Original source publication: Branco Jr., T., I. Bianchi and F. de Sá-Soares (2019). Cloud Computing Adoption in the Government Sector in Brazil: An Exploratory Study with Recommendations from IT Managers. Proceedings of the GPC2019—The 14th International Conference on Green, Pervasive and Cloud Computing. Uberlândia (Brazil).
The final publication is available here.
Cloud Computing Adoption in the Government Sector in Brazil: An Exploratory Study with Recommendations from IT Managers
a Centro ALGORITMI, University of Minho, Portugal
b Federal University of Santa Catarina, Brazil
Abstract
Cloud Computing constitutes an alternative for organizations that want to optimize the use of computing resources and rationalize costs with IT infrastructure. However, the adoption and implementation in the government sector pose several challenges, regarding IT control, data protection in the Internet, efficient use of computing resources and cost rationalization. Within the government sector, the lack of knowledge about issues involving adoption and migration to cloud computing may negatively impact IT. This study aims to identify the factors influencing the adoption of cloud computing in the government sector in Brazil. We carried out the study interviewing IT professionals that successfully migrated to the cloud with three organizations, two large and public universities and one data processing agency. Using the approach Value-Focused Thinking, we analyzed the data collected from the interviews. Our Findings revealed a set of twenty-one recommendations to take into account when implementing cloud computing in the government sector, such as using a pilot project, training, and consulting, among others. These recommendations are useful to guide the IT decision makers in the process of cloud computing adoption and implementation as an efficient and reliable approach in the government sector.
Keywords: Cloud Computing; Government Sector; Recommendations for Adoption; Interviews
1. Introduction
Cloud Computing (CC) has been a major technological trend in recent years, drawing the attention of both IT professionals and researchers. Although many publications concentrate on the technical aspects of CC, the focus on organizational aspects is increasingly frequent given the interest of organizations in adopting this technology [Branco et al. 2017]. The literature includes works on the process and life cycle that enable the creation of a favorable setting within organizations to implement CC solutions [Branco et al. 2017].
Cloud computing may be valuable to private and public organizations [Mallmann and Maçada 2018]. However, Mallmann and Maçada [Mallmann and Maçada 2018] argue that there are relatively few studies investigating CC adoption in the context of public sectors compared to a large number of studies in the private sector. In particular, in a developing country such as Brazil, in the government sector, the number of studies is limited.
Most studies attempt to identify technological issues in CC [Senyo et al. 2018]. On the other hand, few studies are investigating the organizational aspects of cloud computing and concerns about recommendations. Regarding the government sector, usually, the studies did not have the concern to discuss the issues related to having successful implementation. The review of those works led us to compile a list of recommendations that may prove useful to IT managers when they consider the organizational requirements needed to adopt CC in a secure and efficient manner.
Motivated by the context above, the purpose of this study is to investigate the factors and to identify a set of recommendations for the successful adoption of CC in the government sector in Brazil.
2. Cloud Computing in Public Govern Area (G-Cloud)
G-Cloud (Government Cloud) in the public service domain is a pay-per-use model that allows public agencies and citizens access to a network. This network provides configurable and reliable computing resources that are provisioned and released with minimal management effort for the consumer. The government can use the power of the G-Cloud to provide essential public services. In the future, online public service providers can use all G-Cloud models to provide services that are more complex. G-Cloud can be considered a new paradigm shift for online public services [Bhisikar 2011].
Nowadays, cloud computing in the Government area can solve problems in e-Government (e-Gov) and further optimize the capacity of governance. Additionally, in the cloud, it is possible to specify metrics and compile statistics for cost savings and better planning, such as datacenter usage, peak loads, power consumption, and time. Cloud databases offer an unprecedented scale without compromising performance. This capability should be considered if the target system demands high-level, on-demand scalability, that is, large scale scalability[Tripathi and Parihar 2011].
The adoption of cloud computing in the government (G-Cloud) promotes the improvement of public services for the citizens and the transparency of government processes. Cloud architectures help the implementation of e-governance by enabling government policies directed for the citizens. Several services can be offered by enabling government policies that are directed towards the citizens, for instance: Government for Government (G2G), Government for Business (G2E), and Government for Consumer (G2C) [Bhisikar 2011].
