A SYSTEMATIC MAPPING STUDY OF CLOUD BUSINESS AND … · 2019-04-27 · Cloud computing can be...

http://www.iaeme.com/IJMET/index.asp 1051 [email protected]

International Journal of Mechanical Engineering and Technology (IJMET)

Volume 10, Issue 04, April 2019, pp. 1051–1073, Article ID: IJMET_10_04_106

Available online at http://www.iaeme.com/ijmet/issues.asp?JType=IJMET&VType=10&IType=4

ISSN Print: 0976-6340 and ISSN Online: 0976-6359

© IAEME Publication Scopus Indexed

A SYSTEMATIC MAPPING STUDY OF CLOUD

BUSINESS AND LEGAL IMPLICATIONS

Isaac Odun-Ayo, Adesola Falade, Tolulope Oladimeji, Temidayo Abayomi-Zannu

Department of Computer and Information Sciences,

Covenant University, Ota, Nigeria

ABSTRACT

Cloud computing can be considered a disruptive innovation or technology that is

making life easier for Cloud users. Figuring out a focal point of research in a specific

area of study particularly on cloud business and legal implications could sometimes

be challenging. This paper conducted a systematic mapping study of Cloud business

and legal implications. The method utilized three classes which are topics, research

and contribution facets. The topics were extricated from the primary or essential

studies, while research type like evaluation and contribution type namely tool was

used in the analysis. The result indicated that there were more publications in relation

to legal framework and tool with 3.2%, more papers in terms of legal framework and

process with 4.0%, more work was done with respect to data protection and process

with 5.6%, more papers on security and model with 14.4 %, more publications on

privacy and model with 8%, and more papers on confidentiality and method with

6.4%. The findings of this work ascertained multiple gaps that will be beneficial to

providers, practitioners and researchers.

Key words: Cloud computing, Mapping study, Classification scheme, Data

extraction, Data protection, Legal framework

Cite this Article: Isaac Odun-Ayo, Adesola Falade, Tolulope Oladimeji, Temidayo

Abayomi-Zannu, A Systematic Mapping Study of Cloud Business and Legal

Implications, International Journal of Mechanical Engineering and Technology 10(4),

2019, pp. 1051–1073.

http://www.iaeme.com/IJMET/issues.asp?JType=IJMET&VType=10&IType=4

1. INTRODUCTION

Cloud is a distributed and parallel computing technology composed of multiple virtualized

and concatenated computers which can be dynamically provided and represented as a single

or many incorporated computing resources which is dependent on the service level agreement

acknowledged and accepted via a deliberation amongst the users and the service providers

(Buyya et al., 2011). According to De Silva (2015), governing laws, intellectual property

issues and jurisdiction, service credits and levels, and responsibility for service failure are

some of the pivotal official problems relating to cloud computing. Liability provisions under

the legal terms is perhaps the most confrontational and critically mediated requirements in any

technological contract including cloud computing. The exact motive behind this step is the

A Systematic Mapping Study of Cloud Business and Legal Implications


pressing monetary effect that a breach of contract has upon their businesses in which they

support and most importantly, the degree of which the subsequent monetary impairment is

incommensurate to the amount of money being spent by the clients under the cloud

computing legal bindings. The service providers coupled with the clients appear to contrast

tremendously in the degree to which they assume that the other party would deny the

responsibility or take responsibility respectively. Clients are fervent that the service providers

should be “responsible or accountable” for the likely damage which can be brought about by

the flop or blunder of an organization‟s critical or vital IT system or service. Alternatively,

service providers disagree with some rationalization that it won‟t be long before they go

bankrupt if they consent to boundless liability on all transactions (De Silva, 2015).

Under contact law, one of the contacting parties is eligible to damages or compromises for

sensibly predictable loses that supposedly triggered or brought about by the other party‟s

violation or contravention of the contract. The court decides that money is to be paid for the

damages by one individual to the other individual as remuneration for the damages or loses

caused by the other individual as a repercussion of the activities or oversights of the first

individual (Sclater, 2012). The seemingly complicated nature of the business and legal issues

relating to cloud computing makes this study an interesting one. Cloud computing is provided

as a utility and it is available as and when required while also being on a pay-as-you-go basis.

This enables the user to consume what is needed per time and the Cloud Service Provider

(CSP) also makes profit. Be that as it may, because of the procedure of multitenancy and

virtualization on the cloud, security concerns are always unchanging (Odun-Ayo, et al.,

2017a; Odun-Ayo, et al., 2017b). There are primarily three service types on the cloud; the

Software–as–a–Service (SaaS), Platform-as-a-Services (PaaS) and Infrastructure-as-a-

Services (IaaS). The entire application and infrastructure are provided by the CSP in SaaS

which enables users to utilize the applications deployed by the CSP. In PaaS, the CSP

allocates the infrastructure that enables the user to create and deploy their applications. The

user has control of the data and applications, while the CSP controls the infrastructure. IaaS

enables the CSP to provide computer services and storage facilities among others. The

services are dynamically provisioned, elastic and available on demand. Cloud computing is

turning out to be very beneficial and valuable, while the services being offered are

embellishing, aggrandizing and proliferating constantly due to the sound fundamental

applications and architecture running on the cloud (Odun-Ayo, et al., 2018a; Odun-Ayo, et al.,

2018b).

Despite the effectiveness of cloud services, privacy laws relating to the handling of

patient‟s confidentiality in the area of health care are issues of concern especially on the

Cloud (Klein, 2011). Although the CSPs are striving to provide very efficient and reliable

services on the cloud, there are additionally issues regarding trust (Odun-Ayo, et al., 2017c).

In addition, there are concerns relating contractual agreements. Customers sign contracts

online without examining details properly and lacking the understanding of technical terms

involved (Rohrmann, and Cunha, 2015). It is important that Cloud computing contract should

be as clear and as simple as possible. The clauses in the contract should take cognizance of

the type of customer or corporation, and must be suited to the Cloud models or Cloud services

(Rohrmann, and Cunha, 2015). In Cloud computing, the CSPs have their data centers across

geographical boundaries, which has legal implications for criminal investigations by

government agencies and civil litigation by businesses (Choo, 2014). Again, the laws in some

countries may void contractual provisions. For example, the EU has stringent rules

concerning movement of data across boundaries (Mills, 2009). There are regulatory and

governance issues that affect Cloud operations. Such issues include the Patriot Act, United

Kingdom Regulation of Investigatory power act, International Traffic in Arms Regulations

(ITAR) and Health Insurance Portability and Accountability Act (HIPPA) (Mills, 2009). For



example, the Patriot Act enables the US government to demand for the exposure of the data

saved in any data center in whatever place in the world as long as the CSP is a US based

company (Irion, 2012).

Systematic mapping study allows for structured presentation of results and reports in an

area such as Cloud business and legal implications. The reports and categorization are showed

in a visual manner utilizing a map (Odun-Ayo et al., 2019a). This provides an understanding

of the level of studies, research or publications in such field of endeavor. Many facets can be

used for the mapping studies depending on what is being investigated. In this study, the

research, contribution and topic facets were utilized. The research facet focused on work done

in the area of Cloud business and legal implications. The contribution facet considered the

model and method among others. The topics facet was used to extract core aspects of subject

under consideration. The purpose of this paper is to carry out a systematic mapping study of

Cloud business and legal implications. The remaining part of the paper is organized as

follows: Section 2 examination of related works; Section 3 focuses on the systematic mapping

method. Section 4 involves the results and discussion. Section 5 concludes the paper and

suggests future work.

2. RELATED WORK

In Barros-Justo et al., (2017), the setup stage of a systematic mapping study was analyzed and

showed that software routines as apparent amid the requirement-engineering stage of

researches, bringing an understanding of the parts carried out by the above-mentioned

routines dependent essential on parameters needed in the creation procedure. Guideline or

step were created especially for research accompanied by rudimentary procedures to ensure

that the iteration of their study by other researchers for an affirmation of the legitimacy of the

work. The digital libraries utilized for the research were IEEExplore, Web of Science, ACM

DL, and SCOPUS. The guidelines laid down by Peterssen et al., (2008) were adhered to for

this work.

The work of Kosar et al., (2016) for a systematic mapping study dwells on the depiction

of the procedure as it correlates to a domain-specific languages (DSL). The research was

directed in respect to an improved understanding of the DSL area of research with an

emphasizes on research directions and subsequent tendencies. This research encompasses the

span of July 2013 to October 2014, and it capitalizes on three standards for carrying out a

systematic review which are reporting such, planning and carrying out the review.

Santos et al., (2017) showed that systematic mapping study depends upon an examination

as well as utilization of concept maps within Computer Science and the research conveys

these effects of a systematic mapping study which focuses on the accumulation and

assessment of previous works. Five digital libraries was utilized in this research. Manual

approaches and backward snowballing were utilized in the searching procedure while the

research showed a broad concentration and an exhaustive examination of concept maps,

rooted on teaching and learning supports. Search strings utilized in their research were

employed on ScienceDirect, ACM DL, SCOPUS, IEEExplore digital libraries and Compedex.

