Information poaching as a decision making factor when outsourcing e-mail
11-Oct-18
Information poaching as a decision making factor when outsourcing e-mailMaster Thesis Economics & ICT
By Johannes van Vliet
Erasmus University Rotterdam
Supervisor G.J. van der Pijl
Coreader W. Pijls
October 11, 2018
Acknowledgement
First of all I want to thank Gert J. van der Pijl. As my supervisor for this project he helped me to create a clear view on how to present my results. Gert also motivated me to finish this thesis with an eye for quality and detail.
Secondly I want to thank my colleagues at Protiviti. Although my thesis project lasted longer than expected, they supported meto plan al the work next to my day to day work. Besides that,they helped me to look at my thesis with a business kind of view.This helped to enhance the degree of significance of the results.
Last but not least I would like to thank my parents, friends and girlfriend. They all motivated me to finish my thesis and master degree.
Wateringen, 4th August 2010
Hans van Vliet
Executive summary
Information is by the day getting more important for individuals and organizations. This growing dependency combined with new technologies, lead to unknown situations. The increasing dependency of information is also followed and related to the digitalization of information. The digitalization of information is primarily focuses on the advantages. However, there are also some possible risks that can occur. While information is vital for organizations it is very important to define clear controls and laws to secure that information.
A new form of digitalization that focuses on information is Software as a Service. This form of outsourcing provides its users with a service that they can use based on their dependency of it. In this process the service is hosted at the provider. Herea provider can supply multiple users with a high quality service combined with low cost. This form of outsourcing is closely related to traditional outsourcing transactions, with the difference that it now exists in a digital form. Due to this new form of outsourcing new security related questions arise. For example a important questions is, how do we know this information is stored safely?
A risk related to the storage of information is called information poaching. Information poaching is the treat that the receiving party or a third party usages the information send to gain economic advantage. Information poaching is relatively new and can lead to a reserved position for organizations that are thinking to outsource their email. A possible solution to this problem is to create trust at organizations. This can be accomplished by applying controls. If we can control the outsourcing process and especially the threat of information poaching, organizations will sooner decide to outsource their email.
This thesis starts with discussing the current literature on outsourcing. These theories are primarily focused on traditional outsourcing transactions. Following the literature review we discuss our survey that we conducteddiscussing topics on and related to outsourcing email. The results of the survey are explained and in the next chapter we have related the survey results to the existing literature on outsourcing.
This thesis concludes by discussing the research question and by advising how to overcome the problem. We can conclude that information poaching influences the decision of organizations to outsource their email. This logical reaction from organizations is that they will have a reserved position against outsourcing their email. This reserved position can be taken away by implementing controls.
Currently a group of authorities that focus on protecting data, are forcing service providers to use a privacy by design plan. In this plan service provider defines on beforehand how they are going to secure the privacy norms and laws of their clients. However, defining a privacy by design plan does not ensures that organizations act as stated in it. A solution to this problem is to on beforehand define a privacy by design plan and audit this plan on a annual base. The data security authorities can play an important role in this process. First of all by forcing the service providers by creating a privacy by design plan and finally by implementing a certifications for organizations that pass the audits.
