Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
UNIVERSIDAD DEL TURABO
SCHOOL OF BUSINESS AND ENTREPRENEURSHIP
TRUST IN THE CLOUD: A COGNITIVE-BEHAVIORAL FRAMEWORK OF
TECHNOLOGY ADOPTION FOR CLOUD COMPUTING
IN ORGANIZATIONS
By
Mónica Ocasio Velázquez
Dissertation Proposal
Presented in Partial Fulfillment of the Requirements for
the Doctoral Degree in Business Administration
Gurabo, Puerto Rico
May, 2014
UNIVERSIDAD DEL TURABO
CERTIFICATION OF APPROVAL OF DISSERTATION
The dissertation of Mónica Ocasio was reviewed and approved by the members of
the Dissertation Committee. The Doctoral Academic Requirements Compliance form,
signed by the committee members, has been deposited in the Register’s Office and at the
Center of Graduate Studies & Research in the Universidad del Turabo.
DISSERTATION COMMITTEE MEMBERS
Dr. Shuyuan Mary Ho
Florida State University
President, Dissertation Committee
Dr. Nayda Santiago
University of Puerto Rico, Mayaguez Campus
Member
Dr. Nestor Rodriguez
University of Puerto Rico, Mayaguez Campus
Member
©Copyright, 2014
Mónica Ocasio. All Rights Reserved
iv
TRUST IN THE CLOUD: A COGNITIVE-BEHAVIORAL FRAMEWORK OF
TECHNOLOGY ADOPTION FOR CLOUD COMPUTING
IN ORGANIZATIONS
By
Mónica Ocasio Velázquez
Dr. Shuyuan Mary Ho
President, Dissertation Committee
Abstract
Cloud computing has become a popular choice as an alternative to invest in new
IT systems. Every day, more companies are taking advantage of services available in the
cloud. As more corporate information and data are stored in the cloud, concerns about
how secure the cloud-based environments begin to grow. There requires a theoretical
model to explain and address the issues of trust concerning the technology adoption of
cloud services in organizations.
This research proposes a conceptual model, which builds on the Theory of
Planned Behavior (TPB) to examine the predictor and moderator factors, and their effects
of trust concerns the cloud technology adoption. We collected data from 170 respondents
during 2013-2014. A linear regression analysis was conducted to validate the predictor
variables, and a stepwise regression analysis was conducted to identify the fitness of the
model. A structural equation model was conducted using SmartPLS. We were able to
v
validate the relationships among predictor variables (perceived knowledge, attitude,
perceived behavioral control), moderator variables (perceived risks and subjective norm),
and their effects on the dependent variables (trust intention and behavioral outcome). The
result of the study informs the practitioners that people in general are influenced by the
social media and friends to adopt the cloud environment. The perceive risks and
perceived knowledge are identified as not good predictors to explain the phenomenon of
the cloud adoption.
vi
Mónica Ocasio Velázquez P. O. Box 203 Isabela, PR 00662 (787)444-5797 [email protected]
Professional Profile
I am a student in the Doctoral Program of Management of Information Systems of the School of Business
and Entrepreneurship of the Universidad del Turabo, where advised by Dr. Shuyuan Mary Ho. Actually I
am in the final stage of her doctoral dissertation entitled “Trust in the Cloud: A Cognitive-Behavioral
Framework of Technology Adoption for Cloud Computing in Organization”. My research interests
include security, privacy, and cloud computing. I received a BBA in Information System at Pontifical
Catholic University of Puerto Rico in May 1996. I received a MBA in Management of Technology at
Polytechnic University of Puerto Rico in May 1999.
My experience includes teaching computer related courses at several university campus in Puerto Rico, and
serving as Colleague System Administrator, teaching, technical and administrator. I have experience in
UNIX, Unidata and I have experience in the development and implementation of computerized systems,
including system upgrade and troubleshooting. Experience in the development and implementation of
computerized procedures and related documentation to maintain high standards of compliance with
university policies.
Professor: Teach computer related courses: Computer Introduction (Basics: Excel,
Word, Power Point, Access, Front Page), Windows and Unix Operating System, Network
Essentials, Logics Programming. Taught courses in Basic Accounting, Hardware and
Software and Education Technology. Integrate the use of virtual disks in the classroom.
Symposium of Knowledge Management and Technology Coordinator: Coordinate
all the activities related to the symposium: Create a project team, manage and assist a
group of professionals to achieve project goals, communication with sponsors (Microsoft,
Centennial, and UMET), prepare the symposium schedule, coordinate all conference
arrangements, and contact speakers.
Colleague System Administrator: Ensure that the Colleague System is maintained.
Operating System Administrator (UNIX). Support various University Campus
Operations, in the following areas: Human Resources, Financial, Students, and Web
Advisor module.
Ensure that the system is operational for all day to day activities. Support system users on
data acquisition and on analysis of day-to-day problems. Respond to routine computer system
user requests to ensure that the system is consistent with user’s requirements.
Coordinate activities for system migration and upgrade and technical resources for the project
team on computer system upgrade activities. That all activities are completed by deadlines
established. Prepare and present status report to MIS Manager.
Trainer: Experience in the preparation of courses material. Prepare and execute the
System Training Plan for university personnel. Develop and offer training programs for
Colleague System users. Perform on the Job Training demonstrations and coaching
sessions in a learning work environment. Train new hires on corresponding Colleague
System areas. Provide training in: Excel, Word, Colleague System, Microsoft Office
Tools
Communication: Communicate effectively at all levels.
vii
Experience
Universidad del Este (UNE- Barceloneta) Aug 2008 to present
Professor
Teach computer related courses: Business Application, Introduction Network
Essentials, HTML, JAVA, Visual Basic, Computer Introduction, Database, Logic
Programming
Universidad Central Bayamon Jan 2010 – to present
Professor Teach graduate computer related course: Introduction to Management Information
Systems
Universidad Metropolitana Puerto Rico Aug 2006 – May 2007
Professor
Teach computer related courses: Computer Introduction (Basics: Excel, Word, Power
Point, Access, Front Page), Windows and UNIX Operating System, Network Essentials,
Logics Programming.
Interamerican University of Puerto Rico Jan 2005 – May 2005
Professor
Taught computer related courses: COBOL, Front Page, and Computer Introduction.
Caribbean University of Puerto Rico Aug 2002 – Nov 2004
Colleague System Administrator
Administer the operating system, including upgrade, configuration, and troubleshooting.
Responsible for Web Advisor Module implementation. Supervise programmer on day to
day basis and provide support on troubleshooting. Identify, analyze and solve problems
or situations in several modules of Colleague system. Coordinate activities for system
migration and upgrade. Respond to routine computer system user’s request. Execute
routine tasks on daily basis: printer set up, cancel jobs, create and modify user remote
account, support programmers on reports and screens creation. Train system users.
Polytechnic University of Puerto Rico Oct 1996 – July 2002
Colleague Sub System Administrator
Identify, analyze and solve problems or situations in numerous modules of Colleague
system. Complete different tasks for system migration and upgrade. Implement the
following modules: Human Resource, Payroll, and Fixed Assets. Provide technical
support for departments when require by system users. Coordinate the process of in-
house testing and change procedures based on analysis. Modify applications in
Colleague System. Respond to routine computer system user’s request. Execute routine
tasks on daily basis: printer set up, cancel jobs, create and modify user remote account,
support programmers on reports and screens creation. Train system users and new hires
on colleague system. Modify programs in Unibasic as required. Maintain and complete
daily logs and turnovers. Ensure that computer tasks are executed properly. Ensure that
the system backup procedure is successfully performed according to schedule. Taught
Basic Accounting course.
viii
Training / Conference
2014 CCWIC (Caribbean Celebration of Women in Computing)
2013 WISE (Women’s Institute in Summer Enrichment) San Jose State
University, California
Supercomputing 2012 – Salt Lake City, Utah
SACNAS 2012 – Seattle, Washington
2012 WISE (Women’s Institute in Summer Enrichment) University of
California, Berkeley
2012 CRA–W Workshop
2011 Grace Hooper Conference
2007: Blackboard Certification
2006: The Compassion Capital Fund Federal Grants Educational Conference
2003: Web Advisor Administrator Training
Presentation
Mónica Ocasio, Dr. Shuyuan Mary Ho, “Do You Trust The Cloud? A Theoretical
Framework Of Cloud Technology Adoption In Organizations “, Submitted to International
Conference on Information Systems 2014
Mónica Ocasio, Dr. Shuyuan Mary Ho, Dr. Nayda Santiago, Dr. Nestor Rodriguez, “Trust in the
Cloud: A Behavioral Perspective for Technology Adoption in Organizations”, Poster Presented in
CCWIC 2014.
Mónica Ocasio, Dr. Shuyuan Mary Ho and Dr. Eulalia Marquez, “Security-Enable Technology
Acceptance Model (STAM): Business Security Concerns in the Adoption of Virtual Storage,”
Poster Presented in SACNAS 2012.
Mónica Ocasio, “Herramientas para la Distribución de Recursos Electrónicos,” Jornada
Académica de Tecnología May 2011
Mónica Ocasio, “Herramientas para la Distribución de Recursos Electrónicos,” 7ma Jornada
Académica” December 2010
Mónica Ocasio and Rosa Fontán “Uso del Blog como Herramienta Educativa,” 8vo Congreso
Educativo, Sistema Universitario Ana G. Méndez August 2010
Mónica Ocasio and María Alicea “Impacto de los discos virtuales en la Educación,” 5to Congreso
Educación a Distancia de lo Presencial a lo Virtual” August 2007
Education
DBA – Mayor Information Systems,Universidad del Turabo, Puerto Rico (June 2014)
MBA - Mayor in Management of Technology, Polytechnic University of P.R. (May 1999)
BBA - Major in Computer Management in Business, Catholic University of P.R. (Dec 1995)
ix
DEDICATION
With all my love to my mother, Myrna Velázquez Muñoz, who was always at my
side providing her unconditional support. To her, who made everything in life so I could
achieve my dreams, for motivating me and being there when I need her the most. Thank
you, MOM, for always believing in me.
x
ACKNOWLEDGEMENTS
This work symbolized a challenge, both personally and professionally to God and
the Blessed Virgin Mary, they joined me every day and gave me the strength, courage,
bravery, and intelligence to achieve my goal.
It has been arduous and on many occasions, I felt that I would faint, but I never
miss the support of wonderful people. I want to mention and honor Dr. Shuyuan Mary
Ho, Director of doctoral dissertation, whose patience, dedication and confidence were
essential in achieving this academic goal. Thank you, Dr. Ho, for always believing in
me. I also recognize the valuable contribution of the Dr. Nayda Santiago and Dr. Néstor
Rodríguez, who were always ready at the time we most needed them and for their
successful recommendations. Thanks, Dr. Angel Ojeda, Doctoral Program Coordinator,
for your unconditional support. It had been a great pleasure and honor working with all
of you!
However, this work would have not been possible, without the help of my family.
Thank you all, because you have always been there for me, Mommy, Daddy, my sisters:
Uchi, Mayra, and Mabel. Others I need to mention are, my three treasures, my nephew
José Enrique and my nieces Alanis and Aryamgelie "Gingie"; plus, my godparents uncle
Héctor and aunt Diana, and my cousin Rafael Muñoz. Thank you, for being present
when I needed you the most. In addition, thanks to my grandmother Mami Jean, who is
very special in my life, thank you, for always being there with me. To my great friend
Frank Pérez Concepción, thank you for your unconditional support. Finally, I want to
thank the Vocational Rehabilitation’s Office in Aguadilla and the OPPI in Aguada for
helping me accomplish my goal.
xi
TABLE OF CONTENTS
TABLE LIST xiii
FIGURE LIST xiv
APPENDIXES LIST xv
CHAPTER I 1
Introduction 1
1.1. Research Problems 3
1.2. Research Questions 6
CHAPTER II 9
Theoretical Framework 9
Background 9
2.1. Cloud Computing Security 10
2.2. Perceived Knowledge of the Cloud Computing Security 13
2.3. Trust Intention 15
2.3.1. Cognitive Trust 17
2.3.2. Emotional Trust 18
2.4. Attitude of Adopting the Cloud as a Platform 20
2.5. Perceived Behavioral Control of Information Security 20
2.6. Perceived Risk 22
2.7. Subjective Norm 26
2.8. Behavioral Outcome of Technology Adoption 27
2.9. Conceptual framework 28
2.10. Section Summary 31
xii
CHAPTER 3 33
Methodology 33
3.1. Research Population 33
3.2. Data Collection Strategy 34
3.3. Demographics of Data Collection 35
3.4. Section Summary 39
CHAPTER 4 40
Data Analysis 40
4.2. Measurement / Reliability (The Reliability of the study) 40
4.3. Factor Analysis 44
4.4. Hypotheses Testing 49
4.4.1. Correlation Between variables 49
4.4.2. Linear Regression Analysis 51
4.4.3. Multiple Regressions 53
4.5. Structual Equation Modeling using SmartPLS 2.0 56
4.6. Model with Results 61
4.7. Chapter Summary 63
CHAPTER 5 66
5.1. Implications to Theory 66
5.2. Implications to Practice 66
5.3. Limitations 67
5.4. Conclusions and Contributions 67
REFERENCES 72
xiii
TABLE LIST
Table 1. Research Constructs Definitions 30
Table 2. Outer Loading 42
Table 3. Measurement 43
Table 4. Reliability Statistics 44
Table 5. KMO and Barlett’s Test 45
Table 6. Communalities Test 45
Table 7. Total Variance Explained 46
Table 8. Rotated Component Matrix 48
Table 9. Correlations 50
Table 10. Hypothesis Testing 53
Table 11. Summary Model 54
Table 12. Analysis of Variance 55
Table 13. Coefficients 55
Table 14. SEM Summary 62
xiv
FIGURE LIST
Figure 1. Conceptual Framework 30
Figure 2. Education 36
Figure 3. Gender 36
Figure 4. Age Range 37
Figure 5. Positions 37
Figure 6. Experience 38
Figure 7. Type of Company 38
Figure 8. Have you ever heard cloud computing? 39
Figure 9. Structural Equation Modeling 60
Figure 10. Theoretical Framework 63
xv
APPENDIXES LIST
Appendix A. Questionnaire on Trust in the Cloud: A Cognitive-Behavioral
Framework of Technology Adoption for Cloud Computing in
Organizations 86
Appendix B. Determining Sample Size Table 92
Appendix C. IRB Approval Letters 93
Appendix D. Hoja Informativa 96
1
CHAPTER 1
INTRODUCTION
Technology advancement enables effective operations and efficient interactions
for the organizations as well as the human society. Centralized data storage and
decentralized computing allow organizational users to share corporate data. Cloud
technology exists since the beginning of the network, and has been advanced to enable
mobile computing and end-user’s information sharing on granular basis.
Technologically, a cloud provider handles end-user’s information and data. A cloud
services provider provides different types of resources or services (e.g., computing or
storage services) to government and private sectors. The degree of technical competence
levels among the cloud providers varies and poses uncertainty. Socially speaking,
information users no longer physically own their data and information, and have little
idea about what appropriate information security countermeasures and control should be
in place to safeguard their personal and corporate information. Trust towards cloud
provider becomes critical, but has been weakened. According to Hoffman, Lawson-
Jenkins et al. (2006), trust can be a determining factor to introduce new products and
services. If trust is absent, cloud storage could become counterproductive to
organizations. If organizations migrate their database and information systems to cloud
environment, the organization will confront challenges with the cloud security and how
much corporate users should trust the cloud provider toward handling of the corporate
information and data. Not only the corporate users do not trust the cloud-computing
environment, they also do not have any protocols to evaluate security strengths provided
by the cloud providers. Even, if corporate end-users may think cloud providers have
2
sufficient security measures, the uncertainty of human factors (e.g., configuration errors,
social engineering, etc.) may still cause information leakage problems from within.