In Souza et al., (2018), examined how games related techniques came to be made use of in

software engineering education a systematic mapping study and by what method the above-

mentioned strategies bolster explicit software engineering knowledge areas, with further areas

being shown along with research gaps. The main studies of the research are firmly based on

the utilization and assessment of games in software engineering education. Based on

publications starting from 1974 to 2016, a total of 156 primary studies were highlighted in

this research and the mapping process by the joint action of the research was carried out in

accordance with the rules and guidelines in Peterssen et al., (2008).



Fernandez-Blanco et al., (2017) completed a review of power system models and their

applications utilized by the European organizations. Their examination pinpointed out the

modeling gaps and there were 228 reviews carried out and 82 questionnaires were in the long

run finalized and utilized for the mapping.

Mernik (2017) carried out a systematic mapping study of domain-specific languages with

essential enthusiasm for what kind of contribution, the focus area and type of work. The

materials for the research incorporate assessment papers, theoretical or philosophical papers,

experience papers, solution proposition and approved research materials. The research

includes a thorough examination from trusted sources starting from 2006 to 2012 while the

systematic mapping study was carried out dependent on the procedure characterizing research

questions, carrying out the search, grouping, screening, and information extraction.

Griffo et al., (2015) did a systematic mapping and the research based its search with

respect to “legal theory” and “legal concepts”. Also, chosen studies were classified dependent

on the contributions in terms of tool, language, model and method. Alternate procedures were

examination of the utilized legal theories in legal core ontologies building process,

examination of focus with an unmistakable proposal on the utilization of two ontologies and

the examination of each research work for apt findings about legal and ontological research.

Ahmad et al., (2017) work was a systematic mapping study that provides outlines of an

empirical research in software cloud-based testing in the technique of creating a category

design. The work made use of 69 main studies as found in 75 research publications and these

studies wer utilized for a thorough factual investigation and an inevitable quantitative

outcome. Both functional and non-functional testing techniques were explored with the

applications of the procedures and their peculiarities. Larger part of the investigations utilized

a particular experiment for the assessment of their suggested solution. From the literatures

analyed, no research has been focused explicitly around systematic mapping study of Cloud

business and legal implications.

Alavi and Leidner, (2001) conducted an exhaustive review of knowledge management

within organization with an emphasis on the likely roles of IT within the process. Multiple

crucial issues verging on the role IT will partake in moving and assisting these procedures and

the knowledge management processes were further examined. Accentuation was additionally

made on the need to aid the creation, transfer, application and storage of knowledge in

organizations.

Boell and Cecez-Kecmanovic (2015) talked about the effectiveness and drawbacks of

systematic literature review in social sciences and information system in their research and

showed that systematic literature review giving a comprehensive and better methodology to

literature review is not only debatable but also unacceptable. In their contention and support

of this, they presumed that alert and controls ought to be practiced while choosing a

systematic literature review as it can sometimes undermine critical engagement with the

academic work and literature (Odun-Ayo et al., 2019b).

Brereton et al., (2007) examined the exercises gained from implementing systematic

literature review procedures to software engineering field and the authors abridged the

systematic literature review procedure and furthermore portrayed numerous insites still

undertaken by others, the authors, extricated and examined a few exercises about the

appropriateness of this practice to software engineering domain.

Cooper (1982) noted that article reviews must pay close consideration to thorough

methodology and also further conceptualized research review as a scientific enquiry involving

five phases that parallel those main researches which are data collection, problem

formulation, data analysis and interpretation, evaluation of data points and finally, the



presentation of the results. Every one of the functions, other potential and the sources of

variance treats to the legitimacy of which each stage are discussed.

Galvan and Galvan (2017) gave valuable bits of knowledge for carrying out literature

review and recommended integrating patterns and examples while getting ready to compose

literature review which includes the reason and voice before starting to compose must be

considered while then giving consideration on how to rearrange the notes in order to generate

a topical outline that follows the contention in the literature review. These provide the rules to

create a coherent and intensive literature review.

Kitchenham et al., (2009) studied the effect of systematic literature review which are the

prescribe evidence-based software engineering strategies for totaling proof or evidence. The

authors utilized a manual search of 4 conference proceedings and 10 Journals. Altogether, of

the 20 pertinent studies, eight addressed research trends instead of technique evaluation and

seven systematic literature reviews tended to cost estimation. The integrity of systematic

literature reviews was reasonable with only three scoring less than 2 out of 4.

Petersen et al., (2015) concluded that there is a need to assess how researchers conduct the

procedure of systematic mapping and show how the rules ought to be refreshed dependent on

previous systematic literature review guidelines and systematic maps. The authors talked

about certain practices of systematic review rules or guidelines and found that in the multiple

number of the studies investigated, numerous rules were utilized and consolidated which lead

to various or multiple ways in conducting a systematic mapping study.

Vom et al., (2015) emphasized on the significance of literature review and the importance

to abstain from conducting little literature search as serious issues for improving a compelling

literature review. They also talked about the difficulties of literature search and furthermore,

offer suggestions on how these problems could be managed or overcome. They additionally

gave functional rules and agendas to help researchers in organizing and planning out their

literature search.

Odun-Ayo et al., (2018c) conducted a systematic mapping study which put together their

work with respect to the ideas of [27]. The chosen studies were added to the contribution facet

such as method, model and tool. Also, the chosen studies were utilized on the research facet

which manage solution research, evaluation and validation. This examination gave six classes

of studies in the domains of design and implementation, virtualization, architecture,

optimization, performances and application in connection to the focus of the study.

Odun-Ayo et al., (2019a) completed a systematic mapping and characterization plot in

connection to resource management, discussed scalability, brokering, scheduling, capacity

planning, elasticity, and resource sharing. The chosen studies were added on the contribution

facet such as method, metric, model and tool. What's more, the chosen studies were added to

this research.

Odun-Ayo et al (2019b) research talked about different issues relating to cloud, edge and

fog computing and made a systematic map which distinguished different gaps in these regions

of study.

3. MATERIALS AND METHODS

The systematic mapping process is a repetition method for obtaining and deciphering

accessible materials identified with a research objective as stated in Muhammed and

Muhammed (2014). This systematic study was carried out making use of the primary rules

for systematic mapping study as shown in Figure 1. There are some critical steps that must be

observed in a typical systematic study. There is a research question where by the scope or area

of the review is discussed. A search is usually conducted on all papers available in that



particular domain of study. Thereafter, the papers are sorted out to determine articles relevant

to the study. Keywording using the abstracts on the relevant papers is carried out with a view

to designing a classification scheme. The process of data extraction which results in the

design of a systematic map concludes the process. All the stages mentioned above were added

in the development of the systematic map for Cloud business and legal implications.

Figure 1 The Systematic Mapping Process (Petersen et al. 2015)

3.1. Definition of Research Questions

The essence of a systematic map is to give an overview of the quality and kind of research

which has already been performed in a particular area of study. It‟s sometimes important to

know the place such study has been published. These issues determine the relevant research

questions to be added in the research. In the study of Cloud business and legal Implications,

the research questions are as listed below:

RQ1: What areas in Cloud business and legal implications are tackled and how many papers

cover the multiple areas?

RQ2: What types of articles are publicized in the field and in most importantly what novelty

and evaluation do they constitute?

3.2. Conduct of Search for Primary Studies

The search for primary studies is usually done by exploring major digital libraries. This can

be achieved by carrying out manual research on conferences and journals. With the aim of

obtaining papers for this particular research, search for papers were performed on various

scientific digital libraries that are accessible and available on the internet.

For this particular study, the search focus was not on information from books and printed

materials. All the papers selected for the primary studies are in the field of cloud computing,

thereby all the facets took care of issues relating to cloud computing (Odun-Ayo et al.,

2018c). The core idea of a systematic mapping study is key wording which is usually done on

the abstract of the articles. Therefore, articles from newspapers, social networks and other

sources were not considered suitable for conducting systematic studies, hence the need to

utilize appropriate digital libraries. The search was focused on four (4) databases because of

the high impact factor of the journal and conferences publication in these databases. Table 1

shows the digital libraries searched and their URL.

Table 1 Digital libraries used for the systematic mapping study



The search string was designed in terms of outcome, population, comparison and

intervention. The keywords used in the search string was designed by taking note of every

aspect of the structure of the study area. For this study on Cloud business and legal

implications, the search string used on the major databases are:

(ALL (“Business Implication”) OR ALL (“Legal Implication”)) AND TITLE- ABS- KEY

(“Cloud”) (ALL (“Business Implication”) OR ALL (“Legal Implication”)) AND TITLE

(“Cloud”) (TITLE – ABS – KEY (“Business Implication”))

The searches were carried out using the above modified search strings on documents

metadata to make sure that important studies were not missed out. For this research on Cloud

business and legal implications, all the results from the relevant digital libraries relating to

Cloud, computer science and legal issues were considered. In perspective of our paper‟s

choice criteria described by the research questions and requirements of the study‟s objective,

it was observed that 138 papers are joined in this study out of an underlying pursuit

comprising 1,425 papers from 2008 to 2018. However, the limitation of the search was on

core critical work in this area of study. These 138 selected studies are listed at the appendix.

