ETSI SR 003 381 V2.1.1 (2016-02)

SPECIAL REPORT
Cloud Standards Coordination Phase 2;
Identification of Cloud user needs

2 ETSI SR 003 381 V2.1.1 (2016-02)

Reference
DSR/NTECH-00030
Keywords
cloud, requirements, user
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2016.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 ETSI SR 003 381 V2.1.1 (2016-02)
Contents
Intellectual Property Rights . 6
Foreword . 6
Modal verbs terminology . 6
Introduction . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 7
3 Abbreviations . 8
4 The rationale for the survey . 9
4.1 Survey goals and objectives . 9
4.2 Content of the report. 9
5 Survey presentation . 10
5.1 Survey goal and structure . 10
5.2 Survey methodology & main target areas . 10
5.3 Survey distribution . 10
5.4 Survey achievements and limitations . 11
5.5 Other lessons learned . 11
6 Survey analysis . 11
6.1 Significant findings . 11
6.2 Trends and patterns . 12
6.3 Detailed findings . 13
6.3.1 Adoption of Cloud Computing . 13
6.3.2 Interoperability . 14
6.3.3 Security - Privacy and Integrity . 15
6.3.4 Standards . 17
6.3.5 Certification . 18
6.4 Impact on other Cloud Standards Coordination Phase 2 reports . 20
6.5 Relationship to other activities . 21
7 Conclusions and recommendations . 22
8 Areas for further study . 23
Annex A: Survey Responses and Charts . 25
A.1 Presentation of results . 25
A.2 Background information. 26
A.3 General purpose information . 26
A.4 Moving to Cloud Computing: expected benefits and challenges to face . 28
A.5 Adoption of Cloud Computing in your organization . 32
A.6 Cloud Computing adoption: preparing your organization . 34
A.7 Cloud Computing: Deployment models and Service categories . 39
A.8 Emerging Cloud Service Categories . 42
A.9 Cloud Computing and Standards . 44
A.10 Cloud Computing Standards: a detailed view . 46
A.11 Cloud Computing Certification Standards . 51
ETSI
4 ETSI SR 003 381 V2.1.1 (2016-02)
A.12 Information on the person replying to the survey . 56
Annex B: List of the survey distribution channels . 58
Annex C: Full text of the survey . 61
Annex D: Change History . 76
History . 77

ETSI
5 ETSI SR 003 381 V2.1.1 (2016-02)
List of figures
Figure 1: Expectations on potential Cloud Computing benefits (Question 7) .13
Figure 2: Maturity of Cloud Computing: critical issues (Question 11) .15
Figure 3: Maturity of your organization: critical challenges (Question 9) .15
Figure 4: Cloud Computing Standards impact on organization concerns (Question 34) .17
Figure 5: To which degree are Cloud Computing Standards considered or used (Question 35) .18
Figure 6: Adoption and use of CC standards: Data protection (Question 40) .18
Figure 7: Is Cloud Certification a possibility to improve confidence in Cloud (Question 47) .19
Figure 8: Ranking Cloud Certification areas according to their importance (Question 48) .19
Figure 9: Awareness of CCSL, the Cloud Certification Schemes List (Question 51) .20
Figure 10: Awareness of some Cloud Certification Schemes listed in CCSL (Question 52) .20
Figure 11: A summary of Cloud Users concerns .22
Figure 12: Use of Cloud Computing in enterprises in Europe (source: Eurostat) .23

ETSI
6 ETSI SR 003 381 V2.1.1 (2016-02)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Special Report (SR) has been produced by ETSI Technical Committee Network Technologies (NTECH).
The present document is approved by the NTECH Technical Committee and for publication on the Cloud Standards
Coordination website (http://csc.etsi.org).
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
Cloud Computing is increasingly used as the platform for ICT infrastructure provisioning, application/systems
development and end user support of a wide range of core services and applications for businesses and organizations.