Employees have been authorized with certain access to systems, and could consequently
harm the use of information by systems misconfiguration, or intentional or unintentional
leakage of information to unwanted 3rd
party that should have belonged to the
organization.
Modern technology requires business enterprise to take actions in protecting
information assets. Technology enables business operations, and at the same time
protects companies. In the past, organizational managers would backup data regularly by
storing the content of database on tape backup or other physical storage devices. The
modern type of storage has been migrated to virtual storage. Virtual space providers
offer storage space in the cloud that allows businesses additional options to provide
redundancies for their corporate information assets. However, there are some concerns
regarding security of information in virtual storage and the perception that management
can have on confidence in the security of cloud computing. For example, the virtual
storage is a service that is offered through the Internet. It provides user an available
space in a server where you can save information. The companies provide security
guaranties and privacy that each server establishes. The National Institute of Security in
the enterprise has become the primary concern of IT managers. The challenges of
securing enterprise networks have become overwhelming and are still growing (Sourour,
Adel et al. 2009). With the rapid expansion of the Internet, researchers, policy makers,
and users have raised concerns about online privacy (Yao, Rice et al. 2007).
3
Cloud computing has been adopted by companies as an alternative option to
investing in new IT systems. It has been established as a model for access ubiquitous
network according to the National Institute of Standard and Technology (Mell and
Grance 2011). Application providers of cloud computing would share network, storage
and applications resources. However, this means that the corporate users who agree to
the cloud resources have given up their rights to any information left on the cloud space.
It does not increase security, neither boost the confidence level within consumers even if,
the cloud environment includes phrases like “Secure Cloud,” or “Trust in Me,” unless
sufficient security measures are added with the services (Perez 2009). Therefore, trust
plays an important role in the cloud computing security. Trust is considered the
foundation of high performing organizations and teams. It is believed that trust can
significantly influence business outcomes (Shaw 1997). However, we question that the
security of the cloud computing may be affected by the excess of confidence in the
corporate user or service provider.
This research, in the proposal stage, was carried out in a pilot study to test and
determine the correlation between the identified factors and the effect of subjective norm
in the behavioral outcomes in the management decision making.
1.1 Research Problems
If organizations are overly confident with their security measures, they could be
hacked and their sensitive and confidential data could be stolen. For example, Sony, one
of the largest entertainment and electronic company, entrusted their corporate
information to a cloud computing service provider that was “hacked” in 2011. Sony
4
reported that more than 100 million customer accounts were compromised. This incident
has been one of the largest data breaches in the U.S.
The group of hackers called Anonymous has perpetrated attacks to sites that are
supposed to be extremely secure. These incidents have generated skepticism regarding
the security guarantees in the cloud, the different and past attack of Anonymous to The
FBI, the Department of Justice, and Universal Music Group, among others can bring
distrust to any kind of users on cloud based environments. In these circumstances,
according to Shawn Henry, Executive Assistant Director of FBI, there are hackers who
take personal information as well as spies who want to steal secrets in order to find novel
ways to attack the United States. Mr. Shawn Henry also mentioned that vulnerabilities
exist and gives one example: “In one of the most sophisticated and organized attacks on
the financial sector, an international network of hackers obtained access to a financial
corporation’s network and completely compromised its encryption.”
The impact of adopting a cloud-computing environment has been broadly studied.
Jamil and Zaki (2011) state that cloud computing and web services run on a network
structure so they are vulnerable to network attacks, e.g., the distributed denial of service
attacks. Although, the exact nature of security threats in cloud computing could be
different, it is clear that cloud computing presents important challenges in terms of
security, privacy, and trust for cloud providers and cloud users (Jansen and Grance 2011).
The biggest concern for companies is security. Whenever they have no control over
some issues with the cloud, as for example, which providers are not limpid in security
(Srinivasa 2012). This is because employees can access to company important
information from anywhere. Therefore, is of the utmost importance that enterprises and
5
cloud providers address issues of security and have a negotiation that is known as service
level agreements (Creese, Hopkins et al. 2009) for greater confidence in the services.
Nevertheless, there are many benefits of cloud storage. One of the advantages for a
company with cloud computing is cost reduction. Likewise, allows end users remote
access to data from anywhere with an Internet connection. Thus, end users can be more
productive and facilitate collaboration among end users.
However, the storage of data can be protected against certain threats from security
and privacy, but at the same time this can be a risk to information privacy. The fact that
these data must pass outside the corporate firewall and through the access network makes
it vulnerable to attacks. If for example we look at the health area where there is a privacy
law and where each party is responsible for maintaining this privacy, but it is still
vulnerable to attacks. The simple fact that they are hosted in the cloud does not eliminate
those responsibilities and they must ensure that they are met (Yoo 2010).
As previously mentioned, enterprises using the cloud face a high level of risk due
to many companies or end users sharing information in the cloud. Therefore, the cloud
provider must ensure their maximum level of security to each of their clients. A cloud
provider can facilitate large-scale infrastructural services, and can leagued with other
software vendor service. The service capacity of the cloud provider is multi-tiered.
Because of the competitive advantages that the cloud service provide, many
private and public sectors have been forced by market competition to adopt the cloud
computing, and this entails a series of advantages and disadvantages. However, risks of
adopting the cloud technology not only involve the potential insider threat of the
corporate user, but also, the service provider itself. A cloud service provider can pose
6
potential threat due to the possibility of collecting personal information about end users,
content and applications stored in the cloud (Parker 2012). Nowadays, companies have a
dilemma to resolve, which is whether to trust the service provider, taking into
consideration the threats and hazards.
Perceived risk does not solely come from the user’s perception, but also their
existing knowledge. According to Hochschild, Crabill, and Sen (2012) the perception of
an individual's risk emerges from the level of knowledge and the fear of a particular
result. Therefore, knowledge can affect the perception of the risk, as well as "social
influences and communicating with members of their social networks" (Urban and J.
1997).
Cloud computing has been rapidly adopted in the business world (Arinze and
Anandarajan 2010, Low, Chen et al. 2011) and it has led businesses to new challenges,
such as the adoption of cloud computing information. With this new challenge comes
insecurity related to confidence in the safety and privacy of computing cloud, which may
be caused due to lack of control or overconfidence in the service provider. In either case,
end-user’s confidence is not only difficult to obtain, but also easy to lose.
1.2 Research Question
Nevertheless, cloud computing has become a popular choice as an alternative to
investment in information technology (IT). Cloud storage has become one of the fastest
growing services in the cloud. Companies increasingly shift their data to the virtualized
storage pools, which are usually organized by others. The popularity of virtual storage is
based on some of the known benefits such as deployment and low maintenance cost,
scalability and reliability. However, when making decisions on the adoption of cloud-
7
based solutions, security has always been a major concern. Efforts on characterizing
information security issues in the cloud already exist, but there is currently no standard
theoretical model that addresses specifically issues on trust in cloud security, concerning
the adoption of cloud storage.
According to Lfiti and Gharbi (2011), not only the system itself must be stable
and reliable in a protected location but also, the user should know with full assurance that
it is reliable to establish a trust relationship with the cloud service provider. The
organizational users must be able to trust the cloud technology in order to let the cloud
provider handle their organization’s sensitive and confidential data. Therefore, in our
study, we are particularly interested in how much the consumer trusts the cloud
technology and environment. Furthermore, we are interested in how much trust in
corporate users can influence their business decisions and behavioral outcomes of
technology adoption (Shaw 1997). Thus, we seek to answer the research question:
How do corporate users trust the cloud computing security in order to adopt
the cloud services?
This question is important in the trust environment in the cloud computing
security. By exploring this question, we will be able to understand and measure why and
how organizations migrate to cloud computing and we will learn how IT managers make
decisions on cloud computing technology adoption.
This research proposed a framework, based on the theory of planned behavior
(TPB), to actively seek predictive measures to employees’ behavior on issues related to
security. We attempted to identify potential risks when IT managers make decisions
regarding the adoption of new technologies.
8
The main objective of this research was to analyze to what extent corporate users
trusted the cloud computing security in order to adopt the cloud services. The specific
objectives of this research were as follows:
1. Identify the cognitive-behavioral indicators of threat profile from information
technology (IT) people.
2. Provide trust indicators (cognitive and emotional) for decision-making in the
process of cloud computing adoption.
3. Determine the level of confidence that companies and/or government agencies
have in cloud computing security.
The proposal is organized as follows. Chapter 2 contains the reviews and
discussions of several key elements and constructs in the study, and a discussion of the
conceptual framework of this study. Chapter 3 scopes out the research design and the
rationale of how this study is operationalized. Key considerations of data collection,
sample size, research instruments and threats to validity will be discussed. In this
section, the data collection of a sample population for a pilot study is discussed. Chapter
4 contains the data analysis. The research findings, implications discussion, conclusion
and future study are discussed in Chapter 5.
9
CHAPTER 2
THEORETICAL FRAMEWORK
This chapter presents a literature review of utmost importance for this research
work. In chapter I, its first discussed cloud computing technology and people’s
knowledge about the cloud security. Then, several research constructs and key concepts
including knowledge, trust, perceive security, perceive risk, and perceive technology
adoption, are discussed. Based on these discussions, we introduced the conceptual
framework of this study.
BACKGROUND
There are several theoretical models that study the perception and behavior in the
technology adoption. Ajzen and Fishbein (1980) raised a theoretical framework that can
benefit our understanding to predict the actor’s intention in their decision to perform a
behavior based on their attitudinal and normative beliefs (Southey 2011). As stated in the
original Theory of Reasoned Action (TRA), a central factor in the Theory of Planned
Behavior (TPB) is the individual’s intention to perform a given behavior. A behavioral
intention can be expressed in behavior only if the person decides at will to perform or not
perform the behavior (Ajzen 1991). Davis (1989) further suggested in the Technology
Acceptance Model (TAM) that two specific believes, perceived ease of use and perceived
usefulness, determine a user’s behavioral intention to use a technology, which can be
linked to subsequent behavior (Southey, 2011).
We adopted the frameworks proposed by Ajzen and Fishbein (1980) and Davis
(1989) and proposed the following hypotheses (illustrated in Figure 1), which
incorporates three predictor variables (perceived knowledge, attitude, and perceived
10
behavioral control) that are essential to the user’s intention and decision-making. We
also incorporated two moderate variables (perceived risks and subjective norm) that may
influence the three predictor variables in their trust intention as the dependent variable, to
eventually their behavioral outcome as a second dependent variable in adopting the cloud
(Ajzen 1991). The details of how each hypothesis is developed are described in the
following paragraphs.
2.1 Cloud Computing Security
The National Institute of Standard and Technology (NIST) defines "cloud
computing” as “a model for enabling ubiquitous, convenient, on-demand network access
to a shared pool of configurable computing” (Mell and Grance 2011). According to
Choubey, Dubey et al. (2011), cloud computing is a pay-per-use model for enabling
available, convenient, on-demand network access to a shared pool of configurable
computing resources. Cloud computing brings in transformational change in value
chain1, enabling companies to respond more effectively to customer’s demand (Goodburn
and Hill 2010). According to Liao, Chiha et al., (2011) cloud gives an opportunity of
flexibility and adaptation to use the computing resources on demand. Likewise,
Rosenthal (2009) see the cloud computing as a platform for emerging applications which
main objective is share data and services among users of IT.
Cloud Computing is one of the most promising technologies for any enterprise
today and has been touted for some time as the “next big thing” in information
technology (Shivakumar and Raju 2010). This phenomenon is happening because the
1 Describes the activities the organization performs and links them to the organizations competitive position
(Michael Porter, 1985).
11
cloud has produced a change in the value chain, which permits the enterprises to respond
with more service effectiveness to the corporate clients (Goodburn and Hill 2010). The
cloud has brought in a transformational change where actions and activities are developed
in an organization. It allows organizations to respond more effectively to customer
demands for information availability. Likewise, cloud has potential to enhance
collaboration, agility, scaling, and availability, and provides the opportunities for cost
reduction through optimized and efficient computing (Hoff, Simmonds et al. 2011).
Cloud computing can help the organization to reduce operational cost. At the same time,
this emergent technology could help the organization to reduce the operational costs
(Armbrust, Fox et al. 2010).
Generally speaking, cloud computing has three service models. The first model is
Software as a Service (abbreviated as SaaS), which has the capability provided to the
consumer to use the provider’s applications running on a cloud infrastructure. The
capacity given to consumers is to use the provider’s applications running on a cloud
infrastructure. This means that applications are available from different devices, for
example, email. On this model, the consumers do not have administrative control over
the data in the cloud storage with limited user-specific application configuration settings.
The second model is Infrastructure as a Service, which has the proportional capacity for
the consumer to process, storage, network, and other fundamental resources where the
consumer is capable of implementing and executing software that could include
operational systems and applications. It could control storage. The third model is
Platform as a Service (abbreviated as PaaS), which provides the consumer the capacity to
implement or acquire applications creating or using program languages. The consumers
12
do not administer or control the infrastructure, servers, operating systems, and storage.
Beimborn, Miletzki et al. (2011), defines Platform as a Service as a complete platform,
meaning physical support and software like service given to the provider of independent
software the opportunity to develop and proportion software as a solution of service or to
integrate them with the traditional informatics application. According to Parker (2012),
the cloud computing components and model show a balance of functions between service
provider and client that is essential to be able to see the amount of control that the
provider has about private data.
In addition to the above-mentioned service models, cloud computing has four
deployment models: private, public, community, and hybrid. Private cloud infrastructure
in the cloud is given exclusively for the use of one organization that encircles various
consumers. In public cloud, infrastructure in the cloud is prepared for the use of all
general public. In community cloud, the type of infrastructure in the cloud is prepared
for the exclusive use of a specific community of the consumers (for example, those who
share the mission, the security requisites, politics, and compliance consideration). Hybrid
cloud, is composed of two or more infrastructures of the cloud, it could be private,
community or public. A major factor which drives organizations towards new cloud
based operational models is the potential of reducing infrastructure and labor costs (Ross
and Blumenstein 2013). Nowadays, more companies are increasingly taking advantage
of shifting IT services into the cloud. As more information and data are stored in the
cloud by outsourced IT services, concerns about how secure the cloud-based
environments are beginning to grow. Security has become one of the most often
13
objections by organizational users to cloud computing and the problem of which cloud
provider to trust prevails (Armbrust, Fox et al. 2010).
Regardless how service or development models are structured, these distributed
features of the cloud computing have increased the availability of information. However,
cloud computing is facing various challenges such as lack of confidence in data security
and privacy of users, organizational inertia, loss of governance and supplier compliance
uncertain (Kuo 2011). According to Parker (2012), the loss of end-user’s data control
presents significant risks in the security, data integrity, and trust.
2.2 Perceived Knowledge of the Cloud Computing Security
When it comes to cloud storage, knowledge of the company is in the hands of the
employee as well as the service provider. Knowledge, defined by the dictionary of the
Royal Spanish Academy, is the action and effect of knowing. However, knowledge is
difficult to define or to achieve due to its nature because it is relatively difficult to
compare and define the same level of knowledge. Likewise, Blackler, Reed et al. (1993)
stated that the knowledge work is actually the human work that requires a “feeling and
thinking agent” to bring his subjectivity and tacit knowledge to bear on the informational
object as the product. Knowledge work is human work that requires a feeling and
thinking agent who brings his/her subjectivity and tacit knowledge to bear on the
informational object that is the product (Schultze 2000).
In this research knowledge is defined as work experience education. Likewise,
knowledge workers are those individuals who possess an analytical, interpretative ability,
and can synthesize the information within the different areas of specialization to achieve
a better decision (Frick 2011). Also, it is important to identify interpersonal skills that
14
are essential in the workplace, where employers want more than just technically qualified
employees, and increasingly, soft skills, or the ability to deal with people, are required
(Tsai, Chen et al. 2010). Consequently, perceived knowledge of the cloud computing
security is in the hands of top management because company consists of a team of
employees with knowledge in different areas that make up a company and knowledge
that has been acquired over the years by the employees in the enterprise.
