MBA VII
Master of Business Administration Program 2010-2012
Maastricht School of Management
Cloud Computing over SMEs Suriname;
The Usefulness,
The role of Perceived Privacy Risk, Trusting beliefs,
Privacy Risk Mitigating Interventions and Trust-Building Interventions.
By:
Robert S. Samiran Suriname 2013
Supervised by:
Prof. Dragan A. Nikolik, PhD.
This paper was submitted in partial fulfillment of the requirements for the Master of Business Administration (MBA) degree at the Maastricht School of Management (MSM), Maastricht, the Netherlands, May 2013.
<This page intentionally left blank>
ACKNOWLEDGEMENTS
First I would like to express my appreciation to my supervisor Prof. D. Nikolik whom helped me throughout this research.
Next, I would like to express my gratitude to all the people that have read my work in an early stage or have discussed this research with me.
Furthermore, I would also like to thank all people participate in the interview.
Last but certainly not least, I would like to offer my gratitude to my wife Jane and son Donovan, who gave me all the understanding during the complete course of this study. I would not have been able to complete this study without their unconditional support and encouragement. I feel extremely fortunate to have had this kind of infinite support especially during the last months of this study.
ABSTRACT
Cloud computing (cloud) is an upcoming networked technology which is improving the traditional paradigms of Information Communication Technology (ICT) systems. Its presence has become one of the dominant discussion topic in the area of information technology. Cloud computing offers numerous benefits include minimizing or eliminating upfront investment on infrastructure and ongoing maintenance. In addition cloud offers better performance and reliability enabling SMEs to encourage innovation and enhance their competitiveness. Despite the numerous benefits and opportunities, as with any technology acceptance, there are still much ambiguities and vagueness surrounding cloud computing.
The objective of this research is to study the role of perceived privacy risks, trusting beliefs, privacy risks mitigating interventions and trust-building interventions in the determination of the usefulness of cloud computing by the Surinamese SMEs. Privacy risks concerns and trusting beliefs are
considered as the main barriers for adopting cloud computing. Researchers proposed several options of privacy risk mitigating interventions such as Privacy Enhancing Technology (PET), and trust- building interventions, such as standardization, certification and service level agreement to reduce privacy concerns and to build trust.
Objective is achieved by conducting a literature review. Two research questions are formulated and a conceptual research model based on the Technology Acceptance Model (TAM) is constructed from which four hypotheses are formulated that cover the influence of trusting beliefs and privacy risks concern on the perceived usefulness, and the trust-building interventions and privacy risk reducing interventions. A structured interview is conducted and after the validity of the gathered data are determined, the structural paths in the research model are tested for the hypotheses test, by applying regression analyses using Hayes path analysis-based moderation and mediation
computational tool for SPSS.
Keywords: Cloud computing, Surinamese SMEs, Privacy, Trust, Usefulness, Privacy Risk Mitigating Interventions, Trust-building intervention, TAM, Moderating effect, Mediating effect.
ABBREVIATIONS
Cloud Cloud Computing
HIPAA Health Insurance Portability and Accountability Act IT Information Technology
ICT Information Communication Technology NIST National Institute of Standards and Technology
OS Operating System
PET Privacy-Enhancing Technologies PMI Privacy risk Mitigating Interventions PRC Privacy Risks Concern
SaaS Software as a Service SLAs Service Level Agreements
SMEs Small and Medium Sized Enterprises SPSS Statistical Package for the Social Sciences TAM Technology Acceptance Model
TBI Trust-Building Interventions TRB Trusting Beliefs
LIST OF TABLES
Table 1: Worldwide IT Spending Forecast (Billions of U.S. Dollars) ... 7
Table 2: PET technologies ... 24
Table 3: SMEs Interviewed by Business Sector ... 33
Table 4: Cronbach's alpha results... 41
Table 5: Outcome moderation test ... 43
Table 6: Outcome mediation test ... 45
Table 7: Overview of the outcomes of the hypotheses tests. ... 47
Table 8: Results hypotheses test ... 51
LIST OF FIGURES
Figure 1: Research Approach ... 4Figure 2: NIST Cloud definition ... 10
Figure 3: Cloud Service Models ... 10
Figure 4: Gartner Hype Cycle for Cloud Computing, 2011 (Smith D. M., 2011) ... 19
Figure 5: PET staircase: the effectiveness of the different PET options. (Kroon, et al., 2004) ... 23
Figure 6: Conceptual Research Model. ... 27
Figure 7: The Technology Acceptance Model (TAM) (Davis, et al., 1989) ... 28
Figure 8: VSB members per Sector ... 31
Figure 9: SMEs per Business Sector ... 34
Figure 10: Participants per Business Sector ... 34
Figure 11: Conceptual model of a moderator effect ... 42
Figure 12: Statistical model of a moderator effect ... 42
Figure 13:Conceptual model of a mediating effect (source: Hayes & Preacher, 2013) ... 44
Figure 14: Statistical model of a mediating effect (source: Hayes & Preacher, 2013) ... 44
Figure 15: The effect of Perceived privacy risk PRC (X) on moderation regression model ... 48
TABLE OF CONTENT
ACKNOWLEDGEMENTS ... i
ABSTRACT ... ii
ABBREVIATIONS ... iii
LIST OF TABLES ... iv
LIST OF FIGURES ... iv
CHAPTER 1. INTRODUCTION ... 1
1.1 Overview ... 1
1.2 Problem Statement and Research Questions ... 2
1.3 Research Approach ... 4
1.4 Scope and Limitations ... 4
1.5 Thesis Structure... 6
CHAPTER 2. LITERATURE REVIEW ... 7
2.1 Cloud Computing ... 7
2.1.1 A Definition of Cloud Computing. ... 9
2.2.2 Five Essential Characteristics of Cloud Computing ... 10
2.2.3 Three Service Models ... 12
2.2.4 Four Deployment Models ... 14
2.2.5 The Potential Advantage of Cloud Computing for SMEs ... 16
2.2.6 The Dark Side of Cloud Computing ... 17
2.2.7 Gartner’s Hype Cycle for Cloud Computing. ... 18
2.3 Privacy ... 19
2.3.1 The Concept of Privacy... 19
2.4 Trust ... 21
2.4.1 The Concept of Trusting Beliefs ... 22
2.5 Privacy Risk Mitigating and Trust-Building Interventions... 23
2.6 Technology Acceptance Model ... 25
CHAPTER 3. METHODOLOGY ... 26
3.1. The Research Strategy ... 26
3.2. Technology Acceptance Model ... 28
3.3. Privacy ... 28
3.4. Trust ... 29
3.5. Privacy Risks Mediating Interventions and Trust-Building Interventions ... 30
3.6. Data Collection ... 31
CHAPTER 4. DATA ANALYSIS... 33
4.1. Descriptive Outcomes ... 33
4.2. Inferential Outcomes ... 40
4.3. Regression Models ... 48
CHAPTER 5. DISCUSSION AND IMPLICATIONS ... 50
5.1. Discussion on the Descriptive Outcomes ... 50
5.2. Discussion on the Inferential Outcomes ... 51
5.3. Managerial Implications ... 53
CHAPTER 6. CONCLUSION ... 54
6.1. Research Summary ... 54
6.2. Research Contributions ... 55
6.3. Limitations of the Research ... 55
6.4. Suggestions for Further Research ... 566
BIBLIOGRAPHY: ... 577
APPENDIX A: QUESTIONNAIRE ... 644
APPENDIX B: SURVEY DATA ... 699
APPENDIX C: SPSS OUTPUT HYPOTHESIS TESTS ... 823
CHAPTER 1. INTRODUCTION
1.1 Overview
Cloud computing (cloud) is the latest technological development in information technology (IT), originated from the late nineties, and which further has been developed in the next millennium and becoming popular at the end of 2007 (Aymerich, Fenu, & Surcis, 2008);(Binxing, 2010). It refers to the applications delivered as services over the internet, and to the hardware and systems software in the datacenters providing those services (Armbrust, M.; Fox, A.; Griffith, J.; Joseph, A.; Katz, R.; Konwinsky, A.; Lee, G.; Patterson, D.; Rabkin, A.; Stoica, L.; Zaharia, M., 2009).