Cloud Computing is drastically changing the way ICT is delivered and used. However, many challenges remain to be
tackled. Concerns such as security, vendor lock-in, interoperability and accessibility, service level agreements more
oriented towards users are examples of issues that need to be addressed. The survey discussed in the present report aims
at collecting information on the respondents' awareness of those concerns.
Standards and certification programs play an important role in terms of increasing the market confidence in Cloud
Computing. The promotion of Cloud Computing standards and certification schemes that address current concerns is
necessary in order to ensure that both customers/users as well as providers will regard Cloud Computing with the same
level of reliability, trust and maturity as traditional ICT.
In February 2015, the Cloud Standards Coordination Phase 2 (CSC-2) was launched by ETSI to address issues left open
after the initial Cloud Standards Coordination work was completed at the end of 2013. Cloud Standards Coordination
Phase 2 is investigating some specific aspects of the Cloud Computing standardization landscape, in particular from the
point of view of the Cloud Computing users (e.g. SMEs, Administrations). It will also generate a new snapshot
regarding the state of standards and investigate the interaction and relation between standardization and open source
based software and solutions.
The present document presents the results of the web survey conducted in April - September 2015.

ETSI
7 ETSI SR 003 381 V2.1.1 (2016-02)
1 Scope
The present document presents the results of the web survey conducted in April - September 2015.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
Not applicable.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] Recommendation ITU-T Y.3500: "Information technology - Cloud computing - Overview and
vocabulary".
NOTE: Same as [i.5].
[i.2] Gartner, G00271282: "Budgeting for the SaaS Security Gap", January 28, 2015.
[i.3] Skyhigh: "Cloud Adoption & Risk Report", Q1 2015.
[i.4] Statistical Classification of Economic Activities in the European Community, Rev. 2 (2008).
NOTE: See:
http://ec.europa.eu/eurostat/ramon/nomenclatures/index.cfm?TargetUrl=LST_NOM_DTL&StrNom=NA
CE_REV2.
[i.5] ISO/IEC 17788: "Information technology -- Cloud computing -- Overview and vocabulary".
[i.6] ISO/IEC 17789: "Information technology -- Cloud computing -- Reference architecture".
[i.7] Recommendation ITU-T Y.3502: "Information technology - Cloud computing - Reference
architecture".
NOTE: Same as [i.6].
[i.8] ISO/IEC 27001: "Information technology-- Security techniques -- Information security
management systems - Requirements".
[i.9] ISO/IEC 19086-1:"Information technology -- Cloud computing -- Service level agreement (SLA)
framework and technology Part 1: Overview and concepts".
ETSI
8 ETSI SR 003 381 V2.1.1 (2016-02)
[i.10] ISO/IEC 19941: "Cloud Computing Interoperability & Portability".
[i.11] ISO/IEC 27018: "Information technology -- Security techniques -- Code of practice for protection
of personally identifiable information (PII) in public clouds acting as PII processors".
[i.12] ETSI SR 003 382: "Cloud Computing Standards and Open Source".
[i.13] ETSI SR 003 391: "Interoperability and Security in Cloud Computing".
[i.14] ETSI SR 003 392: "Cloud Computing Standards Maturity Assessment".
