating their profile or for registering a live URL via which the tool receives automated updates (XML format discussed above). Date: 6/12/ /47 CloudingSMEs

29 3.4.3 Implementation Status An initial prototype implementation of the Cloud Services Catalogue is available (Figure 8). However, it is not linked to the CloudingSMEs portal and it is not populated with real (production) data of existing/realistic cloud service providers and associated cloud services. Figure 8: Screenshot from the Cloud Services Catalogue Prototype 3.5 Privacy and Data Protection Guide Overview and Purpose The purpose of this tool is to help SMEs understand and identify data protection issues associated with their potential cloud deployment, along with applicable legislation. The tools will provide a checklist of the main privacy and data protection issues that require special attention by SMEs adopting or deploying cloud solutions Guide The checklist will provide information on issues associated with: Data location. Applicable data protection laws and jurisdictions at EU level (e.g., EU Directive 95/46/EC). Applicable data protection laws and jurisdictions at national level. National laws are applicable when (a) An EU-based controller located in its territory processes personal data, (b) A Controller outside EU uses equipment within its territory. Applicable industry regulations (such as the Health Insurance Portability and Accountability Act [HIPAA] in US we need feedback from the Consortium on related EU regulations). Date: 6/12/ /47 CloudingSMEs

30 Specific country laws and their implications for accessing and controlling data. Cross-border transfer of data due to local laws, along with the implications of virtualization which makes it difficult to know where the data is at any particular moment. Co-mingling of data i.e. physically storage of data in a database along with data from other companies. Data or metadata vulnerability to alternative or secondary uses by the cloud service provider (e.g., controls and service level agreements that prevent use of data may be used for marketing purposes). Ownership by the service provider of metadata, which it has created to help manage the SMEs user data Implementation Status The implementation of the tool is in progress. The user is initially prompted to select one or more sections/areas for which the tools shall provide the main areas of attention (see Figure 9) Figure 9: Checklist selection screenshot In this way the tools provide custom Privacy and Data Protection Checklists based on the user s selection and preference. The list of sections/areas will be refined and enhanced to address the possible different needs of various profiles of the CloudingSMEs service users. The following screenshot (Figure 10) displays an example of a checklist generated by the tool for the selection above. The user may print the generated checklist directly from his browser and use it on paper, or save in a file or copy & paste in other documents. Note that this is a tool intended to provide checklists to be used offline aiming to guide practical Date: 6/12/ /47 CloudingSMEs

31 compliance to recommendations, and this is exactly why the feedback is generated in the form of a checklist. Figure 10: Example of checklist generation based on user selection 3.6 Guide to an Effective SLA Overview and Purpose The purpose of this tool is to guide SMEs in understanding and paying attention to the most common articles/terms that comprise a contract between an SME and a cloud computing provider. To this end, it lists a set of SLA issues, with emphasis on the ones most commonly debated between customer (i.e. SME) and provider (i.e. cloud computing provider). Accordingly, it provides a brief yet comprehensive overview of these issues in order to assist SMEs in the negotiation of these terms Nature The tool is being implemented as a tree structure of options/decisions/ questions/issues associated with cloud contracts. SMEs will be able to browse or search the tree in order to access information about key issues comprising an SLA and accordingly in order to obtain information/insights about these issues. In this way the tool will allow SMEs to understand the key clauses that they should expect to see as part of a cloud contract, but also to identify important missing clauses and issues that the SME company should discuss/negotiate with the cloud provider. An indicative set of issues that will be addressed as part of the tree structure of SLA issues follows: Date: 6/12/ /47 CloudingSMEs

