Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification

The past decade has seen an increasing interest in IT outsourcing as it promises companies many economic benefits. In recent years, IT paradigms, such as Software-as-a-Service or Cloud Computing using third-party services, are increasingly adopted. Current studies show that IT security and data privacy are the dominant factors affecting the perceived risk of IT outsourcing. Therefore, we explicitly focus on determining the technological risks related to IT security and quality of service characteristics associated with IT outsourcing. We conducted an extensive literature review, and thoroughly document the process in order to reach high validity and reliability. 149 papers have been evaluated based on a review of the whole content and out of the finally relevant 68 papers, we extracted 757 risk items. Using a successive refinement approach, which involved reduction of similar items and iterative re-grouping, we establish a taxonomy with nine risk categories for the final 70 technological risk items. Moreover, we describe how the taxonomy can be used to support the first two phases of the IT risk management process: risk identification and quantification. Therefore, for each item, we give parameters relevant for using them in an existing mathematical risk quantification model

Identification and ranking of relevant criteria for the selection of Software as a Service

Software as a Service (SaaS) is a model for the provision of application software that allows them to be seen as a service rather than a product. A main challenge for organizations is to understand which applications in their portfolio are more appropriate to deploy in this way. This paper proposes an approach based on the Delphi method to identify and rank the relevant criteria for the selection of applications. The results show that the Delphi method is a flexible tool that allows the expansion of knowledge, by identifying relevant criteria to the problem not foreseen by the researcher, and by providing a ranking of importance of those criteria.info:eu-repo/semantics/acceptedVersio

Selection Criteria for Software as a Service: An Explorative Analysis of Provider Requirements

Currently, customers can choose among many Cloud providers for enterprise systems. The provider selection involves several challenges to match individual customer requirements and provided service characteristics. Unfortunately, this process is not transparent and characterized by the lack of appropriate selection criteria. Research is mainly concentrated on capabilities and success factors on the customer side. A set of Cloud provider requirements from a customer perspective, especially within the context of an adoption of on-demand enterprise systems, have barely been discussed so far. In this paper we present a set of selection criteria for Software as a Service (SaaS). These criteria are developed to enable a Cloud provider comparison and match the customer requirements with the provider characteristics. We followed a design science approach and conducted a systematic literature review, an extensive market analysis of 651 providers and an evaluation based on expert interviews to develop the presented selection criteria

TAXONOMY OF TECHNOLOGICAL IT OUTSOURCING RISKS: SUPPORT FOR RISK IDENTIFICATION AND QUANTIFICATION

The past decade has seen an increasing interest in IT outsourcing as it promises companies many economic benefits. In recent years, IT paradigms, such as Software-as-a-Service or Cloud Computing using third-party services, are increasingly adopted. Current studies show that IT security and data privacy are the dominant factors affecting the perceived risk of IT outsourcing. Therefore, we explicitly focus on determining the technological risks related to IT security and quality of service characteristics associated with IT outsourcing. We conducted an extensive literature review, and thoroughly document the process in order to reach high validity and reliability. 149 papers have been evaluated based on a review of the whole content and out of the finally relevant 68 papers, we extracted 757 risk items. Using a successive refinement approach, which involved reduction of similar items and iterative re-grouping, we establish a taxonomy with nine risk categories for the final 70 technological risk items. Moreover, we describe how the taxonomy can be used to support the first two phases of the IT risk management process: risk identification and quantification. Therefore, for each item, we give parameters relevant for using them in an existing mathematical risk quantification mode

Uma abordagem Delphi e AHP para selecção de aplicações a disponibilizar em modelo SaaS

