Wtàt fxvâÜ|àç tÇw cÜ|ätvç

XÇw@âáxÜ cxÜáÑxvà|äx Éy tÇ \Çá|z{à |ÇàÉ Åt}ÉÜ `tÜ~xà|Çz V{tÄÄxÇzxá ytvxw uç VÄÉâw VÉÅÑâà|Çz ixÇwÉÜá
Submitted to

UNIVERSITY OF WALES LAMPETER
In partial fulfilment of the requirement for the degree of

MASTER OF BUSINESS ADMINISTRATION (Marketing)

Under the Professional Guidance of Prof. MARTIN KENDER By

RAJIV UTTAMCHANDANI Student ID: 084129-81 University ID: 28002330

June 2010

i

DECLARATION
This work has not previously been accepted in substance for any degree and is not being concurrently submitted in candidature for any degree.

I, Rajiv Uttamchandani, the undersigned, hereby confirm this dissertation submitted for the partial fulfilment of the requirements for the Master’s Degree in Business Administration (MBA) – Marketing, is my own and expressed in my own words. The findings obtained from this study are a result of my own investigation and has not be previously submitted in any college / university for any degree. The work of other authors used within this research are stated explicitly and acknowledged at the point of their use. A complete list of references has been appended towards the conclusion of the research.

I hereby give my consent for my dissertation, if accepted, to be available for photocopying and for inter-library loan, and for the title and summary to be made available to outside organisations.

Signed: ……………………………………….

Date: …………………………………………

ii

ACKNOWLEDGEMENT

I am delighted in taking this opportunity to thank all those who made this research study possible. This dissertation right from the outset is an outcome of the motivation bestowed upon me by many special people who took time off their busy schedules and guided me throughout this period.

Strategists like Teddy Foster, also a lecturer at College of Technology London, and experts in the field of Information Technology, Simon Hall and Nipun Mistry with their sheer experience guided me at the initial stages well-before this research could manifest. I am thankful to the staff members of the College of Technology London, for participating in the pilot survey to test the questionnaire design. I am also indebted to Dr. Jill Venus from the University of Wales Lampeter, for helping me spur up the performance towards the closing phase of the research. Her statement “Usually I do not check Marketing dissertations. However, I would be waiting to see this piece of work” was enough to encourage me keep up with the hard-work and dedication to be able to conclude this research work with the same passion as it began.

I owe my deepest gratitude to Professor. Martin Kender, my supervisor and guide throughout the course of this research. His professional guidance and expertise about business research methods was immaculate, to say the least. I am obliged to have attended all the intellectual supervision sessions during this entire period enhancing my knowledge about business research methods and do justice to the topic of this study.

I would also like to thank my family and friends, back home for their continued support and motivation which was inspirational in keeping me determined to do well right the way through.

iii

ABSTRACT
The purpose of this research was to identify and explore the end-users perspective towards marketing challenges of security and privacy, a core issue which has emerged with the introduction of Cloud Computing. The presence of these challenges has made it difficult for the cloud-vendors to penetrate into the market in spite of the hype “Cloud-Computing” has received. This study helps the cloud-vendors to identify the end-user characteristics, their beliefs, attitudes and perceptions in reference to the acceptance of cloud services in the midst of the security and privacy concerns revolving around this technology. The researcher has reviewed literature about acceptance of technology like the Technology Acceptance Model, Theory of Reasoned Action, followed by focussing on marketing literature available on HighTech Innovations. Understanding the High-Tech Marketing environment was pivotal in determining the different kinds of uncertainties from organisations viewpoint, which influence the Cloud-computing end-users. However, most of the authors have ignored the end-users perspective in their studies. This investigation commenced by joining end-users through Google® Groups and LinkedIn® discussion forums. The webinars were a mode of entry tool to grasp knowledge about characteristics of the end-users. The primary data collection method employed for this research was survey questionnaire to reach and gather responses from as many end-users as possible which can represent a sample of the research population considering the growing number of end-users of Cloud Computing. The findings demonstrate the effects of culture, different factors considered by end-users based on their characteristics in the acceptance of Cloud computing, not only as a secured option, but also one which can protect confidential data. The research contributes significantly as it studies end-user behaviour in acceptance of cloud computing which has paved the road-ahead for cloud-vendors in adapting, planning and developing a sound business plan for successful adoption of cloud computing technology solutions. Through this study, the enormous popularity of this technology is further extended, as its focus is on suiting the needs of end-users, which is one of the key determinants of successful adoption of technology.

iv

TABLE OF CONTENTS
CHAPTER NAMES PAGE NO
1 2 3 5 8 8 11 11 14 16 16 19 19 20 21 21 22 26 27 30 30 31 31 32 32 33 33 34 36 37 38

1. INTRODUCTION …………………………………………………………........ 1.1. What is Cloud Computing? …….................................................. 1.2. Using Cloud Computing? .………………………………………………. 1.3. Research Overview ………………………………………………………. 2. LITERATURE REVIEW ……………………………………………………. 2.1. Technological Changes ......…………………………………………… 2.2. Marketing Theories relevant to acceptance of technology......... 2.2.1. Characterizing High-Tech Marketing Environments ……… 2.2.2. Diffusion of Innovations Theory………………………………... 2.2.3. Theory of Reasoned Action and Technology Acceptance Model ……………………………...... 2.2.4. High-Efforts Hierarchy of Effects ……………………………... 2.3. The New Cloud Model ………………………………………………...... 2.3.1. Communication-as-a-Service ……………………………...….. 2.3.2. Infrastructure-as-a-Service …………………………….….…... 2.3.3. Platform-as-a-Service ……………………………………..…….. 2.3.4. Software-as-a-Service …………………………………..………. 2.4. Privacy and Security Issues ………………………………….……….. 2.5. The Role of Open-source Software and Virtualization…………... 2.6. Culture and Technology ………………………………………………… 3. RESEARCH METHODOLOGY ……………………………………………. 3.1. Research Approach : Inductive ………………..……………………… 3.2. Research Philosophy: Interpretivism ……………………................ 3.3. Research Strategy ………………………………………………………. 3.3.1. 3.3.2. 3.3.3. 3.3.4. 3.3.5. 3.3.6. 3.3.7. 3.3.8. Quantitative Research ……………………………………………. Participants …………………………………………………………. Gaining Access …………………………………………………….. Sampling: Self-Selection Sampling …………………………….. Questionnaire Design ……………………………………………... Data Analysis & Data Presentation …………………………….. Reliability & Validity ……………………………………………….. Ethical Consideration ………………………………………………

v

4. FINDINGS ………………………………………………………………………… 4.1. Key Facts …………………………………………………………………… 4.2. Respondent Statistics …………………………………………………… 4.3. Survey Responses ……………………………………………………….. 5. DISCUSSION AND ANALYSIS ……………………………………………….. 6. CONCLUSION …………………………………………………………………... 6.1. Research Aims – Restated ……………………………………………… 6.2. Summary of the Findings ……………………………………………….. 6.3. Significance of the Research ………………………………………….. 7. RECOMMENDATIONS …………………………………………………………. 8. LIMITATIONS OF THE RESEARCH …………………………………………..

40 41 42 42 54 83 83 84 86 89 91

9. AREAS OF FURTHER RESEARCH …………………………………………… 92 REFERENCES ……………………………………………………………………. 94 APPENDICES………..………………………………………………………….… 103 RECORD OF MEETINGS ……………………………………………………….. 108

vi

TABLE OF FIGURES
FIGURE 1.1: WHAT IS CLOUD AND WHAT’S IN IT? …………………………………… FIGURE 2.1: THE TECHNOLOGY S-CURVE ………...………………………………….. FIGURE 2.2: CHARACTERIZING HIGH-TECH MARKETING ENVIRONMENTS ….. FIGURE 2.3: STAGES IN THE DIFFUSION OF INNOVATION ………………………… FIGURE 2.4: THE NEW CLOUD MODEL ………………………………………………….. FIGURE 2.5: ISSUES RELATED TO CLOUD COMPUTING ……………………………. FIGURE 2.6: VIRTUALIZATION ……………………………………………………………. FIGURE 3.1: TYPES OF QUESTIONNAIRES …………………………………………….. FIGURE 4.1: PRIMARY FINDINGS - AGE RATIO ……………………………………….. FIGURE 4.2: PRIMARY FINDINGS - GENDER RATIO ………………………………….. FIGURE 4.3: PRIMARY FINDINGS - ETHNIC BACKGROUND………………………… FIGURE 4.5: PRIMARY FINDINGS - CLOUD-COMPUTING AWARENESS………….. FIGURE 4.6: PRIMARY FINDINGS - USAGE DETERMINANTS……………………….. FIGURE 4.7: PRIMARY FACTORS CONSIDERED BEFORE TECHNOLOGY ACCEPTANCE ………………………………... FIGURE 4.8: INDIVIDUAL INNOVATIVENESS …………………………………………. FIGURE 4.9: TECHNOLOGY-ACCEPTANCE FACTORS………………………………. FIGURE 4.10: SECURITY DILEMMA ………………………………………………………. FIGURE 4.11: PRIVACY DILEMMA ………………………………………………………… FIGURE 4.12: SECURITY MEASURES ……………………………………………………. FIGURE 5.1: USE OF OPEN-ACCESS, FLEXIBLE STORAGE AT COST OF RISKS FOR SENSITIVE DATA ……………………………………………………… FIGURE 5.2: USE OF OPEN-ACCESS, FLEXIBLE STORAGE AT COST OF RISKS FOR NON-SENSITIVE DATA ……………………………………………….. FIGURE 5.3: NO INTERFERENCE PREFERRED AGAINST FREE STORAGE – SENSITIVE DATA …………………………………….. FIGURE 5.4: NO INTERFERENCE PREFERRED AGAINST FREE STORAGE – NON-SENSITIVE DATA ……………………………... FIGURE 5.5: USING WEB-SPACE WHICH OFFERS UPLOADING EASE SENSITIVE DATA…………………………………………………………….. FIGURE 5.6: USING WEB-SPACE WHICH OFFERS UPLOADING EASE NON-SENSITIVE DATA……………………………………………………… FIGURE 5.7: OBSERVING PEER EXPERIENCES & FEELING SECURED – SENSITIVE DATA …………………………………………………………… FIGURE 5.8: OBSERVING PEER EXPERIENCES & FEELING SECURED NON-SENSITIVE DATA ……………………………………………………. 62 61 60 60 59 58 57 56 48 49 50 51 52 53 2 10 12 15 21 25 22 35 42 43 44 46 47

FIGURE 4.4: PRIMARY FINDINGS - LINGUISTIC PREFERENCES……………………. 45

vii

FIGURE 5.9: IMPORTANCE OF KNOWLEDGE ABOUT PHYSICAL DATA LOCATION TO END-USERS BASED ON THEIR WEB USAGE ……….. 64 FIGURE 5.10: IMPORTANCE OF KNOWLEDGE ABOUT PHYSICAL DATA LOCATION TO END-USERS BASED ON THEIR AWARENESS...…….. 65 FIGURE 5.11: IMPORTANCE OF KNOWLEDGE ABOUT PHYSICAL DATA LOCATION TO END-USERS BASED ON THEIR INNOVATIVENESS… 66 FIGURE 5.12: IMPORTANCE OF SECURITY MEASURES BASED ON INDIVIDUAL INNOVATIVENESS ………………………………………… FIGURE 5.13: IMPORTANCE OF SECURITY MEASURES ON ALL END-USERS…. FIGURE 5.14: CULTURE-WISE DISTRIBUTION OF END-USERS WILLINGNESS TO USE OPEN-ACCESS FLEXIBLE SOLUTIONS EVEN AT RISK OF DATA SHARING… 71 FIGURE 5.15: CULTURE-WISE DISTRIBUTION OF END-USERS WANTING NO INTERFERENCE WITH PERSONAL DATA ………………………………………………… 71 FIGURE 5.16: CULTURE-WISE DISTRIBUTION OF END-USERS PREFERRING TO USE WEB-SPACE DUE TO ITS EASE IN UPLOADING …………... 73 FIGURE 5.17: CULTURE-WISE DISTRIBUTION OF END-USERS WHO OBSERVE OTHERS EXPERIENCES IN FEELING SECURED ABOUT PRIVACY RISKS ………... 74 FIGURE 5.18: FACTORS INFLUENCING END-USERS AT THE INITIAL STAGE OF NEWLY DEVELOPED TECHNOLOGY ……………………………………………………… 76 FIGURE 5.19: FACTORS INFLUENCING END-USERS WHILE ACCEPTING / REJECTING A NEW TECHNOLOGY ………………………………………………………… 78 FIGURE 5.20: GENDER-WISE DISTRIBUTION OF UNCERTAINTY FACTORS ……. 79 FIGURE 5.21: AGE-WISE DISTRIBUTION OF UNCERTAINTY FACTORS …………. 80 67 68

viii

1. INTRODUCTION
In the past few years, many technological advances have benefited mankind, whether be it, scientific inventions or medical aids, innovations such as electric cars or exciting developments from IT industry. Most technical advancements bloom, while some fade away more or less on a daily basis. This dissertation touches upon one such major change in computing called Cloud Computing, a form of data storage that will amend the way of storing information and running applications, completely different than what we currently do on a desktop computer.

Cloud Computing has developed from a promising business model to one of the fastest growing segments in the IT industry. Technological changes seen since the advent of World Wide Web, for instance; where every page used to look identical with similar HTML coding, were transformed when frames were introduced, followed by tabs, adding flash images, etc. resulting in dynamic and exciting web pages that are no longer the dull, less effective and standardised pages when it first came into scene in 1994. Currently, we are in an identical state of development with Cloud Computing. Authors such as Miller (2009), suggest the emergence of cloud computing comparable with the electricity revolution, a century ago. According to him, before the introduction of electric utilities, most businesses produced their own electricity using stand-alone generators. However, once the electric grid was invented, those businesses switched from these stand-alone generators to new electrical units, thereby not only reducing costs but presenting greater reliability than conventional generators.

A decade or two from now could witness a completely new revolution in this form of technology, provided some key marketing challenges are addressed from the end-user perspective. These challenges are being studied here by studying end-users characteristics. Before looking into this primary reason for conducting this research, it is vital to comprehend what does the term ‘Cloud Computing’ mean and how is it different from current technology of computing we us in our day to day life.

-1-

1.1.

WHAT IS CLOUD COMPUTING?

The term “cloud” usually a metaphor for the internet is the key to the definition of Cloud Computing. Cloud is a huge group of interconnected computers which can be personal computers or network servers. This group of multiple computers serves beyond a single company or enterprise. Unlike traditional computing also known as ‘desktop computing’ where software applications are executed on each computer, in Cloud Computing, they are all stored on servers accessed via the internet. Similarly, files such as word documents, spreadsheets, presentations and applications are accessed through the internet. In case of a computer breakdown, the software and applications are still accessible by other users by logging on to the internet. The basic difference between both the computing models is simply that traditional desktop computing is PC-centric while Cloud Computing is user-centric and documentcentric. In this way, cloud computing facilitates a shift from PC paradigm to a usercentric and a document-specific environment, from software application to tasks these applications can perform, from data which isolated as it is stored on PC in the form of data that can be accessed via an active internet connection on any device from anywhere in the world.

Wyld (2009) defines the term “Cloud Computing, as a computing service that is delivered over the Internet, on demand, from a remote location, rather than residing on one’s own desktop, laptop, mobile device, or even on an organization’s servers.”

Figure 1.1 – What is Cloud and what’s in it? Source: White Paper - Cloud Computing, Maximum PC

-2-

Brown (2009) affirms Cloud Computing as “a data-processing infrastructure in which the application software and often the data itself, is stored permanently not on your PC but rather a remote server that is connected to the Internet”.

1.2.

USING CLOUD COMPUTING

In the midst of the growing popularity of the internet, and the ever-increasing number of users logging on from several locations, from numerous different organisations, it was expected to collaborate on projects spanning across multiple companies and geographical boundaries. To enable this, such projects were hosted in the “cloud”, which made accessing it possible from virtually any Internet-enabled location. (Miller, 2009)

Use of cloud computing is evident in our day-to-day lives when using the internet. Accessing social networking websites, checking e-mails, uploading pictures, posting videos or files such as spreadsheets, presentations, or documents online is evidence to the fact that one has made an entry into the territory of this new technology without being really aware about it. Brockman (2009), cited remarks by technology futurist Paul Saffo stating “A lot of people are in the cloud and don’t even realise it.”

E-mail services such as Gmail store your mails on the Google servers rather than the physical machines. This enables an end-user (any internet user) to access their e-mails from any location provided he / she has access to the internet and a device with webaccess functionality. Consequently, whether knowingly or unknowingly we have been using cloud services.

Cloud computing presents us with numerous benefits which have a high potential, both to the end-users as well as the developers. Reduced maintenance costs, increase in the amount of storage space, higher processing power to run the applications, improved economies of scale, decrease in the overall IT (Information Technology) infrastructure costs are just to name a few for the developers.

-3-

In addition to this, the end-users also benefit by obtaining better upgrade offers, but more importantly there is a benefit of group collaboration where a number of people can work on the same project at the same time for e.g. a presentation where all changes made by all users are evident to the ones in the group thereby saving time and improved visibility.

On the other hand, like everything in IT, Cloud also has its demerits indicating need for certain challenges to be addressed before such a gigantic technological change can materialize. Although there are many technical challenges associated with the advent of Cloud computing, this research will primarily focus on certain technical issues which directly or indirectly has an impact on its marketing. This section highlights and examines these challenges in brief, some of which will be later inspected in detail in Chapter 2.

a) Challenge of Inter-operability: Every buyer of an IT solution is concerned with a new technology and wants to find an answer to know if they would be stuck with that, where that refers to an operating system, a kind of computer or a software version. Similarly, an internet outage or similar issues may disable a client (end-user) to access the applications unless it is store on local servers. A good internet connection capacity is important to make Cloud Computing viable unless local clouds are being used involving Virtualization.

b) Challenge of High Reliability: In September 2009, Gmail experienced its longest outage for hundred minutes (Schwartz, 2008a). This kind of an outage from an e-mail service provider does transmit major uncertainties in the minds of decision-making IT personnel over the feasibility of a larger proposal of switching from desktop function to the target cloud segment (Gralla, 2009). Similarly, if a user is accessing their data through a website that enables access through Cloud computing and has similar accessibility problems irrespective of a secure and reliable internet connection does face the challenge of reliability. No access means low reliability.

