Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Organizational cloud security and control: a proactive approach

Organizational cloud security and control: a proactive approach The purpose of this paper is to unfold the perceptions around additional security in cloud environments by highlighting the importance of controlling mechanisms as an approach to the ethical use of the systems. The study focuses on the effects of the controlling mechanisms in maintaining an overall secure position for the cloud and the mediating role of the ethical behavior in this relationship.Design/methodology/approachA case study was conducted, examining the adoption of managed cloud security services as a means of control, as well as a large-scale survey with the views of IT decision makers about the effects of such adoption to the overall cloud security.FindingsThe findings indicate that there is indeed a positive relationship between the adoption of controlling mechanisms and the maintenance of overall cloud security, which increases when the users follow an ethical behavior in the use of the cloud. A framework based on the findings is built suggesting a research agenda for the future and a conceptualization of the field.Research limitations/implicationsOne of the major limitations of the study is the fact that the data collection was based on the perceptions of IT decision makers from a cross-section of industries; however the proposed framework should also be examined in industry-specific context. Although the firm size was indicated as a high influencing factor, it was not considered for this study, as the data collection targeted a range of organizations from various sizes.Originality/valueThis study extends the research of IS security behavior based on the notion that individuals (clients and providers of cloud infrastructure) are protecting something separate from themselves, in a cloud-based environment, sharing responsibility and trust with their peers. The organization in this context is focusing on managed security solutions as a proactive measurement to preserve cloud security in cloud environments. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information Technology & People Emerald Publishing

Organizational cloud security and control: a proactive approach

Download PDF
22 pages

Loading next page...
 
/lp/emerald-publishing/organizational-cloud-security-and-control-a-proactive-approach-0okB8H24bl
Publisher
Emerald Publishing
Copyright
© Emerald Publishing Limited
ISSN
0959-3845
DOI
10.1108/itp-04-2017-0131
Publisher site
See Article on Publisher Site

Abstract

The purpose of this paper is to unfold the perceptions around additional security in cloud environments by highlighting the importance of controlling mechanisms as an approach to the ethical use of the systems. The study focuses on the effects of the controlling mechanisms in maintaining an overall secure position for the cloud and the mediating role of the ethical behavior in this relationship.Design/methodology/approachA case study was conducted, examining the adoption of managed cloud security services as a means of control, as well as a large-scale survey with the views of IT decision makers about the effects of such adoption to the overall cloud security.FindingsThe findings indicate that there is indeed a positive relationship between the adoption of controlling mechanisms and the maintenance of overall cloud security, which increases when the users follow an ethical behavior in the use of the cloud. A framework based on the findings is built suggesting a research agenda for the future and a conceptualization of the field.Research limitations/implicationsOne of the major limitations of the study is the fact that the data collection was based on the perceptions of IT decision makers from a cross-section of industries; however the proposed framework should also be examined in industry-specific context. Although the firm size was indicated as a high influencing factor, it was not considered for this study, as the data collection targeted a range of organizations from various sizes.Originality/valueThis study extends the research of IS security behavior based on the notion that individuals (clients and providers of cloud infrastructure) are protecting something separate from themselves, in a cloud-based environment, sharing responsibility and trust with their peers. The organization in this context is focusing on managed security solutions as a proactive measurement to preserve cloud security in cloud environments.

Journal

Information Technology & PeopleEmerald Publishing

Published: Jun 19, 2019

Keywords: Cloud security; Organizational control; Structural equation modelling; Exploratory framework

