popular among Small to Medium size Enterprises (SMEs) due to the promise of cost effective access to the latest applications via a Cloud Service Provider (CSP). There are many factors and pitfalls of Cloud Computing adoption as well as benefits to SMEs which have been highlighted through a research project that involved SMEs from the West Midlands UK. This paper outlines the challenges SMEs face when considering Platform as a Service (PaaS) adoption, and highlights that lack of understanding of the technology has either meant SMEs have not adopted Cloud Computing or have experienced difficulties with the adoption as important considerations where not evaluated. Through a comprehensive investigation a theoretical framework -Cloud

Step followed by an interactive tool -PaaS Cloud Dial have been developed to aid SMEs in understanding what factors need to be considered prior adoption of PaaS. Both have been validated through work with SMEs and the findings obtained from the validation procedure indicated that both the framework and application are valuable and suitable in supporting SMEs risk assessment and decision making process regrading Cloud adoption.


# I. Introduction

apid developments in Information Technology (IT), and the increase demand for more effective and lower computing costs, has led to the emergence of the latest form of distributed computing systems; known as Cloud Computing. As this study will outline this form of technology might minimize the cost for individuals and businesses of using computerization resources, through contract payment to a third-party service provider (TPSP) Cloud Service Provider (CSP). Through Cloud Computing the user can spend less time and resources on managing complex IT systems which means more investment can be focused on the core business activities as outlined by Klunder (2011). Potentially, this could reduce infrastructure maintenance costs and improve the efficient management of an IT system. As data that was once housed under consumers' own administrative and security domain, can now be redirected and placed under the domain of the CSP. Yet the physical location of data is still critical and can negatively impact a business. According to Zissis (2012) Businesses require on demand access to data and the legal complexities surrounding location and access to data needs to be understood. Security issues have emerged from multitenancy. Therefore issues surrounding security and accessibility should be identified and acknowledged. There have been several reports and publications outlining the benefits of Cloud Computing adoption; including reports by Fujitsu (2011) and IMB ( 2009). Yet, as Morgan (2013) highlights there are also concerns and factors that are hindering adoption [5]. Security, loss of control and the blurred lines between responsibility and ownership of data as well as capability to deal with issues on the systems are key concerns that need to be factored into the decision or using Cloud Computing.

Many businesses are keen to adopt Cloud Computing solutions, given the possible benefits outlined above. However, the lack of skills and understanding in the workforce to fully appreciate what is involved in deploying and using Clouds is creating a barrier to Cloud adoption. This is further explained by [6] who states for Cloud technology to achieve its potential, there needs to be a clear understanding of the various issues involved, both from the perspectives of the providers and the consumers of the technology. As Cloud Computing is still an immature technology the concept and meaning of 'Cloud Computing' remains fairly unclear. Each Cloud is unique as businesses and end users' requirements differ; therefore how a Cloud is implemented and used will vary. There is limited education and training in businesses to educate staff about Cloud Computing, resulting in users not being fully aware of the associated risks of using this type of technology, especially in areas such as how to detect and respond to security threats and breaches. This is demonstrated through findings from SMEs participates within this study as well as from literature gathering.

As this paper will show, some SMEs have opted for Cloud before completing a risk assessment or being aware of the drawbacks of the technology. This paper focuses on the findings from work undertaken with SMEs in the West Midlands regrading Cloud Computing adoption. There was significant evidence to suggest that R Author: Senior Lecturer in Computer Science at the University of Wolverhampton. S Lecturer at the University of Malta, and Edge Hill University. cloud computing and security. As well as publishing at conferences and international journals. e-mail: k.wood@wlv.ac.uk 1 Year 2016 ( ) B lack of sufficient support and training for SMEs to aid them in selecting the most appropriate Cloud. The paper introduces Cloud Step, which is a framework to guide SMEs during the risk assessment process and The PaaS Adoption Dial which provides SMEs the opportunists to self-evaluate their awareness of key Cloud considerations. The paper is organized as followed: Section 2 provides an overview of the project and cloud adoption in SMEs in the West Midlands. Section 3 presents key themes and challenges and discusses the initial work completed involving SMEs. It highlights some for the results that have since been taken into consideration in the development of the supporting framework. This is followed by Section 4, which provides in depth insight into the framework through outlining the different steps and rationale. Section 5 discusses the predictor analysis tool. Section 6 summaries and concludes this paper and proposes future work


# II. Defining SMES

There are varying definitions of SMEs worldwide as SMEs are classified differently in different countries. For example The Open Group (2015) states that SMEs are classed due to their size. This includes their assents, number of employees and financial turnover. In the UK, to be classed as SMEs, the business has to meet two out of three of the following criteria:

? Turnover of less than £25m,

? Less than 250 employees

? Assets of less than £12.5m. Department of Business, Innovation and Skills (2012)

The European Commission (2012) established the European definition of SME as "The category of micro, small and medium-sized enterprises (SMEs) is made up of enterprises which employ fewer than 250 persons and which have an annual turnover not exceeding 50 million euro and/or an annual balance sheet total not exceeding 43 million euro." The European Commission (2015) considers "SMEs and entrepreneurrship as key to ensuring economic growth, innovation, job creation, and social integration in the EU. In 2013, there were 4.9 million businesses in the UK, over 99% of which were small and medium enterprises Ward (2014) resulting in employment for 32% of the UK workforce and contributing to the annual turnover by 18% Ward (2014) and (Henniger (2015). SMEs are essential to the UK economy development and growth, job creation and integration through their position in national and international markets. For SMEs having a smaller budget than larger businesses is always an issue, however through cloud computing SMEs can benefit from the same resources as larger businesses thus become more competitive. As businesses tend to be cost focus and interested in the possible cost saving through this technology, the actual migration and deployment time and costs tend to be neglected. This point is further illustrated by Zenga (2010) through explaining that for SMEs the cost in terms of money and time in migrating can impede any potential benefits. It could be assumed that lack of awareness and education is contributing towards SMEs being unprepared for the amount of work required during this stage.

A major characteristic attributed to SMEs is flexibility Levy [9]. Therefore SMEs have a distinctive advantage over larger organisations through "responsive, flexible, flat structured and simple" European Commission (2015) organisational environment. According to Lobel (2015) a third of UK SMEs have grown over the past two year and the role of technology has allowed SMEs to 'scale up' and become more competitive. However, there are contradicting reports and claims over how successful and how much SMEs are embracing cloud technologies.

A survey conducted by Vmware suggested in 2011 that "60 per cent of small and medium-sized enterprises (SMEs) across Europe have adopted some internet-based IT services." Henniger (2015) Therefore, based on this, UK SME are deemed as slower to adopt Cloud Computing. It has since been reported in 2015 that UK SMEs are in fact taking the lead in cloud adoption [13]. This is based on an independent research study of just under 3,000 SME leaders across the UK, the USA, France, Germany, the Netherlands and Belgium [14]. The findings show that "just under half of UK SMEs (47%) are now using at least one cloud business software tool." Exact [14] argues that SMEs are using cloud computing services but would suggest most are using SaaS. What is clear is that UK SMEs are increasingly embracing the technology but it is unclear if SMEs are using cloud technologies to their full potential and the selection is suitable to meet the business requirements.


# III. Cloud Related Issues

Cloud Computing has reshaped the IT industry and has also had a significant impact on a range of other sectors such as education and services. A study conducted by the Economist Intelligence Unit and IBM showed that among 572 business leaders surveyed, almost three quarters indicate their companies have piloted, adopted or substantially implemented Cloud in their organizations and 90% expect to have done so in three years as outlined by Levy (2015). This statement clearly outlines that cloud adoption will continue to grow and there has been evidence in the UK in recent years of businesses and public services moving to the cloud, for examples the UK Government G-Cloud system. Many businesses are keen to adopt Cloud technologies given the possible cost saving benefits. However, the lack the skills and understanding in the workforce to fully appreciate what is involved in deploying and using clouds. This may be due to the fact it is still unclear what is really meant by the term Cloud Computing'. Each Cloud is different, and unique to meet the requirements of that business or end user. There is limited education and training in businesses to educate staff about Cloud, resulting in users not being fully aware of the associated risks of using this type of technology, especially in areas such as national security and government services. Users lack understanding of how to detect and respond to security threats and breaches. Many assume the CSP is fully responsibility for dealing with such issues, which is not the case. Evidence suggests that PaaS adoption is becoming more accepted Mac Gregor (1998) Lobel (2015) and is on the rise The fact there is no standard application programming interface (API) currently available means that some developers and users have concerns and require guidance in ensuring the right PaaS environment is selected.