-4-

c) Challenge of Data security and Privacy: Data is stored off-site, which provides an opportunity for it to be compromised. While cloud vendors, seek to maintain the data safe, there’s always a possibility of a security lapse. Contrary to that, some analysts view it as a benefit to small-scale companies, as their movement to cloud would enable them to increase the level of their security through the movement of their data and applications on the cloud as the resources are shared across the client-base of the cloud vendor.

In addition, Schwartz (2008), points out that cloud vendors can invest more in security which can be spread over the entire client-base resulting into improved security considerably rather than investment by an individual firm for themselves. None-the-less, security and privacy are major challenges which will be further investigated in this research.

1.3.

RESEARCH OVERVIEW

This research aimed at identifying and exploring the real challenges particularly the ones threatening the end-users in accepting Cloud-computing technology. Much literature has been available discussing threats such as data security and privacy which is causing major marketing issues faced by Cloud Computing vendors, however testing it from an end-user perspective is the primary intention behind this research. By the end of the research, the following objectives are met: a) Research Objectives 

To identify what kind of security challenges are really a threat to use of Cloud Computing from an organisation point of view by studying end-user behaviour.

To recognize real threats / issues from an end-user point of view in the acceptance of a new technology such as Cloud Computing.

-5-

To verify the impact of culture when threats such as data security and data privacy are being analysed in relation to the economies of scale and time value of money.

To study consumer (end-user) behaviour and perceptions about data confidentiality security and privacy when their data is stored by deploying a Cloud solution.

To establish the key variables considered by the end user in accepting cloud as a solution over the threats in an effort to combat the uncertainty which hampers the acceptance of Cloud computing as a new form of technology.

To determine major factors that ensures security and privacy protection and restores confidence in the minds of end-users to adapt to the new Cloud technology.

To analyse the impact of using open source software and virtualization techniques in order for Cloud computing to its full potential in cases of a security breach, identity theft, internet outage etc.

b) Research Questions

The research questions below are aimed at exploring, identifying and tackling marketing challenges associated with technological changes in the form of computing, i.e. with the introduction of Cloud computing. The end-user perspective is used to validate certain key issues about acceptance of Cloud Computing technology.

1. How important it is from an end-user perspective to keep their data secured, in relation to reducing their infrastructural, implementation and maintenance cost by deploying a suitable Cloud solution?

-6-

2. Does a customer of Cloud solution, (end-user), with limited technical knowledge of cloud solutions care, if their data is stored on the same server along with his competitor’s data keeping in mind the benefits these solutions have to offer such as economies of scale, reaping time value of money, etc.?

3. Which layers of security will address the primary issue of security by ensuring data stored on internet using cloud solutions is completely secured and accessible without depending on internet and the customer’s view on using open-source software and virtualization techniques to ensure smooth transition from desktop to cloud computing?

4. Do the cultural differences affect the beliefs of users keeping data confidential vis-à-vis sharing personal details as long as required service is delivered at affordable price and suits the needs of the organisation / individual?

5. Whether uncertainty avoidance can help end-users in the decision-making process and how do end-users perceive technology?

6. What is the significance of privacy in relation to Cloud-based information systems and how can one ensure that required data is shared while PII (Personal Identifiable Information) is protected?

These questions set the foundation for this research to study end-user behaviour and combat the issues of security and privacy by understanding their perspective towards the present layers of security and privacy, which is discussed in Chapter 2.

-7-

2. LITERATURE REVIEW
The importance of any research and its outcomes found thereafter will always be judged in correspondence to other people’s research and their findings. Tranfield et. al (2008) supports this belief by suggesting researchers to ‘map and assess the existing intellectual territory’, to establish the nature of previous researches which have been published in the selected topic area, and possibly discover current researches being carried out.

This chapter commences by reviewing the literature from a broader dimension about technological advances, marketing theories in acceptance of technology, narrowing down to the Cloud model, assessing its security and privacy issues and ultimately evaluating the role of culture in technology acceptance as end-users behaviour and their perceptions will be studied.

2.1. TECHNOLOGICAL CHANGES
Technology has played an enormous role in building our society the way it is today. The rate of such technological progress is often classified into two phases: “Invention (a scientific breakthrough) and innovation (commercialisation of the invention)” – A distinction highlighted in the book “Open Innovtions” by Chesbrough et. al (2006) where Nelson and Winter (1982) have credited this classification to Schumpeter (1934).

With an array of products already present in the market for sale, organisations keep innovating and launching new and improved variances. By introducing a new gadget like mobile phones, or latest models of cars, or these organisations are changing the way we live all the time. Innovations in the medical field help mankind to counteract against the deadliest of diseases. Remarkably, these innovations are continuously ongoing. “Innovation won’t go away – it is not the next big thing- it is always there”, a statement cited in a special report. (Getting Creative, Special Report – Business Week August 2005)

-8-

Ettlie (2006) highlights three reasons why technological changes have gained importance over the years, viz.   

Technology-driven change is “everywhere and always present”

Value captured from new technology is “challenging and never guaranteed”

In today’s competitive environments, technology is used by most organisations as a tool in their “success strategies”

On the contrary, authors such as March and Simon (1958), emphasize on two important factors, internal pressures and external pressures which initiate such technological changes in most organisations, but not all.  

Internal pressures – Changes in the aspiration level of team members.

External pressures – Unexpected environmental changes.

Much of the literature suggests that technological innovations are linked to organisational innovations. More and more adaptation to newer means of technological innovations, from an organisation leads to more operational changes in administrative procedures – different organisational structure, fresh strategies resulting into huge benefits to such organisations. On the other hand, failure of technological changes may crop up when either too much technology is being adopted quickly or insufficient amount of technology is implemented to keep pace with the competitive environment.

Based on discussion so far, it is evident technology sets up the path for organisations to flourish and grow and maintain competitive sustainable advantage over its competitors. What remains to be seen is why do some organisations seem to be more innovative? How do some organisations maintain their innovative behaviour, while others hesitate?

-9-

Christensen(1992) came up with the study of the Technology S-curve. It suggests high potential at the beginning of technology life-cycle with the increase in efforts (Resources, Time and Engineering) spent which later diminishes with the advent of new technology.

Next Generation Of Technology

In the above Figure 2.1, Point 1 is where new technology is invented. As seen above, technological change is continuous, until Point 2, where the existing technology is being constantly improved till it reaches its peak at Point 3, where the existing technology reaches its maturity with given efforts, and / or increasing engineering efforts. After this Point 3, it has diminishing returns to performance of the technology. The dotted S-curve denotes the invention of new technology, this technology cycle is observed to be recurring all over again. Point 4 is when the new technology reaches its peak, until new technology again comes into play.

Studies by Sahal (1991) supported the above view in his book, “Patterns of Technological Innovation”. He was the first one to demonstrate with empirical evidence that with passage of time, there is a steady progress of technology as its potential is understood.

Product Performance 1 2 3 4 - 10 -

Time, Resources and Engineering Effort Spent
Figure 2.1 – The Technology S-Curve Source: Adopted from Clayton Christensen (1992)

2.2. Marketing theories relevant to acceptance of new technology
Marketing of high-technology is not similar to that of traditional consumer products. Although the standard approach to marketing and the marketing-mix “4 Ps” has a lot of relevance, however, it still needs to be modified due to the presence of some important factors when dealing with new technology.

These factors are highlighted when studying the characteristics of such high-tech marketing environments. Studies by Moriarity et.al (1989), Gardner, D (1990) and Moore, G (2002) established certain characteristics that all high-technology industries share in common are discussed in the sub-section below:

2.2.1

Characterizing High-Tech Marketing Environments

The three common characteristics of high-tech marketing environment are:

i.

Market Uncertainty

ii.

Technological Uncertainty

iii.

Competitive Volatility

- 11 -

Figure 2.2 – Characterizing High-Tech Marketing Environments Source: Adopted from Mohr et.al (2005)

The Figure 2.2 above demonstrates how marketing of high-tech products and innovations take place when these three common variables intersect.

i.

Market Uncertainty – may result due to the following factors:-

a)

Customer’s insecurity about what needs or issues will be addressed by the given technology: Such an uncertainty, doubt or fear in consumer’s mind may delay the adoption of such technology. In context to this research, particularly the end-user may not be aware of what Cloud computing has to offer, which will address the issue of security and privacy. At the same time, it would offer best data storage solutions to satisfy their needs of data storage.

b)

Changing needs of the customers: In a dynamic environment, customer needs are changing rapidly. For instance a patient who used to treat the same disease with the intake of an allopathic medication and may alter to homeopathic treatment for the same disease or illness the next year.

- 12 -

c)

Lack of industry standards: In-appropriate or lack of industry standards for a new innovation / technology in a market affects consumer’s decision to adapt to a new technology. Aley, J. (2003) emphasized these factors which lead to slow adoption of 3G wireless technology. According to him, 3G technology was adopted by many customers after a lot of careful considerations about the CDMA – (Code Division Multiple Access) and W-CDMA (Wideband Code Division Multiple Access as both these interfaces were a part of 3G technology but they were region specific which meant that if CDMA works in one region, it may not work in another.

d)

Estimating the pace of technology spread: Knowing the rate at which technology will spread helps marketer to avoid any market uncertainties.

e)

Recognizing Market Potential: helps high-tech product / technology manufacturer to avoid any errors in forecasting and ensure accurate production for timely availability of goods and services.

ii.

Technological Uncertainty – is “not knowing whether the technology – or the company providing it – can deliver on its promise to meet specific needs” (Moriarity et. al, 1989) Technological uncertainty can be addressed by answering the following questions, whether

a) New technology will deliver as promised?

b) Delivery will be as per time-table for availability?

c) Effective service will be provided in case of any concern?

d) Side-effects or Un-anticipated consequences are taken into account?

e) Viability of technology over new development makes the current technology obsolete?

- 13 -

iii.

Competitive Volatility: refers to the alternations in the competitive environments. Determining companies competitors, their products / services, tools utilised by their competitive firms to compete against them. Sources of such competitive volatility are:

a) Recognizing the competitors of the future

b) Knowing their tactics

c) Identifying which of their own products will the company compete with, after identifying and analysing the competitors and their tactics?

2.2.2

Diffusion of Innovations Theory Model

In his comprehensive study of Diffusion of Innovations, 4th ed., Rogers (1995) produced a theory for the adoption of innovations among individuals and organisations. This theory concentrated on a few key elements such as:

i. Innovations: Some innovations spread quickly and adopted by adopters as they perceive the new technology to be possessing certain characteristics such as being trial-able, relatively more advantageous, compatible with industry standards, least complicated, and having observable results, thereby reducing uncertainties associated with a new technology.

ii. Communication Channels: play a pivotal role in the adoption of an innovation or technology as most individuals evaluate an innovation by the feedback from their near-peers who have adopted the technology before them, and not necessarily based on results of scientific researches by a professional.

iii. Time: The time element used in Diffusion of Innovations Theory is involved in three separate modes

- 14 -

a)

Innovation-Decision Process: The innovation-decision making process (Figure 2.3) indicates the 5-staged process where an individual (or decisionmaker) seeks information, moves from first body of knowledge about an innovation, to shaping an opinion or attitude about it, in deciding about adopting or rejecting the idea to implement, and finally confirming their decision

Figure 2.3– Stages in Diffusion of Innovation Source: Rodgers (1995), 4th Ed. originally (1962)

b)

Innovativeness of an individual: Every individual is bound to adopt technology sooner or later. However, the degree to which they adopt is relatively different which represents the innovativeness of an individual. Time spent in adopting an innovation is bound to differ in most cases and hence this theory categorizes individuals into five classifications namely: Innovators, Early adopters, Early majority, Late majority and Laggards.

c)

Rate of Adoption: refers to relative speed with which the members of a social system adopt a particular innovation.

iv. Social System: refers to the members of a particular group who are jointlyengaged towards solving a common issue by working towards accomplishing a common goal.

- 15 -

2.2.3

Theory of Reasoned Action & Technology Acceptance Model

Theory of Reasoned Action (TRA), a study associated with Fishbein and Ajzen (1975) linked behaviour to quite a few elements like attitudes, beliefs and behavioural intentions. Individual behaviour was identified to be an outcome of behavioural intentions which was ultimately determined by an individual’s attitude. Based on the general concept of TRA, a new model called Technology Acceptance Model (TAM) was developed by Davis (1989). TAM suggested that a number of factors influence the decision-making process for a consumer to decide as to how and when they will use or adopt new technology. The two main factors i.e. Perceived Usefulness (PU) refers to the extent to which a person believes that using a system will improve his / her performance and Perceived Ease-of-use (PEOU), defined as “degree to which a person believes that using a particular systems will be free from any effort.”

2.2.4

The High-Effort Hierarchy of Effects

Hoyer, W.D and Maccinis, D.J (2009) realized that consumers decision on adoption or rejection of a new technology depends on whether they are prevention-focussed or promotion focussed. Some consumers, who are more concerned about protection and safety, will end up resisting the temptation to adopt a new technology. Similarly the author identifies promotional-based consumers, who value growth, advancement and the promotions offered by the new technology, especially when the risks are insignificant.

The High-Effort Hierarchy of Effects refers to the high-involvement of the consumers before deciding to adopt new technology by searching for the required information, attitude development, and selection or confirmation of choices, similar to the innovation-decision process discussed above on Page 15.

- 16 -

There are various uses of technological products and numerous countries have adopted such innovations. However, the technological paradoxical concept remains firm on the belief that there may be global products but there are no global people. Hofstede’s (2007) model of cultural values is useful as there is no global language by which we can reach global consumers.

Lewis et. Al (2003), studied a variety of theoretical models portraying the beliefs which constituted the determinants of acceptance of target technology. Various models of IT such as TAM and TRA discussed above support that beliefs of individual dominate their usage behaviour while other studies have recognized the importance of finding determinants of such beliefs. Beliefs seem to have a deep impact on subsequent individual behaviour towards the acceptance technology hence observing how beliefs were formed was investigated consequently.

Perceptions: An individual perceives characteristics of technology in many ways from the vantage point of their own cognitive processes developing beliefs about them. Vast amounts of literatures support the importance of beliefs in consumer behaviour for technology acceptance explaining both system usages (Adams et. Al. 1992; Moore and Benbasat 1991) and usage intentions (Davis et Al. 1989; Mathieson 1991)

Generally, perceived usefulness and perceived ease of use have been two prominent variables arising of these studies in the field of acceptance of technology, This raises a question about individual differences being account for.

How do individuals construct different beliefs about a specific technology or what factors causes such differences?

Literature suggests that certain factors which constitute of these differences are as follows:

- 17 -

Institutional Factors: have been subjects of interest in Information Systems research. Organizational attributes have been studied including user training (Fuerst and Cheney 1982; Leonard-Barton 1987; Raymond 1988; Sanders and Courtney 1985); knowledge management (Boynton et al. 1994; Pennings and Harianto 1992) and organizational support (Delone 1988, Leonard-Barton and Deschamps 1988; Monge et.al 1992). Although, as seen above numerous scholars have emphasised about managerial commitment, much is still desired into what constructs these beliefs.

Social Factors: Fulk (1993) and Schmitz (1991) demonstrated the extent to which others view technology can also serve as a positive influence on one’s own beliefs and perception about usefulness of the technology.

Individual Factors: Self-efficacy or an individual’s perception of his own ability to use the technology has its academic roots from Social Cognitive theory by Bandura (1986). Personal Innovativeness refers to the extent to which an individual will try out new technology (Agarwal and Prasad, 1998)

Venkatesh et.al (2003) seconded the above influence on technology acceptance along with addition factors such as:

Long-term consequences: are those “outcomes that have a pay-off in the future”

Relative Advantage over previous technology: is the degree to which a new technology is advantageous over the predecessor

Status Symbol or Image: is the extent to which a new technology is perceived to improve one’s image or status in the society

Visibility amongst peers: The result demonstrability or visibility of results is another core construct in building a positive / negative influence over accepting that technology.

- 18 -

2.3. THE NEW CLOUD MODEL
With an attempt to compete in a confined space, every organisation is utilising available resources optimally and reducing their activities which are not central to the key business strategy. This has led to the emergence of the new Cloud model

In retrospect to the traditional model where organisations purchase a licence for each application the new cloud computing model charges on the basis of its use similar to Pay-per-use, thereby offering an assortment of applications and services available to use as per the end-user requirements.

Experts in implementation of Cloud Computing have presented different ways how organisations can utilise different web services. Most commonly used web services form the new Cloud model. They are:

2.3.1

Communication-as-a-Service (CaaS)

Communication-as-a-Service is a type of cloud-based service where its providers (cloud vendors) provide services such as VoIP, Instant Messaging, and videoconferencing facility to their customers. The responsibility of these vendors is to ensure smooth functionality of communication by managing hardware and software required for such services. CaaS model helps the business customers to select the most appropriate communication model within their organization on a pay-as-you-go basis

In 2007, Gartner’s press release indicated that CaaS market is expected to sum up to $2.3 billion in 2011. Least or no management on part of the customer is one of the key features of a CaaS. Furthermore, maintenance and managing expenses for the communication infrastructure is shared across the customer-base of the cloud vendor which allows the customers to leverage an enterprise-class communications solution and allocate remaining financial and other assets where businesses can use them in the best possible manner.

- 19 -

2.3.2

Infrastructure-as-a-Service (IaaS)

Infrastructure-as-a-Service also known as ‘Everything-as-a-Service’ means using the machines and systems provided by a cloud-service provider. Whilst, the cloud providers handle the transition and hosting of chosen applications on their infrastructure, the customers own and manage their applications. Post deployment of IaaS as a cloud solution, the providers are involved in maintaining and managing their infrastructure.

