Critical Factors of Cloud Computing Adoption in Organizations: An Empirical Study

Abstract

Using extended Technology Acceptance Model (TAM), this study attempts to assess empirically crucial factors affecting cloud computing adoption intentions. It explores security, availability and compliance-related challenges in cloud computing and makes the necessary recommendation which can help to mitigate the risk in cloud computing. A framework was developed to test the effect of security, availability of cloud service provider and compliance-related factors on cloud computing adoption intentions mediated by perceived ease of use (PEOU) and perceived usefulness (PU). A questionnaire for the factors was developed to collect the data from 280 companies in information technology, manufacturing and finance sectors in India. The data was analyzed using exploratory and confirmatory factor analyses. Further, structural equation modelling using AMOS 20.0 was used to test the proposed model. The empirical results show that cloud computing adoption intention is determined by PU and PEOU. Further, PU is found to be significantly influenced by PEOU. Risk as well as availability and support are found to be significant on PEOU. In addition, threat, risk, vulnerability and compliance are found to be significant on PU. The model can be used as a guideline to ensure a positive outcome of the cloud computing adoption in organizations. The findings offer cloud computing users with a better understanding of how security, availability of cloud service provider and compliance-related factors affect cloud computing adoption intentions. It also provides relevant recommendations to achieve conducive implementation environment for cloud computing adoption. This study is an attempt to explore and develop model for cloud computing adoption intentions that was theoretically grounded in the TAM.

Keywords

TAM cloud computing cloud computing adoption threat risk vulnerability availability and support compliance

Introduction

Cloud computing is identified as the first among the top 10 most important technologies at present having a better prospect for organizations in future (Gartner, 2011). It is a cost-effective solution to ease organizational needs and to accomplish their business objectives. It offers a flexible, cost-effective and proven delivery platform for providing information technology (IT) services to organizations over the Internet (Hasizume et al., 2013). Though the term cloud computing raises confusion for its wide range of services, it is in general a kind of computing that offers scalable, adaptable and elastic IT capabilities as a service on lease to the organizations by third-party providers who own the infrastructure related to IT. While the adoption of cloud computing in organizations is important to achieve potential gains from strategic and operational advantages of cloud computing, its adoption is not as fast as expected (Banerjee, 2009; Buyya, Yeo, Venugopa, Broberg & Brandic, 2009; Goscinski & Brock, 2010; Wu, 2011). Thus, the IT adoption literature needs to focus upon explaining diffusion and adoption of cloud computing that enriches our understanding of the factors affecting cloud computing adoption decisions in organizations.

In context of cloud computing adoption, it is important to notice that beyond several advantages of cloud computing, it is associated with an added level of risk. The associated risks arise from the essential services outsourced to a third party and hence require attentions towards data security and privacy, data and service availability and compliance-related issues (Hasizume et al., 2013). Further, adoption of cloud computing also demand proper planning and understanding of emerging risks, threats, vulnerabilities and possible countermeasures (Bisong & Rahman, 2011). It sturdily shifts the emphasis from static and stand-alone application silos to dynamic, collaborative, dynamic and shared environments. That is, there will be more purposeful collaboration and more intensive resource sharing. At present, many forward-thinking enterprises are using cloud concepts, technologies, infrastructures and services in order to achieve business transformation, automation, resiliency and optimization. The cloud services offer an opportunity to take advantage of the scalability, agility and automated management of the cloud by essentially renting computing resources and avoiding costly hardware expenditures. However, security and compliance are serious issues with cloud computing adoption. Concerns about reliability and availability also hinder corporate adoption of clouds services. So, the motivation of the article is to discuss security concerns, and concerns of reliability and compliance in cloud computing.

With the increase in complexity of ITs in terms of their functionality and re-engineering of organizational boundaries in their implementation process, a need to examine and extend Technology Acceptance Model (TAM) in a complex IT setting is advocated in the literature (Igbaria & Tan, 1997; Lucas & Spitler, 1999). In addition, Legris, Ingham and Collerette (2003) foresaw the benefits of conducting TAM-based studies in a business environment. So, this study examines TAM within a real business environment and extends it using key variables related to cloud computing adoption. In this direction, this study makes an attempt to review articles on technology adoption, and acknowledges greater significance of TAM. TAM facilitates understanding factors that impact adoption intention and further improves the efficiency and effectiveness of cloud computing adoption in organizations. Though TAM is known as a widely accepted model to explain technology adoption, it does not include and consider some important factors, such as security, reliability and compliance. So, in the context of adoption phase of cloud computing, it develops and tests extension of TAM using the set of cloud computing specific variables. It examined how security issues along with the availability and compliance impact the core TAM variables in the context of cloud computing. The article further discusses necessary initiatives to meet aforementioned cloud computing adoption-related challenges.

Literature Review

The Concept of Cloud Computing and Prior Research on Cloud Computing Adoption

The frequently quoted National Institute of Standards and Technology (NIST) definition of cloud computing is: ‘Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.’ Conceptually, in cloud computing, everything is assumed as a service (XaaS), such as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) (Rimal, Jukam, Katsaros & Goeleven, 2011). The authors explain SaaS as a multitenant platform which uses common resources and a single instance of both the object code of an application as well as the underlying database to support multiple customers simultaneously. PaaS provides developers with a platform including all the systems and environments comprising the end-to-end life cycle of developing, testing, deploying and hosting of sophisticated web applications as a service delivered by a cloud-based platform. IaaS may include complete computing hardware, such as computing servers or server clusters. Specific computing elements are targeted as well, such as central processing unit time of high-performance computing systems (Geczy, Izumi & Kôiti, 2012).

In technology adoption literature, several attempts are made to understand cloud computing adoption using different traditional adoption frameworks such as Technology–Organization–Environment (TOE) framework used by Alshamaila, Papagiannidis and Li (2013) and Low, Chen and Wu (2011), and TAM used by Wu (2011). These studies recognized relevance of relative advantage, uncertainty, geo-restriction, compatibility, trialability, firm size, top management support, prior experience, innovativeness, industry, market scope, supplier efforts, external competing support, security and trust, perceived benefits, social influence and trading partner pressure in cloud computing adoption. Further, there are a number of potential risks and challenges associated with cloud computing such as security, service availability, performance, higher costs (when compared to on-premise implementation) associated with the subscription model, lack of interoperability standards, data lock-in, difficult integration with on-premise applications and limited customization facilities (Feuerlicht & Govardhan, 2010). Unawareness, high price, security issues, IT governance issues, loss of control, lack of relevant services, availability issues, bandwidth issues, legal issues and dependence on external provider have emerged as barriers of cloud computing adoption (Feuerlicht, Burkon & Sebesta, 2011). Thus, it can be inferred that it is important to address the impact of specific aspects of security and cloud service provider-related issues in adoption of cloud computing. This sets the objective for this study.

