Challenges of cloud computing use: A systematic literature review

. Background: In recent years, cloud computing has grown vastly. Cloud computing represents a new model for IT service delivery and it typically provides over-a-network, on-demand, self-service access, which is dynamically scalable and elastic, using pools of often virtualized resources. However, this new paradigm is facing diverse challenges from many fronts. Methods: We conducted a systematic literature review of potential challenges of cloud computing. Documents that described challenges of cloud computing were collected of routinely. We grouped identified challenges in taxonomy for a focused international dialogue on solutions. Results: Twenty-three potential challenges were identified and classified in three categories: policy and organizational, technical and legal. The first three categories are deeply rooted in well-known challenges of cloud computing. Conclusions: The simultaneous effect of multiple interacting challenges ranging from technical to intangible issues has greatly complicated advances in cloud computing adoption. A systematic framework of challenges of cloud computing will be essential to accelerate the use of this technology for working well in fact and in order to face with respect to mitigating IT-related cloud computing risks.

specialization are two important factors, that pool-based computing paradigm rely on, in order to be set up.The effect of a pool-based model is that physical computing resources become 'invisible' to clients, who in general do not have control or knowledge over the exact location, formation, and originalities of these resources (e.g.database, CPU, etc.) .For example, consumers can't indicate the location where their data will be stocked in the Cloud.
Rapid elasticity: One of the characteristics of the cloud computing is the elasticity of the resources.This characteristic allows the users to find quickly new resources so as to be able to answer a rise or a descent in sudden load.It is never obvious to plan the resources which will be vital for the implementation of any IT service, in particular when this need is constantly evolving.The cloud computing so offers a way to release the computing resources necessary for an evolution or for a peak of use of this service.
Measured Service: With view to measure the usage of these resources for each individual consumer via its metering capabilities, the cloud infrastructure can use appropriate mechanisms despite of the fact that computing resources are pooled and shared by multiple customers (i.e.multi-tenancy) [36].
As per NIST mainly the Service Model consists of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) (as shown in Fig. 1).
Software-as-a-service provides business processes and applications [9] that enable clients to use cloud services running on cloud infrastructure [10] through either a thin client interface, like a Web browser.For instance, Google offers services such as Web applications with similar functionality to traditional office suites, including Gmail, Google Calendar, and Docs, among others.Customers do not need to control or manage the underlying infrastructure design for the reason that all new installations (software and hardware) are automatically updated by application vendors.
Platform-as-a-service delivers a computing platform as an integrated solution, solution stack or services like hardware, operating systems (OSs), and storage through an Internet connection.PaaS enables customers to develop, test, and deploy IT services over a cloud platform.By abstracting the complexity of software and infrastructure, this concept facilitates accordingly the efficient and quick development of Web applications.This model assists businesses in leasing virtual IT services through which to run existing applications, as well as to develop, test, or deploy a new application [10,11,12].
Infrastructure-as-a-service is a virtual delivering of computing resources in the form of servers, hardware, networking, and storage services.Rather than installing and purchasing the required resources in their own data center, Clients lease these resources as needed; they don't need to control the underlying cloud infrastructure [13].IaaS generates potential benefit through controlling and paying for the amount of resources demanded by customers [14].
Moreover, The Cloud model comprises four deployment models: Private cloud is a cloud computing model that involves a distinct and secure cloud based environment in which only the specified client can operate.By utilizing an underlying pool of physical computing resource and within a virtualized environment, private clouds will offer computing power as a service.However, under the private cloud model, the cloud (the pool of resource) is only accessible by a unique organization, hence providing that organization with confidentiality and greater control.But data transfer cost [15] from local IT infrastructure to a Private Cloud is still rather considerable.
Community clouds are controlled and shared by multiple organizations and support a particular community that has shared interests, such as mission, policy, security requirements and compliance considerations.It may be maintained by the organizations or a third party and may exist at on or off premise, and the members of the community share access to the data and applications in the community cloud.Community cloud users therefore seek to exploit economies of scale while minimizing the costs related to private clouds and the risks related to public clouds [3].
Public cloud is the most known model of cloud computing to many clients is the public cloud model, under which cloud services are offered in a virtualized environment, built via pooled shared physical resources, and available over a public network like the internet.To some degree they can be determined in contract to private clouds which ring-fence the pool of underlying computing resources, creating a distinct cloud platform which is operated solely within a singular organization.Public clouds deliver services to multiple customers using the same shared infrastructure [3].
Hybrid cloud is a combination of two or more clouds (private, community, or public) that stay unique entities but are related together by standardized or proprietary technology that allows data and application portability.Concerning applications with lacking rigid security, legal, compliance and service level requirements can be deployed in the public cloud, while maintaining business-critical data and services in a protected private cloud [3].
In spite of the widespread adoption of cloud computing, practitioners and researchers have been actively reporting issues and challenges with this new paradigm.Some of the challenges have the aspects of being crucial like issues with confidentiality and security.Other issues such as suboptimal performance and limited bandwidth are a natural result of pushing the barriers of this new model to achieve more [16].Unless these barriers are better understood, solutions may remain inefficient.We conducted a systematic literature review of potential challenges of cloud computing and used this evidence to group these barriers in a taxonomy that can be used as a framework to facilitate an international dialogue on solutions and instruments.The objective of our research is to gain an understanding of the type of issues and challenges that have been emerging.