Components such as computer hardware, computer network, internet connectivity, platform virtualization environments for running-client specific virtual machines are usually a part of provider-owned implementations infrastructure. Service-level agreements between customers and providers determine the pace at which providers will ensure delivery of services through IaaS, while utility computing through billing helps customers to track their usage of IaaS. Resources such as data center space, servers, network equipments, etc. are not necessarily purchased, but rented by IaaS customers. Customers are charged for the resources consumed

2.3.3

Platform-as-a-Service (PaaS)

Cloud computing has evolved to encompass platforms for building and running customized web-applications, a model known as Platform-as-a-Service. This model formulates an architecture including all facilities essential for supporting the life-cycle of building and delivering web-applications and services available through the internet, without any software downloads or installation for developers, IT managers or end-users.

Distinct from the IaaS model, where users may use specific operating systems with mandatory applications running, the PaaS developers are focussed on the webdevelopment aspect provided by the platform and not with the kind of operating systems used. It sets the focus on innovation rather than infrastructure, thereby allowing organisations to plan their finances and invest more in creation of new and

- 20 -

improved web-applications without upsetting their infrastructure needs. Developers around the globe, through internet have access to unlimited computing power through which they can build dominant web applications and deploy them to users worldwide.

2.3.4

Software-as-a-Service (SaaS)

Software-as-a-Service is a term used, when a vendor provides software to a user which they want to use. The traditional concept of software distribution, where we buy a licensed copy of software for use is referred to as Software as a Product.

SaaS as a software distribution model is rapidly gaining attention in which various applications are hosted by the cloud vendors and made available to customers over the internet. SaaS is frequently associated with pay-as-you-go payment model where the users choose from a range of application available and pay for its usage

Figure 2.4 – The Cloud Model

Unlike Paas, where you develop your own applications, SaaS offers the software / application to the end-users. Many users have limited knowledge how and why the software application is being developed, and focuses mainly on using the software. SaaS is ideal in such circumstances, supporting features such as multi-tenancy, i.e. supporting multiple-users to access software concurrently, which is what separates it apart from traditional models of software distribution. - 21 -

2.4. PRIVACY AND SECURITY ISSUES
Today we are surrounded by global information infrastructure systems, which remotely connect two or more parties worldwide. Humans are interconnected remotely through services like World Wide Web which results into vast amounts of data being shared leading to increasing concerns of personal identifiable information being at risk. Challenge of Privacy in relation to cloud systems is to share the data while protecting Personal Identifiable Information (PII). The capacity to control the information, an individual discloses about themselves on the internet, and who may access such information has been a rising concern. Rittinghouse and Ransome (2010) state “another privacy concern is whether websites which are visited collect, store, and possibly share personally identifiable information about users”

According to the TRUST’es survey in December 2008 and results by the Poneman Institute, privacy was identified as the key differentiator in cyber world. “Consumer perceptions are not superficial, but are in fact the result of diligent and successful execution of thoughtful privacy strategies.” said the chairman of Poneman Institute, Dr. Larry Poneman who believes consumer trust is the basis of business. “Consumers want to do business with brands they believe they can trust.”

Based on the studies above, privacy can be viewed as an important business issue focussing on protecting the personally identifiable information from inappropriate and unauthorised methods of data collection, usage and leakage, consequently preventing the loss of customers trust and avoiding frauds such as identity theft, phishing and email spamming.

According to Bagehi and Atluri (2006), privacy of information can be protected by investigating into different aspects such as:

a) Data

Protection

Requirement

composition

which

takes into

consideration data owner, data holder and any possible privacy law

- 22 -

b) Security and Privacy Specification and Secondary Usage control – in order to identify under what circumstances an individual can trust others for security and privacy. Digital certificates issues by given entities certifying the holders of information with properties such as accreditation and in addition given user the ability to constraint possible secondary uses of their information

c) Inference and Linking attacks protection – to confirm that information released is not open to channels allowing attackers to infer sensitive personal information

Jahankhani et. al (2009), emphasized security concerns before Cloud Computing can be adopted as a solution for many organizations. According to their studies, people may be apprehensive in adopting this technology due to lack of control over factors such as:

a) Using applications over an unfamiliar platform b) Infrastructure and hardware being used c) Location of the data being stored d) Secondary usage of their data

In a cloud environment, applications designed for users of social networking sites, or for a large manufacturing company’s logistics team members, needs to provide access to only “authorised, authenticated users and only those users need to be able to trust that their data is secured” (Sun Microsystems, 2009)

Velte et.al (2010) pointed out people using cloud services fail to understand the security and privacy implications of their e-mail accounts, their social networking user accounts and even recognise that these services are considered cloud services. Moreover, any regulation will affect other cloud services. Their studies also highlight a combination of security techniques allowing users to secure their data when moving their data to a cloud vendor. These techniques are:

- 23 -

a) Encryption: is a process of encoding data with a series of complex algorithms which can be decoded only through an encryption key. Although, cracking coded information is possible, however, most hackers find it difficult due to the amount of processing power needed for it to be cracked.

b) Authentication Processes: helps user creating a username and password. c) Authorization Practices: are activities such as generating lists of people who are authorised to access the information on cloud servers. In addition certain organisations have multi-level authorisation practices where limited access may be available at a sub-ordinate level, whilst a IT head may be able to access all the information.

However, in spite of these techniques, the security concerns are not completed addressed. Having said that, if there is a disaster in the organisation where all the data is lost, implementing a Cloud solution with the data backed up on Cloud server will benefit as all the data will not be lost.

Authors like Worthen and Vascellaro (2009) and Kaplan (2009), view cloud services as more reliable and secured than individual organisations offerings. The only difference as they see is that if a company’s e-mail system crashes, it does not make the headline while any outage or data breach by Gmail, Apple or Amazon cloud service hits the front cover of the local newspaper.

A survey amongst 244 IT Executives, conducted by the IDC Enterprise Panel, reflected IDC’s (2008a) findings, shown in Figure 2.5 below, highlighting security as the major concern amongst other, where 74.6% participants chose Security as the primary issues associated in adoption of Cloud computing solution.

- 24 -

Figure 2.5: Issues related to Cloud Computing Source: IDC findings, 2008a

- 25 -

2.5. THE ROLE OF OPEN SOFTWARE SOURCE & VIRTUALIZATION
Open source software requires collaboration between organisations, their suppliers, customers or creators of related products to bridge software R&D in order to invent a shared technology (software application). These are called open source software as they are shared technology available to buyer at little or no cost. Over the past decade, IT firms have been encouraging their users to work together and share user-developed software which fills the gaps for their proprietary models. Open source software allows its basic software elements such as virtual machine images and appliances to be created from basic components thereby providing the developers an ease to assemble large applications.

Nevertheless, IT firms face the risk of such collaboration as too much encouragement to users can also reduce the availability of vendors to achieve proprietary lock-in, i.e. making a customer dependent on a vendor for products and services resulting into inability to switch to another vendor without substantial amount of switching costs.

In context to the Cloud Computing, the Open Source Consortium aims in supporting the development of standards and interoperability amongst various clouds. Not only does is support the developments of benchmarking standards, but is also a strong promoter of using open source software in cloud solutions.

Virtualization cannot be ignored when examining the challenges of Cloud computing as it acts as a backbone in confronting the business challenges faced by IT decision makers. Business challenges such as optimum utilisation of the IT infrastructure, receptiveness in following new business initiatives and flexibly adapting to organizational changes are in forefront while budgetary constraints and fulfilling regulatory requisites lay additional pressure in the minds of IT managers.

- 26 -

Virtualization is an elementary technological development which allows experienced people in the IT industry to set up inventive way out to tackle such business challenges. For instance, while using computer games, if the virtual memory is activated, the computer operating system gains more memory than actual physical installed memory. Likewise, virtualization technologies may be applicable to other IT infrastructure layers such storage, networks, laptop or server hardware, applications and operating systems.

Figure 2.6: Virtualization Source: VMWare Whitepaper (2006) - Virtualization Overview

The Figure 2.6 above presents us with an explanation how this combination of virtualization technology by employing a VMware Virtualization Layer between computing, storage and networking hardware and the applications running on it.

- 27 -

2.6. CULTURE AND TECHNOLOGY
The link between individual and culture is best stated by Linton (1945), who states “A culture is the configuration of learned behaviour and the results of behaviour whose components elements are shared and transmitted by members of a particular society” Culture is an integral part of both the individual and the society making routine tasks simpler than ever before due to unwritten rules understood by participating in a society. According to Goodenough (1971), “culture is a set of beliefs or standards, shared by a group of people, which help the individual decide what is, what can be, how to feel, what to do and how to go about doing it.”

Many scholars such as Agarwal (1999), Igbaria (1990), Melone (1990) and Davis (1989), realise the importance of considering individuals cultural differences in acceptance of technology and it usage. Although organizations adopt to new technology and IT solutions which may fit flawlessly with their aims and business objectives, however it may not necessarily ensure a guaranteed performance unless members of the organisation use it effectively. Agarwal (1999), states “Acquiring appropriate IT is necessary but not sufficient condition for utilizing it effectively” Intercultural marketing approaches not only limits itself to geographical and national boundaries, but also accounts for consumer attitudes, lifestyles, their preferences which are linked to their age, class, occupation, ethnicity, etc. (Usunier and Lee, 2009)

Time-related cultural differences: Time influences the way we act socially. Individual’s relation with time changes across with the development of new technology, as with advent of a new technology, the importance of the current one fades away. Products or services (technology) are created to save time as time is treated as an economic resource and considered as money. Studies from Jacoby et. al (1976) and Spears et. Al (2001) have highlighted consumer attitudes towards money and the money value of times are inseparable from marketing and any economic time possibility does influence the consumer behaviour positively.

- 28 -

Despite of the popularity of Technology Acceptance Model (TAM) by (Davis, 1989), it is considered as the most deficient model in explaining use of IT at the individual level. Since individuals are accustomed by their respective cultures, integration of such cultural differences with TAM may predict and explain the behaviour towards new technology (Cloud Computing). Key variables in TAM model other than perceived usefulness and perceived ease of use, (which are discussed above) are perceived behavioural control, perceived risk and demographics particularly age and gender. Perceived risk of adopting Cloud services may refer to protecting privacy and data security of information stored using such services potentially leading to identity theft, compromising of confidential data, etc. Perceived behavioural control are linked to the circumstances of cloud usage, instances where end-users prefer to switch to cloud vendors for cloud usage for recurring activities leaving behind more important tasks for their internal IT experts.

In summary, the literature emphasises the central issues of privacy and security lying with the adoption of the new technology, i.e. Cloud Computing in context of this research. Uncertainty is a key attribute in the adoption of new technology which will be tested through this research from the end-user perspective by studying their perceptions, beliefs and opinions about acceptance of technology. Virtualization and Open source software’s are key concepts which will be looked into as the research carries on. Research institutes like Garner have conducted their research on the central issues from an organisational perspective. It is evident from the literature that security and privacy issues are present. On the other hand, there are various benefits of switching to cloud computing as well due to which organizations are promoting this switch. However, the importance of these issues from an end-user perspective will be analysed through this research to identify and resolve the marketing challenges enabling cloud vendors to focus on the concerns of end-users.

- 29 -

3. RESEARCH METHODOLOGY
The aim of this research was to explore the current marketing challenges i.e. Security and Privacy faced by most data storage companies, particularly Cloud vendors, with the advent of Cloud computing. While most findings and literature highlights security and privacy as issues pertaining to Cloud Computing from the organisation perspective, however much is still desired to be studied about these issues from an end-user perspective, as to what they think and perceive about confidentiality of their data, keeping in mind the solutions offered by cloud vendors. The access to CloudComputing end-users was crucial for data gathering purposes in this research. This began with attending webinars and building connections for data gathering.

Most authors such as Polonsky and Waller (2004), highlight the importance of data gathering in a research project. The method chosen for any research project will have profound effects on performance of the remaining activities in any research project. Weller & Romney (1988), suggest considering special care and attention as choosing the most appropriate methodology can determine the biggest cost (time and money) of the research.

3.1. Research Approach : Inductive
This research has adopted an inductive approach. The inductive approach is selected as it allows for changes by offering a more flexible structure, as the research progresses. Since the end-user perspective about marketing challenges of security and privacy in Cloud Computing is being studied, for which there is not much literature available, an inductive line of investigation is the most appropriate research approach.

According to Easterby-Smith et al.(2008), the choice of the research approach is important as it assists in enabling the researcher in the following three ways:

a) To take a more vigilant judgment about the research design.

- 30 -

b) To evaluate research strategies and employ the methods which will function and selectively eliminate the one’s which may not work, and

c) To adapt the research design to cater for constraints such as lack of prior knowledge of the subject, which was a constraint in this research as Cloud Computing is a relatively new topic, with very a small number of previous researches, especially on end-users of Cloud Computing.

3.2. Research Philosophy : Interpretivism
Research philosophy is vital for a researcher to develop knowledge and the nature of that knowledge. Saunders et al. (2009), examines the different research philosophy using The Research ‘Onion’ and classifies research philosophies into Positivism, Realism, Interpretivism and Pragmatism.

The philosophical position chosen for this research was Interpretivism as it takes into consideration the complexity of humans as social actors in business and management which cannot be governed by definite ‘laws’ similar to physical sciences in the positivist position. Additionally, the Interpretivism research philosophy lays

emphasis on conducting research on living human-beings rather than lifeless objects studied in most scientific research. When studying security and privacy challenges from an end-user perspective it is critical not to disregard the social element in the respondents, hence Interpretivism seems to be the most obvious choice.

3.3. Research Strategy
Bryman and Bell (2007) underpin the importance of a research strategy as it lays the foundation of conducting a business research. This research adopted a Quantitative research strategy using questionnaire / survey as the primary method of data collection.

- 31 -

3.3.1.

Quantitative research

Quantitative research is described best by Dillon et. Al (1993) as techniques which involve comparatively larger number of respondents and aim at generating data which can be generalised over the entire set of research population. The respondents in this research were mainly end-users who have been using cloud services and data obtained through surveys has been proposed to correspond to population as a ‘representative sample’ (Page & Meyers, 2000) who are presented a series of question using the surveys or questionnaire method of data collection. Questionnaires are most widely used when survey strategy is chosen for business and management research. The most critical part; however is to prepare a good set of questions before deciding to choose the questions as a method of data collection. These thoughts are supported by many authors such as Bell, J (2005); Oppenheim (2000). Considering the descriptive nature of this research to explore security and privacy issues and the research population being numerous end-users, data collection through questionnaire tends to be beneficial with standardized questions, which one can be certain about being interpreted similarly by all respondents (Robson, 2002)

3.3.2.

Participants

As the title suggests, this research could have not been conducted without with the opinions, suggestions and responses of end-users of Cloud computing who have used and / or responsible for recruiting individuals in the information technology industry dealing with Cloud Computing. Thus, professionals such as IT security consultants, IT product managers, Head of Datacenter & Information Technology, Chief Technology Officers, IT Helpdesk executives, software developers, system engineers, marketing managers in Information systems, SaaS and PaaS professionals, and staff members of College of Technology London (pilot-survey) were contacted to share their views about security and privacy (confidentiality) when using Cloud-based services.

- 32 -

3.3.3.

Gaining access

The studies from the literature review confirmed that most organisations fear security and privacy as major hurdle in getting the users adopt to the new Cloud-based services. What was desired before this research was to confirm it from the end-users perspective. Before an attempt was made to gain access to end-users, invitations were sent to online discussion groups like on Google groups, LinkedIn groups to ensure adequate familiarity of the characteristics of group members and understanding of the end-users. Saunders et. al (2009) advocates gaining such knowledge as it enables the researcher to signify to the prospective respondents during the research “why they should grant access?”

Buchanan et. al (1988), emphasizes the importance of allowing oneself enough time as physical access to organizations and groups may take up to weeks or months, which may still results into no access being granted. Utmost care was given to devote time in building contacts with end-users. This was possible, as simultaneously with the secondary data desk-research; contacts were being developed by attending webinar’s and being introduced through LinkedIn, thereby establishing communication by sending a pre-survey contact with a clear introductory message to test their desirability in participating for the research work.

3.3.4.

Sampling : Self-Selection Sampling

Most surveys deal with identifying the ‘research population’ for providing fundamental information to address the research questions. It is often a challenge to involve all members of the population, hence selecting who participates in the survey is a key consideration. The primary aim in selecting the respondents in this research, out of the thousands of others is to ensure those who are participating represent a sub-set of the research population, thereby the generalising the findings to that target population with utmost confidence. (Jill and Johnson, 2002)

- 33 -

The main issue was establishing first contact with the research population. To being with, webinars on Cloud Computing were attended to get introduced to prospective respondents, followed by using LinkedIn®, a professional networking website to join groups and discussion forums where individuals interested in participating in a research project were short-listed. Using nonprobability sampling, the self-selection sampling was employed for the research. Saunders et.al (2009) explains self-selection sampling as a method by which individuals knowledgeable about the topic are identified who desire to be a part of your survey. Subsequently, the data is collected from those who respond. The primary research began by sending a pilot-survey on the 22nd April 2010 to staff members of College of Technology London, user’s of Ampera, a student administration system used by the college which is based on Cloud Computing. This was to test the survey questions before it was released after knowing the initial response. Upon receiving 23 responses within first ten days, more than 750 invitations through discussion forums and LinkedIn for participating in the survey questionnaire released on the 1st of May 2010. These invitations were sent to users of cloud services mainly targeting at expert end-users, allowing myself to identify the desired end-users who are willing to respond and knowledgeable about the topic of research.

3.3.5.

Questionnaire Design

The questionnaire design was chosen carefully with attention to individual questions, pleasant outline along with a lucid description of the aim of the research. This was to ensure positive effect on the response rate and the reliability and validity of the data collection. Understanding the fact it’s not just important to attract the respondents through effective design and carefully chosen questions, but equally vital to plan and execute the administration for the actual questionnaire was one of the key attributes considered while conducting the research at various stages.