3.3. Screening of Papers for Inclusion and Exclusion

The essence of a selection criteria is to find and include all relevant articles to this review.

Hence, the inclusion and exclusion criteria were utilized to eliminate articles that were not of

outmost importance to the research question. Some abstracts usually mention the main focus

without giving sufficient details, hence abstracts with only the main focus were excluded

alongside papers on panel discussion and tutorials were also excluded. The inclusion criteria

considered papers that had the primary focus, which also examined secondary aspects of the

research. The main focus of this systematic mappings study is Cloud business and legal

implications. Therefore, the inclusion and exclusion process are as explained in the table 2

below. Table 2 Inclusion and Exclusion Criteria

3.4. Keywording of Abstracts

There are steps for building a classification scheme for a systematic mapping study and the

result of such classification scheme is the systematic map. Keywording is important for

cutting down the time needed to develop the classification scheme for the study on Cloud

business and legal implications. In addition, key wording ensures that the studies consider all

relevant papers. This involves knowing the context of the study and applying it in the

extraction process. Keywords from the different papers relating to Cloud business and legal

implications were combined to provide the needed insight into the type and contribution of

the research. This was used to determine the set of categories for the study. On the other hand,

it was sometimes necessary to analyze the beginning and end of the added or selected papers

to ensure reliable keywording for this research (Odun-Ayo et al., 2019a). Consequently, a

bunch of keywords was finally utilized in order to know the categories used for the map of

this research on Cloud business and legal implications. In this study, three main facets were

applied. The first facet focused on the topics related to Cloud business and legal implications.



The topics included are confidentiality, privacy, security, data protection, contracts and

agreements, and legal frame work. The second facet examined the types of contribution

concerning metric, model, tool, process and method employed in Cloud business and legal

implications. The third facets involve the research type contributions.

3.5. Research Type Facet with Category and Description

The third facet utilized for this study is the research aspect which is unassociated with the

focus of this research and the classification of the study approaches in Wieringa et al., (2006)

was utilized. The outcome has the following categories and explanation as discussed in

Wieringa et al., (2006):

Validation Research: The methods utilized in the study are unique but is yet to be

implemented. Such techniques include experiments carried out in the lab.

Evaluation Research: The methods have been added and evaluated. Also, the advantages

and disadvantages of the outcome have also been discussed.

Solution proposal: The technique indicates a special result has been found to an issue. The

application and advantages of such solution is also present.

Philosophical Paper: This is the technique used by researchers to examine a problem in

terms of framework and concepts.

Opinion Paper: A study of this nature does not rely on any known research methodology. It

simply expresses the view of people.

Experience Paper: The study relates to unique experiences of the authors while discussing

how things can be done in practice.

These research categories were considered sufficient and appropriate for this study on

Cloud business and legal implications. The papers utilized for this review were monitored

based on the study categories discussed above. The outcome of these classifications in the

research category is discussed in details in the analysis section.

3.6. Data Extraction and Mapping of Study

During the classification process, the important papers were sorted into a scheme and at this

stage, data was gotten from the various articles that were included in the study. The included

papers are provided as supplementary material to the main paper in the Appendix. The data

extraction process determines the classification schemes. During the process, it was

sometimes necessary to create new categories, while some categories were merged and those

not considered sufficiently relevant were removed. The process of data extraction was done

using a Microsoft Excel table. The Excel table contains each category of the classification

scheme and the amount of publications in every class were obtained from a collective table

containing either the research issues or contribution aspects (Odun-Ayo et al., 2019b). The

analysis honed in on showing the frequency of publications derived from the results on the

combined excel tables and the main idea is to show which aspects of Cloud business and legal

implications were emphasized more in the study. This allows the recognition of gaps and

provides an avenue for recommending further study.

With the results on the excel tables, bubble plot was used to present the frequencies. This

was displayed in form of a map. The map was created using a two x-y scatter plot with

bubbles at the intersection of the categories. The bubble coordinate has bubble sizes that

relates to the number of articles identified in such area. There are two quadrants because only

three facets were utilized in this particular study and each quadrant provides a visual map

based on the intersection of the topic‟s categories with either the research or contribution

category. Therefore, it is easy to visualize the multiple facets at the same time. In addition,



summary details were added to the bubbles to provide a better understanding. Overall, the

systematic map provides a quick overview of study in the area of business and legal

implications of Cloud computing, which is shown in Figure 2. Table 3 and Table 4 shows the

selected primary studies as it relates to the topics, the contribution facet and the research facet.

Table 3 and Table 4 treats the literature that fits within each class with a view to

substantiating the percentages presented.

4. RESULTS AND DISCUSSION

The primary focus of the mapping study on business and legal implication of Cloud is

classification, thematic analysis and possibly to identify the publication fora. From the

analysis, gaps were pointed out using the graph, thus highlighting which research types and

topic areas had insufficiency of publications. Also, the study ultimately showed which areas

were well covered in terms of publication. Suffice to mention that in this systematic mapping

study, high level categories were utilized to assess the papers included, in producing the

frequencies and the subsequently creating the map.

4.1. Contribution Category

On the x-axis of the left quadrant of Figure 2 is the result of the contribution facet. The

contributions facets show the types of contribution to the focus of the study. The contributions

facet for this study indicated that metric discussion in terms of business and legal implications

on the Cloud had 8.8%, tool had 10.4% model had 29.6%, method had 27.2% and process had

24%. Table 3. Primary Studies for Topic and Contribution facet

Contribution

Facet

Topic

Metric Tool Model Method Process

Confidentiality PS49,

PS52,

PS56, PS57,

PS59, PS130

PS10, PS38,

PS39, PS40,

PS45, PS78,

PS87, PS133

PS53, PS54,

PS55,

Contracts and

Agreements

PS95 PS116 PS100 PS35, PS36,

PS37, PS41,

PS92,

Data Protection PS1,

PS2

PS5, PS30, PS118 PS58, PS6, PS 9,

PS68, PS69,

PS70,

PS25, PS26,

PS27, PS71,PS90,

PS91, PS109

Legal Frameworks PS17 PS19, PS20,

PS21,

PS136

PS132 PS20, PS137 PS13, PS14

Privacy PS106,

PS107

PS122,

PS131

PS15, PS18,

PS22, PS42,

PS43, PS48,

PS50, PS51, PS83

PS108, PS110,

PS120,

PS93, PS104,

PS105

Security PS7,

PS8,

PS9,

PS62, PS11,

PS16,

PS112,

PS113,

PS123,

PS124,

PS64, PS65,

PS66,

PS67,PS128,PS81

, PS82, PS85,

PS86, PS88,

PS89, PS84,

PS101, PS102,

PS103, PS111,

PS127, PS135,

PS125,PS126,

PS72, PS129,

PS72, PS73,

PS74, PS75,

PS76, PS77,

PS79,PS80,PS11

7, PS119,

PS134, PS138

PS23, PS24,

PS28, PS44,

PS46, PS47,

PS61, PS63,

PS60,

Percentage 8.8% 10.40% 29.60% 27.20% 24%



4.1. Research Type Category

On the x- axis of the right quadrant of Figure 2 is the result of the type of research conducted

in the area of the Cloud business and legal implications. The results showed that evaluation

research discussions in terms of business and legal implications on the Cloud is 30.43%,

validation is 0%, solution is 40.58%, philosophical is 15.22%, experience is 13.77% and there

were no opinions on the subject of study.

Table 4 Primary studies for topic and research facets

Research

Facet

Topic

Evaluation Validati

on

Solution Philosophic

al

Experience Opinio

n

Confidentiality PS10, PS38,

PS39, PS40,

PS45

PS49, PS52, PS53,

PS54, PS55, PS56,

PS57, PS59, PS130

PS78, PS87,

PS133

Contracts and

Agreements

PS12, PS31,

PS32, PS33,

PS34, PS35,

PS36, PS37,

PS41, PS92,

PS97, PS98, PS99,

PS100, PS114, PS115,

PS116

PS96 PS94, PS95

Data

Protection

PS1, PS2, PS3,

PS4, PS5,

PS6, PS29, PS68,

PS69, PS70,

PS30, PS58, PS25, PS26,

PS27, PS71,

PS90, PS91,

PS109,PS11

8,

Legal

Frameworks

PS13, PS14 PS17 PS19, PS20,

PS21

PS132,

PS136,

PS137

Privacy PS15, PS18,

PS22, PS42,

PS43, PS48,

PS50,

PS106, PS107, PS108,

PS110, PS120, PS121,

PS122, PS131

PS93,

PS104,

PS105

PS51, PS83

Security PS7,PS8,PS9,

PS11,PS16,PS1

12,PS113,

PS123, PS124,

PS125, PS126,

PS127, PS135,

PS23, PS24, PS28,

PS44, PS46, PS47,

PS61, PS63, PS60,

PS62, PS64, PS65,

PS66, PS67,

PS128,PS81, PS82,

PS85, PS86, PS88,

PS89,PS84,

PS101,PS102, PS103,

PS111,

PS129,PS72

, PS73,

PS74, PS75,

PS76, PS77,

PS79, PS80

PS117,PS11

9, PS134,

PS138

Percentage 32.43% 0% 40.58% 15.22% 13.77% 0%

4.2. The Topics and Contributions Facet

High level topics were extracted from the keywords during the data extraction process. The

topics that were acquired during the classification in the area of business and legal

implications on the Cloud are as follows:

Confidentiality.

