Professional Documents
Culture Documents
10-1108 - JMH-02-2014-0018 - Cloud
10-1108 - JMH-02-2014-0018 - Cloud
www.emeraldinsight.com/1751-1348.htm
Abstract
Purpose – The purpose of this paper is to classify and categorize the vulnerability types emerged with
time as information technology (IT) systems evolved. This comparative study aims to compare the
seriousness of the old well-known vulnerabilities that may still exist with lower possibility of happening
with that of new technologies like cloud computing with Mobility access. Cloud computing is a new
structure of IT that is becoming the main part of the new model of business environment. However,
issues regarding such new hype of technology do not come without obstacles. These issues have to be
addressed before full acceptability of cloud services in a globalized business environment. Businesses
need to be aware of issues of concerns before joining the cloud services. This paper also highlights these
issues and shows the comparison table to help businesses with appropriate decision-making when
joining the cloud.
Design/methodology/approach – A historical review of emerged vulnerabilities as IT systems
evolved was conducted, then these vulnerabilities were categorized into eight different categories, each
of which composed of multiple vulnerability types. Simple scoring techniques were used to build a
“risk” analysis table where each vulnerability type was given a score based on availability of matured
solution and the likeliness of happening, then in case of vulnerability type, another score was used to
derive the impact of such vulnerability. The resulted weighted score can be derived from the
multiplication of likeliness to happen score with that of its impact in case it did happen. Percentage of
seriousness represented by the percentage of the derived weighted score of each of the vulnerabilities
can then be concluded. Similar table was developed for issues related to cloud computing environment
in specific.
Findings – After surveying the historical background of IT systems and emerged vulnerabilities as
well as reviewing the common malicious types of system vulnerabilities, this paper identifies 22
different types of vulnerability categorized in eight different categories. This comparative study
explores amount of possible vulnerabilities in new technology like cloud computing services. Specific
issues for cloud computing were also explored and a similar comparative study was developed on these
issues. The result of the comparative study between all types of vulnerabilities since the start of IT
system development till today’s technology of cloud computing, shows that the highest percentage
vulnerability category was the one related to mobility access as mobile applications/systems are
relatively newly emerged and do not have a matured security solution(s).
Practical implications – Learning from history, one can conclude the current risk factor in dealing
with new technology like cloud computing. Businesses can realize that decision to join the cloud
requires thinking about the issues mentioned in this paper and identifying the most vulnerability types
to try to avoid them. Journal of Management History
Vol. 20 No. 4, 2014
pp. 409-433
© Emerald Group Publishing Limited
The author would like to thank Shawn Carraher for his helpful comments on an earlier draft of this 1751-1348
paper. DOI 10.1108/JMH-02-2014-0018
JMH Originality/value – A new comparative study and new classification of vulnerabilities demonstrated
with risk analysis using simple scoring technique.
20,4 Keywords Comparative method, Business ethics, Cloud computing, Work ethic,
Technology management, Network security, Work motivation, Vulnerability categories,
Cloud ethics, Business security, Cloud business protection, Cloud malware attacks
Paper type Research paper
410
Introduction
As most types of advancement in application of information technology (IT), cloud
computing is becoming one type of IT that has a leap of change in different aspects of
businesses and customers. At personal level, customers realize that accessing the cloud
is an easy and cheap operation of driving any facilities or utilities in their day-to-day
social and their business need operations. For example, cloud service can be used to
auto-sync the downloaded music files from a mobile device and synchronize with a
desktop or laptop. Device mobility augmented with cloud services provides an excellent
attraction to business operations. For example, businesses in construction industry can
auto-sync their mobile devices with servers in the cloud. This gives them a global access
to their main headquarters from their mobile device like an iPhone or similar. The way
of conducting business operation in such case is changing dramatically. Using a mobile
device like a smartphone, businesses can now use business intelligence technique to
automatically investigate different issues regarding marketing needs, supply chain
problems, customer services on the fly and with minimal amount of effort and expertise.
Businesses and consumers already started using cloud computing services as a facility
of data storage and collection as well as communication and collaboration (Simmhan
et al., 2008; Yogesh et al., 2009). The main benefit to businesses is the time and cost
saving of IT technical setup and troubleshooting which is highly valuable issue for
small firms. Actually small and mid-sized companies can benefit from cloud computing
by freeing up company’s employee resources to spend more time on increasing sales and
profits. However, there are many different types of clouds, as well as different types of
services offered. Each of which has a different types of issues and risks that has to be
addressed and studied before joining the cloud. Technically, the main weak bottleneck
of cloud computing is that it is purely based on the “Internet”. Although it is not very
likely with today’s technology, but if connectivity failed for one reason or another, the
whole business will freeze. This paper will review all relevant issues concerned with
businesses considering the utilization of the new cloud model. The drive behind the
theme of this paper was motivated by Carraher (2012a, 2012b) editorials, where a need of
study and investigations with empirical work related to management history was
identified. This paper review the history of IT and computer based management and
conclude with an empirical study to categorize the number and seriousness of
vulnerabilities in historical as well as modern management of systems like Cloud
Computing environment. Different theoretical and empirical issues for modern
management examining the Japanese and American history were also cited by Carraher
(2012c) editorial.