Technology Acceptance Model

Proposed by Davis (1989), most of the studies have found TAM as the valid, robust and most dominant model to explain the technology adoption at organizational levels (King & He, 2006). It explains much of the variance in users’ behavioural intention related to IT adoption and usage across a wide variety of contexts (Hong, Thong & Tam, 2006). It predicts a user’s acceptance of IT and its usage on the job (Au & Zafar, 2008) and explains the determinants of user acceptance of a wide range of end-user computing technologies (Davis, 1986). Critical reviews of studies on TAM by several researchers have yielded that TAM and its modified versions have gained substantial theoretical and empirical support over a period of time and hence are most widely used by information security (IS) researchers over alternative models (Amoako-Gyampah & Salam, 2004; Hong et al., 2006; Legris et al., 2003).

Determinants of TAM

Technology Acceptance Model seeks to explain the relationship between organization’s technological acceptance and adoption and subsequently, their behavioural intention to use it (Autry, Grawe, Daugherty & Richey, 2010). It is advocated as an intention-based model which stipulates that the intention to adopt a technology is a good predictor of its actual usage (Hong et al., 2006). It poises the perceived usefulness (PU) and perceived ease of use (PEOU) as primary determinants of system use (Au & Zafar, 2008; Chen and Tan, 2004). PU is defined as ‘the prospective user’s subjective probability that using a specific application system will increase his or her job performance within an organisational context’, and PEOU refers to ‘the degree to which the prospective user expects the target system to be free of effort’ (Davis, 1989). The model also suggests that PEOU influences PU, because technologies that are easy to use can be more useful (Schillewaert, Ahearne, Frambach & Moenaert, 2005). This has been proved by repeated testing of TAM which shows that these two variables consistently explain 40 per cent of the variance in individuals’ intention to use (acceptance) and subsequent implementation (adoption) of a technology (Autry et al., 2010).

Need for Extending TAM

Nevertheless, TAM has been found with certain limitations. It contains restricted constructs and thus cannot handle the issue of adopting new services or solutions (Wu, 2011). In addition, it is known for its limited possibility of explanation and prediction, triviality and lack of practical value (Garaca, 2011). Hence, there is a scope of investigating role of certain other variables. In addition, Legris et al. (2003) highlighted that TAM-based empirical studies do not produce totally consistent or clear results; hence, significant factors are needed to be identified and included in the models. This clearly indicates the need of extending TAM using context-specific variables.

Cloud Computing Concerns

Since the development of the concept of cloud computing, security has been an issue of concern to accelerate the growth of the technology (Mujinga & Chipangura, 2011). Security is seen as data confidentiality, auditability, loss of data, data storage security, data transmission security and breach of privacy in the business operations (Armbrust et al., 2010; Bhasin, 2006; Gupta & Sareen, 2001; Bristow, Dodds, Northam & Plugge, 2010). Security concern is high in case of cloud computing because the data placed is easy to locate, to send across the communication channels of different countries, where data privacy laws are potentially different, and therefore have chances to get the potentially sensitive data exposed to the snooping eyes of unauthorized individual’s sense (Tout, Sverdlik & Lawver, 2009).

Before implementing cloud computing in an organization, it is necessary to understand emerging security risks, security threats, vulnerabilities and possible countermeasures. Bamiah and Brohi (2011) highlighted upon the possible threats and vulnerabilities that may lead to data loss and misuse for an organization. So, organizations need to consider several issues while selecting their service providers for cloud services. For example, they should evaluate their providers based on powerful and trusted security polices and efficient techniques for securing their data on cloud (Bamiah & Brohi, 2011). In addition, they should select those providers who comply with various laws ensuring security of their data, applications and computing resources. In other words, they should consider possible security-related issues and be careful from the side of cloud service providers. Bisong and Rahman (2011) discussed security risks such as privacy, loss of control, security of data, so organizations that are planning to move to cloud are required to be fully aware about the issues in order to develop compensating controls or to define use cases that contain an acceptable level of risk. Kim and Suwon (2009) elaborated upon concerns such as risk- and privacy-related issues, and vender-based support-, availability- and compliance-related issues. Further, Bisong and Rahman (2011) raised the issues related to potential lack of control and transparency when a third party holds the data, and their legal implications. Thus, in this article, we have discussed threats, risks and vulnerabilities to analyze organizations’ suitability before implementing cloud computing in organizations. In other words, with reference to Kim and Suwon (2009), Bisong and Rahman (2011) and Chow et al. (2009), the study proposes security and third-party control as external variables to TAM.

Research Model and Hypotheses

Earlier studies on TAM have advocated the importance of extended TAM to show how the models are useful in explaining how and why users of technologies make decisions to adopt technology in their workplace (Wu, 2011). Still, there is a need to develop an extended model that involves certain crucial constructs such as security, compliance and availability in TAM to make it more effective in technology adoption context. In numerous studies, for example, IDC’s 2008 Cloud Services User Survey, Kim and Suwon (2009), Hasizume et al. (2013) and Geczy et al. (2012), authors reported that:

security as one of the major challenges for cloud users;

availability and performance is a broader concern about cloud services dependability and consistent availability of services; and

cloud compliance issues arise as soon as you make use of cloud storage or backup services.

By moving data from your internal storage to someone else’s, you are forced to examine closely how that data will be kept so that you remain compliant with laws and industry regulations.

In reference to these challenges, there is an apparent need to develop an integrated model that combines TAM-related theories with constructs such as security, availability and compliance in the cloud computing adoption context. Further security concern includes threat, risk and vulnerability. The built-in core component common to all modifications of TAM consists of three constructs: PU, PEOU and adoption intention (George & Gireesh Kumar, 2013; King & He, 2006; Wu, 2011) out of which in the core part, adoption intention is affected by both PU and PEOU, while PU is influenced by PEOU. The study adopts the path of altering external antecedents which include external variables to PU and PEOU which has direct impact on adoption as well as PEOU has a direct effect on PU. So, proposed hypotheses are: PU has a positive effect on adoption; PEOU has a positive effect on adoption; and PEOU has a positive effect on PU.

