Models of evaluating efficiency and risks on integration of cloud-base IT-services of the machine-building enterprise: a system approach

The present paper suggests a system approach to evaluation of the effectiveness and risks resulted from the integration of cloud-based services in a machine-building enterprise. This approach makes it possible to estimate a set of enterprise IT applications and choose the applications to be migrated to the cloud with regard to specific business requirements, a technological strategy and willingness to risk.


Introduction
At present cloud computing tends to be developed and integrated rapidly. The most important problems for IT-managers are those of reasonability of transition to a cloud-based platform and an assessment of the economic benefits and risks caused by the integration of cloud computing. The assessment of their economic benefits [1][2][3] is a compulsory element of feasibility study of an ITproject. Therefore, issues concerning the selection of methods for evaluation of efficiency and risks of IT integration are the ones of particular importance. The suggested methods [4] of the efficiency and risks evaluation of IT and IS do not take into consideration special characteristics of cloud-based technologies.
The paper focuses on design and implementation of a system approach, which involves the assessment of economic efficiency and risks analysis caused by integration of cloud-based IT-services, allowing managers of enterprises to come to a correct decision concerning the integration.

A system approach to assessment of efficiency and risks caused by transition to cloud-based IT-services
The problem of the insufficient comprehensive methodological base and tools for supporting decision making, which rely on the processes of the efficiency assessment and risks in conditions of uncertain decision making environment is currently the urgent one in the sphere of cloud-based technologies integration. This issue is relevant for businesses of all branches and levels [5]. To solve a problem of this kind a system approach is to be applied, as well as the method of system analysis. This approach can be reduced to giving a more precise definition of the problem and structuring it in a number of tasks soluble by economic and mathematical methods, revealing criteria for their decision, and making purposes more detailed. The system analysis is applied to solve hard formalizable and insufficiently structured problems, as a way to turn a complex problem into an interrelated hierarchy of more simplified tasks, which can be solved by formal methods [6,7]. Figure 1 demonstrates the outline of the system approach to assess efficiency and risks caused by integration of cloud-based IT-services. The first stage 'Identifications of expenditures and benefits' involves calculation of expenditures and benefits from transition to cloud-based services. At the stage of identification of high-level business requirements it is necessary to reveal: 1. Functions of business.
2. Main reasons of the business to integrate the cloud-based services.
3. Cloud-based services, which can support business-processes. 4. Relevant legal standards. 5. It is necessary to determine where the systems providing the services will be located (on the premises of the enterprise, in a particular geographical area) and who will be responsible for provision of services (an external supplier, one's own service, a mixed group, a cloud broker).
The next stage involves identification of the start/basis model of cloud-based service in terms of risk. Here we determine the spheres of risk, which are necessary to take into account; and measures to reduce risk in determined spheres up to the level, acceptable for the enterprise. And then we determine which type of a cloud-based model (SaaS, PaaS, IaaS) is necessary for the enterprise, as well as which model of cloud location (public, private, common, hybrid) is the most suitable for the company.
The measures for risk reduction are the following:  data encryption by the client necessary to avoid an unauthorized access of the cloud provider personnel;  development of the strategy of returning to a normal position unless the business of the cloud provider is successful;  a file backup of data / audit tracking by the client in one's company provided that access to the cloud-based service is lost;  clearly and perfectly formulated SLA (Service Level Agreement), including a paragraph concerning the rights of auditing;  compilation and implementation of the internal recovery plan after the emergency. Preliminary analyzed expenditures include the following items: 1. expenditures on migration from the model available to the cloud-based one (design of applications, data reformatting according to the norms of SaaS provider, adjustment of collective control over identity and access, implementation of cloud controlling).
2. Expenditures on work with a cloud-based model (payments to provider, expenditures on licenses and support, data transfer).
3. Non-recurring and permanent expenditures on the decrease of risks (tools of data encryption, planning and testing of strategies to return to thenormal position, maintenance of the data file backup independently of the provider).
In the course of consideration of other cloud-based models one should take into account the following: whether the expenditures will decrease if the model of provision/location of cloud-based services is changed; the application of private, public or hybrid cloud will not allow one to take into account any safety measures needed in public cloud; the expenditures on a decrease of the risk caused by binding to a definite producer can be reduced due to replacement of SaaS by PaaS or IaaS.
The second stage 'Assessment of expenditures and economic benefits' concerns the assessment of the model available: one identifies the model, which is currently used to provide services according to functional and legal requirements of business (identified at the first stage). When the risks of the available model of services provision are assessed, the following issues are determined: 1. Spheres, where the risk exceeds its acceptable level for the enterprise and is to be decreased.

