The building blocks of a cloud strategy:evidence from three SaaS providers

Before looking to enter a cloud-based market, weigh industry characteristics and one's own stock of design capital

Themes in Information Security Research in the Information Systems Discipline: A Topic Modeling Approach

Information security continues to grow in importance in all aspects of society, and therefore evolves as a prevalent research area. The Information Systems (IS) discipline offers a unique perspective from which to move this stream of literature forward. Using a semi-automated thematic analysis approach based on the topic modeling technique, we review a broad range of information security literature to investigate how we might theorize about information security on a grander scale. Five themes resulted from our analysis: Software Security Decisions, Firm Security Strategy, Susceptibility, Information Security Policy Compliance, and Other Developing Themes. Implications of our findings and future research directions are discussed

Adoção de Cloud Computing nas organizações: uma análise bibliométrica desta tecnologia no contexto da transformação digital

Purpose: The purpose of this study is identify and analyze articles on the adoption of Cloud Computing services in the business field. The study intends to demonstrate the increasing relevance and impact of Cloud Computing technology on business processes.Design/methodology/approach: The study adopted a Bibliometric Review methodology to collect and analyze data. A total of 1,330 articles were collected from the Scopus (Elsevier) database, and various aspects such as authors, journals, and countries were considered. The analysis includes the use of maps to visualize the co-occurrence of terms, co-citation of references, and bibliographic coupling.Findings: The investigation reveals that the adoption of Cloud Computing services in the business environment is a rapidly growing area of research. The study provides an overview of the theme and highlights the significance of Cloud Computing technology in enhancing business processes’ efficiency.Research limitations/implications: The study’s limitations include relying solely on articles available in the Scopus (Elsevier) database and focusing on the period between 2008 and 2020. Future research can expand the analysis by including a broader range of databases and considering a more recent timeframe.Practical implications: The findings of this study have practical implications for businesses, as they highlight the benefits of adopting Cloud Computing services. The technology offers low cost and flexible use, contributing to increased efficiency in business processes.Social implications: The adoption of Cloud Computing services can have significant social impacts by enabling businesses to provide enhanced value to their clients. The technology’s efficiency and flexibility contribute to improved service delivery and customer satisfaction.Originality/value: This study contributes to the advancement of knowledge in the field of Cloud Computing adoption in the business field. The bibliometric analysis provides a comprehensive overview of the research landscape and highlights the key contributions and trends in this area.Finalidade: O objetivo deste estudo é identificar e analisar artigos sobre a adoção de serviços de computação em nuvem na área empresarial. O estudo pretende demonstrar a crescente relevância e impacto da tecnologia Cloud Computing nos processos de negócio. Desenho/metodologia/abordagem: O estudo adotou uma metodologia de Revisão Bibliométrica para coleta e análise de dados. Um total de 1.330 artigos foram coletados da base de dados Scopus (Elsevier), e vários aspectos como autores, periódicos e países foram considerados. A análise inclui o uso de mapas para visualizar a coocorrência de termos, cocitação de referências e acoplamento bibliográfico. Constatações: A investigação revela que a adoção de serviços de computação em nuvem no ambiente de negócios é uma área de pesquisa em rápido crescimento. O estudo oferece uma visão geral sobre o tema e destaca a importância da tecnologia Cloud Computing na melhoria da eficiência dos processos de negócios. Limitações/implicações de pesquisa: As limitações do estudo se apresentam na utilização de somente artigos disponíveis na base de dados Scopus (Elsevier) e em focar no período entre 2008 e 2020. Pesquisas futuras podem expandir a análise incluindo uma gama mais ampla de bases de dados e considerar um período de tempo mais recente. Implicações práticas: Os achados deste estudo têm implicações práticas para as empresas, pois destacam os benefícios da adoção de serviços de computação em nuvem. A tecnologia oferece baixo custo e flexibilidade de uso, contribuindo para o aumento da eficiência nos processos de negócios. Implicações sociais: A adoção de serviços de computação em nuvem pode ter impactos sociais significativos, permitindo que as empresas forneçam maior valor aos seus clientes. A eficiência e a flexibilidade da tecnologia contribuem para melhorar a prestação de serviços e a satisfação do cliente. Originalidade/valor: Este estudo contribui para o avanço do conhecimento na área de adoção de computação em nuvem na área empresarial. A análise bibliométrica fornece uma visão abrangente do cenário de pesquisa e destaca as principais contribuições e tendências nesta área