One major issue that is highly sensitive to the operation management of cloud
computing providers’ environment would be Ethics and its relation to employee and IT
professional behaviour. An interesting study related to culture and personality effects to
business ethics introduced by Therneau et al. (2014) where they studied the difference of
these criteria and its effect to business ethics in United stated and Japan. A similar study Evolution of
was conducted by Pučėtaitė et al. (2010) where they explored the interrelations between
organizational trust and ethics management tools where significant dependence has
vulnerabilities in
been found. Smith and Smith (2011) discussed the issues of assumptions involved the IT systems
Protestant work ethics and they found that there is a bias in management literature
concerning the protestant work ethics. Sabia (1996) discussed ethics from political point
of view in general and the problem of “dirty hands” in specific. Booth and Rowlinson 411
(2010) outlined the prospects for management and organizational history in ten different
points where one of them was related to evolution of ethics in history and reviewed
ethics of past business behavior.
In the relation of the study of ethical effect to employee behavior, Novicevic (2003)
studied the ethical behavior of employees in multinational corporations and focused on
the efficient way of socializing foreign country national employees into the domestic
organization of multinational corporations by appropriate communication of the code of
ethics. Later on, Carraher et al. (2006) also studied job satisfaction where they targeted
the Baltics and USA to predict the satisfaction with pay levels. The strongest predictor
was job tenure (not the initial expectation of compensation level). A more recent study
done by the same author (Carraher, 2011) investigating other parts of the world like
Estonia, Lativia and Lithuania. Wright (2006) discussed the development of job
satisfaction from historical point of view. Based on this, the author provided a practical
framework explaining the reason why job satisfaction became the most important
measure for worker happiness. Novicevic (2009) examined the religiosity as an
antecedent to moral identity as well as examining the mediating role of self-control and
found that dimensions of morality have different effects on the internalization and
symbolization of moral identity. Humphrey (2009) also investigated the role holder
impact on team effectiveness to develop a theory of the strategic core of teams. Their
theory suggests that certain team roles are most important for team performance and
that the characteristics of the role holders in the “core” of the team are more important
for overall team performance. (Moon et al., 2004) studied the team effectiveness from a
different angle where they viewed that a particular role is more core than other roles if it
has a greater exposure to the tasks that the team is performing. In effect, some role
holders may have greater responsibilities within the team. Researchers have noted that
work may be designed such that a role is responsible for performing a multitude of tasks
or relatively few tasks (Humphrey et al., 2007a, 2007b). Those roles that perform more
tasks or complete more of the work will make the greatest contribution toward team goal
achievement. Research has noted that the behavior and performance of the team are
influenced by the composition of its members (Humphrey et al., 2002; Kim, 1997; LePine
et al., 2001; Morgeson and Humphrey, 2008; Morgeson et al., 2005; Schmidt and Hunter,
1986)
After reviewing different historical background on IT management, IT
infrastructure, IT ethical evolution and IT Security vulnerabilities evolution, Cloud
types and services are explored from business perspectives and a comparative study of
different vulnerabilities were studied where each vulnerability is given a weight based
on the level of seriousness effect of this vulnerability as well as the level of confidence of
existing solution for these vulnerability. The final weighting factor would result from
multiplication of this factor with impact level factor in case of that vulnerability
occurred. Code of ethics and its relation to cloud services also explored in this article
JMH together with a review of most common malicious attack due to unethical behavior. The
move to the cloud requires supreme trust between businesses (the clients) and the cloud
20,4 providers. This trust is not easily established. Cloud providers have to prove to their
clients that all their professionals handing their data are of high ethical standards by
maintaining the integrity of the data they are handling. Hence, the comparative study
aims to evaluate the different vulnerabilities for generic IT systems as well as
412 evaluating the newly identified issues of cloud computing vulnerabilities.
Klotz et al. (2013) studied the historical counterproductive work behavior till today’s
performance and found out that as organizations became more complex, employees
found more ways to engage in counterproductive work experience. Spender (2004),
proposed a new approach towards asset evaluation as a part of knowledge management
of corporate assets.
With the advent of the concept of gender equity since Barnard’s introduction of the
concept, different results are reported on this relationship between pay, gender and job
satisfaction (Carraher et al., 2013; Novicevic et al., 2013a, 2013b). Barnard theory was not
the only management theory that was studied by researchers, for example, Wren (1995)
and Wren and Bedeyon (2009) discusses the contribution and influence of Henri Fayol
towards the development of management theory. More recently, Kurzynski (2012) has
also discussed Drucker’s model implementation to modern business community and its
relation to improve the framework for modern managerial behavior. Vauleon (2014), the
innovative Rousseau theory of management, and discussed the significant part of
Rousseau approach to management science as well as the individual’s subjection to
authority.
Cloud ethics
The above review of unethical/illegal IT attack techniques would be conducted by
individuals who have a reason for such unethical behavior which might have been
triggered by a situation in their working environment. For example, unethical behavior
could be triggered by angry un-ethical individuals fired from their positions and/or a
small business facing fierce competition […], etc. To rectify and minimize this unethical
behavior, it would not be enough to counterattack the malicious techniques by using
anti-virus technology/techniques. Proper management would be necessary to rectify
any possible problem in unethical IT behavior. Therefore, the issue is not really the
malware technology, but it is rather people-ware problem (Shaw et al., 1998). Because the
people are behind the creation and attack of the same systems, it would be necessary to
conduct psychological analysis of the information systems criminals to safeguard those
systems. Knouse et al. (2007) discussed the evolution of business code of ethics and how
they are influenced by ideology of the time regarding the social responsibility of
business while Trevinyo-Rodriguez (2007) discussed and classified the integrity trait of
JMH ethics in to three main categories of integrity: Personal, moral and organizational
integrity. As cloud computing business reliance increases, ethical implications would
20,4 also increase. Privacy and security with cloud-based services are the main concerns.
Appropriate action should be taken to ensure only authorized persons allowed to have
access to the shared active online data. Hence, a full trust of ethical behavior of
provider’s employees must exist in this case to avoid and violation in data access.