3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AICPA American Institute of Certified Public Accountants
API Application Programming Interface
CaaS Communications as a Service
CAPEX CAPital EXpenditures
CC Cloud Computing
CCSL Cloud Certification Schemes List
CEF Connecting Europe Facility
CompaaS Compute as a Service
CRM Customer Relationship Management
CSA Cloud Security Alliance
CSC Cloud Service Customer
CSC-1 Cloud Standards Coordination Phase 1
CSC-2 Cloud Standards Coordination Phase 2
DsaaS Data Storage as a Service
DSI Digital Service Infrastructure
EGI European Grid Infrastructure
ENISA European Union Agency for Network and Information Security
ERP Enterprise Resource Planning
HR Human Resources
IaaS Infrastructure as a Service
IAM Identity and Access Management
ICT Information and Communications Technology
IEC International Electrotechnical Commission
ISO International Organization for Standardization
ITIL Information Technology Infrastructure Library
ITU International Telecommunication Union
ITU-T ITU Telecommunication Standardization Sector
NaaS Network as a Service
NIST National Institute of Science and Technology
OASIS Organization for the Advancement of Structured Information Standards
OCCI Open Cloud Computing Interface
OCF Open Certification Framework
OGF Open Grid Forum
PaaS Platform as a Service
PII Personally Identifiable Information
SaaS Software as a Service
SDO Standards Development Organization
SIG Special Interest Group
SLA Service Level Agreement
SME Small or Medium Enterprise
SOA Service Oriented Architecture
SSO Standards Setting Organization
STF Specialist Task Force (an ETSI structure for internal projects)
WP Work Package
ETSI
9 ETSI SR 003 381 V2.1.1 (2016-02)
4 The rationale for the survey
4.1 Survey goals and objectives
The Cloud Standards Coordination project (CSC)
Cloud Standards Coordination Phase 1 (CSC-1) took place in 2013 as a community effort supported by ETSI and
primarily addressed the Cloud Computing standards roadmap. In December 2013 the results were publicly presented in
a workshop organized by the European Commission (EC), the CSC-1 Final Report being available at:
http://ec.europa.eu/digital-agenda/en/news/cloud-standards-coordination-final-report
The report provided a maturity assessment "snapshot" on the Cloud Computing standardization landscape at the end of
2013. Important gaps in the Cloud Computing standards landscape were identified such as in the domains of
interoperability, security, privacy, service level agreement and regulation, legal and governance aspects.
Cloud Standards Coordination Phase 2
Given the dynamics of the Cloud Computing market and standardization, Cloud Standards Coordination Phase 2
(CSC-2) was launched in February 2015 with the objective of producing an updated version of the "snapshot" of the
Cloud Computing standardization landscape.
The main involved stakeholders for the preparation of the CSC-1 snapshot were from the Cloud Computing industry, in
particular Cloud Computing providers. On the other hand, CSC-2 aims to better take into account the needs of Cloud
Computing customers on their Cloud related requirements and priorities. This has helped CSC-2 to further assess the
maturity of Cloud Computing standards and evaluate how standards can support the Cloud Computing customers'
priorities.
Cloud Standards Coordination Phase 2 survey
To support these objectives, CSC-2 has created a survey for collecting feedback from the Cloud Computing community
in terms of needs, benefits, challenges and areas of concerns regarding the adoption of Cloud Computing. The outcome
of the survey will be the primary material for evaluating the perceived maturity of Cloud Computing standards. The
results will also help to understand the interest and requirements of Cloud Computing stakeholders regarding
certification.The survey is therefore targeting current and future Cloud Customers in the private and public sectors,
SMEs as well as large organizations in all vertical sectors. Other stakeholders from the entire Cloud Computing
eco-system (e.g. Cloud Computing providers) were also invited to answer.
4.2 Content of the report
Clause 5 of the present document presents the content of the survey, the methodology used for its preparation and
distribution, information about the collected feedback as well as lessons learnt through the execution of the survey.
Clause 6 provides details resulting from the analysis of the collected survey feedback allowing to understand the needs
of the Cloud Computing community on a more granular scale and to derive main trends and patterns as a result.
Clause 7 highlights conclusions and recommendations from the survey. This includes an identification of the cloud
stakeholders' highest priorities leading to possible refinements of the CSC Phase 1 report conclusions.
Clause 8 suggests some areas for further work.
Annex A contains a detailed presentation of the survey results, including charts and tables.
Annex B lists the channels through which the survey has been distributed.
Annex C shows the survey as it has been proposed on the CSC web site (at http://csc.etsi.org).
ETSI
10 ETSI SR 003 381 V2.1.1 (2016-02)
5 Survey presentation
5.1 Survey goal and structure
To create the basis for the analysis, a survey has been designed and conducted from April to September 2015. Even
though the survey is targeting a specific set of users (SMEs, etc.), it is also using the input from larger actors. The
survey has also been distributed to as many industry sectors as possible, in order to identify any industry specific
aspects and concerns that might exist.