2.1 Cloud Computing Deployment
Hybrid clouds involve the composition of two or more types of clouds (private, community, or public). In the private cloud deployment model, the cloud infrastructure only focuses on the internal workings of the organization [Goyal 2014]. The goal of a private cloud is to use the services within the organization, taking advantage of the cloud´s technological advantages. Usually, the private cloud offers a higher degree of security than public clouds, since the data is under the control of the organization. The private cloud has the vantage over the public cloud in terms of security and privacy. A private cloud also has the potential to give the organization greater control over infrastructure and computing resources [Branco et al. 2017]. For instance, if there is inefficiency of computing resources capacity in the organization’s own data center, a private cloud can provide cost savings. These non-utilized capabilities can be managed through a self-service interface, automated management of computing resources, and can even allow the commercialization of idle capabilities to other partner companies [Goyal 2014]. The organization with a private cloud can create a partnership with a public cloud provider to form a cloud hybrid. Another benefit of the hybrid cloud is that the cloud can enable the organization to take advantage of the scalability and cost-effectiveness that a public cloud offers without exposing applications and data considered critical to third parties [1, 6].
Table 1: Factors to Consider with Cloud Computing Implementation
Based on the literature review process, we identified remarkable points to take into account in order to deploy cloud computing. Table 1 presents a brief description of each item.
Section 3 presents the method used in this research. As our purpose is to identify recommendations for a successful cloud computing deployment in the government sector, we carried out an exploratory study.
3. Research Methodology
Few studies have attempted to identify a set of recommendations to adopt cloud computing in a developing country such as Brazil. Our study intends to contribute to this research objective. The study adopts and inductive strategy using qualitative data from semi-structured interviews to collect data from different points of view [Myers 2013], building upon the practical experiences from key members of the government sector that have adopted cloud computing [Benbasat et al. 1987].
3.1 Data Collection and Analysis
In order to learn about these individuals’ recommendations for cloud computing adoption, we conducted interviews with experts in IT Cloud in the government sector that successfully migrated to the cloud. In order to reduce contextual bias, we adopted a convenience sampling method to select a variety of organizations in the government sector from different contexts with a variation in institutional size, strategy, structure, and processes [Dubé and Paré 2017].
Interviews were conducted with the organizations’ IT decision-makers at the top management level and middle management levels (IT Director, Manager, and IT Coordinator) that are usually responsible for cloud computing [Bianchi et al. 2017]. The interviews aimed to learn about the practical experiences of IT managers in the process of cloud computing implementation in the government sector. Table 2 provides information about the organizations.
Table 2: Information about Organizations
Table 3 provides information regarding the interviewees.
Table 3: Profile of Interviewees
To analyze the interviews, we adopted the approach proposed by Keeney [Keeney 1992]. Based on the assumption that the adoption of CC can be configured as a decision-making problem, we applied Keeney’s [Keeney 2001] Value-Focused Thinking (VFT) approach, taking into account the list of important values to the context of decision-making. The next section presents the findings of this study.
4. Results of the Study
This research aimed to identify recommendations for the adoption of CC in the government sector, particularly in public organizations in Brazil. In three organizations, twelve experienced IT professionals in cloud computing were interviewed.
Table 4: Recommendations Proposed by Interviewees
Remarkable insights were collected from the interviews. Twenty-one categories resulted from the data analysis coding of the interviews, on issues considered important in the process of implementing cloud computing in public governmental organizations. Table 4 presents a list of recommendations to the public government in order to successfully adopt cloud computing. In addition, a description for each category was also developed.
Based on the categories and recommendations presented in Table 4, the next subsections detail these recommendations. It is important to note that all of these recommendations came from the practitioner´s experience in cloud computing projects in the government sector in Brazil.
4.1 Alignment with Customers
In order to have a cloud project aligned with customers’ expectations, it is important to provide good services and to have a high customer retention rate. To ensure this alignment, the following recommendations are suggested: create a survey to identify customer needs and the requirements; provide personalized service to the clients.
4.2 IT Governance
IT governance plays an important role in cloud computing, assuming that the cloud environment is organized to support IT activities and to maintain the infrastructure required for cloud services.
