Andree E. Widjaja Jengchung Victor Chen

Transcription

1 Andree E. Widjaja Jengchung Victor Chen Institute of International Management National Cheng Kung University, Tainan, Taiwan Andree/Victor 1

2 Agenda Introduction Cloud Computing Information Security and Privacy issues Study Objective and Research Questions Theoretical Framework Research Model and Hypotheses Research Methodology Questionnaires Design Data analysis Discussion & Conclusion Andree/Victor 2

3 Introduction Cloud Computing is one of the most promising technology in computing today that represents Information technology (IT) efficiency and Business Agility Trend of using Cloud Computing has become more popular. Cloud Computing Providers (CCP) target a variety of end users from software developers to the general public on every level For example, You Tube and Google docs Andree/Victor 3

4 Introduction You Tube or Google docs is Cloud Computing since the operations, executions, and users data are stored in remote servers. Users can access their servers through high speed networks, e.g. the Internet Advantages of Cloud Computing: Cutting edge of Computing Technology Strong Computing Powers Flexibilities (scalable hardware and software resources) Cost Saving (no longer need huge IT investment) Andree/Victor 4

5 Cloud Computing Information Security and Privacy Issues Organizations or users who use Cloud Computing service tend to be critically examine information security and confidentially (privacy) issues Guaranteeing the security data in the cloud is difficult since the provider provide different services and each services has its own security issues Having security and privacy requirements is a must for every CCP in order to mitigate various threats Andree/Victor 5

6 Cloud Computing Information Security and Privacy Issues Security technology (technically) itself may not enough, thus CCP should establish a robust set of policies and protocols to guarantee the security and privacy rights on cloud environment However, there are still great risks, particularly in information security and privacy A recent survey conducted by International Data Cooperation (IDC) revealed the main concern in using Cloud Computing service, almost 75% of respondents were worried about security issues Andree/Victor 6

7 Cloud Computing Information Security and Privacy Issues Complaint with US federal trade commission (FTC) about security standards or Google Cloud Computing Does not provide encryption for the information stored in their servers Most relevant threats in Cloud Computing: Abuse and nefarious use Account and service hijacking (Phising, fraud, etc) Unknown security profile Though CCP acknowledge the Information security and privacy policies, there is still vague understanding on how this policy could totally guarantee the users Andree/Victor 7

8 Study Objective There are recent research in discussing Cloud Computing architectures, applications, advantages, risks, etc. However, there are still few studies to explore Cloud Computing in relations to the Information Security and Privacy from end users perspective This study main objective: to consider users Information Security and Privacy concerns, and how these concerns would affect their trust, then the attitude and intention to use Cloud Computing Andree/Victor 8

9 Research Question How users Information Security and Privacy concerns would affect users trust, attitude and the intention to use Cloud Computing? Andree/Victor 9

10 Theoretical Framework Cloud Computing Definition Technical arrangement which users stored their data in the remote servers and operated computers under control of other parties (CCP), and rely on software applications executed and stored somewhere else (Svantesson and Clarke, 2010) Analogy of Monitor and Servers Andree/Victor 10

11 Theoretical Framework Theory of Reasoned Action (TRA) will be used to explain the attitude and intention to use Cloud Computing service TRA based on social psychology field concerned with the determinants of consciously intended behavior (Ajzen & Fishbein) 3 constructs Attitude Subjective Norm (influence of others) Behavioral Intention Andree/Victor 11

12 Theoretical Framework Contract Based Ethical Theory derived from social contract-theory which emphasizes criteria involving explicit social contracts and individual rights In social contracts theory, a moral system comes into being by virtue of certain contractual agreements between individual Contract CCP Information Security and Privacy Policy By complying the contract would directly lead to CCP good ethical conduct no harm to users Andree/Victor 12

13 Hypotheses development Attitude and Behavioral Intention Based on TRA, person s specified behavior is determined by their behavior and it is jointly determined by the person s attitude and subjective norm Attitudinal components will have an effect on behavioral intention Attitude is defined as users attitude toward Cloud Computing, Behavior is defined as Intention to use Cloud Computing H1: Attitude would positively influence behavioral intention to use Cloud Computing service. Andree/Victor 13

14 Hypotheses development Trust In this study, trust is referred as the attitudinal component in TRA If users trust the CCP, they would have positive attitude toward Cloud Computing as they believe CCP are able to deliver trusted services possible by fully complying to their Information Security and Privacy policies H2: Trust in CCP would positively affect users attitudes in using Cloud Computing services. Andree/Victor 14

