Critical Factors Influencing the Adoption of Cloud Computing
Nabin Khanal, Microsoft
Greg Parsons, Keiser University
Tim Mantz, Keiser University
Richard A. Mendelson, Keiser University
ABSTRACT
This article contributes to the existing body of literature on cloud computing by examining the moderating as well as mediating factors influencing macro-scale adoption of the cloud computing framework. Prior research has demonstrated that cloud computing can be more cost effective, more efficient, and has higher levels of elasticity; however, the primary concern among consumers revolves around security vulnerability. This research empirically studies the significance of the mediating and moderating factors of cloud computing consumption by patrons. Results of the study show that increased threat of security vulnerabilities demonstrate an inverse correlation with the consumption of cloud computing products and platforms.
Keywords: Cloud computing, security vulnerability, benefits of cloud platform
1. INTRODUCTION
Data centers are the building blocks of information technology (IT) and business enterprises providing the capabilities of a centralized repository for storage, processor, management, networking, and dissemination of data (Uddin, Rahman, Shah, & Memon, 2012). Cloud computing evolved as a method by which immediate access to stored data is possible without the inconvenience of being encumbered with a portable hard drive, flash drive, or some other type of media storage device. The Cloud platform is defined as a combination of hardware and software in a singular data center (Srivastava & Kumar, 2011). The cloud platform impacts individuals, as they are now able to store personal documents, pictures, and email on a cloud platform for ease of access; while also impacting larger organizations or businesses by allowing them to decrease their investment and procurement of hardware used to create a secure data center as a result of them switching to the use of a cloud based platform. Use of the cloud platform has demonstrated tremendous revenue saved for larger organizations, and has created a level of convenience previously unseen for individuals.
What is cloud computing?
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction (i.e., Definition of Cloud Computing, National Institute of Standards and Technology)[RM1].Essentially, cloud computing is an evolution in which IT resources are available based on the need or demand.The cloud platform is already in use in many business sectors as well as in institutions of higher learning. In order to deliver technology in secondary and post-secondary school environments, cloud computing is becoming more popular as a vehicle for curriculum and data delivery. Revenue in cloud computing is expected to reach $160 billion based on industry leader estimates[RM2].Cloud computing is defined as “an emerging IT development, deployment and delivery model in order to enable real time delivery of product, solutions, services over internet” (Fowler & Worthen, 2009).
The evolution of cloud based platforms began in approximately 1990 with the simultaneous application of several loosely coupled computers to a single problem. The widespread adoption of the Internet for public consumption in the mid to late 1990’s led to computing resources being delivered as a metered service similar to other utility such as water, gas, and power. This morphed by the early 2000’s to the idea of software as a service in which on-demand network based access to commercially available software became available to the average consumer. By the year 2008, dynamically scalable, mostly virtualized resources, provided as a service over the Internet became available. This last iteration of software delivery is what is now referred to as the cloud based computing platform. In the interest of generating revenue, companies have begun offering the cloud based platform as a service to subscribers.
In a cloud-based computing platform, the development tools and software are hosted on the provider’s infrastructure. Software developers create applications over provider’s infrastructure by using the Internet (Limbăşan & Rusu, 2011).In the cloud based model, applications and services are created by the consumer by using tools or a library provided by providers. The software deployment and configuration settings of the cloud platform are controlled by the consumer allowing for personalization of the service provided. The server, network, and storage are delivered by the provider in order to host consumer applications. All services are provided at minimal initial cost, and costs will be increased based on the used services. Within this model, the cloud based platform provider makesthe platform availableso the users do not have to worry about costs and complexity of buying and managing underlying infrastructure such as hardware and software.
This model is used by enterprises to develop, monitor, deploy, and maintain applications where the cloud service provider maintains the rest of the things, such as operating systems. Prebuilt and configured virtual machines (VM) are provided and the developer can manage and configure these VM remotely based on their specific needs.Usually the total cost of ownership (TCO) in PaaS is lower than IaaS, (i.e., Microsoft Windows Azure).