The survey comprises 59 questions grouped in 14 pages stretching from general questions regarding the respondent's
company and Cloud Computing experience, through increasingly specialized questions regarding Cloud Computing
standards, to a final block of questions regarding certification. Taking the entire survey would approximately require
20-30 minutes. Apart from a number of core questions for most questions answers were not mandatory. The individual
answers are treated confidentially and only aggregated results will be published.
th
Per September 25 2015, at the closure of the web survey, 376 respondents have completed it.
5.2 Survey methodology & main target areas
The survey collects responses to questions such as:
• What are the typical use cases that users want to implement in the short to medium term?
• What are their expectations and perceived concerns that limits the adoption of Cloud Computing?
• What are the assets and possible investments made in Cloud Computing?
• How are they going to deal with existing investments (legacy)?
• Which role are they expecting to play in the Cloud Computing value chain?
• To which extent individual Cloud Computing standards are known and have already been used?
• What support from standards are they expecting?
• What is the significance of certification schemes and what is the intended use?
5.3 Survey distribution
The main target group for the survey is end users in SMEs in the private sector, but any potential and existing cloud
customer is welcome to complete the survey.
th
The survey was launched on March 30 , 2015. A distribution letter has been made available to all organizations that
were willing and able to use it for promoting the survey. Over 120 different channels have been contacted to relay the
survey and have distributed the survey URL.
A wide range of different distribution channels have been used like:
• European Commission DGs web sites and distribution list (emails, Twitter, etc.).
• Standards Setting Organizations, global, regional or national.
• ETSI membership (750 organizations from various industry sectors).
• Industry Associations (e.g. Eurocloud).
• Public Administrations (across Europe, but predominantly in countries where the experts of the CSC reside). ®
• LinkedIn groups.
• Open Source projects.
• European projects (e.g. CloudWatch, Cloud4Europe, CloudingSME).
ETSI
11 ETSI SR 003 381 V2.1.1 (2016-02)
• Cloudscape.
• European Grid Infrastructure (EGI).
To ensure the largest possible number of answers, the survey has been left open as long as possible, i.e. up to
th
September 25 , the last day of the public commenting phase for the four CSC-2 reports.
A list of contacted individuals and organizations is presented in Annex B.
5.4 Survey achievements and limitations
As pointed out earlier in the present document, the number of responses (376 per 25/09/2015) is deemed sufficient
enough in order to identify high-level trends and patterns. The results are also assessed as sufficient in order to do
high-level comparisons between CSC -1 and CSC-2. In this respect, it can be argued that the output resulting from the
Work Package 1 of STF 486 (the web survey and related activities) is considered successful. As presented in the below
sections, responses in many parts of the survey are encouraging in terms of awareness of the importance of standards
and certification schemes among many of the survey respondents.
However, the present survey is based on the voluntary contribution of a sample of respondents on which the promoters
of the survey had little capacity to anticipate and no control. Only best effort attempts have been made to collect the
largest number of answers possible, with the largest possible span of organization sizes, countries, sectors, etc.
Therefore, the number of responses may not be significant enough to allow in-depth and conclusive analysis at a
detailed level for all of the questions of the survey. Any reader of the present document should therefore be cautious
about making any decisive conclusion based on the materials of this report.
Another aspect when assessing the results of the survey that needs to be acknowledged is that the benefits, concerns and
challenges chosen by the respondents might vary based on the organization (in terms of size), on the sector (private or
public) in which it operates, etc. It is important to keep in mind that some of the issues presented as major in a certain
user category might very well be seen as insignificant or even non-existent in another: this may be addressed in some
significant cases (see clause 8).
5.5 Other lessons learned
Designing a survey is a complex task. The main objective has been to cover a number of different topics in order to
encompass the target areas identified as relevant for the query, while attempting to keep the survey's length and
complexity at a minimum. Keeping the questions relevant and unambiguous has been another important task.