15 Hypotheses development Concern for Information Privacy (CFIP) CFIP has emerged when individual has lost control over their information Lots of previous study found, CFIP has closed relation with Trust This relation is negative, since the higher users CFIP, the less users trust H3: Concerns for Information Privacy would negatively affect users trust in using Cloud Computing services Andree/Victor 15

16 Hypotheses development General Information Security and Privacy Awareness (GISPA) Defined as general knowledge understanding of potential issues related to Information Security and Privacy and their ramifications GISPA can be viewed as knowing something from personal experiences or external sources High GISPA would cause users to have higher privacy concerns, and influence negative attitude H4: General Information Security and Privacy Awareness (GISPA) would positively affect Concern for Information Privacy in using Cloud computing services. H5: General Information Security and Privacy Awareness (GISPA) would negatively affect users Attitude in using Cloud computing services. Andree/Victor 16

17 Hypotheses development Information Security and Privacy Policies Awareness (ISPPA) Defined as users knowledge and understanding of the policies, rules, or agreements prescribed by particular CCP in using their services Users who know better ISPPA would have less concerns for information privacy, and would influence users positive attitude towards Cloud Computing H6: Information Security and Privacy Policies Awareness (ISPPA) would negatively affect Concern for Information Privacy in using cloud computing services H7: Information Security and Privacy Policies Awareness (ISPPA) would positively affect Users Attitude in using Cloud computing services. Andree/Victor 17

18 Hypotheses development Subjective Norm Can be derived from beliefs of what others think, what experts think, and motivation to comply with others (Ajzen & Fishbein, 1980) This study conceptualized as the influence of friends, experts, and general other people Subjective Norm would influence the behavioral intention in using Cloud Computing in many ways positive or negative H8: Subjective norm would positively affect behavioral Intention to use Cloud Computing service Andree/Victor 18

19 Hypotheses development By seeing users, whether their friends, expert, or general users use the service, users would have tendency to become more trust (or distrust) in using Cloud Computing service. H9: Subjective norm would positively affect users trust in using Cloud Computing services. Andree/Victor 19

20 Research Model Andree/Victor 20

21 Research Methodology Online survey Measurement items were adapted from previous studies Target respondents are all users who have used or heard about Cloud Computing Demographic variables included: Gender, age, IT knowledge, IT previous education, nationality, current occupation, type of CCP, name of CCP Partial Least Square (PLS) was used for data analysis (using Smart PLS 2.0) Andree/Victor 21

22 Questionnaire items There are 7 adapted questionnaires items Intention to use (Ajzen & Fishbein, 1980) 3 items Attitude (Ajzen & Fishbein, 1980) 4 items Trust (Cheung & Lee, 2001) 9 items Concern for Information Privacy (Smith, 1996) 15 items GISPA (Bulgurcu, 2010) 3 items ISPPA (Bulgurcu, 2010) 3 items Subjective Norm (Ajzen & Fishbein, 1980) 3 items All items are specifically modified to suit this study Andree/Victor 22

23 Data analysis - Demographic 201 respondents students (under & grad) Andree/Victor 23

24 Data analysis Descriptive statistic Andree/Victor 24

25 Data analysis cross factor loading Andree/Victor 25

26 Data analysis PLS result (smart pls 2.0) Andree/Victor 26

27 Discussion The PLS result showed two unsupported hypotheses (H4 and H5) due to very low t-value in boot strapping procedure, one partially supported (H7) The rest hypotheses are strongly supported due to the t-value significant level (H1, H2, H3, H6, H8, and H9) TRA has been proven successful to predict the intention to use Cloud Computing service through attitude and subjective norm Andree/Victor 27

28 Discussion Trust is important for users perspective in the context of using Cloud Computing service. Meanwhile, trust also has positive significant effect toward the attitude The trust is greatly influenced by CFIP. The path shows negative relationship between CFIP and trust. The result is strongly consistent with most of the CFIP and trust related studies (Eastlick et al., 2006; Kim, 2008) As hypothesized, the more we are aware in ISSPA, the less we concern about information privacy in using Cloud computing service, and vice versa. This result would confirm that users do care about the policies prescribed by CCP GISPA doesn t have any significant relationship neither to CFIP nor attitude. This result is quite surprising Don t have adequate knowledge may not care too much Andree/Victor 28

29 Conclusion This study empirically showed the model of Information Security and Privacy in using Cloud computing service from the end users subjective perspective This study may become the basic foundation of further study in Information security and privacy within the context of specific use of Cloud Computing service Andree/Victor 29

30 Thank You for Listening Q&A and Discussion Andree/Victor 30