Providers of cloud based computing platforms
As cloud computing evolves, many companies are moving to build cloud related solutions/platforms to help companies to move into cloud computing domain[RM3].In other words, those are cloud computing providers. Major cloud computing providers are Microsoft Windows Azure, Amazon Web Services (AWS), and Google AppEngine[RM4].
Windows Azure is the Platform-as-a-Service (PaaS) provider that runs in Microsoft datacenters.Azure provides a Microsoft way of running applications and storing data.Customers can install and run applications on the cloud provided by Microsoft. Two types: Web role (HTTP or HTTPS request) and worker role (David Chappell, “Introducing Windows Azure,” 2009) are provided to customers.Azure allows non-Windows application to run the platform, such as worker role.
Amazon web services (AWS), Platform-as-a-Service (PaaS), Infrastructure-as-a-service (IaaS), and Software-as-a-Services (SaaS) offer multiple services. In this model, the user is charged for the computing resources they use.
Google AppEngine is a Platform-as-a-Service (PaaS) that provides a cloud platform for web applications in a Google Datacenter.Unlike AWS, Google AppEngine is free of charge to a certain level to provide customers a taste of it.Once customers hit that given threshold, an additional fee is charged for CPU time, storage, and bandwidth.Below Figure 3 shows major Cloud computing providers.
Figure 1.List of Major Cloud Computing providers.
Usually, cloud service providers operate in two business models: a fixed plan cost and a variable plan cost that amounts to a pay as-you-use type of billing plan[RM5].
Like private enterprises, many public sector orghanizations such as municipalities are moving to cloud computing.The United Kingdom’s government announced the availability of “G-Cloud” in June 2009, and mandated that future IT purchases must be “consistent with the cloud computing” platform[RM6]. As a part of “G-Cloud,” all government digital services moved to the secure, private cloud dedicated for government agencies hoping to realize a return on investment within three years, and cost savings in the future of IT procurement by leveraging virtualization, scaling, and rapid provision of infrastructures. This kind of initiative in the public sector not only impacts other public sectors, but it will also have an impact and influence in specific industry groups. This “G-Cloud” is an example of a private and secured cloud based platform.
Cloud based platforms in the education work domain
Cloud computing is gaining popularity in many areas and the education sector is no exception.It is becoming more popular in higher education domains, but a cost/benefit analysis has not yet been explored[RM7]. There has been some research performed in order to examine and understand the core factor for adoption of technology in higher education settings. Roughly 700 community college students were enrolled and participated in basic computer skills courses in this study to find out core data points such as ease of use by first hand experiences in the platform with instructor help and finding the perception of usefulness as the main reason, such as student’s reasons to travel to the campus.Based on this study, recommendations were offered for community college administrators and others who are exploring the adoption cloud computing in the higher education domain.Due to a low budget, a more mobile student population, and availability anywhere with low cost or free, cloud computing is very promising in education sectors.There are many commercial providers who are encouraging the education sector to adopt cloud computing, such as Google, who has created a special education edition of their cloud-based Google apps.In order to serve students with the goal of “available anywhere with low cost,” implementation of infrastructure requires careful analysis of a number of factors from student’s perspectives as well as faculty perspective. [RM8]
Students attending community college will more likely drop out before completing degree requirements compared to traditional college students because of other obligations, such as a full-time job or having a family (Conklin, 1997; Medved & Heisler, 2002).Usually, rural community colleges are not funded that well, yet they serve students where a long commute requires a larger investment of time from students (Yudko, Hirokawa, & Chi, 2006).Cloud computing could be an innovation for colleges where it helps to reduce IT costs and eliminates many time-related constraints for students as well serving a larger student population.