O Software as a Service (SaaS) é um modelo integrado no paradigma de computação em nuvem, que se distingue do modelo convencional, por permitir que as aplicações deixem de ser encaradas como um produto, passando a ser tratadas como um serviço. Um dos desafios para as organizações é compreender, quais das aplicações do seu portfólio são adequadas para este novo modelo, e, delinear uma estratégia de disponibilização dessas aplicações nesse modelo, de forma a implementar as que trazem mais benefícios. Este trabalho propõe uma abordagem estruturada, combinando o método Delphi com o Método de Análise Hierárquica (AHP) para solucionar o problema. O Delphi permite, através de um processo iterativo e anónimo obter o consenso relativamente a uma questão de investigação enquanto que o AHP é um método de apoio à decisão que permite decompor um problema numa estrutura hierárquica reduzindo uma decisão complexa a uma série de comparações. A utilização de uma ronda inicial semi-estruturada para iniciar o Delphi e a triagem de critérios na ligação do Delphi com o AHP são aspectos inovadores usados nesta abordagem integrada. Todos os pontos críticos do desenho do método são criteriosamente justificados. O método foi aplicado no cenário de uma organização do mercado segurador, analisando quatro aplicações do seu portfólio, demonstrando ser uma ferramenta de apoio à decisão estruturada, fácil de executar, flexível e que permite aos decisores explorar de forma sistemática os factores que pesam na decisão. A aplicação do método é fundamentada usando múltiplas métricas, demonstrando que os resultados obtidos por este método são válidos.Software as a Service (SaaS) is an application delivery model integrated in the cloud computing paradigm, which differs from the traditional model, by allowing applications to be seen as a service, instead of a product. The main challenge for organizations is to understand which applications from their portfolio are suitable for this model, and outline a strategy for the provision of these applications in this model in order to implement those who deliver more benefits. This work proposes a structured approach, combining the Delphi method with the Analytic Hierarchy Process (AHP) to solve the problem. The Delphi method allows, through an iterative and anonymous process, to reach consensus regarding a research question while the AHP is a decision support method that allows to decompose a problem into a hierarchical structure, reducing a complex decision to series of simple comparisons. Novel aspects of this approach include the use of a semi-structured round to initiate the Delphi method and a criteria screening strategy in Delphi AHP integration step. All critical points of the method design are carefully justified and the method validation is carried out using multiple metrics. The proposed method is applied to a scenario of an insurance industry organization, analyzing four applications of its portfolio. The analysis of the results show that the method is a structured, easy to implement and flexible tool to support decision, that allows decision makers to explore the factors around the problem

Essays on antecedents and consequences of cloud computing capabilities in organizations: an empirical analysis of field data

Cloud computing is widely recognized as a potential disruptive paradigm that changes how IT is consumed and business is conducted in various industries. Managerial and academic literature has shown that cloud computing may benefit firms in various ways such as cost savings, fast project development, and business innovation. Nevertheless, there are many different interpretations and perceptions of cloud computing about how to better prepare for and use it in the information systems (IS) literature. A systematic analysis is necessary to clarify the equivocal issues around cloud computing and guide managers to better understand and utilize cloud computing in practice. This dissertation addresses several important relationships around cloud computing using theoretical models and empirical data as a representation of how the questions about cloud computing may be investigated in the IS literature and how the findings may benefit organizations in using cloud computing. Therefore, the dissertation comprises three connected chapters that address one important antecedent of cloud computing adoption – internal IT modularity within firms and two important consequences – firm performance and strategic alliance formation. It is found that in order to better prepare for cloud computing adoption, firm users can do something themselves by modularizing their internal IT systems. Firms also need to know whether and how cloud computing, after all, can benefit their firm performance or other activities such as strategic alliance formation. The findings show that cloud computing overall and its various specific cloud services may promote firm performance directly or complementarily with internal enterprise resources. Cloud computing and its specific cloud services may also exert different effects on strategic alliance formation. This dissertation systematically addresses the issues around cloud computing in the IS literature and sheds lights on how such a study can be applied to help managers and decision makers in industries to better understand and use cloud computing to achieve their business goals

Modelo de interoperabilidad para plataformas de cloud computing basado en tecnologías del conocimiento