Whose Talk is Walked? IT Decentralizability, Vendor versus Adopter Discourse, and the Diffusion of Social Media versus Big Data

Discourse plays a central role in organizing vision and computerization movement perspectives on IT innovation diffusion. While we know that different actors within a community contribute to the discourse, we know relatively little about the roles different actors play in diffusing different types of IT innovations. Our study investigates vendor versus adopter roles in social media and big data diffusion. We conceptualize the difference between the two IT innovations in terms of their decentralizability, i.e., extent to which decision rights pertinent to adoption of an organizational innovation can be decentralized. Based on this concept, we hypothesized: (1) adopters would contribute more to discourse about the more decentralizable social media and influence its diffusion more than would vendors; (2) vendors would contribute more to discourse about the less decentralizable big data and influence its diffusion more than would adopters. Empirical evidence largely supported these hypotheses

Managing cyber risk in organizations and supply chains

In the Industry 4.0, modern organizations are characterized by an extensive digitalization and use of Information Technology (IT). Even though there are significant advantages in such a technological progress, a noteworthy drawback is represented by cyber risks, whose occurrence dramatically increased over the last years. The information technology literature has shown great interested toward the topic, identifying mainly technical solutions to face these emerging risks. Nonetheless, cyber risks cause business disruption and damages to tangible and intangible corporate assets and require a major integration between technical solutions and a strategic management. Recently, the risk management domain and the supply chain literature have provided studies about how an effective cyber risk management process should be planned, to improve organizational resilience and to prevent financial drawbacks. However, the aforementioned studies are mainly theoretical and there is still a significant lack of empirical studies in the management literature, measuring the potential effects of cyber threats within single companies, and along networks of relationships, in a wider supply chain perspective. The present thesis aims at filling some of these gaps through three empirical essays. The first study has implemented a Grounded Theory approach to develop an interview targeting 15 European organizations. Afterwards, the fuzzy set Qualitative Comparative Analysis (fsQCA) has been performed, in order to ascertain how managers perceive cyber risks. Results contradict studies that focus merely on technical solution, and con\ufb01rm the dynamic capability literature, which highlights the relevance of a major integration among relational, organizational, and technical capabilities when dealing with technological issues. Moreover, the study proposes a managerial framework that draws on the dynamic capabilities view, in order to consider the complexity and dynamism of IT and cyber risks. The framework proposes to implement both technical (e.g. software, insurance, investments in IT assets) and organizational (e.g. team work, human IT resources) capabilities to protect the capability of the company to create value. The second essay extends the investigation of the drawbacks of cyber risks to supply chains. The study conducts a Grounded Theory empirical investigation toward several European organizations that rely on security and risk management standards in order to choose the drivers of systematic IT and cyber risk management (risk assessment, risk prevention, risk mitigation, risk compliance, and risk governance). The evidence gleaned from the interviews have highlighted that investments in supply chain mitigation strategies are scant, resulting in supply chains that perform like they had much higher risk appetite than managers declared. Moreover, it has emerged a general lack of awareness regarding the effects that IT and cyber risks may have on supply operations and relationships. Thus, a framework drawing on the supply chain risk management is proposed, offering a holistic risk management process, in which strategies, processes, technologies, and human resources should be aligned in coherence with the governance of each organization and of the supply chain as a whole. The \ufb01nal result should be a supply chain where the actors share more information throughout the whole process, which guarantees strategic bene\ufb01ts, reputation protection, and business continuity. The third essay draws on the Situational Crisis Communication Theory (SCCT) to ascertain whether and how different types of cyber breaches differently affect the corporate reputation, defined as a multidimensional construct in which perceptions of customers, suppliers, (potential) employees, investors and local communities converge. Data breaches have been categorized into three groups by the literature, meaning intentional and internal to the organization (e.g., malicious employees stealing customers\u2019 data), unintentional and internal to the organization (e.g., incorrect security settings that expose private information), and intentional and external to the organization (e.g., ransomware infecting companies\u2019 software). However, this is among the first study to analyse the different reputational drawbacks these types may cause. Moreover, the study considers that, in the industry 4.0 era, social media analysis may be of paramount importance for organizations to understand the market. In fact, user-generated content (UGC), meaning the content created by users, might help in understanding which dimensions of the corporate have been more attacked after a data breach. In this context, the study implements the Latent Dirichlet Allocation (LDA) automated method, a base model in the family of \u201ctopic models\u201d, to extract the reputational dimensions expressed in UGC of a sample of 35 organizations in nine industries that had a data breach incident between 2013 and 2016. The results reveal that in general, after a data breach, three dimensions\u2014perceived quality, customer orientation and corporate performance\u2014 are a subject of debate for users. However, if the data breach was intentional ad malicious, users focused more on the role of firms\u2019 human resources management, whereas if users did not identify a responsible, users focused more on privacy drawbacks. The study complements crisis communication research by categorizing, in a data breach context, stakeholders\u2019 perceptions of a crisis. In addition, the research is informative for risk management literature and reputation research, analysing corporate reputation dimensions in a data breach crisis setting