Depending on the role of the respondent in the Cloud Computing eco-system, the questions might in some circumstance
be interpreted differently. To overcome the identified challenges, two important elements have been helpful. The most
important element to mitigate the issues identified was the feedback from reviewers of the draft survey text. Another
positive element was the existence and use of clear definitions of the roles in Cloud Computing: a significant maturation
from the CSC-1 to CSC-2 was recognized in this respect. Where applicable in the survey, the vocabulary provided in
the standard "ISO/IEC 17788 [i.5] and Recommendation ITU-T Y.3500 [i.1] has been used.
6 Survey analysis
6.1 Significant findings
General-purpose information regarding respondents' organizations: Respondents are nearly equally representing
SME organizations (up to 249 employees) and large organizations (more than 249 employees). The ICT sector is
dominating (43 %) followed by Academia and Public Administrations. Some industry sectors are not represented at all.
Benefits and challenges: "Reduction of CAPEX", "improved business agility" and "faster time to market" are seen as
the major positive factors for adopting Cloud Computing while compatibility with in-house systems, security,
privacy/integrity, are viewed as the most critical challenges with SLA, performance and efficiency, resiliency, vendor or
data lock-in and interoperability across vendor solutions ranked among the highest concerns. It can be noted that the
lack of Open Source solutions is not seen as a major Cloud Computing challenge (see ETSI SR 003 382 [i.12] for
further information on Cloud Computing standards and Open Source solutions).
ETSI
12 ETSI SR 003 381 V2.1.1 (2016-02)
Adoption and scope: A majority of the respondents (58 % - 2015-06-04)) have already started to adopt Cloud
Computing probably reflecting the fact that the respondents are mainly from the ICT sector. It should also be noted that
none (0 %) of the respondents stated that they are NOT planning to adopt Cloud Computing. The main usage area for
Cloud Computing is IaaS as the most prominent starting point. 40 % of the respondents are playing the role of the
Cloud Service Customer in their respective organizations. Regarding the level of resources and support to Cloud
Computing, nearly half of respondents claim that they are receiving an adequate support from their ICT team and a third
of them have a dedicated cloud support team.
Cloud Computing adoption: preparing your organization: To make the transition to the Cloud in a secure and
reliable way some aspects need to be considered and some conditions have to be met; the organization making the leap
to the Cloud need to be prepared. Nearly half of respondents claim that efforts related to data categorization (43 %) and
data classification (35 %) are on-going in their organizations. Data security awareness and level control is seen as a
highly important aspect that needs to be tackled by a majority of the respondents. Regarding software licenses, 37 % of
the respondents indicate that negotiations are on-going with the software vendors providing Cloud Computing software
& services while 21 % of them mention that no action is deemed necessary (further analysis is needed on this point; it is
not entirely clear if answers in this category indicate that actions are not needed or if necessary measures have already
been taken).
Cloud Deployment Models and Cloud Service Categories: Private Cloud deployment models clearly dominate
followed by Hybrid Cloud and Public Cloud deployments. Concerning Cloud Service Categories, high-availability is
seen as the top usage area for IaaS while software development is also seen as the top capability for PaaS. Concerning
SaaS, the general data storage type of application is ranked high while specialized applications supporting for example
supply chain services, HR, ERP or CRM are less frequently mentioned. Notably, 54 % of the respondents indicate an
interest in emerging Cloud Service Categories such as CaaS, NaaS, DsaaS and CompaaS.
Cloud computing and standards: Security, privacy and integrity, performance and portability across vendor solutions
are ranked high regarding the impact that standards have on the concerns of organizations. In terms of how standards
are considered in the organizations of the respondents, 38 % indicate that standards are used while 27 % that they are
considered. This shows a promising insight into the value and importance of standards.
In line with the responses regarding impact of standards, interoperability, security, service level agreements, portability
and APIs are mentioned as top priorities. The feedback also indicates that recently published standards are now
becoming known by a small number of respondents. Examples of standards used or considered are ISO/IEC 17788 [i.5]
- Recommendation ITU-T Y.3500 [i.1] - ISO/IEC 17789 [i.6] and Recommendation ITU-T Y.3502 [i.7]. However, the
number of answers is too insignificant to claim that the Cloud Computing specific standards are now part of the Cloud
strategy for most organizations.