There are a number of definitions for cloud computing. A commonly accepted definition is the one provided by the United States National Institute of Standards and Technology (NIST). Mell and Grance (2011) from the NIST defined cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. This cloud computing model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
Cloud computing promises numerous technological benefits. The computing power is created from highly centralized and standardized data centers incorporated up to millions of servers, with a considerable economy of scale (Weinhardt, Anandasivam, Blau, & Stößer, 2009); (Buyya, Ranjan, & Calheiros, 2010).
Cloud computing was launched in late 2006 by industry giants like Google and Amazon (Aymerich, et al., 2008). With cloud computing users do not need to worry about the location and the storage of their data, and all these resources can be accessed with a computing or mobile device of their choice at any given time and anywhere so long as internet connection is available (Wyld D. C., 2010). In addition, cloud computing eliminates the need for organizations to setup, maintain and have expensive data centers and dedicated IT staff, particularly where this is not their core business (Yang & Tate, 2009). Wyld D.C. (2009) argues that remote-based email such as Gmail, Yahoo Mail, Hotmail, MSN Mail, or any comparable service, may be the easiest way to explain the basics of how cloud computing works, and mentioned that analysts have pointed to
the fact that our understanding of how cloud computing works can be best understood by means of our own personal use of Google’s Gmail and GoogleApps. Furthermore he stated that e-mail service such as Google’s Gmail, saved user e-mail on a Google server rather than on users own computer hard disk. With this, Gmail opens the possibility for users to access e-mail from any computing device that has an internet browser and an internet connection, which means that everyone with a web-based e-mail account is already taking advantage of cloud computing.
1.2 Problem Statement and Research Questions
New York, August 14, 2012 - Moody's Investors Service upgraded the foreign currency rating of the government of Suriname to Ba3 and changed the prospects from stable economy to positive economy. Suriname's Ba3 rating includes Moody's assessment of the country's robust growth, driven by gold mining, petroleum, and construction sectors. Medium-term growth prospects are further supported by Suriname's potential to attract significant foreign investment in the
extractive industries and offshore oil exploration (Moody's, 2012).
Applewhaite (2006) Deputy Secretary-General of the Caribbean Community (CARICOM) stated at the “Annual general meeting of The Small Business Development Finance Trust” there are some major limitations and challenges that are faced by Small and Medium Sized Enterprises (SMEs) at the CARICOM, include: inadequate business information, communication and ICT infrastructure. SMEs are known to be the silent drivers in the revitalization and development of nation’s economy. They are leading the way for entering new global markets and for innovations in the emerging economic order. While the Surinamese economy is steadily growing, the
Surinamese SMEs are likely unable to take advantage of this growth for reasons like the high costs of IT, lack of IT knowledge and reliable IT infrastructure in their organization. Lamé journalist of “de Ware Tijd”, a local newspaper, reported on August 8, 2012, “Suriname is crying out for IT professionals”. It is generally recognized that today’s businesses cannot be successful without the help of information technology. Cloud fundamentally changed the IT landscape for SMEs, since they often do not have financial or human resources to invest in IT. Cloud replaced traditional software solutions in which businesses are tied to applications that are vendor
specific, limited by user licenses, incur annual license fees, and patches or upgrades, by cloud- based solutions (Hinde & Van Belle, 2012). In addition, from an SME point of view, cloud offers an on-demand computing power at low cost, scalability, device and location independence, rapid
maintenance on infrastructure. Cloud also promises better performance and reliability (Yang &
Tate, 2009) enabling SMEs to enhance their competitiveness and to encourage innovation (Chen, Li, & Li, 2011). When taking these cloud computing advantage into account, what that hinders the Surinamese SMEs to adopt cloud computing?
Research objectives:
This thesis studies the role of perceived privacy risks, trusting beliefs, privacy risks mitigating interventions and trust-building interventions in the determination of the usefulness of cloud computing by the Surinamese SMEs. The findings are useful to owners of SMEs and to IT managers who may consider accepting cloud computing for their businesses, and to IT advisors and those who can find themselves in an advising role on the adoption of cloud computing.
Research questions:
The research is motivated by a desire to understand the roles of perceived privacy risks, trusting beliefs, privacy risks mitigating interventions and trust-building interventions in the
determination of the usefulness of cloud computing by the Surinamese Small and Medium Sized Enterprises. Therefore the following research questions are formulated:
What is the influence of perceived privacy risks and trusting beliefs in the determination of the usefulness of cloud computing by the Surinamese SMEs,
And what is the role of privacy risks mitigating interventions on the relationship between perceived privacy risks and perceived usefulness, and the role of trust-building interventions on the relationship between trusting beliefs and perceived usefulness.
Despite the enormous business opportunity and high expectations, cloud computing has also its disadvantages which makes it a very disputable subject. This research clarifies the roles of perceived privacy risks, trusting beliefs, privacy mitigating interventions and trust-building intervention in the determination of the usefulness of cloud computing by the Surinamese SMEs.
