Cloud computing has become a crucial feature of the modern home office, and its technology was essential to businesses’ survival during the early days of quarantine. Clouds are, however, often lacking when it comes
to cybersecurity, as Rajiv Sabherwal and Hamid Reza Nikkhah argue in “Information disclosure willingness and mobile cloud computing collaboration apps:
the impact of security and assurance mechanisms.
Sabherwal, Distinguished Professor, Edwin & Karlee Bradberry Chair, and Department
Chair of Information Systems at the Walton College of Business, and Nikkhah, Assistant
Professor of Information and Process Management at Bentley University, and a recent
alumnus of the Walton College doctoral program in information systems, demonstrate
that the perception of security threats, especially to user privacy, has been an obstacle
to end-user adoption of the technology. Its ease-of-access might be the cloud’s greatest fault, and decisions to migrate to the cloud are made against the backdrop of yet another front in cyberwarfare, an ever-evolving cybersecurity threat that is targeting civilian business and infrastructure.
Sabherwal and Nikkhah analyze the interaction of the conflicting goals of end-users
as they weigh the utility of cloud computing against their security and privacy concerns.
Given the realities of an increasingly digital economy and workplace, the conflict between utility and security and privacy now looms large
over many workplace utility decisions. Their research sheds light on how users decide
whether to share personal information with mobile cloud computing providers, helping
both cloud service providers and information systems professionals understand the
privacy calculus of cloud technology users.
Mobile cloud computing providers need their users to voluntarily provide personal
information for their apps to function properly, and experts believe the technology trends of the pandemic economy are with us for the
long run. Sabherwal and Nikkhah’s contributions are, therefore, integral to business success
and collaboration in the digital economy of the 2020s. Data, as many researchers and practitioners argue, has become the new intellectual
property for many firms; without valuable customer data, your firm may lose its competitive advantage or
simply be missing an important asset that can sustain or drive growth. Understanding
how users decide to share data with your service has never had more operational or
strategic importance.
What motivates users’ decisions?
Sabherwal and Nikkhah’s study reveals the contours of users’ privacy calculus, which
is the active, cognitive decision users make as they weigh the costs of sacrificing
degrees of privacy for the use of a digital service. In an economy dominated by apparently
free services, our inner lives have become a form of intangible currency that we are
increasingly asked to intelligently spend in exchange for our digital products and
services.
Earlier research analyzed how users weighed perceived privacy concerns against perceived usefulness and ease of use. Until Sabherwal and Nikkhah’s research,
the dynamics of perceived security on users’ privacy calculus decision-making were
underexplored. They realized that security is a key mitigating factor in offsetting
users’ privacy concerns.
Since privacy concerns form a major obstacle to users’ choice to share data and to adopt new technologies, cloud computing providers’
success depends on understanding the mechanisms of users’ decisions. Providers must
convince users to exchange their privacy for a service, but they are not only relinquishing a degree of privacy but also a degree of control
over their information—stored in remote server farms, managed by faceless technicians—for
the cloud service to work most efficiently.
To analyze security perception, Sabherwal and Nikkhah only measured the (perception
of the) threat of improper access, such as a provider’s employee reading the data,
because cloud computing professionals have identified unauthorized access events as the biggest threat to cloud-housed data. Sabherwal and Nikkhah note that providers can address these concerns with transparent privacy policies and industry self-regulation that assures users of their data’s safety.
To test their hypotheses, the researchers surveyed a diverse group of cloud computing
software users over the course of three years. Their analyses show that neither perceptions
about the ease of use nor the efficacy of industry self-regulation encourage users
to disclose private information. They do, however, find that perceived security positively
affects users’ perceived usefulness of a service, and the perception of effective
privacy policies improve users’ views of the service’s security.
Their findings further suggest that perceived risks to privacy reduce users’ willingness
to disclose their private information, and perception of improper access greatly undermines
a user’s perception of the privacy of a cloud computing service. Also, while ease
of use does not directly affect a user’s choice to disclose information, it does positively
reinforce perception of usefulness, which in turn encourages users to disclose information.
Honesty – still the best policy
Sabherwal and Nikkhah’s research suggests that dumping cash into UI and UX may not
be a sound investment for developers if broader questions of usefulness have not been
addressed. They find that users view cloud computing apps as similar to other mobile
apps, so the ease of use does not affect users’ privacy or security concerns. Certainly,
there are some very well-designed apps that are inherently a risk to user privacy. Usefulness, on the other hand, can convince the user that their privacy is worth the
exchange. If your application helps the users accomplish a key task, they will find disclosure
worth the cost of use.
On the security front, for users to perceive a cloud service as secure, the researchers
find that users need to believe that a services’ privacy policies are “honest and rigorous,” citing the Dropbox privacy policy as emblematic of their suggestions. Sabherwal and Nikkhah view the explicit security
practices in place to ensure users’ privacy as particularly persuasive to users because
merely allowing users to set permissions on their data, for example, is not enough
if users still believe that a veneer of security can be easily bypassed.
Although the researchers find that end-users are not convinced by industry self-regulation,
providers should not disregard such policies. The researchers argue that self-regulation
is still important for organization-level decisions regarding which cloud service
to use. In other words, solid adherence to industry self-regulation can be crucial
in cementing a B2B deal.
Good practice dictates that providers should be constantly striving to improve their
services. Most of the improvements in a cloud service’s security will be under the
hood, and there are no benefits for a provider “if users are not aware of this increased
security,” according to Sabherwal and Nikkhah. Providers should consistently and creatively reach out to their customers to communicate how they are
delivering a better and safer cloud. Just like a finely tuned engine, under-the-hood security improvements can be a competitive
advantage for firms as they fight to gain customers.
Post Researcher/Author:
Rajiv Sabherwal is Distinguished Professor and Edwin & Karlee Bradberry Chair of Information Systems
in the Walton College of Business at University of Arkansas. He has published on the
management, use, and impact of information technologies in Information Systems Research,
MIS Quarterly, Management Science, Organization Science, Journal of Management Information
Systems (MIS), and other journals. He has performed numerous editorial and conference
leadership roles, including Editor-in-Chief for IEEE Transactions on Engineering Management,
Conference Co-Chair for International Conference on Information Systems, Program Co-Chair
for Americas Conference on Information Systems, Senior Editor for MIS Quarterly, and
Special Issue Editor for Information Systems Research, MIS Quarterly Executive, and
Journal of Information Technology. He currently serves as Senior Editor for Journal
of Association of Information Systems (AIS) and Journal of Strategic Information Systems,
Department Editor for Decision Sciences, and a member of the editorial board for Journal
of MIS. He is a recipient of the AIS LEO lifetime achievement award, a Fellow of IEEE,
a Fellow of the AIS, and a PhD from University of Pittsburgh.
Mitchell Simpson is a doctoral student in the Department of English at the University
of Arkansas. His research focuses on the Global Middle Ages and cross-cultural communication
in the European Medieval and Early Modern Periods. When his nose isn't buried in a
book (usually a Japanese textbook right now), he can be found hiking the Ozarks or
at the gym improving his grappling. He lives with his wife, Rachel, and their small
menagerie, two cats, Hildi and Winnie, and a goofy dog, Birch, in Fayetteville.