Further, following variables were identified from literature on cloud computing which are used as external antecedents to the two core constructs of TAM (Figure 1).

Security Threats

However, cloud computing is still in its initial stages of development so it suffers from various threats that prevent the users from trusting it. Various malicious activities from illegal users have threatened this technology such as data misuse, inflexible access control and limited monitoring. The occurrence of these threats may result in damage or illegal access of critical and confidential data of users. This research article describes the understanding of these security threats and enlightens steps that an enterprise can take to encounter these security threats.

Figure 1.

Source: Extended TAM Model Based on Davis (1986).

The Cloud Security Alliance (2010) identified the flowing seven major threats are abuse and nefarious use of cloud computing, insecure application programming interfaces, malicious insiders, shared technology vulnerabilities, data loss/leakage, account, service and traffic hijacking and unknown risk profile. These threats are related to computer and network intrusions or attacks. Certain other threats include the loss of physical control of the data, lack of standards, security, regulation at the local, national and international level and insufficient uptime for mission-critical applications for large organizations. According to Chow et al. (2009), cloud service providers encounter these threats by matured and tested security measures and processes as well as by preferring to enforce security via contracts with online service providers over via internal controls. Thus, the avoidance of security threats will improve PU and is hypothesized as: threat has a negative effect on perceived usefulness; and threat has a negative effect on perceived ease of use.

Security Risks

Security risk is the possibility of a threat agent taking advantage of vulnerability and the corresponding business environment. A control is usually put into place to mitigate the potential risk. A control may be a policy, procedure, a software configuration or a hardware device that eliminates vulnerability or reduces the possibility that a threat agent will be able to exploit vulnerability.

SANS Institute defined risk as ‘the potential harm that may arise from some current process or from some future event’. In other words, risk management in IT security is the process to understand and respond to factors those are responsible to a failure in the confidentiality, integrity or availability of an information system and which has negative impacts on the process or the related information (SANS Institute). Such risks in cloud computing include securing critical information such as protection of intellectual property, personally identifiable information and trade secrets falling into the hands of unethical people (Bisong & Rahman, 2011). Thus, it presents significant challenge for forensic inspection of the storage media and a proper understanding of file access and deletion (Information Security Magazine, 2009). So, considerable investment is required in security controls and monitoring of access to the contents.

Androcec (2011) discusses the use of cloud computing in government and its tangible and intangible risks. Tangible risks specific to government use of cloud services are: access (private data must be secured, unwanted or outside access request must be denied and all access privileges must be capable of customer auditing), infrastructure (risks and cost in migrating information to cloud infrastructure and there are no standards about cloud interoperability and compatibility) and integrity (accuracy of managed information). Intangible risks are due to law and policy issues. Androcec (2011) listed risks in SaaS and PaaS models. In SaaS, there are risks for platform owners such as up-front infrastructure investment, diverse new skills and managing network of suppliers. End users also face certain risks in the SaaS model such as exposing and losing business-critical data, lock-in, high switching costs and less tailoring software. There are several risks in the PaaS model such as platform adoption, unavailable applications, long learning curve, lock-in, restricted to available application program interfaces (APIs), closed platform, lack of interoperability, etc. Some other risks in the two models are related to performance, security and scalability.

Armbrust et al. (2010) believe that although the economic appeal of cloud computing is often described as converting capital expenses to operating expenses, more accurate benefit to the client is told in the phrase ‘pay as you go’. The absence of up-front capital expense allows capital to be redirected to core business investment and there is lower risk of underutilization and saturation (benefits of elasticity and risk transfer). Misestimating workload is then shifted from the service operator to cloud service provider.Thus, it is argued that if there are less risks and uncertainty with using cloud services, it would be easy to use cloud services and is hypothesized as: risk has a negative effect on perceived usefulness; and risk has a negative effect on perceived ease of use.

Vulnerability

Pfleeger and Pfleeger (2006) explained vulnerability as ‘a weakness in the security system’ which leads to causing harm to the system. In other words, vulnerability refers to a software, hardware or procedural weakness that may provide an attacker the open door to enter computer or network and have unauthorized access to resources within the environment. Vulnerability characterizes the absence or weakness of a safeguard that could be exploited. In the case of enterprise cloud computing, the vulnerability includes eavesdropping, hacking, cracking, malicious attacks and outages. Moving your data to a cloud service is just like ‘putting all your eggs in one basket’ (Bisong & Rahman, 2011; Perez, 2009). The technical studies show that in cloud computing, it is easy for anyone to precisely map the physical location of the target data to use denial of service to attack on the target data (Bisong & Rahman, 2011; Talbot, 2009). Greene (2009) suggested a solution for this as placing the cloud machines on physical machines that can be accessed by them and/or by their trusted third parties but this solution led to a price premium because part of the economy of cloud services is maximizing use of physical servers by efficiently loading them up with cloud machines. Greene (2009) and Edwards (2010) advocated that cloud computing is completely safe with preventive measures and businesses should treat clouds with a certain amount of suspicion. Edwards (2010) also suggested the use of cloud computing as a ‘thin client technology’ to limit the exposure to data-crammed laptops and backups-posed threats. According to Edwards (2010), this technology will enable the cloud to be a better antivirus detector and cloud computing vendors will be able to fix inefficient security approaches. Thus, the providers who cannot assure security could result in detrimental consequences that reduce usefulness. Following this, lesser vulnerability in cloud system will enhance the usefulness. So, we hypothesized as: Vulnerability has a negative effect on perceived usefulness.

Availability and Support

The cloud users want the data to be available all the time or rather, at the time when they need to use it. This raises the concerns over the effectiveness of cloud service providers. As mentioned by Chow et al. (2009), there have been incidents when data was not available when the users needed it. Kim and Suwon (2009) argue that adoption of high-availability architecture and tested platform and applications provide 100 per cent availability of the data. In addition, the authors mentioned that service-level agreements (SLAs) and a combination of precautionary measures (backup on on-premises storage and backup cloud) are the main driving factors to ensure desired levels of availability. Chow et al. (2009) raised certain questions related to the availability such as effectiveness of server efficiency with the availability of the cloud user’s own data centre, points of failure and attack and faithfulness of cloud provider in running a hosted application and in giving valid results. Further, Kim and Suwon (2009) mentioned vendors’ availability as another serious availability concern. In other words, in case the cloud computing vendor goes out of business, or becomes unable to deliver the service as the users may have initially been led to expect, the enterprise is directionless. So, the users must select viable vendors, and have a contingency plan in advance.