416
Historical background of it infrastructure evolution
IT infrastructure in corporate went through six stages of evolution where in each stage
a different configuration, infrastructure strategies were developed. It started with
general purpose mainframe in late 1950s which later was evolved into IBM 360 series
mainframe IBM360 was the first real commercial mainframe providing newly
developed model of multitasking and time sharing. IBM dominated the market from
1965 to 2005, where it was the main corporate data center data storage and computing
power By 1965, DEC Alpha minicomputers started to appear in the market offering
same facilities as mainframe with lower cost allowing a possibility to conveniently
decentralize computing power and, hence, the capability to introduce computing power
to each department in a business environment individually. It was around 1981 when
the first real commercial Personal Computers (PC) started to appear in the market with
the appearance of IBM PC using Disk Operating system (DOS) which later was
developed into Windows operating system. PCs started as standalone desktop
productivity computing system using for word processing, presentation and small data
management programs. It was early 1990s when PCs evolved into a networked PC
allowing communication with other devices mainly mainframe at that time where
TELNET protocol was used to emulate a terminal connectivity to the mainframe.
The environment was based on a mainframe providing all the services and
processing power required by the computing system and the PC was acting as the local
computing power to achieve the requested information. In 1983, the trend started to
change by the introduction of Client/Server environment where a PC or laptop in today’s
terminology (called Client) share the processing tasks and power with the server (a
mainframe or another PC with server service capability) to achieve common tasks. Most
businesses uses multitier of client/server environment and it allows the creation of new
business services like Internet Banking, for example. Such a feature allowed businesses
to distribute computing functionality to different departments or branches and, hence,
allowing better customer services by introducing more exploded applications. The
success of client/Server computing generated another problem to corporates where
integration problem arises in one geographical area. This is due to the different
applications developed by different departments and these applications are not
well-interfaced with each other creating disjointed applications into one business
environment.
By mid-1990, corporates started using standard networking protocols allowing
integration of these dis-jointed applications to compose an enterprise-wide
infrastructure. This networking mechanism was enhanced by the emergent of
Transmission control Protocol/Internetworking Protocol (TCP/IP 1995). TCP/IP is a
suite of protocols governing the network operations globally which is now termed as the
INTERNET. This technology not only solved the problem of joining the applications
but also allowed the mixture of different platforms into one environment. Nowadays,
enterprise network links different devices and platforms like MAC, PC Servers, mobile Evolution of
devices, phones […], etc. IT governance and security issues at this stage became a
highly important issue. The scope is that global enterprises would be able to deliver
vulnerabilities in
business services without any obstacle. However, this proves to be difficult to achieve IT systems
without appropriate security and protection mechanisms and standards. Hence, IT
governance started to became popular among organizations where the objective was
(and still is) to integrate all enterprise services and applications in a highly secured and 417
organized fashion keeping in mind the appropriate mechanism of businesses
operational and functional tasks. In today’s enterprise environment, IT is the center of
all other functionalities where finance, Inventory Control, Sales, Marketing […], etc.
departments are sharing one big infrastructure. Hence, the importance of developing a
well-organized infrastructure through enterprise IT governance emerged and became a
necessity.
Corporates realized this added complexity of integration and started initially by
developing their own data centers to accommodate all their business need globally while
maintaining protection and security of data and systems. This concept was later utilized
by some IT business to create “public” data centers where they were selling the
protection and security guarantees to other businesses by accommodating the
customers’ equipment in their extremely protected and secured environment. These
centers were termed as “Management Centers”. Dubai Internet City is an example of
such centers. This idea of Global Management Center was later elaborated into a virtual
center that can be located anywhere in the world where customer would have the
advantage of replicating their data for extra protection globally using the Internet. This
has led to the emergence of cloud computing concept where customers (in this case,
customer could be any business requesting services and application from IT cloud
computing provider) request services and application from cloud service provider. This
has an extremely new advantage, and it is changing the face of conducting businesses in
the future. New business does not have to initiate the required systems from scratch by
setting up the hardware including server initial cost and management, software initial
cost and maintainability, IT staff training and operation as well as system security and
ethical behavior monitoring. All these issues are handled by the cloud service provider
in return of a monthly fee. Also, businesses can start conducting the business in an
extremely short period where there is no set-up time for required systems when using
cloud computing services.
Access control and Brute force attack 1997 Mainframe, server 1 2 2 1.74 6.96
authentication DNS database contamination 1989 Mainframe, server 2 3 6 5.22
vulnerabilities
Physical security Server damage 1965 Mainframe, client, server 1 5 5 4.35 8.70
vulnerability Network damage 1980 Router, switch, cabling 1 5 5 4.35
Availability Physical disconnection 1980 Cabling 1 5 5 4.35 9.57
vulnerabilities Damaged services or DDOS 2000 System services 2 3 6 5.22
Application security Insecure developed software – Development methodology 2 3 6 5.22 10.43
vulnerabilities SQL injection 2001 Web applications 2 3 6 5.22
Personnel security IT staff security violations/ 1984 – 1 5 5 4.35 12.17
vulnerability criminal act
IT staff unethical behavior 1992 – 3 1 3 2.61
IT staff negligence 1992 – 3 2 6 5.22
Database security Data loss or corruption 1970 Storage Media 1 4 4 3.48 16.52
vulnerabilities Damaged backup tapes 1970s Tape, CD, 1 1 1 0.87
Data replicated location is 1970s Location, policy 1 2 2 1.74
not secure
Data Integrity is 1970s Database 2 4 8 6.96
compromised
Data contamination occurred 1970s Database 1 4 4 3.48
TCP/IP security Network eavesdropping 1989 Network Infrastructure 2 4 8 6.96 17.39
vulnerabilities Session hijack 2000 Network Infrastructure 1 4 4 3.48
Identity theft 2005 Network Infrastructure 2 4 8 6.96
Mobile devices BYOD security breach 2011 iPhones, iPad [. . .] 2 3 6 5.22 18.26
vulnerabilities Out of date application 2012 iPhones, iPad [. . .] 3 2 6 5.22
maintenance
Lack of comprehensive 2013 iPhones, iPad [. . .] 3 3 9 7.83
security services
history of IT
Table I.