Cloud computing certifications: Almost 75 % of the respondents see certification schemes as a positive way of
increasing confidence in Cloud Service Providers. Amongst the cross-cutting aspects, the two (security, privacy and
integrity) seen as both most critical for the maturity of cloud computing [Q11] and as aspects where standards are
expected to have highest impact [Q34], certifications for these aspects are actually ranked as close to the least important
[Q48]. The most important issues for certification are: data storage location (one aspect of privacy), cloud datacentre
infrastructure, cloud provisioning process and interoperability/reversibility. A more detailed analysis is found in
clause A.11 of the present document. A majority of the respondents are unaware of the Cloud Certification Schemes
List (CCSL) defined by ENISA while in this list, the well-known ISO/IEC 27001 [i.8] comes first as a scheme for
Cloud certification. A majority of the Cloud Service Customers indicate that they plan to include one of these
certification schemes in their Cloud Computing procuring processes. A majority of Cloud Service Providers also plans
to certify their Cloud Service offerings.
6.2 Trends and patterns
Based on the responses received, it is possible to make some tentative and high-level analysis. From this analysis, some
patterns emerge that will have to be clarified and confirmed by a final analysis made at the conclusion of the survey.
The trends that are assessed as the most significant are presented below.
Security, Integrity and Data Privacy: These topics are seen as major concerns for cloud maturity and for standards
impact, although not for certification. This is not a new finding, but the fact that it is still very much present is a clear
indication on the perceived challenge ahead for security standards and Cloud certification in particular.
Interoperability and Portability: These areas are ranked high. Concern in this area is most likely linked to the issue of
vendor lock-in, the unclear capabilities of individual cloud service offerings ability to move data from one service to
another and the lack of portability standards for cross-Cloud scenarios in general.
ETSI
13 ETSI SR 003 381 V2.1.1 (2016-02)
Moving to the Cloud: There is a high perception from the respondents that the transition to Cloud Computing should
be carefully planned and organized, in particular in areas pertinent to data (classification, storage, etc.), processes and
security.
Standards: In general, the role of standards is seen as important and there is a growing level of awareness, even in
terms of knowledge of the existing set of standards. It is to be noted that, in this perspective, the benefit from standards
related to Cloud Computing is seen as more critical than Open Source: this finding is however subject to further
analysis. This topic is further explored in ETSI SR 003 382 [i.12].
Certification: A very large majority (over 80 %) of the respondents confirm the role of certification as a very useful
way to improve confidence in Cloud Computing. However the selection of Cloud Certification schemes is complex: the
Cloud Certification Scheme List (CCSL) is an attempt to make a selection of such schemes but the survey shows that
only 31 % of respondents are aware of this list. This is clearly showing a need for increasing the awareness of the Cloud
Computing community on CCSL and all the means to have access to a pre-analysed and recommended list of
certification schemes.
6.3 Detailed findings
6.3.1 Adoption of Cloud Computing
The web survey clearly indicates which Cloud Computing Service Categories (SaaS, PaaS, IaaS, etc.) and Cloud
Computing Deployment Models (Public, Community, Private or Hybrid) are most common in terms of usage; IaaS and
provisioning infrastructure as well as general data storage constitute the most popular Service Categories and usage
areas where the Private Cloud Deployment Models come out first as the Deployment Model. The adoption of Cloud
Computing and Cloud Computing based services continues to grow across Europe.
Studies also show that the use of Cloud Computing services is steadily growing worldwide. In a recent study published
by Skyhigh "Cloud Adoption & Risk Report" [i.3], the use of Cloud services continues to increase quite significantly.
However, our analysis will point out later that this adoption is not uniform.
Based on how the result of questions related to the adoption and use of Cloud Computing is interpreted, the answers
received might show some discrepancies. Consider figure 1:

Figure 1: Expectations on potential Cloud Computing benefits (Question 7)
Figure 1 shows a significant interest in using Cloud Computing to improve business agility and to obtain a faster
time-to-market for product & services provided. However, when looking at the actual, current usage of Cloud
Computing, the full potential of Cloud Computing is still largely unexplored, based on the answers collected through
the web survey.