The information obtained by the knowledge workers over time helps management
in their decision making process. According to Von Nordenflycht (2010) , any person
who processes the information rather than the goods and services is referred to as
knowledge workers. People manage their knowledge by collecting information and
transferring information to others. The process of collecting and transferring information
can effectively increase the value of the knowledge asset in an organization. Antonova,
Gourova, et al.(2009), define knowledge management as a “process of managing
intangible assets from the combination of knowledge and experience provided by
individuals or knowledge workers within organizations or society” (p. 49). Therefore,
the cloud administrator has the necessary knowledge to maintain safety and reliability in
the cloud storage and at the same time acquires knowledge of cloud user. According to
Liao, Chiha et al. (2011) Knowledge Management involves collecting information and
transferring information to demanders, and can effectively increase the value of the
knowledge asset in an organization. Therefore, having knowledge can be a factor to take
into consideration in decision making. Nonaka (1994) indicates “Any organization that
dynamically deals with a changing environment ought not only to process information
efficiently” but also create information and knowledge. Thus, we hypothesize that,
15
Hypothesis 1: The higher the cloud security knowledge of the corporate users,
the higher their intention to trust the cloud services.
2.3 Trust Intention
Trust is an interactive process that involves at least two individuals in an
interpersonal relationship. According to Rotter (1980), stated that trust is an important
variable that can affect human relationships at all levels (including the trust of the
corporate users as those from the government as well as the business). The confidence of
the user is an essential measure in our lives, which guides our decision-making.
However, Rotter (1980) gave us an example that people who tend to trust more are less
likely to lie or cheat and are possibly less likely to steal. Although, Trust is a person's
expectation that an interaction partner is able and willing to behave toward the person,
even when the interaction partner is free to choose among alternative behaviors that could
lead to negative consequences for the person. The degree of trust can be said to be higher
the stronger the individual holds this expectation (Koller 1988). Modern corporation and
enterprises are required to take security control precautions into consideration of
protecting its corporate information assets. Mutual trust sustains interpersonal
relationships and helps maintain the social fabric. Pavlou (2003) said that trust is the
belief that the other party will behave in a socially responsible manner. By so doing, the
other party will fulfill the trusting party's expectations without taking advantage of its
vulnerabilities.
Trust is ubiquitous in human affairs. Sztompka (1999), defines trust as the
expectations of other people, group or institutions, with whom we are in contact – interact
– cooperate – act in a correct way for our benefit. Trust is the lubricant of commerce,
16
essential to negotiations, and has been related to competitive advantage. It is a factor in
leadership, effective decision-making, innovation, and managerial effectiveness (Brown,
Poole et al. 2004). In business context, according to Audi (2008), trust is an
indispensable requisite for the viability of business; without trust there could be no
business. Trust is important with regards to high-risk profiles, i.e. something that can
cause a greater deal of physical, financial or psychological harm (Bickmore and Cassell
2001). This is tied with ethics, trust is more delicate when it deals with ethical business
inquiries, at the same time, it is a cultural base and the foundation that promotes an
ethical behavior in business and discourage the deviation of the ethical norms (Brien
1998, Svensson 2001). According to Zand(1972), and Zucker, Darby et al. (1996) , trust
is an interactive process that involves at least two individuals. Trust and distrust are
based in the positive feedback, which reinforces the initial behavior (Zand 1972).
Michael Koller (Koller 1988) states that the degree of trust depends on the strengths the
individual holds their expectation. Trust is built gradually, reinforced by the initial
behavior previous trust and behavior previous of positive experience (Zand 1972,
McAllister 1995, Lewicki and Bunker 1996, Six 2007), meanwhile distrust is more
catastrophic (Lewicki and Bunker 1996, Mollering 2001, Six 2007). Mollering (2001)
says that there is no absolute certainty that trust will be honored. Trust is a defining
feature of most economic and social interactions in which uncertainty is present.
In this study of cloud computing, we learn that information users do not
physically own the data and information anymore. In addition, they have little idea on
what appropriate information security countermeasures and control should be in place to
17
safeguard their personal information. As a result, trust and distrust are big issues from
the end-users perspectives toward the cloud provider.
Trust involves both cognitive and emotional aspects. Below, these two aspects of
trust are reviewed.
2.3.1 Cognitive Trust
According to Johnson and Grayson (2005), cognitive trust is a customer’s
confidence or willingness to rely on a service provider’s competence and reliability.
Schaubroeck, Lam et al. (2011) refer to cognitive trust as a trust based on the
performance of relevant cognitions such as competence, responsibility, trustworthiness
and reliability. The human behavior is very unpredictable and perhaps there are
indicators into the confidence that has influenced decision-making. According to
Rousseau, Sitkin et al. (1998), "trust is a psychological state of trust with the intention to
accept vulnerability in a situation of risk, based on user behavior or positive expectations
intentions." Lfiti and Gharbi (2012), trust is simply a mental attitude and emotional
disposition, with two types of beliefs: assessment and expectations. “The bases of a trust
judgment are shifted from disposition to trust and category-based processing of
characteristics to personal-based cognitive processing in which the individual’s behaviors
(e.g., ability, integrity, and benevolence)” (Robert Jr. et al. 2009) (page 245).
In cognitive trust, the trustee’s actions are observed, and the causes are attributed
to the trustee’s internal trust-related characteristics (e.g., competence and integrity).
Likewise and according to Komiak and Benbasat (2004, 2006), the concept of trusting
beliefs (Mcknight, Choudhury et al. 2002, Lfiti and Gharbi 2012) is consistent with the
18
concept of cognitive trust, defined as a trustor’s rational expectations that a trustee will
have the necessary attributes to be relied upon (Komiak and Benbasat 2006).
In a company the term cognitive trust is defined by (Cardona-Gómez and
Calderón Hernández 2010) as a judgment based on the capacity and reliability to work or
achieve certain objectives. Cognitive trust assesses and measures the expectations for the
rational terms, as are the integrity, reliability and knowledge. According to Robert,
Dennis and Hung (Robert Jr., Dennis et al. 2009), the interpersonal trust can be
categorized as cognitive and define it as the “trustor’s rational expectations that a trustee
will have the necessary attributes to be relied upon”
2.3.2 Emotional Trust
Trust is a reciprocal relationship (Hawes, Mast et al. 1989), between company /
government agency and service provider. Thus, trust plays an essential role in building
buyer commitment (Prus 1987, Hawes, Mast et al. 1989) between company / government
agency and service provider. Therefore, trust facilitates the development and long term
maintenance of each other and keeps relationship with emotions. When someone is
emotionally angry during a negotiation, they demand less than when they are happy
(Pietroni, Van Kleef et al. 2008, Gross, Sheppes et al. 2011). However, emotional trust is
defined as the extent to which one feels secure and comfortable about relying on the
trustee (Komiak and Benbasat 2004, 2006). This includes a person’s evaluation of
cognitive beliefs, his or her gut feeling and faith (Rempel, Holmes et al. 1985), and his or
her evaluation of emotional reactions to the trustee (Komiak and Benbasat 2006).
Emotional trust, according to McAllister (1995), refers to the emotional ties between
individuals "which in turn are based on the expressions of a real care and concern for the
19
welfare "of the other party”. The decision-making of IT management can be occasionally
affected by their emotions. Forgas (2009) indicates the decision whether to trust a
stranger, or competition, is particularly susceptible to being influenced by the emotional
state of a person. Also, Dunn and Schweitzer (2005) state that emotion affects trust, but
only to an extent when emotions fall within an assessment of particular controls. This is
caused due to the emotion being influenced by a strong feeling that someone has the
situation controlled. Although, the emotion can make a difference in the management
decision making, however when it comes to emerging technologies such as cloud
computing, we hypothesize that IT management should not be carried away by emotions
associated with having a new technology. In the article, "The Influence of Emotion on
Trust," Myers and Tingley (2011) found that emotions have an effect on the behavior of
the trust. However, only anxiety, a negative emotion, can decrease the performance of
the trust. Other emotions like, anger and guilt, have no significant effect on trust. These
emotions such as anxiety, anger, guilt, might cause mistakes and errors in securing cloud
computing, threatening the security of confidential company information.
Nearly every organization has sensitive information, managed by either inside or
outside of their cloud providers. Organizations depend on the reliability of its
employees’ emotional state, and those employees’ emotional stability at the service
providers.
In short, intention is an indication of a person's readiness to perform a given
behavior, and it is considered to be the immediate antecedent of behavior (Ajzen 2006).
In this research, the intention is based on attitude toward behavior, perceived behavioral
control (Ajzen 2006) and knowledge in cloud computer security, with each predictor
20
weighted for its importance in relation to the behavior and population of interest (Ajzen
2006).
2.4 Attitude of Adopting the Cloud as a Platform
According to Lai (2009), the attitude of corporate employees can often be
influenced by the self-produced factors as well as his/her benefits and costs stimuli.
According to Henle, Reeve et at. (2010), attitudes are a function of behavioral beliefs,
which are derived from the likelihood of certain outcomes resulting from the behavior
and the evaluation of those outcomes.
Likewise, attitude has long been shown to influence behavioral intentions (Ajzen
and Fishbein 1980, Pavlou and Fygenson 2006). Therefore, if business users have
positive attitudes, they can be transfer to a positive attitude towards the efforts of the
company (Lee, Vernez et al. 2013) in the adoption of new technology. The attitude
toward the behavior define it as the position as corporate user adopts regarding using the
cloud as a means of storing information. Thus, we hypothesize that:
Hypothesis 2: The higher the positive attitude of the corporate user toward cloud
security, the higher their intention to trust in adopting cloud services.
2.5 Perceived Behavioral Control of Information Security
The history of computers near to 1960 can be viewed as a continuous evolution
towards specialization. In the beginning, the mainframes for security were simple. Later,
came microcomputers and laptops (Anthes 2010) but the difficulties remain the same.
According to Garfinkel (2012), most companies see information security as a cost or a
product rather than as an enabling technology.
21
The companies, either by lack of knowledge, fear or insecurity, do not trust the
security of cloud computing. But the security is not only in the system, the security exists
in all components of organization, and the administrator may need to evaluate this.
Modern corporations and enterprises are required to take security precautions into
consideration by protecting their information assets with corporate control. Security is
perceived to be a technical issue, the information security group in organizations
following this strategy tends to be positioned as a low level technical function operating
independently from the business (Berinato and Ware 2005).
Ensuring compliance is to ensure that the design and implementation of
information security policies comply with any number of external legal requirements, as
one of the many priorities of top management is to ensure information security
(Brancheau, Janz et al. 1996, Lohmeyer and McCrory 2002, Ransbotham and Mitra
2009).
In the process of analyzing cloud computing, the manager mentioned that it is
essential to take in consideration cost factors, risks and benefits. For example,
investigators from the company Info-Tech, found that small businesses are proportional
in relation to big companies in the use of virtual storage. The option of using the cloud or
virtual storage has a common factor, and that is security. Not only, the security is seen
positively by those companies that use the virtual storage, but those who also see it as a
positive factor in comparison with something negative, which means that it has
incremented in the companies since its evaluation, planning and development.
According to Kayworth and Whitten (2010), the typical arrangement was for the
corporate security function to be responsible for setting security standards and policies
22
with either the IT organization or other business units’ IT personnel responsible for the
execution of these policies.
"The Holy Grail of security in the virtual world is to bounce out of the [virtual
machine] and take control," (Dubie 2007).
However, security is not only the technical area, there are also other non-technical
factors (Garfinkel 2012) that can affect cloud computing security. Some of these factors
are reducing development cycles, inability to attract and retain the best workers
(Garfinkel 2012). Is in the latter where the employee plays an important role and it is not
known what will be the behavior of the employee into a particular situation.
According to Elie-Dit-Cosaque, Pallud, et al. (2011), the perceived behavioral
control is important but understudied in information systems (SI) research. Likewise,
perceived behavioral control is defined by Ajzen (2006) as the perception people have
about their ability to perform a particular behavior; it is determined by the total set of
control beliefs. Therefore, greater awareness of the determinants of PBC may provide
insights into how to influence system usage in the workplace (Elie-Dit-Cosaque, Pallud et
al. 2011).
Hypothesis 3: The higher the corporate users perceived behavior control toward
the security of their corporate data, the higher their intention to trust in adopting
cloud services.
2.6 Perceived Risk
The technology acceptance model would argue that two external variables (i.e.,
perceived usefulness and perceived ease of use) influence the acceptance of Internet
technology. Following Davis (1989), perceived usefulness will be defined as the degree
23
to which consumers believe that a particular technology will facilitate the transaction
process. Perceived ease of use will be defined as the degree to which a consumer
believes that using a particular technology will be effortless.
Originally the Technology Acceptance Model was formulated (Vaidyanathan and
Mautone 2009) in an attempt to understand why people accept or reject information
systems. In its origins, TAM explained the causal links between beliefs (usefulness of an
IS and easy of using the IS) and users’ attitudes, intentions and “actual computer
adoption behavior” (Vaidyanathan and Mautone 2009).
Technology adoption theories (e.g., TAM/UTAUT) offer powerful models for
predicting user behavior within the domain of information technology acceptance.
According to Davis (1989) perceived usefulness is when people tend to use or not use an
application to the extent they believe it will help them perform their job better. Davis
(1989) defines perceived usefulness as the degree to which person believes that using a
particular system would enhance his or her job performance. In contrast, Davis (1989)
says that the Perceived ease of use refers to "the degree to which a person believes that
using a particulars stem would be free of effort. According to Davis (1989), perceived
use of ease is even if potential users believe that given application is useful, they may, at
the same time, believe that the system is too hard to use and that performance benefit of
usage are outweighed by the effort of using the application.
Peter and Ryan (1976), Stone and Gronhaug (1993) defined perceived risk as an
expectation of loss associated with the purchase of a product or service. Risks act as an
inhibitor of the behavior of the corporate user in cloud computing. Perceived risk is an
individual factor, they are likely to be shaped to some extent by a decision maker's
24
cultural background (Keil, Tan et al. 2000). Likewise, Hofstede (1991) defined perceived
risk as the extent to which people of a culture feel threatened by unknown situations.
Therefore, the perceived risk is seen as a psychological construct that can explain the
behavior (Bauer 1967) of corporate user to a particular service provider.
Frequently, organizations may mistakenly post on the Web many different types
of sensitive information, from legal to medical to financial. Even technology firms such
as pharmaceuticals have suffered the embarrassment of inadvertent Web posting of
sensitive information, in their cases, customer information. In the case "Eli Lilly Settles
FTC Charges Concerning Security Breach" (www.ftc.gov/opa/2002/01/elililly.shtm) the
pharmaceutical company offered its customers a courier in order to remind them that they
should take their medicine or refill of medication needed. This service was
individualized to inform the patience their cancellation of the service, and the underwriter
of the program was unidentified. The email containing customers’ personal medical
information was accidentally sent to the Eli Lilly employee. The result of the above case
had a major impact on the accidental disclosure of customers’ private information and the
sensitive information was inadvertently leaked to unsuitable people, creating
embarrassment, vulnerabilities, and financial losses for the firm, its investors, and
customers.
The mixture of data with other clients of a cloud provider, or the accidental
release of data can expose companies to law suits, because the protection data and the
risk to privacy is affected (Harris and Alter 2010, Ward and Sipior 2010) and can be
considered security threaten company.
25
Storage in the cloud (cloud computing) services have become a trend by the rapid
development of the internet technology at the global level (Chi, Yeh et al. 2012).