- 34 -

Figure 3.1: Types of Questionnaires Source: Saunders et.al, 2009

The next challenge was to choose the questionnaire amongst the different kinds of questionnaires available as seen above in Figure 3.1. Selfadministered questionnaire design was preferred as it would attract larger number of respondents, irrespective how geographically dispersed they may be. Amongst the three types of self-administered questionnaires, internet and internet-mediated questionnaire was ideal, when compared to postal and delivery & collection methods simply because they offer better control over the reach of the desired person as respondent. For instance, when a postal or a delivery & collection questionnaire is addressed to an employee with an aim to find out what is the most-time consuming task to help him / her improve their time-management, you may find out distorted or contaminated responses as the respondent may even ask one of his colleagues to fill in the same responses due to lack of supervision or control. In contrast, internet and internetmediated questionnaires particularly those which are sent to the official e-mail or a message through the professional networking website to a particular account holder, presents considerable command over other forms of survey designs / questionnaires.

Witmer et. Al (1999), states “internet and internet-mediated questionnaires offer greatest control because most users read and respond to their own e-mail at their personal computer”. In addition, Dillman (2007), points out that “respondents to self-administered questionnaire are unlikely to answer to

- 35 -

please you or because they believe certain responses are more socially desirable”, thereby reducing data contamination by using this approach The questionnaire design, (Refer to Appendices) was published using an online tool offered by SurveyMonkey.com®. The professional version of the tool was preferred to accommodate for unlimited responses and “filter” and “cross-tabs” tool option to analyse data using the same. The questions were classified into 4 sub-sections, i.e.

a) About Yourself, b) About Technology Awareness – Cloud Computing c) About Technology Acceptance and Beliefs d) About Security, Privacy and Confidentiality of data

Classifying the questions not only meant it was presentable, but it also made it clear for the respondents to anticipate kind of questions and its comprehensibility to encourage more responses. The questionnaire designed presented the respondents an opportunity to alter their responses during the survey as all the questions were not plotted on a single page. The survey was open for a month from the 22nd April 2010, when the pilot-survey was tested, until the 21st May 2010.

3.3.6.

Data analysis & Data Presentation

The data collected from the survey responses was both quantitative and qualitative, in a raw form with numbers and variables, conveying very little sense of it. Qualitative data was pre-coded into categories to process them into information which can be described. Saunders et. al (2009), explains the use of developing categories, followed by connecting them to form relevant data. Excel™ spreadsheet and software package from the internal “filter tool” and “cross-tabs” within the Survey Monkey Pro® account was used to conduct the analysis.

- 36 -

Charts, graphs and statistics were some of the quantitative analysis techniques utilised in exploring, describing, and examining the results of the survey which was useful in establishing relation and trends within the data obtained. The data analysed was then presented in the form of pie-charts, vertical bar charts or column charts, line diagrams to represent trends and horizontal bar charts.

3.3.7.

Reliability & Validity

Most authors like Raimond (1993) and Rogers (1961), express their views on the importance of the credibility of research findings by aiming to reduce the possible errors by focussing on reliability and validity of the research design McBurney and White (2007), defines reliability as “the property of consistency of a measurement that gives the same result on different occassions”. Validity is defined as “the property of a measurement that tests what it is supposed to test.”

Robson (2002), claims there are four threats of reliability which are assessed to ensure that data collection and the analysis of this research yields consistent conclusions. Participant / Subject error was reduced by sending the invites at the same time of the day which was mid-night during weekdays (GMT) as this seemed to be morning in most parts of the globe wherever the respondents reside. Similarly, Participant / Subject biases were avoided ever since the formation of the research design to ensure respondents are given enough indications to guarantee anonymity. Lastly, to address the threat of validity related to Observer error and Observer biases, questions included in the survey had text box to ask the response if they were able to interpret the research questions and in case of any doubts to ask the researcher for any clarity.

- 37 -

Similarly, the threats to validity as suggested by Robson (2002) were considered. Threats to validity such as history of events in the past were studied. Cloud computing technology has always been in hype and pick of things. However, at the time of this research no dramatic events were associated Cloud’s data security and privacy in comparison to 2009 when it first came into the picture. Respondents were informed about their

participation to be completely voluntary and bearing no effects to their every day usage addressed the testing and instrumentation threat to validity.

3.3.8.

Ethical Consideration

Whilst conducting this research, at every stage the ethical implications were considered, in particular about preserving the confidentiality of data. Concerns related to ethics emerged while planning, gaining access, data collection, analysing and report-writing.

During planning and gaining access stage stage, various methods were considered and the research design was formulated ensuring the selected choices for data collection are in sync after considering ethical issues such as consent of participants, their reaction to the procedure selected to obtain data from them i.e. if it causes the intended respondents any kind of pressures, feeling of discomfort, stress, etc.

The anonymity of respondents was practised while data collection was carried out. This was to ensure concealment of particular viewpoints to protect the identity of the respondents from being disclosed and their responses therein. The nature of participating was completely voluntary, providing the participant the right for withdrawing at any stage of the survey, partially or completely. This ensured that no pressure if applied on the intended participants supporting the views of Robson(2002); Sekaran(2003)

- 38 -

As Jankowicz (2005) suggests, irrespective of the approach chosen whether positivist or interpretivist, special care was taken to maintain the data in a secure location with a password protection known only to the researcher ensuring that before data is processed, it is stored securely.

- 39 -

4. FINDINGS
This section presents the findings of the primary research conducted by means of the questionnaire method. The information presented in this chapter is to be considered as primary findings as it is data in the raw form. Thus, offering first-hand information before the analysis is carried out in Chapter 5, where the responses are discussed in detail before drawing conclusions subsequently. Some key facts facilitate comprehending these findings are stated below:-

4.1 Key Facts
a) Pilot-testing Survey Responses The respondents in the initial stage of pilot-survey were mainly known end-users and staff members of College of Technology London, specifically the one’s who have been using Ampera, a newly deployed cloud-based student administration system. A result in Section 2, about awareness of Cloud Computing does indicate that a small percentage of the end-users who have participated are not aware about the term “Cloud Computing” or have never heard or used this technology. The response to Question 5, (Refer to page.46) does reflect 14 respondents are uncertain about this form of computing. However, it is purely because some of the participants are not experts end-users and not technically familiar with the term “Cloud Computing”, although they use it on a day-to-day basis. In order to ensure that these participants do not loose interest in the survey, or provide distorted responses, adequate information has been provided to the participant by notifying them a note soon after Question 6 (Refer to page.47)

b) Participant Identity Protection While this research was descriptive in nature, involving collection of data about views of expert end-users, their beliefs about technology acceptance, etc. protecting their personal identifiable information was just as critical as studying their characteristics such as their ethnicity, age-group, first language / preferred language.

- 40 -

To enable this, the questionnaire design was well-defined with clear instructions and logical reasoning behind asking the questions. Participants were given the choice at the beginning of the survey to enter their e-mail address which was not mandatory, but if the respondent desires to obtain a copy of the survey results, they may opt to fill their e-mail addresses.

c) Encouraging completed responses with optimum precision The respondents were acknowledged by sending a Thank you note for their responses using the LinkedIn and Survey Monkey Compose tool option. The e-mail addresses captured as stated above were used to encourage the respondents who had partially completed, to fill in the survey completely. A disclaimer was included in the message explicitly stating that their e-mail address is confidential and will not be used for any other purposes. In addition to encouraging responses, the primary findings also exhibited any open-ended responses from the participants as a comments text-box was included in the final design of the survey to ensure that if in case the survey options provided miss any fundamental inputs, the expert respondents can always highlight the same.

4.2 Respondent Statistics
The particulars mentioned below are in relation to the prospective respondents who were chosen for this research. Total Survey Invites - 751 Total Refusals (Opt-outs) - 3 Maximum Response Expected – 748 Total Started Surveys – 155 Total Completed Responses – 122 Percentage of Total Started / Completed Responses – 78.7% As seen above a total of 122 completed responses were collected out of the possible maximum of 748 responses. The respondents who opted out were due to lack of interest or time.

- 41 -

4.3 Survey Results
This section provides the raw data in a tabular format of the number of responses obtained for each of the questions presented to the respondents. Figures such as line graphs, pie-charts, area-charts are used to represent the data in percentages. SECTION 1: ABOUT YOURSELF Please tick / select appropriate options Question 1. Age-group Age Ranges 17 / Under 18 – 29 years 30 – 49 years 50 – 64 years 65 and above Table 4.1 The response to Question 1 indicated the distribution of age-groups of end-users were mainly young to middle-aged professionals between ages of early 20’s to late 40’s contributing to 91.8% of the total respondents. Total 0 44 68 10 0 122

Figure 4.1 – Age Ratio

- 42 -

Question 2. Gender Gender Male Female Table 4.2 Most end-users (83.6%) were male professionals as depicted in the Figure 4.2 below. The number of females who have participated in this research were mainly contributed during the initial survey (pilot-survey) which included staff members of the College of Technology London. Total 102 20 122

Figure 4.2: Gender Ratio

- 43 -

Question 3. Ethnic Background Ethnicity White - British White - Other American European African Asian Indian Chinese Hispanic Brazilian Total 8 25 5 22 2 10 37 6 1 6 122 Table 4.3 Ethnicity was one of the key characteristics which was captured to study the end-user behaviour and differences in beliefs, attitudes and towards acceptance of technology, Cloud-Computing, in context to this research. The three major contributors as demonstrated in Figure 4.3 were Indians (30.3%), Whites - Other than British (20.5%) and Europeans (18.0%)

Figure 4.3: Ethnic Background

- 44 -

Similarly, end-user attributes such as their First Language, Preferred Language, etc were also enquired to analyse results effectively. Question 4. Please specific your First Language / Preferred Language Languages Kannada Telugu Portuguese Spanish Malayalam Vietnamese Chinese French German Dutch Cantonese Mandarin Finnish Ukranian Urdu Arabic Marathi Tamil Italian Hindi Croatia English TOTAL Non English (NE) NE Preferred English Table 4.4 Total 1 1 5 1 1 1 6 10 1 8 1 1 1 1 1 1 1 1 2 1 1 68 115 47 11

Figure 4.4: Linguistic Preferences

- 45 -

SECTION 2: ABOUT TECHNOLOGY AWARENESS – CLOUD COMPUTING Question 5. Have you come across the term “Cloud Computing” or ever used such technology? Total Yes, I am aware about it and use it quite oftenly 108 No, I am not aware or used this technology 5 Not sure, I have heard the term, but not sure 9 122 Table 4.5 The awareness of Cloud Computing was evident by observing the responses for Question 5. The most encouraging sign was that 88.5% of the research population studied in this research were aware of this technology and oftenly used it. Others who were not sure or answered No, were unknowingly using Cloud based services without knowing it.

Figure 4.5: Cloud-Computing Awareness

- 46 -

Question 6. Have you come across the term “Cloud Computing” or ever used such technology? Web e-mail services such as Hotmail, G-mail, Yahoo Mail Store pictures / photos Store videos Web applications such as Google Docs Back-up your hard-drive to an online web-site Pay-per-Use web services to store your or your organisation data online, for instance a college uses student administration system to store their student records online Table 4.6 As stated above, the users who opted for No or Not Sure option about the awareness of the term “Cloud Computing” were presented Question 6. Apparently, all the respondents did select at least one of the Cloud-based services in response to this question. Those who had indicated their unfamiliarity with the term were informed though a note that if they have selected any of the options here, they are either knowingly or unknowingly using the Cloud-based services. 120 94 56 95 45

40 122

Figure 4.6: Cloud-service usage determinants

- 47 -

SECTION 2: ABOUT TECHNOLOGY – YOUR BELIEFS & ACCEPTANCE Question 7. When you hear about a cost-effective new technology, you first consider? Suitability to needs Compatibility with industry standards Deliverable as promised Relatively advantageous than the previous one Trial options will be offered to you to test it Visibility of its results from others Post-sales services will be offered by its vendor Unanticipated/Side-effects are considered by the vendor Table 4.7 Majority of end-users, up to 89.2% consider factors such how much of a new technology will be suitable to meet their needs while only a handful of them consider vendor’s obligation of offering post-sales services 30.8% and inventiveness of handling any unanticipated / side-effects of a given technology which stood at 27.5% 107 50 83 66 64 45 37 33 120

Figure 4.7: Primary factors considered before technology acceptance

- 48 -

Question 8. What describes you best amongst the following options in reference to adaptation to new technology? Innovator Early Adopter Early Majority Late Majority Laggards Table 4.8 The respondents were asked to describe themselves in the above groups which were coded and descriptions of these codes are as follows: Person who is an initiator, risk-taking, ready to change from current practices An opinion leader, ready to try out new ideas (technology) before others do Person who is thoughtful, careful but accepts changes more swiftly then others A skeptical person who will use technology only after majority is using it Traditional person who will accept technology once it has become mainstream and universally used Late Majority and Laggards formed the minority which contributed to only 5% of the total participants, whilst highest majority of 37.5% respondents were Early adopters. 36 45 33 4 2 120

Figure 4.8: Individual Innovativeness

- 49 -

Question 9. Which of the following factors influence you most in accepting / rejecting a new technology?
Proper training, knowledge and organisation's support  Social group’s acceptance : Peers/Colleagues point of view  Long‐term benefits associated with it  Ability to use the technology  Status symbol or Brand Image in using it  Others  TOTAL RESPONSES  60 29 84 77 9 7 119

Table 4.9 The query about the most influential factors generated a 70.6% reaction in favour of long-term benefits associated with the acceptance / rejection of a new technology. An astonishing piece of finding was the fact that only 7.6% of the respondents considered status symbol / brand image as a reason of using it.

80.0% 70.0% 60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0% 24.4%

70.6% 64.7%

Proper training, knowledge and organisation's support

50.4%

Social group’s acceptance : Peers/Colleagues point of view Long‐term benefits associated with it

Ability to use the technology 7.6% 5.9% Status symbol or Brand Image in using it

Others

Figure 4.9: Technology-Acceptance factors

- 50 -

SECTION 3: About Security & Privacy and Confidentiality of your data QUESTION 10. Consider the two cases below: Case 1: Organisations allow you to use their web-applications for various different purposes, e.g. storing millions of images and share them on Picasa, or uploading personal photos on social networking website such as Facebook, thereby allowing you to use their data storage infrastructure with minimal or no cost Case 2: The data which you actually stored, resides on a physical location unknown to most data storage companies through Cloud service-providers where such data can be shared or hacked by expert hackers On a rating of 1-5, where 1 is Completely Disagree and 5 is Completely Agree, select the option what you believe you would be most appropriate according to you while considering using storage services
Option Vs Choice  Use of open‐access and flexible data storage facility with minimal  or no cost to store your data, irrespective at cost of taking risks  No interference with personal photos and documents for benefits  such as free storage space  Continue using web‐space as it offers ease in uploading pictures  Observe others experiences and feel secured about such risks and  continue to use such services without being concerned about it   DISAGREE  57  45  16  31  NIETHER,  NOR  19  27  22  31  AGREE  39  42  77  53 

Table 4.10
Security Dilemma

Observe others experiences and feel secured about such risks and continue to use such services without being concerned about it

Continue using web-space as it offers ease in uploading pictures

No interference with personal photos and documents for benefits such as free storage space Use of open-access and flexible data storage facility with minimal or no cost to store your data, irrespective at cost of taking risks 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0%

Use of open-access and flexible data storage facility with minimal or no cost to store your data, AGREE NIETHER, NOR DISAGREE 33.9% 16.5% 49.6%

No interference with personal photos and documents for benefits such as free storage 36.8% 23.7% 39.5% DISAGREE NIETHER, NOR

Observe others experiences and Continue using web-space as it feel secured about such risks and offers ease in uploading pictures continue to use such services 67.0% 19.1% 13.9% AGREE 46.1% 27.0% 27.0%

Figure 4.10: Security Dilemma

- 51 -

Question 11. When visiting websites, they may collect and store your personal information to let you access their services, For e.g. Accessing information about air-tickets, etc. According to you as a user, if given a choice rate the privacy measures will you impose to protect your identity?
PRIVACY Vs RATING  Data Protection  Right to Control  Restrict Secondary Use  Identify website data collection and sharing process  Issue Digital Certificates  Inference and Linking Attack Protection  IMPORTANT  104  107  101  96  90  103  NIETHER, NOR  5  5  7  15  16  10  UNIMPORTANT 8  5  6  5  10  3 

Table 4.11 The privacy measures highlighted in the literature were tested on the end-users to analyse their views in relation to protecting themselves from issues such as identity theft, phishing, etc. Although, users were asked to rate from 1 to 5, their responses are condensed into groups of importance, neither important nor unimportant and unimportant. This helps in data analysing as well as presenting it effectively. The area chart depicts that most privacy related measures are important as highlighted below in dark. However, the gap keeps widening when factors such as issue of digital certificates are considered.
Privacy Dilemma
120.0%

100.0%

80.0% UNIMPORTANT 60.0% NIETHER, NOR IMPORTANT

40.0%

20.0%

0.0% Data Protection UNIMPORTANT NIETHER, NOR IMPORTANT 6.8% 4.3% 88.9% Right to Control 4.3% 4.3% 91.5% Restrict Secondary Use 5.3% 6.1% 88.6%

Identify website data collection and sharing 4.3% 12.9% 82.8%

Issue Digital Certificates 8.6% 13.8% 77.6%

Inference and Linking Attack Protection 2.6% 8.6% 88.8%

Figure 4.11: Privacy Dilemma

- 52 -

Question 12. When adopting to a Cloud solution, or using cloud web-services what according to you as a user, if given a choice what security measures will you add to your wish-list? (Multiple Choice)
Using these applications and services on a  familiar platform such as Windows OS,  Linux OS or Apple OS  Complete knowledge about infrastructure,  i.e. hardware used, the systems  Location of where your data is store  Control on secondary usage – to ensure the  information entered on the website once is  not used again by some other source  without your knowledge  Use of encryption techniques – to encode  your data to add an additional layer of  security in case the cloud vendors security  is hacked  Use of Authentication Processes – through  Open‐source software to create username  and password  Authorization practices – to create lists of  people who are authorised to access  information  TOTAL RESPONSES 

55 39 47

72

72

76

80 101
79.2% Using these applications and services on a familiar platform such as Windows OS, Linux OS or Apple OS Complete knowledge about infrastructure, i.e. hardware used, the systems

80.0%

71.3% 71.3%

75.2%

70.0%

60.0%

54.5% 46.5% Location of where your data is store

50.0% 38.6% 40.0% Control on secondary usage – to ensure the information entered on the website once is not used again by some other source without your knowledge Use of encryption techniques – to encode your data to add an additional layer of security in case the cloud vendors security is hacked Use of Authentication Processes – through Open‐source software to create username and password Authorization practices – to create lists of people who are authorised to access information

30.0%

20.0%

10.0%

0.0% Percentage

Figure 4.12: Security measures

- 53 -

5. DISCUSSION AND ANALYSIS
This chapter involves a discussion of the primary findings in context to the literature reviewed in Chapter 2. A blend of end-user characteristics such as their beliefs, perceptions, innovativeness, cultural dimensions are being analysed to comprehend the layers of security and privacy required to guarantee success in tackling the marketing challenges associated with this new form of computing. Data display and analysis approach is the procedure considered to analyse the data. Miles and Huberman (1994), suggest the use of such an approach as it does support the use of data into summary diagram or visual displays after data is organised and assembled, post data collection period, to highlight the findings.