Methods
In this section, we present the research steps followed to perform this review.We conducted a systematic review according to Kitchenham and al. guidelines [18] to elaborate the review methodology in detail and identify documents that reported on challenges of cloud computing.The challenges were defined as obstacles that could impede or delay the adoption of cloud computing or that could limit the usage of cloud computing in companies.As per these authors, the research methodology for systematic review should contain different strategies that are employed for searching the most significant research works like search strings and the chosen digital libraries.At last, the existing studies selection is realized through set criteria.
The following search string represents our generic search query used for this SLR.
Additional documentation was identified through a variety of databases (such as ACM Digital Library, IEEE Explore, DBLP, Google Scholar, Science Direct, Scopus, Springer, Taylor & Francis and Wiley Online Library) as shown in Table 1.With the regard to make this research up-to date and well-intentioned in the area of cloud computing quick search strategy is used.For this end in order to add recent 2015-2017 publications, we have used the quick search strategy for this research by using the filtering tools in the databases.After using the quick search strategy, we considered the publication from 2008 to 2017 overall for the reason that cloud computing publications started around 2008.
As shown in Fig. 2, the initial search resulted in a total of 800 studies, which were condensed to 200 studies on the basis of their titles, and 100 studies on the base of their abstracts.After that, 100 selected studies were reviewed thoroughly for obtaining a final list of 60 studies on the basis of their content.
Sixty studies were ultimately involved in this review.These studies were primarily read and an initial list of challenge descriptions was extracted.This list was grouped into preliminary categories.Challenge descriptions then classified and generalized within their categories.A final taxonomy and description of barriers were established.For each barrier, we also categorized available evidence to identify knowledge gaps.

Results
We identified 23 potential issues of cloud computing and classified these in taxonomy of three categories, according to the organization European Union Agency for Network and Information Security (ENISA) [19,20,21,34,58]: policy and organizational, technical and legal issues (Table 2).These issues and categories represent a landscape of challenges that is highly dynamic, interconnected, and hierarchical.

Policy and organizational issues
These are business-related IT issues that companies may confront when considering cloud computing service providers [68].Such issues include lock-in, loss of governance, Compliance challenges, supply chain failure [22].
Lock-in vendor lock-in is one of the principal interests declared by IT experts when considering a move from one provider's cloud environment to another [16,20,23].Lock-in refers to the incapability a client to move their data and/or programs away from a Cloud Computing risks cloud computing service provider.It is generally the result of proprietary technologies that are incompatible with those of rivals [12,32,35,73].
Loss of governance: When adopting Cloud services, the Cloud Customer necessarily concedes control to the Cloud provider on a number of issues which may impact security [20,21,58,67,73].
Compliance challenges customers are accountable for the security of their solution, as they can choose between providers that enable to be analysed by 3rd party organizations that control levels of security and providers that don't [10,45,60].
Supply chain failure As per ENISA [58], a Cloud provider can deploy parts of its production chain to third parties, or even, as part of its service, use other Cloud Providers.Thus, a potential for cascading failures is produced [20].

