Skip to content Skip to sidebar Skip to footer

Navigating the Cloud: A Usability Framework

While sitting around the cafeteria talking about the National Institute of Standards and Technology’s (NIST) cloud initiative, I posed a question to a group of usability professionals: “Is there such a thing as cloud usability?” I figured there must be. Just as in the past, when having a mainframe and terminal dictated the user experience, having your application or service hosted off the desktop would affect the user in some way. However, the only consensus we reached that day at the lunch table was that this would be an interesting topic to look at. That conversation piqued my interest and eventually led to this article (and beyond).

We know that it seems more and more products and services are moving to the cloud. Favorite software packages are now only available on the cloud by subscription. Organizations are increasingly adopting cloud-based services to address their information technology (IT) needs for software, hardware, or network bandwidth. It’s easy to see the advantages to business of moving to the cloud, but who’s looking out for the user and what their experience with the cloud should be?

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (for example,  networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Various cloud service providers offer different models and deployment types of cloud services. As a result there is no consistency to the user experience—the same product or service may be available from the cloud for different platforms, each with a different user experience. Sometimes the cloud version varies quite a lot from the more familiar desktop version.

Many frameworks and taxonomies have been developed to assist enterprises as they consider the use of the cloud. These frameworks generally focus on technical capabilities and measure business services. Usability features have only been mentioned in passing, if at all.

To better enable ready adoption (acceptance and utilization), users’ needs (and their goals) must be incorporated into the process of cloud implementation. Our framework is driven by user needs. We identified five attributes that are further compartmentalized into elements and associated measures to ensure that critical usability areas are not overlooked.

A Framework for Cloud Usability

When we started thinking about how to apply the well-established usability principles, guidelines, and metrics for desktop software to cloud services, we found that the complexity and diversity of cloud systems makes it difficult to evaluate the user experience using typical usability evaluation techniques. Freed from the constraints of desktop operating systems, there is no consistency to the user experience. And the capabilities of browser or mobile app interfaces don’t always replace the richer interactions of the desktop experience. In short, there is little consistency among cloud services from different companies, and critical areas of usability are often overlooked. For example, over the years, website design has coalesced around having the upper left-hand area as a placement for logos that take you to the homepage. This consistency of function placement is not always present among cloud applications.

An image that shows the layers of a cloud user experience: the cloud, the service, the application, and the user experience.
Figure 1. The layers of a typical cloud user experience are: cloud end user, user experience, application, service, and cloud.

Any usability framework should start with a good understanding of what usability is. For our purposes, we used the International Organization for Standardization (ISO) definition of usability:

Usability is the extent to which a system, product, or service can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use.

The definition provided us with a roadmap for developing the framework. It includes users and their goals, which are often left out when considering the cloud. The definition also provides us with three metrics: effectiveness, efficiency, and satisfaction within the cloud environment the user is operating in.

In a similar vein as the Cloud Services Measurement Initiative Consortium (CSMIC), which created a framework to establish measures for quality of cloud services (Service Measurement Index (SMI)), we created a framework that characterizes the usability attributes that the cloud should contain. The framework’s attributes and elements are based on other usability frameworks and ISO usability standards. Consumers should expect the cloud to be Capable, Personal, Reliable, Valuable, and Secure. Figure 2 illustrates this framework. Not all elements are as user-facing as we usually think about the term.  The “Current” element under “Capable” means that the applications are up to date and fulfill the users’ expectations of always having the most current technology supporting the application.

Figure 2 is a pictorial representation of the NIST Cloud Usability Framework. This figure lists the various usability attributes that are of interest to cloud users.

An image that shows the attributes of the framework. Each of the elements in the framework are described in the text below.
Figure 2. Cloud usability framework: Capable, Personal, Reliable, Secure, and Valuable.


Cloud consumers should expect their cloud services to have certain capabilities. The four main features they should look for in a capable cloud service are:

  • Current: The cloud service should be based on the latest technology. The service provider should ensure that the cloud service stays compatible with the latest release of hardware, operating system (OS) and related software applications on which it is dependent. Currently, providers upgrade the technology of their services every 18-24 months. In the coming years, we may see a reduction in this time span.
  • Platform: Consumers who use IaaS (Infrastructure as a Service) solutions want to be able to define the exact hardware specifications of the service they wish to purchase. For SaaS (Software as a Service), consumers want the cloud service to be independent of the cloud hardware, OS and the like so that the service can function correctly on any device hardware and software setup.
  • Device: For a cloud service to be capable, consumers should be able to access the cloud service using any device type—fixed (hardwired) or mobile.
  • Cloud functionality: Cloud services can be considered capable for the consumers if they provide typical cloud functionality—elasticity, scalability, and rapid provisioning—that is not possible in other platforms.


Cloud services should allow consumers (organizations and end users) to change the look and feel of the user interface and customize service functionality to suit their needs. At times, an organization’s IT policy may not allow the end users to personalize the user interface of any enterprise application; however, they may still customize the basic solution for the whole organization. There are five main elements that a user should expect under the Personal attribute:

  • Accessibility: It is the degree to which a product or system can be used by people with the widest range of characteristics and capabilities to achieve a specified goal in a specified context of use. Cloud services should be accessible to consumers with a variety of needs. For instance, many consumers in the US mandate that the solution should be compliant with the Americans with Disabilities Act (ADA).
  • Customization: Customization is adaptation of a software product to the needs of a particular audience. Cloud services should allow consumers to change their user interface to suit their needs. An organization may choose a standard customized interface for all their end users to ensure lower maintenance needs.
  • Control: Consumers should have a sense of control over the functionality of the cloud service. For instance, they should be able to determine what cookies are set by the cloud service or be able to switch off GPS tracking if the service is accessed as a mobile application.
  • Data ownership: Consumers should have ownership over the data they store in the cloud services they use. Users should be able to declare the policies on its usage (in advertisements and other services). For instance, if a consumer uploads pictures to a cloud service, the consumer should be able to determine how that image is used or who has access to it.
  • Identity management (access): To ensure ease of use, multiple access authentications will have to be implemented in a seamless manner so that the consumer is not aware of the number of authentication/authorization steps they have to go through to access their applications on the cloud. One method of doing this is to have a single sign-on that is known to all applications.