Answering these questions will provide a framework for determining whether cloud computing is a viable technology for the Surinamese SMEs.
1.3 Research Approach
The purpose of this research is to study the role of perceived privacy risks, trusting beliefs, privacy risks mitigating interventions and trust-building interventions in the determination of the usefulness of cloud computing by the Surinamese SMEs. Since cloud computing is still in its early stage of development, the scope of the current literature is still fairly limited, the quantitative research approach was considered most suitable for this exploratory research.
Taking into account the willingness of the participant to participate with the interview, the interview will be focused on SMEs that use IT to support their core business and SMEs that use IT as solution for their customer. The following figure depicts the research method for this thesis.
Figure 1: Research Approach
Number of interviews was conducted to acquire information on the research topic. The survey strategy selected and carried out was through questionnaire comprised of 30 questions regarding various aspects of cloud computing, the demographic information of the SME, usefulness of cloud computing, privacy risk, trust and privacy risk mitigating and trust-building interventions in cloud computing. The questions were inspired by similar research in the field of this subject in Asia, Europe and the United states.
1.4 Scope and Limitations
This thesis is focused mainly on the role of perceived privacy risks, trusting beliefs, privacy risks mitigating interventions and trust-building interventions in the determination of the usefulness of
Problem Recognition
• Problemstatement
• Research Questions Literature Review
• Cloud computing
• Privacy
• Trust
• PET
• Trust-building
• TAM
Research Model
• Technology Acceptance Model
• Conceptual Research Model
Questions list
• Hypothesis
• Questions
Data Collection
• Structured Interviews
• Data Input SPSS20
Analysis
• Multiple Regression Analyzes
• Statistical Model
Conclusions
• Hypotheses
• Research Questions
on informational privacy risks and trusting beliefs. Other risks considerations such as social, security, financial and performance risks are not in the scope of this thesis.
The technical aspects of cloud computing will be mentioned and explained, however there is no research done in this field as it is not in the scope of this thesis. Several academic papers,
research papers and journals has proven the cost savings advantage of cloud computing due to its on-demand service model and decreased of business risk because of the less money that is need to borrow for upfront investment in infrastructure of cloud computing in comparison to the traditional IT solution. Therefore is in this research the influence of the costs saving advantage of cloud computing excluded in the determination of its usefulness.
Various theories have been developed that is being used to test the acceptance, implementation and success of information system (IS) and information technology. The Technology Acceptance Model (TAM) is a very important model to help prediction of successful implementation of new technology. It is a widely used model which has been proved by several studies to successfully predict the behaviors of users’ belief and their intentions and behaviors towards new technology (Alrafi, 2009). Therefore, the Technology Acceptance Model by Davis (1989) was used as basis for in this research.
With regard to privacy and trust, this research focuses on informational privacy and trusting beliefs. Privacy and trust are both complicated subject matters for which there is no standard, or universally accepted definition. Privacy entails from commercial consumer perspective the protection and the appropriate use of the personal information of customers, and complying with their expectations about its use. From organizations perspective, privacy entails the application of laws, regulations, standards and processes by which personal information is managed (Pearson
& Charlesworth, 2009). Some company data elements are considered personal and sensitive (Pearson S. , 2012). Cloud computing is putting information in the hand of a third party. In the context of this research personal information, personal data and company data are most relevant.
Article 17 and 19 of the constitution of Suriname concerning the right to privacy do not explicitly recognized informational privacy.
Trust allows consumers to overcome perceptions of risk and uncertainty, and to engage with the vendor. Trust is a multi-dimensional construct with two inter-related components, trusting beliefs and trusting intentions. Trusting beliefs is perceptions of the competence, benevolence, integrity and predictability of the vendor, while trusting intentions is the willingness to depend
(McKnight, Choudhury, & Kacmar, 2002). McKnight et al. (2002) define initial trust as “trust in an unfamiliar trustee, a relationship in which the actors do not yet have credible, meaningful information about, or affective bonds with, each other”.
This research was only focused on the four trusting beliefs namely; competence, benevolence, integrity and predictability.
Several researchers have proposed deferent models to build online trust and to decrease privacy risks (Friedman, Kahn Jr, & Howe, 2000); (Head & Hassanein, 2002); (Koufaris, et al., 2004);
(Ruiter & Warnier, 2012). Information Communication Technology (ICT) provides solutions to protect users, consumers and citizen’s privacy. The application of ICT to protect privacy is known as Privacy-Enhancing Technologies (PET or PETs). The term PETs consist a range of different technologies to protect sensitive personal data (Koorn, van Gils, ter Hart, Overbeek, &
Tellegen, 2004). This research was focused only on PET as technology to decrease privacy risks and on trust-building interventions such as standards, service level agreements and regulations to build trust.
1.5 Thesis Structure
The remainder of this research project includes five more chapters and the supporting information found in the appendices and is organized as follows:
Chapter two introduces cloud computing in more details by considering its definition and explaining the various characteristics, service models, and deployment models.
The next chapter, Chapter three discusses the research strategy and the survey methodology that are used to collect the data that are required to address the research questions.
Chapter four presents the analysis of the research data and the testing of the research model to answer the research questions.
Chapter five assesses the findings of the descriptive and inferential results and discusses the managerial implications.
Chapter six concludes the research by summarizing the research and presenting its main contribution, followed by assessing the limitations of the study and finally conclude with the suggestions for future research.
CHAPTER 2. LITERATURE REVIEW
This chapter introduces cloud computing in more details starting with a definition of cloud computing, essential characteristics, service model, deployment models, its advantages, and the disadvantages. The following sections elaborate on the terms privacy, trust, TAM approach and privacy risk mitigating interventions such as PET, in order to provide a sufficient theoretical basis for the literature review and for the formulation of the hypotheses.
2.1 Cloud Computing
Nowadays cloud computing has gained enormous public attention and has become one of the dominant discussion topic in the area of Information technology (Plummer & Gartner, 2012).
Van der Meulen & Pettey of Gartner (2012), forecast worldwide IT services spending is to reach
$864 billion in 2012, a 2.3 percent increase from 2011, and the demand for consulting services is expected to remain high due to the complexity of environments for global business and
technology leaders. Gartner analysts said consulting itself is becoming increasingly technology- based with the rise of analytics and big data, having deep implications on the future of consulting services. The leading IT research and advisory group expects enterprise cloud computing
spending on cloud services grow from $91 billion worldwide in 2011 to $109 billion in 2012, and will reach $207 billion by 2016.