List of evolved
vulnerabilities across
421
IT systems
Evolution of
vulnerabilities in
JMH of multiple types that emerged in an approximate date, as indicated from the discussions
in the previous sections. Using simple scoring techniques between 1 and 5, where 1 is
20,4 lowest and 5 is highest, vulnerability can be estimated based on the vulnerability type,
Availability of documented solution – if any and how recent emergent of such
vulnerability. In case of such an occurrence of any vulnerability type, the impact can
also be estimated based on the severity of such threat. Obviously, newly emerged
422 vulnerabilities with no standard and known solution would have the highest score.
Accordingly, the weighted score of each vulnerability type as well as vulnerability
category can be calculated with the percentage of each vulnerability category. This can
be shown in Figure 1 where it is obvious the new mobile technology using new platforms
like smartphones appears to be the highest, as this type of technology is still evolving
and applications/OS are not secured appropriately.
It should be noted that in this analysis, only the specific type issues for each
technology/platform considered to draw the weighted score. It is obvious, however, that
some of these vulnerabilities are embedded into other types of vulnerabilities. For
example, TCP/IP vulnerability can be part of overall cloud computing possible
vulnerabilities which will be discussed in the next section where issues related to cloud
computing will be explored and evaluated as well. It should also be noted that the score
of TCP/IP vulnerability is lower than the mobile access vulnerability. This is simply
because solutions to TCP/IP breach technique (unlike the new mobile access
vulnerability) are well-matured. It is only a matter of good implementation and
management of such solution steps to prevent any possible breach. As seen by Figure 1,
the highest possible current vulnerability is the access of systems via mobile devices.
This is due to the fact that businesses are encouraging bring their own devices (BYOD)
as part of company operations to increase productivity. However, mobile application
and systems are still relatively recent with immature security measure. This will
encourage hackers in the near future to target this weak “Access point” vulnerability via
mobile devices.
Figure 1.
Histogram of weighted
score percentage of
vulnerability category
Overview of cloud computing types and services Evolution of
Cloud computing is the new concept of IT utilization to drive businesses. The attraction
of cloud computing to businesses is that it reduces the IT infrastructure cost of the
vulnerabilities in
company by immediately providing the services to the businesses and, hence, cutting IT systems
the down time and cost to set-up process, as well as reducing the required skills within
the company. Cloud providers have proved to be very beneficial for the establishing
businesses that have the urge to quickly grow in future. There are three different types 423
of clouds and three different major services in the cloud. Large pools of resources
can be connected via private or public networks to provide dynamically scalable
infrastructures for application, data and file storage. Firms can choose to deploy
applications on Public, Private or Hybrid clouds. Cloud computing revolutionized the
concept of IT delivery by introducing the cloud technology in a form of services. Similar
to electric power service, cloud computing provided services where you “pay as you go”
in a form of metered service. Businesses can choose from three main services offered by
cloud providers. The list of different cloud types and services is as follows:
• Public clouds: Public clouds operated by third-party providers, allowing customers
to benefit from reducing infrastructure costs as it is spread across all users. The
main advantage of public cloud infrastructures is that they are typically larger in
scale than an in-house developed enterprise cloud, which improved the
“on-Demand” scalability. As it is operated and managed by a third party, all
customers share the same infrastructure configuration and security protection.
Initial cost is minimal, but if data are stored for a long period, it proves to be
expensive. Accessibility, availability and reliability criteria make the pubic cloud
more popular than private cloud.
• Private cloud: Private clouds are specifically built for individual enterprise
allowing them to host applications in the cloud, while addressing concerns
regarding data security and control, which is often lacking in a public cloud
environment. Initial cost is expensive, but gets minimal at later stages of using it
as a service. There are two variations of private clouds, the externally hosted and
the internally hosted. The externally hosted cloud is facilitated by service provider
with full guarantee of privacy which is usually preferred for organizations trying
to avoid risks due to shared resources. The internally hosted cloud is built within an
organization’s own data center. Although there is a limitation to size and
scalability, complete control and configuration management is under the internal
administration.
• Hybrid cloud: Takes the best of both options where organization can partially or
fully control the cloud provided by third-party cloud providers. Hence, control
flexibility and on-demand scalability are available in this type of cloud.
• Infrastructure as a service: Infrastructure as a service (IAAS) is the cloud model in
which an organization outsources the equipment used to support operations,
including storage, hardware, servers and networking components. The service
provider owns the equipment and is responsible for housing, running and
maintaining it. Clients typically pay on a “per-use” basis, in return, service
providers guarantee administrative automation as well as Internet secure
connectivity with dynamic scalability. IAAS is popular in the data center where
software and servers are purchased as a fully outsourced service and usually
JMH billed on usage and how much of the resource is used – compared to the traditional
method of buying software and servers outright, IAAS is an excellent mechanism
20,4 to start the required business application quickly and with minimum cost and
effort.
