A consideration of the current technical and legal framework shows that currently the use of cloud services within a project requires a careful cost / risk analysis. The funding opportunity is limited due to the legal constraints and requires a differentiated opinion when applying. should consider the following points:

For infrastructure applications

a) Overall cost analysis including current costs and for private and community clouds also the required long-term personnel resources. For this purpose, a tabular overview of a five-year period should be drawn up.

b) A consideration of the longer-term use of cloud resources, the corresponding financing model and the transfer scenario for supplier switching or exit.

For project applications

a) Before applying for commercial cloud services, it is recommended to first check the availability of alternative offers from local data centers, other public facilities or campus networks.

b) An opinion of the local data center manager or IT officer on the type and extent of resource use and any alternative offers (especially within the science community) should be attached to the application.

c) An appraisal of the applicable data protection requirements shall be attached to the application if personal data are processed and stored. This applies to all operating models of cloud services, including the IT infrastructure of the applicants.

d) Ensuring long-term preservation and long-term access to data, in particular with regard to recommendations for good scientific practice.


Cloud computing is an increasingly relevant field of application for both practice and science. It represents a new service model for many companies and at the same time has a lasting impact on the IT landscape. The increasing popularity of cloud computing in the home and work environments is accompanied by a rapidly growing number of vendors, making it more important to compare and select vendors. However, supplier selection presents companies with a great challenge. For one thing, there are hardly any criteria that should be taken into account when making the selection. On the other hand, there is still a lack of concrete decision models for selecting a cloud provider.

A systematic decision support process in vendor selection to identify and prioritize relevant criteria and trade-offs between technical, economic and legal aspects can address this issue.

Structure of the cloud computing selection framework

Provider selection in cloud computing requires a structured approach, so that a sustainable decision can be made. The first step is to identify the goals that can be achieved with the help of cloud computing. In cloud computing, six dimensions can be differentiated according to the objective. These six goal dimensions include significant decision-making at a high level of abstraction (e.g., flexibility, cost). These can be considered both individually and as a supplement in the first step of decision-making.

Going out of the target dimensions can be defined in the second step expectations to the cloud provider. The expectations of a supplier are made up of different selection criteria that cover both economic, technological and legal aspects. The framework presented here divides the selection criteria due to the complexity in top level requirements and in evaluation criteria. The top level requirements serve to structure and are described in detail about the evaluation criteria. Requirements for a vendor are limited in their metric metrics and mostly describe soft factors characterized by their nature (e.g., different service level agreements (SLA) or different levels of support) or presence.

The cloud computing framework for vendor selection consists of four levels. The first level describes the customer’s target dimensions to a cloud service. In the second stage, the objective is broken down into top level requirements. Next, evaluation criteria are defined at the third stage. At the fourth level, the evaluation criteria are differentiated by validity (for the provider or for a single service). In addition, it is determined for which service model (SaaS, PaaS, IaaS) a rating criterion is relevant and how the
characteristic differs between the service models.

Target dimension: flexibility

In the context of cloud computing, a flexibilization and standardization of information technology in the company takes place. IT resources can be scaled up and down as needed and flexibly. The provision takes place in the short term compared to the classic IT outsourcing and with a low contractual commitment to the provider. In order for companies to benefit from the flexibility benefits of the cloud, data transfer must be possible both in and out of the cloud. In addition, a high level of automation (self-
service) and interoperability with other services are important.