Table 1: Worldwide IT Spending Forecast (Billions of U.S. Dollars)
2011 2011 2012 2012 2013 2013
Spending Growth (%) Spending Growth (%) Spending Growth (%)
Computing Hardware 404 7.4 420 3.4 448 6.6
Enterprise Software 269 9.8 281 4.3 301 6.9
IT Services 845 7.7 864 2.3 905 4.8
Telecom Equipment 340 17.5 377 10.8 408 8.3
Telecom Services 1,663 6.0 1,686 1.4 1,725 2.3
All IT 3,523 7.9 3,628 3.0 3,786 4.4
(Source: http://www.gartner.com)
Hinde et al. (2012) revealed in their research “Cloud computing in South African SMMEs” that South African SMEs are adopting cloud computing quite aggressively due to its enormous business opportunities and advantage, and further more researchers confirmed that IT is an
almost inescapable part of the business landscape, and with SMEs traditionally under-resourced, cloud computing offers a viable solution for expanding their current ICT infrastructure. The European Commission (2012) stated in their report that “using the cloud, even the smallest firms can reach out to ever larger markets while governments can make their services more attractive and efficient even while reining in spending”. The attractiveness of cloud from the perspective of an SME is its ability to show SME immediate cost savings, increased productivity, its device and location independency, and improved responsiveness to the business, by incorporating cloud infrastructure as part of their IT strategy (Neves, Marta, Correia, & Neto, 2011).
Cloud technology and its resources are based in centralized data centers, dynamically adjusted and tuned to achieve optimum efficiency and to provide an unparalleled economy of scale. This commercialized driven computing model converts computing power into a public utility like electricity and water supplies, and it is a profound paradigm change for the IT industry and possibly for the whole society (Neves, et al., 2011). Wyld (2009) argued that the basic idea of cloud computing is that computing will become location and device independent, meaning that it increasingly will not matter where information is stored and where computation or processing is taking place. Cloud computing enables computing tasks and information be available anytime, anywhere from any computing device as long as there is access to the Internet.
Cloud computing services and deploying models offers the opportunity for end users (individuals, SMEs and enterprises) to subscribe to pay-as-needed high class solutions at an affordable price and fulfill their operational requirements to access infrastructure, platform, and software over the Internet, without having the need to setup, maintain and owning expensive data centers(Neves, et al., 2011); (Dillon, Wu, & Chang, 2010). Guarantees are offered by the cloud service providers by means of Service Level Agreements (SLAs) (Buyya, Ranjan, & Calheiros, 2010).
Well-known example of cloud computing is Amazon Elastic Compute Cloud (EC2). Amazon EC2 is a web service that provides resizable computing capacity in the cloud. The web interface of Amazon EC2 allows the consumer to obtain and configure capacity with minor friction and offers consumer full control of his or her computing resources. Amazon EC2 reduces the time required to obtain and boot new server instances to a couple of minutes, and allowing customer to adjust scale as it is necessary, while Amazon EC2 only charges for the capacity that is actually used (Velte, Velte, & Elsenpeter, 2010); (Varia & Mathew, 2012).
2.1.1 A Definition of Cloud Computing.
The earliest academic definition of ‘Cloud computing’ appears to be by Prof. Ramnath K.
Chellappa in 1997, an associate professor of economics at University of Texas. Chellappa originally defined cloud computing as “a computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits” (Binxing, 2010); (Giordanelle & Mastroianni, 2010). Many scholars have made an attempt to describe cloud computing in general terms, however, it has been problematic because cloud computing is not a single capability, but instead spans a spectrum of underlying technologies, configuration possibilities, service, and deployment models. Badger et al. (2011) argues that cloud computing is a subject of a great deal of commentary. Nowadays there are more than twenty kinds of definitions of cloud computing and cloud computing definition is still contested. Some authors have provided a definition based on the function of cloud computing, others have given an analytical definition (Vaquero, Merino, Caceres, & Lindner, 2009). Armbrust et al. (2009) published the first widely cited definition of cloud computing, which is also known as the UC Berkeley definition of Armbrust et al.: cloud computing is defined as the application delivered as service over the internet and the physical and logical infrastructure in the datacenter that provide those services. Mark & Lozano (2010) identified cloud computing as on-demand access to virtualized IT resources that are located outside of your own datacenter, accessed over the Web, shared by others, easy to use, and paid for through subscriptions. Vaquero et al. (2009) proposed an encompassing definition of cloud computing after studying twenty two definition of cloud computing. They coined some of the main notions into: “a large pool of easily usable and accessible virtualized resources (such as physical infrastructure, development platforms and or services). All the resources can be dynamically re-configured and adjust to a variable load (scale), allowing also for optimum resource utilization. This pool of resources is typically exploited by a pay-per-use model in which guarantees are offered by the Infrastructure Provider by means of negotiated Service Level Agreements”.
The most commonly accepted definition of cloud computing was published by Mell and Grance from Computer Security Division Information Technology Laboratory National Institute of Standards and Technology (NIST), (Dillon, Wu, & Chang, 2010); (Rhoton, 2011); (Winkler, 2011). Mell and Grance (2011) define cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. Authors give the main
points of view of cloud computing from three perspectives, namely; five essential characteristics, four deployment models, three service models.
In “Cloud computing explained” Rothon (2011) argue that although the definitions of the NIST and Vaquero et al. are not identical, or in some cases even very similar, they are not
contradictory.
For this reason and for the purposes of this research the following definition of Cloud computing as a delivery model for IT services as defined by the NIST was used.
Figure 2: NIST Cloud definition
(Gain from: https://journal.thecsiac.com)
2.2.2 Five Essential Characteristics of Cloud Computing
Mell and Grance (2011) identify the five essential characteristics of cloud computing as; on- demand self-service, broad network access, resource pooling, rapid elasticity, and a measured service that are elaborate below.
Characteristic 1: On-Demand Self-Service
“A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s
provider”.
The advantage of this type of services is the ability to stop using it at any time (Rosenberg, 2011). An example of on-demand self-service is from VMware where consumers (developers) can use the service at their convenience and according to their needs to address various
infrastructure and programming needs such as prototyping and testing.
Characteristic 2: Broad Network Access
“Capabilities are available over the network and accessed through standard mechanisms that promote use by varied thin or thick client platforms (e.g., mobile phones, laptops, and PDAs)”.
Broad Network Access is the most essential characteristic of cloud computing. The main point of this characteristic is that it enables consumers to access computing resources over networks from anywhere and from a wide range of computing devices (Velte, et al., 2010).
Characteristic 3: Resource Pooling
“The provider’s computing resources are pooled to serve multiple consumers using a multi- tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge about the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or
datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines”.