Table of Contents
Acknowledgement
Executive summary
Chapter 1.Introduction
1.1Research Question
1.2Methodology
1.3Scope
Chapter 2.Literature review
2.1Outsourcing
2.2Core competences
2.3 Transaction Cost Theory
2.3.1 Coordination Costs
2.3.2 Operations Risk
2.3.3 Opportunism Risk
2.3.4 The transaction cost model
2.4Trust, control and risk
2.5Information poaching
2.6Influence of the market
Chapter 3.Analysis of survey results and hypotheses
3.1Introduction
3.1.1Population
3.1.2Hypothesis and closed questions
3.1.3Likert scale
3.1.4Cronbach’s Alpha
3.1.5Composition of the participants
3.2Hypothesis 1
3.2.1 Sample test Hypothesis 1
3.2.2Cronbach’s Alpha Hypothesis 1
3.3Hypothesis 2
3.3.1Sample test Hypothesis 2A
3.3.2Sample test Hypothesis 2B
3.3.3Cronbach’s Alpha Hypotheses 2A and 2B
3.4Hypothesis 3
3.4.1Sample test Hypothesis 3
3.5Hypothesis 4
3.5.1 Sample test Hypothesis 4
3.5.2Cronbach’s Alpha Hypothesis 4
3.5.3Hypothesis 4A
3.5.4Sample test Hypothesis 4a
3.6Correlations and multiple regressions
3.6.1Correlations on degree of trust and advantages of using SaaS
3.6.2Multiple regression on degree of trust and advantages of using SaaS
3.7Important factors during consideration of outsourcing
Chapter 4.Consolidation of survey results with the existing literature
4.1Trust
4.2Core competences
4.3Information poaching
4.4Transaction Cost Theory
Chapter 5.Conclusion and further research
5.1Research question
5.2Conclusion
5.3Recommendations for further research
5.3.1Trust
5.3.2Core competences
Bibliography
Appendix
A1. Survey results Hypothesis 1
A2. Survey results Hypothesis 2
A3. Survey results Hypothesis 3
A4. Survey results Hypothesis 4
List of figures
Figure 1 The Balance between In-house Production and Outside procurement (Clemons et al. 1993.)
Figure 2 Traditional Investment to Reduce Coordination Cost Increased Transactions Risk. Firms preferred to Make Such Investments In-house (Clemons et al. 1993.)
Figure 3 Current Investments in Information Technology May Not Increase Transactions Risk. Firms Can Now Safely Outsource (Clemons et al. 1993).
Figure 4 The base case preferred mode of economic transaction
List of Tables
Table 1 Independent 2 sample T Test Hypothesis 1 by SPSS
Table 2 Cronbach's Alpha for Hypothesis 1
Table 3 Paired 2 sample T Test Hypothesis 2A by SPSS
Table 4 1 sample T Test Hypothesis 2B by SPSS
Table 5 Cronbach's Alpha for Hypothesis 2A question number 9
Table 6 Cronbach's Alpha for Hypothesis 2A question number 10
Table 7 Cronbach's Alpha for Hypothesis 2B
Table 8 1 sample T Test Hypothesis 3 by SPSS
Table 9 1 sample T Test Hypothesis 4by SPSS
Table 10 Cronbach's Alpha for Hypothesis 5
Table 11 Paired 2 sample T Test Hypothesis 4A by SPSS
Table 12 Correlation of trust related to advantages of using SaaS.
Table 13 Multiple regression degree of trust part 1
Table 14 Multiple regression degree of trust part 2
Table 15 Multiple regression degree of trust part 3
Table 16 Results question 19
Table 17 summary of the results of our hypotheses
Table 18 Statistic summary of the survey results of questions 6, 7 and 8
Table 19 Combined results of the organizations that are outsourcing
Table 20 Combined results of the organizations that are not outsourcing
Table 21 Results question 18
Table 22 Combined results of organizations that are outsourcing and the factor trust
Table 23 Statistic summary of the survey results of questions 11 , 12 , 13, 14, 15, 16 and 17
Table 24 Combined results of the questions related to Hypothesis 3
Table 25 Statistic summary of the survey results of questions 16 and 17
Table 26 Statistic summary of the survey results of questions 9
Table 27 Statistic summary of the survey results of questions 10
Table 28 Combined results of the sub-questions of question number 9
Table 29 Combined results of the sub-questions of question number 10
Table 30 Combined results of the sub-questions (divided by its amount of questions) of question number 9 and 10
Table 31 Statistic summary of the survey results of questions number 5 and 15
Table 32 Combined results of the sub-questions of questions number 5 and 15
Chapter 1.Introduction
At present, many organizations are outsourcing different processes; these processes differ in size and scale, ranging from accounting and administrative tasks to even outsourcing of a complete sales department. The main reason for organizations to outsource is obtaining lower costs.