• Software as a service: Software as a service (SAAS) is a cloud model where
software applications hosted by the service providers and made available to
424 customers/subscribed organizations via the Internet. SAAS is becoming more
popular as the Web services like service-oriented architecture (SOA) are
well-developed and maintain high reliability. Tremendous benefits from SAAS
delivery starting from easier administration and, hence, lower maintenance costs.
This would be inclusive of all necessary patches and updates, insuring
compatibility across multiple platforms and more efficient collaboration via global
accessibility.
• Platform as a service: Platform as a service (PAAS) is an extension of SAAS. On
top of SAAS, it is a way to rent hardware, operating systems, storage and network
capacity over the Internet. PAAS allow customers to run their own application
and/or develop and test new ones. This would result in benefits to developers
where necessary operating system features can be updated whenever needed as
well as allowing software development team to collaborate globally.
Perhaps, the main advantage mobility access of information was the improved
productivity from an employee, as it allows ease and fast information exchange for
corporates, and hence most corporates allow their employees to BYOD and started to
gain popularity by 2011.
Hence, a policy was needed for such new concept emerged in the corporate strategy
of processing information. BYOD security relates strongly to the end node problem,
wherein a device is used to access both sensitive and risky networks/services. BYOD Evolution of
can result in data breaches in case of phone loss and accessed by untrusted person(s)
who can view and edit any unsecured data on the phone. Also, when the employee leaves
vulnerabilities in
the company, company data may still be present on their own devices. Mobility access IT systems
to cloud computing environment is easy to setup and become available (a score of 1 was
given). However, possible access to sensitive information due to flaws in some mobile
application might be disastrous (impact value ⫽ 5). 427
Conclusion
Cloud computing is a relatively new concept in IT where the projections seems to be
interesting and evolving into a better standardized models for business environment.
Just like any newly evolved system, new vulnerabilities emerge. This paper surveyed
and reviewed the different evolved vulnerabilities across the history of IT systems
inclusive of today’s new emergent cloud computing technology. Business perspective of
cloud computing has also been reviewed where issues related to security and ethics of
cloud service provider professionals have been identified with suggestions to
businesses to be ready before joining the cloud. Moving to the cloud would require
technical preparation and managerial actions to control and protect businesses when
joining the cloud. Full trust is an essential factor between businesses and cloud service
provider. As such, businesses (cloud service clients) need to be assured that all
protection mechanisms have been adopted to avoid any possibility of issues mentioned
in this paper. Ethics is one of the main issues of concern towards establishing full trust
and reducing vulnerabilities, and hence ethical evolution inclusive of business ethics
and IT ethics was also reviewed in this paper. Just like any other IT system, newly
emerged technology comes with newly emerged vulnerabilities. Hence, the study
conducted in this paper shows that mobility access is currently the highest vulnerability
score (18.26 per cent) for generic information systems (Figure 1) where it could lead to
the possible future “point of access” vulnerabilities due to the immature nature of
secured mobile devices/applications, as well as, businesses allowing “BYOD” to
enhance productivity. For cloud computing-specific issues mentioned in this paper,
mobility access was also high (10.42 per cent); however, as IT ethical behavior among IT
professional is of utmost importance, cloud ethics indicates the highest score of 18.75 per
cent (Figure 2). Obviously, other generic vulnerability types (Table I) mentioned in this
Figure 2.
Histogram showing
vulnerability issues
related to cloud
computing
JMH Difficulty Impact in % Cloud
20,4 level to case of Weighted issue
Cloud issue Related operations achieve flaws score vulnerability
References
Al-A’ali, M. (2008), “Computer ethics for the computer professional from an Islamic point of view”,
Journal of Information, Communication & Ethics in Society, Vol. 6 No. 1, pp. 28-45.
Booth, C. and Rowlinson, M. (2010), “Management and organizational history: prospects”,
International Journal of Managing Information Technology (IJMIT), Vol. 2 No. 4.
Carraher, S.M. (1998), “Validation of an instrument to measure service-orientation”, Journal of
Quality Management, Vol. 3 No. 2, pp. 211-224.
Carraher, S.M. (2007), “Ethics among German entrepreneurs: what is important for good leaders?”,
Proceedings of the Academy of Entrepreneurship, Reno, NV.
Carraher, S. (2011), “Turnover prediction using attitudes towards benefits, pay, and pay
satisfaction among employees and entrepreneurs in Estonia, Latvia, and Lithuania”, Baltic
Journal of Management, Vol. 6 No. 1, pp. 25-52.
Carraher, S. (2012a), “The future of the Journal of Management History”, Editorial Article, Journal
of Management History, Vol. 18 No. 1.
Carraher, S. (2012b), “Global and empirical management history?”, Editorial Article, Journal of
Management History, Vol. 18 No. 3.
Carraher, S. (2012c), “Social entrepreneurship: interviews, journal surveys, and measures“,
Editorial Article, Journal of Management History, Vol. 18 No. 4.
Carraher, S.M., Gastrock, A.S. and Jon and Serrate (2013), An Ethics & Student Involvement in
Research, Faculty Forum St Antony’s College, Oxford University, Oxford.
Carraher, S.M., Gibson, J.W. and Buckley, R.M. (2006), “Compensation satisfaction in the Baltics
and the USA”, Baltic Journal of Management, Vol. 1 No. 1, pp. 7-23.
Dickerson, D.B., Kouzmin, A. and Korac-Kakabadse, N. (2006), “Taking ideology out of ethics:
from failed business strategies to new cross-cultural platforms”, Baltic Journal of
Management, Vol. 1 No. 3, pp. 285-299.