Resource pooling allows multiple consumers use the same set of resources at the same time (Rhoton, 2011).
Characteristic 4: Rapid Elasticity
“Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out, and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time”.
Elasticity-a synonym for dynamic scaling-involves the ability to dynamically change how much resource is consumed in response to how much is needed (Rosenberg, 2011).
Characteristic 5: Measured Service
“Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage,
processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service”.
In pay‐per‐use metered service consumer pays only for the computing resources that are actually use and being able to measure the time of usage. The consumer can track usage and costs and align with specific business requirements (units or functions) for cost accountability. This model of service is analogous to household use of utilities such as electricity and water (Defence Signals Directorate, 2012).
2.2.3 Three Service Models
Next to the five essential characteristics, cloud computing implementations are available in three types of service models namely; Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Figure 3 illustrates the level of functionality offered by the cloud provider. At the top most layer of the pyramid, Application Cloud, software is offer as a service (SaaS).This service model of cloud computing delivers a single application via the browser to various users using a multitenant architecture. The next level below in the pyramid is Platform cloud, Platform as a Service (PaaS). Platform cloud offers development and operating environments as a service. At the bottom of the pyramid is the Infrastructure cloud where Infrastructure is offered as a service (IaaS). The infrastructure cloud provides total flexibility to customers in choosing desktops, servers or network resources. Customers have control over the infrastructure, platform, and software.
Service Model 1: Cloud Infrastructure as a Service (IaaS)
The capability offered to the consumer is provision of processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary
software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components for instance host firewalls (Mell & Grance, 2011). The infrastructure cloud (IaaS), the lowest access point in the cloud computing pool, offers storage, networks, and other fundamental computing resources as a service which can be used by developers and IT organizations to deliver business solutions.
An IaaS provider supplies virtual machine image of several operating system flavors, which can be customized by the developer to run any custom or prepackaged application. The application can run natively on the chosen OS and can be saved for a specific purpose (Rhoton, 2011).
Rather than purchased expensive servers and setting up the data centers, infrastructure cloud helps businesses reducing IT capital expenses (CAPEX) and operational expenses (OPEX) by major proportion. Prime examples of IaaS providers are Amazon Web Services Elastic Compute Cloud (EC2), Microsoft Azure, Rackspace, and GoGrid (Rosenberg, 2011).
Service Model 2: Cloud Platform as a Service (PaaS).
The capability offered to the consumer is to deploy onto the cloud infrastructure consumer created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations (Mell et. al., 2011). Cloud
computing Platform as a Service (PaaS) provides operating environment that includes operating system and application services for coding and deploying applications rapidly and efficiently.
PaaS is identical to SaaS with the exception that, rather than being application delivered over the web, it is a platform for the development or deployment of that application, delivered over the web. With PaaS, developers do not need to install any special system and administration tools on their computer. Well-known examples of PaaS providers include Force.com, Google App
Engine, and Azure from Microsoft. Force.com is Salesforce.com's PaaS capability, where developers use the Apex programming language to create add-on applications that integrate into the main Salesforce application and are hosted on Salesforce.com’s cloud infrastructure
(Rosenberg, 2011).
Service Model 3: Cloud Software as a Service (SaaS).
Software as a Service is the service model in which applications are running on service provider’s cloud infrastructure and directly presented to the customers. The applications are accessible from various client devices through a thin client interface such as a web browser, for example web-based email and, customer relationship management. The costumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings (Mell et. al., 2011).
With the SaaS service model, cloud provider sells an application to customers on license basis, in a “pay-as-needed” model. Customer does not have to do upfront investment in servers or
software development. It was found that Cloud Software as a Service is leading the trends of future deployments by most companies, and in general SMEs (Salleh, Teoh, & Chan, 2012).
Common example of SaaS providers includes Salesforce.com and DeskAway. Salesforce.com, a customer-relationship-management (CRM) application, is the most successful SaaS application used in the enterprise that has run strictly as a cloud application since 1999 (Rosenberg, 2011).
2.2.4 Four Deployment Models
The NIST lists four different types of deployment models to set up the cloud computing services.
These types of clouds which enable the access to the cloud services are private, public,
community, and hybrid cloud. As it is elaborate below, the differences between the deployment models are basically in the way the customer access their services.
Deployment Model 1: Public cloud
The cloud infrastructure is made available by the cloud service provider to the general public or a large industry group and is owned by an organization that sells cloud services.
The public cloud deployment model represents true cloud hosting wherein the cloud services provider makes resources available to various clients or a large industry group over the internet.
This service may be free or on the basis of a pay-per-usage policy. Public cloud is best fit for business which requires managing hosting SaaS applications, utilizing temporary infrastructure for developing and testing applications, and manage applications which are consumed by several
model helps to reduce capital expenditure and operational IT costs. Examples of public clouds vendors include Windows Azure Services Platform, Amazon Elastic Compute Cloud (EC2), IBM's Blue Cloud, Sun Cloud, Flexiscale and Google AppEngine (Winkler, 2011).
Deployment Model 2: Private Cloud
The cloud infrastructure is operated solely for an organization and it may be managed by the organization or a third party. The cloud infrastructure may exist on-premise or off-premise.
The private cloud deployment model does not deliver much in terms of cost efficiency.
It is usually dedicated to take care of the organization data security concerns privacy, and governance control with their own infrastructure. Organizations operating and maintaining a private cloud, has to purchase and manage their own infrastructure, and does not benefit from lower upfront capital costs. The real advantage of private cloud is that the service provider has a vested interest in making the service interface more perfectly matched to the tenant needs (Winkler, 2011). Examples of private cloud vendors include Amazon Virtual Private Cloud, Nippon Telegraph & Telephone (NTT) Communications Private Cloud, Rackspace Private Cloud, Citrix CloudPlatform, Microsoft Private Cloud, and Virtual Computing Environment (VCE), a joint venture between VMWare, EMC and Cisco.
Deployment Model 3: Community cloud
The community cloud involves sharing of computing infrastructure in between organizations from a specific group with common computing concerns, for instance mission, security
requirements, policy, and compliance considerations. This community cloud deployment model helps organizations to further reduce costs as compared to a private cloud, as it is shared by larger group. This model may be managed by the organizations or a third party and may exist on- premise or off-premise. The community cloud has tremendous potential for entities or companies that are subject to identical regulatory, compliance or legal restrictions. For instances, when various government agencies that transact business with each other have their processing collocated in a single facility, they can acquire both saving and increased security in terms of decreasing the amount of traffic that would otherwise need to traverse the internet (Winkler, 2011). Examples of community cloud vendors include the New York Stock Exchange (NYSE) Technologies Capital Markets Community Platform, Siemens IT Solutions and Services community cloud for the media industry and IBM Federal Community Cloud (FCC).