The key findings discussed below, also provide an analysis about the marketing challenges from an end-user perspective. By studying their characteristics, behaviour, beliefs and attitudes, these findings present facts about dealing with Cloud Computing challenges of security and privacy to Cloud vendors.

KEY FINDINGS & DISCUSSION

1.

Importance of security measures are relatively higher than reducing the various costs which are incurred in the absence of cloud solution subject to sensitivity of data.

Security measures are important, but different for different user’s and different kinds of data. This was ascertained during this research as the same user may interpret security measures differently when dealing with different kinds of data. For instance, a lecturer may use their notes to share amongst his/her students and publish it on a student portal which improves the learning of a student. However, the lecturer (same user) may want to encrypt the data, or fear the confidentiality of sharing it when using an online tool to transmit information to the exams office about assessment of examination and marks obtained by each student.

- 54 -

This kind of data is considered as sensitive data while data which can be shared is non-sensitive data.

Participant’s usage was tracked by their responses about their web-based usage ranging from accessing e-mails, to storing pictures, video, using web-applications such as Google docs to web services such as pay-per use web services to store organisation data or backing up their hard-drive on a website. Although, the same user can select more than one option. However, the one’s who did select the options of backing up their hard-drive to an online website or using a pay-per-use Cloud service, were considered to be users of sensitive data. This may be potentially a limitation of this research which has been acknowledged in the subsequent chapter about limitations. However, the purpose of segregating sensitive and non-sensitive data through determining the web-usage of the participants was considered for this research as it is the first of its kind and the awareness of end-users is unknown. This approach of differentiating sensitive and non-sensitive data by simply confirming the web-usage, made it simpler for all the participants to comprehend.

An analytical test, using the cross-tab tool available through the Professional version of SurveyMonkey.com was carried out between the kinds of data, both sensitive and non-sensitive along with the kinds of security options considered by multiple users. This data was further plotted on Excel® spreadsheets using pivot tables and then represented in graphical format for presenting the data obtained.

The first option was to analyse if the end-users will continue using the open-access, flexible data storage systems which may involve risks as data is stored and accessible anywhere, which may be compromised. This was tested with users who backup their hard-drive data to an online tool and those who use pay-per-use services to store important organisational data as this kind of data would be sensitive in comparison to data such as e-mails, pictures, videos, etc.

- 55 -

The Figure 5.1 denotes that almost 50.0% of the users who backup their hard-drive to an online website and 42.5% of the users who use pay-per-use cloud services, disagree with the idea of taking risks for the benefit of using open-access, flexible data storage solution and saving on costs involved.

Use of open-access, flexible data storage systems at cost of risks

You will use open-access and flexible data storage facility with minimal or no cost to store your data which is accessible everywhere through internet which may be at the cost of taking risks as it may be shared to unknown users

42.5% Diasgree 50.0%

Neither Agree, Nor Disagree

27.5% 13.6%

Pay-per-Use web services to store your or your organisation data online, for instance a college uses student administration system to store their student records online Back-up your hard-drive to an online web-site

30.0% Agree 36.4%

0.0%

5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% 50.0% Sensitive Data

Figure 5.1: Use of open-access, flexible storage at cost of risks for Sensitive data

Similarly, a small proportion of 13.6% and 27.5% of hard-drive backup and pay-peruser services users respectively are neither in favour, nor against using cost-effective means of data storage which may be at risk. This leaves us with 36.4% end-users who backup their hard-drive and 30.0% end-users who prefer pay-per-use data solutions who may still wish to continue taking advantage of costs versus risks.

- 56 -

What was interesting to note, was the end-users with non-sensitive data such as using e-mails, storing pictures and videos, using web-application like Google docs do reflect a similar picture as seen below in the Figure 5.2, where almost 50% in each of the categories of different web-usage indicate their disagreement of taking risks sharing data at the cost vis-à-vis benefiting from the cost-effectiveness offered by these solutions.

Use of open access, flexible data storage systems at cost of risk

Y o u w ill use op en -acce ss a nd flexible da ta stora ge facility w ith m in im a l or no co st to sto re yo ur d a ta w hich is acce ssible e veryw h ere throu gh inte rne t w hich m a y b e a t th e cost o f takin g risks a s it m ay b e sha re d to u nkn ow n use rs

49.5% 50.9% Diasgree 50.6% 50.4%

16.5% Neither Agree, Nor Disagree 18.2% 18.7% 16.8%

Web applications such as Google Docs Store videos Store pictures / photos Web e-mail services such as Hotmail, G-mail, Yahoo Mail

33.7% 30.9% Agree 30.8% 32.8%

0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

Non-Sensitive Data

Figure 5.2: Use of open-access, flexible storage at cost of risks for Non-sensitive data

- 57 -

The second option being investigated was to examine if end-users want no interference with their personal data such as photos and documents, for benefits such as free storage space and they would rather prefer to send physical hard-copies to ensure complete data-security.

No Interference for benefits such as free storage space

You will want no interference with personal photos and documents for benefits such as free storage space, rather prefer to send physical hard-copies to ensure complete datasecurity

32.5% Diasgree 48.9%

Neither Agree, Nor Disagree

22.5% 23.3%

Pay-per-Use web services to store your or your organisation data online, for instance a college uses student administration system to store their student records online Back-up your hard-drive to an online web-site

45.0% Agree 27.9%

0.0%

5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% 50.0% Sensitive Data

Figure 5.3: No-interference preferred against free storage – Sensitive Data

As seen in the Figure 5.3 above, there are mixed responses where 45.0% of users of pay-per-use web-services prefer that there is no interference with their personal data such as photos and documents for free storage space or minimal cost, while 48.9% of end-users who backup their hard-drive to an online website rejected the idea of no interference to be able to save on cost. Another interesting observation is that almost 1/5th of these users are neither in favour nor against such interference which would be potentially an area of further research which is also evident in users of non-sensitive data where 1/4th of them reflect similar responses as seen in Figure 5.4 below.

- 58 -

No Interference for benefits such as free data storage

Y o u w ill w a n t n o in te rfe re n ce w ith p e rso n a l p h o to s a n d d o c u m e n ts fo r b e n e fits su ch a s fre e sto ra g e sp a c e , ra th e r p re fe r to se n d p h y sic a l h a rd -co p ie s to e n su re co m p le te d a ta se cu rity

39.8% 44.4% Diasgree 43.3% 39.3%

23.9% Neither Agree, Nor Disagree 24.1% 25.6% 24.1%

Web applications such as Google Docs Store videos Store pictures / photos Web e-mail services such as Hotmail, G-mail, Yahoo Mail

36.4% 31.5% Agree 31.1% 36.6%

0.0%

5.0%

10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% Non-sensitive Data

Figure 5.4: No-interference preferred against free storage – Non-sensitive Data

The third option was to verify if end-users for sensitive and non-sensitive data will continue using the web-space which offers free storage space and is relatively easier than maintaining physical data sets managed by themselves. It is clearly evident in Figure 5.5 and Figure 5.6 below, both sensitive and non-sensitive data end-users agree with continuing the use of web-storage space as it offers convenience in uploading in data such as pictures and documents in comparison to using physical modes of transfer, to transmit the data. Users of video storage solutions were the most prominent (78.2%) amongst the non-sensitive data segment who agreed to use such solutions as they offered expediency. While in the sensitive data segment, user who commonly back-up their hard-drive to an online website were the major advocates (72.7%) of Cloud based services.

- 59 -

Use of web-space as it offers ease in uploading data

You will continue to use their web-space as it offers ease in uploading pictures preferred through such web-services rather than using other modes of transferring or sharing pictures

15.0% Diasgree 13.6%

Neither Agree, Nor Disagree

20.0% 13.7%

Pay-per-Use web services to store your or your organisation data online, for instance a college uses student administration system to store their student records online Back-up your hard-drive to an online web-site

65.0% Agree 72.7%

0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

70.0%

80.0%

Sensitive Data

Figure 5.5: Using web-space which offers uploading ease – Sensitive Data

Using web-space as it offers ease in uploading data

You will continue to use their web-space as it offers ease in uploading pictures preferred through such web-services rather than using other modes of transferring or sharing pictures

13.5% 7.3% Diasgree 9.9% 14.1%

21.3% Neither Agree, Nor Disagree 14.5% 17.6% 18.7%

Web applications such as Google Docs Store videos Store pictures / photos Web e-mail services such as Hotmail, G-mail, Yahoo Mail 78.2%

65.2% Agree 72.5% 67.2%

0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

70.0%

80.0%

Non-sensitive Data

Figure 5.6: Using web-space which offers uploading ease – Non-sensitive Data

- 60 -

Observing peer experiences and feel secured

You will observe others experiences and feel secured about such risks and continue to use such services without being concerned about i

22.5% Diasgree 25.0%

30.0% Neither Agree, Nor Disagree 22.7%

Pay-per-Use web services to store your or your organisation data online, for instance a college uses student administration system to store their student records online Back-up your hard-drive to an online web-site

47.5% Agree 52.3%

0.0%

10.0%

20.0%

30.0% Sensitive Data

40.0%

50.0%

60.0%

Figure 5.7: Observing peer experiences & feeling secured - Sensitive Data

The fourth option was used to evaluate if end-users will be influenced by observing the experiences of their peers, when using the web-services based on Cloud Computing and the extent to which they would feel secured about using them especially when security and privacy risks are hindering the adoption of Cloud Computing technology.

Whilst the ratio of end-users who do observe peer experiences when using these webservices, and also feel a sense of security, was dominant as against those who disagree with the statement. However, as seen in the Figure 5.7, it does indicate when the people who neither agree nor disagree are considered along with those who disagree it outnumbers the number of people who do agree with feeling secured only because others are following the technology.

- 61 -

Observing peer experiences and feel secured

Y o u w ill o b serv e o th ers e xp e rien ces an d fee l se cu red ab o u t s u ch risks a n d co n tin u e to u se su ch serv ic es w ith o u t b ein g co n ce rn ed ab o u t i

21.3% 23.6% Diasgree 26.4% 27.5%

29.2% Neither Agree, Nor Disagree 30.9% 26.4% 26.5%

Web applications such as Google Docs Store videos Store pictures / photos Web e-mail services such as Hotmail, G-mail, Yahoo Mail

49.5% 45.5% Agree 47.2% 46.0%

0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% 50.0% Non-Sensitive Data

Figure 5.8: Observing peer experiences & feeling secured Non-Sensitive Data

The Figure 5.8, above suggests a similar trend for users of non-sensitive data such as e-mails, pictures, videos and web-based applications like Google documents which has the leading number of 49.5% respondents who agree being secured based on their peers perception.

Based on what has been discussed so far, end-users are often concerned about security of data, whether the data is sensitive or insensitive. Despite the availability of openaccess, flexible storage systems which reduces the maintenance, infrastructural and implementation costs, most users are not completely certain about the security measures provided by cloud vendors considering there are various risks involved as data may be accessible to anyone as it is available on the internet. These users realise that it is not possible to have absolutely no interference when it comes to publishing data such as pictures on the web.

- 62 -

Hence many users do prefer to use the web-space based on peer’s experiences about security of a particular cloud-service or a selective cloud-vendor. Thus the importance of security measures varies with the sensitivity of data along with various considerations as discussed earlier.

- 63 -

2.

Knowledge of the physical location of the data is not the most critical information desired by the end-users but does hold some relevance.

As learnt from the literature in Chapter 2, where authors have highlighted the significance of knowing the physical location of the data stored, the same was assessed amongst the end-users. The cross-tab tool and the filter option were particularly useful to conduct a content analysis where the characteristics of end-users such as their web usage, their awareness about Cloud services, and their innovativeness in accepting technology were systematically identified to understand the intensity of knowledge about the physical location of the data storage.

Web-usage Types Vs Importance of Location
Web applications such as Google Docs

45.7% 47.3%

Store videos

Store pictures / photos

48.2% 45.2% 55.5% 54.5%
Pay-per-Use web services to store your or your organisation data online Back-up your hard-drive to an online web-site Web e-mail services such as Hotmail, G-mail, Yahoo Mail

0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

Figure 5.9: The importance of knowledge about physical location to end-users based on their usage

The first characteristic which was studied to analyse the importance of identifying the physical data location was the end-users different web usages. As seen in the Figure 5.9, the X-axis denotes the percentage of end-users who feel knowing the physical data storage location is important whilst the Y-axis highlights the different kinds of web-services used by these end-users. The range of this importance varies from 45.2% for users of web e-mail services up to 55.5% of pay-per-use web service users.

- 64 -

Although, these figures may seem to be worth mentioning, however, it was found insignificant when other security measures were analysed in following sub-sections.

The second characteristic was studied by integrating the aspect about the CloudComputing awareness of the end-users relative to their opinion about importance of knowing the physical data location of the data they store on the internet.

Importance of Knowledge of Physical Data Location Vs Cloud Computing Awareness

80.0% 60.0% 40.0% 20.0% 0.0% Importance about knowing the location of where your data is stored 43.7% 80.0% Yes, I am aware about it and use it quite oftenly 44.4% No, I am not aware or used this technology Not sure, I have heard the term, but not sure what it is exactly

Figure 5.10: The importance of knowledge about physical location to end-users based on their awareness about Cloud Computing

Figure 5.10 exhibits that only 43.7% of aware end-users believe that knowing the physical location is important security measure while 44.4% of informed users feel likewise. Although the figure above does denote 80.0% of unaware users consider physical data location as a vital piece of information in securing the data hosted on the web, a key consideration is the fact that only 5 out of the 122 participants were in this category. (Refer to page 42, Table 4.5)

The third characteristic, concerning the rate of innovativeness of an individual was amongst the last determinant of analysing the importance of knowing the location of the data stored.

The innovativeness of the end-users is an ideal personality trait in analysing the role of security measures such as the information about location of the data store or the lack of it.

- 65 -

Importance of knowledge of physical data location Vs Rate of Innovatiness

60.0% 50.0% 40.0% 30.0% 20.0% 10.0% 0.0%

52.9% 40.0%

46.9% 25.0%

50.0%

Innovator Early Adopter Early Majority Late Majority Laggards

Importance about knowing the location of where your data is stored

Figure 5.11: Importance of knowledge about physical location to end-users based on Rate of Innovativeness of an Individual

The end-users who possess diverse rate of innovativeness, were questioned about importance of knowing the physical data location as a security measure. As Figure 5.11 signifies, the variation of the least number being 25.0% of Late Majority users who are skeptical of using a technology unless majority is using it, while 52.9% of innovators who are risk-bearing and always ready to transform from existing practices were the most renowned believers of this information which acts as a considerable factor in securing data over Cloud-based services.

The outcome of this analysis as discussed thus makes it lucid, that knowing the physical data location of their data does act as an important measure of security in the minds of most end-users. However, as there are a number of end-users, who disregard it, suggests that although it is essential to know the location but is not the most critical security measure to prevent any unwanted sharing of data or avoiding of similar risks, when adopting a Cloud solution. Subsequent discussions and analysis will further establish the most critical security measures when other key choices are appraised.

- 66 -

3. Layers of security such as creating Authentication practices and using Authorisation processes are most vital when the aim of the Cloud service provider is to ensure maximum security with utmost reliability, followed by practising encryption and restricting secondary use of data.

The next step in investigating the layers of security while using Cloud solution was to check the different security measures. As discussed in the literature against the enduser’s innovativeness in adopting a relatively new technology in data storage solutions.

Security Measures amongst different individual innovativness
120.0% 100.0% 80.0% 60.0% 40.0% 20.0% 0.0%
Use of familiar Having complete Location of Use of Use of Authorization Control on platforms for knowledge about where your data encryption Authentication practices – to secondary usage web-services / infrastructure, is store techniques – to Processes – create lists of 61.8% 42.2% 59.4% 25.0% 50.0% 32.4% 35.6% 40.6% 25.0% 0.0% 52.9% 40.0% 46.9% 25.0% 50.0% 58.8% 77.8% 75.0% 100.0% 50.0% 67.6% 71.1% 75.0% 100.0% 50.0% 79.4% 77.8% 75.0% 75.0% 100.0% 76.5% 80.0% 78.1% 75.0% 100.0%

Innovator Early Adopter Early Majority Late Majority Laggards

Innovator Early Adopter Early Majority Late Majority Laggards

Figure 5.12: Importance of security measures based on individual innovativeness

As seen in Figure 5.12, the different security measures such as familiarity of platforms, knowledge about infrastructure, physical location of data storage, control on secondary usage, use of encryption techniques, authentication processes and authorisation practices are represented in the graph based on the rate of innovativeness of the individual end-users.

- 67 -

The primary security measures are mainly, the use of authentication processes at 79.4% amongst Innovators, Authorisation practices at 80.0% and 78.1% amongst Early Adopters and Early Majority respectively. Similarly amongst the late majority, use encryption techniques (100.0%) and control on secondary usage (100.0%) were the most significant layers of security measures. Laggards, also contributed richly accumulating for 100.0% share of end-users who chose authentication processes through open-sources software to create usernames and password as well as authorization practices as the primary layers of security when using web-services or web-based applications.