In this sense, deliberations involving IT with political backing in the organization are necessary, so that these are duly respected and fulfilled. The following recommendations were suggested by the respondents: regulate IT through an IT board, develop standards for cloud use, and implement its own structure for cloud management.
4.3 Costs of Investments
In order to deploy a cloud in the government sector or in any public institution, it’s essential to have a well-defined plan with expected costs and a budget for investments. A financial support and administrative function in the institution becomes critical to business success. In this sense, the following recommendations were listed by the interviewees: make an accurate estimation of implementation costs; evaluate the human resources costs involved, even if they are being paid by central administration, as is the case in general public administrations; estimate costs required for cloud support; raise the costs to be spent with software licenses; and evaluate the costs to be allocated in the process of renting public clouds to provide support to the private cloud of organization.
4.4 Cloud Sustainability
The cloud computing environment requires constant investment, whether in training, maintenance, or upgrading of new equipment. It is desirable that these costs can be sustained by the sale of cloud services. One way to promote self-sustainability is following some of these recommendations: draw up an annual budget for costs in the cloud; prepare a price list of cloud services; receive IT resources from client units; and develop an annual investment plan for cloud modernization.
4.5 Prospective Studies
It is important to conduct prospective studies on cloud technologies to define cloud models and promote the expansion and extension of the use of their resources. These studies can be carried out through the following actions: participation in events about CC; visits to other institutions that use the cloud; requesting proof of concept from technology companies that use the cloud; researching the literature on innovations in the cloud environment; consulting with statistical and trend publications such as Gartner magazine; promoting presentations by specialists; and promoting meetings with clients in order to learn about their expectations.
4.6 Consulting
A consulting service from a company that specializes in nontechnical computing and is supported by the manufacturer can provide important support for the development of the cloud environment. For this reason, the following recommendations should be considered: hire a consulting company to implement the cloud; train staff regularly; and rely on cloud solution vendor support.
4.7 Training
Training is important so that the CC environment works appropriately. The following recommendations can promote training: search specialized journals and magazines to acquire expertise and knowledge about cloud computoing; implement ISO certification for the cloud; perform spot audits of the cloud environment; hire specialized training; share knowledge through wiki knowledge platforms; publish and disseminate operation manuals; participate in specialized forums on the subject; develop root-analysis diagrams to detect sources of problems; seek to keep the team cohesive and perennial; produce regular documentation such as news and periodicals; and promote workshops.
4.8 Pilot Project
An efficient way to deploy the cloud is through a pilot project. A well-designed and well-managed initial project is desirable for the team to acquire knowledge of the technology, should be flexible and open to change. To do this, the following recommendations are important: initially deploy a pilot cloud project in an evolving way; seek to use free open source software initially; acquire technology maturity in a practical and evolutionary way; progressively expand the pilot project; rely on specialized company consulting from the start; and maintain the initial cloud environment away from the traditional enterprise environment.
4.9 Challenges to Overcome
Respondents reported some difficulties during the cloud deployment process. The lack of knowledge on the client’s behalf was cited as a serious difficulty, and in some cases led to erroneous assumptions and improper operations. Another difficulty is that legacy occur in relation to the use policy’s implementation, where excessive rules may hamper or greatly restrict user freedom. Users with a complicated structure where the internal processes are not well defined hinder the implementation of the cloud. Also, another difficulty is that legacy systems are often not compatible with the new cloud environment, and the systems migration is impaired. Another difficulty is related to systems that require authentication of users, especially in cases of authentication with Microsoft Active Directory (AD) functionality. Lastly, according to the interviews, there were many cases where the customer had a strong sense of ownership over the data center and many customers were resistance to join the cloud environment because they did not trust in it.
4.10 Cloud Management
The interviewees emphasized the importance of efficiently managing customers’ cloud projects and of implementing a system of timely communication of events to customers, demonstrating transparency and partnership in cloud management.