2. REVIEW OF THE LITERATURE
Cloud Computing Acceptance: Existing Research
Cloud computing was first used to describe a particular type of computer service in 1996 (The business technology forum.com/2011/10) and more frequently since 2006 when Google, Amazon and others started using the term to describe a new paradigm in computing. Since that time, cloud computing has evolved in terms of technology (Rimal, Choi, & Lumb, 2009) and applications (Ried, Kisker, & Matzke, 2010). The rapid developments in this field have created a challenge for literature regarding the specifics of the technology, the vendors, the architecture, and usage which can quickly become outdated. (Armbrust, Fox, Griffith, Joseph, Katz, Konwinski, & Zaharia, 2010).
Consequently, a related line of research is attempting to understand cloud computing within organizations and those factors that affect adoption and assimilation. Chen and Wu (2011) found that there were a number of significant factors independent of the technology that affected this adoption. Top management support, firm size, competitive pressure and trading partner pressure were all found to have a significant effect on cloud computing adoption by businesses. Gupta, Seetharaman, and Raj (2013), investigating cloud adoption in SMEs (small and medium size business) stated that favorable factors included the ease of use, privacy, and security. They also identified that factors favoring cloud adoption in SMEs were different than those in large corporations. Additionally, the SMEs surveyed did not plan to use cloud computing for sharing or collaboration.
This view of cloud computing from the organization or business side continued with Marston, Li, Bandyopadhyay, Zhang, and Ghalsasi, (2011) using a SWOT analysis to identify the strengths, weaknesses, opportunities and threats to the cloud computing industry. In addition, related technologies such as Service-Oriented Computing and Grid computing have emerged as alternative approaches to cloud computing. (Dillon, Wu, & Chang, E. 2010)
Cloud Computing: Evolution or Revolution in IT
A different view of cloud computing comes by applying a somewhat longer historical perspective and placing it within the general evolution of Information Technology (IT). Hirschheim and Klein (2012) proposed that the adoption of computer and computer related resources within business organizations can be divided into four eras: the mid-1960’s to the mid -1970’s, the mid-1970’s to the mid-1980’s, the mid -1980’s to late-1990’s, and from the late 1990s to current times. These eras reflect dramatic differences in hardware, software, data access, telecommunications, and users. They also indicate marked differences in research directions, IT education and the availability of academic journals.
As computers were first introduced into organizations, new organizational structures, policies, controls, and procedures were deemed necessary and formed the theory of stages for managing computer resources (Nolan, 1973). Nolan’s theory hypothesized that organizations would go through a series of stages characterized as: initiation, contigation, control, integration, data administration and ultimately maturity. Not all organizations would pass through the stages at the same speed but that management of the computer resource would need to evolve to match the challenges at each stage. Organizational acceptance and adoption of computing was also studied in different contexts such as the adoption of Personal Computers (PCs) (Cragg & King,1993), and the use of computers by smaller businesses (Igbaria, Zinatelli, Cragg, & Cavaye, 1997). The general conclusion of these studies showed that while technology was offering new options, other factors had a strong influence on when and how organizations decided to make use of these new resources. These factors not only influenced purchasing and information systems project decisions, but also influenced the outsourcing of IT (Dibbern, Goles, Hirschheim & Jayatilaka, 2004). The growth of the IT services industry from limited applications such as payroll processing to a wide array of turnkey packages, programming services, web hosting, and much more has required a more strategic view of IT outsourcing (Willcocks, Fitzgerald & Feeny, 1995; McFarlan & Nolan, 1995). Thus, from the historical perspective of IT evolution, cloud computing can be seen as another outsourcing option that faces organizational acceptance issues similar to prior computing technologies. Current concerns regarding security vulnerability are a manifestation of the general perception of risk when an organization faces new technology or other major decisions.
Perception of Risk and Risk Analysis
In addition to the more macro factors of cloud computing adoption are the specific issues of the vulnerabilities associated with outsourcing a critical organizational resource, data and potentially applications, to a commercial vendor (Feng, Zhang, Zhang,& Xu, 2011). The perception of risk is an important component of the cost – benefit analysis for cloud computing adoption since risk may take many different forms, levels, and effects on stakeholders.