According to Dowling (1986) the perceived risk is the estimation of an individual and the
controllable level in a situation of uncertainty that affect a consumer's decision to use a
product. Guseman (1981) indicates that the perception of risk can induce a negative
effect on intent to use. According to Chi, Yeh et al. (2012), risk in cloud computing
services is common because the system will record the behavior of users, habits and
preferences at the same time. Therefore, the uncertain risks and the possible adverse
effects that users of cloud computing created an expectation (Mitchell 1999) toward
perceived risk. Thus, we hypothesize that,
Hypothesis 4: The user’s perceived risk toward cloud computing can influence
their perceived knowledge of cloud security toward trust intention of adopting the
cloud services.
Hypothesis 5: The user’s perceived risk toward cloud computing can influence
their attitude toward trust intention of adopting cloud services.
Hypothesis 6: The user’s perceived risks toward cloud computing can influence
their perceived behavioral control toward trust intention of adopting the cloud
services.
Hypothesis 7: The higher the corporate user’s perceived risks toward cloud
services, the higher their intention to trust in adopt cloud services.
26
2.7 Subjective Norm
The subjective norm is a construct known in the theories of acceptance of the
technology, extended from the theory of planned behavior (Ajzen 1985). Peer influence,
peer pressure, advertisement from a marketing campaign, or special recognition by a
service provider, are all part of a form of social influence, and thus categorized in this
study as subjective norm.
Empirical tests of social influence or subjective norm on attitudes toward IT have
produced mixed results (Yang, Moon et al. 2009). According to Venkatesh and Morris
(2000) , found that the subjective standard is an important determinant of the intention
and/or behavior. Therefore subjective standard can be an important factor in determining
the acceptance of and the use of technology on the basis of Theory of Reasoned Action
(TRA) and the theory of planned behavior (Ajzen 1985, 1991) (TPB). Subjective norm
may be more salient during the early stages of technology diffusion if users have limited
knowledge that forms the attitude toward the use of the technology (Taylor and Todd
1997). Likewise, the moral standards refer to the idea that some behaviors are inherently
good or evil regardless of their personal or social consequences (Manstead 2000).
According to (Schwartz 1977), the rules are divided into two groups moral and social.
However in the TPB, subjective standard is a social norm, which measures social
pressure to engage in conduct social pressure to participate in a conduct (Linden 2011).
Ajzen (2006) defines the subjective standard as perceived social pressure, and is
determined by the total set of accessible normative beliefs about the expectations of the
important references. The intention and behavior correspond to the extent that its
elements are identical (Ajzen 1985, 1987). In addition, Ajzen (2006) indicates that the
27
attitude toward behavior is a determinant by beliefs about the performance of the
behavior. Ajzen (1985, 1987) defines subjective norm as a person's belief that most of
her important others think she should (or should not) perform the behavior in question.
Thus, in this study, several hypotheses are raised as stated below. Tienes tres oraciones
empezando con el apellido.
Hypothesis 8: The subjective norm can influence corporate users’ perceived
knowledge on their intention to trust in the adoption of cloud services.
Hypothesis 9: The subjective norm can influence corporate users’ attitude toward
their intention to trust in the adoption of cloud services.
Hypothesis 10: The subjective norm can influence corporate users’ perceived
behavioral control toward their intention to trust in adoption of cloud services.
Hypothesis 11: The higher the subjective norm of the corporate users, the higher
their intention to trust the cloud services.
2.8 Behavioral Outcome of Technology Adoption
The behavior is the manifest, observable response in a given situation with respect
to a given target (Ajzen 2006). According to Karahanna, Straub et al. (1999), the
subjective standard affects the intentions of behavior toward the use of the system.
According to Compeau and Higgins (1995), social cognitive theory (SCT) holds
that expectations about the consequences of behavior are a strong force guiding
individuals' actions (Compeau and Higgins 1995). Therefore, consequences affect
behavior through the influence of thought; beliefs about schedules of reinforcement can
exert greater influence on behavior than the reinforcement itself (Baron, Kaufman et al.
1969, Bandura 1977). Furthermore, behavior is related to its outcomes at the level of
28
aggregate consequences rather than momentary effects (Baum 1973, Bandura 1977).
Likewise, Compeau and Higgins (1995) say that the individuals are more likely to
undertake behaviors they believe will result in valued outcomes than those which they do
not see as having favorable consequences.
In this work, we used the Theory of Planned Behavior and we predicted the
behavior of IT employees concerning security issues, at the same determined possible
security risks while we can appreciate the intentions and then the behaviors. Behavior is
related to its outcomes at the level of aggregate consequences rather than momentary
effects (Baum 1973, Bandura 1977).
The intention construct catch the motivational factors affecting the behavior.
Thus, we hypothesize that,
Hypothesis 12: The higher the corporate users intention to trust the cloud
computing, the likely they will adopt the cloud services as their behavioral
outcome.
2.9 Conceptual Framework
The Theory of Planned Behavior possesses three independent constructors
conceived in the intention. The first is the attitude toward behavior and it refers to at
what extend a person has a favorable or unfavorable evaluation, or the behavior
evaluation in matter. In second place, subjective norms, refers to social pressure
perceived to achieve or not achieve behavior. In third place we have Perceive Behavior
Control which refers at the facility perceived or the difficulty to make behavior and it is
supposed to reflect the past experience, as the impediments and obstacles anticipated
(Ajzen 1985, 1987).
29
In this study, the construction of confidence was defined as the "attitude toward
the behavior" which is the degree in which the behavior achieved is valued positively or
negatively according to Ajzen (2006). Ajzen (2005) indicates that the attitude toward the
behavior is determined by their beliefs about the conduct being carried out. Positive
attitude refers to “to trust” and negative attitude refers to “not to trust”. The attitude
construct will be viewed through the intention and behavior constructs.
Additionally, this study predicted the behavior of the employees about the
problems of cloud security, at the same time that it led us to identify possible security
risks, although, we could appreciate the intentions and behaviors. Ajzen (1985, 1987)
defines the subjective norm as the perceived social pressure and influence in their
decisions to engage or not to engage in a certain behavior. Therefore, the behavioral
outcomes of the corporate users can be predicted through the publicity of service
providers and through the trust intentions.
In order to analyze, and know how the corporate user trust in cloud computing
security, we propose a causal and quantitative research model (Figure 1).
30
Figure 1: Conceptual Framework
For the elaboration of the proposed model, we first determined the constructions
and the relationships between them. As illustrated in Figure 1, the research model is one
that seeks the facts through the establishment of relations of cause and effect. To carry
out the research we used a questionnaire entitled Trust in the Cloud: A Cognitive-
Behavioral Framework of Technology Adoption for Cloud Computing in
Organizations, which is divided into seven categories.
Table 1: Research Constructs Definitions Research Constructs Research sub-
construct
Definitions Reference
Perceived Knowledge of
Cloud Computing
N/A Knowledge can be defined as a
combination of experience,
and expert insight that help
evaluate and incorporate new
experience and information
(Gupta, Joshi et al.
2012)
Attitude Toward
Behavior
N/A Refers to the extent of a
person’s favorable or
unfavorable evaluation, or the
behavior evaluation in matter
(Ajzen 1987)
Perceive Behavioral
Control
N/A Refers to people’s perception
of the ease or difficulty of
performing the behavior of
interest
(Ajzen 1991)
Perceived Risk N/A Risk perception is "a decision
maker's assessment of the risk
inherent in a situation".
(Sitkin and Pablo
1992)
Subjective Norm Social Influence A social pressure perceived to
achieve or not achieve
behavior
(Ajzen 2006)
Advertising,
reputation
influence
Social Interaction is defined as
an action that was taken by an
individual not actively
engaged in selling the product
or service.
(Marcolin, Compeau
et al. 2000)
(Godes, Mayzlin et al.
2005)
Trust Intention A central factor in the theory
of planned behavior is the
individual’s intention
to perform a given behavior
(Ajzen 1991)
Cognitive Trust Cognitive trust is a customer’s
confidence to rely on a service
provider’s competence and
reliability. According to
(Rempel, Holmes et
al. 1985, Rousseau,
Sitkin et al. 1998,
Johnson and Grayson
31
Johnson et al. (2003),
cognitive trust arises from an
accumulated knowledge that
allows one to make prediction,
with some level of confidence,
regarding the likelihood that a
focal partner will live up to
his/her obligations.
2005);
Emotional Trust Emotional trust is defined as
the extent to which one feels
secure and comfortable about
relying on the trustee.
Affective trust is closely
related to the perception that a
partner’s actions are
intrinsically motivated
(Komiak and Benbasat
2004)
(Rempel, Holmes et
al. 1985)
Behavioral Outcome Behavior is related to its
outcomes at the level of
aggregate consequences rather
than momentary effects
(Baum 1973, Bandura
1977)
Performance-
related
consequence of
the behavior:
Associated with improvements
in job performance associated
with the actual use of cloud
computing.
(Compeau and
Higgins 1995,
Compeau, Higgins et
al. 1999, Fisher and
Howell 2004)
Personal-related
consequence of
the behavior
Relate to expectations of
change in image or status or
benefits expectations
(Compeau and
Higgins 1995,
Compeau, Higgins et
al. 1999, Venkatesh,
Morris et al. 2003,
Fisher and Howell
2004)
2.10 Section Summary
The conceptual framework was discussed in the literature review. Based on the
discussions of different concepts like knowledge, trust, perceive security, perceive risk,
and perceive technology adoption, was built a framework. First, we defined Attitude
Toward Behavior as the extent of a person favorable or unfavorable evaluation, or the
behavior evaluation in matter (Ajzen, 1987). Subjective Norm refers to social pressure
perceived to achieve or not achieve behavior. (Ajzen ,2006). Intention, is a central factor
in the theory of planned behavior, is the individual’s intention to perform a given
32
behavior (Ajzen, 1991). Perceived Behavioral Control refers to people’s perception of
the ease or difficulty of performing the behavior of interest (Ajzen, 1991). Behavioral, is
the manifest, observable response in a given situation with respect to a given target
(Ajzen, 2006). Perceived Risk is defined as an expectation of loss associated with the
purchase of a product or service. Risks act as an inhibitor of the behavior of the
corporate user in cloud computing. Trust Intention, according to Rotter (1980), trust is an
important variable affecting human relationships at all levels (government, business).
Therefore, the confidence is essential in our lives and guides us in the decision making.
However, Rotter (1980) said that people who trust more are less likely to lie and are
possibly less likely to cheat or steal. Perceived Knowledge of the Cloud Computing
Security is defined as a combination of experience, values, contextual information, and
expert insight that help evaluate and incorporate new experience and information (Gupta,
2012).
33
CHAPTER 3
METHODOLOGY
The purpose of this research was to identify the types of behavior and decisions
undertaken by the Information Systems professionals / corporate managers in adopting
the cloud storage technology and service in organizations in differents countries. The
corporate users of organizations (normally categorized as middle management) in
Country are confronted with serious decisions and challenging issues with the cloud
security. The corporate information may be endangered once those data and information
are transferred into the cloud environement which is outside of their organizational
control. In this study, we explored the level of confidence and trust within the corporate
managers of the organizations, which are the customers of the cloud-based service
providers. This study aimed at identifying trust indicators, which would take place
within the corporate users for cloud services adoption.
3.1 Research Population
This chapter presents the methodolody that carried out this causal and quantative
research model proposed in Chapter 2 (Figure 1). We adopted a survey instrutment that
collected thoughts and opinions from my research participants (or, research subjects).
Research subjects will included different companies and / or government agencies. The
survey questionnaire were distributed to those middle management throght survey
monkey program and consent. The population included several important government
and industry sectors.
To determine the appropriate sample size, so that it was representative of the
population, we used the table of recommended sample sizes for each population (Krejcie
34
and Morgan 1970) in this research. In order to estimate the population size, we
personally contacted the responsible person in the information systems area in hospitals
and sent through survey monkey, the corresponding survey for each of the companies
and/or government agencies that participated in the research.
In particular, the study population focused on senior management, including systems
managers, staff in the information system area, managers and all those involved in
decision making. Krejcie and Morgan (1970) suggested that action as a principle in
determining the appropriate sample size to be representative of the population. This table
mentioned in Krejcie and Morgan (1970) study is detailed in Determining Sample size
table
3.2 Data Collection Strategy
In order to get involved in this research as many subjects as possible according to
the ones proposed we had to carry out various strategies. The first strategy was using the
survey monkey program to send the survey to different companies and / or government
agencies in different countries. Secondly, we visited different companies and / or
government agencies and personally delivered the questionnaire to employees in
management positions were available. As a third and final option, we called these
management employees asking for their voluntary participation in the research. Attached
are the support letters from the survey monkey application and the questionnaire.
To carry out the research, we used a questionnaire entitled Trust in the Cloud: A
Cognitive-Behavioral Framework of Technology Adoption for Cloud Computing in
Organization.
35
The research protocol of this questionnaire was evaluated by and obtained
approval from the Board for the Protection of Human Subjects in Research (Institutional
Review Board - #03-465-13 of the Ana G. Méndez University System.
3.3 Demographics of Data Collection
Data was collected from autumn (October 30, 2013) to winter (January 12, 2014).
The total population for the research was 200 participants in the information systems
area, managers, IT manager/directors, programmers. The questionnaire was answered by
176 participants for an equivalence of 88%. This analysis is intended to meet the
objectives of the research and corroborate the hypothesis established.
The data collection took place from October 30, 2013 to January 12, 2014. We
collected data from a total number of participants of 176. However, six questionnaires
were removed from the sample since they were not answered in its entirety. Therefore,
the sample of valid questionnaires for this research consists of participants (n = 170).
The chapter 4 organization, where the results are discussed, was determined by
the order of the specific objectives of this research. We started detailing the results of the
reliability test Cronbach's Alpha made to the questionnaire variables. Afterwards, the
descriptive analyses of the variables under study are presented. Followed by the detail of
the statistical tests performed to the data obtained and concluded with the results of tests
of the hypothesis established.
Results of this study came from a sample of 170 employees who work in the
following areas: IT manager / director, professional, manager, programmer, and others.
Below is a summary of the results and conclusions based on them. The profile of the
research subjects was identified. It is important to note that most of the surveyed
36
employees have a university degree, Bachelor’s degree being the highest percentage with
46% and Master’s degree with 38%.
Figure 2: Education
Also, it turned out that the majority of respondents are male 70.11%.
Figure 3: Gender
The average age of the majority of respondents are in the range of 41 to 50 years
with 31% and 31-40 years with 30%.
3%
4%
46% 38%
9%
High School
Associate's degree
Bachelor's degree
Master's dgree
Doctorate's degree
29%
71%
Female
Male
37
Figure 4: Age Range
A 27% holds the position of IT Managing Director and a 27% in another range (as
in the area of finance and computer technician).
Figure 5: Positions
10%
30%
31%
21%
6%
2%
21 - 30
31 - 40
41 - 50
51 - 60
61 - 70
71 +
0%
10%
20%
30%27%
17% 20%
5%
27%
38
It was also found that 31% have 5-10 and 11-20 years of experience, 18% have
less than five years of experience, 13% of respondents have 21 – 30 years of experience
and only 7% have thirteen years of experience.
Figure 6: Experience
A 31% of respondents work in a government agency, 21% work in Education,
20% work in Computer/IT, only an 8% work in Healthcare and 3% work Insurance area.
Figure 7: Type of Company
An 88.95% of respondents have heard about cloud computing, and a 72% uses or
have used the storage in the cloud.
18%
31% 31%
13% 7%
Experience year in this position
Less than 5
5 - 10
11-20
21 - 30
30 +
3% 21%
5%
20% 31%
8% 12%
Insurance
Education
Bank
Computer/IT
Government agencies
Healthcare
Other
39
Figure 8: Have you ever heard cloud computing?