Security Measures Overall
Having complete knowledge about infrastructure, i.e. hardware used, the systems

Location of where your data is store 35.0%

45.3%

Use of familiar platforms for webservices / apps

52.1% Control on secondary usage c 71.8% Totals 71.8%

77.8%

Use of encryption techniques – to encode your data to add an additional layer of security in case the cloud vendors security is hacked Use of Authentication Processes – through Open-source software to create username and password Authorization practices – to create lists of people who are authorised to access information

78.6%

0.0%

20.0%

40.0%

60.0%

80.0%

Figure 5.13: Importance of security measures on all end-users

- 68 -

Figure 5.13 describes the importance of different security measures amongst all endusers who have participated in this research. The most critical factors evident are authorization practices (78.6%) and authentication processes (77.8%) followed by use of encryption techniques and restricting secondary usage at (71.8%)

- 69 -

4.

Cultural differences do play a profound role when data confidentiality and privacy of Cloud-based solutions are measured.

The end-users who participated in this research were further categorized based on their ethnicity to highlight the impact played by their cultural differences in the adoption of technology. The aim of analysing the responses of end-users in a culturewise distribution of various privacy choices was to figure out what do end-users from different ethnic backgrounds, think about data confidentiality and how do they go about using web-based applications and services based on clouds, considering the risks of data being accessible anywhere on the internet and possibly shared to unknown users.

The decision of using an open-access flexible data storage which may be at a risk amongst different end-users from various ethnicities was amongst the first privacy choices which was analysed. An important observation before considering the barchart below is out of the 122 respondents, the majority of them fall into the category of Indians (30.3%), White-Others (20.5%), and Europeans (18.0%), while the percentage of Hispanic was almost negligible (0.8%) (Refer to Page 40 for details)

The chart in Figure 5.14, below depicts end-users belonging from ethnic backgrounds associated with most developed countries such as Americans, White-British, WhiteOther’s are more sensitive to sharing their data using flexible cloud solutions where there is any risk involved which is the first of privacy choices analysed in this section. The figures obtained speaks for itself where 80.0% Americans, 75.0% Whites British and 50% of Whites from Other countries disagree with the choice of taking data sharing risks by adopting to a Cloud solution in order to protect their privacy rights.

The only exception amongst users from developed countries are European end-users who are mostly in favour of adopting to a cloud solution even at risks of data sharing, while 35% of them still disagree.

- 70 -

Using open-access, flexible data storage solutions at risk of data sharing

Brazilian Hispanic Chinese Indian Asian African European American White –Other White – British 0% 20.0% 20.0%

33.3%

33.4% 100.0% 60.0% 20.0% 20.0% 60.0% 22.3% 50.0% 15.0% 80.0%

33.3%

20.0%

44.4% 50.0% 50.0%

33.3%

35.0%

33.3% 25.0% 10% White – British 20% White –Other 50.0% 16.7% 33.3% 30% American 80.0% 0.0% 20.0%

16.7% 75.0% 40% European 35.0% 15.0% 50.0% 50% African 50.0% 0.0% 50.0% 60% Asian 33.3% 22.3% 44.4% 70%

50.0%

80% Indian 60.0% 20.0% 20.0%

90% Chinese 20.0% 20.0% 60.0%

100% Hispanic 0.0% 0.0% 100.0% Brazilian 33.3% 33.4% 33.3%

Diasgree Neither Agree, Nor Disagree Agree

75.0% 0.0% 25.0%

Agree

Neither Agree, Nor Disagree

Diasgree

Figure 5.14: Culture-wise distribution of end-users willingness to use Open-access flexible solutions even at risk of data sharing

On the other hand, when responses from end-users, from developing countries were examined, their denial to using cloud-based web-services and applications was considerably lower. Asians accounted for 33.3% while only 20.0% of Chinese endusers were concerned about risks like personal data being shared to unknown people when uploaded on Cloud-based servers. Indians, amongst this assortment, were most concerned with such risks and 60.0% refused the proposal of using such solutions considering the risks involved therein. The responses from end-users representing South American countries like Brazil chose evenly accounting for 33.3% for all the three choices.

- 71 -

The second privacy choice involved identifying the different cultural beliefs in transmitting personal data such as picture through physical distribution by ways of hard-copies, burning data on CD’s / DVD’s, transmitting through USB sticks and having no interference what-so-ever in this aspect.

Users wanting no interference with personal data and prefering to send physical hard-copies

Brazilian Hispanic Chinese Indian Asian African European American White –Other White – British 0% 10% White – British Diasgree Neither Agree, Nor Disagree Agree 71.5% 0.0% 28.5% 28.5% 20% 30.0% 20.0% 20.0%

50.0% 100.0% 60.0% 40.0% 44.4% 50.0% 30.0% 28.6% 11.2%

33.3%

16.7%

20.0% 31.4% 44.4% 50.0% 40.0% 60.0%

41.7%

16.6% 71.5% 30% American 60.0% 20.0% 0.0% 40% European 40.0% 30.0% 30.0% 50% African 50.0% 0.0% 50.0% 60% Asian 44.4% 11.2% 44.4% 70%

41.7%

80% Indian 31.4% 28.6% 40.0%

90% Chinese 20.0% 60.0% 20.0%

100% Hispanic 100.0% 0.0% 0.0% Brazilian 16.7% 33.3% 50.0%

White –Other 41.7% 16.6% 41.7%

Agree

Neither Agree, Nor Disagree

Diasgree

Figure 5.15: Culture-wise distribution of end-users wanting no interference with personal data

A similar trend was observed between end-users from developing and developed countries. For instance, British and Americans respondent show a majority of 71.5% and 60.0% respectively, disagreeing with the thought of no interference with their personal data and being strict about protecting their data by following rigid approach while transferring data. This observation signifies that these end-users prefer flexibility in storing and transmitting data at the same time are concerned about protecting it from being available to unknown entities. The other majority are endusers from Africa (50.0%), Asia (44.4%) and India (40.0%) who agree with no interference with their personal data.

- 72 -

The third choice to analyse, although may seem identical to the previous two discussed above. However, the major consideration over testing this choice amongst end-users belonging to various backgrounds was to key in the importance of use of web-space due to uploading ease. Although, it can still be argued that similar analysis is conducted between these variables, however in my view it was important to find how much would the ease in uploading, be a factor in comparison to the difficulty in using physical means of data transmission, discussed in the previous privacy choices.

Users prefering to use web-space as it offers ease in uploading

Brazilian Hispanic Chinese Indian Asian African European American White –Other White – British 0% 10% White – British Diasgree Neither Agree, Nor Disagree Agree 25.0% 25.0% 50.0% 20% White –Other 25.0% 25.0% 50.0% 50.0% 50.0% 30% American 0.0% 20.0% 80.0% 60.0% 60.0%

83.3% 100.0% 40.0% 74.3% 88.9% 100.0% 20.0% 80.0% 25.0% 25.0% 40% European 20.0% 20.0% 60.0% 50% African 0.0% 0.0% 100.0% 60% Asian 0.0% 11.1% 88.9% 70% 80% Indian 11.4% 14.3% 74.3% 14.3%

16.7%

11.4% 11.1%

20.0% 20.0% 25.0% 25.0% 90% Chinese 0.0% 40.0% 60.0% 100% Hispanic 0.0% 0.0% 100.0% Brazilian 0.0% 16.7% 83.3%

Agree

Neither Agree, Nor Disagree

Diasgree

Figure 5.16: Culture-wise distribution of end-users preferring to use web-space due to its ease in uploading

As seen in Figure 5.16, the end-users belonging to the White ethnicity (both, British and Others) are the least amongst the group at 50.0% who agree with the ease of uploading being a dominant factor impacting their need for keeping data confidential / protect its confidentiality.

- 73 -

Statistics of each of the other representatives imply that ease in uploading is central to attract web-usage through Cloud-based solution despite of cultural differences.

The final choice, was straight-forward, precise and aimed at identifying end-user opinions about feeling secured in respect to privacy risks, by observing others experiences. This analysis would not only be beneficial to address the privacy risks but also helps to tackle the security issue which is a crucial marketing issue in adoption of Cloud Computing technology.

Users who observe others experiences and feel secured about privacy risks

Brazilian Hispanic Chinese Indian Asian African European American White –Other White – British 0% 10% White – British Diasgree Neither Agree, Nor Disagree Agree 50.0% 12.5% 37.5% 16.7% 37.5% 20%

50.0% 100.0% 60.0% 57.1% 55.6% 100.0% 55.0% 60.0% 45.8% 12.5% 30% American 0.0% 40.0% 60.0% 40% European 15.0% 30.0% 55.0% 50% African 100.0% 0.0% 0.0% 60%

33.3%

16.7%

20.0% 17.1% 22.2%

20.0% 25.8% 22.2%

30.0% 40.0% 37.5% 50.0% 70% Asian 22.2% 22.2% 55.6% 80% Indian 25.8% 17.1% 57.1%

15.0%

90% Chinese 20.0% 20.0% 60.0%

100% Hispanic 0.0% 0.0% 100.0% Brazilian 16.7% 33.3% 50.0%

White –Other 37.5% 45.8% 16.7%

Agree

Neither Agree, Nor Disagree

Diasgree

Figure 5.17: Culture-wise distribution of end-users who observe others experiences in feeling secured about privacy risks

Figure 5.17, above shows a complete contrast to the previous choices where responses of end-users from developing and developed countries were discussed and analysed. The culture-wise distribution of end-users who feel secured about privacy risks by observing others experience demonstrated that 60% Americans, 55%

- 74 -

Europeans, 55.6% Asians, 57.1% Indians, 60% Chinese and 100% Hispanic ethnicities were influenced by peers, colleagues and others more than their counterparts.

Despite of analysis between the two variables of ethnic background and the privacy options they prefer, what was desired to diagnose was the cultural impact into the rate of individual innovativeness.

Culture Vs Innovativeness

Person who is an initiator, risk-taking, ready to change from current practices 8.3% 27.8% 5.6% 16.7% 5.6% 2.8% 30.6% 2.8% 0.0% 0.0%

An opinion leader, ready to try out new ideas (technology) before others do 8.9% 17.8% 2.2% 26.7% 0.0% 6.7% 28.9% 0.0% 0.0% 8.9%

Person who is thoughtful, careful but accepts changes more swiftly then others 3.0% 12.1% 3.0% 9.1% 0.0% 12.1% 39.4% 12.1% 3.0% 6.1%

A skeptical person who will use technology only after majority is using it 0.0% 50.0% 25.0% 0.0% 0.0% 25.0% 0.0% 0.0% 0.0% 0.0%

Traditional person who will accept technology once it has become mainstream and universally used 0.0% 50.0% 0.0% 0.0% 0.0% 50.0% 0.0% 0.0% 0.0% 0.0%

White – British White – Other American European African Asian Indian Chinese Hispanic Brazilian

Table 5.1: Culture Vs Rate of Individual Innovativeness

The majority of response rates were from end-users belonging to communities such as Indian, White-Others, Europeans and Americans. As seen in Table 5.1 above, only concentrating on this majority, their rate of innovativeness varies and hence they are classified into different groups based on their individual innovativeness. Indian’s contribute to a majority of Early Majority at 39.4%, Europeans end-users are primarily Early Adopters with a majority of 26.4%, while 25.0% of American respondents who participated in this research accounted for mostly late majority who accept use of technology when the majority has accepted it.

- 75 -

5.

The most influential factor initially in the decision making process about technology acceptance is primarily based on suitability of needs, while they perceive technology as acceptable if there are long-term sustainable benefits associated with its acceptance

The respondents were also questioned about the most influential factor when it comes to first hearing about a cost-effective technology. The reason the question specifically stated “cost-effective” was to present the option to disregard the cost factor involved which may be a distinguishing factor based on income-levels of an end-user. Since this study does not go in-depth in studying individual characteristics of income levels, which could possibly be an area of further research.

The results as seen in Figure 5.18, implies that when a new technology comes into existence, the 89.2% end-users focus on it’s suitability to their needs before considering making any decision about acceptance or rejection of the same.

Factors initially considered in decision making process about technology acceptance
27.5% 30.8% 37.5% Response Percent 41.7% 89.2% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 53.3% 55.0% 69.2%

Whether any unanticipated / side-effects of the new technology are looked upon by the service-provider Whether Post-sales services will be offered by its vendor Whether visibility of its results are seen already Whether any trial options will be offered to you to test it Whether it is relatively advantageous than the previous one Whether it will deliver as promised Whether it is compatible with industry standards Whether it is suitable to your needs
Figure 5.18: Factors influencing end-users at the initial stage of newly developed technology

- 76 -

The next most crucial factor is whether the given technology will deliver as promised. Cloud vendors, like most marketers make promises to attract the use of Cloud-based data storage systems.

Based on this reason, end-users as much as 69.2% of the total respondents opted for deliverability standards as promised.

When you hear about a cost-effective new technology, you first consider? (Multiple Choice) Whether it is suitable to your needs Whether it is compatible with industry standards Whether it will deliver as promised Whether it is relatively advantageous than the previous one Whether any trial options will be offered to you to test it Whether visibility of its results are seen already Whether Post-sales services will be offered by its vendor Whether any unanticipated / side-effects of the new technology are looked upon by the service-provider

Response Percent 89.2% 41.7% 69.2% 55.0% 53.3% 37.5% 30.8% 27.5%

Response Count 107 50 83 66 64 45 37 33

Table 5.2: Response-percent and Response-Count (Max: 100% or 120 responses, 2 skipped)

The Table 5.2 represents rest of all the other factors such as compatibility with industry standards, relative advantage over the previous technology, trial-ability options, visibility of the results of the given technology, post-sales services offers and any other unanticipated / side-effects being looked upon by the service provider.

- 77 -

The next set of responses were analysed to distinguish the most crucial factors while accepting / rejecting a new technology. There was an open-ended text-box also incorporated to capture any factors which may have been overlooked. The end-users were thereby encouraged to specify any factors not present in the original questionnaire design.
Factors influencing while accepting / rejecting a new technology

5.9% 7.6% 64.7%

Response Percent
24.4% 50.4%

70.6%

0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

70.0%

80.0%

Proper training, knowledge and organisation's support Long-term benefits associated with it Status symbol or Brand Image in using it

Social group’s acceptance : Peers/Colleagues point of view Ability to use the technology Other (please specify)

Figure 5.19: Factors influencing end-users while accepting / rejecting a new technology
Which of the following factors influence you most in accepting / rejecting a new technology? (Multiple choice answer) Proper training, knowledge and organisation's support Social group’s acceptance : Peers/Colleagues point of view Long-term benefits associated with it Ability to use the technology Status symbol or Brand Image in using it Other (please specify) Response Percent 50.4% 24.4% 70.6% 64.7% 7.6% 5.9% Response Count 60 29 84 77 9 7

Table 5.3: Response-percent and Response-Count (Max: 100% or 119 responses, 3 skipped)

The table 5.3 represent the various factors along with the percentage & count of endusers who selected the particular choices. The most common amongst all the endusers was the long-term benefits associated with the given technology (Cloud Computing), in context to this research. 70.6% of end-users were concerned about the long term benefits offered by Cloud-computing to maintain sustainable competitive advantage in the long-run. The other two factors were closely associated to each other namely the ability to use technology (64.7%) and support from organisation through imparting knowledge and training (50.4%)

- 78 -

6.

Uncertainty avoidance affects the end-user behaviour differently based on their age and gender

It has been learnt from the literature that there are various uncertainties which revolve around the technology acceptance model. Users are wary about many unknown possibilities associated with the technological adoption. This research does involve addressing the question as to which are the key uncertainty elements, which if controlled may affect end-user behaviour positively by studying their characteristics and their behaviour. Participants from different age-groups and genders were presented a series of alternatives in considering adoption of technology from the time they first hear about a new technology (Cloud-computing, in context of this research), till the end of the decision-making process about accepting or rejecting its use. The charts below highlight the key uncertainty areas both gender-wise and age-wise to prove the above finding.
Gender-wise distribution of crucial uncertainty factors
Service provider's initiative in taking Un-anticipated / side-effects into account Post-sales services offered by the vendor Visibility of results seen already Trial options offered to test it Relatively advantageous over previous technology Deliverable as promised Compatiblity to industry standards Suitability to your needs 0.0% 10.0 % 20.0 % 30.0 % 40.0 50.0 60.0 % % % Male Female 70.0 % 80.0 % 25.0% 45.0% 90.0% 89.0% 90.0 100.0 % % 20.0% 29.0% 20.0% 33.0% 35.0% 38.0% 50.0% 54.0% 55.0% 55.0% 70.0% 69.0%

Figure 5.20: Gender-wise distribution of uncertainty factors

Figure 5.20, highlights that suitability of needs of a given technology to an end-user is the most crucial factor which if looked upon by the cloud-vendors will pay rich dividends in acceptance of this new form of computing.

- 79 -

Most men and women, 89.0% and 90.0% respectively have chosen this factor associated with the market uncertainty as described by Moriarity et.al (1989), Gardner, D (1990) and Moore, G (2002).

This is followed by the technological uncertainty of deliverability as per promises of the cloud-vendors. A similar ratio of 69.0% and 70.0% was observed between the males and females who opted to participate for this research. An observation worth mentioning was the difference of opinion regarding the compatibility of industry standards offered by Cloud-based solutions between the two genders where 45.0% men supported, only one quarter of women considered it as an crucial uncertainty factor.

Similarly, the age-wise distribution below in Figure 5.21, illustrates an interesting disparity between end-users of different age-groups. Identical to the gender-wise distribution of crucial uncertain factors selected by end-users about acceptance of technology, suitability of needs and deliverability of technology as promised does appear to the be most prominent factor across all ages between 18 – 29 years, 30 – 49 years and 50 – 64 years old.
Age-wise distribution of crucial uncertainty factors
Service provider's initiative in taking Un-anticipated / side-effects into account Post-sales services offered by the vendor Visibility of results seen already Trial options offered to test it Relatively advantageous over previous technology Deliverable as promised Compatiblity to industry standards Suitability to your needs
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0%

23.9% 27.9% 30.0% 35.8%

50.0%

23.3%

34.3% 37.2% 40.0% 48.8% 49.3%

60.0%

58.2% 70.0% 60.5% 67.2% 69.8% 80.0%

30.0%

41.8% 44.2% 80.0% 83.7%
80.0% 90.0%

94.0%
100.0%

18 – 29 years

30 – 49 years

50 – 64 years

Figure 5.21: Age-wise distribution of uncertainty factors

- 80 -

Yet again, factors such as service providers initiative in reference to un-anticipated side-effects is more popular 50.0% amongst the age group of 50-64 years.