Assessment of cloud services providers
Assessment of the available model

Stage № 3. Calculation of efficiency and risks
Comparison of the present and desired position

Calculation of the system of efficiency indices and risks
Identification of the base period and the system of indices 2. Measures, which can decrease the risk up to the acceptable level (for example, private cloud can be used in order not to share the platform with other companies; a provider company can be examined, as well as their certificates etc.).
3. Like to like comparison. Spheres of risk typical for the available technology are to be analyzed, and one must be sure that the assessment of both prospective and present positions deals with the same things [5,8,9].
The assessment of expenditures and economic benefits includes: 1. Operational expenditures and those for maintenance/service. 2. Latent expenditures including those on the decrease of risks.

Financial benefits and intangible effects.
The third stage 'Efficiency calculation' is supposed to determine a base period: a planned period to use cloud-based services (a 5-year period is recommended). Then we calculate criteria and indices of efficiency and risks [9] according to suggested models (Figure 1).
The stage concerning criterion К ecs calculation and risks experts and a financial department are to be engaged in work, as well as corporative standards are to be met.
We compare further the present position and the one that to be achieved:  Numerical indices for direct and well-estimated benefits are assessed.  Expenditures resulted from transition to the cloud are calculated.  Expenditures and economic benefits of the present and desired position are compared.  Net expenditures and profits for each year are calculated. The model for calculation of quantity and quality indices for the assessment of corporate applications which can possibly migrate to the cloud-based environment, is considered in paper [1] on the basis of the method of the hierarchy analysis. Paper [7] provides the consideration of linear programming used to assess the efficiency of cloud-based technologies implementation.
Criteria and coefficient 'Efficiency of cloud-based service' are calculated according to the additive formula:  a 1 , a 2 , a 3 , a 4 , a 5coefficients of the impact degree. To assure compliance the criteria have a rank (weighting coefficients). Identifying the coefficients an expert has to pay attention to the range of the criteria scale and average scores of the criterion. The results of research demonstrate that there are differences between the weights determined by experts themselves and those caused by experts' actions. The weights of the most essential criteria can usually be underestimated, whereas those of non-important ones are overestimated. Therefore, when selecting weights a method of a pair-wise comparison is used to reduce subjectivism.
The algorithm for calculation ofefficiency criteria includes: 1. Comparison with required indices and standards regarding the information of the cloud-based IT-service provider. The main principle of comparison is that of compatibility of results in terms of the accepted scale of expert estimates (Table 1).
2. The expert's assessment of the degreeaccording to which cloud computing meets the requirements of safety on the basis of the score assessment and according to the scale. The score of a decimal scale from 0 to 1 is used.
3. The criterion calculation according to Formula 1.

Conclusion
The main feature of decision making regarding the integration of cloud-based technologies is a rather high level of uncertain conditions they are made in, as well as insufficient and imprecise information necessary for the analysis. Unless the initial information is complete and of high quality a decision maker has to change the precise numerical assessments of the quality characteristics. However, the manager tends to obtain the quantity assessments of possible alternatives of development. Consideration of quantitative problems together with the qualitative ones makes the analysis more comprehensible for the analyst, the expert, and the manager.
The paper suggests a system approach to assess the efficiency and risks caused by cloud-based ITservices integration. We have developed an outline of a system approach, which includes 3 stages of the assessment: identification of expenditures and economic benefits, estimation of expenditures and benefits, calculation of efficiency and risks. The models for calculation of the system of efficiency indices and risks includes methods of the fuzzy-sets theory, mathematical programming and the method of the hierarchy analysis. The designed models relying on these methods make it possible to use qualitative expert information alongside with the quantitative information and to determine on their basis the priority of some strategies and measures when the alternatives are evaluated and decisions are made. The criterion of application efficiency of cloud-based service is very high (it exceeds the standard one in two times and more) 1.00…0. 7 5 The criterion of efficiency is quite high (it goes beyond the standard one by 50-75 %) 0.75…0.5 The criterion of efficiency is probably high (it exceeds the standard one by 75-100 %) 0.5 The mean level of the criterion of efficiency (with respect to the standard) 0.5…0.25 The criterion of the efficiency is probably low (the lag from the standard is 0-25 %) 0.25…0 The criterion of efficiency is quite low (the lag from the standard is 25-50 %) 0 The criterion of efficiency is very low (the lag from the standard is 100 %)