It can be concluded that both sectors (private and public) have academically
prepared personnel and with the experience to carry out their duties properly. Also, we
can say that the majority of respondents have heard of cloud computing.
3.4 Section Summary
A survey research was conducted during September 2013 through January 2014.
The survey questionnaire is provided in Appendix A and Appendix B. At first, the
survey questionnaire was distributed through site visits of different companies and
government agencies. Research subjects included different companies and / or
government agencies. Then, the survey questionnaires were distributed to those middle
management through a survey monkey program. The questionnaire was divided in 10
demographic questions and 37 questions divided into 7 different categories (knowledge,
attitdude, perceived behavioral control, perceived risk, subjective norm, trust intention,
and behavioral outcome). In order to maintain overall consistency, all variables were
measured using Likert scale of 7 points, ranging from “strongly disagree” to “strongly
agree”.
90%
10%
YES
NO
40
CHAPTER 4
DATA ANALYSIS
This chapter presents the analysis and discussion of the results of a research study
directed to the professionals in the information systems area from a variety of private
companies and government public sectors in different countries. In order to maintain
overall consistency, all variables were measured using Likert scale of 7 points, ranging
from “strongly disagree” to “strongly agree”.
Data was twofold analyzed. First, a multivariate analysis was used to analyze
multiple variables (Hair Jr., Hult et al. 2014). The typically measured variables
associated with this research were subjective norms, attitude toward behavior, perceived
knowledge in cloud computing security, perceived behavioral control, perceived risk,
trust intention and behavioral outcome. Then, a structural equation model (SEM) was
built. We used SmartPLS 2.0 to measure the validation of the research model. PLS-SEM
is primarily used to develop theories in exploratory research (Hair Jr., Hult et al. 2014).
4.2 Measurement / Reliability (The Reliability of the study)
In this research the method of internal consistency, Cronbach's Alpha, was used to
calculate the reliability of the questionnaire. The closer Cronbach's alpha is to 1, the
higher the internal consistency reliability of the questionnaire (Sekaran 2003).
The recommended rules were used to interpret the result where a greater than 0.90
Cronbach's Alpha value indicates that the questionnaire is excellent; the questionnaire
between 0.89 and 0.80 is good; between 0.79 and 0.70 questionnaire is acceptable;
between 0.60 and 0.69 questionnaire is weak; between 0.59 and 0.50 questionnaire is
41
poor; and if it is less than 0.50, the questionnaire is not acceptable to conduct the research
(George and Mallery 2009).
The SmartPLS version 2.0 was used to conduct the statistical data analysis. I used
PLS-SEM to a measurement of convergent validity. According to Hair et al. (2014),
common measure to establish convergent validity on the construct level is the Average of
variance extracted (AVE). It is defined as the grand mean value of the squared loadings
of the indicator2 associated with this construct. AVE value of 0.50 or higher indicates
that, on average, more error remains in the items than variance explained by the
construct. As seen in the table 1, all values are above 0.50. The Cronbach’s Alpha, in
the context of PLS-SEM, composite reliability is considered a more suitable criterion of
reliability (Hair Jr., Hult et al. 2014). The Cronbach’s alpha for all exogenous and
endogenous latent3 variables was between 0.070 and 0.94. Hair Jr., Hult et al. (2014)
recommends using a different measure of internal consistency reliability; PLS_SEM calls
it the composite reliability. Likewise, the composite reliability, a measure of internal
consistency reliability, which, unlike Cronbach’s alpha, does not assume equal indicator
loadings. It should be above 0.70 (in exploratory research, 0.60 to 0.70 is considered
acceptable). In this research composite reliability is greater than 0.70 for all exogenous
and endogenous latent variables.
High outer loading on a construct indicate that the associate indicator have much
in common, this characteristic is call indicator. Generally, indicator with outer loadings
between 0.40 and 0.70 should be consider for removal from the scale only when deleting
the indicator leads to an increase in composite reliability above the suggested threshold
2 Is the measured items of a construct.
3 Are the theoretical or conceptual elements in the structural model
42
value (Hair Jr., Hult et al. 2014). However, indicator with very low outer loading (below
0.40) should be eliminated from the scale (Hair, Ringle et al. 2011). The following table
shows the outer loading values and which are below 0.4
Table 2: Outer Loading
Attitude Perceive Risk Knowledge
Perceived Behavioral Control
Subjective Norm
Trust Intention
Behavioral Outcome
Q1 0.8842
Q2 0.8722
Q3 0.9523
Q4 0.8895
Q5 0.9404
Q6 -0.3655
Q7 0.924
Q8 0.895
Q9 -0.5144
Q10 0.9359
Q11 0.8868
Q12 0.8941
Q13 0.8777
Q14 0.8691
Q15 0.7982
Q16 0.6584
Q17 0.7994
Q18 0.7525
Q19 0.7462
Q20 0.7199
Q21 0.7996
Q22 0.68
Q23 0.794
Q24 0.7124
Q25 0.7696
Q26 0.8235
Q27 0.9042
Q28 0.9325
Q29 0.9219
Q30 0.8562
Q31 0.8414
43
Q32 0.0274
Q33 0.9191
Q34 0.9659
Q35 -0.2136
Q36 -0.1008
Q37 0.9431
In table 1, we can see the R square value, explained the variance of endogenous latent
variable trust intention in the structural model on 72.4%, and explained the variance of
endogenous latent variable behavioral outcome in the structural model on 43.6%.
According to Hair Jr., Hult et al.(2014), the high R2 also indicate that the value of the
construct can be well predicted via the PLS path model.
Table 3: Measurement
AVE Composite
Reliability
Cronbach's
Alpha R Square Communality Redundancy
Perceived Knowledge in cloud computing security
0.7406 0.9193 0.8895 0.7406
Attitude toward behavior 0.7098 0.9091 0.8217 0.8295
Perceived Behavioral
Control 0.5589 0.8833 0.845 0.5589
Perceived Risk 0.7163 0.8733 0.7005 0.7163
Subjective Norm 0.5742 0.8703 0.8134 0.6271
Trust Intention 0.7956 0.9511 0.9353 0.724 0.7956 0.1808
Behavioral Outcome 0.8915 0.961 0.939 0.4361 0.8915 0.3884
The Statistical Package for the Social Sciences (SPSS) version 21 is used to conduct the
statistical data analysis. Reliability testing was performed to the collected data in 37
survey questions included in the 170 questionnaires. The Cronbach's Alpha value for this
set of data is = 0.948. From the analysis a coefficient alpha of 0.95 was obtained which
indicates that the questionnaire is excellent to carry out research. With this result, it can
44
be concluded that the internal consistency of the instrument fulfills with the requirements
of reliability.
Table 4: Reliability Statistics
Reliability Statistics
Cronbach's
Alpha
Cronbach's
Alpha Based on
Standardized
Items
N of Items
.948 .951 37
4.3 Factor Analysis
The factor analysis is used to simplify the information that gives us an array of
correlations to interpret it more easily (Morales Vallejo 2013). Factor analysis indicates
how it tends to gather items that is, if they have much or little influence. According to
Morales Vallejo (2013), factor analysis of a measuring instrument helps to establish
construct validity of what you are measuring. Also, it has to do with reliability, the
extend of interpretation of a one-dimensional (“unidimensional”) construct.
In this research, we used the Kaiser-Meyer-Olkin (KMO) test to measure the
adequacy of sampling used (Table 5). The result revealed that is significant at p <0.01
and KMO is 0.916, which is indicative that the instrument used for research is
appropriate. The solution of the factors explained approximately 75.3% of the total
variance. The results were revealed when the factor analysis was conducted; the
statistical results suggested a regrouping of the assertions from the 7 components. The
seven factors identified in the factor analysis show that the assertions of the instrument
are mostly oriented to measure the intended variables in the questionnaire prepared by the
researcher.
45
Table 5: KMO and Bartlett's Test
Kaiser-Meyer-Olkin Measure of Sampling Adequacy. .916
Bartlett's Test of Sphericity
Approx. Chi-Square 6559.840
df 666
Sig. .000
The communalities test was performed to establish that the sample is statistically
significant, because the communalities of each items are in the range of .429 to 0.916.
Factor loadings above 0.5 are interpreted as significant (Hair et al., 2006). There is not a
unique calculation to estimate communalities. There are various methods such as
multiple correlations of each item with every other, or varying reliability coefficients if
each is a test. These procedures are called analysis of common factors (see Table 6).
Table 6: Communalities Test
Communalities
Initial Extraction
Q11 1.000 .838
Q12 1.000 .826
Q13 1.000 .916
Q14 1.000 .786
Q15 1.000 .886
Q16 1.000 .429
Q17 1.000 .845
Q18 1.000 .785
Q19 1.000 .611
Q20 1.000 .859
Q21 1.000 .757
Q22 1.000 .884
Q23 1.000 .882
Q24 1.000 .836
Q25 1.000 .763
Q26 1.000 .838
Q27 1.000 .816
Q28 1.000 .616
Q29 1.000 .817
46
Q30 1.000 .835
Q31 1.000 .574
Q32 1.000 .509
Q33 1.000 .607
Q34 1.000 .651
Q35 1.000 .648
Q36 1.000 .574
Q37 1.000 .845
Q38 1.000 .887
Q39 1.000 .861
Q40 1.000 .775
Q41 1.000 .818
Q42 1.000 .477
Q43 1.000 .823
Q44 1.000 .888
Q45 1.000 .647
Q46 1.000 .640
Q47 1.000 .826
Extraction Method: Principal Component
Analysis.
As we can see in the table Total Variance Explained (Table 7), the proportion of
variance explained by the 7 components of the matrix factor that obtained a value greater
than 1 was represented by 75% of the total variance.
Table 7: Total Variance Explained
Component Initial Eigenvalues Extraction Sums of Squared
Loadings
Rotation Sums of Squared
Loadings
Total % of
Varianc
e
Cumula
-tive %
Total % of
Variance
Cumula
-tive %
Total % of
Variance
Cumu-
lative
%
1 16.425 44.391 44.391 16.425 44.391 44.391 8.512 23.006 23.006
2 3.724 10.066 54.457 3.724 10.066 54.457 5.308 14.346 37.352
3 2.210 5.973 60.430 2.210 5.973 60.430 4.315 11.663 49.015
4 1.692 4.574 65.004 1.692 4.574 65.004 4.042 10.925 59.940
5 1.562 4.221 69.225 1.562 4.221 69.225 2.353 6.358 66.299
6 1.149 3.106 72.331 1.149 3.106 72.331 1.917 5.182 71.480
47
7 1.112 3.006 75.337 1.112 3.006 75.337 1.427 3.857 75.337
8 .981 2.651 77.988
9 .850 2.299 80.286
10 .773 2.089 82.376
11 .672 1.817 84.192
12 .655 1.770 85.962
13 .576 1.556 87.518
14 .508 1.374 88.892
15 .470 1.270 90.162
16 .409 1.105 91.267
17 .356 .961 92.228
18 .306 .826 93.054
19 .293 .791 93.846
20 .272 .735 94.581
21 .243 .658 95.239
22 .221 .598 95.836
23 .189 .512 96.348
24 .177 .479 96.827
25 .174 .470 97.297
26 .157 .424 97.722
27 .126 .341 98.063
28 .108 .292 98.355
29 .103 .277 98.633
30 .093 .252 98.884
31 .081 .220 99.104
32 .078 .210 99.315
33 .069 .186 99.500
34 .063 .170 99.670
35 .058 .157 99.828
36 .048 .131 99.958
37 .015 .042 100.000
Extraction Method: Principal Component Analysis.
Nunnally (1978), considers that when the items are many it is recommended the principal
components analysis.
Likewise, the rotation is defined as one that imposes mathematical conditions
beyond the fundamental factor theorem (Kaiser 1958). Varimax orthogonal rotation
48
method tends to force the differentiation, the contrast, and leaves more clearly the
underlying full-scale structure (Morales Vallejo 2013).
The orthogonal rotation (Table 8), was used for the data interpretation. It is a
process that allows interpreting the associations between variables and components.
Comparing variables and components as a variable are related to each other with weights
and reflecting heavy factor weights. According to Morales Vallejo (2013), there is no
precise value for the selection of each factor variables but .30 is a minimum limit. In the
Table Rotated Component Matrix, the items selected by each factor appear in bold.
Table 8: Rotated Component Matrix
Component
1 2 3 4 5 6 7
Attitude Q11 .338 .257 .757 .201 .088 .060 .182
Q12 .553 .062 .635 .253 .124 .050 -.176
Q13 .396 .198 .814 .179 .144 .029 .059
Q14 .414 .084 .719 .198 .227 -.018 .028
Q15 .403 .174 .790 .144 .207 .066 .036
Q16 -.108 .058 -.235 -.034 -.370 -.423 .203
Perc. Risk Q17 .732 -.002 .428 .302 .173 .027 -.053
Q18 .823 .037 .260 .190 -.005 .046 .001
Q19 -.380 .329 -.115 -.160 -.260 -.384 .323
Q20 .857 .063 .277 .172 .099 .056 -.044
Q21 .817 .095 .242 .128 .071 -.020 .012
Knowledge Q22 .172 .904 .075 .084 .091 -.032 -.123
Q23 .118 .906 .145 .123 .087 .001 .047
Q24 .215 .855 .013 .077 .082 .019 -.213
Q25 .713 .386 .249 .134 .145 .059 -.024
P.B.Control Q26 .111 .866 .113 .188 .149 .026 .075
Q27 .833 .129 .124 .144 .225 .034 .134
Q28 .719 .183 .184 .130 .083 -.068 .052
Q29 .157 .643 .190 .236 -.098 .205 .486
Q30 .176 .580 .261 .220 -.119 .216 .539
49
Q31 .575 .241 .252 .212 .195 .046 .190
Sub.Norm Q32 .185 .488 .286 .109 .283 .077 .238
Q33 .533 .378 .368 .139 .108 -.035 .110
Q34 .461 .141 .191 -.066 .551 -.228 .149
Q35 .324 .262 .242 .229 .594 -.039 -.093
Q36 .453 .321 .245 .195 .391 -.122 -.008
Trust Intention Q37 .346 .241 .333 .536 .481 .077 .176
Q38 .333 .214 .270 .598 .488 .105 .226
Q39 .312 .205 .271 .590 .500 .109 .195
Q40 .720 .202 .102 .313 .293 .136 .053
Q41 .793 .165 .148 .295 .177 .125 .086
Beh.Outcome Q42 -.090 .175 -.020 .151 -.137 .297 -.555
Q43 .279 .189 .063 .820 .022 -.154 -.095
Q44 .327 .144 .195 .837 .025 -.119 -.081
Q45 -.105 .083 .016 -.090 -.128 .777 -.029
Q46 .156 .057 -.015 -.173 .036 .762 .019
Q47 .277 .159 .241 .799 .079 -.148 -.020
Extraction Method: Principal Component Analysis.
Rotation Method: Varimax with Kaiser Normalization.
a. Rotation converged in 15 iterations.
4.4 Hypotheses Testing
Based on the observations of (Table 9, Table 10) we concluded the following:
4.4.1 Correlation between variables
As part of the research, correlation analysis was performed to determine the
correlation between the variables of the study. The Pearson correlation coefficient
provides a numerical measure of the degree of correlation between two variables,
provided both are quantitative. According to Cohen, Cohen, West & Aiken (2002), the
index indicates a dependency between the two variables called direct relationship: when
one increases, so does the other in constant proportion. The correlation tests measures
the degree to which these variables relate to each other. The rank correlation can range
from zero to one, the higher value is the strongest level of correlation.
50
In this study an analysis of both sides at significant level of 0.01 was performed.
Table 9: Correlations includes the results of correlation analysis for each of the variables.