32 Illustration of how contract terms are provided: Standard click-through terms, which SMEs are prompted to accept before adopting a service. Standard click-through terms can be either: Negotiable (usually for paid services, since fee make providers more willing to negotiate). Non-Negotiable (usually the case with large mainstream cloud providers. Through off-line cloud contracts that can be scrutinized by SMEs legal departments, legal experts or owners (depending on the size of the SME). Illustrate that cloud contracts (to end-users) could be provided by: Cloud Service Provider/Vendor Cloud Integrators and Solution Providers (including SMEs) Illustration of the SMEs main drivers towards deviating from the standard terms that cloud providers offer, including: Commercial issues (e.g., request for higher/better service levels). Risk reduction and sharing issues (e.g., moving risks to provider on the basis of providers liability). Regulatory issues (i.e. need to comply with rules and regulations). The involvement of insurance companies, which in several cases provide their services given specific terms in the cloud contract. The fact that free of charge or low cost does not necessarily mean free of risk or low risk. Contract clauses on exclusion or limitation of liability and remedies (if negotiable). Explanation will be further provided for liabilities concerning: Data Loss/ Data integrity / Data corruption Provider could accept liability. User can implement its own additional solution (e.g., back-up on SME servers). Outages. Disaster recovery. Intellectual Property Rights. Contract clauses on Service levels, concerning: Resilience and Business Continuity Uptime percentage (%) Availability. QoS including: Number of Users that can be served based on a given response time for each user. Time it takes to restore data from backups. Mechanisms of Transparency. Logging. Date: 6/12/ /47 CloudingSMEs

33 SLA Auditing. Proactive and timely provision of statistics regarding the SLA. Contract Issues relating to security and privacy, notably: Regulatory issues under the European Union Data Protection Directive. National data protection law (especially in Europe). Regulations concerning the financial sector. Location of the data. Processing of the data. Unauthorized access to the data. Export control laws. Support for security standards and related policies (e.g., ISO27001). Notifications about security breaches, data loss etc. Contract issues associated with lock-in and exit, concerning: Terms about exit. Termination rights, including: Keeping data for a certain time after termination and before they are deleted. Deletion of data, duplicates and backups. Provision of evidence of the deletion of data. Return of data on exit. Data portability, including: Availability of data in popular formats that facilitate export/import. Provision of support by the provider. Duration of contract, including: Minimum and Maximum duration. Early termination fees. Fixed term vs. rolling contracts. Termination events, including: Insolvency. Material breach. Breach of Acceptable Use Policies (AUPs). Breach of confidentiality. Breach of security policies. Breach of Intellectual Property Rights (IPRs). Non-payment. Provision of notice before termination. Users/SMEs opportunities to remedy breaches and avoid termination. Service Suspension, including: Non-payment. Breach of Acceptable Use Policies (AUPs). Security Incident. Date: 6/12/ /47 CloudingSMEs

34 Technical maintenance and support (e.g., upgrades, patches etc.). Contract clauses associated with the providers ability to change service features, including: Change of service features unilaterally. Provision of prior notifications to end-users. Right to terminate contract due to changes in service features. Right to reject changes. Minor changes allowed. Service improvements allowed and accepted. Intellectual property rights, including: Most common in SaaS services. Users retain ownership of cloud processed data. Rights to applications that SME users develop or deploy on IaaS/PaaS. Rights to service improvements and bug fixes that are initiated from users. Coverage of costs associated with software/applications licenses in the cloud. Licensing terms and charges (e.g., monthly per-user payments, charges based on number of processor cores in the system used). As part of the tool, some guidelines to ICT SMEs (cloud integrators/solutions providers) could be provided. In particular, ICT SMEs could understand the needs of end-users in terms of contract flexibility and negotiated terms in order to differentiate themselves from large cloud services providers which tend to offer generalized one size fits all commodity services. Indeed, ICT SMEs have opportunities of acting as niche providers and integrators, who will be more willing to tailor services to user needs, based on appropriate contract terms or service features. The SLA tool of the CloudingSMEs toolbox could allow them to understand user concerns and gain flexibility in negotiations Implementation Status The implementation of this tool is work in progress. It will be based on the same checklist infrastructure available as part of the data protection guide. 3.7 Cloud Standards Catalogue Overview and Purpose Standards are essential for safeguarding interoperability and portability, which are two of main concerns that companies have when choosing to outsource their IT infrastructure and services to a provider. The adoption, Date: 6/12/ /47 CloudingSMEs