Support is the key demand for problem resolution in the case of cloud computing and on-premises computing for which enterprise as well as end users pay to the cloud service providers. So, cloud computing vendors are expected to hire and train adequate support staff to provide best possible support to their clients (Kim & Suwon, 2009). Thus, it is hypothesized as: availability and support has a positive effect on perceived usefulness; and availability and support has a positive effect on perceived ease of use.

Compliance

Compliance issues deal with data protection laws, other regulations and security standards that clients are to comply with, and they are capable to act on their behalf in accordance with such requirements. To comply with the various laws, organizations are required to maintain business legal documents and to assure their integrity towards the laws (Singh, 2007). In addition, cloud computing vendors have to adopt technologies to ensure that their enterprise users’ data satisfy their compliance requirements. There are issues in understanding the complexity, control and transparency according to the regulatory compliance of legal implication of the data being held by a third party (Chow et al., 2009). In the developed countries, there are some auditing guidelines which define guidelines for auditors to assess internal controls over the processing of sensitive information and ensure cloud computing safety. Thus, it is hypothesized as: compliance has a positive effect on perceived usefulness.

Methodology

The following section details the research method used to test the hypotheses including measurement, data collection and sampling.

Instrument

In order to study the factors affecting the decision to adopt cloud computing services, a questionnaire was constructed. This was done by reviewing previous research on different adoption theories and models in the related area. Since enough empirical work has not been reported in cloud computing adoption related to the variables, the researchers therefore created items to measure the constructs, and used five-point multi-item Likert-type scales for each item. A self-administered questionnaire was prepared taking measurement scales for eight constructs. These constructs are shown in Table 1.

The questionnaire consisted of two parts. The first part recorded company profile. The company profile variables were name of the organization, size, name of cloud services used in organization, turn-over and information about the cloud services such as whether they were using any of the services of the cloud computing. In addition, the second part of the questionnaire recorded the aspect of cloud computing adoption to the statement present on a five-point Likert scale ranging from 1 (strongly disagree) to 5 (strongly agree). Two consecutive rounds of pre-testing were conducted in order to ensure that respondents can understand the items used in the study. First, the questionnaire was reviewed by the academic researchers experienced in questionnaire design and next the questionnaire was piloted with IT experts known. Some items were eliminated as they were found to measure the same aspect as measured by other scales. The final questionnaire carried 28 questions as summarized in Table 1. Further, responses on the questionnaire were collected from the top- and middle-level IT professionals of the companies.

Table 1.

Constructs

Variable(s)	Reference(s)
(1) Threat	Hada, Singh and Manmohan (2011), Chow et al. (2009), Bamiah and Brohi (2011)
(2) Risk	Tout et al. (2009), Bisong and Rahman (2011), Kerr and Teng (2010), Buecker, Lodewijkx, Moss, Skapinetz and Waidner (2009)
(3) Vulnerability	Buecker et al. (2009)
(4) Availability and support	Kim and Suwon (2009)
(5) Compliance	Alam, Ali and Jani (2011), Zhu and Kraemer (2005), Kim and Suwon (2009), Geczy et al. (2012)
(6) Perceived usefulness	Cheng, Edwin, David and Yeung (2006), Davis (1989), Wu (2011)
(7) Perceived ease of use	Wu (2011)
(8) Adoption intention	Wu (2011), Schillewaert et al. (2005)

Source: Questionnaire development based on items from the literature.

Data Collection Procedures

A questionnaire survey method was selected following the previous studies to evaluate the importance of the factors that have been found through literature review. A random sample of 1,000 organizations was selected from the name lists of the Bombay Chamber of Commerce and Industry of India. The respondents were screened through email and/or telephone on the basis of questions such as whether they are aware of cloud computing, whether they are willing to adopt cloud computing or whether they are in the process of adoption. These questions ensured that the respondents understood the questionnaire and had the exposure on cloud services. Out of the total 1,000 companies, 433 were found to be eligible for this survey on the basis of screening question. Mails were sent to all 433 firms in our sampling frame followed by calls to invite them to participate in the study. Firms with positive responses were asked to provide a date for the researcher to visit the company site for data collection and a round of conversation. This study used personal visits to the respondents and a round of conversation to collect information from the owner/manager or the IS manager in the company. Although interviewer-administered surveys are expensive and time-consuming, it was preferred because it allowed us to gain a fairly good response rate. Because the questions about cloud computing are of a contemporary nature, this technique was useful because it enabled the researcher to correct any ambiguities and unfold any issues raised by respondents. A total of 112 firms had gone out of business and could no longer be reached. A total of 301 firms participated in this survey with conversation lasting for an average of one hour. After reviewing, 20 responses were found to be invalid, thus excluded from the study. This left a total number of 281 responses for final analysis. Tables 2–4 list the characteristics of the sample.

Table 2.

Categorization of Firms with Respect to Size of the Firms

Category	Criterion of Categorization	No. of Firms
Small	Number of employees < 400	85
Medium	400 ≤ number of employees ≤ 800	93
Large	Number of employees > 800	102

Source: Sample Characteristics with respect to size of the firms.

Table 3.

Categorization of Firms with Respect to Turnover of the Firms

Category	Criterion of Categorization (in million of Indian rupee)	No. of Firms
Small	Turnover < 750	79
Medium	750 ≤ number of employees ≤ 3,000	123
Large	Number of employees > 3,000	78

Source: Sample Characteristics with respect to turnover of the firms.

Table 4.

Categorization of Firms with Respect to Industry Type

Industry	No. of Companies
Manufacturing	88
Finance	77
Information and Communications Technology	116

Source: Sample Characteristics with respect to Industry type.

Sampling Frame

A questionnaire survey was used to collect the empirical data for this study. The list of 1,000 random organizations was obtained from the Bombay Chamber of Commerce and Industry of India. Mails or telephone calls were then made to screen the organizations on the basis of questions such as whether they are aware of cloud computing, whether they are willing to adopt cloud computing or whether they are in the process of adoption. Out of the total 1,000 companies, 433 were found to be eligible for this survey on the basis of screening question. Most of the responses were collected through personal visits to the respondents and a round of conversation was held before seeking their responses on the questionnaire. Other responses were collected through email. Out of the 433 organizations, 300 responses were gathered and 280 responses were found valid. For the data analysis, several data analysis techniques were applied.