Contracts and agreements. Data protection.

Data protection.

Legal framework.

Privacy.

Security.



The left quadrant of Figure 2 shows the similarity between the topics and the contribution

facet. The results indicated that publications that talked about model in respect to the business

and legal implications on the Cloud had 29.6% out of the 125 papers reviewed. In addition,

the results showed that out of this 29.6%, 0.8% each were on legal framework, and contracts

and agreements, 2.4% were on data protection, 14.4% were on security, 8% were on privacy

and 3.2% were on confidentiality. Other aspects of the contribution category as it relates to

the topics is in Figure 2. Clearly, there are gaps in the area of legal framework, and contracts

and agreements.

4.3. Topic and Research Facet

The right quadrant of Figure 2 shows the relationship between the topic facet and the research

category. For example, the results shows that solution research relating to business and legal

implications on the Cloud is 40.5.8% out of the 138 papers reviewed. The intersection showed

that 0.72% of the solution research was on the legal framework, 5.07% was on the contracts

and agreements, 3.62% was on data protection, 18.84% was on security, 5.8% was on privacy

and 6.5% was on confidentiality. Other result on the topic and research categories are shown

in the Figure 2.

4.4. The Systematic Map for Cloud Business and Legal Implications

The comprehensive systematic map for study on Cloud business and legal implications

beyond technology is shown in Figure 2. The first quadrant displays the two x-y scatter charts

with bubbles at the intersection of the topic and contributions facet. The second quadrant is a

visualization of the intersection of the topic and research facet also using a two x-y scatter

plot with bubbles. As earlier mentioned, the results makes it possible to identify which aspect

of the study has been emphasized more than others.

From the left quadrant of Figure 2, it was observed that there were more publications in

relation to legal framework and tools with 3.2%, more papers in terms of legal framework and

process with 4.0%, more work done with respect to data protection and process with 5.6%,

more papers on security and models with 14.4 %, more publications on privacy and model

with 8%, and more papers on confidentiality and method with 6.4%.

Figure 2 Systematic mapping for the study business and legal implication in the Cloud



Similarly, the outcome of the topic and research types can be visualized on the right

quadrant. Taking a look at the intersection, it can be seen that philosophical and experience

research had 2.17% each in relation to legal framework. There was more work done on

evaluation research in terms of contracts and agreements (7.25%), more publications on

experience research in relation to data protection (5.8%), more papers on solution research

with respect to security (18.84%), more work done in solution research with respect to

privacy (5.8%) and there were more publications on solution research that deals with

confidentiality (6.52%).

Primary objectives of this review paper is to show gaps based on results, hence providing

areas requiring further research in the field of study. From the map on business and legal

implication in the Cloud, to the best of our knowledge, there were no studies on contracts and

agreements, data protection and confidentiality in terms of tool as a means of contribution.

Furthermore, contributions in terms of metric are generally low. On both the left and right

quadrants, publications relating to legal framework were also low and there were no

validation and opinion research in the area of the business and legal implications on the

Cloud. As mentioned in literature, a systematic map without carrying out a consecutive

systematic review has adequate value, because it easily enables us to identify research gaps in

a topic area. It can be seen further in Figure 2, that apart from security, publications on

philosophical research are also generally low. This paper has created a systematic map

pointing to areas lacking in studies in terms of cloud business and legal implications. The

importance of this is that researchers at all levels and industries professionals can utilize this

as a beginning stage to lead further investigations. This study gives six classes of studies

namely: confidentiality, privacy, security, data protection, contracts and agreements, and legal

framework in relation to business and legal implications of cloud computing. Also, the six

classes of study can be discussed either in terms of metric, tool, method, process and model or

in terms of validation, philosophical, opinion research, evaluation and solution. These areas

amongst others are in this manner prescribed for future research. The rundown of included

references will likewise aid future researchers. The critical lessons learnt in this research is

that research work is boundless and continuum.

5. CONCLUSION

Cloud computing provides scalable, elastic, on-demand access to resources provided by the

various Cloud types and models through the CSPs via the Internet with obvious business and

legal issues. This has necessitated numerous researches in this area of study. The results from

this particular study identified gaps in terms of model, tool, method, process and metric in

relation to Cloud business and legal implications. In addition, the paper identified gaps in the

area validation, solution, evaluation, philosophical and opinion research on business and legal

implications of using the cloud. Furthermore, the topics of survey, framework, privacy,

paradigms, accountability and reliability, and security were extracted on Cloud business and

legal implications. From the systematic map created on business and legal implication in the

Cloud, to the best of our knowledge, there are no studies on contract and agreement, data

protection and confidentiality in terms of tool. Furthermore, contributions in terms of metric

were generally low. In addition, publications relating to legal framework were also low and

there are no validation and opinion research in the area of the business and legal implications

on the Cloud.

This mapping study has been able to show some places where there‟s low to no priority in

terms of business and legal implications on the Cloud based on the classes used in the

scheme. This research has thus added to knowledge by indicating multiple areas of the

research where there were gaps. The gaps that have been identified are recommended for



further studies. It is likely that it will turn out to be a broad guide into topics that can be

researched on in the field of business and legal implications on the Cloud. Further research

could also be done to justify this research. In summary, this study created a systematic map of

business and legal implication in the Cloud that can be helpful to the cloud community and

can aid the researchers to unveil the important gaps of cloud business and legal implication

that multiple researchers weren‟t able to cover thereby increasing the boundaries of

understanding in cloud computing.

ACKNOWLEDGMENTS

We acknowledge the support and sponsorship provided by Covenant University through the

Centre for Research, Innovation and Discovery (CUCRID).

REFERENCES

[1] Ahmad, A., Brereton, P., Andras, P., 2017. A systematic mapping study of empirical

studies on software cloud testing methods. In IEEE International Conference on Software

Quality, Reliability and Security Companion, pp. 555-562.

[2] Alavi, M., Leidner, D.E., 2001. Knowledge management and knowledge management

systems: Conceptual foundations and research issues. MIS Quarterly, 107-136.

[3] Barros-Justo, J.L., Cravero-Leal, A.L., Benitti, F. B., Capilla-Sevilla, R., 2017. Systematic

mapping protocol: the impact of using software patterns during requirements engineering

activities in real-world settings, Cornell University Library, arXiv:1701.05747v1 [cs.SE].

[4] Boell, S.K., Cecez-Kecmanovic, D., 2015. On being „Systematic‟ in literature reviews. In

Formulating Research Methods for Information Systems (pp. 48-78). Palgrave Macmillan,

London.

[5] Brereton, P., Kitchenham, B.A., Budgen, D., Turner, M., Khalil, M., 2007. Lessons from

applying the systematic literature review process within the software engineering domain.

Journal of Systems and Software, 80(4), 571-583.

[6] Buyya, R., Broberg, J., Goscinski, A., 2011. Cloud computing principles and paradigms.

John Wiley and Son, pp. 4-10.

[7] Choo, K.R., 2014. Legal issues in the Cloud. In IEEE Cloud Computing. 1(1). pp. 94-96

doi: 10.1109/MCC.2014.14

[8] Cooper, H.M., 1982. Scientific guidelines for conducting integrative research reviews.

Review of educational research, 52(2), 291-302.

[9] De Silva, S., 2015. Key Legal Issues with Cloud Computing: A UK Law Perspective. In I.

Management Association (Ed.), Cloud Technology: Concepts, Methodologies, Tools, and

Applications (pp. 2063-2077). Hershey, PA: IGI Global. doi:10.4018/978-1-4666-6539-

2.ch096

[10] Fernandez-Blanco, C.R., Careri,F., Kavvadias, K., Hidalgo Gonzalez, I., Zucker, A., &

Peteves, E., 2017. Systematic mapping of power system models: Expert survey, EUR

28875 EN, Publications Office of the European Union, Luxembourg, 2017, ISBN 978-92-

79-76462-2, doi:10.2760/422399, JRC109123.

[11] Galvan, J. L., Galvan, M. C., 2017. Writing literature reviews: A guide for students of the

social and behavioral sciences. Routledge.

[12] Griffo, C., Almeida, J.P.A., Guizzardi, G., 2015. A systematic mapping of the literature on

legal core ontologies, In Brazilian Conference on Ontologies, ONTOBRAS 15, CEUR

Workshop Proceedings,1442

[13] Irion, K., 2012. Government Cloud computing and national data sovereignty. Policy and

Internet. 4(3).



