With the growing popularity of Internet of Things (IoT) and Cyber-Physical Systems (CPS), cloud- based systems have assumed a greater important role. However, there lacks formal approaches to modeling the risks transferred through information systems implemented in a cloud-based environment. This paper explores formal methods to quantify the risks associated with an information system and evaluate its variation throughout its implementation. Specifically, we study the risk variation through a quantitative and longitudinal model spanning from the launch of a cloud-based information systems project to its completion. In addition, we propose to redefine the risk estimation method to differentiate a mitigated risk from an unmitigated risk. This research makes valuable contributions by helping practitioners understand whether cloud computing presents a competitive advantage or a threat to the sustainability of a company.
Purpose
The purpose of this paper is to contribute to a growing body of research on information systems security, by studying open source alternatives for cloud computing. Several questions have been raised about the reliability of these promising but ambiguous offers, as the adoption of a cloud solution within an enterprise is generally accompanied by a change in the chief information officer (CIOs) role and loss of expertise.
Design/methodology/approach
The research uses a mixed research methodology: a first step is based on a questionnaire survey to investigate the security aspects of open source and understand the role of CIOs in the migration process. The investigation involved nearly 800 companies operating in the cloud computing sector in 16 European countries between November 2015 and January 2016. Then, this paper completes the research with a qualitative study by examining the activity of two sample companies.
Findings
Research confirms that open source cloud solutions offer a higher level of security than proprietary solutions. It is also noted that the role of CIOs is delegated to a third external actor: a transition CIO. Transition CIO is the guarantor of the strategic and security choices of small and medium enterprises.
Research limitations/implications
These findings have important implications and great value to managers and cloud computing providers, in terms of formulating better cloud computing solutions. This study can also assist in increasing their understanding of the new role of CIO in the migration process to cloud computing.
Originality/value
This study contributes to the body of research on cloud computing. It is first of its kind with its focus on open source alternatives. Another novelty of this research is that it suggests a new conception for the CIOs role in the migration to cloud computing. Finally, the findings of this study would serve as a European market study to different companies interested in cloud computing.
Cet article a pour objet d’étudier le mécanisme de migration de la fonction Systèmes d’Information (SI) d’une entreprise de taille moyenne vers les solutions offertes par l’informatique en nuage (Cloud Computing). Nous détaillerons et caractériserons donc les écosystèmes, les acteurs, les jeux d’influences et les interactions dans le cadre de cette migration. Cette recherche basée en partie sur les travaux de Caseau (2011), centrés sur l’agilité, et sur ceux de Deltour et Lethiais (2014), centrés sur le triptyque innovation, TI et performance en PME, adopte une méthodologie qualitative portée par une posture interprétativiste. Nous mobilisons deux études de cas orientées sur le rôle des fournisseurs Cloud en mode SaaS ( software as a service ). L’un des résultats contre intuitif de notre recherche est de caractériser le mécanisme de domination des opérateurs Cloud. Nous proposons également un modèle explicatif de l’acheminement des données depuis les PME vers leur fournisseur Cloud.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.