A similar trend is observed for factors such as visibility of results and relative advantage over the previous technology where end-users from the 50-64 year agegroup rated them 60.0% and 70.0% respectively.

- 81 -

7.

The significance of privacy in relation to Cloud-based information systems has multiplied as most end-users like to see the Cloud vendors impose a series of privacy measures. One can only ensure that the required data is shared while PII is protected, if the combination of all the privacy measures is practised simultaneously.

Privacy control measures advocated by authors like Bagehi and Atluri (2006), Jahankhani (2009) and Velte (2010) were put to test using this research to test the end-user's opinions about the combination of these techniques. Using a Likert's scale rating of 1-5, (where 5 was treated as most important and 1 as least important), based in the order of importance six variables were tested as stated in the previous chapter (Refer Figure 4.11, Page 48). Among the total respondents, 91.5% of the end-users felt their identity and personal information was protected if the websites disclose who may have access all their personal information. This right to control not only seemed to bestow confidence to these users to protect their identity, but also offer them an incentive to use cloud-based services as they may decide who can / cannot view their personal data.

On the other hand, privacy control measures like identifying the data collection and sharing process by websites and issuing digital certificates were identified to be not to important as 26.7% of the population opted for the 3 rating which signified that although they may help restoring confidence in the minds of the end-users about the challenges of Cloud data privacy, however its absence may not affect one-fourth of them. To add to this, 12.9% of the participants viewed it as completely unimportant. Despite of the popularity of using such digital certificates in the banking industry for its online customers, to make it more secured and protect customers from identity thefts, this research highlights that from an end-user point of view, issuing of digital certificates alone, does not suffice the purpose. Moreover, some end-users who visit these websites are not concerned, if their data is collected, stored and shared with any other organisation, which is contrary to what the literature states.

- 82 -

6. CONCLUSION
By investigating attitudes, perceptions, beliefs and behaviour of the end-users of Cloud computing, this dissertation explained the importance of analysing end-users opinions when attempting to tackle issues of data security and privacy. High-tech marketers, such as cloud vendors unlike other marketers have to focus on more than just managing the traditional marketing mix of 4Ps. While the traditional marketing campaigns include a series of activities one uses to spread the word out, to get through to the right people in an effort to be identified by others, to identify Who they are?, to communicate What they are into? and to notify Where they can be found?, the marketing of cloud computing services is managed through vendors CRM Marketing, where multiple campaigns are integrated and managed across diverse systems. For instance, Salesforce™, an enterprise cloud-computing company manages their campaigns through Salesforce CRM Marketing, an integrated multi-layered approach which assists them in protecting the critical user data along with ensuring that cloudbased applications, processes and systems are monitored and improved upon in order to meet the challenges and ever-increasing demands of security.

6.1. Research Aims – Restated
The current study was undertaken with an aim to determine key attributes of endusers which may be useful to cloud vendors in meeting security and privacy challenges from an end-user perspective. The level of data security and confidentiality varies across individual end-users from different cultures as their beliefs, attitudes and perceptions differ. While these characteristics were being examined during the research, another decisive study about key variables to avoid uncertainty revolved around this research work. The literature discussed in the beginning of this study predominantly included thoughts and studies about technology acceptance, in context to Cloud computing and its challenges by different writers. However, by and large all the studies were from an organisation perspective, giving least amount of interest to end-user’s point of view about such challenges.

- 83 -

The complex nature of security and privacy issues was a driving force in conducting this research to comprehend what Cloud-computing has to offer as it is considered to be the next-big thing after world-wide-web.

6.2. Summary of the Findings
This section summarizes the findings of this research.

1. Irrespective of the data sensitivity, almost ½ of total end-users oppose the use of open-access & flexible data storage facility when there is an element of risk involved, such as data sharing to unknown users

2.

¼ of the total respondents are neither in favour, nor against no interference with their personal photos and the remainder ¾ is evenly distributed across for and against sharing data through physical distribution.

3. Ease in uploading data on such cloud-based servers does entice users in continuing using web-space especially in case of backing up hard-drive to an online website (Sensitive Data) and storing videos which is usually considered as Non-sensitive data

4. Near-about half of participants feel secured by observing peer experiences about a technology.

5.

Identification or knowledge about physical data location is not the most critical piece of information considered necessary by expert end-users who use variety of web-usage services and possess different levels of innovativeness levels

6. Instead, the most important element when considering layers of security is creating lists of people who are authorised to access information by following authorisation practices, followed by using authentication procedures.

- 84 -

It is here where open-source software’s can be best employed to create usernames and passwords

7. Culture affects the end-users willingness to use cloud-based solutions in the presence of risk such as data sharing to unknown users over the internet. For instance; 75% of British respondents were willing not to use cloud based data storage facility while 60% of the Chinese participants responded in the affirmative

8. Observing others experiences and feeling secured about privacy risks is another common view across cultures

9. Technology which can prove its made to suit end-user needs and has long-term benefits cannot fail

10. End-users belonging to different genders and age-groups may feel differently about kinds of uncertainties. For instance, only 25% females feel compatibility of industry standards is crucial to the success of a given technology, whilst almost half of the male population opted in favour for it. Similarly, more than 50% end-users in the age-groups of 50-64 years old are concerned about visibility of results of a given technology and whether the service provider is taking into account any unanticipated side-effects. In comparison, less than 1/3rd of the younger population are apprehensive about these uncertainty factors.

11. When it comes to protecting personal identified information (PII), end-users sense security increases if web-sites disclose who may have access to the information they enter upon using a cloud-based service. The right to control their information, is thus a key right upon exercising which the end-users acquire assurance about data privacy

- 85 -

6.3. Significance of the Research
The findings of this research support the fact that security is a primary concern for end-users when adopting cloud-based storage solutions. This is more significant when the data sensitivity is measured. Through this research, the data sensitivity was considered by analysing the web-usage of the end-users. Results prove that an element of risk of data security such as data access to unknown users may be adequate for more than 50% end-users not to use web-based services where their data (irrespective whether sensitive or non-sensitive) needs to be stored on cloud-based storage systems. In practice, this offers the cloud-vendors an incentive to develop secured cloud-solutions targeted to all kinds of end-users with no separate investment of time and money for different data types. The study established a few interesting findings such as evenly distributed responses between end-users who prefer no interference with their data by using physical distribution mechanisms against other end-users who are in favour of data intervention rather than using physically transmitting data through USB sticks, CD’s and DVD’s.

The cloud service providers can be benefited by this study as it encompasses certain facts which may be practically employed when marketing cloud-storage solutions. The ease in uploading data was one such determinant of the popularity of cloud-based services amongst end-users, particularly those who backup their hard-drive to an online website and others who store videos online. The significance of peer’s experiences in the acceptance of technology rose as an empirical evidence through this study. While this research provides knowledge to the cloud service provider of what’s required to enable them to effectively market these solutions, it does highlight on some not too important areas which can be overlooked so as utilise available resources effectively. The study does suggest, knowledge about physical data location is not the most crucial factor which was contrary to studies by Jahankhani et. al (2009). Firstly, in lieu of such knowledge, the list of people authorised to access information entered while using cloud-services on websites does generate confidence in the minds of the end-users. Cloud providers can be best served by investing in educating the end-users by following authorisation procedures to create such lists.

- 86 -

To second that, the use of open-source software and virtual infrastructure should be encouraged. This involves a dynamic mapping of the available resources to one’s business, which will result not only in decreasing the cost of efficiencies, but would also help increasing responsiveness and efficiencies. With a selection of such

infrastructure in place, creation of user-names and passwords by following authentication practices can only help cloud-vendors tackling the challenge of data security and privacy revolving over the Cloud Computing technology.

As studied in the literature, the research study proved that culture is an integral constituent when dealing with the acceptance of technology. By studying individual characteristics, such as age, gender, ethnicity, first language / preferred language, etc. this study was aimed at exploring the effects of culture on data security and privacy issues related to data storage using Cloud-based storage systems. Although linguistic effects were not tested during this research, it was included in the questionnaire design to verify if language was a barrier in end-users comprehensibility of the term “Cloud-computing”. The fact that 88.5% of respondents responded affirmatively about the awareness of the term was an adequate enough piece of evidence based on which the decision to neglect language effect in this research was taken. In addition, the research does emphasise that despite of cultural differences, a common observation across cultures is that effect of other’s / peers experiences in feeling secured about publishing data using cloud-based storage systems.

Most importantly, the study advocates cloud-vendors to innovate and arrive at technology solutions focussed on suiting end-user needs and offering long-term benefits to gain competitive sustainable advantage. This is possible by keeping a check on various uncertainty factors. As this study includes findings of different uncertainty factors for end-users in different age-groups and belonging to both genders, the cloud vendors are presented a road ahead to develop storage solutions targeted at various segments. Lastly, the impact of right to control and restricting the secondary use of data does seem to be the way forward for cloud-vendors in protecting personally identifiable information, particularly after this study.

- 87 -

To conclude, the findings of this research enhance our knowledge about data security and privacy from an end-users perspective. The factors considered by these end-users as important can be useful for service providers in formulating a new business strategy whilst developing suitable solutions which are more secured and ensure protection of data stored through Cloud Computing technology.

- 88 -

7. RECOMMENDATIONS
The study in this research highlights the importance of understanding end-user behaviour when promoting the use of a new technology such as cloud computing. Upon analysing the responses of the end-user, it was evident certain key findings would generate valuable recommendations for providers of Cloud-based storage solutions. The end-user perspective was intentionally chosen as an area of research as not much literature has been written in context of acceptance of Cloud computing, particularly focussing on the security and privacy challenges.

These recommendations for cloud-vendors after studying the end-users through this study are as follows:

a) Reducing risk element, irrespective of data sensitivity: The cloud-vendors or the service providers providing cloud-based storage solutions may focus on reducing the risk element when offering any Cloud-based services, without compromising on data which may be insensitive. Often levels of data security are associated with data sensitivity. From an organisation perspective, it may be advisable to offer additional security depending upon data sensitivity. However, as the research findings highlight irrespective of data sensitivity more than 50% end-user resist the temptation of using cloud services at the cost of risks involved.

b) Cashing-on the known benefits: The responses obtained from the end-users suggests there are some core-deliverables like ease in uploading which is one of the core benefits of cloud services. Marketing issues such as privacy and security have prevailed for a number of years in the software industry. However, as this study suggests certain known benefits like ease in uploading, other’s / peers experiences about feeling secured should be utilised more often by cloud-vendors as these are the core factors why end-users adopt for such cloud-services.

- 89 -

c) Acknowledging cultural differences in technology acceptance: The research findings emphasised the impact of cultural differences on end-users willingness to use cloud-based solutions. Cloud vendors are aware about it. However, through this study it is clear; acknowledging such end-users characteristics and differences will enable them to tackle the uncertainty revolving around the acceptance of technology as studied in the Technology Acceptance Model. Similarly, the gender-differences and age-differences if studied before formulating a marketing plan will pay rich dividend to the efforts of the cloud vendors.

d) Exercising and educating the “Right to Control”: As discovered from the research findings, the right to control and restricting the secondary use of data is one key attribute praised by end-users. The information about who may have access to their data not only gives them a sense of security about their data, it also allows them to protect their personally identified information and exercise their privacy rights. What cloud-vendors ought to do is to educate the end-users about their right to control their data against any secondary use without their knowledge.

- 90 -

8. LIMITATIONS
The limitations of this research have been acknowledged in previous chapter where discussion about the findings has been discussed in detail. There are a few limitations which were identified as the research design was implemented.

a) Identifying the “right amount” of samples, given the time constraint: The primary limitation of this research was identifying sample size which would represent the end-users of Cloud computing. As this technology is gaining popularity, the number of end-users is ever-increasing. Although the survey was released and invitations were send well within the first two months of the commencement of this study, as well as exactly a month being allocated to collect responses, a total of 122 completed responses were obtained, which may seem to be a good amount of responses considering the time-scales of this study. However, if addition time is devoted for a similar study in future, it would represent the right amount of samples representing the research population.

b) Data Sensitivity: This research assumes that end-users regard data as sensitive and non-sensitive data. The bifurcation of data sensitivity is based on their web-usage. For instance, pictures / photos which are normally published on social networking websites are considered to be as non-sensitive data, whilst when a professional who uses a payper-use Cloud based service to backup the organisational data, is considered to be a user of sensitive data. This research does not take into consideration the time effect or the circumstances change consequences. An end-user, for instance; a news reporter may have exclusive pictures to be transmitted using an onlineservice such as Picasa to his colleague for publishing the news, may consider this data as most sensitive. Similarly, after a period of time, the same data may be nonsensitive data if it has been published and available to everyone. Thus, the timeeffect of data sensitivity has a profound impact on the end-users choice.

- 91 -

Considering the same example, if the reporter has been asked to resign from the job before sharing the news and updating his boss about the exclusive pictures being captured and available with them, the data sensitivity also alters due to a change in circumstances.

These limitations are not necessarily criticisms of the research. However, it is methodologically challenging to know the time effect and change in circumstances and what needs to be done about it. For e.g. there may be a possibility of getting the respondents reply on a more sensitive scale like a 1-20 scale other than the 1-5 scale considered in this research. However, even if a participant responds giving a rating of 14 as instead of 15, there needs to be a participation of skilled respondents who can differentiate the difference and reason of selecting a different rating. The analysis of such sensitive scale may also need a highly skilled analyst who may be able to comprehend that all the respondents who have rated 17 on a 20 point scale mean the same thing. In practice, one cannot do it very reliably unless additional time is devoted for increasing the sample size to reduce individual differences. In addition, use of other triangulation measures by collecting data through interviews and focus groups in order to formulate reliable meanings of different scales.

- 92 -

9. AREAS OF FURTHER RESEARCH
As pointed out by the limitations of this research, there is a scope of further research on analysing the data sensitivity factor amongst the end-users. If opportunity presents, I would like to take this research on a more sensitive scale of measuring the sensitivity of data in the minds of end-users. In addition to the sensitivity of data, the fact that 20% of respondents in this research are undecided about no interference with their data for using open-access flexible solutions offered by cloud-vendors is another interesting observation which can be meaningful if these respondents are interviewed or invited to be a part of a focus-group.

Time-effect of data sensitivity is another avenue which is unanswered in this research. However, it has been identified towards the closing stages of this study which shows the way forward. The influence of cost-effectiveness factor in acceptance of technology by end-users can be studied by encouraging the participants to provide their income-levels which were not included in this research, primarily due to which the questionnaire design, explicitly stated “cost-effective” to encourage participants to focus on other factors which influence them in acceptance of technology rather than on costs.

- 93 -

REFERENCES

Agarwal, R., and Prasad, J. (1998) “A Conceptual and Operational Definition of Personal Innovativeness in the Domain of Information Technology”, Information Systems Research (9:2), pp.204-215

Agarwal, R. (1999), “Individual acceptance of information technologies” Accessed On: April 15, 2010 Accessed At: http://www.c4ads.seas.gwu.edu/classes/CSci285_Fall_2004/readings/9/require d/Agarwal_02.pdf

Aley, J (2003), “Qualcomm: Heads We Win, Tails We Win”, Fortune Accessed On: June 17, 2010 Accessed At: http://money.cnn.com/magazines/fortune/fortune_archive/2003/03/03/338374/ index.htm

Bagehi, A. and Atluri (2006), “Information Systems Security”, Second International Conference, ICISS, Springer, India

Bandura, A. (1986) “Social Foundations of Thought and Action: A Social Cognitive Theory”, Prentice Hall, Englewood Cliffs, New Jersey

Bell, J. (2005), “Doing Your Research Project”, 4th Ed., Open University Press, Buckingham

Boynton, A. D., Zmud, R. W., and Jacobs, G. C. (1994) “The Influence of IT Management Practice on IT Use in Large Organizations”, MIS Quarterly (18:3), pp. 299-318

- 94 -

Bryman, A. and Bell, E. (2007), “Business Research Methods”, 2nd Ed., Oxford University Press, Oxford

Brockman, J (2009),“Counting on the cloud to drive computing’s future”, NPR Accessed On: March 9th, 2010 Accessed At - URL: http://www.npr.org/templates/story/story.php?storyId=102453091

Brown, M. (2009), “White Paper : Cloud Computing”, Maximum PC Accessed On: March 6th, 2010 Accessed At - URL: http://www.maximumpc.com/print/5047

Buchanan, D., Boddy, D. and McCalman, J. (1988), “Getting in, getting on, getting out and getting back”, in Bryman, A, “Doing Research in Organisations”, Routledge, pp. 53-67, London

Chesbrough, H., Vanhaverbeke. W. and West, J (2006), “Open Innovation : Researching a New Paradigm”, Oxford University Press, Oxford

Christensen, C.M., (1992), “Exploring the limits of technology S-Curve”, Part 1:Component technologies, Production and Operations Research, Vol.1, No.4, 334ff

Davis, F. D. (1989), “Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology”, MIS Quarterly(13:3), pp. 319-339

Delone, W. H. (1988) “Determinants of Success for Computer Usage in Small Business”, MIS Quarterly (12:1), pp. 51-61

Dillon, W.R., Madden. T.J., and Firtle, N.H. (1993), “Essentials of marketing research”, Irwin, Illinois

- 95 -

Easterby-Smith, M., Thorpe, R. Jackson, P. and Lowe, A.(2008), “Management Research”, 3rd ed., Sage, London

Ettlie, J.E. (2006), “Managing Innovation : New Technology, Products, and New Services in a Global Economy”, 2nd Ed, Butterworth-Heinemann, India

Fishbein, M., and Ajzen, I.(1975), “Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research”, Addison-Wesley, Reading, MA

Fuerst, W. L., and Cheney, P. H. (1982),“Factors Affecting the Perceived Utilization of Computer- Based Decision Support Systems in the Oil Industry”, Decision Sciences (13:4), 1982, pp. 554-569