ETSI
14 ETSI SR 003 381 V2.1.1 (2016-02)
Some particular observations are made below.
Supporting the organization
As mentioned above, using the cloud to add ICT resources is the current main usage areas. Somewhat surprising is the
relatively high number of responses that show Cloud Computing as the platform for supporting Business Processes.
Cloud transformation
Among many respondents, there is a significant insight into the need of understanding how data control, classification
and taxonomy impact and potentially restrict the move to the Cloud. Security is seen as a major blocker in the migration
to the Cloud where data security, integrity and privacy are particular issue areas. Business process alignment and
identification is another cloud transformation area that receives attention. In order to make the transition to the Cloud
based on the best possible business case, the organization's core and supporting business processes need to be
understood before the rationale for Cloud Computing simply will "make sense". Well-controlled and fully aligned
processes make the cloud transition easier and will allow the organization to move to the Cloud on the basis of
prioritized transition plans. In order to provision and/or use Cloud Computing based services, the preferred architecture
is based on SOA (or similar service oriented architecture principles) as 74 % of the respondents have started, are in the
progress or have finished the procedure based on that principle. SOA is seen as an important cornerstone in many
organizations' enterprise architecture strategy and potentially also an element of the Cloud transition program for many
organizations.
Software Licenses
Many organizations are negotiating the terms with independent software vendors regarding using/running software in
the Cloud. The responses received suggest that many organizations are either involved in or have completed
negotiations pertinent to the new terms related to Cloud usage of software/applications/services. Many organizations are
also working on "Ensuring Software Suitability", which entails the activities mentioned above but also to making
necessary adjustments to - for example - the enterprise architecture, existing vendor contracts and SLAs, and - again -
addressing the concerns and any outstanding work related to data, security, integrity and interoperability between
internal, external, on-site and cloud based systems and applications.
"Going all in" with Cloud Computing, tapping into the full benefits of the Public Cloud, e.g. lower cost and a flexible
use of Cloud services for instance, will require that the outstanding concerns are fully addressed.
The replies received on the adoption and use of Cloud Computing clearly indicate that Cloud Computing in general
remains an "untapped resource". However, the assessment is that the early adopters and those already using Cloud
Computing are working towards expanding the use once initial work and necessary remaining efforts are completed.
6.3.2 Interoperability
One of the recurring concerns raised by the web survey respondents concerns "interoperability", or - rather - the lack
thereof. For further details on interoperability, see ETSI SR 003 391 [i.13].
Answers to the following questions indicate or support the claim that Interoperability is one of the top concerns among
the respondents.
Some highlighted aspects of interoperability include:
• Interoperability is a key success factor to ensure "Increased business agility". Unless a high level of
interoperability in solutions internal to the organization as well as interoperability with external stakeholders
(collaborators, customers, suppliers, subsidiaries, etc.) is secured, it will be difficult to obtain a high level of
business agility.
• Interoperability is also seen as main concern among many of the respondents, both in terms of a general issue
for the organization of the respondent and in terms of lack of support for interoperability standards.
ETSI
15 ETSI SR 003 381 V2.1.1 (2016-02)

Figure 2: Maturity of Cloud Computing: critical issues (Question 11)
Interoperability (and Portability) across vendor solutions is also seen as a major concern for many organizations,
illustrated in figure 2.
The web survey strongly suggests that SDOs providing interoperability standards for Cloud Computing should
accelerate their efforts. The ongoing work in ISO/IEC on providing guidance for this domain (ISO/IEC 19041 [i.10]:
"Cloud Computing Interoperability & Portability concepts") is an example of an activity that is likely to provide
valuable information in this respect.
6.3.3 Security - Privacy and Integrity
"Security" and "Privacy and integrity" are recurring concerns in the web survey. These areas rank high both in terms of
aspects seen as important for the respondent and its organization and also when it comes to related standards that are
seen as most critical for Cloud Computing. In several questions, security or a particular type of security ("d
...