35 use and implementation of standards can greatly facilitate SMEs in: (a) Seamlessly switching between providers and (b) Integrating applications residing in the company s data centers with other cloud applications (in public and/or private clouds). The cloud standards catalogue aims at helping SMEs finding cloud standards and their role in tackling the above issues. It should be noted that the cloud standards catalogue will be very useful for ICT SMEs as well, since it will enable them to identify and track standards relevant to their developments, products and services Nature This tool will be a searchable list of standards, along with information about the merit and use of each one. Note that the tools will provide the means for editing existing standards and inserting new ones. An indicative (non-exhaustive) list of standardization bodies engaging in the production of cloud standards follows: Open Cloud Consortium (OCC) ( Open Grid Forum (OGF) ( Storage Networking Industry Association (SNIA) ( Object Management Group (OMG) ( Cloud Computing Interoperability Forum ( Cloud Security Alliance ( Distributed Management Task Force (DMTF) ( Implementation Status An initial prototype implementation of the cloud standards catalogue is available (Figure 11). However, at the time of release of this (initial version) of the deliverable it is not linked to the CloudingSMEs portal and not populated with production data. Figure 11: Snapshot of the Cloud Standards Catalogue Date: 6/12/ /47 CloudingSMEs

36 4 PROMIS Platform Tools and Document Library In CloudingSMEs the PROMIS toolbox organizes and tailors different interactive services with the objective to support the structuring and sharing of expertise and knowledge between experts, consultants, lawyers, associations, institutions and all those, whose business and/or mission is to server SMEs in Europe and beyond. 4.1 On-line Support Services In CloudingSMEs a range of on-line support services for SMEs are created by the PROMIS toolbox in order to allow advanced users: a) to conceive different types of questionnaires, b) to structure their knowledge in pyramids, c) to allow experts to generate templates (e.g. ISO family), d) to administer and share the services developed by associations, e) consultants or institutions for their customers and/or members. Two types/categories of services are offered at present after tailoring: 1. To create services: Tool for partners and experts, to structure Cloud knowledge and expertise in Pyramids. Tool for partners and experts to generate online Questionnaires for SME users. Tool to administer self generated services for/with the SME users Tool for the registration of CVs and qualification of consultants and experts being prepared to provide online advice to interested SMEs. Tool to generate templates (e.g. ICT Security & Data Protection - ISO family) 2. To administer services Pyramids with Cloud Experts knowledge made available to interested SME users. Online communication between an expert owner of knowledge (ICT, legal, business, administrative, economic) and SME users interested in such specific knowledge/expertise. Contact qualified experts/consultants that can provide online and/or personal support; Access information on best practice; Translation of content implemented in the tools which will be translated after marking the text. The goal is to: structure knowledge and dedicated services as described in chapter 4 Date: 6/12/ /47 CloudingSMEs

37 work interactively online with Cloud consultants and subject matter experts, build professional communities, to disseminate and implement best practices. The tools available in the toolbox may contain technical guidance, and can be further customised for any Cloud-related sector, opening the way to an enormous economy of scale and to considerable perspectives in many areas of need. 4.2 Questionnaires - Overview and structure A tool for creating questionnaires is available in the toolbox. Within the questionnaire tool an expert can create yes / no questions, free text questions, and ranking questions with various response options which can be sorted by criteria. Files can also be uploaded in response to specific questions. The tool can generate different types of questionnaires: (i) Linear, (ii) Dynamic, (iii) Time limited, (iv) Recurring questionnaires. It can also be used to generate tests for the certification of etraining courses. The tools have already been used towards creating questionnaires for CloudingSMEs, notably questionnaires that are used in the scope of WP2 of the project. A snapshot of one of these questionnaires Figure 12: Snapshot of the CloudingSMEs Questionnaires developed based on the respective tools of the PROMIS toolbox 4.3 Community of Cloud Experts (CV Data Base) The Cloud experts, register in the pre-structured CV become members of CloudingSMEs. As soon as accepted, they can structure knowledge and Date: 6/12/ /47 CloudingSMEs