The Marketing Donut (2015) reported that security is a prime concern for any user of Cloud Computing [19]. According to Carstensen [20] the security concerns associated with Cloud Computing present a significant challenge for organizations who are attempting to understand how to move their products and services into the Cloud environment. It is vital that all organizations understand the potential risks in order to keep their company safe whilst gaining the benefits from using the Cloud. Many risks associated with Cloud Computing would often have legal implications for organizations and it is vital that knowledge is provided to the Cloud consumer and controls are put in place in order to overcome these risks.

Cloud may have the capabilities of vastly changing the approaches of implementation, usage and management of computing systems for both the public and private sector. The foundations of cloud infrastructure provide more flexibility and dynamism in the computing infrastructure than pervious forms of distributed systems. The requirements and demands from users for cloud services vary, resulting in complex design and deployment of resources, and therefore places barriers for adoption for those businesses that might not have advance IT skills. The scope of this particular research undertaken was to examine the lack of SMEs understanding of the requirements during the migration and deployment on a Platform as a Service (PaaS) for the perspective of the business to evaluate if poor or misconfiguration could result in security issues. Through highlighting the role of configuration management in PaaS and identifying potential security vulnerabilities that may be encountered due to mis-configuration provides evidence to show where SMEs users need support. This data then allowed for a generic migration and deployment risk assessment process to be developpped to provide SMEs with a suitable framework


# IV. Reserch Appoarch

Qualitative research methods were used in this study to identify SMEs backgrounds, understanding of Cloud terminology and actual use of Cloud solutions. The primarily used to focus on the development of PaaS for testing proposes to analysis security and usability issues during the deployment and migration stages. The research design framework (Figure 1) shows the road map undertaken in this project. The roadmap highlights the key factor identification, development of questionnaires, interviews and Cloud environment and the collection and analysis of quantitative data. Before showing how these feed into the initial framework and prediction tool. Questionnaires were used twice in this research study. The first questionnaire was used in Phase 1 and a range of open and close questions where used to gather information to assess the attitudes, opinions and technological awareness of SMEs participants in order to identify any common themes and concerns from this target audience. The particular target audience selected for this project were all SMEs that relied heavily on IT. For example financial systems and software uses. Therefore, it is assumed that all participants had a good awareness and experience of IT. The second questionnaire was designed and produced during Phase 2 and was used to assess SMEs views on the produced post migration steps that had been produced based on collection and analyses of data from the different approaches used
3 Year 2016 ( ) B V. Framework
Findings from the project highlighted that SMEs have encountered a series of issues relating to the that can be used as a cross reference during the initial deployment and migration of applications onto a PaaS. selection and deployment of different Cloud solutions, partly due to the lack of guidance available to aid the decision process. Based on the findings, the following step model (Fig. 2) provides a logical structure to support the initial migration and deployment through a series of essential criteria steps that SMEs should follow to ensure suitable migration and deployment of their selected Cloud. This framework is an appropriate and logical approach to support SMEs during the decision making process over selection a suitable Cloud solution as well as to ensure a series of stages are taken to ensure suitable transition to a PaaS to reduce security related issues.