Sampling Method

The purposive sampling method (a non-probability sampling technique) was used in this study. This technique is selected based on the knowledge of population. (Only individuals’ who were working for a IT/information technology enabled service [ITeS], manufacturing, finance and who were familiar with the concept of cloud computing were eligible to participate in our study.). The reasons for choosing these four industries are their high adoption rate in these sectors (CIO report, n.d.).

Reliability and Factor Analyses

Reliability analysis revealed Cronbach’s alpha value as 0.804 and is comparable with the reliabilities reported in earlier studies. The reliabilities of subscales exceeded the recommended level of 0.6. Further, the scale was factor analyzed using principal component analysis and Varimax rotation. The result for Bartlett’s test of sphericity was 0.000 and the Kaiser–Meyer–Olkin (KMO) value was 0.574, meeting the assumption for factorability. The variables were grouped in eight factors and all together accounted for 73.53 per cent of the total variance. The reliability of each factor is within acceptable limits—risk (a = 0.894), compliance (a = 0.794), threat (a = 0.816), vulnerability (a = 0.902), availability and support (a = 0.880), PU (a = 0.839), PEOU (a = 0.851) and cloud computing adoption intention (a = 0.770).

To test the stability of the scale, confirmatory factor analysis was employed on the sample using structural equation modelling. A measurement model was developed using AMOS V20.0 and the Maximum Likelihood method was chosen for confirmatory factor analysis. A range of indices were used to assess the model fit (Table 5). Four of the items were dropped and the analysis demonstrated broadly satisfactory levels of fit (Browne & Cudeck, 1993) as comparative fit index (CFI) was obtained as 0.930; the root mean square error of approximation (RMSEA) was obtained as 0.075. The eight-factor model had the best overall fit to the data with a χ² statistic of 471.928, goodness-of-fit index (GFI) of 0.896 and an adjusted goodness-of-fit index (AGFI) of 0.831.

Table 5.

Measurement Model Fit Indices

Measurement Indices	χ²	Degree of Freedom (DF)	χ²/^DF	CFI	GFI	AGFI	RMSEA
Values	471.928	185	2.551	0.930	0.896	0.831	0.075

Source: Summary Statistics of Model Fit Indices Based on Amos output.

Table 6 shows the correlations, means and standard deviations for the factors. The highest mean of 3.670 was for adoption intention, while the lowest mean of 3.098 was for compliance on a scale of 1 to 5.

Table 6.

Correlation Matrix and Descriptive Statistics

Constructs	Threat	Risk	Vulnerability	Availability and Support	Compliance	Perceived Ease of Use	Perceived Usefulness	Adoption Intention	Mean	Standard Deviation
Threat	1.000								3.232	0.957
Risk	0.016	1.000							3.156	0.992
Vulnerability	0.053	0.048	1.000						3.260	0.960
Availability and support	–0.033	0.016	–0.095	1.000					3.166	0.964
Compliance	–0.036	0.022	0.087	0.165	1.000				3.098	0.962
Perceived ease of use	–0.084	–0.020	–0.068	0.043	0.086	1.000			3.126	0.973
Perceived usefulness	–0.047	–0.035	–0.010	0.073	0.020	0.175	1.000		3.181	0.946
Adoption intention	–0.107	0.013	0.345	0.081	0.076	0.089	0.213	1.000	3.670	1.198

Source: Inter-construct correlation and descriptive statistics using Amos.

Composite Reliability and Construct Validity

Composite reliabilities of each factor exceeded the recommended level of 0.6 which confirmed their internal consistencies (Table 7). Further, average variance extracted (AVE) for each factor was found to be more than 0.6 (Fornell & Larcker, 1981). Discriminant validity was obtained by comparing the shared variance between factors with the AVE from the individual factors (Fornell & Larcker, 1981). This analysis showed that the shared variances between factors were less than the AVE for the individual factors.

Table 7.

Convergent Validity

Factors	Indicators	Standardized Loadings	Composite Reliability	Average Variance Extracted
Threat	TH1	0.926	0.829	0.622
	TH2	0.899
	TH3	0.821
Risk	RK1	0.889	0.924	0.781
	RK2	0.859
	RK3	0.853
	RK4	0.844
	RK5	0.686
Vulnerability	VUL1	0.906	0.795	0.609
	VUL2	0.849
	VUL3	0.751
Availability and support	A&S1	0.855	0.810	0.711
	A&S2	0.800
	A&S3	0.793
Compliance	CMP1	0.917	0.952	0.629
	CMP2	0.904
	CMP3	0.746
	CMP4	0.638
Perceived ease of use	PU1	0.869	0.831	0.651
	PU2	0.868
	PU3	0.860
	PU4	0.859
	PU5	0.429
Perceived usefulness	PE1	0.817	0.783	0.782
	PE2	0.809
	PE3	0.673
Adoption intention	ADOP1	0.830	0.884	0.663
	ADOP2	0.781

Source: Convergent validity using Amos.

Hypotheses Testing

To test proposed hypotheses, the measurement model was converted to the structural model in AMOS. The regression weight table witnessed path coefficients of each path to be more than 0.1 and critical ratios to be more than 1.96. Using the regression weight table, the results are interpreted and presented in Table 7. Threat has a negative effect on PU. Risk has a negative effect on PU and PEOU. This finding is consistent with the findings of Lu et al. (2005) who found that risk has a negative effect on PU in online applications context. In addition, Featherman et al. (2010) found that risk has a negative effect on PU in e-service adoption context. Vulnerability is found to have a negative effect on PU. This finding is contrary with the findings of Lallmahamood (2007) who found that vulnerability has a positive effect on PU in e-commerce context. In addition, Gefen, Karahanna and Straub (2003) found that trust in vendor has a significant effect on PU. Availability and support has a positive effect on PEOU. This finding is consistent with the findings of Zhou (2011) who found that availability and support has a positive effect on PEOU in mobile website adoption context. It can be interpreted that unavailable or interrupted cloud services may decrease PEOU. Compliance has a positive effect on PU.

Table 8.