La Internet de los servicios ha ido modificando la Web desde un mero repositorio de información hasta convertirse en una plataforma para servicios y transacciones donde las organizaciones ofertan servicios de todo tipo, incrementando sus procesos de negocio exponiéndolos a través de la Web. Unido a esta transformación surgen nuevos paradigmas, como el Software-as-a-Service y el Cloud Computing, cuyos modelos se adaptan a esta nueva concepción y prometen crear nuevos niveles de eficiencia mediante la compartición de funcionalidades y recursos a gran escala. Con todo ello, las tecnologías relacionadas con el Cloud Computing han ido incrementando su presencia e importancia en el mundo de las tecnologías de la información y han evolucionado hasta convertirse en un conjunto maduro de innovaciones tecnológicas capaces de proporcionar una sólida infraestructura para el paradigma SaaS. El Cloud Computing y el SaaS abren las puertas a economías de gran escala y también a nuevos horizontes pero se encuentran con un importante número de retos que afrontar entre los que se encuentran: La falta de modelos contrastados para determinar bajo qué condiciones es rentable para las organizaciones el proceso de migración hacia estos modelos. La falta de métodos probados (por ejemplo, guías de arquitecturas) para facilitar dicha migración. La falta de métodos de integración a diferentes niveles, hecho que dificulta el proceso de desarrollo y entrega de un software capaz de comunicarse con otros elementos de la plataforma cloud, perdiendo una de sus características más importantes. Relacionado con el último aspecto comentado se encuentra el concepto de la interoperabilidad. La interoperabilidad siempre se ha considerado como una de las asignaturas pendientes de los sistemas de información, ya que la heterogeneidad de los sistemas eleva la complejidad de los medios necesarios para alcanzarla. Este problema se está acrecentando con la creciente proliferación de sistemas de información construidos de forma independiente que dificultan o impiden los intercambios de información entre ellos. Debido a esto se pierde una de las propiedades más interesantes de los sistemas de computación en nube pero además se limita el avance hacia la posibilidad de un mundo completamente interoperable donde el acceso a la información sería prácticamente infinito. El problema de la interoperabilidad se ha afrontado desde diversas perspectivas, pero resultan especialmente interesantes los enfoques realizados por las tecnologías semánticas, donde alcanzar la interoperabilidad a distintos niveles es históricamente uno de sus objetivos principales. La Web Semántica fue concebida principalmente para solucionar los problemas de sobrecarga y heterogeneidad de los datos en la Web, hecho que trae como consecuencia la ausencia de interoperabilidad. Su enfoque es el de añadir semántica a los datos de manera que las máquinas sean capaces de procesarlos, razonar con ellos, combinarlos y realizar deducciones lógicas de manera muy similar a como lo haría un ser humano, proporcionando para ello una serie de herramientas útiles. Dentro de este ámbito, esta tesis doctoral reúne los conceptos más relevantes y emergentes en la actualidad como Cloud Computing, SaaS, tecnologías semánticas, modelado de procesos de negocio, interoperabilidad entre sistemas, etc. El objetivo es fomentar la evolución de nuevas plataformas orientadas en torno a la interoperabilidad y la reducción de costes que puede suponer un impacto significativo en la industria. La investigación realizada, toma estas tecnologías y paradigmas como base para poder definir un estándar o lenguaje común que permita la interoperabilidad entre aplicaciones dentro de un entorno de Cloud Computing. Con esto se consigue dar un paso importante en las áreas de las tecnologías mencionadas, suponiendo un enfoque claramente innovador y cuyos resultados resultarán de gran relevancia dentro del ámbito de los sistemas de información. Por todo ello, la solución enmarcada dentro de esta tesis doctoral está orientada al diseño de un lenguaje semántico basado en ontologías y de un sistema global que trabaja a su alrededor capaz de capturar el conocimiento de las aplicaciones alojadas en una estructura de Cloud Computing habilitando la realización de procesos de intercambio de información entre aplicaciones heterogéneas de forma automática. Esta tesis doctoral plantea, por tanto, la combinación del Cloud Computing y la Semántica para afrontar el problema de la interoperabilidad a nivel de aplicación. Este enfoque no se encuentra extendido en la actualidad debido a la “reciente” explosión de los sistemas cloud, pero los beneficios que pueden aportarse mutuamente suponen una gran motivación para trabajar e investigar en profundidad sobre ello. La metodología de investigación seguida en esta tesis doctoral para alcanzar los objetivos y demostrar las hipótesis planteadas ha consistido en: Estudio del estado de arte. Mediante el estudio de los trabajos relacionados se pueden conocer los métodos y tecnologías necesarios para alcanzar los objetivos planteados. Este estudio se ha dividido en cinco bloques principales: o Cloud Computing. o Web Semántica. o Servicios Web. o Servicios Web Semánticos. o Interoperabilidad. Análisis de los aspectos más representativos de la literatura. El análisis de los diferentes conceptos tratados en el estado del arte, permite realizar una toma de decisiones correcta y sólidamente fundamentada para utilizar las tecnologías y herramientas más adecuadas al problema. Presentación de una primera aproximación de la solución. Esta etapa permitirá sentar las bases y requisitos que se deben cumplir para cubrir los objetivos propuestos. Esta parte de la investigación emplea las conclusiones extraídas del análisis previo y permitirá concluir la viabilidad