4.11 Cloud Operational Support
Regarding operational support of the cloud, the interviewees felt that a level 1 of local support service should be implemented for immediate customer service and an additional two levels should be implemented in order to handle more complicated occurrences that can not be resolved at previous levels. The cloud manager should only be involved at the highest level of occurrences delegating levels 1 and 2 to local cloud support at the customer site. However, some steps need to be taken by the cloud management body, such as link monitoring, implementation of event control systems, and the establishment of rules for firewall release.
4.12 Marketing in the Cloud
The importance of encouraging the use of cloud through the dissemination of services through marketing was reported. Some examples of possible measures include the implementation of a commercial management, the development of events for the dissemination of cloud services, the production of printed and media catalogs of services, the promotion of the cloud on internal sites and the development of campaigns for use of the services and provide a cloud usage simulator on the corporate site of the managing body for experimental use by the client. Establish metrics for the sale of cloud services and make efforts to join the cloud.
4.13 Migration to Cloud
The process of migration to the cloud environment must be done through design and requires a lot of care and attention. The following recommendations can be useful to assist the process of migrating services to the cloud: set up a separate network for the legacy systems of the company to be migrated; stimulate customers’ spontaneous adherence to the cloud; initially migrate web services; carefully evaluate what will be migrated to the cloud; assess the technical feasibility of each migration project; and elaborate a model of migration containing requirements, model of solution and points to consider positive and negative for this decision making.
4.14 Decentralize Systems
In the cloud environment, system production must be stimulated. While managing the cloud core, it is important that the administration of systems be decentralized to the units responsible for each. The interviewees made the following recommendations on this subject: outsource software factory to produce cloud systems; stimulate the production of customized sites for customers; and delegate application development to client units; against third-party applications.
4.15 Decentralize Datacenters
The datacenter management should also be decentralized, with a sufficient support structure being set up for the client units. In this sense, it is desirable to implement the following actions: assign unique URL for each client; deliver customer portals that can be customized by clients; provide a management environment so that each client can manage it; and allocate an IT administrator on each client unit to provide environmental management and technical support services.
4.16 Shift to Public Cloud
The ability to extend processing and storage resources through public clouds is of great value. To this end, interviewees made the following recommendations: when contracting public clouds, request the management of the data; establish criteria for contracting public clouds; establish key points for transshipment in public clouds; perform tests with external providers; evaluate the contracting of a financial broker to cover immediate and emergency costs with public clouds; and adopt preventive measures against inefficiencies and breaches of contract of companies that provide public clouds.
4.17 Infrastructure Requirements
The cloud infrastructure must be well planned for in order for the business environment to have operational support. To ensure these infrastructure requirements, important recommendations have been suggested: develop the technical specification of infrastructure requirements of the cloud environment; choose to work with the cloud orchestrator who has hyper convergent infrastructure; choose an orchestrator that has developed free software; request assistance and terms of references from specialized companies; and hire an integrated cloud solution.
4.18 Service Standard
The definition of service standards is important for preserving the security of the cloud environment. In this sense, observing the following recommendations may be convenient: virtualize all cloud projects; implement centralized access authentication; give customers agility and autonomy to manage resources in a standardized way; and foster innovation and service development by observing basic rules and standards for security and systems development.
4.19 Customer Benefits
The identification of customer benefits is the most efficient way to ensure the success of cloud deployment in the organization, building loyalty and winning allies. In this sense, the advantages to customers can be perceived by emphasizing and demonstrating the following resources: saving resources by clients; adopting administrative transparency of the cloud environment; providing operational performance; offering and reinforcing the importance of automatic scalability; giving self-administration of the environment to the client; offering an environment-friendly operation; providing statistics on resource use; demonstrating the savings in electricity received by the customer; demonstrating the savings obtained in software licensing costs; offering attractive price in relation to the market for customer’s adhesion; providing a reduced cost to the customer; and allowing customization of the environment by the customer.
4.20 Cloud Security
Information security in the cloud environment requires great attention from organizations, as several critical aspects of clouds are related to this topic. Therefore, there were many recommendations to fulfill this goal: establish local security rules; encrypt data communications; implement auditing and notifications to users in case of non-compliance with security rules; implement firewall management; implement manual connectivity control; invest in the training of the security team; perform security tests regularly; guide users in the use of cloud resources; deploy security team; and keep innovation projects confidential.