Reliability is the ability of a system or component to perform its required functions under stated conditions for a specified period of time. There are four main elements that cloud consumers look for under the Reliable attribute:

  • Available: Availability is defined as the ability of a service or service component to perform its required function at an agreed instant or over an agreed period of time. Cloud users should expect high availability, and it is not unusual to find providers advertising more than 99% availability.
  • Responsive: Cloud consumers want cloud services to have a high degree of performance. The main performance measure that is of interest to the end user is response time, which is the time it takes the service to respond to a user’s request/instruction.
  • Consistent: A cloud service should exhibit the same functionality under every situation. The service should also have no conflicts with the user device type (for instance, different types of desktops) accessing the service.
  • Transparency: The cloud service provider’s service policies and technology should be transparent to the cloud consumer organization. Organizational users (like managers, database administrators, and others) should have access, as needed, to the cloud datacenter and have details about the cloud platform’s capabilities and planned changes. This feature is important for building trust between cloud providers and cloud consumers.


Cloud consumers should expect cloud services to provide value to them and their organization. The three main features that can measure this value include:

  • Savings: By using the cloud service, users will be able to save on the costs it would take to run the same application on their personal infrastructure. In addition, they will be able to consolidate and save resources they might need if they ran the same application on their personal infrastructure.
  • User satisfaction: User satisfaction measures the affective experience of the service. The user satisfaction measure should be high for the user to continue consuming the service.
  • Utility: Cloud services will be valuable to consumers if they can provide new features that are not possible with any other IT setup. For instance, cloud services are proving to be very valuable in:
    1. Distributed computing with large datasets (Big Data Applications)
    2. Mobile/pervasive computing


Cloud consumers want their cloud services and its data to be secure. The three main features that they are looking for in cloud services under this category are:

  • Security: The cloud service should be resistant to attacks from unauthorized users, other cloud services, malicious software, and attacks on cloud hardware and Internet networks. Security attacks on a service by cloud-based attackers compromise the functionality of that service. While these attacks may not directly harm the user’s private data, they will make the cloud service more vulnerable to Privacy attacks.
  • Privacy: The cloud service can prevent leakage of data that compromises the end user’s private data like personal information, financial accounts, and geo-location (if not desired by the user). Privacy attacks compromise a cloud user’s personal information. These attacks may not directly harm the cloud service’s security, but can affect its performance. To ensure a cloud user’s privacy, cloud providers authenticate or validate a user’s credentials. Tools, patches, utilities, and applications are deployed by the cloud providers to ensure the cloud user’s privacy.
  • Identity management (authorization): The cloud service shouldn’t allow unauthorized users to access user data or execute any process. The organization will designate an administrator who will be able to maintain the list of users and their authorization levels.
  • Trust: Cloud consumers should have confidence in the cloud service to, at least, fulfill the conditions set forth in the SLA. Trust is highly correlated with other elements such as privacy, security, and data ownership.

What’s Next?

While this framework is based on evaluations from desktop computing, a literature review, and personal experience, we have plans to apply it to an actual cloud environment.

Finally, we believe the framework is the foundation for developing usability metrics for organizations adopting the cloud. Thus our goal is to develop a method of measuring the elements in the framework and defining an associated set of usability metrics.   There is a lot of work that needs to be done on the framework. Each of the elements needs to be investigated to see if they truly are valid cloud measurements and then the best way of measuring each need to be established.

Cloud Standards

NIST’s cloud computing initiative was aimed at standardizing the definition of cloud computing, its various models, and deployment strategies. NIST’s definition of the cloud mandates five essential characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. The NIST deployment models, which include private, public, community, and hybrid cloud models, do not specifically address the human computer interaction or usability attributes that make up the user experience of a cloud service.


Service Models for Cloud Computing

The NIST cloud model focused on three service models. Usability elements to consider for each service model are different and depend on the level of control the end user and the consumer organization have over the cloud service. The service models include:

Software as a Service (SaaS): Provides consumers the use of applications in the cloud. The consumer does not control or manage the applications or the environment in which the application is running. Interface customization: Very limited

Example: Google Apps ( that are being adopted as enterprise email applications in many organizations have the same look and feel for all consumers and limit customization of the user interface to colors and company logos.

Platform as a Service (PaaS): Provides consumers with the ability to deploy applications created or acquired by the consumer using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the cloud infrastructure, but has control over the deployed applications.

Interface customization: Available, but limited to the capability of the platform and cannot use other open source languages, like C or Java, to develop custom applications.

Example: provides its ”Salesforce1 Platform” application as a PaaS cloud model that allows end users to develop apps on the Salesforce platform. However, customers are limited to the tools provided by Salesforce on that offering and so might be limited in getting the same user interface as other applications in their enterprise cloud that are purchased from other vendors.

Infrastructure as a Service (IaaS): Provides consumers with the ability to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications.

Interface customization: Available

Example: Amazon Web Services ( provides an IaaS environment for their customers who can develop personal applications using languages and tools of their choice. This model provides end users with the maximum flexibility of customizing their cloud services and so facilitates development of a consistent user interface. However, IaaS cloud services also require consumer organizations to develop in-house expertise to be able to utilize the benefits of the cloud.