Deployment Model 4: Hybrid Cloud
The cloud infrastructure is a composition of two or more clouds that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability, for instance cloud bursting for load balancing between clouds.
Hybrid cloud can be composed by any combination of the three cloud types; public, private and community cloud. Hybrid Cloud enables organizations to exploit secured applications and data hosting on a private cloud, while they still take advantage of cost benefits by keeping shared data and applications on the public cloud. An example of hybrid cloud would be a website where its core infrastructure is private to the company, but certain components of the website are hosted externally that is, heavily trafficked media such as streaming video or image caching (Winkler, 2011). Microsoft Azure and Force.com are examples of Hybrid Cloud vendors.
2.2.5 The Potential Advantage of Cloud Computing for SMEs
In times of difficult economic climate, organizations are desperately seeking for solutions to save cost, cut cost and increase operational productivity. Cloud computing offers several potential technical and economic benefits and is particularly beneficial for small and medium businesses, where effective and affordable IT tools are critical for helping to become more productive
(Aymerich, et. al., 2008): (Jansen & Grance, 2011). SMEs typically have limited IT departments, staff or budget - but probably none of these at all - so they are not likely to have access to
advanced IT architectures and supporting tools (Neves, et. al., 2011). Cloud enables services to be used without the need to understand its infrastructure (Frantsvog, Seymor, & John, 2012), and brings concepts of economies of scale into the problem of computing, since it allows small and mid-sized businesses to outsource their data-center, and larger companies to get peak loaded capacity without the need of set-up larger in-house data centers (Leavitt, 2009). Diamadi, Dubey, Pleasance and Vora (2011) from McKinsey & Company argued that leveraging cloud solution in a service oriented manner allows SMEs to be more focused on the most important aspects of running their businesses, and allows technology to be simply one of many actors that support the company. Enterprise Management Associates (EMA) (2009) generated a research report with the positive outcomes of cloud computing for SMEs, these benefits include:
Fast deployment: on-demand provisioning of virtual desktops, storage, and applications can be rapidly realized than with physical systems,
Reduced costs: easier desktop management, less maintenance, and cheaper thin clients, endpoint virtualization results in costs reduction,
Redundancy: virtualization of commodity hardware pools allows fast migration of workloads and rapid disaster recovery,
Scalability: dynamic use of pooled resources opens the opportunity to easily increase or decrease workloads, data storage, staff levels, and applications,
Ease of use: cloud computing hides IT complexity, allowing easier use of various, complex computing resources,
Flexible and mobile: network-accessible resources allow users to access business systems from any device such as iPad, smartphone, laptop, or PC, and potentially from anywhere,
Green: centralization of resources decreases power consumption, and virtualization and deploying thin clients are among the most effective ways to reduce power costs.
2.2.6 The Dark Side of Cloud Computing
Cloud computing services can be provided in three types of services namely, SaaS, PaaS and IaaS. Consequently the security differ at each of these service models and all the security risks in internet are inherent in all these services, since cloud computing and web services are running on a network structure (Subashini & Kavitha, 2010); (Jamil & Zaki, 2011); (Gharehchopogh &
Hashemi, 2012). Many promote the numerous benefits of cloud computing (Armbrust M. , et al., 2010); (Rosenberg, 2011) in contrast, many admitted the existence of the grey and dark side of cloud computing include (Brodkin, 2008); (Heiser & Nicolett, 2008) and there is much to be cautious about cloud computing (Kuyoro, Ibikunle, & Awodele, 2011). Suresh and Prasad (2012) argues, while providers promote cloud services as being un-hackable, it is still an attractive target to hackers and questioned what service the customer will receive in case of security breach.
In “Cloud computing Web-Based Applications That Change the Way You Work and Collaborate Online” author Miller (2008) listed the challenge of cloud computing. These challenges include:
Dependence of reliable internet connection - cloud computing is not possible without availability of constant connection to the Internet,
Does not work well with low-speed connections - cloud computing require a lot of bandwidth and is not for slow or broadband-impaired,
Can be slow - Even on a constant and fast connection, web-based applications can sometimes be slower than accessing a similar software program on your desktop PC, because everything about the program, has to be sent back and forth from the client PC to the PC in the cloud,
Features might be limited - many web-based application do not have all the features as traditional software, so it is important to know if the missing features are relevant or not.
Since with cloud the location where the data is store can be anywhere and in any country, government in some country can access data without any notice to owner and without the opportunity for the owner to protest. In addition, organizations processing confidential or high- sensitive information which must be treated with utmost cautious, such as in the healthcare sector where privacy compliance is exceptionally regulated by the HIPAA (Health Insurance Portability and Accountability Act) like in the United States, should be conscious of the weaknesses of cloud if security, privacy and confidentiality is questionable (Gellman, 2009).
2.2.7 Gartner’s Hype Cycle for Cloud Computing.
The Hype Cycle for cloud computing of IT research and advisory firm Gartner is a broad collection of concepts and technologies associated with cloud computing. It determine which facets of cloud computing are still mainly in the hype stage and which technologies are moving towards significant adoption, and which ones are reasonably mature. This Hype Cycle is a commonly used predictive tool beneficial to those interested in the adoption of cloud computing, in particular those who has to make critical decisions about whether, when or what kind of cloud service to adopt. In the below figure Hype Cycle for cloud computing, Gartner estimates the mainstream adoption of cloud computing takes 2 to 5 years, and that cloud computing has passed the phase of Technology Trigger, locating just beyond the Peak of Inflated Expectation, and heading for the Trough of Disillusionment. In this phase of Peak of Inflated Expectation, customers and cloud providers creates exaggerated-enthusiasm and false expectations, but also potential benefits. Customers buy cloud services and surprisingly find out that they do not get the agility and cost saving as promised by cloud computing. This is one of the causes that could drive cloud towards the phase of Trough of Disillusionment.
Figure 4: Gartner Hype Cycle for Cloud Computing, 2011 (Smith D. M., 2011).
2.3 Privacy
The cloud computing model brings many uncertainties with respect to compliance with privacy regulations. There are no clear answers on which privacy regulation requirements is applicable to cloud computing (Ruiter & Warnier, 2012). Organization’s concern of confidential information leakage and loss of privacy in the cloud may become a significant barrier for commonly adoption of cloud services (Pearson & Charlesworth, 2009): (Jansen & Grance, 2011).