[14] Kitchenham, B., Brereton, O.P., Budgen, D., Turner, M., Bailey, J., Linkman, S., 2009.

Systematic literature reviews in software engineering–a systematic literature review.

Information and Software Technology, 51(1), 7-15.

[15] Klein, C.A., 2011. Cloud confidentiality: clinical and legal implication of Cloud

computing in healthcare. Journal of the American Academy of Psychiatry and Law, 39(4).

[16] Kosar, T., Bohra, S., Mernik, M.A., 2016. Protocol of a systematic mapping study for

domain-specific languages, Journal of Information and Software Technology 21(C). pp.

77-91.

[17] Mernik, M., 2017. Domain-specific languages: A systematic mapping study, International

Conference on Current Trends in Theory and Practice of Informatics, Lecture Notes in

Computer Science, (Vol. 10139, pp. 464-472) Berlin, Germany: Springer.

[18] Mills, L.H., 2009. Legal issues associated with Cloud computing. Nixon PeabodyLLP,

Attorneys at Law.

[19] Muhammed, A.B., Muhammed, A.C., 2014. A systematic Mapping study of software

architectures for Cloud based systems. IT University Technical Report Series, TR- [2014-

175]. Copenhagen.

[20] Odun-Ayo, I., Ananya, M., Agono, F., Goddy-Worlu, R., 2018a. Cloud computing

architecture: A critical analysis”, In IEEE Proceedings of the 2018 18th International

Conference on Computational Science and Its Applications (ICCSA 2018), pp. 1-7 doi:

10.1109/ICCSA.2018.8439638

[21] Odun-Ayo, I., Misra, S., Abayomi-Alli, O., Ajayi, O., 2017a. Cloud multi-tenancy: Issues

and developments. UCC '17 Companion. Companion Proceedings of the10th

International Conference on Utility and Cloud Computing. pp. 209 – 214.

[22] Odun-Ayo, I., Misra, S., Omoregbe, N., Onibere, E., Bulama, Y., Damasevičius, R.,

2017b. Cloud-based security driven human resource management system, Frontiers in

Artificial Intelligence and Applications. 295, 96 – 106. doi:10.3233/978-1-61499-773-3-

96

[23] Odun-Ayo, I., Odede, B., Ahuja, R., 2018b. Cloud applications management- Issues and

developments. Lecture Notes in Computer Science (including subseries Lecture Notes in

Artificial Intelligence and Lecture Notes in Bioinformatics) (LNCS) (Vol.10963, pp. 683-

694) Berlin, Germany: Springer.

[24] Odun-Ayo, I., Omoregbe, N., Odusami, M., Ajayi, O., 2017c. Cloud ownership and

reliability - Issues and developments. Lecture Notes in Computer Science (including

subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

(LNCS) (Vol. 10658, pp. 231-240). Berlin, Germany: Springer.

[25] Odun-Ayo, I., Goddy-Worlu, R., Ajayi, O.O., Grant, E. 2018c. A systematic mapping

study of High Performance Computing and the Cloud. ARPN Journal of Engineering and

Applied Sciences, 13 (24), pp. 9686-9700.

[26] Odun-Ayo, I., Ajayi, O., Goddy-Worlu, R., Yahaya, J. 2019a. "A Systematic Mapping

Study of Cloud Resources Management and Scalability in Brokering, Scheduling,

Capacity Planning and Elasticity", Asian Journal of Scientific Research. Vol 12, No 2, pp.

151-166. doi: 10.3923/ajsr.2019.151.166

[27] Odun-Ayo, I., Goddy-Worlu, I., Geteloma, V., Grant, E. 2019b. "A Systematic Mapping

Study of Cloud, Fog, and Edge/Mobile Devices Management, Hierarchy Models and

Business Models", Advances in Science, Technology and Engineering Systems Journal,

Vol 4, No 2, pp. 91-101

[28] Petersen, K., Vakkalanka, S., Kuzniarz, L., 2015. Guidelines for conducting systematic

mapping studies in software engineering: An update. Information and Software

Technology, 64, 1-18.

[29] Rohrmann, C.A., Cunha, J.F.S.R., 2015. Some legal aspects of Cloud computing

contracts. Journal of Introduction Commercial Law and Technology. 10(1).



[30] Santos, V., Souza. E.F., Felizardo, K.R., Vijaykumar. N.L., 2017. Analyzing the Use of

Concept Maps in Computer Science: A Systematic Mapping Study. Informatics in

Education, 16(2) pp. 257–288. doi:10.15388/infedu.2017.13

[31] Sclater, N., 2012. Legal and Contractual Issues of Cloud Computing for Educational

Institutions. In L. Chao (Ed.), Cloud Computing for Teaching and Learning: Strategies for

Design and Implementation (pp. 186-199). Hershey, PA: IGI Global. doi:10.4018/978-1-

4666-0957-0.ch013

[32] Souza, M., Veado, L., Moreira, R.T., Figueiredo, E., Costa, H., 2018. A systematic

mapping study on game-related methods for software engineering education. Information

and Software Technology 95, pp. 201-218.

[33] Vom Brocke, J., Simons, A., Riemer, K., Niehaves, B., Plattfaut, R., Cleven, A., 2015.

Standing on the Shoulders of Giants: Challenges and Recommendations of Literature

Search in Information Systems Research. CAIS, 37, 9.

[34] Wieringa, R., Maiden, N.A., Mead, N.R., Rolland, C., 2006. Requirement engineering

paper classification and evaluation criteria. A proposal and a discussion. Requirement

Engineering. 11(1), pp. 102-107.

APPENDIX: SELECTED PRIMARY STUDIES

1. Abdelhadi, A.M., Abdu, K., Awada, A., Monem, A.A. An Information Sharing Model for

Construction Business Using Cloud Technology (2016) Proceedings - 2015 International

Conference on Developments in Systems Engineering, DeSE 2015, art. no. 7563644, pp. 239-

244.

2. Accorsi, R., Lowis, L., Sato, Y. Automated certification for compliant cloud-based business

processes (2011) Business and Information Systems Engineering, 3 (3), pp. 145-154.

3. Accorsi, R., Lowis, L., Sato, Y. Automated certification for compliant cloud-based business

processes [Automatisierte compliance-zertifizierung cloud-basierter geschäftsprozesse] (2011)

Business and Information Systems Engineering, 53 (3), pp. 139-149.

4. Aceto, G., Persico, V., Pescapé, A. The role of Information and Communication Technologies

in healthcare: taxonomies, perspectives, and challenges (2018) Journal of Network and

Computer Applications, 107, pp. 125-154.

5. Afify, Y.M., Badr, N.L., Moawad, I.F., Tolba, M.F. A comprehensive business domain

ontology for cloud services (2018) 2017 IEEE 8th International Conference on Intelligent

Computing and Information Systems, ICICIS 2017, 2018-January, pp. 134-143.

6. Agostino, A., Søilen, K.S., Gerritsen, B. Cloud solution in business intelligence for SMEs -

vendor and customer perspectives (2013) Journal of Intelligence Studies in Business, 3 (3), pp.

5-28.

7. Ahmed-Nacer, M., Kunal, K., Sellami, M., Gaaloul, W. Simulation of Configurable Resource

Allocation for Cloud-Based Business Processes (2017) Proceedings - 2017 IEEE 14th

International Conference on Services Computing, SCC 2017, art. no. 8034999, pp. 305-313.

8. Ahokangas, P., Juntunen, M., Myllykoski, J. Cloud computing and transformation of

international E-business models (2014) Research in Competence-Based Management, 7, pp.

3-28.

9. Akhmetov, B., Izbassova, N., Akhmetov, B. Developing and customizing university business

intelligence cloud (2012) Proceedings of 2012 International Conference on Cloud Computing

Technologies, Applications and Management, ICCCTAM 2012, art. no. 6488104, pp. 229-

233.



10. Alreshidi, E., Mourshed, M., Rezgui, Y. Requirements for cloud-based BIM governance

solutions to facilitate team collaboration in construction projects (2018) Requirements

Engineering, 23 (1).

11. Alreshidi, E., Mourshed, M., Rezgui, Y. Factors for effective BIM governance (2017) Journal

of Building Engineering, 10, pp. 89-101.

12. Azni, A.H., Rahman, A.F.A., Alwi, N.H.M., Seman, K. Measuring sensor to cloud energy

consumption (2017) ACM International Conference Proceeding Series, art. no. a186.

13. Balboni, P., Pelino, E. Law Enforcement Agencies' activities in the cloud environment: A

European legal perspective (2013) Information and Communications Technology Law, 22 (2),

pp. 165-190.

14. Bartolini, C., El Kateb, D., Le Traon, Y., Hagen, D. Cloud providers viability: How to address

it from an IT and legal perspective? (2018) Electronic Markets, 28 (1), pp. 53-75.

15. Beckers, K., Côté, I., Faßbender, S., Heisel, M., Hofbauer, S. A pattern-based method for

establishing a cloud-specific information security management system: Establishing

information security management systems for clouds considering security, privacy, and legal

compliance (2013) Requirements Engineering, 18 (4), pp. 343-395.