de la investigación y también si las herramientas seleccionadas son suficientes para alcanzar la solución deseada. Diseño final de la solución. En esta fase se concluye el proceso de diseño. Todos los requisitos han de quedar cubiertos y debe presentar un nivel de detalle suficiente para poder comenzar la implementación del entorno para su validación. Implementación del lenguaje y configuración de la plataforma de Cloud Computing. Esta fase marca el inicio de la validación que permitirá comprobar que el diseño cumple con los objetivos marcados y que se encuentra en la línea de las hipótesis propuestas. La configuración de la plataforma de computación en nube permitirá evaluar y validar la investigación en un entorno real. Validación. En esta fase se comprueba que toda la funcionalidad diseñada y desarrollada permite representar el conocimiento relativo al problema y la interoperabilidad de las aplicaciones en la nube sin necesidad de intervención por parte del usuario. Evaluación de hipótesis y análisis de resultados. Tras validar las hipótesis propuestas, se analizan los resultados para extraer las consiguientes conclusiones de toda la investigación realizada. Documentación. La tarea de documentación se ha llevado a cabo a lo largo de todo el proceso de elaboración de la presente tesis doctoral. En las primeras fases, la tarea de documentación registra los resultados del estudio del estado del arte y del análisis del problema. Durante el desarrollo de las siguientes etapas, se documentaron las características del diseño realizado y los aspectos relevantes del sistema global. En la fase de validación, se han documentado los resultados de los procedimientos de validación seguidos. Finalmente se redactó la documentación definitiva que constituye la presente memoria, incluyendo las conclusiones extraídas de cada uno de los aspectos relativos a la tesis doctoral, a partir de la documentación generada a lo largo de las distintas fases. La evaluación del lenguaje y del sistema global en el que se enmarca, ha probado la viabilidad de la solución presentada para alcanzar la interoperabilidad entre aplicaciones heterogéneas a nivel de datos en entornos de computación en nube de manera automática. Gracias a la acción conjunta de todos los componentes integrantes de la arquitectura diseñada se han conseguido resultados satisfactorios en procesos de intercambio de información entre aplicaciones situadas en una misma estructura de Cloud Computing. El proceso de validación ha permitido además demostrar cada una de las hipótesis planteadas por la investigación. Por todo ello es posible afirmar que se han alcanzado los objetivos planteados por la tesis doctoral, resultando finalmente en un gran éxito y una contribución de relevancia en los diferentes ámbitos estudiados. Además, las conclusiones extraídas de la totalidad de la investigación permiten extrapolar aspectos teóricos a otros medios y abrir nuevas líneas de investigación destinadas a contribuir a la consecución de entornos interoperables que permitan un mejor y más eficaz aprovechamiento de la información existente. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------The Internet of services has altered the Web from a simple repository of information to become a services and transactions platform where organizations offer different kinds of services, increasing their business processes through the Web. With this transformation, new paradigm mergers have occurred, such as Cloud Computing and Software-as-a-Service, whose models are adapted to this new conception and promise the creation of new levels of efficiency through large scale sharing of functionalities and resources. With all of this, Cloud Computing related technologies have increased their presence and importance in the world of information technologies and have evolved to become a mature set of technological innovations able to provide a strong infrastructure for the SaaS paradigm. Cloud Computing and Software-as-a-Service open the doors to large scale economies and new horizons, but they have to face an important number of challenges, among which we can find the following: The lack of trusted models in order to determine the conditions under which it would be worthwhile for the organization to start a process of migration to these kinds of models. The lack of tested methods (for example, architecture guides) that would facilitate a potential migration. The lack of integration methods at different levels. This complicates the development and delivery processes of software that is able to communicate with other elements in the cloud platform, therefore causing to lose one of its most important features. In dealing with this last aspect, it is possible to find the concept of interoperability. Interoperability has always been considered as one of the major challenges in information systems given that the heterogeneity of systems raises the complexity of the necessary methods to achieve it. This problem is growing with the increasing proliferation of independent-built information systems, which obstruct or impede the information exchange between them. Due to this, one of the most interesting properties of Cloud Computing systems is missing and, furthermore, it is restricting the progress towards the possibility of a completely interoperable world where the access to information would be nearly infinite. The problem of interoperability has been faced from different perspectives, however the ones based on semantic technologies, where reaching interoperability is historically one of their major goals, are especially interesting. The Semantic Web was conceived for in order to solve the problems of data overloading and heterogeneity in the Web, which causes the absence of interoperability among other features. The approach of Semantic Web