38 expertise in pyramids for different sectors, themes and domains and questionnaires. The self-assessment questionnaire helps SMEs and consultants to get together and then to communicate online. Only the SMEs can select the experts and when the experts have accepted the invitation, they are connected with each other and can communicate. The workflow process is shown in the following figure: Figure 13: Workflow process for consultants 4.4 Knowledge Pyramids Pyramids are available for consultants, who structure knowledge, as well as for SME`s, who make use and learn from that knowledge. A sample is illustrated in Date: 6/12/ /47 CloudingSMEs

39 Figure 14. In addition to supporting the structure of information and knowledge, the pyramid is more and more accepted as an instrument to register and protect intellectual property. This is due to the fact that each individual, expert, association or institution structuring their knowledge in one or more of the CloudingSMEs pyramids, becomes the owner of a pyramid that can be accessed and updated only by them. The three-sided Pyramid allows structuring Cloud related knowledge and link to external knowledge from institutions and other organisations. Each face of the three- sided pyramid is integrated with the other two. The pyramid is horizontally subdivided in levels. Each face is vertically subdivided in sectors starting from the top. Figure 14: Sample Knowledge Pyramids Date: 6/12/ /47 CloudingSMEs

40 Figure 15: Snapshot of the PROMIS toolbox For example, EuroCloud Germany has created the Star Audit Certification pyramid ( which is structured in: Faces: focus each on one of the following: Foundation, Checklists, Star Audit Certification; Sectors: Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service; Levels: from top down represent: (a) Contract/s, (b) Security, (c) Infrastructure, (d) Operational processes, (e) Interoperability. 4.5 mycommunication This is a tool for focused remote written communication between consultants and their SME clients. The main components are listed in the following table: Inbox: System: Staff: Archive: Recycle Bin: All Messages received from Staff and system Messages that were generated by the system Active threads with other PROMIS Enterprise users Closed threads and system messages are stored here All deleted threads and messages can be found here Table 3: Main Components of the mycommunication Tool The message system, basically, works like a mail system. The user can send messages and communicate with other users of CloudingSMEs and structure messages into categories. Date: 6/12/ /47 CloudingSMEs

41 Figure 16: Snapshot of the mycommunication Module 4.6 mycommunication This tool offers consultants the possibility to register their CVs in the CloudingSMEs qualified community and letting know their competencies to companies or organizations looking for consultancy. They are qualified by an internationally agreed qualification process of recognized competences, at present, being supported by the CEN Workshop Agreement CEN CWA ( The Qualification module offers experts and consultants the possibility of registering in the built-in database and publishing their Curricula Vitae (CVs) and competences to organisations looking for consultancy. If they have not already done so on registration, consultants can add or edit their Curriculum Vitae (CV) at any time. All data entered is optional and it is up to the consultant to decide whether and which parts of the CV can be published via the database. There are in total seven steps to completing the CV module; however the first step of accepting the Terms and Conditions is part of the initial registration process and is inactive (inaccessible) thereafter. The Consultant CV contains detailed information about the consultant's contact details, specialist areas, industry sectors, profile, projects, professional memberships and accreditations, relevant professional activities, employment history, education and language skills. The Consultant CV process is set out in a series of seven steps. Step 1: (Completed at registration PROMIS Information page with conditions and explanations). Step 2: Personal data and general information. Step 3: Professional profile. Step 4: Employment history. Date: 6/12/ /47 CloudingSMEs