Feldman, S.P. (1996), “The disinheritance of management ethics: rational individualism in
Barnard’s”, Journal of Management History (Archive), Vol. 2 No. 4, pp. 34-47.
Fernández, S. (2010), “Re-discovering Barnard: the functions of the […] leader? Highlighting Evolution of
Chester Barnard’s contributions for the twenty-first century business executive”, Journal of
Management History, Vol. 16 No. 4, pp. 468-488. vulnerabilities in
Gould, J.W. (1999), “Ethics: a pencil case”, Journal of Management History (Archive), Vol. 5 No. 8, IT systems
pp. 506-515.
Humphrey, S.E. (2009), “Developing a theory of the strategic core of teams: a role composition
model of team performance”, Journal of Applied Psychology, Vol. 94 No. 1. 429
Humphrey, S.E., Hollenbeck, J.R., Meyer, C.J. and Ilgen, D.R. (2002), “Hierarchical team decision
making”, in Ferris, G.R. and Martocchio, J.J. (Eds), Research in Personnel and Human
Resources Management, Vol. 21, Elsevier Science, Amsterdam, pp. 175-214.
Humphrey, S.E., Hollenbeck, J.R., Meyer, C.J. and Ilgen, D.R. (2007a), “Trait configurations in
self-managed teams: a conceptual examination of the use of seeding to maximize and
minimize trait variance in teams”, Journal of Applied Psychology, Vol. 92 No. 3,
pp. 885-892.
Humphrey, S.E., Nahrgang, J.D. and Morgeson, F.P. (2007b), “Integrating motivational, social,
and contextual work design features: a met analytic summary and theoretical extension
of the work design literature”, Journal of Applied Psychology, Vol. 92 No. 5,
pp. 1332-1356.
Ifinedo, P. and Ifinedo, A. (2011), “A snapshot of key information systems (IS) issues in Estonian
organizations for the 2000s”, Baltic Journal of Management, Vol. 6 No. 2, pp. 163-178.
Jiang, J. and Klein, G. (2000), “Supervisor support and career anchor impact on the career
satisfaction of the entry-level information systems professional”, Journal of Management
Information Systems, Vol. 16 No. 3, pp. 219-240.
Jensen, M. (2009), “On technical security issues in cloud computing”, IEEE International
Conference in Cloud Computing, pp. 109-116.
Kassicieh, M., Igbaria, S.K. and Silver, M. (1999), “Career orientations and career success among
research, and development and engineering professionals”, Journal of Engineering and
Technology Management, Vol. 16 No. 1, pp. 29-54.
Kemp, L. and Kemp, J. (2013), “Modern to postmodern management: developments in scientific
management”, Journal of Management History, Vol. 19 No. 3, pp. 345-361.
Kim, P.H. (1997), “When what you know can hurt you: a study of experimental effects on group
discussion and performance”, Organizational Behavior and Human Decision Processes,
Vol. 69, pp. 165-177.
Kivipõld, K. and Vadi, M. (2010), “A measurement tool for the evaluation of organizational
leadership capability”, Baltic Journal of Management, Vol. 5 No. 1, pp. 118-136.
Klotz, A., Klotz, C. and Buckley, M.R. (2013), “A historical perspective of counterproductive work
behavior targeting the organization”, Journal of Management History, Vol. 19 No. 1,
pp. 114-132.
Knouse, S.B., Hill, V.D. and Hamilton, J.B. III (2007), “Curves in the high road: a historical analysis
of the development of American business codes of ethics”, Journal of Management History,
Vol. 13 No. 1, pp. 94-107.
Kotri, A. and McKenzie, B. (2010), “Mass customization and system development: case findings
from the packaging industry”, Baltic Journal of Management, Vol. 5 No. 1, pp. 100-117.
Kouatli, I. (1993), “Design of a fuzzy multivariable technique based upon human behavior”, Two
Decades of Fuzzy Control – Part 2, IEEEXplore, London.
JMH Kouatli, I. (1994), “A simplified fuzzy multi-variable structure in a manufacturing environment”,
Journal of Intelligent Manufacturing, Vol. 5 No. 6, pp. 365-387.
20,4 Kouatli, I. (2008), “Definition and selection of fuzzy sets in genetic-fuzzy systems using the concept
of fuzzimetric arcs”, Kybernetes, Vol. 37 No. 1, pp. 166-181.
Kouatli, I. (2011), “Multivariable decision making process using the concept of genetic fuzzimetric
technique”, ICIC Express Letters, Vol. 5 No. 9A.
430 Kouatli, I. (2013), “A biologicaly inspired decision model for multi variable genetic-fuzzy-AHP
system”, Procedia Computer Science, Vol. 22, pp. 2-9.
Kouatli, I. (2014), “A guide to the business protection from un-ethical IT behaviors”, scheduled to
be published in International Journal of Trade and Global Markets, in press, Inderscience,
www.inderscience.com/info/ingeneral/forthcoming.php?jcode⫽ijtgm
Kouatli, I. and Balozian, P. (2011), “Theoretical versus practical perception of IT ethics in
Lebanon”, Society of Interdisciplinary Business Research (SIBR) 2011 Conference on
Interdisciplinary Business Research, 22 June, available at: http://papers. ssrn. com/sol3/
papers. cfm?abstract_id⫽1869432
Kouatli, I. and Beyrouti, N. (2010), “Student performance expectation system using genetic
fuzzimetric technique”, Review of Business Research, Vol. 10 No. 2.
Kouatli, I. and Khayat, H. (2010), “FIE: a generic decision making tool with an example of CRM
analysis”, European Journal of Management EJM, Vol. 10 No. 2, pp. 64-72.