The following section elaborates on what privacy means.
2.3.1 The Concept of Privacy
The location from where the cloud service provider delivered the cloud service may have effect on the law applicable to the customer’s data. The actual location of the server which delivered the cloud services may or may not be mentioned in the terms of service.
But even if the location where the data is store is discloses in the terms of service, the provider perhaps may change the location without any notification to the customer, or the same data could be stored across multiple locations or jurisdictions at the same moment. Customer’s information transfer to a cloud provider opens new opportunities for the personal information to end up in government hands without notice to the customer and without the customer having an
opportunity to protest. For many customers, the loss of notification of a government demand for information is a significant decrease in rights (Gellman, 2009); (Breuning & Treacy, 2009).
Privacy is considered to be a fundamental human right recognized in the United Nations Universal Declaration of Human Rights (1948) and further in the European Convention on Human Rights and national constitutions and charters of rights such as the United Kingdom Human Rights Act 1998. Since at least the 1970s the main focus of privacy has been personal information, and particularly concerned with protecting individuals from government
surveillance and databases, potential mandatory disclosure of privacy databases (Cavouikian, 1999); (Pearson & Charlesworth, 2009).
The Dutch Data Protection Authority, DPA (College Bescherming Persoonsgegevens (CBP), 2005) defines in cooperation with Koninklijk Nederlands Instituut van Registeraccountants, (NIVRA) (Royal Dutch Institute of chartered accountants) and Nederlandse Orde van Register EDP-Auditors (NOREA) (Dutch order of registry EDP-Auditors) the concept of privacy, which can be applied into four situations:
1. Physical privacy – refers to – everyone’s right of inviolability of his own body, with the exception by the law determined restrictions;
2. Relational privacy – refers to – the right of confidentiality of mail, telephone, and telegraph, with the exception by the law determined restrictions;
3. Environmental privacy – refers to – the entering of a residence against the will of the occupant, that this is only permitted as determined by the law;
4. Informational privacy – refers to – everyone’s right of respect of a private life, with
exception of lawful restrictions, – the protection of privacy associated with the recording and provisioning of personal information – the prescription regarding the perusal, application and modification of recorded personal information as determined by the law.
As earlier mentioned, in this research the main focus of privacy is on personal information and
2.4 Trust
The lack of consumer trust is commonly perceived as a key in slowing down the adoption of cloud services. Cloud users are suspicious and worried about what happens to their data once it goes into the cloud. They are concerned about who can access it, how it will be duplicated, shared and used, and they feel that they are losing control. (Pearson S. , 2012); (Ko, et al., 2011);
(Gharehchopogh & Hashemi, 2012).
Trust is a complicated concept for which there is no widely accepted scholarly definition (Pearson S. , 2012). It is widely accepted that trust is hard to articulate because of its complex, multifaceted concept, richness of meanings, (Bromiley & Harris, 2006); (Tschannen-Moran &
Hoy, 2000);(McKnight & Chervany, 2001).
Lewis and Weigert (1985) described trust as a highly complex and multi-dimensional phenomenon having distinct cognitive, affective, behavioral, and situational conditions.
Rousseau, Sitkin, Burt and Camerer (1998) states in the Journal “Academy of Management Review” that evidence on the definition of trust from a present, cross-disciplinary collection of academic writing suggests that a commonly held definition of trust is: “a psychological state comprising the intention to accept vulnerability based upon positive expectations of the
intentions or behavior of another”. Participants reflexed to Ezezika and Oh (2012) in her research regarding “What is Trust”, that Trust is either a very crucial factor or the most crucial factor in the making or breaking of success. Trust allows consumers to overcome perceptions of risk and uncertainty, and to engage with the vendor. It is a multi-dimensional construct with two inter- related components, trusting beliefs and trusting intentions, together represent of what
(Rousseau, et al., 1998); (McKnight, Choudhury, & Kacmar, 2002) called trust, whereas;
Trusting beliefs is perceptions of the integrity, benevolence, competence, and predictability (McKnight, et al., 2001),
Trusting intention is willingness or intending to depend on the other party in a given situation with a feeling of relative security, in spite of lack of control over that party, and even though negative consequences are possible (McKnight, et al., 2001).
This research focused on the four trusting beliefs; competence, benevolence, integrity and predictability.
2.4.1 The Concept of Trusting Beliefs
Trusting beliefs is the stage to which trustor believes and feels confident in believing that the trustee possesses the ability or power that would benefit the trustor,(McKnight, et al., 2002).
McKnight & Chervany (2001-2002) analysis about 80 articles and books, and concluded that the most prevailing trusting beliefs in the literature concernedcompetence, benevolence, integrity, and predictability, in which:
a. Competence implies one firmly believes the other person has the ability or power to do for one what one needs done. From a cloud relationship point of view, the customer would believe that the cloud service provider can provide the tangible and intangible services in a proper and convenient way. In general, competence is the essence of capability to serve another’s interests.
b. Benevolence implies one firmly believes the other person cares about one and being motivated to act in one’s interest. A benevolent cloud service provider would not be perceived to be inclined to act opportunistically. Benevolence is the core of willingness to serve another’s interests.
c. Integrity implies one firmly believes the other person makes good faith agreements, telling the truth, and meets promises. This would indicate the belief that the cloud service provider will fulfills promises, such as to deliver the services or keeping private information secure.
One with integrity will prove one’s willingness to help by making and fulfilling good faith agreements.
d. Predictability implies one firmly believes the other person’s actions, positive or negative, are identical enough and thus not vary or change over time that one can duplicate them. Persons having high trusting belief-predictability would believe that they are able to predict the cloud service provider future behavior.
These four trusting beliefs together help one to be willing to depend on the other person.
Therefore, trust for this research is accordingly defined as trusting beliefs.
2.5 Privacy Risk Mitigating and Trust-Building Interventions
Information Communication Technology (ICT) provides solutions in the sense of privacy protection for users, consumers and citizens. The application of ICT to protect privacy is commonly known as Privacy-Enhancing Technologies (PET or PETs). Researchers have
proposed several options of privacy risk reducing interventions to build trust (Hassanein, 2004);
(Koufaris, et al., 2004); (McKnight, et al., 2002).
In “Privacy-Enhancing Technology: White Paper for Decision-Makers”, Koorn, van Gils, ter Hart, Overbeek and Tellegen, (2004), elaborates on the meaning PETs. Authors state that the term PETs is used to define a range of different technologies to protect sensitive personal data within information systems, without losing the functionality of the data system. PET increases the public’s confidence, and makes it possible to apply new technology to expand and improve services. Various privacy considerations can be addressed, of which the three most important ones are:
prevention against identification
protection against illegal processing of private data
the implementation of specific technologies to enhance privacy
Figure 5 illustrates the PET “staircase” representing the effectiveness of the protection of personal data relating with the type of PET applied. The suitability of the different PET options essentially depends on the characteristics of the information system, the demand level of protection and the sensitivity of the personal data concerned.