One area of perceived risk is in data security which involves different concerns such as user access, regulatory compliance, data location, data segregation, recovery, investigative support, and long- term viability (Brodkin, 2008). With the large number of highly publicized data breaches in the recent past and an associated cost estimated at $7.2 billion in 2011 (Ayyagari, R.,2012), management’s concern over security risk is understandable. However there have been many approaches to assessing and managing risk in the computer and information system fields. Some of these approaches deal with software development risks (Barki, Rivard, & Talbot,1993) as an application of project risk assessment and management. In a study specifically on information security risk, Karabacak and Sogukpinar (2005) proposed the ISRAM (information security risk analysis methodology) as a quantitative and qualitative approach. The increased vulnerability of information systems prompted a study involving executives from 29 organizations,where McFadzean, Ezingeard, and Birchall (2007) suggest that the information security strategy should be developed at the board level indicating the need for a more holistic approach to the issue. This sentiment was echoed by Werlinger, Hawkey, and Beznosov (2009) whose study of IT security management included “the interplay among human, organizational, and technological factors”. Thus, the literature appears to show that the perception of risk is a significant factor in IT decisions and will certainly be a factor in the adoption of cloud computing. However, the more recent literature also shows that the perception of risk is not simply the risk of a breakdown or a break-in, but an organizational defense mechanism to avoid takingunnecessary risks and also managing unavoidable risks. In a review of literature regarding organizational risk perception when making organizational buying decisions, Mitchell (1995, p117) found “managers see risk in ways that are both less precise and different from risk as it appears in decision theory” (March & Shapia, 1987). Some of the factors contributing to risk perception were found to be: buyer demographics (Peters & Venkatesan, 1973), job function (Sheth, 1973), the decision making unit (Valla,1982), theperception of the organization’s performance (Kahneman & Tversky, 1979), as well as other factors.
Given the perceived risks involved in the adoption of cloud computing and the effect of these risks on an organization, there are several perspectives that provide a fuller understanding of the situation and provide a foundation for further research.
Technology Acceptance, Resistance to Change andStakeholder Theories
The Technology Acceptance Model (TAM)
One of the approaches used to study acceptance of a variety of technological innovations but specifically IT is the Technology Acceptance Model (Davis, 1989). Based upon the constructs of perceived usefulness (PE) and perceived ease-of-use (PEOU) the model is used to explain potential adopters’ reaction to new technologies. Subsequent work resulted in the TAM2 model (Venkatesh & Davis, 2000) as well as the Unified Theory of Acceptance and Use of Technology (UTAUT) (Venkatesh, Morris, Davis & Davis, 2003). Applications and empirical testing of these models have been seen in various fields such as: online education (Liu, Chen, Sun, Wible & Kuo, 2010), medicine (Hu, Sheng, Chau, Tam, & Fung, 1999), on-line banking (Cheng, Lam, &Yeung, 2006), and cloud computing in community colleges (Behrend, Wiebe, London, & Johnson, 2011). The majority of these studies have been focused at an individual choice level and have not attempted to address issues involving organizational behavior or managerial decision processes.
Organizational Resistance to Change
Although the TAM model and similar approaches have addressed technology adoption and can be applied to consumer choices such as buying an electric car or using online banking, literature has generally been focused on individuals’ perceptions. Consequently the original TAM variables of PE (perceived usefulness) and PEOU (perceived ease-of-use) are unlikely to fully capture the organizational environment that cloud computing adoption faces. As Low, Chen and Wu (2011) discovered, top management support, firm size, competitive pressures and trading partners had a significant impact on the adoption of cloud computing. These findings are consistent with research in resistance to organizational change which includes factors such as organizational culture, organization structure, existing policies, office politics and even ambivalence to change (Piderit, 2000). In an earlier study Keen (1981) applied these concepts to information systems. Organizational resistance was also found to have socio-psychological elements which must be addressed to promote change (Bovey & Hede, 2001). Other studies have looked at the way to overcome resistance to change (Ford, Ford, & D'Amelio, 2008). Therefore, if adoption of cloud computing requires a change within the organization, models of organizational change and managerial decision making provide useful models to help identify the critical adoption factors.