Kouatli, I. and Jones, B. (1990), “A guide to the design of fuzzy control systems for manufacturing
processes”, International Journal of Intelligent Manufacturing, Vol. 1 No. 4, pp. 231-244.
Kouatli, I. and Jones, B. (1991), “An improved design procedure for fuzzy control systems”,
International Journal of Machine Tool and Manufacture, Vol. 31 No. 1, pp. 107-122.
Kurzynski, M. (2012), “Peter Drucker: modern day Aristotle for the business community”, Journal
of Management History, Vol. 18 No. 1, pp. 6-23.
LePine, J.A. and VanDyne, L. (2001), “Voice and Cooperative behavior as contrasting forms of
contextual performance: evidence of differential relationships with big five personality
characteristics and cognitive ability”, Journal of Applied Psychology, Vol. 86 No. 2,
pp. 326-336.
Maamari, B. and Chaanine, J. (2013), “Job satisfaction of the modern information-system-using
nurse in Lebanon”, Journal of Technology Management in China, Vol. 8 No. 2, pp. 120-136.
Maamari, B. and Messarra, L. (2012a), “An empirical study of the relationship between
organizational climate and organizational citizenship behavior”, European Journal of
Management, Vol. 16 No. 2, pp. 165-174.
Maamari, B. and Smith, M. (2012b), “What is the impact of the use of information systems on job
satisfaction in the commercial bank sector in Lebanon?”, in Producing New Knowledge on
Innovation Management, PUG, Grenoble.
Malcolm, S.B. and Hartley, N.T. (2009), “Peter F. Drucker: ethics scholar par excellence”, Journal of
Management History, Vol. 15 No. 4, pp. 375-387.
Maner, W. (1980), Starter Kit in Computer Ethics, Helvetia Press, published in cooperation with
the National Information and Resource Center for teaching Philosophy, Originally
self-published by Maner in 1978.
Meczynska, A., Kmieciak, R. and Michna, A. (2014), “A decision support method for poorly
structured problems in school management”, Baltic Journal of Management, Vol. 9 No. 1,
pp. 91-112.
Mihhailova, G. (2009), “Management challenges arising from the use of virtual work”, Baltic Evolution of
Journal of Management, Vol. 4 No. 1, pp. 80-93.
Morgeson, F.P., Delaney-Klinger, K.A. and Hemingway, M.A. (2005), “The importance of job
vulnerabilities in
autonomy, cognitive ability and job-related skill for predicting role breadth and job IT systems
performance”, Journal of Applied Psychology, Vol. 90 No. 2, pp. 399-406.
Moon, H., Hollenbeck, J.R., Humphrey, S.E., Ilgen, D.R., West, B., Ellis, A.P.J. and Porter, C.O.L.H.
(2004), “Asymmetric adaptability: dynamic team structures as one-way streets”, Academy 431
of Management Journal, Vol. 47 No. 5, pp. 681-695.
Moor, J. (1985), “What is computer ethics?”, Metaphilosophy, Vol. 16 No. 4, pp. 266-275.
Morf, D., Flesher, D.L., Mario, H., Stephanie, P. and Caroline, H. (2013), “Shifts in corporate
accountability reflected in socially responsible reporting: a historical review”, Journal of
Management History, Vol. 19 No. 1, pp. 87-113.
Morgeson, F.P. and Humphrey, S.E. (2008), “Job and team design: toward a more integrative
conceptualization of work design”, in Martocchio, J. (Ed), Research in Personnel and Human
Resource Management, Vol. 27, Emerald Group, Bradford, pp. 39-92.
Mullikin, A. and Syed, R. (2010), “The ethical dilemma of the USA government wiretapping”,
International Journal of Managing Information Technology (IJMIT), Vol. 2 No. 4.
Nam, D. and Lemak, D.J. (2007), “The whistle-blowing zone: applying Barnard’s insights to a
modern ethical dilemma”, Journal of Management History, Vol. 13 No. 1, pp. 33-42.
Novicevic, M.M. (2003), “Socializing ethical behavior of foreign employees in multinational
corporations”, Business Ethics, Vol. 12 No. 3.
Novicevic, M.M. (2008), “Self-evaluation bias of social comparisons in ethical decision making: the
impact of accountability”, Journal of Applied Social Psychology, Vol. 38 No. 4.
Novicevic, M.M. (2009), “Religiosity and moral identity: the mediating role of self-control”, Journal
of Business Ethics, Vol. 88 No. 4.
Novicevic, M.M. (2011), “Integrating Barnard’s and contemporary views of industrial relations
and HRM”, Journal of Management History, Vol. 17 No. 1.
Novicevic, M.M., Zikic, J., Martin, J., Humphreys, J.H. and Roberts, F. (2013a), “Responsible
executive leadership: a moral- identity analysis based on Barnard’s conceptualization”,
Journal of Management History, Vol. 19 No. 4, pp. 474-491.
Novicevic, M.M., Humphreys, J.H., Buckley, M.R., Roberts, F., Hebdon, A. and Kim, J. (2013b),
“Teaching as constructive-developmental leadership: insights from Mary Follett”, Journal
of Management History, Vol. 19 No. 4, pp. 423-440.
Palaima, T. and Skaržauskienė, A. (2010), “Systems thinking as a platform for leadership
performance in a complex world”, Baltic Journal of Management, Vol. 5 No. 3, pp. 330-355.
Pučėtaitė, R., Lam̈sä, A.-M. and Novelskaite, A. (2010), “Building organizational trust in a
low-trust societal context”, Baltic Journal of Management, Vol. 5 No. 2, pp. 197-217.