These constructs represent the averages of the items that operationalized. The result
revealed that the dependent variable, Trust Intention significantly correlated with the
other five variables of the questionnaire: Perceived Knowledge in Cloud Computing
Security (0.534), Attitude Toward Behavior (0.682), Perceived Behavioral Control
(0.735), Perceived Risk (0.709), Subjective Norm (0.755). It was also found that the
dependent variable, Behavioral Outcome significantly correlated with Trust Intention
(0.584) just as there is a correlation between all the variables.
Table 9: Correlations
Knowledge Attitude PBC PR SN TI BO
Knowledge
Pearson
Correlation
1 .463** .747
** .498
** .620
** .534
** .417
**
Sig. (2-tailed) .000 .000 .000 .000 .000 .000
N 170 170 170 170 170 170 170
Attitude
Pearson
Correlation
.463** 1 .632
** .717
** .691
** .682
** .409
**
Sig. (2-tailed) .000 .000 .000 .000 .000 .000
N 170 170 170 170 170 170 170
PBC
Pearson
Correlation
.747** .632
** 1 .695
** .737
** .735
** .474
**
Sig. (2-tailed) .000 .000 .000 .000 .000 .000
N 170 170 170 170 170 170 170
PR
Pearson
Correlation
.498** .717
** .695
** 1 .654
** .709
** .389
**
Sig. (2-tailed) .000 .000 .000 .000 .000 .000
N 170 170 170 170 170 170 170
Subjective Norm
Pearson
Correlation
.620** .691
** .737
** .654
** 1 .755
** .391
**
Sig. (2-tailed) .000 .000 .000 .000 .000 .000
N 170 170 170 170 170 170 170
51
Trust Intention
Pearson
Correlation
.534** .682
** .735
** .709
** .755
** 1 .584
**
Sig. (2-tailed) .000 .000 .000 .000 .000 .000
N 170 170 170 170 170 170 170
Behavioral
Outcome
Pearson
Correlation
.417** .409
** .474
** .389
** .391
** .584
** 1
Sig. (2-tailed) .000 .000 .000 .000 .000 .000
N 170 170 170 170 170 170 170
**. Correlation is significant at the 0.01 level (2-tailed).
We use the linear regression, to predict the behavior between the dependent and
independent variable; knowing the participants responses of each independent variables I
can predict the trust intention.
4.4.2 Linear Regression Analysis
The linear regression test was conducted. We obtained the R2 = 0.687 between
the predictor variables and the dependent variable (Table 10). These coefficient falls
between 0.60 and 0.70 in the exploratory research, which means that the predictor
variables do have an impact on the dependent variable. The analysis of variance test,
measured the effectiveness of the model with F = 71.887, p < 0.01.
We used the p value (sig.) and compared to the significance level (α), to support
or not each of the hypotheses: 1, 2, 3, 7, 11, and 12. Also, we can see (Table 10) the
hypothesis testing results.
Hypothesis 1: The higher the cloud security knowledge of the corporate users,
the higher their intention to trust the cloud services. The data analysis showed
that it was not supported because the p value was found .261 and greater than .01
or .05 or .10 was considered the three confidence levels: 1.65, 1.96 and 2.57. β = -
0.076 and p value (Sig) = .261.
52
Hypothesis 2: The higher the positive attitude of the corporate user toward cloud
security, the higher their intention to trust in adopting cloud services. The data
analysis show that it was supported at a significance level 0.10, β = .132 and p
value (Sig) = .059.
Hypothesis 3: The higher the corporate users perceived behavior control toward
the security of their corporate data, the higher their intention to trust in adopting
cloud services. The data analysis show that it was supported at a significance
level 0.01, β = .304 and p value (Sig) = .000.
Hypothesis 7: The higher the corporate users perceived risks toward cloud
services, the higher their intention to trust in adopting cloud services. The data
analysis show that it was supported at a significance level 0.01, β = 0.215, t =
3.040, p < 0.01
Hypothesis 11: The higher the subjective norm of the corporate users, the higher
their intention to trust the cloud services. The data analysis show that it was
supported at a significance level 0.01, β = 0.347, t = 4.731, p < 0.01
Hypothesis 12: The higher the corporate users’ intention to trust the cloud
computing, the likely they will adopt the cloud services as their behavioral
outcome. The linear regression test was conducted. We obtained the R2 = .341
between the predictor variable (trust intention) and the dependent variable
(behavioral outcome). The analysis of variance test, measured the effectiveness
of the model with F = 87.041, p < 0.01.
The data analysis show that it was supported at a significance 0.01, β = 0.584, t = 9.330,
p < 0.01.
53
The results reveal that the predictor variables, including attitude toward behavior
(H2), perceived behavioral control (H3), perceived risk (H7), and subjective norm (H11),
does influence the dependent variable trust intention at a significance level of p<0.01.
The results additionally show, that the coefficient for the predictor variable perceived
knowledge in cloud security (H1) is not significant, which means that the perceived
knowledge is not a good predictor variable to the trust intention.
Table 10: Hypothesis Testing
Model β t Sig. F Sig. R R
Square
Adjusted
R Square
(Constant) -3.133 .002
Knowledge -0.076 -1.128 .261
Attitude 0.132 1.903 .059
PBC 0.304 3.586 .000
PR 0.215 3.04 .003
SubNorm 0.347 4.731 .000
71.887 .000b .829
a 0.687 0.677
Trust
Intention 0.584 9.33 .000 87.041 .000
b 584
a 0.341 0.337
We used the multiple regressions, to study the possible relationship between a dependent
variable or to explain some independent variables.
4.4.3 Multiple Regressions
We also run a stepwise regression to confirm whether a relationship exists
between the predictive variables and the dependent variable (trust intention) (Table 11
through Table 13). The stepwise regression identified three models. In model 1, R2=0.57
of variability was determined between the predictor variable (subjective norm), and the
dependent variable (trust intention). The analysis of variance test measures the
effectiveness of the test with F = 222.668, p < 0.01.
54
In model 2, R2=0.651 of variability was determined between the predictor
variables (subjective norm and perceived risk), and the dependent variable (trust
intention). The model 3, R2=0.677 of variability was determined between the predictor
variables (subjective norm, perceived risk, and perceived behavioral control) and the
dependent variables (trust intention). The analysis of variance test measures the
effectiveness of the test with F = 155.854, p < 0.01.
The stepwise model suggests that model 3 fits the best measures of adjusting the
equation to data and the best validity between the displayed models. In other words, the
predictor variables of subjective norm, perceived risk and perceived behavioral control
should be able to predict the dependent variable trust intention (Table 11 through Table
13). However, based on the stepwise regression, while the standardized coefficients
(beta), and t value are significant, they did not indicate whether the moderator variables
(subjective norm and perceive risks) have an influence over the independent variables
(perceived knowledge, attitude and perceived behavioral control).
Table 11: Summary Model
Model R R Square Adjusted R
Square
Std. Error of the
Estimate
1 .755a .570 .567 .91861
2 .807b .651 .647 .82985
3 .823c .677 .671 .80115
a. Predictors: (Constant), SubNorm
b. Predictors: (Constant), SubNorm, PR
c. Predictors: (Constant), SubNorm, PR, PBC
55
Table 12: Analysis of Variance
ANOVAa
Model Sum of
Squares
df Mean
Square
F Sig.
1
Regression 187.899 1 187.899 222.668 .000b
Residual 141.767 168 .844
Total 329.666 169
2
Regression 214.660 2 107.330 155.854 .000c
Residual 115.006 167 .689
Total 329.666 169
3
Regression 223.120 3 74.373 115.875 .000d
Residual 106.546 166 .642
Total 329.666 169
a. Dependent Variable: Trust Intention
b. Predictors: (Constant), SubNorm
c. Predictors: (Constant), SubNorm, PR
d. Predictors: (Constant), SubNorm, PR, PBC
Table 13: Coefficients
Model Unstandardized Coefficients Standardized
Coefficients
t Sig.
B Std. Error Beta
1 (Constant) .020 .335 .058 .954
SubNorm 1.008 .068 .755 14.922 .000
2
(Constant) -.649 .321 -2.018 .045
SubNorm .679 .081 .509 8.421 .000
PR .494 .079 .377 6.234 .000
3
(Constant) -.862 .316 -2.729 .007
SubNorm .507 .091 .380 5.574 .000
PR .366 .084 .279 4.353 .000
PBC .334 .092 .261 3.631 .000
a. Dependent Variable: Trust Intention
Based on the multiple regression, ANOVA, the standardized coefficients (beta),
and t value are significant, but didn’t tell me if the moderator variable have influence in
the independent variable. We use SmartPLS v2.0 to identify the latent variables and their
path relationships, and to validate the research model (Figure 9). The variables
associated in this research model include perceived knowledge in cloud computing
security (as independent variable PK), attitude toward behavior (as independent variable
56
A), perceived behavioral control (as independent variable PBC), subjective norms (as
moderator variable SN), perceived risk (as moderator variable PR), trust intention (as
dependent variable TI), and behavioral outcome (as dependent variable BO). In Figure 9,
we found that the moderator variables (subjective norm and perceived risk) have a direct
effect on the exogenous latent variables (perceived knowledge in cloud computing
security, attitude toward trust intention, and perceived behavioral control) because the
path coefficient for these relationships are below 0.10 (Hair et at. 2014). Unfortunately,
the perceived knowledge in cloud computing security and the perceived risks do not have
an impact on corporate user’s trust intention in cloud technology adoption because their
coefficients are below 0.10.
4.5 Structural Equation Modeling using SmartPLS 2.0
The proposed model provides different safety-related functions to address the
different needs and situations, which can serve as a reference model for the adoption of
cloud-based technology storage companies. The main objective of this research was to
answer my research question, which was “to what extent do corporate users rely on the
security of cloud computing in order to adopt cloud services?” Also, the thirteen
hypotheses were tested to support the theoretical framework given in Chapter 2.
According to Hair Jr., Hult et al. (2014), “up as a rule of thumb, for sample sizes
up to about 1,000 observations, path coefficient with standardized value above 0.20 are
usually significant and those with value below 0.10 are usually not significant.
SmartPLS (Ringle, Wende et al. 2005) use a uniform value of 1 as an initial value for
each of the outer weights (Hair, Ringle et al. 2011). We will use PLS Algorithm, which
estimates the score of all latent variables in the model, which in turn serves for estimating
57
all path model relationships (Hair Jr., Hult et al. 2014). In the PLS Algorithm we can see
the relationships between latent variables, indicator loading measured, and R square.
The indicators are the measured items of a construct, according to Hair Jr., Ringle
et al., (Hair Jr., Hult et al. 2014) these should have a value above 0.70. In the Figure 9:
Structural Equation Modeling, shows the indicators, path coefficient and R2.
Based on the Figure 2, the R2 = 0.727 of variability (R
2) was obtained between all
predictor variables and the dependent variable (trust intention). The results reveal that
when:
Hypothesis 2: The higher the positive attitude of the corporate user toward cloud
security the higher their intention to trust in adopting cloud services. The data
analysis show that it was supported at β = 0.184.
Hypothesis 3: The higher the corporate users perceived behavior control toward
the security of their corporate data, the higher their intention to trust in adopting
cloud services. The data analysis show that it was supported at β = 0.329.
Hypothesis 11: The higher the subjective norm of the corporate users, the higher
their intention to trust the cloud services. The data analysis show that it was
supported at β =0.698.
However, the coefficient value for the perceived knowledge in cloud computing security
(H1: β = -0.043) is below 0.10, which indicates that perceived knowledge is not a good
predictor to trust intention. Additionally, the coefficient value for the perceived risks
(H7: β = -0.073) is also below 0.10, which indicates that perceived risks is not a good
predictor to trust intention. In this model, the moderator variable perceived risk
intervenes with and influences the independent variables including:
58
Hypothesis 4: The user’s perceived risk toward cloud computing can influence
their perceived knowledge of cloud security toward trust intention of adopting the
cloud services. The data analysis show that it was supported at β = 0.407
Hypothesis 5: The user’s perceived risk toward cloud computing can influence
their attitude toward trust intention of adopting cloud services. The data analysis
results show that a greater attitude toward behavior, lesser trust intention or lesser
attitude toward behavior, greater trust intention. The result reveal that hypothesis
5 was supported because β = -0.467 and is greater than the absolute value of 0.10.
Hypothesis 6: The user’s perceived risks toward cloud computing can influence
their perceived behavioral control toward trust intention of adopting the cloud
services. The data analysis show that it was supported at β =0.642
Likewise, the moderator variable subjective norm intervenes with and influences
the independent variables including:
Hypothesis 8: The subjective norm can influence corporate user’s perceived
knowledge on their intention to trust in the adoption of cloud services. The data
analysis results shows that a greater perceived knowledge, lesser trust intention or
lesser perceived knowledge, greater trust intention. The result reveal that
hypothesis 8 was supported because β = -0.296 and is greater than the absolute
value of 0.10.
Hypothesis 9: The subjective norm can influence corporate users’ attitude toward
their intention to trust in the adoption of cloud services. The data analysis show
that it was supported at β = 0.281 and the path coefficient is above 0.20.
59
Hypothesis 10: The subjective norm can influence corporate users’ perceived
behavioral control toward their intention to trust in adoption of cloud services.
The data analysis results shows that a greater perceived behavioral control, lesser
trust intention or lesser perceived behavioral control, greater trust intention. The
hypothesis 10 was supported at β = -0.722 and is greater than the absolute value
of 0.10.
Moreover, the R2 = 0.436 of variability (R2) was obtained between the predictor
variables (trust intention) and the dependent variable (behavioral outcome). This result
reveals (H12) that the higher the corporate users’ intention to trust the cloud computing,
the higher they are likely to adopt the cloud services as their behavioral outcome with β =
0.660 (see Table 14).
Finally, we can conclude that the moderating variables , Subjective norm and
Perceived risk, had an influence in the exogenous latent variables perceived knowledge
in cloud computing security, attitude toward behavior and perceived behavioral control,
because the path coefficient is above 0.20. The following study framework was built in
SEM.
60
Figure 9: Structural Equation Modeling
According to Hair, Ringle et al. (2011), the primary evaluation criteria for the
structural model are the R2 measures and the significance of the path coefficient. In this
research the R2 of the Trust Intention is 72.4%. According to Hair Jr., Hult et al. (2014)
the R2 are the amount of explained variance of endogenous latent variable in the
structural model. High R2
values also indicate that the value of the construct can be well
predicted. In the diagram we can observed that the path coefficient of the exogenous
latent variables perceived knowledge in cloud computing security and perceived risk are
below than the critical value 0.10 with a -0.043 and -0.0.73 value respectively.
61
Generally indicators with loading between 0.40 and 0.70 should only be considered for
removal from the scale if deleting the indicator leads to increase in composite reliability
about suggest threshold value (Hair, Ringle et al. 2011). In Table 2, we can see the
indicators with loading below 0.40 were eliminated to increase the composite reliability
or the average variance extracted (see Table 3).
4.6 Model with Result
Based on the Figure 9, the R2 = 0.727 of variability (R
2) was obtained between all
predictor variables and the dependent variable (trust intention). The results reveal that
the predictors attitude toward behavior (H2: β =0.184), perceived behavioral control (H3:
β =0.329), and subjective norm (H11: β = 0.698) have a significant relationship with the
dependent variable (trust intention). However, the coefficient value for the perceived
knowledge in cloud computing security (H1: β = -0.043) is below 0.10, which indicates
that perceived knowledge is not a good predictor to trust intention. Additionally, the
coefficient value for the perceived risks (H7: β = -0.073) is also below 0.10, which
indicates that perceived risks is not a good predictor to trust intention. In this model, the
moderator variable perceived risk intervenes with and influences the independent
variables including perceived knowledge in cloud computing security (H4: β = .407),
attitude toward behavior (H5: β = -0.467), and perceived behavioral control (H6: β
=0.642). Likewise, the moderator variable subjective norm intervenes with and
influences the independent variables including perceived knowledge in cloud computing
security (H8: β = -0.296), attitude toward behavior (H9: β = 0.281), and perceived
behavioral control (H10: β = -0.722). Moreover, the R2 = 0.436 of variability (R2) was
obtained between the predictor variables (trust intention) and the dependent variable
62
(behavioral outcome). This result reveals that the higher the corporate users intention to
trust the cloud computing, the higher they are likely to adopt the cloud services as their
behavioral outcome with β = 0.660 (see Table 14).