4.21 Legislation
Compliance with legislation is one of the important precepts in public administration. Greater care with citizens is necessary for the preservation of their personal data and compliance with the various laws that govern regulate the protection of personal data. Therefore, the interviewees pointed out important recommendations: protect users’ personal data, guide public administration users and employees about current legislation; and users from public clouds.
5. Conclusions
Regarding the characteristics of this study, all of the clouds adopted by the organizations are private and were implemented in less than five years. In addition, he clouds implemented in these organizations do not allow for migration to public clouds. One of the reasons for adopting only private clouds within these organizations is that the IT is focused only on the internal user and operations, without a commercial purpose.
The recommendations recorded were the result of the cooperation of the interviewees, based on their experience and the concordant points between them. All the users and the managers are satisfied with the return on investments in this type of technology. Additionally, various improvements were perceived in terms of IT resources and data processing, among other issues, suggesting that the deployment of this technology is feasible.
To summarize, this research found twenty-one recommendations for the successful adoption of CC in the government sector that are based on a set of interviews performed in three organizations in Brazil. The aim was to have a list of cloud computing recommendations not only from a literature review perspective but also from the view of practitioners. In the case of this research, these recommendations emerged from the experiences of the interviewees that had success in the implementation of cloud computing in the government sector. Therefore, the recommendations from this study can aid managers in making better decisions regarding cloud computing implementation in the public sector.
This research has some limitations. The collected data was limited to three public organizations in Brazil. Nevertheless, these organizations are important and relevant in the context of the country, due to the IT infrastructure and the knowledge and expertise of the interviewees on the domain of cloud computing.
Due to the length of this article, we did not discuss and compare the findings with other studies from the literature review. We intend to continue investigating this topic to improve the results of these recommendations with other studies. For instance, to classify the order of importance of each recommendation.
The validation of the recommendations in other contexts and countries as well as the comparison of concerns between private and public organizations regarding implementation of cloud environments will improve our understanding of the adoption of this technology. We also intend to identify the impact of each recommendation in the process of deploying CC, in order to create a roadmap to assist decision-makers in the process of maximizing the benefits of this technology.
Acknowledgments
This work has been supported by FCT—Fundação para a Ciência e Tecnologia within the Project Scope: UID/CEC/00319/2019.
References
Alshamaila, Y., S. Papagiannidis and F. Li (2013). Cloud computing adoption by SMEs in the north east of England: A multi‐perspective framework. Journal of Enterprise Information Management 26(3), 250–275.
Benbasat, I., D. K. Goldstein and M. Mead (1987). The Case Research Strategy in Studies of Information Systems. MIS Quarterly 11(3), 369–386.
Bhisikar, A. (2011). G-Cloud: New Paradigm Shift for Online Public Services IaaS PaaS SaaS. International Journal of Computer Application 22(8), 24–29.
Bianchi, I. S., R. D. Sousa, R. Pereira and J. von Hillegersberg (2017). Baseline Mechanisms for IT Governance at universities. Proceedings 25th European Conference on Information Systems (ECIS), Guimarães, Portugal, 1551–1567.
Branco, T., F. de Sá-Soare, and A. L. Rivero (2017). Key Issues for the Successful Adoption of Cloud Computing. Procedia Computer Science 121, 115–122.
CSA (2011). Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. Cloud Security Alliance.
Conway, G. and E. Curry (2010). Managing Cloud Computing: A Life Cycle Approach,. 2nd International Conference on Cloud Computing and Services Science CLOSER 2012, 198–207.
Date, H., R. Ramaswamy and H. Gangwar (2015). Understanding determinants of cloud computing adoption using an integrated TAM-TOE model. Journal of Enterprise Information Management 28(1), 107–130.
Dekker, D. L. (2015). Cloud Security Guide for SMEs. Greece: ENISA.
Dempsey, K., N. Chawla, L. Johnson, A. Jones, A. Orebaugh, M. Scholl and K. Stine (2011). Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. NIST Special Publication 800-137.
Dubé, L. and G. Paré (2003). Rigor in information systems positivist case research: current practices, trends, and recommendations. MIS Quarterly 27(4), 597–636.