# VI. Paas Adoption Dial

The PaaS Adoption Dial acts as a risk assessment supporting tool that has been designed based on findings from work with SMEs in the West Midlands. PaaS Adoption Dial allows businesses to self-evaluate this current progress towards improving PaaS their understanding and requirements prior to the full adoption and implementing of a PaaS solution. This provides SMEs the opportunity to self-assess their suitability to adopt PaaS solutions into their business, based on their level of awareness of core considerations. Therefore this tool can significantly reduce an organisation's vulnerability through highlyghting areas that require more understanding or support before committing to a PaaS adoption. The PaaS Adoption Dial was developed in java script and uploaded onto a server as a web application. This allowed SMEs to gain access to the application via a web link and to complete the task when required. SMEs can access this application through the link below. http://www.scit.wlv.ac.uk:8080/cloudadoptiondial/ That application was built to include several parts that included an introduction to the application, the PaaS Cloud Adoption Dial and PaaS Adoption Recommendation Results. 
1![Figure 1: Roadmap of research phases](image-2.png "Figure 1 :")
2![Figure 2 : Cloud Step Framework](image-3.png "Figure 2 :")
31![Figure 3 : PaaS Adoption Dial VII. Conclusion and Future Work This paper presented a discussion of concepts and ideas surrounding Cloud adoption. The PaaS Adoption Dial tool is currently being used by SMEs in the local region. The author is awaiting feedback for the SMEs to evaluate if this tool has supported in allowing SMEs to assess their own position and suitability in adopting different Cloud solutions based on the Dial position in terms of categories as well as to get other SMEs from different regions of the UK and internationally to use the tool to see if PaaS adopting and understanding varies.](image-4.png "Figure 3 : 1 B")
		
		
			

				


* 
	
		Cloud computing assessing the risks [online]. Cambridgeshire: IT Governance Publishing
		
			JCarstensen
		
		
			BGolden
		
		
			JMorgenthal
		
		
		
			2012
		
	
	Accessed 8 December2014




* 
	
		Collection Mid-sized businesses
		
	
	
		Innovation and Skills
		
			2012. 21 November 2015
		
		
			Department of Business
		
	




* 
	
		What is an SME
		
	
	
		European Commission
		
			2012. 19 November 2015
		
	




* 
	
		
	
	
		European Commission
		
			19
			2015
		
	




* 
	
		R 'Sustainable Supply Chain Management in the Slow-Fashion Industry
		
			CEHenniger
		
		
			PJAleyizous
		
		
			COates
		
		
			JCheng
		
		
	




* 
	
		IT PRO 'UK SMEs lag behind Euro cloud adoption
		
	




* 
	
		Strategies for growth in SMEs: the role of information systems and information technology
		
			MLevy
		
		
			PPowell
		
		
			2005
			Butterworth-Heinemann
		
	




* 
	
		A third of UK SMEs have grown over the past two year
		
			Lobel
		
		
		
			2015
		
	




* 
	
		Electronic Commerce and Small/Medium Enterprises (SMEs) in Australia: An Electronic Data Interchange (EDI) Pilot Study
		
			RCMacgregor
		
		
			DJBunker
		
		
			PWaugh
		
		
			SMarston
		
		
			ZLi
		
		
			SBandyopadhyay
		
		
			JZhang
		
		
			AGhalsasi
		
	
	
		Proceedings of the 11th International Bled Electronic Commerce Conference
				the 11th International Bled Electronic Commerce ConferenceSlovenia
		
			1998. June 1998. 2011
			51
			
		
	
	Cloud computing-The business perspective. Decision support systems




* 
	
		of the series Springer Series in Supply Chain Management pp
		10.1007/978-3-319-12703-3_7
		
		
			Accessed 21 November 2015
			1
			
		
	
	Sustainable Fashion Supply Chain Management




* 
	
		UK takes the lead on cloud adoption
		
			TheMarketing Donut
		
		
		
			18 Sept 2015. Accessed 21 November 2015
		
	




* 
	
		
		The Open Group 'Maximizing the Value of Cloud for Small-Medium Enterprises: Key SME Characteristics (Business and IT)
				
			19 November 2015
		
	




* 
	
		Relationship between cooperation networks and innovation performance of SMEs
		
			SXZebga
		
		
			XMXie
		
		
			CTam
		
		
			2010
			30
			
		
	
	Technovation