Table 14: SEM Summary
H1 Perceived knowledge intention to trust β = -0.043 Not supported
H2 Attitude Intention to trust β = 0.184 Supported
H3 Perceived behavioral control Intention to trust β = 0.329 Supported
H4 Perceived risks Perceived
knowledge β = 0.407 Supported
H5 Perceived risks Attitude β = -0.467 Supported
H6 Perceived risks Perceived behavioral
control β = 0.642 Supported
H7 Perceived risk Intention to trust β = -0.073 Not supported
H8 Subjective norm Perceived
knowledge β = -0.296 Supported
H9 Subjective norm Attitude β = 0.281 Supported
H10 Subjective norm Perceived behavioral
control β = -0.722 Supported
H11 Subjective norm Intention to trust β = 0.698 Supported
H12 Trust intention Behavioral outcome β = 0.660 Supported
63
4.7 Chapter Summary
Figure 10: Theoretical Framework
We used the correlation analysis to determine the correlation between the variables of the
study; the result revealed that the dependent variable, Trust Intention significantly
correlated with the other five independent variables of the questionnaire. Then, we use
the linear regression, to predict the behavior between the dependent and independent
variable. The result revealed, that only hypothesis 1 states that the higher cloud security
knowledge of the corporate users, the higher their trust intention in adopting cloud
services; are not supported. The hypothesis 2, are supported with p < 0.10, hypotheses 3,
7, 11, 12 are supported with p < 0.01. We used multiple regressions, to study the possible
relationship between a dependent variable or to explain some independent variables.
64
This analysis help us to create a model where the variables that can influence the
response are selected, discarding those that do not provide information. The result
revealed that, when the moderator variables are present the results showed the existence
of three models; but it did not tell us if the moderator variable have influence in the
independent variable. Then, the theoretical framework was built in structural equation
modeling (SEM) to measure all variables in the theoretical framework. We use
SmartPLS v2.0 to identify the latent variables and their path relationships, and to validate
the research model (Figure 9). The variables associated in this research model include
perceived knowledge in cloud computing security, attitude toward behavior, and
perceived behavioral control (as independent variables), subjective norms and perceived
risk (as moderator variables), trust intention, and behavioral outcome (as dependent
variable). We found that the moderator variables (subjective norm and perceived risk)
have a direct effect on the exogenous latent variables (perceived knowledge in cloud
computing security, attitude toward trust intention, and perceived behavioral control)
because the path coefficient for these relationships are below 0.10 (Hair et al. 2014).
Based on the Figure 9, the R2 = 0.727 of variability (R
2) was obtained between all
predictor variables and the dependent variable (trust intention). The results reveal that
when the predictors attitude toward behavior (H2: β =0.184), perceived behavioral
control (H3: β =0.329), and subjective norm (H11: β = 0.698) have a significant
relationship with the dependent variable (trust intention). However, the coefficient value
for the perceived knowledge in cloud computing security (H1: β = -0.043) is below 0.10,
which indicates that perceived knowledge is not a good predictor to trust intention. In
addition, the coefficient value for the perceived risks (H7: β = -0.073) is also below 0.10,
65
which indicates that perceived risks is not a good predictor to trust intention. In this
model, the moderator variable perceived risk intervenes with and influences the
independent variables including perceived knowledge in cloud computing security (H4: β
= .407), attitude toward behavior (H5: β = -0.467), and perceived behavioral control (H6:
β =0.642). Likewise, the moderator variable subjective norm intervenes with and
influences the independent variables including perceived knowledge in cloud computing
security (H8: β = -0.296), attitude toward behavior (H9: β = 0.281), and perceived
behavioral control (H10: β = -0.722). Moreover, the R2 = 0.436 of variability (R2) was
obtained between the predictor variables (trust intention) and the dependent variable
(behavioral outcome). This result reveals that the higher the corporate users’ intention to
trust the cloud computing, the higher they are likely to adopt the cloud services as their
behavioral outcome with β = 0.660 (see Table 14). We found evidence that the
moderating variables perceived risk and subjective norm had change in all independent
variable. Therefore, these effects can affect the decisions that are made in both sectors
(private and public) and the security information.
Unfortunately, the perceived knowledge in cloud computing security and the
perceived risks (as independent variables) do not have an impact on corporate user’s trust
intention in cloud technology adoption because their coefficients are below 0.10.
66
CHAPTER 5
Discussion, Limitation and Future Research
Based on the data analysis of this research, some limitations, implications,
contribution and future research can be discussed on this study conclusion.
5.1 Implications to Theory
This model differs from Ajzen; first, the perceived risk construct has a significant
relationship with intention. Likewise, the relationship between the exogenous latent
variable attitude toward behavior and the endogenous latent variable trust intention is
below 0.20. According to Hair et al. (2014) as a rule of thumb, for simple sizes of up to
1000 observations, path coefficient with standardized values above 0.20 are usually
significant. On the other hand, the construct perceived behavioral control did not have a
significant relationship with the behavioral outcome construct. In the theory of planned
behavior, the importance of actual behavioral control is self-evident: the resources and
opportunities available to a person must, to some extent, dictate the likelihood of
behavioral achievement Ajzen (1991).
5.2 Implications to Practice
This study helps companies and / or government agencies in managerial decision
making and thus, creating greater confidence in the security of cloud computing. Also,
this study identifies the indicators of threat behavior profile from information technology
people. Likewise, it provides trust indicators that can be used in the decision-making in
the process of cloud computing adoption. Finally, this work determines the level of
confidence that companies and/or government agencies have in cloud computing
security. This research contributed with the creation of a survey research tool that
67
measures the behavior in the cloud computing technology adoption as developed.
Moreover, a theoretical model was produced to evaluate the adoption of new cloud
technology.
5.3 Limitations
This research is limited to cognitive perspective of the corporate users and does
not include the actual security study of the cloud technology infrastructure. Future
research is expected in order to study other variables that may influence the intention
such as cost and information privacy.
The findings indicate the behavior of the different companies and / or government
agencies in different continents. However, this study does not identify the amount of
participants per continent.
5.4 Conclusions and Contributions
The purpose of this study was to explore to what extent corporate users trust the
cloud computing security in order to adopt the cloud services. It was expected to identify
the cognitive-behavioral indicators of threat profile from information technology
professionals, understanding trust indicators in the decision making process of cloud
computing adoption and determining the level of confidence that companies and
government agencies have in cloud computing security which becomes critically
important. It can be concluded that both sectors (private and public) have academically
prepared personnel with the experience to carry out their duties properly.
The model analysis developed by the researcher was able to respond to the
influence or relationships between 12 variables that were established in the investigation.
68
We found that the relationship between cloud security knowledge of the corporate users
and their trust intention with the cloud services does not exist. This results, indicate that
the combination of experiences, values, contextual information and expert insight does
not influence user intention to perform a certain behavior. This finding is similar to that
found in the literature review (Gupta, 2012). Likewise, perceived knowledge of the cloud
computing security is in the hands of top management because a company consists of a
team of employees with knowledge in different areas that make up a company and
knowledge that has been acquired over the years by the employees experience in the
enterprise. However, when the perceived social pressures are present e.g., peer influence,
peer pressure, advertisement from a marketing campaign, or special recognition by a
service provider are supported. Regarding the achievement or not of the perceived
knowledge in cloud security and their intention for adoption of services, we found that
the social pressure perceived, had direct influence in the corporate users' attitude on the
adoption of cloud services. Similarly, when the perceived risk is present to achieve or
not the perceived knowledge in cloud security and their intention for adoption of
services; we found that the perceived risk, had direct effect in the user’s perceived risk
toward cloud computing and can influence their perceived knowledge of cloud security
toward trust intention of adopting the cloud services. Both findings, the intervention of
the moderator variables, are innovative and significant contributions to the researcher
discipline, because so far, it has not been found in the literature review a similar claim.
Perceived behavioral control refers to people’s perception of the ease or difficulty of
performing the behavior of interest and/or specific behavioral context and not to a
generalized predisposition (Ajzen 1991). Greater awareness of the determinants of
69
perceived behavioral outcome (PBC) may provide insights into how to influence system
usage in the workplace (Elie-Dit-Cosaque et al. 2011). On the other hand, the
relationship between attitude toward behavior, and trust intention in the adoption of cloud
services, we found that attitude toward behavior influences the intention to rely on the
adoption of cloud services. This finding indicating a favorable or unfavorable evaluation
of the user influences the user's intention to perform a certain behavior. This finding is
similar to that found in the literature review (Ajzen, 1987). However, the social pressure
perceived intervenes to achieve or not the behavior of the attitude toward the behavior
and the intention to rely on the adoption of cloud services. We found that the favorable
evaluation or not, influences the user to decrease the user's intention to perform certain
behavior or vice versa. Likewise, when the perceived risk are present to achieve or not
the attitude toward behavior, and their intention to adopt cloud services; we found that a
greater favorable assessment or not of the user, have influence to decrease the user
intention to perform certain behavior or vice versa. On the other hand, when the
perceived risk intervenes to achieved or not the perceived behavioral control, and the
trust intention in cloud services; we found that the perceived risk influenced the decision
making, to achieve or not an expected loss associated with the purchase of a product or
service are influences that go inversely. Which means, that when there is a greater
attitude of lower corporate users they will intend to rely on the adoption of cloud services
or vice versa. Both findings, the intervention of the moderator variables are innovative
and significant contributions to the researcher’s discipline, because so far, these have not
been found in the literature review with a similar claim.
70
On the relationship between perceived behavioral control and trust intention in the
adoption of cloud services, it was found that perceived behavioral control influences the
intention to rely on the adoption of cloud services. This indicates that the perceived ease
or difficulty of exercise behavior influences the user's intention to perform a certain
behavior. This finding is similar to that found in the literature review (Ajzen, 1991).
However, when the subjective norm intervene to achieve or not the perceived behavioral
control and trust intention in cloud services; we found that a higher perceived ease or
difficulty to exercising the behavior, influence to decrease the user's intention to perform
certain behavior or vice versa. Likewise, when the perceived risk is present in perceived
behavioral control it has a direct influence in their trust intention in cloud services. This
means that the higher, the greater perceived behavioral control, is as well the trust
intention or vice versa. Both findings, the intervention of the moderator variables are
innovative and significant contributions to the researcher’s discipline, because so far, it
has not been found in the literature review a similar claim.
In the relationship between trust intention and their behavior outcome, it was
found that the intention of user confidence in the cloud, positively influences the behavior
of the user. This means that with a greater trust intention to adopt cloud services, there is
a higher behavioral outcome by the user. From another point of view, a lower intensity
of user confidence in the cloud will be less user behavior. This finding is similar to that
found in the literature review, since that the cognitive trust is a customer’s confidence or
willingness to rely on a service provider’s competence and reliability (Johnson y Grayson
2005). In cognitive trust, the trustee’s actions can be observed, and the causes are
attributed to the trustee’s internal trust-related characteristics (e.g., competence and
71
integrity). On the other hand, the emotional state can influence the person’s decision to
trust or not on unknown or competition (Forgas 2009). Therefore, intention is an
indication of a person's readiness to perform a given behavior, and it is considered to be
the immediate antecedent of behavior (Ajzen 2006).
The model developed by the researcher includes a very relevant consideration of
constructs (perceived in cloud security knowledge, attitude toward the behavior of the
user in the cloud and perceived behavioral control) and innovative intervention of the
moderator variables (Subjective norm and Perceived Risk) model. The variables: trust
intention and behavioral outcome measured significantly each constructs posed by the
researcher, which shows that research has a contribution to the discipline. Finally, these
findings demonstrated that the moderating variables have an effect at the time of decision
making in an organization.
This research provides the following major contributions. First, a theoretical
model to evaluate the adoption of new technology was established. Second, an
appropriate research tool that measures whether the companies and / or government
agency behavior in the cloud computing technology adoption is developed.
72
REFERENCES
Ajzen, I. (1985). "Action-control: From cognition to behavior Action-control: From
cognition to behavior." SSSP Springer Series in Social Psychology: 11-39.
Ajzen, I. (1987). "Attitudes, traits, and actions: Dispositional prediction of behavior in
personality and social psychology." Advances in experimental social psychology
20: 1-63.
Ajzen, I. (1991). "The Theory of Planned Behavior." Organizational Behavior and
Human Decision Processes 50(2): 179-211.
Ajzen, I. (2005). Attitudes, personality and behaviour, McGraw-Hills.
Ajzen, I. (2006). "Theory of Planned Behavior." from
http://people.umass.edu/aizen/tpb.diag.html.
Ajzen, I. and M. Fishbein (1980). Understanding Attitudes and Predicting Social
Behavior, Prentice Hall.
Anthes, G. (2010). "Security in the Cloud." Communications of the ACM 53(11): 16-19.
Antonova, A., et al. (2009). Extended Architecture of Knowledge Management System
with Web 2.0 Technologies The 10th European Conference on Knowledge
Management. Vicenza, Italy.
Arinze, B. and M. Anandarajan (2010). "Factors that Determine the Adoption of Cloud
Computing: A Global Perspective." International Journal of Enterprise
Information Systems 6(4): 55-68.
Armbrust, M., et al. (2010). "Clearing the clouds away from the true potential and
obstacles posed by this computing capability " Communicat ions of the ACM
53(4): 50-58.
73
Audi, R. (2008). "Some Dimensions of Trust in Business Practices: From Financial and
Product Representation to Licensure and Voting." Journal of Business Ethics
80(1): 97-102.
Bandura, A. (1977). "Self-efficacy: Toward a unifying theory of behavioral change."
Psychological Review 84(191-215).
Baron, A., et al. (1969). "Effects of instructions and reinforcement-feedback on human
operant behavior maintained by fixed-interval reinforcement Journal of the
Experimental Analysis of Behavior, 1969,12/701-712." Journal of the
Experimental Analysis of Behavior 12: 701-712.
Bauer, R. A. (1967). Consumer Behavior as Risk Taking. Risk Taking and Information
Handling in Consumer Behavior: 22-23.
Baum, W. M. T. C. B. L. o. E. J. o. t. E. A. o. B., 1973, 20, 137-153 (1973). "The
Correlation Based Law of Effect " Journal of the Experimental Analysis of
Behavior 20(137-153).
Beimborn, D., et al. (2011). "Platform as a Service (PaaS)." Business & Information
Systems Engineering 3(6): 381.
Berinato, S. and L. C. Ware (2005). The Global State of Information Security. CIO
Magazine.
Bickmore, T. and J. Cassell (2001). Relational agents: a model and implementation of
building user trust. . CHI '01 Proceedings of the SIGCHI Conference on Human
Factors in Computing Systems Seattle, WA., Seattle, WA.
Blackler, F., et al. (1993). "Epilogue - An agenda for research " Journal of Management
Studies 30(6): 1017-1020.
74
Brancheau, J. C., et al. (1996). "Key Issues in Information Systems Managment." MIS
Quarterly: 225-242.
Brien, A. (1998). "Professional Ethics and the Culture of Trust " Journal of Business
Ethics 17(4): 391-409.
Brown, H. G., et al. (2004). "Interpersonal Traits, Complementarity, and Trust in Virtual
Collaboration." Journal of Management Information Systems 20(4): 115-137.