42 Step 5: Education and personal attributes. Step 6: Summary. Step 7: Save and Submit for evaluation. To better safeguard Data Protection, CloudingSMEs offers specific buttons in Step 6 where each expert can decide which information can be published and which not. 4.7 Multilingualism Overview In CloudingSMEs Multilingualism is relevant; it is well know that the traditional SMEs are the most difficult to be reached in matters of ICT and Cloud because many of them speak only their mother tongue and do not understand English well. CloudingSMEs aims at addressing the SMEs in their mother tongue and offering, as far as possible, interactive services which allow them to interact, collaborate and work with people in other languages but always speaking their mother tongue. Note however that the PROMIS toolbox is not a machine translation. Rather the PROMIS technology allows to link with existing machine translations. After marking the text which is implemented in the tools described above, the SME user can translate the selected text into another language. In the scope of CloudingSMEs, the integration of the machine translation has been made possible, through the results achieved in the European funded project PROMISLingua 2 ( where two partners of CloudingSMEs have participated playing crucial roles: UEAPME, as partner responsible for dissemination and rollout of the PROMIS platform among European associations and their SME members; PROMIS@Service, as partner responsible for Technical management, Exploitation and Rollout coordination. Multilingualism in CloudingSMEs will be performed and made possible in two ways: (i) via Human Translation and (ii) via Machine Translation Human Translation Human translation is particularly needed for all content where precision is key and very clear understanding of a text is required at a glance. 2 PROMISLingua - PeRformance Operational and Multilingual Interactive Services to support Compliance for SMEs in Europe Date: 6/12/ /47 CloudingSMEs

43 For example: texts in the website, contracts, SLAs, security content, the variables of the tools which will be developed during the course of the project (e.g. TCO, ROI), press releases, brochures, poster and other type of texts which will be needed to perform the dissemination in each country, with the specific aim to attract numerous SMEs in CloudingSMEs. The translation of the a.m. texts has to be done by each partner in their own language since, even if it will be partially be performed with the machine translation, the texts will require human action and control to ensure high quality. The consortium plans to have 5 languages (English, German. Italian, Greek, French) thus attracting the increasing interest of the SMEs towards the CloudingSMEs platform. To this end, an initial technical infrastructure that could enable multi-lingual versions of the tools (based on human translation) has been developed. The approach followed involves the isolation of language dependent texts/prompts in appropriate resource files that could be given to human translators. A proof-ofconcept validation of the approach has been already carried out in the German language and using the Cloud Security Scorecard as a test case. The approach will be extended to the rest languages and tools as part of the subsequent release of the deliverable Machine Translation in CloudingSMEs In CloudingSMEs Machine Translation is made possible for texts which are implemented in the pyramids, questionnaires and communication. Translation in CloudingSMEs can only function if the platform is connected with a specific machine translation (e.g. in PROMISLingua the MT of Linguatec was trained specifically for the Health&Safety domain). Machine translations are normally trained in one or more topics, but in most of the cases the quality is still not perfect. At present it is seldom the case that a machine translation covers the domain of Cloud Computing simply because this is a new field and terminology/corpora are produced incrementally with the development and the maturity of the domain. Using the machine translation, the consortium will have to validate the correctness and quality assures the content translated with MT. The idea to negotiate the use of the MT from the Commission is important because it is the best trained for European matters. An additional reason for linking with the MT of the Commission is to build up a win-win collaboration which means: Date: 6/12/ /47 CloudingSMEs

44 The Commission allows the CloudingSMEs project to use their MT for free; CloudingSME consortium delivers the Cloud terminology/corpora in the different languages supporting the training of the MT of the Commission; The European SMEs will take advantage of the input (corpora/ terminology) in training the MT of the Commission through high quality translation and content. To this end, UEAPME as coordinator in the name of the consortium, EuroCloud, as well as signed a letter of committment that all terminology coming into CloudingSMEs will be given to the Commission to train their machine translation. This is in full interest of the CloudingSMEs project, the consortium and the SMEs, since quality is here of crucial importance Implementation Status The PROMIS toolbox exists as described above. Tailoring and integration work will be done, according to the CloudingSMEs Description-of-Work (DoW). 4.8 Document Library In addition to the tools of the PROMIS platform, the toolbox is complemented by a document library (accessible via the CloudingSMEs portal), where several documents will be placed in order to serve as reference sources for SMEs wishing to access more detailed information or documentation. As a first step the library is structured around the main areas of support for CloudingSMEs (i.e. contractual issues and SLAs, privacy and data protection issues, cost/financial issues, as well as cloud security issues). Date: 6/12/ /47 CloudingSMEs

