Skip navigation

Cloud security, emotions and diffusion of innovation – a neoinstitutional-behavioural approach on decision-making on cloud adoption in SMBs

Cloud security, emotions and diffusion of innovation – a neoinstitutional-behavioural approach on decision-making on cloud adoption in SMBs

Kristandl, Gerhard (2017) Cloud security, emotions and diffusion of innovation – a neoinstitutional-behavioural approach on decision-making on cloud adoption in SMBs. [Working Paper] (Unpublished)

[img] PDF (Author Draft Manuscript)
16348 KRISTANDL_Cloud_Security_Emotions_&_Diffusion_of_Innovation_2017.pdf - Draft Version
Restricted to Registered users only

Download (800kB) | Request a copy

Abstract

Cloud computing is often claimed to become a major enabling and disruptive innovation for businesses. As business functions and data are being moved outside the traditional boundaries of companies (Blandford 2011), cloud providers assert that this new way of computing can enable especially small and medium-sized businesses (SMBs) to access information technology that has hitherto been inaccessible to them. In the nascent cloud industry, change agents such as cloud providers and business partners aim to convince decision-makers in SMBs that storing and processing their data off their premises will level the playing field in terms of IT, data processing, and as such, decision-making.

Considering its purported benefits, it comes as a surprise that studies about cloud adoption have found the diffusion of this new technology among SMBs to be relatively slow and cautious (Strauss et al 2015; Bean 2011). A main factor might be the perception that sensitive data and functions are not secure when moved to the Internet, and anybody with adequate technical skills could easily access it. Such a perception may be exacerbated by data leak scandals like the iCloud celebrity photo hack (BBC 2014) or Sony’s loss of sensitive customer data (The Telegraph 2014). Similar security breaches like these often lead to widespread negative media coverage, seemingly influencing decision-makers not to adopt the cloud – security concerns about the cloud typically feature on top of the main reasons for businesses not to adopt the cloud.

Grounded in New Institutional Sociology (NIS) and Rogers’ (1983) Diffusion of Innovation theory, this paper aims to explain this phenomenon by depicting cloud technology as an innovation that - despite a strong supply-driven effort by cloud providers – is adopted at a rate that is slower than expected by peers (e.g. Bitkom 2014, 2015). In this context, the cloud industry is portrayed as nascent institutional field that has not yet reached a stable institutional equilibrium in terms of rules, norms and taken-for-granted practices like in more mature, established industries (Kshetri 2013; Scott 2008). It appears that due to this seeming absence of established rules and norms, decision-makers in SMBs become more impressionable by and vulnerable to widespread media coverage emphasising the negative aspects of moving data to the “cloud”. By drawing on and combining Heikkila and Isett’s (2003) institutional decision-making model and Loewenstein et al.’s (2001) risk-as-feelings hypothesis, it becomes possible to illustrate this vulnerability of the decision process about cloud adoption to emotions of risk and dread, invoked by negative news about this technology. Through mimetic isomorphism (Scott 2008), SMBs then seek to legitimize their decision not to adopt the cloud, thus linking the micro-perspective from SMBs to the macro-implications of the entire cloud industry. Therefore, this paper follows up on Lounsbury’s (2008) criticism of NIS not taking micro-processes (such as decision-making) and resulting divergences in practice into account.

Item Type: Working Paper
Uncontrolled Keywords: NIS; Cloud Computing
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / Department / Research Group: Faculty of Business
Faculty of Business > Department of Accounting & Finance
Last Modified: 14 Apr 2017 13:51
Selected for GREAT 2016: None
Selected for GREAT 2017: GREAT c
Selected for GREAT 2018: None
URI: http://gala.gre.ac.uk/id/eprint/16348

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics