Managing the outsourcing of information security processes: the 'cloud' solution

Information security processes and systems are relevant for any organization and involve medium-to-high investment; however, the current economic downturn is causing a dramatic reduction in spending on Information Technology (IT). Cloud computing (i.e., externalization of one or more IT services) might be a solution for organizations keen to maintain a good level of security. In this paper we discuss whether cloud computing is a valid alternative to in-house security processes and systems drawing on four mini-case studies of higher education institutions in New England, US. Our findings show that the organization’s IT spending capacity affects the choice to move to the cloud; however, the perceived security of the cloud and the perceived in-house capacity to provide high quality IT (and security) services moderate this relationship. Moreover, other variables such as (low) quality of technical support, relatively incomplete contracts, poor defined Service License Agreements (SLA), and ambiguities over data ownership affect the choice to outsource IT (and security) using the cloud. We suggest that, while cloud computing could be a useful means of IT outsourcing, there needs to be a number of changes and improvements to how the service is currently delivered

Three Issues Concerning Relevance in IS Research: Epistemology, Audience, and Method

Academic concerns about making research into the design, construction and use of information systems (IS) more relevant to practice is a persistent theme in the IS literature and in recent ISWorld discussions. This essay addresses three questions implicit in this discussion: Is there an agreed upon epistemology underlying IS research? To whom should IS be relevant or alternatively what ends should this research serve? Does the choice of research method contribute to the creation of relevant IS research? These questions are explored from the perspective on an unrepentant idealist

Policy to Avoid a Privacy Disaster

This paper argues that in the current data-rich environment, organizations need formal policies for privacy as a way to avoid “privacy disasters”. Privacy disasters can occur when a company uses consumer data in a way that is legal, but violates public norms for acceptable use. The paper uses a case study to illustrate the elements that often characterize privacy disasters, and describes the principles and processes that can serve as the basis of a privacy policy capable of helping organizations avoid these negative events. The paper also highlights the implications of big data for privacy policy

Top Management Support: Mantra or Necessity?

This research provides evidence that top management support is the most important critical success factor for project success and is not simply one of many factors. The finding is justified in the context of the project management literature and the IS factor research on project success. There are implications for practice because it appears that the conventional technical and project management advice has less impact on project success than previously thought. Boards and top managers may have to personally accept that they have more influence on whether a project succeeds or fails.13 page(s

Understanding the Enabling Design of IT Risk Management Processes

Although managing information technology (IT) risks is widely regarded as a critical in organizations, stakeholders often question the value provided by IT risk management (IT-RM) to an organization. Organizational research suggests the concept of ‘enabling formalization’ to design highly formalized organizational processes. Processes like IT-RM that are designed in an enabling way support organizational members through flexible guidelines that communicate best practices and empower them in resolving surprises and crises during process execution. It remains unclear, however, how organizations can implement enabling IT-RM processes. We conduct an exploratory study and identify four design decisions for IT-RM. We identify different solutions to these IT-RM design decisions and provide empirical evidence as to how these solutions facilitate enabling process design. Our results suggest that organizations need to balance rewarding and punishment-centered strategies in designing IT-RM to change it from an ineffective, costly, and detrimental endeavor into an enabling organizational process

Towards a Service-Oriented Enterprise: The Design of a Cloud Business Integration Platform in a Medium-Sized Manufacturing Enterprise

This case study research followed the two-year transition of a medium-sized manufacturing firm towards a service-oriented enterprise. A service-oriented enterprise is an emerging architecture of the firm that leverages the paradigm of services computing to integrate the capabilities of the firm with the complementary competencies of business partners to offer customers with value-added products and services. Design science research in information systems was employed to pursue the primary design of a cloud business integration platform to enable the secondary design of multi-enterprise business processes to enable the dynamic and effective integration of business partner capabilities with those of the enterprise. The results from the study received industry acclaim for the designed solutions innovativeness and business results in the case study environment. The research makes contributions to the IT practitioner and scholarly knowledge base by providing insight into key constructs associated with service-oriented design and deployment of a cloud enterprise architecture and cloud intermediation model to achieve business results. The study demonstrated how an outside-in service-oriented architecture adoption pattern and cloud computing model enabled a medium-sized manufacturing enterprise to focus on a comprehensive approach to business partner integration and collaboration. The cloud integration platform has enabled a range of secondary designs that leveraged business services to orchestrate inter-enterprise business processes for choreography into service systems and networks for the purposes of value creation. The study results demonstrated enhanced levels of business process agility enabled by the cloud platform leading to secondary designs of transactional, differentiated, innovative, and improvisational business processes. The study provides a foundation for future scholarly research on the role of cloud integration platforms in enterprise computing and the increased importance of service-oriented secondary designs to exploit cloud platforms for sustained business performance