Supply Chain Resource Planning Systems: A Scenario of Future Enterprise Systems

To envisage possible future enterprise systems, we describe four scenarios that all respond to the increasing need for better supply chain-wide coordination of resource allocation decisions. We use two drivers to derive these scenarios; namely “normal form of providing corporate computing resources” and “stance of regulators towards explicit forms of industry-wide coordination”, the latter of which includes cooperation among competitors. While three of our scenarios are familiar to contemporary readers, the fourth, supply chain resource planning (SCRP) systems, marks a radical break with current practice. We describe the operating principle of SCRP systems and discuss possible governance structures for organizations supporting SCRP systems. We hope to encourage discussion about the future of enterprise systems that moves beyond extrapolating past and current trends. The paper concludes by outlining four areas for promising future research

Security Strategies for Hosting Sensitive Information in the Commercial Cloud

IT experts often struggle to find strategies to secure data on the cloud. Although current security standards might provide cloud compliance, they fail to offer guarantees of security assurance. The purpose of this qualitative case study was to explore the strategies used by IT security managers to host sensitive information in the commercial cloud. The study\u27s population consisted of information security managers from a government agency in the eastern region of the United States. The routine active theory, developed by Cohen and Felson, was used as the conceptual framework for the study. The data collection process included IT security manager interviews (n = 7), organizational documents and procedures (n = 14), and direct observation of a training meeting (n = 35). Data collection from organizational data and observational data were summarized. Coding from the interviews and member checking were triangulated with organizational documents and observational data/field notes to produce major and minor themes. Through methodological triangulation, 5 major themes emerged from the data analysis: avoiding social engineering vulnerabilities, avoiding weak encryption, maintaining customer trust, training to create a cloud security culture, and developing sufficient policies. The findings of this study may benefit information security managers by enhancing their information security practices to better protect their organization\u27s information that is stored in the commercial cloud. Improved information security practices may contribute to social change by providing by proving customers a lesser amount of risk of having their identity or data stolen from internal and external thieve

Development and Evaluation of a Holistic Framework and Maturity Assessment Tools for Data Governance in Cloud Computing Environments

Cloud computing is an emerging technology that is changing the way that public sector organisations consume Information and Communication Technology (ICT) in different countries. The adoption rate of cloud computing services is still very low to none in many countries. Saudi Arabia, for instance, despite their huge investments in the Digital Transformation, as part of the recent Vision 2030, the loss of governance and control of data is one of their major barriers facing the adoption of cloud computing services. Cloud Data Governance, is not only a Saudi concern, it is actually a worldwide challenge, which is under researched and mostly not practiced. This research attempted, for the first time to unlock this challenge in Saudi Arabia, more specifically, for the Public Sector, by advancing research in this field and proposing means by which Cloud Data Governance programmes can be implemented. In this research, existing data governance frameworks were analysed – these frameworks were limited as they lacked consideration of the cloud computing perspective. Hence, the purpose of this research is to develop a generalised Strategy Framework that can be utilised to design, deploy and sustain an effective cloud data governance programme; it also aims to provide knowledge for organisations that wish to apply a cloud data governance programme, to empower them to control their data in cloud environments. Understanding data governance taxonomy and its key dimensions for non-cloud and cloud computing was an important step in developing the proposed Framework. To support the development of the proposed Framework, the Analytic Theory and concept of Critical Success Factors (CSFs) were adopted. The Framework includes a number of complex operations, therefore, to ensure an effective Cloud Data Governance programme, organisations need to have means by which they can assess their current state and define their requirements. To facilitate this, a Maturity Model was proposed together with an Assessment Matrix. The proposed Framework and Maturity Model alongside the Assessment Matrix, were then validated and evaluated for the Public Sector in Saudi Arabia, as a Case Study. Mixed research methods, Qualitative and Quantitative, were adopted for this purpose, where the State of the Art of cloud adoption, data governance and cloud data governance, in the Saudi Public Sector were all analysed. Moreover, a number of Barriers and Critical Success Factors were identified for the case study. For validation purposes, the Focus Group approach was adopted, with appropriate representations from the Saudi Public Sector. The Structural Equation Modelling was adopted for the evaluation of the proposed Framework, using quantitative results from the questionnaire. The Evaluation of the Assessment Matrix was done by developing a Tool, which allows organisations to identify their levels of maturity for cloud data governance programmes, and define requirements for target levels

Data Risks in the Cloud

Cloudsourcing involves considerably greater risks to data than do insourcing or conventional outsourcing. A generic data risk assessment identifies key concerns in relation to harm arising from threats impinging on vulnerabilities in the cloud. Guidance

Data Risks in the Cloud

Cloudsourcing involves considerably greater risks to data than do insourcing or conventional outsourcing. A generic data risk assessment identifies key concerns in relation to harm arising from threats impinging on vulnerabilities in the cloud. Guidance is provided as to appropriate safeguards to address those risks. Most services lack those safeguards, implying that individuals and user organisations need to be far more careful in their use of cloud services