Figure 5: PET staircase: the effectiveness of the different PET options. (Kroon, et al., 2004)
All PETs options have successfully been applied in operational systems. Table 2 summaries the possible technologies that can be used to apply the PET options. A distinction has been made between standard solutions, custom-built solutions and future solutions.
Table 2: PET technologies
Gain from: Privacy Enhancing Technology White Paper for Decision-Makers (Kroon, et al., 2004)
Trust-building actions for cloud computing are already taking place in the form of standardization and certification. The United States National Institute of Standards and
Technology (NIST) has published a series of documents along with a commonly accepted set of definitions, and in addition, the European Telecommunications Standards Institute (ETSI) has set up a Cloud Group to consider cloud standardization needs and conformity with interoperability standards. These standards and certificates in turn can be referenced in the service level
agreement so that providers and users feel confident that the contract is fair (European Commission, 2012).
2.6 Technology Acceptance Model
The Technology Acceptance Model was introduced by Davis in 1986 and in 1989 proposed in the Management Information Systems, Quarterly. It is one of the most influential and highly cited research models in determinants of information systems and information technology acceptance to predict intention to use, and acceptance of information systems and information technology (Alrafi, 2009). The goal of TAM is to provide an explanation of the determinants of technology acceptance that is general, capable of explaining user behavior across a wide range of end-user computing technologies and user communities, while at the same time being both parsimonious and theoretically justified (Davis, 1989).
Information technology acceptance research yielded numerous competing models each with different sets of acceptance determinants to examine and understand the factors affecting the acceptance of computer technology.
Chutter (2009) comment in his study titled “Overview of the Technology Acceptance Model:
Origins, Development and Futures Directions”, that despite the fact TAM is a highly cited model and enormous confirmatory results have been obtained, current observation indicates that
researchers share mix opinion on the subject of TAM theoretical assumptions, and practical effectiveness. Chutter finalized by stating that it is tempting to conclude that research on TAM may have reached a satiation level, such that future research will focus in developing new models that would exploit the strength of the TAM model while eliminating its weaknesses.
Nonetheless, today’s research focused on the TAM because the research aims to understand the relationship between perceptions, such as perceived usefulness and perceived ease of use of technologies, and users behavior (Li L. , 2010); (Shroff, Deneen, & Ng, 2011).
The purpose of this research is to study the role of perceived privacy risks, trusting beliefs, privacy risks mitigating interventions and trust-building interventions in the determination of the usefulness of cloud computing by the Surinamese SMEs. Therefore the Technology Acceptance Model (TAM) is used as basis in this research for its predictive ability in particular to explain behavior and factors associated with acceptance of information technology.
CHAPTER 3. METHODOLOGY
This chapter focused on the theoretical foundation of the research methodology and on the formulation of the hypotheses. The next sections elaborate on the research approach, research strategy and research approach research approach apply in this research.
3.1. The Research Strategy
Saunders, Lewis, & Thornhill (2009) defined research strategy as “the general plan of how the researcher will go about answering the research questions”, and stated that appropriate research strategy has to be selected based on research questions and objectives, the extent of existing knowledge on the subject area to be researched, the available amount of time and resources, the philosophical underpinnings of the researcher. Exploratory research allows collecting
quantitative data that can be analyze quantitatively using descriptive and inferential statistics.
This thesis examines the role of perceived privacy risks, trusting beliefs, privacy risks mitigating interventions and trust-building interventions in the determination of the usefulness of cloud computing by the Surinamese SMEs. The exploratory research approach is selected since cloud computing is a slightly novel phenomenon in Suriname. In regard to the research strategy, the survey methodology is selected and carried out through questionnaire. The research approach applied in this research is based on the TAM of Davis et al. and Venkatesh et al. (Davis,
Bagozzi, & Warshaw, 1989); (Venkatesh, Morris, Davis, & Davis, 2003) This research method is chosen since its objective is to predict viability towards technology and it is also a common tool used for testing relationships in this field. Following figure (figure 6) visualizes the conceptual research model and its relationships with TAM, the four hypotheses and their linkages concerning the constructs that are applied to carry out this research.
Figure 6: Conceptual Research Model.
Trusting Beliefs
H1
Perceived Privacy H3 Risks
H2
H4
Perceived Usefulness
Attitude Toward Using
Behavioral
Intention to Use Actual Use
Perceived Ease of Use Trust-Building
Interventions
Privacy Mitigating Interventions
Technology Acceptance Model (TAM)
(Davis, Bagozzi, & Warshaw, User Acceptance of Computer Technology: A Comparison of Two Theoretical Models, 1989)
3.2. Technology Acceptance Model
The Technology Acceptance Model has been applied in various information technology and information system areas e.g. acceptance of World-Wide-Web, clarity the e-stock users’
behavioral intention, automotive telematics users’ usage intention, consumers’ acceptance of online auctions. TAM entails an information system model that examines how users develop their decisions to adopt and use a specific Information Technology. The aim of TAM is to ascertain the causal relationship among the key constructs; perceived usefulness and perceived ease of use, behavioral intention, and actual technology usage.
Figure 7: The Technology Acceptance Model (TAM) (Davis, et al., 1989)
3.3. Privacy
Cost reduction and increasing efficiency are primary motives for businesses moving towards cloud computing, but to sacrifice privacy to increase economic outcomes and functions should not be. To understand how consumers make decisions with respect to privacy, it is necessary to understand which aspects of a given privacy situation are critical to consumer privacy concerns.
Users main fear is the loss of control when offering their personal data to store in the cloud with the risks that it might be accessed without notice by a government (Gellman, 2009) and that they could be forced to hand over personal information against their will (Pearson, 2012). Privacy in general is very subjective with different meanings to different people (Skinner, Han, & Chang, 2006). Information privacy has become one of the main factors that hinder the adoption of cloud computing. Dinev & Hart argued that by identifying the trade-offs allowing individuals to surrender privacy sensitive information, companies should get better understanding of how to address privacy concerns and increase the level of comfort and sense of security for those who seek to obtain information and services via the Internet. Therefore the following hypotheses is constructed;
Perceived Usefulness
Attitude Toward Using
Behavioral Intention to Use External
Variables Actual Use
Perceived Ease of Use