Technical issues
These issues for the most part are well understood as part of resilient challenges of cloud computing adoption and continue to form a major obstacle to the availability and use of this technology [78].They are specified by the failures associated with the technologies and services furnished by the Cloud service vendor [68].
Malicious insiders A malicious insider in the cloud might get hands on an unusual quantity of information and on a widely scale [64] and produce various kinds of damage to a Cloud Customers' assets [9,12,19,20].

Shared technology
Cloud service providers offer their services in a scalable way by sharing infrastructure, platforms, and applications.This way, the threat of shared vulnerabilities exists in all delivery models of Cloud computing [34,39,40].
Encryption is considered a major risk in cloud computing environments is deficient encryption and key management of data [44][45].
Multi-tenancy is a natural result of trying to achieve economic benefit in Cloud Computing by using virtualization and allowing resource sharing [62][63].However, it is a technological issue in Cloud computing [27,33,45,61].
Resource and service management One of the important features of cloud computing is the capacity of obtaining and releasing resources on-demand [20].The purpose of a service supplier in this situation is to allocate and de-allocate resources from the cloud [23].Nevertheless, it is not obvious how a service provider can achieve this goal [19,27,46].
Service level agreement (SLA): it is necessary for customers to have guarantees from suppliers on service offer.Typically, these are offered via Service Level Agreements (SLAs) discussed between the providers and customers [79].The very first problem is to determine SLA particularizations just like that has a convenient level of granularity expected by a customer from a provider [10,16,23].Denial of service attacks (DOS) are attacks meant to impede users of a cloud service to have the ability to access their applications or their data.The attacker (or attackers, as is the case in distributed denial-of service (DDoS) attacks) attacks typically flood servers, systems or networks with traffic by way of obliging the prevents legitimate users to consume inordinate quantities of finite system resources like memory, processor power, disk space or network bandwidth [20,21,23].Consequently, this produces an intolerable system slowdown and leaves all of the victim cloud service perplexed and furious as to why the service isn't responding [9,12,19,42,43,73,77].
Insecure interfaces and APIs: with the aim of managing and interacting with cloud services, cloud computing providers offer consumers a set of software interfaces or APIs to exploit [23].Using these interfaces, provisioning, management, orchestration, and monitoring are all executed.The security of these basic APIs impacts the availability and security of general cloud services.Moreover, companies and third parties MATEC Web of Conferences 200, 00007 (2018) https://doi.org/10.1051/matecconf/201820000007IWTSCE '18 often depend on these interfaces to provide value-added services to clients.This announces the intricacy of the new layered API; it also raises risk [6,42,43,73].
Integrity The integrity of applications, networks, databases and system software in a shared, globally available cloud environment is threatened by much vulnerability when not adequate and timely patched [4,9,16,28,54,67].
Natural disaster such as earthquakes, flooding, and tsunamis can impact the infrastructure of a Cloud vendor [20,21,24].Thus, a Cloud Customers might be affected by natural disasters taking place far away from its own location [33,34,41,50].
Availability means that the data, service, as well as infrastructure are being accessible to authorized clients immediately after a demand has been made.Availability issues may happen at the customer end or the service vendor's end.When a single provider manages a cloud computing service, this way creates a potential environment for a single point of failure [53,63,67].

Loss of backups
The ability to recover data is salient in business that this is not a guarantee of cloud computing [65].Rather than retrieval, this model depends on heavy backup, which could result privacy issues, as this is likely to lead to uninformed consent.A critical threat is that of 'data loss or leakage' where original data is deleted and cannot be recovered [40].Data may also be lost due to dishonest media or data being recorded without a link [66,67,73].
Data transfer bottlenecks arises when bandwidth is unable to accommodate huge quantities of system data at designated data transfer rate speeds [23].Businesses that use cloud computing have to redesign their present technology into new structures of information from being able to care dynamic and great amounts of information, new filing system and storage technologies [15,24,36].