is to add semantic to the data enabling the machine´s capability to process, reason, combine and make logical deductions with them in a similar way than a human will do, providing a set of useful tools. Within this field, this doctoral thesis brings together the current most relevant and rising concepts like Cloud Computing, SaaS, semantic technologies, business process modeling, systems interoperability, etc. The goal is to encourage the evolution of new platforms oriented towards interoperability and cost reduction, which can have a significant impact in the industry. The research accomplished takes these technologies and paradigms as a base for the definition of a standard or common language that allows the interoperability between applications hosted in the same Cloud Computing environment. With this, it is possible to take a big step forward in the technology areas previously mentioned, creating a clearly innovative approach with results that will obtain great significance in the world of information systems. With the information mentioned, the solution framed within this doctoral thesis is oriented towards the design of a semantic language ontology-based and of a global system that works around it, able to capture the knowledge of the applications hosted in a Cloud Computing structure, setting up the development of information exchange processes between heterogeneous applications in an automatic manner. Therefore, this thesis proposes the combination of Cloud Computing and Semantics in order to tackle the problem of interoperability at application level. Currently this approach is not widespread due to the “recent” explosion of cloud systems, but the benefits that they can mutually provide translate into a great motivation for working and deeply researching in this field. The research methodology followed during this doctoral thesis in order to achieve the goals and provide the formulated hypothesis consists of: State of the art study. Through the study of related works, it is possible to know the methods and technologies necessary to achieve the outlined goals. This study is divided in five main categories: o Cloud Computing. o Semantic Web. o Web Services. o Semantic Web Services. o Interoperability. Analysis of the Literature’s most representative aspects. The analysis of the different concepts addressed in the state of the art, allows performing a correct and strongly supported decision process to utilize the most appropriate technologies and tools for the problem being solved. First approach of the solution. This stage allows for the layout of the foundations and requirements that have to be fulfilled in order to reach the proposed objectives. This researching phase makes use of the conclusions extracted from the previous analysis and allows to determine the viability of the researching as well as checking whether the selected tools are good enough to achieve the desired solution. Final design of the solution. In this phase the design process concludes. The whole set of requirements have to be fulfilled and it must be detailed enough to be able to start the implementation of the environment for its validation. Language implementation and configuration of Cloud Computing platform. This stage indicates the beginning of the validation process which will allow the testing of whether the design meets the objectives and is aligned with the proposed hypothesis. The configuration of the Cloud Computing platform will enable evaluating and validating the researching in a real environment. Validation. The whole designed and developed functionality is tested within this phase in order to ensure that the problem is correctly represented and the system is able to perform the different tasks to accomplish automatic interoperability. Hypothesis evaluation and analysis of results. After validating the proposed hypothesis, results are analyzed to extract the necessary conclusions related to the implemented research. Documentation. This task has been developed throughout the whole process of this doctoral thesis preparation. In the first stages, the documentation registers the results obtained from the state of the art study and the analysis of the problem. During the following phases, all the features of the developed design and the relevant aspects from the global system were documented. Within the validation phase, the results of the performed procedures have been written. Lastly, the definitive statement that makes this document was composed, including the conclusions extracted from each of the aspects relative to this doctoral thesis, arising from the documentation generated along the different phases. The evaluation of the language, and the global system where it is framed, has proved the viability of the proposed solution, achieving automatic interoperability of heterogeneous applications at data level in Cloud Computing environments. Thanks to the joint action of all components forming the designed architecture, this research provided satisfactory results in the information exchange processes between applications hosted in the same Cloud Computing infrastructure. Moreover, the validation process has allowed for the demonstration of each of the hypotheses proposed by the research. By the information contained herein, it is possible to affirm that all the objectives exposed in this doctoral thesis have been accomplished, resulting in a great success and a relevant contribution to the different areas analyzed. Furthermore, the conclusions extracted from the whole research allow for the extrapolation of some theoretical aspects to other environments, as well as open new research lines that contribute to the achievement of interoperable environments that are able to provide a better and more efficient use of the vast volume of existing information