New Organizational Challenges in a Digital World: Securing Cloud Computing Usage and Reacting to Asset-Sharing Platform Disruptions

Information technology (IT) and IT-enabled business models are transforming the business ecosystem and posing new challenges for existing companies. This two-essay dissertation examines two such challenges: cloud security and the disruption of asset-sharing business models.The first essay examines how an organizations usage of cloud storage affects its likelihood of accidental breaches. The quasi-experiment in the U.S. healthcare sector reveals that organizations with higher levels of digitalization (i.e., Electronic Health Records levels) or those with more IT applications running on their internal data center are less likely to experience accidental breaches after using public cloud storage. We argue that digitalization and operational control over IT applications increase organizations awareness and capabilities of establishing a company-wide security culture, thereby reducing negligence related to physical devices and unintended disclosure after adopting cloud storage. The usage of cloud storage is more likely to cause accidental breaches for organizations contracting to more reputable or domain expert vendors. We explain this result as the consequence of less attention being focused on securing personally accessible data and physical devices given high reliance on reputed and knowledgeable cloud providers. This research is among the first to empirically examine the actual security impacts of organizations cloud storage usage and offers practical insights for cloud security management.The second essay examines how Asset-Sharing Business Model Prevalence (ASBMP) affects the performance implications of industry incumbent firms competitive actions when faced with entrants with asset-sharing business models, like Airbnb. ASBMP represents the amount of third-party products and services that originally were unavailable inside the traditional business model but now are orchestrated by asset-sharing companies in an industry. We use texting mining and econometrics approaches to analyze a longitudinal dataset in the accommodation industry. Our results demonstrate that incumbents competitive action repertoires (i.e., action volume, complexity, and heterogeneity) increase their performance when the ASBMP is high but decrease incumbents performance when the ASBMP is low. Practically, incumbents who are facing greater threat from asset-sharing firms can implement more aggressive competitive action repertoires and strategically focus on new product and M&A strategies. This research contributes to the literature of both competitive dynamics and asset-sharing business models

Organization-Stakeholder Interaction Through Social Media: A Tri-level Investigation, Categorization, and Research Agenda

The increasing proliferation of social media use by organizations has amplified the need to address the means by which organizations can utilize this new form of communication most effectively. Social media offer organizations enhanced abilities to communicate with outside stakeholders, made possible through unique communication characteristics and an increased level of communicative connectivity. This dissertation advances our understanding of organization-stakeholder communication by investigating the phenomenon across three levels. At the global level, we present a categorization of interaction behaviors, with prescriptions for researching each category across three research perspectives. At the organizational level, we utilize three case studies to describe how different organizations can implement social media uniquely, differentiated by the degree of emphasis on regulated or empowered communications. At the individual level, we examine the motivating factors which influence an individual\u27s desire to use a personal technology (such as social media) for a work-related purpose. Our findings contribute to the growing literature on organizational social media use in two forms. For practice, we explicate numerous mechanisms which both enable and advance the use of social media for stakeholder interaction. The three essays uniquely describe how organizations can increase the effectiveness of social media interaction strategies. For research, we extend the current understanding of the phenomenon through a detailed, tri-level investigation. Our findings break some new ground into the utilization of social media and motivate future research on this new form of communication