Legal issues:
These consist of the IT-related issues that are legal in nature, and can also have a negative impact on companies using cloud computing services [16].
Legal jurisdiction Converting to Cloud Computing implicates legal restraints [16,19,20].Considering Cloud Computing providers can be multi-national, it is crucial that such vendors are aware of and stand for by national regulations where they do business [36,67,73].
Data privacy and protection: Privacy is one of the longest standing and most essential interests with cloud computing [59].Furthermore, it is a major issue in cloud computing for the reason that its very nature involves storing unencrypted data on a machine owned and operated by someone other than the original owner of the data [8,67,69].
Licensing risk there is also a challenge that firms may pay more than intended to license software on systems hosted by cloud computing service vendors [15,19,20,29,58].
MATEC Web of Conferences 200, 00007 (2018) https://doi.org/10.1051/matecconf/201820000007IWTSCE '18 Subpoena and e-discovery If computer systems are confiscated by law enforcement authorities or through civil suits, the centralization of storage and shared location of physical hardware reveal more risk of undesired data divulgence to cloud computing customers [19][20].

Discussions
Using a systematic review of evidence from reviewed literature, we identified 23 real or potential barriers grouped in taxonomy of policy and organizational, technical and legal issues.Checking the criticality of the situation, many of the significant reports by the organizations including CSA, NIST, and European Union Agency for Network and Information Security (ENISA) etc. have been published to focus the effect of aforestated issues.Reports published by these research major organizations are based on their area of specializations, for example, CSA published reports on the security challenges.These reports are highlighting the risks that are applicable to the cloud computing.
As per [58], most of these threats surround privacy, security and service issues.In other words, above presented threats directly or indirectly impact the confidentiality and security of Cloud resources as well as services at various layers.
Nevertheless, privacy and security risk are considered as a major obstacles to cloud computing adoption that are acting as deterrent and retarding its development [80].
According to table 2, the issues that are addressing data protection and privacy, lock-in, multi-tenancy, availability, integrity, malicious insiders and interoperability have been characterized as essential.
Thus, Most technical issues are deeply embedded in much larger challenges of use of cloud computing.Some solutions are being developed as part of addressing some of aforementioned issues [27].For instance, to overcome the challenges of privacy and protection, two studies [71,72] present an architecture adopting data location strategies, trusted cloud services, and trusted service vendors.In order to handle the issues of regulatory compliance, a study [71] propose a concept of cloud market.By means of this, users can exchange with the market and demand resources conforming to the applications' needs through the cloud broker.Furthermore, to avoid vendor lock-in, a layered architecture was proposed by [17].This architecture offers a unified resource model from different cloud environments.
Political and legal issues will require a different approach.Compared to technical challenges, these challenges are less tangible and transparent and will need to be clearly outlined.Levels of evidence were also different for each issue.The most challenges were very well documented while no empirical evidence was available for other barriers such as supply chain failure, subpoena and e-discovery and data transfer bottlenecks.In-depth formative research is needed to expand the evidence base of these barriers.As knowledge on these challenges will increase, so will opportunities for solutions.

Conclusion
Cloud computing is one of the most advanced digital related technologies, which can bring various business benefits to organizations.Despite several benefits constraints exist with the use of this model impacting on service provision and use of this technology, instead of the conventional in-house technologies, which are physically owned and managed on premises.Thence, a considerable amount of literature on this subject has been published in a nearly short time period.In this research work, the issues of cloud computing adoption are collected and classified in a taxonomy of three categories policy and organizational, technical and legal issues.Thus, these challenges must be addressed by the researchers for making cloud computing work well in reality and in order to further gain the confidence of cloud subscribers.

Fig. 1 .
Fig. 1.NIST defined Essential characteristics, Service models and Deployment models

Table 1 .
Electronic data sources

Table 2 .
Evidence for issues of cloud computing adoption