45 5 Conclusions As a support action the CloudingSMEs project is committed to supporting SMEs in their cloud-related decision. To this end, the project is developing and promoting a support infrastructure, which will provide SMEs with insights on thorny issues associated with cloud adoption (targeted to end-user SMEs), as well as information of interest to SMEs developing and rolling out novel cloud products and services. The CloudingSMEs toolbox is an essential element of this support infrastructure. Instead of constraining the toolbox to a set of documents, the partners have opted for providing a range of more interactive web based tools, which will be integrated within the CloudingSMEs website. This deliverable has reported on the first version (release) of the CloudingSMEs toolbox, which includes several tools that address different issues/aspects of cloud deployment. The tools include: (a) The Cloud Security Scorecard tool, which should allow SMEs to audit/score the level of security offered by their cloud providers, (b) The Privacy and Data Protection Guide tool, which provides information to SMEs about data protection issues in the cloud, including pointers to applicable legislation, (c) The Guide to an effective SLA tool, which should support SMEs in effectively understanding and negotiating their SLAs with cloud providers, (d) The TCO Calculator tool, which facilitates SMEs in calculating the TCO (Total Cost of Ownership) of their cloud solutions, but also in comparing this TCO with a data center solutions, (e) The Strategic Considerations Scorecard, which provides the means to assess whether the SMEs should adopt a cloud solution or not, (f) The Cloud Solutions Catalogue tool, which is a searchable catalogue of cloud solutions, including the purpose/functionality of its solution, the target groups, the target industry, as well as the region(s)/countries where these services are offered and (g) The Cloud Standards Catalogue tool, which is a searchable catalogue of cloud standards and their purpose/usefulness for SMEs. An initial prototype of all these tools has been also provided or is in progress. Furthermore, some of the tools are already accessible via the CloudingSMEs portal. In addition to presenting the above-listed tools, the deliverable has also illustrated several capabilities of the PROMIS platform, which will be exploited towards providing additional support tools to SMEs, as part of the project s toolbox. These include several tools for providing training and consulting services. Furthermore, the CloudingSMEs toolbox will include a library of documents which will be selected by the consortium partners and made available to the CloudingSMEs community. Date: 6/12/ /47 CloudingSMEs

46 Our future plans for improving the toolbox will be centered to fine-tuning the tools based on feedback and recommendation received by SMEs. Moreover, the project will endeavor to attempt the customization of the tools towards certain SMEs profiles, which will be based on reception and analysis of profile data from the registered SMEs to the CloudingSMEs portal and community. Date: 6/12/ /47 CloudingSMEs

47 References [CSCC12] Cloud Standards Customer Council (2012), Practical Guide to Cloud Service Level Agreements, available at: [Hon12] W. Kuan Hon, Christopher Millard and Ian Walden, Negotiating Cloud Contracts- Looking at Clouds from Both Sides Now, STANFORD TECHNOLOGY LAW REVIEW, VOLUME 16, NUMBER 1 FALL [Rackspace13] Rackspace, cloud cost calculator, [Wood09] T. Wood, A. Gerber, K. Ramakrishnan, J. Van der Merwe, and P. Shenoy. The case for enterprise ready virtual private clouds. In Proceedings of the Usenix Workshop on Hot Topicsin Cloud Computing (HotCloud), San Diego, CA, June Date: 6/12/ /47 CloudingSMEs