Data Privacy and Trust in Cloud Computing

This open access book brings together perspectives from multiple disciplines including psychology, law, IS, and computer science on data privacy and trust in the cloud. Cloud technology has fueled rapid, dramatic technological change, enabling a level of connectivity that has never been seen before in human history. However, this brave new world comes with problems. Several high-profile cases over the last few years have demonstrated cloud computing's uneasy relationship with data security and trust. This volume explores the numerous technological, process and regulatory solutions presented in academic literature as mechanisms for building trust in the cloud, including GDPR in Europe. The massive acceleration of digital adoption resulting from the COVID-19 pandemic is introducing new and significant security and privacy threats and concerns. Against this backdrop, this book provides a timely reference and organising framework for considering how we will assure privacy and build trust in such a hyper-connected digitally dependent world. This book presents a framework for assurance and accountability in the cloud and reviews the literature on trust, data privacy and protection, and ethics in cloud computing

Cloud Implications on Software Network Structure and Security Risks

By software vendors offering, via the cloud, software-as-a-service (SaaS) versions of traditionally on-premises application software, security risks associated with usage become more diversified. This can greatly increase the value associated with the software. In an environment where negative security externalities are present and users make complex consumption and patching decisions, we construct a model that clarifies whether and how SaaS versions should be offered by vendors. We find that the existence of version-specific security externalities is sufficient to warrant a versioned outcome, which has been shown to be suboptimal in the absence of security risks. In high security-loss environments, we find that SaaS should be geared to the middle tier of the consumer market if patching costs and the quality of the SaaS offering are high, and geared to the lower tier otherwise. In the former case, when security risk associated with each version is endogenously determined by consumption choices, strategic interactions between the vendor and consumers may cause a higher tier consumer segment to prefer a lower inherent quality product. Relative to on-premises benchmarks, we find that software diversification leads to lower average security losses for users when patching costs are high. However, when patching costs are low, surprisingly, average security losses can increase as a result of SaaS offerings and lead to lower consumer surplus. We also investigate the vendor’s security investment decision and establish that, as the market becomes riskier, the vendor tends to increase investments in an on-premises version and decrease investments in a SaaS version. On the other hand, in low security-loss environments, we find that SaaS is optimally targeted to a lower tier of the consumer market, average security losses decrease, and consumer surplus increases as a result. Security investments increase for both software versions as risk increases in these environments

Cloud Implications on Software Network Structure and Security Risks

By software vendors offering, via the cloud, software-as-a-service (SaaS) versions of traditionally on-premises application software, security risks associated with usage become more diversified. This can greatly increase the value associated with the software. In an environment where negative security externalities are present and users make complex consumption and patching decisions, we construct a model that clarifies whether and how SaaS versions should be offered by vendors. We find that the existence of version-specific security externalities is sufficient to warrant a versioned outcome, which has been shown to be suboptimal in the absence of security risks. In high security-loss environments, we find that SaaS should be geared to the middle tier of the consumer market if patching costs and the quality of the SaaS offering are high, and geared to the lower tier otherwise. In the former case, when security risk associated with each version is endogenously determined by consumption choices, strategic interactions between the vendor and consumers may cause a higher tier consumer segment to prefer a lower inherent quality product. Relative to on-premises benchmarks, we find that software diversification leads to lower average security losses for users when patching costs are high. However, when patching costs are low, surprisingly, average security losses can increase as a result of SaaS offerings and lead to lower consumer surplus. We also investigate the vendor’s security investment decision and establish that, as the market becomes riskier, the vendor tends to increase investments in an on-premises version and decrease investments in a SaaS version. On the other hand, in low security-loss environments, we find that SaaS is optimally targeted to a lower tier of the consumer market, average security losses decrease, and consumer surplus increases as a result. Security investments increase for both software versions as risk increases in these environments