Goyal, S. (2014). Public vs Private vs Hybrid vs Community—Cloud Computing: A Critical Review. International Journal of Computer Network and Information Security 6(3), 20–29.
ISACA (2014). Controls and Assurance in the Cloud: Using COBIT-5. ISACA.
Jansen, W. and T. Grance (2011). Guidelines on Security and Privacy in Public Cloud Computing. NIST Special Publication 800-144 .
Johnson, D. and K. Grayson (2005). Cognitive and affective trust in service relationships. Journal of Business Research 58(4), 500–507.
Keeney, R. L. (1992). Value Focused Thinking—A Path to Creative Decisionmaking. Cambridge, Massachusetts: Harvard University Press.
Keeney, R. L. (2001). Modeling Values for Telecommunications Management. IEEE Transactions on Engineering Management 48(3), 370–379.
Low, C., Y. Chen and M. Wu (2011). Understanding of determinants of cloud computing adoption. Industrial Management & Data Systems 111(7), 1006–1023.
Lui, F., J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger and D. Leaf (2011). NIST Cloud Computing Reference Architecture. NIST Special Publication 500-292.
Mallmann, G. L. and A. C. G. Maçada (2018). Adoption of Cloud Computing: A Study with Public and Private Hospitals in a Developing Country. International Journal of Innovation and Technology Management 15(5), 1850044.
Mattoon, S., B. Hensle and J. Baty (2011). Cloud Computing Maturity Model Guiding Success with Cloud Capabilities. Computing, 13-13.
Morais, N. D. S. (2015). Proposta de Modelo de Migração de Sistemas de Ambiente Tradicional para Nuvem Privada para o Polo de Tecnologia da Informação do Exército Brasileiro. Master Dissertation. Universidade de Brasília.
Myers, M. D. (2013). Qualitative Research in Business and Management, second edition. Sage Publications.
Myers, M. D. and M. Newman (2007). The qualitative interview in IS research: Examining the craft. Information and Organization 17(1), 2–26.
NIST (2010). Guide for Applying the Risk Management Framework to Federal Information Systems. NIST Special Publication 800-37.
Poullet, Y. (2009). Data protection legislation: What is at stake for our society and democracy. Computer Law and Security Review 25(3), 211–226.
Qian, R. and P. Palvia (2013). Towards An Understanding of Cloud Computing’s Impact on Organizational IT Strategy. Journal of Information Technology Case and Application Research 15(4), 34–54.
Repschlaeger, J., S. Wind, R. Zarnekow and K. Turowski (2013). Decision Model for Selecting a Cloud provider: A Study of Service Model Secision Priorities. 19th Americas Conference on Information Systems, AMCIS 2013 - Hyperconnected World: Anything, Anywhere, Anytime, 1031–1041.
Ross, R., J. C. Oren and M. McEvilley (2014). Systems Security Eegineering: An Integrated Approach to Building Trustworthy Resilient Systems. NIST Special Publication 800-160.
Senyo, P., E. Addae and R. Boateng (2018). Cloud computing research: A review of research themes, frameworks, methods and future research directions. International Journal of Information Management 38(1), 128–139.
Stankov, I., R. Datsenka and K. Kurbel (2012). Service level agreement as an instrument to enhance trust in cloud computing—An analysis of infrastructureas-a-service providers. 18th Americas Conference on Information Systems 2012—AMCIS 2012, 3813–3822.
Tripathi, A. and B. Parihar (2011). E-Governance challenges and cloud benefits. Proceedings 2011 IEEE International Conference on Computer Science and Automation Engineering—CSAE 2011, 351–354.
Trivedi, H. (2013). Cloud Adoption Model for Governments and Large Enterprises. Working Paper. Massachusetts Institute of Technology.
Velte, A. T., T. J. Velte and R. Elsenpeter (2010). Cloud Computing: A Pratical Aproach. New York, USA: McGraw-Hill.
Weinhardt, C., A. Anandasivam, B. Blau, N. Borissov, T. Meinl, W. Michalk and J. Stoesser (2009). Cloud Computing—A Classification, Business Models, and Research Directions. Business & Information Systems Engineering 1(5), 391–399.