Recently, a new type of outsourcing is offered on the market: Software as a Service (SaaS). This outsourcing opportunity provides companies with the ability to use software as needed versus licensing all devices with all applications. This service is comparable to for example the outsourcing of mobile phone services. Some examples of SaaS are for instance webhosting, online customer relationship management systems and external e-mail management.
The decision to outsource a service, for example email, may lower software licensing costs for organizations (Cain, 2009) and may also shift the responsibility of maintaining the service for a third party. On the other hand, outsourcing a service such as e-mail may raise questions related to the safety and privacy of the information an organization is sending.
Currently there is an interesting discussion going on, on how to protect and respect the privacy of people and companies that use online services. This discussion is lead by several authorities that focus on protecting data. The main focus is Google, which at the launch of their new service, Google Buzz February 9th 2010, made the inaccuracy to disregard the fundamental privacy laws and norms. The data privacy authority’s of several countries joined and wrote Google a letter in which they mentioned that they were very disappointed in the way Google treated the privacy of their users. In the letter, they recommended Google to use Privacy by Design for future services. Privacy by design means that, in early design phase of a new service a company investigates on how to protect and respect that data privacy norms and laws.
The concept of SaaS is a considerably new service offered on the market. It is currently (2010) only offered by a small number of organizations. When organizations consider outsourcing software or a part of it, it is important to have a clear overview of what is offered on the market. In this study, we often use the term software package; it is therefore important to know how it is meant to be understood here. A software package is defined in this thesis as a pack of separate software programs combined to a joined package which can be purchased by organizations. Currently, there is no clear overview of the different packages available on the market. This lack of information makes it difficult for organizations to decide which package and subsequently which provider to choose. Because there is not much information onSaaS, questions may raise what possible advantages there are in using it. Furthermore, organizations could also have doubts to use the service because of the lack of information on for instance decision making factors such as security and availability. Currently, service providers are trying to build more trust aimed at potential customers by presenting the service as visible, secure, managed, audited and valid (Kennedy et al., 2009).It is interesting to examine how and if SaaS providers can show this trust.
Organizations require a trustworthy service provider for their e-mail. This may prove to be a difficult goal to achieve when service providers can have all sorts of different intentions. Both parties are commercially driven and therefore aim for a maximized profit as a goal. Organizations that are using the service also value the quality of the service (Lee, 1996). A contract is crucial in outsourcing transactions to ensure that the interests of both parties are served. What are the other control measures that can secure and assure the requirements of both parties? Besides a contract, many companies are under the impression that they have to trust the provider of the service tolive up to work for the best results for the outsourcing party. From the literature of Das (2001), organizations have to be aware that an outsourcing transaction has a significant part of risk related to it (Das et al., 2001). Besides the risk factors mentioned in the contract there are other factors related to outsourcing that can affect the relation and also factors not mentioned in the contract that can influence the relation between two parties. These factors cannot even be directly visible, however they can have a significant influence on a successful outsourcing transaction.
The decision to outsource an important process can be examined from different perspectives; in this thesis the examination is performed from an accounting perspective. Taking this into account angle, aspects as security, information poaching and durability of the service are examined. Information poaching, equal to loss of information, is a relatively new term that is clearly gaining in importance due to the increased use of external services. As mentioned in earlier literature on outsourcing, the loss of information is an important factor for organizations deciding to outsource (Widener and Selto, 1999). Information poaching can also increase transaction costs and more specifically operations risks (Clemons et al., 2004).
1.1Research Question
In the introduction to this study, several aspects related to outsourcing software and the possible effect of external factors on it has been discussed. An important issue that surfaces when examining the outsourcing process is called “information poaching”. The threat of information poaching in combination with outsourcing is related to the main question of this thesis, which is; “What is the effect of information poaching when e-mail is outsourced to a SaaS provider”. In several papers researchers suggest that information poaching is a possible threat when outsourcing. How does this relate to outsourcing a service as e-mail? The main question is rather broad, thus for making it more specific, several sub-questions on this topic have been formulated. The following sub-questions are discussed in this thesis:
- What are the possible risks when outsourcing an internal service such as e-mail to an external service provider?
- What are the possible risks for an organization when working with SaaS provider?
- To what extend is the concept of information poaching known to organizations?
- To what degree is information poaching acknowledged as a threat when outsourcing a service as e-mail?
- When information poaching because outsourcing e-mail is acknowledged as a possible threat, does this affect the decision making process of the customer?
- To what extend can organizations control the possible negative effects when outsourcing e-mail to a SaaS provider?
1.2Methodology
The second chapter of the thesis consists of a literature study on several different topics related to the research question.Different methodologies on outsourcing and information poaching are discussed. Finallythey are linked to the concluding results. We also compare the literature about outsourcing physical/traditional services and a relatively new service as e-mail. The literature on outsourcing can be partially used when outsourcing a digital service. Besides the current theories there are some new effects like information poaching which can influence the outsourcing relation. This makes it interesting to look into which degree the current literature is applicable when outsourcing a service as e-mail.
The thirdchapter of the thesis consists of the results of a survey performed among organizations interested in outsourcing their e-mail to a SaaS provider.The results of the surveys are used to verify the hypothesis with the intention to answer the research question. We first contacted the providers of SaaS and asked them to cooperate with the surveys by supplying us with names of companies that are interested in outsourcing their e-mail. Organizations considering to outsource or already outsourcing their e-mailare asked to participate in an online survey with questions related to outsourcing e-mail and information poaching. Besides that, we will distribute our survey among online communities of organizations that are interested in software as a service.
In the fourth chapter of this thesis, the information from the surveys is compared to the information from the literature study. While doing so, it will provide an insight into which degree we can apply and relate the general literature on outsourcing to outsourcing a service as e-mail. We furthermore discuss the importance and the effect of information poaching on outsourcing a service as e-mail.
Finally, recommendations and conclusions are provided after analyzing the survey results in relation to the existing literature, these findings are presented in chapter five.
1.3Scope
The scope of this thesis is limited to outsourcing email to a SaaS provider. SaaS provides several more services that may be interesting for organizations; however, in this study the main focus lies on outsourcing e-mail. There are multiple risks when outsourcing a service as e-mail, nevertheless, this thesis is focused on the danger of information poaching.
Chapter 2.Literature review
In our thesis we will research a relatively new and unexplored form of outsourcing, outsourcing e-mail to a SaaS provider. The aim of our study is to prove to which degree we can relate the existing literature about outsourcing to our thesis topic about SaaS. In thischapter of our literature review we will first examine some general theories about outsourcing. Subsequently, we will examine some theories in more detail, and after processing our survey results we will finally link them to our findings in chapter 4.
2.1Outsourcing
Outsourcing was introduced during the 1980’s. Since the early 1990’s, outsourcing has evolved from only outsourcing traditional services like administration to the outsourcing of data, marketing and IT related services (Chalos, 1995). This change in services is related to the increasing costs of internal non-core-business activities. The transformation of the business structure of organizations can lead to more specialized organizations. These more specialized organizations are able to focus more and more on core competences.
The outsourcing process can be defined as a process of subcontracting certain processes to a third party. An important factor mentioned in the introduction is the relation of an organization with a third party. It is essential to understand that the company that is outsourcing and the outsourcing vendor are not partners. Their main goal is the same, they both want to make a profit, however besides that the outsourcing organization expects stability of a service (Lacity and Hirschheim, 1995). These two goals do not go well togetheras both parties may have different expectations of the service.
Chalos (1995) states in his paper that the process of outsourcing has evolved during the years; McFarlan (1995) specifies the evolution of outsourcing in his study about the change in outsourcing in relation to the growth of IT outsourcing. McFarlan (1995) defines two specific reasons that effected the growth of the number of outsourced IT services. McFarlan (1995) states that the acceptance of strategic alliances and IT’s changing environment motivate organizations to outsource their services (McFarlan et al., 1995). The value of strategic alliances is widely recognized among organizations. The benefits of having a partner for a strategic alliance can range from having more experience with a certain process to saving costs by focusing on a single part of the complete process. The paper of McFarlan (1995) is published in 1995; McFarlan assumed at that time that the number of companies outsourcing IT services would grow.