Results of Hypotheses Testing

S. No.	Hypotheses	Path Coefficient	Findings
H1a	Perceived usefulness has a positive effect on adoption.	0.612	Supported (p < 0.05)
H1b	Perceived ease of use has a positive effect on adoption.	0.235	Supported (p < 0.05)
H1c	Perceived ease of use has a positive effect on perceived usefulness.	0.328	Supported (p < 0.001)
H2a	Threat has a negative effect on perceived usefulness.	0.131	Supported (p < 0.1)
H2b	Threat has a negative effect on perceived ease of use.	0.008	Not supported
H3a	Risk has a negative effect on perceived usefulness.	0.194	Supported (p = 0.001)
H3b	Risk has a negative effect on perceived ease of use.	0.213	Supported (p < 0.1)
H4	Vulnerability has a negative effect on perceived usefulness.	0.112	Supported (p < 0.05)
H5a	Availability and support has a positive effect on perceived usefulness.	0.104	Supported (p = 0.01)
H5b	Availability and support has a positive effect on perceived ease of use.	0.292	Supported (p < 0.001)
H6	Compliance has a positive effect on perceived usefulness.	0.311	Supported (p = 0.01)

Source: Results of hypotheses testing using Amos.

Cloud computing adoption using extended TAM resulted in R² = 0.716, that is, the variables described above explained 71.6 per cent of the variance of cloud computing adoption. A summary of the hypotheses testing results is shown in Table 8.

Discussion

As Wu (2011) advocated that the studies on technology adoption should focus on understanding its determinants, rather than ascertaining the determinants of managerial decision-making, this study is an attempt in this direction. It conceptualized cloud computing specific variables and tested them as external variables of TAM. Based on the hypotheses tested, it can be interpreted that these cloud computing specific variables as determinants of adoption have unique significance in cloud computing adoption literature. The results showed that PU and PEOU have a direct effect on adoption intention of cloud computing. In other words, IT decision makers enhance their job performance, efficiency and effectiveness by using cloud computing services which result in reliable determinant of adoption intention. They also believe that an easy to use system or services increases adoption intention. The results show that PU is affected by PEOU which means that cloud computing services are easy to operate and it benefits users’ job performance, efficiency and effectiveness.

Threat is found to have a significant impact on PU. In other words, reducing threat of security will increase PU.

Thus, in order to secure cloud computing from security threats, various security measures are incorporated into cloud system. However, security technologies, such as firewall and antivirus software alone, are not sufficient to manage the security challenges. Security policies that specify access rights in using these systems are necessary as human are often an inherent source of security threat. Thus, cloud computing services require deploying security policies and controls which ensure consistency and accountability. In addition, threat involves network intrusion or attack on cloud which are encountered by developing more mature and tested security measures and processes than traditional security methods. Further, software interfaces and APIs used to access and manage cloud services must be secured so that management of the processes running in a cloud environment is free from security threats. Thus, it takes into consideration full spectrum of threats (i.e., natural, criminal, terrorist and accidental) in using cloud computing services. Thus, the provider should try to avoid or minimize security threats to increase the usefulness of cloud computing which results in greater efficiency and effectiveness.

Risk is supported to have an impact on PU and PEOU which indicates that the higher the risk in using cloud services, the lesser the cloud services is perceived to be useful and the less to be easy to use. In other words, cloud service providers intend to develop trust on the privacy and integrity so that it helps cloud users to build beliefs of ease of use in using cloud services. They further build trust in the business organizations in term of support and giving them complete confidence of the usefulness of the cloud services they provide. Thus, the security elements, such as access control, data security, compliance and event management, are identified as important building blocks of trust and verification relationships between cloud users and cloud service providers. Information technology professionals are required to well understand these elements and implement with existing products and technologies.

The results also show that suspicion in using cloud services decreases the usefulness of cloud computing. Countermeasures and preventive measure to avoid security risk will increase usefulness of cloud computing. Vulnerability, as another significant determinant in using cloud services, is addressed by cloud service providers by testing and validation to determine vulnerabilities and by ensuring implementation of vulnerability intrusion management program, and governance and audit management program. Cloud computing is perceived with a certain amount of suspicion so that the organizations that want to proceed with cloud computing should understand and verify security provided by cloud provider. It supports the fact that the cloud needs to be architected to be secure, built with inherently secure components, deployed and provisioned securely with strong interfaces to other components and, finally, supported securely, with vulnerability-assessment and change-management processes that produce management information and service-level assurances that build trust.

The results also show that high availability and support increases usefulness of the system by having SLA in order to work efficiently. High availability and support makes easy use of cloud services which is ensured by cloud service providers by employing multiple network providers so that even if one of them experiences difficulties or a complete failure, the provider services would not be put in jeopardy due to the immediate availability of another network provider. They adopt high-availability architecture, tested platform and applications, maintain a backup on on-premises storage, or use a backup cloud or simply not store mission-critical data on the cloud which result in electiveness and quality of cloud services. With applications, the users may keep an on-premises version of the application, so that they may work offline while the cloud is down. In addition, the concern about quality of services should ensure that the level of access the users want is built into the SLA; uptime must be audited regularly to ensure that it conforms to the SLA.

Compliance is another significant determinant that deals with laws and regulations and existing legislation to ensure safe and secure use of cloud computing in organizations. It raises the confidence level necessary for organizations to convert cloud computing-related innovation in business opportunities and efficiency of cloud computing. Regulatory issues can be avoided by managerial understanding of regulatory needs of their companies. The issues should be addressed effectively that ensures information transparency and conformance with specific regional privacy and security regulations.

Managerial Implications

Though it is nearly impossible to guarantee 100 per cent security and privacy protection against all possible sources of violation, integrity of personal information has emerged as a major issue for cloud computing users. Using cloud computing, the data placed is easy to locate, to send across the communication channels of different countries, where data privacy laws are potentially different, and therefore have chances to get the potentially sensitive data exposed to the snooping eyes of unauthorized individual senses. Conventional infrastructure security controls designed for dedicated hardware do not always map well to the cloud environment. So, managers should develop cloud architectures with well-defined security policies and procedures. Realizing that full interoperability with existing dedicated security controls is unlikely, there has to be some degree of compatibility between the newer security protections specifically designed for cloud environments and traditional security controls. On the other side, cloud computing vendors must adopt most sophisticated and up-to-date tools and procedures, and strive to provide better security and privacy than is available for on-premises computing.