16. Beckers, K., Faßbender, S., Schmidt, H. An integrated method for pattern-based elicitation of

legal requirements applied to a cloud computing example (2012) Proceedings - 2012 7th

International Conference on Availability, Reliability and Security, ARES 2012, art. no.

6329218, pp. 463-472.

17. Bellini, F., D‟Ascenzo, F., Ghi, A., Spagnoli, F., Traversi, V. Legal issues and requirements

for cloud computing in e-Science (2013) Lecture Notes in Information Systems and

Organisation, 2, pp. 61-70.

18. Benarous, L., Kadri, B. Ensuring privacy and authentication for V2V resource sharing (2017)

Proceedings - 2017 7th International Conference on Emerging Security Technologies, EST

2017, art. no. 8090390, pp. 1-6.

19. Beorchia, S. Gastrointestinal video endoscopy imaging in 2013: The reality, the issues and the

way ahead [L'imagerie vidéo-endoscopique digestive en 2013: réalités, enjeux et perspectives]

(2013) Acta Endoscopica, 43 (5-6), pp. 248-256.

20. Bjornson, J., Hunter, A. Mobile forensics for cloud data: Practical and legal considerations

(2016) 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016, art. no.

7906927, pp. 203-206.

21. Bowen, J.A. Legal Issues in Cloud Computing (2011) Cloud Computing: Principles and

Paradigms, pp. 593-613.

22. Broucek, V., Turner, P. Technical, legal and ethical dilemmas: Distinguishing risks arising

from malware and cyber-attack tools in the 'cloud'-a forensic computing perspective (2013)

Journal in Computer Virology, 9 (1), pp. 27-33.

23. Bule, J., Peer, P. Technical, legal, economic and social aspects of biometrics for cloud

computing (2014) Journal of Information and Organizational Sciences, 38 (2), pp. 83-95.

24. Chaka, C. Virtualization and cloud computing: Business models in the virtual cloud (2014)

Cloud Technology: Concepts, Methodologies, Tools, and Applications, 3, pp. 1687-1701.

25. Chan, R., Chow, K.-P., Chan, V., Kwan, M. The cloud storage ecosystem – A new business

model for internet piracy? (2016) IFIP Advances in Information and Communication

Technology, 484, pp. 237-255.

26. Chang, C., Srirama, S.N., Buyya, R. Mobile Cloud Business Process Management System for

the internet of things: A survey (2016) ACM Computing Surveys, 49 (4), art. no. 70, .



27. Chang, V.Presenting Cloud Business Performance for Manufacturing Organizations (2017)

Information Systems Frontiers, pp. 1-17. Article in Press.

28. Chang, V., Kuo, Y.-H., Ramachandran, M. Cloud computing adoption framework: A security

framework for business clouds (2016) Future Generation Computer Systems, 57, pp. 24-41.

29. Chang, V. A proposed cloud computing business framework (2015) A Proposed Cloud

Computing Business Framework, pp. 1-288.

30. Chang, V. Corrigendum to "The business intelligence as a service in the cloud" [Future Gener.

Comput. Syst. 37C (2014) 512-534] (2014) Future Generation Computer Systems, 41, p. 16.

31. Chang, V. The Business Intelligence as a Service in the Cloud (2014) Future Generation

Computer Systems, 37, pp. 512-534.

32. Chang, V., Walters, R.J., Wills, G. The development that leads to the Cloud Computing

Business Framework (2013) International Journal of Information Management, 33 (3), pp.

524-538.

33. Chang, V., De Roure, D., Wills, G., Walters, R.J.Case studies and organisational sustainability

modelling presented by cloud computing business framework (2011) International Journal of

Web Services Research, 8 (3), pp. 26-53.

34. Chang, V., Wills, G., De Roure, D. A review of cloud business models and sustainability

(2010) Proceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD

2010, art. no. 5558011, pp. 43-50.

35. Chang, V., Bacigalupo, D., Wills, G., De Roure, D. A categorisation of cloud computing

business models (2010) CCGrid 2010 - 10th IEEE/ACM International Conference on Cluster,

Cloud, and Grid Computing, art. no. 5493445, pp. 509-512.

36. Charif, B., Awad, A.I. Business and government organizations' adoption of cloud computing

(2014) Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial

Intelligence and Lecture Notes in Bioinformatics), 8669 LNCS, pp. 492-501.

37. Charif, B., Awad, A.I. Business and government organizations‟ adoption of cloud computing


Intelligence and Lecture Notes in Bioinformatics), 8669, pp. 492-501.

38. Chaudhri, A.A., Bajwa, I.S. Services based management of business processes using cloud

computing (2012) European Journal of Scientific Research, 80 (3), pp. 303-310.

39. Chen, J., Li, X.-Y. Research on SLA-based business automatic deployment of private cloud

platform (2017) Proceedings - 2016 International Conference on Information System and

Artificial Intelligence, ISAI 2016, art. no. 7816684, pp. 104-108.

40. Chen, T.-Y. Exploring the systematic business model innovation: Designing architecture for a

cloud-based collaboration support environment (2017) International Journal of e-

Collaboration, 13 (2), pp. 45-63.

41. Chen, Y., Wu, Q., Nie, K., Liu, T., Ren, H. Electronic business of coal trading center based on

cloud computing (2017) Revista de la Facultad de Ingenieria, 32 (10), pp. 139-143.

42. Chen, M., Qian, Y., Mao, S., Tang, W., Yang, X. Software-Defined Mobile Networks

Security (2016) Mobile Networks and Applications, 21 (5), pp. 729-743.

43. Cheung, A.S.Y., Weber, R.H. Privacy and legal issues in cloud computing (2015) Privacy and

Legal Issues in Cloud Computing, pp. 1-304.

44. Corbett, S. The retention of personal information online: A call for international regulation of

privacy law (2013) Computer Law and Security Review, 29 (3), pp. 246-254.



45. Craig, T.S., Eshaghian-Wilner, M.M., Goli, N., Gupta, A., Navab, S., Pati, A.S.N., Ravicz, K.,

Sarkar, G., Shiroma, B. Nanocomputing and Cloud Computing (2016) Wireless Computing in

Medicine: From Nano to Cloud with Ethical and Legal Implications, pp. 17-40.

46. Davis, A.W. Ethical issues for psychologists using communication technology: An Australian

perspective on service provision flexibility (2014) Professional Psychology: Research and

Practice, 45 (5), pp. 303-308.

47. Devereaux, R.L., Gottlieb, M.C. Record keeping in the cloud: Ethical considerations (2012)

Professional Psychology: Research and Practice, 43 (6), pp. 627-632.

48. Eric A., Figliola, P.M. Overview and issues for implementation of the federal cloud

computing initiative: Implications for federal information technology reform management

(2013) Federal Cloud Computing: Elements, Issues and Implementation Challenges, pp. 1-38.

49. Eshaghian-Wilner, M.M. Wireless Computing in Medicine: From Nano to Cloud with Ethical

and Legal Implications (2016) Wireless Computing in Medicine: From Nano to Cloud with

Ethical and Legal Implications, pp. 1-635.

50. Felici, M., Jaatun, M.G., Kosta, E., Wainwright, N. Bringing Accountability to the Cloud:

Addressing Emerging Threats and Legal Perspectives (2013) Communications in Computer

and Information Science, 182 CCIS, pp. 28-40.

51. Fernandez-Llatas, C., Pileggi, S.F., Ibañez, G., Valero, Z., Sala, P. Cloud computing for

context-aware enhanced M-Health services (2015) Methods in Molecular Biology, 1246, pp.

147-155.

52. Fernandez-Llatas, C., Pileggi, S.F., Ibañez, G., Valero, Z., Sala, P. Cloud computing for

context-aware enhanced m-Health Services (2014) Data Mining in Clinical Medicine, pp. 147-

155.

53. Fitzpatrick, A., McGrath, M., Lennon, R.G. Legal issues surrounding Data Storage on the

cloud (2012) Proceedings - 2012 5th Romania Tier 2 Federation Grid, Cloud and High-

Performance Computing Science, RQ-LCG 2012, art. no. 6528244, pp. 53-56.

54. Fitzpatrick, A., McGrath, M., Lennon, R.G. Legal issues surrounding Data Storage on the

cloud (2012) Proceedings - 2012 5th Romania Tier 2 Federation Grid, Cloud and High-

Performance Computing Science, RQ-LCG 2012, art. no. 6528244, pp. 53-56.

55. Flick, C., Ambriola, V. The european strategy for cloud computing: Harmonization of

technical and legal rules (2014) Mondo Digitale, 13 (49).

56. Flittner, M., Balaban, S., Bless, R. CloudInspector: A transparency-as-a-service solution for

legal issues in cloud computing (2016) Proceedings - 2016 IEEE International Conference on

Cloud Engineering Workshops, IC2EW 2016, art. no. 7527822, pp. 94-99.