Pundziene, A., Kundrotas, V. and Lydeka, Z. (2006), “Management challenges in rapidly growing
Lithuanian enterprises”, Baltic Journal of Management, Vol. 1 No. 1, pp. 34-48.
Sabia, D.R. Jr (1996), “Weber’s political ethics and the problem of dirty hands”, Journal of
Management History (Archive), Vol. 2 No. 1, pp. 6-20.
Schmidt, F.L., Hunter, J.E. and Outerbridge, A.N. (1986), “Impact of job experience and ability on
job knowledge, work sample performance, and supervisory ratings of job performance”,
Journal of Applied Psychology, Vol. 71 No. 3, pp. 432-439.
Schwartz, M. (2007), “The “business ethics” of management theory”, Journal of Management
History, Vol. 13 No. 1, pp. 43-54.
JMH Shaw, E., Ruby, K.G. and Post, J.M. (1998), “The insider threat to information systems”, Security
Awareness Bulletin, Vol. 2 No. 98, p. 1, available at: www.pol-psych.com/sab.pdf
20,4 Simmhan, Y., Barga, R., van Ingen, C., Lazowska, E. and Szalay, A. (2008), “On building scientific
workflow systems for data management in the cloud”, Fourth IEEE International
Conference on eScience, Indianapolis, IN, 7-12 December.
Skurvydas, A., Kundrotas, V., Valantiniene, I. and Valančiene, D. (2013), “Complex dynamic
432 systems – new management paradigm: fashion or necessity?”, Baltic Journal of
Management, Vol. 8 No. 1, pp. 66-78.
Smith, V.O. and Smith, Y.S. (2011), “Bias, history, and the protestant work ethic”, Journal of
Management History, Vol. 17 No. 3, pp. 282-329.
Solberg, C.A. and Olsson, U.H. (2010), “Management orientation and export performance: the case
of Norwegian ICT companies”, Baltic Journal of Management, Vol. 5 No. 1, pp. 28-50.
Spender, J.C. (2003), “Exploring uncertainty and emotion in the knowledge-based theory of the
firm”, Information Technology & People, Vol. 16 No. 3.
Spender, J.C. (2004), “Measuring knowledge assets ⫾ implications of the knowledge economy for
performance measurement”, Measuring Business Excellence, Vol. 8 No. 1.
Spender, J.C. (2005), “Speaking about management education: some history of the search for
academic legitimacy and the ownership and control of management knowledge”,
Management Decision, Vol. 43 No. 10.
Stahl, B.C., McBride, N. and Elbeltagi, I. (2010), “Development and emancipation: the information
society and decision support systems in local authorities in Egypt”, Journal of Information,
Communication and Ethics in Society, Vol. 8 No. 1, pp. 85-107.
Therneau, A.M., Carraher, S.M., Ramu, V., Charles, A. and AGBA (2014), Proceedings of AGBA
Thailand Chapter Inaugural Conference, Bangkok.
Trevinyo-Rodríguez, R.N. (2007), “Integrity: a systems theory classification”, Journal of
Management History, Vol. 13 No. 1, pp. 74-93.
Vauleon, F. (2014), “Jean-Jacques Rousseau and the science of management: the illusion of free
will”, Journal of Management History, Vol. 20 No. 1, pp. 99-113.
Weizenbaum, J. (1966), “Eliza – a computer program for the study of natural language
communication between man and machine”, Communications of the ACM, Vol. 9 No. 1,
pp. 46-45.
Wiener, N. (1950), The Human Use of Human Beings, first published 1950; 1954, Houghton
Mifflin.
Wren, D.A. (1995), “Henri Fayol: learning from experience”, Journal of Management History,
Vol. 1 No. 3.
Wren, D.A. and Bedeyon, A. (2009), The Evolution of Management Thought, 6th ed., Wiley.
Wright, T.A. (2006), “The emergence of job satisfaction in organizational behavior”, Journal of
Management History, Vol. 12 No. 3, pp. 262-277.
Yogesh, S., Van Ingen, C., Subramanian, G. and Li, J. (2009), “Bridging the gap between the gap
between the cloud and an eScience application platform”, Microsoft Research Tech Report
MSR-TR-2009-2021, 2010 IEEE 3rd International Conference on Cloud Computing, Miami
Marriott, FL.
Zernand-Vilson, M. and Elenurm, T. (2010), “Differences in implementing management and
organization development directions between domestic and foreign companies in Estonia”,
Baltic Journal of Management, Vol. 5 No. 1, pp. 82-99.
Further reading Evolution of
Carraher, S.M., Courington, J. and Burgess, S. (2008), “The design of the SBI model graduate
program in entrepreneurship that encourages entrepreneurship, ethics, and leadership in
vulnerabilities in
health care management and public service”, International Journal of Family Business, IT systems
Vol. 5 No. 1, pp. 3-6.
Carraher, S.M. and Whitely, W. (1998), “Motivations for work and their influence on pay across six
countries”, Global Business and Finance Review, Vol. 3 No. 1, pp. 49-56. 433
Dagher Grace, K. (2014), “A conceptual examination of the cultural intelligence construct”,
Proceeding of AGBA Thailand Chapter Inaugural Conference, Vol. 10 No. 2.
Igbaria, M. and Guimaraes, T. (1993), “Antecedents and consequences of job satisfaction among
information center employees”, Journal of Management Information Systems, Vol. 9 No. 4,
pp. 145-174.
Krebs, B. (2003), “A short history of computer viruses and attacks”, WA Post, available at: www.
securityfocus.com
Corresponding author
Issam Kouatli can be contacted at: issam.kouatli@lau.edu.lb