Conclusion

This study attempted to determine the factors affecting adoption of cloud computing in organizations. To underpin the basis of these factors in existing literature, the study chose TAM for its wide acceptance in technology adoption literature. Since the relevance of extended TAM is found increasing in the recent literature, this study developed an extended TAM for cloud computing adoption. It extended TAM using a set of variables relevant to cloud computing adoption as external variables of TAM, that is, threat, risk, vulnerability, availability and support, and compliance, which have direct effect on either of the two constructs of TAM or both, and has indirect effect on adoption. Thus, the two constructs of TAM act as mediating variables for external variables of TAM. Findings show that PU, PEOU, threat, risk, vulnerability, availability and support and compliance are important determinants for cloud computing adoption in organizations. Though cloud computing makes organization economically effective, the results of the study show the importance of addressing security standards and cloud computing service provider-related issues before sensitive and regulated data move into the public cloud.

The study concludes that the important issues in cloud computing adoption are related to a secure identity, information and infrastructure model such as strong authentication, delegated authorization, key management for encrypted data, data loss protection, service-level assurances and regulatory reporting. This serves as guiding principles for users to effectively select security tools and secure products that offer end-to-end trustworthy cloud computing and services. This model addresses the key concerned areas of cloud computing adoption and has relevance to the IT professionals by enabling them to consider effective concerned areas so that they can take effective course of actions during cloud computing adoption in their organizations. Thus, this study is a special attempt to contribute in cloud computing adoption literature. This study is limited in terms of using limited set of variables and exclusion of non-adopters. Future research should validate findings of the study in other contexts. Further studies on cloud computing adoption should focus on integrating the developed extended TAM with other adoption models and frameworks so that the predictive power of resulting models can be improved.

Footnotes

Acknowledgements

The authors are grateful to the anonymous referees of the journal for their extremely useful suggestions to improve the quality of the article. Usual disclaimers apply.

References

Alam

S.S.

, Ali

M.Y.

, & Jani

M.F.M.

(2011). An empirical study of factors affecting electronic commerce adoption among SMEs in Malaysia. Journal of Business Economics and Management, 12(2), 375–399.

Alshamaila

, Papagiannidis

, & Li

(2013). Cloud computing adoption by SMEs in the north east of England: A multi-perspective framework. Journal of Enterprise Information Management, 26(3), 250–275.

Amoako-Gyampah

, & Salam

A.F.

(2004). An extension of the technology acceptance model in an ERP implementation environment. Information & Management, 41(6), 731–745.

Androcec

(2011). Research challenges for cloud computing economics. Central European Conference on Information and Intelligent Systems, CECIIS—2011, Varazdin Croatia.

Armbrust

, Fox

, Griffith

, Joseph

A.D.

, Katz

, Konwinski

, & Stoica

(2010). A view of cloud computing. Communications of the ACM, 53(4), 50–58.

Y.A.

, & Zafar

(2008). A multi-country assessment of mobile payment adoption (Working Paper Series: 0055IS-296-2008). The University of Texas at San Antonio, College of Business, The University Of Texas At San Antonio.

Autry

C.W.

, Grawe

S.J.

, Daugherty

P.J.

, & Richey

R.G.

(2010). The effects of technological turbulence and breadth on supply chain technology acceptance and adoption. Journal of Operations Management, 28(6), 522–536.

Bamiah

M.A.

, & Brohi

S.N.

(2011). Seven deadly threats and vulnerabilities in cloud computing. International Journal of Advanced Engineering Sciences and Technologies, 9(1), 87–90.

Banerjee

(2009). An intelligent IT infrastructure for the future. Proceedings of 15th International Symposium on High-performance Computer Architecture, HPCA, Raleigh, NC, USA.

10.

Bhasin

M.L.

(2006). Guarding privacy on the internet. Global Business Review, 7(1), 137–156.

11.

Bisong

, & Rahman

S.M.

(2011). An overview of the security concerns in enterprise cloud computing. International Journal of Network Security & Its Applications (IJNSA), 3(1), 30–45.

12.

Bristow

, Dodds

, Northam

, & Plugge

(2010). Cloud computing and the power to choose. EDUCAUSE Review, 45(3), 14.

13.

Browne

M.W.

, & Cudeck

(1993). Alternative ways of assessing model fit. In Bollen

K.A.

& Long

J.S.

(Eds), Testing structural equation models. Newbury Park, CA: SAGE Publications.

14.

Buecker

, Lodewijkx

, Moss

, Skapinetz

, & Waidner

(2009). Cloud security guidance. IBM recommendations for the implementation of cloud security (pp. 1–28). IBM® Redpapers™. Retrieved 15 April 2012, from www.ibm.com/redbooks

15.

Buyya

, Yeo

C.S.

, Venugopa

, Broberg

, & Brandic

(2009). Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6), 599–616.

16.

Chen

, & Tan

(2004). Technology adaptation in e-commerce: key determinants of virtual stores acceptance. European Management Journal, 22 (1), 74–86.

17.

Cheng

T.C.

, Edwin

, David

Y.C.

, & Yeung

A.C.L.

(2006). Adoption of internet banking: An empirical study in Hong Kong. Decision Support Systems, 42(3), 1558–1572.

18.

Chow

, Golle

, Jakobsson

, Shi

, Staddon

, Masuoka

, & Molina

(2009). Controlling data in the cloud: Outsourcing computation without outsourcing control (pp. 85–90). Proceedings of the 2009 ACM Workshop on Cloud Computing Security, Chicago.

19.

CIO report (n.d.). Cloud computing in India: A CIO research center report. Retrieved 10 June 2012, from http://cioresearchcenter.com/wordpress/wp-content/plugins/download-monitor/download.php?id=3

20.

Cloud Security Alliance (2010). Top Threats to Cloud Computing. Cloud Security Alliance. Retrieved from http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

21.

Davis

F.D.

(1986). A technology acceptance model for empirically testing new end-user information systems: Theory and results (Doctoral Dissertation), Sloan School of Management, Massachusetts Institute of Technology, Cambridge, MA.

22.

Davis

F.D.

(1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 319–340.

23.

Edwards

(2010). Defending the cloud—and your business (Webhostingunleashed.com). Retrieved 9 March 2010, from http://www.webhostingunleashed.com/features/defendingcloud-090208/

24.

Featherman

M.S.

, Miyazaki

A.D.