57. Fong, J.G. Legal issues regarding innovative museum services in a mobile and cloud

computing environment: Examples of copyright and licensing issues for the National Palace

Museum (2016) Managing Innovation and Cultural Management in the Digital Era: The Case

of the National Palace Museum, pp. 110-129.

58. Fund, F., Hosseini, S.A., Panwar, S.S. Under a cloud of uncertainty: Legal questions affecting

internet storage and transmission of copyright-protected video content (2016) IEEE Network,

30 (2), art. no. 7437022, pp. 32-38.

59. Garg, R., Naudts, B., Verbrugge, S., Stiller, B. Modeling legal and regulative requirements for

ranking alternatives of cloud-based services (2015) 8th International Workshop on

Requirements Engineering and Law, RELAW 2015 - Proceedings, art. no. 7330208, pp. 25-

32.



60. Gheorghiu, C., Panu, A., Alboaie, L. A semantic web platform for legal knowledge in cloud

(2013) SoMeT 2013 - 12th IEEE International Conference on Intelligent Software

Methodologies, Tools and Techniques, Proceedings, art. no. 6645652, pp. 121-126.

61. Godfrin Legal requirements and identifying data security for cloud service (2016) 2016 2nd

International Conference on Science Technology Engineering and Management, ICONSTEM

2016, art. no. 7560948, pp. 185-190.

62. Goh, E. Clear skies or cloudy forecast?: Legal challenges in the management and acquisition

of audiovisual materials in the cloud (2014) Records Management Journal, 24 (1), pp. 56-73.

63. Gordon, D.G., Breaux, T.D. Managing multi-jurisdictional requirements in the cloud:

Towards a computational legal landscape (2011) Proceedings of the ACM Conference on

Computer and Communications Security, pp. 83-94.

64. Graf, S., Eisele, J., Waldvogel, M., Strittmatter, M. A legal and technical perspective on

secure cloud storage (2012) Lecture Notes in Informatics (LNI), Proceedings - Series of the

Gesellschaft fur Informatik (GI), P-203, pp. 63-72.

65. Graham, G. Lost in a cloud: Overview of legal obstacles to the growth of cloud computing

(2012) Medijska Istrazivanja, 18 (2), pp. 21-32

66. Grandinetti, L., Pisacane, O., Sheikhalishahi, M. Pervasive cloud computing technologies:

Future outlooks and interdisciplinary perspectives (2013) Pervasive Cloud Computing

Technologies: Future Outlooks and Interdisciplinary Perspectives, pp. 1-376.

67. Griebel, L., Prokosch, H.-U., Köpcke, F., Toddenroth, D., Christoph, J., Leb, I., Engel, I.,

Sedlmayr, M. A scoping review of cloud computing in healthcare (2015) BMC Medical

Informatics and Decision Making, 15 (1), art. no. 17.

68. Harris, A.J.L., Lanfranco, M. Cloudburst, weather bomb or water bomb? A review of

terminology for extreme rain events and the media effect (2017) Weather, 72 (6), pp. 155-163.

69. Haselmann, T., Vossen, G., Lipsky, S., Theurl, T. Cooperative community clouds for small

and medium enterprises: Facilitating cloud computing for small and medium enterprises with

the cooperative paradigm (2011) CLOSER 2011 - Proceedings of the 1st International

Conference on Cloud Computing and Services Science, pp. 104-109.

70. He, W., Ho, P.-H., Tapolcai, J. Beacon Deployment for Unambiguous Positioning (2017)

IEEE Internet of Things Journal, 4 (5), art. no. 7934298, pp. 1370-1379.

71. Henkoǧlu, T., Külcü, O. Cloud computing as an information access platform: A study on

threats and legal requirements [Bilgi Erişim Platformu Olarak Bulut Bilişim: Riskler ve

Hukuksal Koşullar Üzerine Bir İnceleme] (2013) Bilgi Dunyasi, 14 (1), pp. 62-86.

72. Hill, E. Legal and policy implications of cloud computing (2011) Lecture Notes in Computer

Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in

Bioinformatics), 6765 LNCS (PART 1), pp. 478-483.

73. Hsieh, P.-J. An empirical investigation of patients' acceptance and resistance toward the health

cloud: The dual factor perspective (2016) Computers in Human Behavior, 63, pp. 959-969.

74. Jaeger, P.T., Lin, J., Grimes, J.M. Cloud computing and information policy: Computing in a

policy cloud? (2008) Journal of Information Technology and Politics, 5 (3), pp. 269-283.

75. Kandira, M., Mtsweni, J., Padayachee, K. Cloud security and compliance concerns:

Demystifying stakeholders' roles and responsibilities (2013) 2013 8th International

Conference for Internet Technology and Secured Transactions, ICITST 2013, art. no.

6750284, pp. 653-658.

76. Kemp, M.L., Robb, S., Deans, P.C. The legal implications of cloud computing (2014) Cloud

Technology: Concepts, Methodologies, Tools, and Applications, 4, pp. 2099-2114.




Computing Service and Deployment Models: Layers and Management, pp. 257-272.


Computing Service and Deployment Models: Layers and Management, pp. 301-321.

79. Kertesz, A., Varadi, S. Legal aspects of data protection in cloud federations (2014) Security,

Privacy and Trust in Cloud Systems, 9783642385865, pp. 433-455.

80. Kierkegaard, S. Not every cloud brings rain: Legal risks on the horizon (2012) Strategic and

Practical Approaches for Information Security Governance: Technologies and Applied

Solutions, pp. 181-194.

81. Kiran, M. Legal issues surrounding connected government services: A closer look at G-clouds

(2015) Cloud Computing Technologies for Connected Government, pp. 322-344.

82. Kirkham, T., Djemame, K., Kiran, M., Jiang, M., Armstrong, D., Kousiouris, G., Vafiadis, G.,

Evangelinou, A. Risk based SLA management in clouds: A legal perspective (2012) 2012

International Conference for Internet Technology and Secured Transactions, ICITST 2012, art.

no. 6470934, pp. 156-160.

83. Klein, C.A. Cloudy confidentiality: Clinical and legal implications of cloud computing in

health care (2011) Journal of the American Academy of Psychiatry and the Law, 39 (4), pp.

571-578.

84. Klein, C.A. Cloudy confidentiality: Clinical and legal implications of cloud computing in

health care (2012) Journal of the American Academy of Psychiatry and the Law, 40 (5), pp.

328-351.

85. Kotka, T., Kask, L., Raudsepp, K., Storch, T., Radloff, R., Liiv, I. Policy and legal

environment analysis for E-government services migration to the public cloud (2016) ACM

International Conference Proceeding Series, 01-03-March-2016, pp. 103-108.

86. Kousiouris, G., Vafiadis, G., Corrales, M. A Cloud provider description schema for meeting

legal requirements in Cloud federation scenarios (2013) IFIP Advances in Information and

Communication Technology, 399, pp. 61-72.

87. Kousalya, A., Radhakrishnan, R. Optimization of task scheduling using improved clonal

selection in K-level architecture (2016) International Journal of Control Theory and

Applications, 9 (25), pp. 323-335.

88. Kuiper, E., Van Dam, F., Reiter, A., Janssen, M. Factors influencing the adoption of and

business case for Cloud computing in the public sector (2015) eChallenges Conference, art.

no. 7058154, .

89. Kull, H. Mass customization: Opportunities, methods, and challenges for manufacturers

(2015) Mass Customization: Opportunities, Methods, and Challenges for Manufacturers, pp.

1-129.

90. Lennon, R. Bring your own device (BYOD) with cloud 4 education (2012) SPLASH'12 -

Proceedings of the 2012 ACM Conference on Systems, Programming, and Applications:

Software for Humanity, pp. 171-179.

91. Li, Y.-M., Chou, C.-L. Analyzing the picing models for outsourcing computing services

(2012) Proceedings - Pacific Asia Conference on Information Systems, PACIS 2012.

92. Lillard, V.T, Garrison, P.C., Schiller, A.C., Steele, J. Digital Forensics for Network, Internet,

and Cloud Computing (2010) Digital Forensics for Network, Internet, and Cloud Computing,

353 p.



93. Long, G.A. The legal implications of space weather awareness and the need for international

dissemination of space weather forecasts (2014) Proceedings of the International Astronautical

Congress, IAC, 14, pp. 10294-10318.

94. Manap, N.A., Basir, S.M., Hussein, S.M., Tehrani, P.M., Rouhani, A. Legal issues of data

protection in cloud computing (2013) International Journal of Soft Computing, 8 (5), pp. 371-

376.

95. Martini, B., Do, Q., Choo, K.-K.R. Digital forensics in the cloud era: The decline of

passwords and the need for legal reform (2016) Trends and Issues in Crime and Criminal

Justice, (512), .

96. Manzalini, A., Crespi, N. SDN and NFV for Network Cloud Computing: A Universal

Operating System for SD Infrastructures (2015) Proceedings - IEEE 4th Symposium on

Network Cloud Computing and Applications, NCCA 2015, art. no. 7340044, pp. 1-6.