References

  • The theory of planned behavior
    Ajzen, I.
  • Security in cloud computing: opportunities and challenges
    Ali, M.; Khan, S.U.; Vasilakos, A.V.
  • Cloud computing adoption by SMEs in the North East of England: a multi‐perspective framework
    Alshamaila, Y.; Papagiannidis, S.; Li, F.
  • Cloud computing security: from single to multi-clouds
    AlZain, M.A.; Pardede, E.; Soh, B.; Thom, J.A.
  • Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions
    Anderson, C.L.; Agarwal, R.
  • Structural equation modeling in practice: a review and recommended two-step approach
    Anderson, J.C.; Gerbing, D.W.
  • A view of cloud computing
    Armbrust, M.; Fox, A.; Griffith, R.; Joseph, A.D.; Katz, R.; Konwinski, A.; Lee, G.; Patterson, D.; Rabkin, A.; Stoica, I.
  • Evidence of the effect of trust building technology in electronic markets: price premiums and buyer behavior
    Ba, S.; Pavlou, P.A.
  • On the evaluation of structural equation models
    Bagozzi, R.; Yi, Y.
  • An emote opportunity model of computer abuse
    Baskerville, R.; Eun, H.P.; Kim, J.
  • The case research strategy in studies of information systems
    Benbasat, I.; Goldstein, D.K.; Mead, M.
  • What do users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors
    Boss, S.R.; Galletta, D.F.; Lowry, P.B.; Moody, G.D.; Polak, P.
  • If someone is watching, I’ll do what I’m asked: mandatoriness, control, and information security
    Boss, S.R.; Kirsch, L.J.; Angermeier, I.; Shingler, R.A.; Boss, R.W.
  • Using thematic analysis in psychology
    Braun, V.; Clarke, V.
  • Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness
    Bulgurcu, B.; Cavusoglu, H.; Benbasat, I.
  • Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility
    Buyya, R.; Yeo, C.S.; Venugopal, S.; Broberg, J.; Brandic, I.
  • Configuration of and interaction between information security technologies: the case of firewalls and intrusion detection systems
    Cavusoglu, H.; Raghunathan, S.; Cavusoglu, H.
  • The behavioral roots of information systems security: exploring key factors related to unethical it use
    Chatterjee, S.; Sarker, S.; Valacich, J.S.
  • Individual’s internet security perceptions and behaviors: polycontextual contrasts between the United States and China
    Chen, Y.; Zahedi, F.
  • Organizations’ information security policy compliance: stick or carrot approach?
    Chen, Y.; Ramamurthy, K.; Wen, K.-W.
  • Paradigm of for developing constructs measures
    Churchill, G.A.J.
  • Sampling in qualitative research. Purposeful and theoretical sampling; merging or clear boundaries?
    Coyne, I.T.
  • Cloud adoption practices & priorities survey report
  • A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings
    D’Arcy, J.; Herath, T.
  • Understanding employee responses to stressful information security requirements: a coping perspective
    D’Arcy, J.; Herath, T.; Shoss, M.K.
  • User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach
    D’Arcy, J.; Hovav, A.; Galletta, D.
  • The information security policy unpacked: a critical study of the content of university policies
    Doherty, N.F.; Anastasakis, L.; Fulford, H.
  • A literature review on cloud computing adoption issues in enterprises
    El-Gazzar, R.F.
  • Evaluating the use of exploratory factor analysis in psychological research
    Fabrigar, L.R.; Wegener, D.T.; MacCallum, R.C.; Strahan, E.J.
  • Structural equation models with unobservable variables and measurement error: algebra and statistics
    Fornell, C.; Larcker, D.F.
  • The economic incentives for sharing security information
    Gal-Or, E.; Ghose, A.
  • Success factors for deploying cloud computing
    Garrison, G.; Kim, S.; Wakefield, R.L.
  • An update and extension to SEM guidelines for admnistrative and social science research
    Gefen, D.; Straub, D.; Rigdon, E.
  • Developing expertise for network intrusion detection
    Goodall, J.R.; Lutters, W.G.; Komlodi, A.
  • Trust as a facilitator in cloud computing: a survey
    Habib, S.M.; Hauke, S.; Ries, S.; Mühlhäuser, M.
  • Investments in information security: a real options perspective with bayesian postaudit
    Herath, H.S.B.; Herath, T.C.
  • Protection motivation and deterrence: a framework for security policy compliance in organisations
    Herath, T.; Rao, H.R.
  • Institutional influences on information systems security innovations
    Hsu, C.; Lee, J.-N.; Straub, D.W.
  • The role of extra-role behaviors and social controls in information security policy effectiveness
    Hsu, J.S.-C.; Shih, S.-P.; Hung, Y.W.; Lowry, P.B.
  • The role of self-control in information security violations: insights from a cognitive neuroscience perspective
    Hu, Q.; West, R.; Smarandescu, L.
  • Trust mechanisms for cloud computing
    Huang, J.; Nicol, D.M.
  • Fear appeals and Information security behaviors: an empirical study
    Johnston, A.C.; Warkentin, M.
  • An enhanced fear appeal rhetorical framework: leveraging threats to the human asset through sanctioning rhetoric
    Johnston, A.C.; Warkentin, M.; Siponen, M.T.
  • Secure and sustainable benchmarking in clouds
    Kerschbaum, F.
  • Exploratory and confirmatory factor analysis