, & Sprott

D.E.

(2010). Reducing online privacy risk to facilitate e-service adoption: the influence of perceived ease of use and corporate credibility. Journal of Services Marketing. 24(3) 219–229.

25.

Feuerlicht

, & Govardhan

(2000). Impact of cloud computing: Beyond a technology trend. Proceedings of the International Conference on Systems Integration 2010 [CD-ROM], Oeconomica, Prague, 8–9 June 2010, s. 1–8. ISBN 978-80-245-1660-8

26.

Feuerlicht

, Burkon

, & Sebesta

(2011). Cloud computing adoption: What are the issues? Systémová Integrace 2-Příloha, 18(2), 187–192.

27.

Fornell

, & Larcker

D.F.

(1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 48(2), 39–50.

28.

Garaca

(2011). Factors related to the intended use of ERP systems. Management, 16(2), 23–42.

29.

Gartner (2011). Gartner identifies the top 10 strategic technologies for 2011. Retrieved 15 July 2013, from http://www.gartner.com/it/page.jsp?id=1454221

30.

Geczy

, Izumi

, & Kôiti

(2012). Cloudsourcing: Managing cloud adoption. Global Journal of Business Research, 6(2), 57–70.

31.

Gefen

, Karahanna

, & Straub

D.W.

(2003). Trust and TAM in online shopping: An integrated model. MIS Quarterly, 27(1), 51–90.

32.

George

, & Gireesh Kumar

G.S.

(2013). Antecedents of customer satisfaction in Internet banking: Technology acceptance model (TAM) redefined. Global Business Review, 14(4), 627–638.

33.

Goscinski

, & Brock

(2010). Toward dynamic and attribute based publication, discovery and selection for cloud computing. Future Generation Computer Systems, 26(7), 947–970.

34.

Greene

(2009). New attacks on cloud services call for due diligence. Network World (Southborough), 26(28), p. 8, 1p. Retrieved 14 September 2009, from http://www.networkworld.com/newsletters/vpn/2009/090709cloudsec2.html

35.

Gupta

M.P.

, & Sareen

(2001). A study of consumer concerns and issues of electronic payment in India. Global Business Review, 2(1), 101–119.

36.

Hada

P.S.

, Singh

, & Manmohan

(2011). Security agents: A mobile agent based trust model for cloud computing. International Journal of Computer Applications, 36(12), 12–15.

37.

Hong

, Thong

J.Y.L.

, & Tam

K.Y.

(2006). Understanding continued information technology usage behaviour: A comparison of three models in the context of mobile internet. Decision Support Systems, 42(3), 1819–1834.

38.

Hasizume

, Rosado

D. G.

, Fernandez-Medina

& Fernandez

E. B.

(2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 4–5.

39.

Igbaria

, & Tan

M.C.

(1997). The consequences of information technology acceptance on subsequent individual performance. Information & Management, 32(3), 113–121.

40.

Information Security Magazine. (2009). The three cloud computing risks to consider. Retrieved from http://www.arma.org/press/ARMAnews/Infosecurity.pdf

41.

IT Cloud Services User Survey (2008). Pt. 2: Top benefits & challenges. Retrieved 8 December 2011, from http://blogs.idc.com/ie/?p=210

42.

Kerr

, & Teng

(2010). Cloud computing: Legal and privacy issues. Proceedings of the Academy of Business Disciplines Conference, New York, USA.

43.

Kim

, & Suwon

(2009). Cloud computing: Today and tomorrow. Journal of Object Technology, 8(1), 65–72.

44.

King

W.R.

, & He

(2006). A meta-analysis of the technology acceptance model. Information & Management, 44(1), 90–103.

45.

Lallmahamood

(2007). An examination of individual’s perceived security and privacy of the Internet in Malaysia and the influence of this on their intention to use e-commerce: Using an extension of the technology acceptance model. Journal of Internet Banking and Commerce, 12(3), 1–26.

46.

Legris

, Ingham

, & Collerette

(2003). Why do people use information technology? A critical review of the technology acceptance model. Information & Management, 40(3), 191–204.

47.

Low

, Chen

, & Wu

(2011). Understanding the determinants of cloud computing adoption. Industrial Management & Data Systems, 111(7), 1006–1023.

48.

, Hsu

, & Hsu

(2005). An empirical study of the effects of perceived risk upon intention to use online applications. Information Management & Computer Security, 13(2), 106–120.

49.

Lucas

, & Spitler

(1999). Technology use and performance: A field study of broker workstations. Decision Sciences, 30(2), 291–312.

50.

Mujinga

, & Chipangura

(2011, December 5–7). Cloud computing concerns in developing economies. Proceedings of the 9th Australian Information Security Management Conference, Perth, Western Australia.

51.

Perez

(2009). The cloud isn’t safe?! (Or did black hat just scare us?). ReadWriteWeb. Retrieved 5 August 2009, from http://www.readwriteweb.com/archives/the_cloud_isnt_safe_or_did_blackhat_just_scare_us.php

52.

Pfleeger

C.P.

, & Pfleeger

S.L.

(2006). Security in computing (4th ed.). Englewood Cliffs, NJ: Prentice-Hall.

53.

Rimal

B.P.

, Jukam

, Katsaros

, & Goeleven

(2011). Architectural requirements for cloud computing systems: An enterprise cloud approach. Journal of Grid Computing, 9(1), 3–26.

54.

Schillewaert

, Ahearne

M.J.

, Frambach

R.T.

, & Moenaert

R.K.

(2005). The adoption of information technology in the sales force. Industrial Marketing Management, 34(4), 323–336.

55.

Singh

N.P.

(2007). ERP implementation based on ASP model. Global Business Review, 8(1), 29–52.

56.

Talbot

(2009, 23 October, Friday). Vulnerability seen in Amazon’s cloud-computing. Technology Review. Retrieved 4 March 2010, from http://www.cs.sunysb.edu/~sion/research/sion2009mitTR.pdf

57.

Tout

, Sverdlik

, & Lawver

(2009). Cloud computing and its security in higher education. Proceedings of ISECON 2009 (Vol. 26, pp. 1–5), Washington, DC.

58.

(2011). Developing an explorative model for SaaS adoption. Expert Systems with Applications, 38(12), 15057–15064.

59.

Zhou

(2011). Examining the critical success factors of mobile website adoption. Online Information Review, 35(4), 636–652.