Fulk, J. (1993), “Social Construction of Communication Technology”, Academy of Management Journal (36:5), pp. 921-950

Gardner, D. (1990), “Are High Technology Products Really Different”, Faculty working paper case #90-1706, University of Illinois, Urabana

Gartner

Press

Release

(2007),

“Gartner

Forecasts

Worldwide

Communications-as-a-Service Revenue to Total $252 Million in 2007”, August 2007 

Goodenough, W.H. (1971), “Culture, Language and Society”, Modular Publications, Reading

Gill, J., and Johnson, P. (2002), “Research Methods for Managers”, 3rd Ed., Sage Publications, London

Getting Creative, Special Report in Business Week (August 1, 2005)

- 96 -

Gralla, P. (2009), “Google Docs Vs Microsoft Office: It’s a matter of trust”, Computer World Accessed On: March 9th, 2010 Accessed At - URL: http://www.computerworld.com/s/article/343002/Google_vs._Microsoft_It_s_ a_Matter_of_Trust

Hoyer, W.D and Maccinis, D.J (2009), “Consumer Behaviour”, 5th Ed., South-Western : Cengage Learning, USA

IDC Enterprise Panel (2008a), “IDC findings”, pp. 154 in Rittinghouse, J.W. and Ransome, J.F. (2010), “Cloud Computing – Implementation, Management and Security”,CRC Press, London

Igbaria, M. (1990), “End-user computing effectiveness: a structural equation model” Omega, 18 (6)

Jacoby, Jacob, Szybillo, G.J. and Berning, C.K. (1976), “Time and Consumer Behavior : An Interdisciplinary Overview”, Journal of Consumer Research, pp 320-339

Jahankhani, H., Hessami, A.G., and Hsu, F (2009), “Global Security, Safety, and Sustainability: 5th International Conference”, London, UK

Jankowicz, A.D. (2005), “Business Research Projects”, 4th Ed., Thomson, London

Kaplan, Jeffrey (2009), “Five myths about SaaS”, CIO Accessed on 10/04/2010 Accessed at: http://cio.com/article/print/486091

- 97 -

Leonard-Barton, D., and Deschamps, I. (1988), "Managerial Influence in the Implementation of New Technology," Management Science (34:10), 1988, pp. 1252-1265

Leonard-Barton, D. (1987), “Implementation of Structured Software Methodologies: A Case of Innovation in Process Technology”, Interfaces (17:3), pp. 6-17

Lewis, W., Agarwal, R. and Sambamurty, V (2003), “Sources of Influence on Beliefs about Information Technology Use : An Empirical Study of Knowledge workers”, MIS Quarterly, Vol. 27, No. 4, pp. 657-663

Linton, R (1945), “The Cultural Background of Personality”, AppletonCentury, New York

March, J. and Simon, H. (1958), “Organisations”, John Wiley & Sons, New York

Mathieson, K. "Predicting User Intentions: Comparing the Technology Acceptance Model with the Theory of Planned Behavior," Information Systems Research (2:3), 1991, pp. 173-191

McBurney, D.H. and White, T.L. (2007), “Research Methods”, 8th Ed., Cengage Learning, Wadsworth

Melone, N. P. (1990), “A theoretical assessment of the user-satisfaction construct in information systems research”, Management Science, 36 (1)

Miles, M.B. and Huberman, A.M. (1994), “Qualitative Data Analysis”, 2nd Ed., Thousand Oaks, Sage, CA

- 98 -

Miller, M. (2009), “Cloud Computing : Web-Based Applications That Change the Way you Work and Collaborate Online”, Que Publishing, USA

Mohr, J., Sengupta, S. and Slater, S. (2005), “Marketing of High-Technology Products and Innovations”, 2nd ed., Pearson Education, New Jersey

Monge et.al (1992); Pennings and Harianto (1992); in Agarwal,R. (1999), “Individual acceptance of information technologies” Accessed On: April 11, 2010 Accessed At: http://www.c4ads.seas.gwu.edu/classes/CSci285_Fall_2004/readings/9/require d/Agarwal_02.pdf

Moore,G . C., and Benbasat, I (1991), "Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation," Information Systems Research (2:3), 1991, pp. 192-222

Moore, G. (2002), “Crossing the Chasm, Marketing and Selling Technology Products to Mainstream Customers”, Harper Business, New York

Moriarty, R. and Thomas, K. (1989), “High-Technology Marketing: Concepts, Continuity and Change”, Sloan Management Review, 30(Summer), pp.7-17

Oppenheim, A.N. (2000), “Questionnaire Design: Interviewing and Attitude Measurement, New Ed., Continuum International, London

Page, C., and Meyer, D. (2000), “Applied research design for business and management”, Irwin, Sydney

Polonsky, M.J. and Waller, D.S. (2004), “Designing and Managing a Research Project: A Business Student’s Guide”, Sage Publications, India

- 99 -

 

Raimond, P. (1993), “Management Projects”, Chapman & Hall, London

Raymond, L. (1988), “The Impact of Computer Training on the Attitudes and Usage Behavior of Small Business Managers” Journal of Small Business Management (26:3), 1988, pp. 8-13

  

Robson, C. (2002), “Real World Research”, 2nd Ed., Blackwell, Oxford

Rogers, C.R. (1961), “On Becoming a Person”, Constable, London

Rogers, E. M. (1995), “Diffusion of Innovations”, 4th ed., Free Press, New York

Rittinghouse, J.W. and Ransome, J.F. (2010), “Cloud Computing – Implementation, Management and Security”, CRC Press, London

Sanders, G. L., and Courtney, J. F. (1985), “A Field Study of Organizational Factors Influencing DSS Success,” MIS Quarterly (9:1), pp. 77-91

Saunders, M., Lewis, P., and Thornhill, A. (2009), “Research Methods for Business Students”, 5th ed., Prentice Hall, London

Sahal, C.(1991), “Patterns of technological innovation”, Addison-Wesley Publishing Company, Inc., Reading

Schmitz, J., (1991), “Organizational Colleagues, Media Richness, and Electronic Mail: A Test of the Social Influence Model of Techno-logy Use”, Communication Research (18:4), pp. 487-523

Sekaran, U. (2003), “Research Methods for Business: A Skill-Building Approach”, 4th Ed., Wiley, New York

- 100 -

Schumpeter, J.A. (1934), “The Theory of Economic Development”, Harvard University Press, Cambridge

Schwartz, Ephraim (2008a), “The dangers of cloud computing”, InfoWorld, Accessed On: 13/06/2010 Accessed At: http://www.infoworld.com/d/cloud-computing/dangers-cloudcomputing-839

Spears, Nancy, Ziaohua, and Mowen, J.C. (2001), “Time Orientations in the United States, China and Mexico: Measurement and Insights of Promotional Strategy”, Journal of International Consumer Marketing, pp. 57-75

Sun Microsystems, June 2009, “Introduction of Cloud Architecture” Whitepaper 1st Edition, USA

TRUSTe Press Release (2008), “Ponemon Institute and TRUSTe Announce Results of Annual Most Trusted Companies for Privacy Survey” Accessed On: 11/04/2010 Accessed At: http://www.truste.com/about_TRUSTe/pressroom/news_truste_ponemon_name_trusted_companies_08.html

Tranfield, D., Denyer, D. and Smart, P. (2003), “Towards a methodology for developing evidence-informed management knowledge by means of systematic review”, British Journal of Management, Vol 14, No.3, pp. 207-222

Usunier, J. and Lee, J.A. (2009), “Marketing Across Cultures”, 5th ed., Prentice Hall, Harlow

Velte, A.T., Velte, T.J., and Elsenpeter, R. (2010), “Cloud Computing : A Practical Approach”, McGraw-Hill, USA

- 101 -

Venkatesh, V., Morris, M.G., Davis, G.B. and Davis, F.D. (2003), “User Acceptance of Information Technology”, MIS Quarterly, Vol. 27, No. 3, pp 425 – 478

Weller, S.C., and Romney, A.K.(1988), “Systematic data collection”, Sage Publications, Newbury Park, CA

Witmer, D.F., Colman, R.W., and Katzman, S.L. (1999), “From paper and pen to screen and keyboard: Towards a methodology for survey research on the Internet, in S. Jones(ed.) “Doing Internet Research, Thousand Oaks, Sage, CA, pp. 145-62

Worthen, Ben and Jessica E. Vascellaro (2009), “Gmail glitch shows pitfalls: Failure spurs concern over reliability of online software”, The Wall Street Journal. Accessed On April 10, 2010 Accessed At: http://online.wsj.com/article/SB123561652440078567.html

Wyld, D.C. (2009), “Moving to the Cloud: An Introduction to Cloud Computing in Government”, Reports on IBM Center for the Business of Government, Washington, DC

- 102 -

APPENDICES
QUESTIONNAIRE FOR END-USERS

My name is Rajiv Uttamchandani, an international student pursuing my Master in Business Administration – (Marketing) from the University of Wales Lampeter. It is my pleasure to invite you to participate in resolving a business problem in the technology sector through your valuable feedback. A blend of technology and marketing is essence of this research which aims to study Data Security and Privacy challenges from an end-user perspective in acceptance of Cloud Computing technology which is a major marketing challenge for Data Storage companies to switch from Desktop computing to Cloud Computing. Your participation in this survey is completely voluntary, thereby providing you the right to say no or you may wish to withdraw at any time. If you have any queries, concerns, suggestions or questions about this study you may wish to contact, anonymously if you wish

About Yourself: A set of preliminary questions. Please tick the appropriate answer 1. E-mail Address 2. Please select your Age-group [ ] 17 / Under [ ] 18 – 29 years [ ] 30 – 49 years [ ] 50 – 64 years [ ] 65 and above 3. Gender [ ] Male [ ] Female 4. Your Ethnic background [ ] White – British [ ] White – Other [ ] African [ ] Chinese [ ] Hispanic Please specify ___________ 5. Your First Language __________________ [ ] Brazilian [ ] Indian [ ] Asian [ ] American [ ] Not mentioned – Others

- 103 -

About Technology Awareness & Acceptance

Q6) Have you come across the term “Cloud Computing” or ever used such technology? (Single choice) [ ] Yes – I am aware about it and use it quite oftenly – Informed user [ ] No – I am not aware or used this technology – Unaware user [ ] May be – I have heard the term, but not sure what it is exactly– Aware user

Q7) Select all the web-based services you use when online? (Multiple choice – Select all possible options) [ ] Web e-mail services such as Hotmail, G-mail, Yahoo Mail [ ] Store pictures / photos [ ] Store videos [ ] Web applications such as Google Docs [ ] Pay-and-use services to store your or your organisation data online [ ] Back-up your hard-drive to an online web-site NOTE: Using any of the above services is an indicator that you are using the Cloud technology, knowingly or unknowingly Q8) When you hear about a new technology, you first consider? (Multiple choice – Select all possible options) [ ] Whether it is suitable to your needs [ ] Whether it is compatible with industry standards [ ] Whether new technology will deliver as promised [ ] Whether it is relatively advantageous than the previous option [ ] Whether trial option will be offered to you to try and test it [ ] Whether there are visible results seen already [ ] Whether Post-sales services will be offered

- 104 -

[ ] Whether any un-anticipated / side-effects of the new technology are looked upon by the service-provider Q9) What describes you best amongst the following options in reference to adaptation to new technology? (Single choice answer) [ ] Person who is an initiator, risk-taking, ready to change from current practices [ ] An opinion leader, ready to try out new ideas (technology) before others do [ ] Person who is thoughtful, careful but accepts changes more swiftly then others [ ] A skeptical person who will use technology only after majority is using it [ ] Traditional person who will accept technology once it has become mainstream and universally used

Q10) Which of the following factors influence you most in accepting / rejecting a new technology? (Multiple choice answer)

[ ] Proper training, knowledge and support from your organisation [ ] Peers / Colleagues / Other’s point of view – Social group’s acceptance [ ] Long-term benefits associated with it [ ] Ability to use the technology [ ] Status symbol or Brand Image in using it [ ] All of the above

About Security & Privacy Q 11. Consider the two cases below: Case 1: Organisations allow you to use their web-applications for various different purposes, e.g. storing millions of images and share them on Picasa, or uploading personal photos on social networking website such as Facebook, thereby allowing you to use their data storage infrastructure with minimal or no cost Case 2: The data which you actually stored, resides on a physical location unknown to most data storage companies through Cloud service-providers where such data can be shared or hacked by expert hackers

- 105 -

On a rating of 1-5, where 1 is Completely Disagree and 5 is Completely Agree, select the option what you believe you would be most appropriate according to you while considering using storage services [ ] You will use open-access and flexible data storage facility with minimal or no cost to store your data which is accessible everywhere through internet which may be at cost of taking risks where it may be shared to unknown users [ ] You will want no interference with personal photos and documents for benefits such as free storage space, rather prefer to send physical hard-copies to ensure complete data-security [ ] You will continue to use their web-space as it offers ease in uploading pictures preferred through such web-services rather than using other modes of transferring or sharing pictures [ ] You will observe others experiences and feel secured about such risks and continue to use such services without being concerned about it

Q12) On visiting websites, they may collect and store your personal information to let you access their services, For e.g. Accessing information about air-tickets, etc. According to you as an end-user, if given a choice what privacy measures will you impose to protect your identity ? (Multiple Choice) [ ] To enforce Data Protection Requirement Regulation –i.e. to consider who is the data owner, data holder and whether privacy laws are in place [ ] To disclose who may access your personal information entered – Right to control [ ] To restrict secondary use of the information entered by any other source so that if you enter details on website, its is not shared with another organisation

[ ] To identify whether websites visited, have either collected, stored, and possibly sharing personal information [ ] To issue Digital certificates issued to websites for organisations as authorised holders of information [ ] To impose Inference and Linking attacks protection – ensuring that information released or submitted in the web-page is not open to attacks to infer data

- 106 -

Q13) When adopting to a Cloud solution, or using cloud web-services what according to you as a user, if given a choice what security measures will you add to your wish-list? (Multiple Choice) [ ] Using these applications and services on a familiar platform such as Windows OS, Linux OS or Apple OS [ ] Complete knowledge about infrastructure, i.e. hardware used, the systems [ ] Location of where your data is store [ ] Control on secondary usage – to ensure the information entered on the website once is not used again by some other source without your knowledge [ ] Use of encryption techniques – to encode your data to add an additional layer of security in case the cloud vendors security is hacked [ ] Use of Authentication Processes – through Open-source software’s to create username and password [ ] Authorization practices – to create lists of people who are authorised to access information

- 107 -

RECORD OF MEETINGS
Date: 23/02/2010 Summary of Discussion: Discussion of topic in forms of groups. Motivation or Rationale of the topic Work required by next meeting: Refine literature about security Read about Companies / Consumer perspective about confidentiality Cultural dimensions More sharply defined research questions Date of next meeting: 02/03/2010 Date: 02/03/2010 Summary of Discussion: Research Questions discussed Research Design almost ready Both of which are approved

Work required by next meeting: Further reading for literature review and drafting the introduction

Date of next meeting: 09/03/2010 Date: 09/03/2010 Summary of Discussion: Introduction draft Structure discussed

Work required by next meeting: Group the literature review in key things How do they intersect? Finding issues and areas of interesting Research Design Date of next meeting: Undecided. Will correspond through an e-mail depending upon literature review

- 108 -

Date: 23-03-2010 Summary of Discussion: Literature Review structure discussed Literature includes key points such as Technological changes and its effects, New Cloud Model, Role of Open Source software in Cloud computing, Virtualisation and the challenges such as Security, Privacy from an end-user perspective and standardisation from an commercial organisation perspective Work required by next meeting: Find out the challenges for marketing: Literature about marketing things which consumers may not necessarily understand or feel suspicious about buying. See if we can answer question 4, 5, 6 and 7 of the research design proposal template Date of next meeting: 06/04/2010 Date: 06-04-2010 Summary of Discussion: Marketing theories discussed related to marketing of new technology Answers to Research Design questions being shared

Work required by next meeting: Completing Literature Review Finding the access to end-users as to how it will be established Date of next meeting: 13/04/2010 Date: 13-04-2010 Summary of Discussion: Literature draft Method of getting access

Work required by next meeting: Including cultural dimensions in literature Preparing the questionnaire before starting with the field work Date of next meeting: 20/04/2010

- 109 -

Date: 20-04-2010 Summary of Discussion: Questionnaire discussed and approved for pilot testing on CTL staff and end-users Literature approved

Work required by next meeting: To come back with the survey results of the pilot testing for 10 days between now till the next meeting Date of next meeting: 30/04/2010

Date: 30-04-2010 Summary of Discussion: Summary of the pilot testing and the survey results obtained during those 10 days. Reasons discussed why the respondents may be attempting the survey partially and how to encourage more responses

Work required by next meeting: Conduct primary research and obtain responses. Write methodology which has been on-going and discussed verbally with the tutor

Date of next meeting: 19/05/2010

Date: 19-05-2010 Summary of Discussion: Responses obtained up to this point were shared with the tutor. End date for data collection was decided i.e. 21/05/2010 giving a month for data collection

Work required by next meeting: To finish the primary research work and move on to the next phase of report-writing by writing the findings and focus on the meet with Dr. Jill Venus

Date of next meeting: 25/05/2010

- 110 -

Date: 25-05-2010 – (Meeting with Dr. Jill Venus) Summary of Discussion: Description of the research in brief. Research Methods, Data Analysis techniques, Tools such as webinar’s, cross-tabs, filters, excel spreadsheets were some of the areas of research design which were discussed followed by planning the road ahead

Work required by next meeting: To continue with the data analysis & reportwriting.

Date of next meeting: TBA (To-be-Announced), E-mail responses henceforth

Date: 09-06-2010 Summary of Discussion: Discussed the chapter on Discussion & Analysis which was sent to the tutor through an e-mail earlier. The rough draft on conclusion was presented for approval. Plan ahead for recommendations and areas for further research was also a part of this meeting

Work required by next meeting: To finish the concluding chapters and create a final draft for proof reading. This may be the last meeting, hence no date has been finalised for further meetings.

- 111 -