    Kline, R.B.
  • Promoting personal responsibility for internet safety
    LaRose, R.; Rifon, N.J.; Enbody, R.
  • Mandatory standards and organizational information security
    Lee, C.H.; Geng, X.; Raghunathan, S.
  • Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware software
    Lee, Y.; Larsen, K.R.
  • Avoidance of information technology threats: a theoretical perspective
    Liang, H.; Xue, Y.
  • Understanding security behaviors in personal computer usage: a threat avoidance perspective
    Liang, H.; Xue, Y.
  • Insider threat prediction tool: evaluating the probability of IT misuse
    Magklaras, G.B.; Furnell, S.M.
  • Cloud computing — the business perspective
    Marston, S.; Li, Z.; Bandyopadhyay, S.; Zhang, J.; Ghalsasi, A.
  • The NIST definition of cloud computing
    Mell, P.; Grance, T.
  • The challenge of networked enterprises for cloud computing interoperability
    Mezgár, I.; Rauschecker, U.
  • When hackers talk: managing information security under variable attack rates and knowledge dissemination
    Mookerjee, V.; Mookerjee, R.; Bensoussan, A.; Yue, W.T.
  • What levels of moral reasoning and values explain adherence to information security rules? An empirical study”
    Myyry, L.; Siponen, M.; Pahnila, S.; Vartiainen, T.; Vance, A.
  • Studying information technology in organizations: research approaches and assumptions
    Orlikowski, W.J.; Baroudi, J.J.
  • What is rotating in exploratory factor analysis?
    Osborne, J.W.
  • Best practices in exploratory factor analysis: four recommendations for getting the most from your analysis
    Osborne, J.W.; Costello, A.B.
  • Employees’ behavior towards IS security policy compliance
    Pahnila, S.; Siponen, M.; Mahmood, A.
  • Designing qualitative studies
    Patton, M.Q.
  • Understanding and predicting electronic commerce adoption: an extension of the theory of planned behavior
    Pavlou, P.A.; Fygenson, M.
  • Common method biases in behavioral research: a critical review of the literature and recommended remedies
    Podsakoff, P.M.; MacKenzie, S.B.; Lee, J.-Y.; Podsakoff, N.P.
  • Improving employees’ compliance through information systems security training: an action research study
    Puhakainen, P.; Siponen, M.
  • A secure cloud internetwork model with economic and social incentives (SCIMES)
    Rea, A.; Cao, X.; Gupta, A.; Shenoy, N.
  • Empirical evaluation of a cloud computing information security governance framework
    Rebollo, O.; Mellado, D.; Fernández-Medina, E.; Mouratidis, H.
  • Building safe PaaS clouds: a survey on security in multitenant software platforms
    Rodero-Merino, L.; Vaquero, L.M.; Caron, E.; Muresan, A.; Desprez, F.
  • State-of-the-art survey on cloud computing security challenges, approaches and solutions
    Shahzad, F.
  • Persuasion with case studies
    Siggelkow, N.
  • Six design theories for is security policies and guidelines
    Siponen, M.; Iivari, J.
  • Neutralization: new insights into the problem of employee information systems security policy violations
    Siponen, M.; Vance, A.
  • A design theory for secure information systems design methods
    Siponen, M.; Baskerville, R.; Heikka, J.
  • Information security policies in the UK healthcare sector: a critical evaluation
    Stahl, B.C.; Doherty, N.F.; Shaw, M.
  • Examining the continuance of secure behavior: a longitudinal field study of mobile device authentication
    Steinbart, P.J.; Keith, M.J.; Babb, J.
  • Coping with systems risk: security planning models for management decision making
    Straub, D.W.; Welke, R.J.
  • Effective IS security: an empirical study
    Straub, D.W.S.
  • A survey on security issues in service delivery models of cloud computing
    Subashini, S.; Kavitha, V.
  • Purposeful sampling in qualitative research synthesis
    Suri, H.
  • Advancements in research synthesis methods: from a methodologically inclusive perspective
    Suri, H.; Clarke, D.
  • Policy management as a service: an approach to manage policy heterogeneity in cloud computing environment
    Takabi, H.; Joshi, J.B.D.
  • Security and privacy challenges in cloud computing environments
    Takabi, H.; Joshi, J.B.D.; Ahn, G.-J.
  • Analyzing trajectories of information security awareness
    Tsohou, A.; Karyda, M.; Kokolakis, S.; Kiountouzis, E.
  • Motivating IS security compliance: insights from habit and protection motivation theory
    Vance, A.; Siponen, M.; Pahnila, S.
  • Locking the sky: a survey on IaaS cloud security
    Vaquero, L.M.; Rodero-Merino, L.; Morán, D.
  • Insider threats in a financial institution: analysis of attack-proneness of information systems applications
    Wang, J.; Gupta, M.; Rao, H.R.
  • Neural correlates of protection motivation for secure IT behaviors: an fMRI examination
    Warkentin, M.; Johnston, A.C.; Walden, E.; Straub, D.W.
  • Security lapses and the omission of information security measures: a threat control model and empirical test
    Workman, M.; Bommer, W.H.; Straub, D.
  • Understanding computer security behavioral intention in the workplace: an empirical study of Korean firms
    Yoon, C.; Kim, H.
  • Addressing cloud computing security issues
    Zissis, D.; Lekkas, D.