97. Matyska, L., Procházka, M. User centric identity for grids and clouds (2012) Proceedings of

Science, 11 p.

98. Molnár-Gábor, F., Lueck, R., Yakneen, S., Korbel, J.O. Computing patient data in the cloud:

Practical and legal considerations for genetics and genomics research in Europe and

internationally (2017) Genome Medicine, 9 (1), art. no. 58, .

99. Moorthy, J., Lahiri, R., Biswas, N., Sanyal, D., Ranjan, J., Nanath, K., Ghosh, P. Big Data:

Prospects and Challenges (2015) Vikalpa, 40 (1), pp. 74-96.

100. Mtenzi, F.J. Privacy Protection of Electronic Healthcare Records in e-Healthcare Systems

(2016) Wireless Computing in Medicine: From Nano to Cloud with Ethical and Legal

Implications, pp. 541-566.

101. Munier, M., Lalanne, V., Ardoy, P.-Y., Ricarde, M. Legal issues about metadata data privacy

vs information security (2014) Lecture Notes in Computer Science (including subseries

Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8247 LNCS, pp.

162-177.

102. Munir, K. Security management in Mobile Cloud Computing (2016) Security Management in

Mobile Cloud Computing, pp. 1-247.

103. Mujinga, M. Privacy and legal issues in cloud computing - The SMME position in South

Africa (2014) Proceedings of the 11th Australian Information Security Management

Conference, ISM 2013, pp. 49-59.

104. Najmaei, A. How Do Entrepreneurs Develop Business Models in Small High-Tech Ventures?

An Exploratory Model from Australian IT Firms (2016) Entrepreneurship Research Journal, 6

(3), pp. 297-343.

105. Neal, D., Rahman, S.M. Video surveillance in the cloud-computing? (2012) 2012 7th

International Conference on Electrical and Computer Engineering, ICECE 2012, art. no.

6471484, pp. 58-61.

106. O'Driscoll, A., Daugelaite, J., Sleator, R.D. 'Big data', Hadoop and cloud computing in

genomics (2013) Journal of Biomedical Informatics, 46 (5), pp. 774-781.

107. Oppenheim, C. Cloud law and contract negotiation (2012) Profesional de la Informacion, 21

(5), pp. 453-457.

108. Oppenheim, C. Legal issues for information professionals X*: Legal issues associated with

cloud computing (2011) Business Information Review, 28 (1), pp. 25-29.

109. Oppermann, A., Yurchenko, A., Esche, M., Seifert, J.-P. Secure Cloud Computing:

Multithreaded Fully Homomorphic Encryption for Legal Metrology (2017) Lecture Notes in



Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture

Notes in Bioinformatics), 10618 LNCS, pp. 35-54.

110. Oppermann, A. Reference architecture for cloud computing in legal metrology

[Referenzarchitektur fï¿½r das Cloud-Computing im gesetzlichen Messwesen] (2016) PTB -

Mitteilungen Forschen und Prufen, 126 (4), pp. 59-67.

111. Oppermann, A., Seifert, J.-P., Thiel, F. Secure cloud reference architectures for measuring

instruments under legal control (2016) CLOSER 2016 - Proceedings of the 6th International

Conference on Cloud Computing and Services Science, 1, pp. 289-294.

112. Orton, I., Alva, A., Endicott-Popovsky, B. Legal process and requirements for cloud forensic

investigations (2014) Cloud Technology: Concepts, Methodologies, Tools, and Applications,

1, pp. 332-375.

113. Orton, I., Alva, A., Endicott-Popovsky, B. Legal process and requirements for cloud forensic

investigations (2012) Cybercrime and Cloud Forensics: Applications for Investigation

Processes, pp. 186-229.

114. Parrilli, D.M. Legal issues in grid and cloud computing (2010) Grid and Cloud Computing: A

Business Perspective on Technology and Applications, pp. 97-118.

115. Parrilli, D.M. The determination of jurisdiction in grid and cloud service level agreements



116. Parveen, R., Chikhaoui, E. Legal issues and challenges in educational cloud computing in the

kingdom of Saudi Arabia (2017) International Journal of Economic Research, 14 (20), pp.

357-371.

117. Pugliatti, L. Cloud single window: Legal implications of a new model of cross-border single

window (2011) World Customs Journal, 5 (2), pp. 3-20.

118. Rico, M. Cloud computing and copyright: New challenges in legal protection? (2014)

Communications in Computer and Information Science, 423, pp. 54-63.

119. Schroeder, C. Owning a piece of the cloud: Intellectual property and consumer protection

(2014) George Washington Law Review, 83 (1), pp. 240-272.

120. Sclater, N. Legal and contractual issues of cloud computing for educational institutions (2012)

Cloud Computing for Teaching and Learning: Strategies for Design and Implementation, pp.

186-199.

121. Shaukat, U., Ahmed, E., Anwar, Z., Xia, F. Cloudlet deployment in local wireless networks:

Motivation, architectures, applications, and open challenges (2016) Journal of Network and

Computer Applications, 62, pp. 18-40.

122. Snedaker, S., Rima, C. Business Continuity and Disaster Recovery Planning for IT

Professionals: Second Edition (2013) Business Continuity and Disaster Recovery Planning for

IT Professionals: Second Edition, pp. 1-577.

123. Spagnoli, F., Amendola, C., Crenca, F. The economic and legal perspectives of cloud

computing in Italian public administration and a roadmap to the adoption of g-cloud in Italy

(2014) Lecture Notes in Information Systems and Organisation, 7, pp. 47-56.

124. Srinivasan, S. Security, trust, and regulatory aspects of cloud computing in business

environments (2014) Security, Trust, and Regulatory Aspects of Cloud Computing in

Business Environments, pp. 1-299.

125. Srivastava, J., Nanath, K. Adoption of cloud computing in UAE: A survey of interplay

between cloud computing ecosystem and its organizational adoption in UAE (2017)

International Journal of Information Systems in the Service Sector, 9 (4), pp. 1-20.



126. Stanoevska-Slabeva, K., Wozniak, T., Ristol, S. Grid and cloud computing: A business

perspective on technology and applications (2010) Grid and Cloud Computing: A Business

Perspective on Technology and Applications, pp. 1-274.

127. Stavinoha, K.E. Factors influencing adoption of encryption to secure data in the cloud (2013)

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial


128. Stuart, K., Bromage, D. Current state of play: Records management and the cloud (2010)

Records Management Journal, 20 (2), pp. 217-225.

129. Tauber, M., Wagner, C., Pallas, F. Security and legal challenges in Cloud Computing and

critical infrastructure IT [Sicherheit und rechtliche Herausforderungen in Bezug auf Cloud

Computing und Kritische Infrastruktur-IT] (2014) Elektrotechnik und Informationstechnik,

131 (1), pp. 33-36.

130. Thatmann, D., Schuster, E., Coskun, G. Mapping legal requirements to SLAs: An ontology-

based approach for cloud-based service consumption (2014) CEUR Workshop Proceedings,

1296.

131. Thiel, F., Esche, M., Peters, D., Grottker, U. Cloud Computing in Legal Metrology (2015)

17th International Congress of Metrology, CIM 2015, art. no. 16001.

132. Thorgersen, K. Freedom to create in the cloud or in the open? a discussion of two options for

music creation with digital tools at no cost (2012) Journal of Music, Technology and

Education, 5 (2), pp. 133-144.

133. Venkateswara Reddy, L., Viswanath, V. Maintaining security concerns to cloud services and

its application vulnerabilities (2017) Advances in Intelligent Systems and Computing, 556, pp.

227-236.

134. Wang-Roveda, J.M., Powers, L., Ren, K. Pervasive Computing in Hospitals (2016) Wireless

Computing in Medicine: From Nano to Cloud with Ethical and Legal Implications, pp. 43-77.

135. Weber, R.H. Legal safeguards for cloud computing (2015) Privacy and Legal Issues in Cloud

Computing, pp. 43-68.

136. Weng, Y.-H., Zhao, S.T.H. The legal challenges of networked robotics: From the safety

intelligence perspective (2012) Lecture Notes in Computer Science (including subseries

Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7639 LNAI, pp.

61-72.

137. Wharton, C., Lin, K.-I. Comparative legislation, corporate policy, and citizen concerns: Legal

solutions for privacy protection in cloud computing (2016) Proceedings - International

Carnahan Conference on Security Technology, 2015-January, art. no. 7389651, pp. 19-24.

138. Zawoad, S., Hasan, R., Grimes, J. LINCS: Towards building a trustworthy litigation hold

enabled cloud storage system (2015) Digital Investigation, 14 (S1), art. no. 571, pp. S55-S67.

7th IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2013 (2013)

IFIP Advances in Information and Communication Technology, 401, pp. 1-288.

A SYSTEMATIC MAPPING STUDY OF CLOUD BUSINESS AND … · 2019-04-27 · Cloud computing can be...

Documents

Transcript of A SYSTEMATIC MAPPING STUDY OF CLOUD BUSINESS AND … · 2019-04-27 · Cloud computing can be...