Cardona-Gómez, N. and G. Calderón Hernández (2010). "Confianza en las interacciones
del trabajo investigativo. Un estudio en grupos de investigación en una
universidad pública colombiana." Cuad. Adm. Bogotá 23(40): 69-93.
Chi, H., et al. (2012). "The Moderating Effect of Subjective Norm on Cloud Computing
Users’ Perceived Risk and Usage Intention." International Journal of Marketing
Studies 4(6): 95-102.
Choubey, R., et al. (2011). "A Survey on Cloud Computing Security, Challenges and
Threats " International Journal on Computer Science and Engineering 3(3): 1227-
1231.
Compeau, D. R. and C. A. Higgins (1995). "Computer Self-Efficacy: Development of a
Measure and Initial Test." MIS Quarterly 19(2): 189-211.
Compeau, D. R., et al. (1999). "Social Cognitive Theory and Individual Reactions to
Computing Technology a Longitudinal Study." MIS Quarterley 23(2): 145-158.
Creese, S., et al. (2009). Data Protection-Aware Design for Cloud Services. Cloud
Computing, Springer Berlin Heidelberg. 5931: 119-130.
Davis, F. D. (1989). "Perceived Usefulness, Perceived Easy of Use, and User Acceptance
of Information Technology." MIS Quarterley 13(3): 319-340.
75
Dowling, G. (1986). "Perceived risk: The concept and its measurement." Psychology and
Marketing 3(3): 193-210.
Dubie, D. (2007). "Security concerns cloud virtualization deployments." from
http://www.networkworld.com/news/2007/112107-security-
virtualization.html?page=1.
Dunn, J. R. and M. E. Schweitzer (2005). "Feeling and believing: The influence of
emotion on trust." Journal of Personality and Social Psychology 88(736-748).
Elie-Dit-Cosaque, C., et al. (2011). "The Influence of Individual, Contextual, and Social
Factors on Perceived Behavioral Control of Information Technology: A Field
Theory Approach." Journal of Management Information Systems 28(3): 201-234.
Fisher, S. L. and A. W. Howell (2004). "Beyond User Acceptance: An Examination of
Employee Reactions of Information Technology Systems." Human Resource
Management, Summer 43(2-3): 243-258.
Forgas, J. P. (2009). Affective influences on attitudes and judgements.
Frick, D. E. (2011). Motivating the Knowledge Worker. D. I. A. W. D.C, A Publication
of the Defense Acquisition University: 369-387. A. P. o. t. D. A. University: 369-
387.
Garfinkel, S. (2012). "The Cybersecurity Risk." Communication of the ACM 55(6): 29-
32.
George, D. and P. Mallery (2009). SPSS for Windows step by step: A simple guide and
reference 16.0 update Boston, Pearson Education, Inc.
Godes, D., et al. (2005). "The Firm’s Management of Social Interactions." Journal of
Research Marketing 16(3-4): 415-428.
76
Goodburn, M. A. and S. Hill (2010). "The Cloud Transforms Business." Financial
Executive 26: 35-39.
Gross, J. J., et al. (2011). "Emotion generation and emotion regulation: A distinction we
should make (carefully)." Cognition and Emotion 25(5): 765-781.
Gupta, B., et al. (2012). "The Effect of Expected Benefit and Perceived Cost on
Employees’ Knowledge Sharing Behavior: A Study of IT Employees in India."
ORGANIZATIONS AND MARKETS IN EMERGING ECONOMIES 3(1-5): 8-
19.
Guseman, D. (1981). "Risk perception and risk reduction in consumer services."
Marketing of Service.
Hair, J. F., et al. (2011). "PLS-SM: Indeed a silver bullet." Journal of Marketing Theory
and Practice 19: 139-151.
Hair Jr., J. F., et al. (2014). A Primier On Partial Least Squares Structutal Equeation
Modeling (PLS-SEM), SAGE Publications, Inc.
Hall, H., et al. (2013). "From Darwin to constructivism: the evolution of grounded theory
" Nurse Researcher 20(3): 17-21.
Harris, J. G. and A. E. Alter (2010). Six Questions Every Executive Should Ask about
Cloud Computing., Accenture Institute for High Performance.
Hawes, J. M., et al. (1989). "Trust Earning Perceptions of Sellers and Buyers." Journal of
Personal Selling & Sales Management 9(1): 1-8.
Henle, C. A., et al. (2010). "Stealing Time at Work: Attitudes, Social Pressure, and
Perceived Control as Predictors of Time Theft." Journal of Business Ethics 94(1):
53-67.
77
Hochschild, J., et al. (2012). "Technology Optimism or Pessimism: How Trust in Science
Shapes Policy Attitudes toward Genomic Science." Issue in Technology
Innovation at Brookings. from
http://www.brookings.edu/~/media/Research/Files/Papers/2012/12/genomic%20s
cience/genomic%20science.pdf.
Hoff, C., et al. (2011). Security guidance for critical areas of focus in cloud computing,
Cloud Security Alliance.
Hoffman, L. J., et al. (2006). "Trust Beyond Security: An Expanded Trust Model."
Communications of the ACM 49(7): 94-101.
Hofstede, G. (1991). Cultures and Organizations: Software of the Mind. . London,
Jamil, D. and H. Zaki (2011). "Cloud Computing Security." International Journal of
Engineering Science and Technology 3(4): 3478-3483.
Jansen, W. and T. Grance (2011). Guidelines on Security and Privacy in Public Cloud. U.
D. o. Commerce.
Johnson, D. and K. Grayson (2005). "Cognitive and affective trust in service
relationships." Journal of Business Research 58: 500-507.
Kaiser, H. F. (1958). "The Varimax Criterion for Analytic Rotation in Factor Analysis."
PSYCHOMETRIKA 23(3).
Karahanna, E., et al. (1999). "Information technology adoption across time: a
crosssectional comparison of pre-adoption and post-adoption beliefs MIS
Quarterly, 23(2), 183-213." MIS Quarterly 23(2): 183-213.
Kayworth, T. and D. Whitten (2010). "Effective Information Security Requires a Balance
of Social and Technology Factors." miS Quarterly Executive 9(3): 169-175.
78
Keil, M., et al. (2000). "A Cross-Cultural Study on Escalation of Commitment Behavior
in Software Projects." MIS Quarterly 24(2): 299.
Koller, M. (1988). "Risk as a Determinant of Trust " Basic and Applied Social
Psychology 9(4): 265-276.
Komiak, S. Y. X. and I. Benbasat (2004). "Understanding Customer Trust in Agent-
Mediated Electronic Commerce, Web-Mediated Electronic Commerce, and
Traditional Commerce,." Information Technology and Management 5(1-2): 181-
207.
Komiak, S. Y. X. and I. Benbasat (2006). "The Effects of Personalization and Familiarity
on Trust and Adoption of Recommendation Agents " MIS Quarterly 30(4): 941-
960.
Krejcie, R. V. and D. W. Morgan (1970). "Determining sample size for research
activities." Educational and Psychological Measurement 30(607-610).
Kuo, A. M.-H. (2011). "Opportunities and Challenges of Cloud Computing to Improve
Health Care Services " Journal of Medical Internet Researchs 13(3): 22.
Lai, J.-Y. (2009). "How reward, Computer Self-Efficacy, and Perceived Power Security
Affect Knowledge Management Systems Success: An Empirical Investigation in
High-Tech Companies." Journal of the American Society for Information Science
& Technology 6(2): 332-347.
Lee, S. S.-J., et al. (2013). "Attitudes towards Social Networking and Sharing Behaviors
among Consumers of Direct-to-Consumer Personal Genomics." Journal of
Personalized Medicine 3: 275-287.
79
Lewicki, R. J. and B. B. Bunker (1996). Developing and Maintaining Trust in Work
Relationships.’ In Trust in Organizations, Frontiers of Theory and Research,
SAGE Publications, Inc.
Lfiti, M. and J. Gharbi (2012). "The impact of electronic services on E-Trust in the
Tunisian post." Institute of Interdisciplinary Business Research 3(9): 449-468.
Liao, C.-N., et al. (2011). "Cloud computing: A conceptual framework for knowledge
management system " Human Systems Management 30(3): 137-143.
Linden, S. v. d. (2011). "Charitable Intent: A Moral or Social Construct? A Revised
Theory of Planned Behavior Model." Current Psychology 30(4): 355-374.
Lohmeyer, D. F. J. and S. McCrory (2002). "Managing information security." McKinsey
Quart 2: 12-16.
Low, C., et al. (2011). "Understanding the determinants of cloud computing adoption."
Industrial Management & Data Systems 111(7): 1006-1023.
Ltifi, M. and J.-E. GHARBI (2011). "The Socio-Cognitive Theory of Trust to Electronic
Trust " Journal of Contemporary Research in Business 3(7): 1049-1050.
Manstead, A. S. R. (2000). The role of moral norm in the attitude–behavior relation.
Marcolin, B. L., et al. (2000). "Assessing User Competence: Conceptualization and
Measurement." Information Systems Research 11(1): 37-60.
McAllister, D. J. (1995). "Affect- and cognition-based trust as foundations for
interpersonal cooperation in organizations." Academy of Management Journal 38:
24-59.
80
Mcknight, D. H., et al. (2002). "Developing and validating trust measures for e-
commerce: an integrative typology." Information Systems Research 13(3): 334-
359.
Mell, P. and T. Grance (2011). The NIST Definition of Cloud Computing U. S. D. o.
Commerce, Special Publication 800-145.
Mitchell, V. W. (1999). "Consumer perceived risk: Conceptualisations and models."
European Journal of Marketing of Service 33(1-2): 163-195.
Mollering, G. (2001). "The nature of trust: from Georg Simmel to a theory of
expectation, interpretation and suspension." Sociology 35: 403-420.
Morales Vallejo, P. (2013). "El Analisis Factorial en la construccion e interpretacion de
test, escalas y cuestionarios." from
http://www.upcomillas.es/personal/peter/investigacion/AnalisisFactorial.pdf.
Myers, D. and D. Tingley (2011). "The Influence of Emotion on Trust." from
http://scholar.harvard.edu/dtingley.
Nonaka, I. (1994). "A Dynamic Theory of Organizational Knowledge Creation "
Organization Science 5(1): 14-37.
Nunnally, J. C. (1978). Psychometric Theory, McGraw-Hill.
Parker, J. S. (2012). "Lost in the Cloud: Protecting End-User Privacy in Federal Cloud
Computing Contracts." Public Contrac Law Journal 41(2): 385-409.
Pavlou, P. A. (2003). "Consumer Acceptance of Electronic Commerce: Integrating Trust
and Risk with the Technology Acceptance Model " International Journal of
Electronic Commerce 7(3): 101-134.
81
Pavlou, P. A. and M. Fygenson (2006). "Understanding and Predicting Electronic
Commerce Adoption: An Extension of the Theory of Planned Behavior." MIS
Quarterly 30(1): 115-143.
Perez, S. (2009). "In Cloud We Trust?". from http://readwrite.com/2009/01/25/in-cloud-
we-trust#awesm=~ozz0y1GagyK7ug.
Peter, J. P. and M. J. Ryan (1976). "An Investigation of Perceived Risk at the Brand
Level." Journal of Marketing Research 13(2): 184-188.
Pietroni, D., et al. (2008). "Emotions as strategic information: Effects of other’s emotions
on fixed-pie perception, demands and integrative behavior in negotiation." Journal
of Experimental Social Psychology 44: 1444-1454.
Powell, K. C. and C. J. Kalina (2009). "Cognitive and Social Constructivism: Developing
Tools For An i Effective Classroom " Education 130(2): 241-250.
Prus, R. C. (1987). "Developing Loyalty: Fostering Purchasing Relationship in the
Marketplace." Journal of Contemporary Ethnography 15(3-4): 331-336.
Ransbotham, S. and S. Mitra (2009). "Choice and Chance: A Conceptual Model of Paths
to Information Security Compromise." Information Systems Research 20(1): 121-
139.
Rempel, J. K., et al. (1985). "Trust in Close Relationships." Journal of Personality and
Social Psychology 49(1): 95-112.
Ringle, C. M., et al. (2005). "SmartPLS 2.0." from www.smartpls.de.
Robert Jr., L. P., et al. (2009). "Individual Swift Trust and Knowledge-Based Trust in
Face-to-Face and Virtual Team Members." Journal of Management Information
Systems 26(2): 241-279.
82
Rosenthal, A., et al. (2009). "Cloud computing: A new business paradigm for biomedical
information sharing." Journal of Biomedical Informatics 43(2): 342-353.
Ross, P. and M. Blumenstein (2013). "Cloud computing: the nexus of strategy and
technology " Journal of Business Strategy 34(4): 39-47.
Rotter, J. B. (1980). "Interpersonal trust, trustworthiness and gullibility " American
Psychologist 35(1): 1-7.
Rousseau, D. M., et al. (1998). " Not so different after all: A crossdiscipline view of
trust." Academy of Management Review 23(393-404).
Schaubroeck, J., et al. (2011). "Cognition-Based and Affect-Based Trust as Mediators of
Leader Behavior Influences on Team Performance." Journal of Applied
Psychology 96(4): 863-871.
Schultze, U. (2000). "A Confessional Account of an Ethnography about Knowledge
Work " MIS Quarterley 24(1): 3-41.
Schwartz, S. (1977). "Normative influences on altruism." Advances in experimental
social psychology 10: 221-279.
Sekaran, U. (2003). Research Methods for Business: A Skill Building Approach, J. W.
Sons.
Shaw, R. B. (1997). Trust in the balance: Building successful organizations on results,
integrity, and concern. San Francisco, Jossey-Bass.
Shivakumar, B. L. and T. Raju (2010). "Emerging Role of Cloud Computing in
Redefining Business Operations." Global Management Review 4(4): 48-52.
83
Sitkin, S. B. and A. L. Pablo (1992). "Reconceptualizing the determinants of risk
behavior. Academy of Management Review, 17, 9–38." Academy of Management
Review 17: 9-38.
Sivan, E. (1986). "Motivation in Social Constructivist Theory." Educational Psychologist
21(3): 209-233.
Six, F. E. (2007). "Building interpersonal trust within organizations: a relational
signalling perspective." J Manage Governance(11): 285-309.
Sourour, M., et al. (2009). "Ensuring security in depth based on heterogeneous network
security technologies." International Journal of Information Security 8(4): 233-
246.
Southey, G. (2011). "The Theories of Reasoned Action and Planned Behaviour Applied
to Business Decisions: A Selective Annotated Bibliography." Journal of New
Business Ideas & Trends 9(1): 43-50.
Srinivasa, M. (2012). "Building a Secure Enterprise Model for Cloud Computing
Environment " Academy of Information and Management Sciences Journal 15(1):
17.
Stone, R. and K. Gronhaug (1993). "Perceived Risk: Further Considerations for the
Marketing Discipline." European Journal of Marketing 27(3): 39-50.
Svensson, G. (2001). "Extending Trust and Mutual Trust in Business Relationships
Towards a Synchronised Trust Chain in Marketing Channels Management
Decision 39(6): 431 - 440." Management Decision 39(6): 431-440.
Sztompka, P. (1999). Trust: A Sociological Theory. Cambridge University Press.
84
Taylor, S. and P. Todd (1997). "Understanding the Determinants of Consumer
Composting Behavior." Journal of Applied Social Psychology 27(7): 602-628.
Tsai, M.-T., et al. (2010). "Knowledge workers’ interpersonal skills and innovation
performance: An empirical study of Taiwanese high-tech industrial workers "
Social Behavior and Personality 38(1): 115-126.
Urban, D. and H. T. J. (1997). "Cognitive Determinants of Risk Perceptions Associated
with Biotechnology " Scientometrics 40(2): 299-331.
Vaidyanathan, G. and S. Mautone (2009). "Security in Dynamic Web Content
Management Systems Applications." Communications of the ACM 52(12): 121-
125.
Venkatesh, V. and M. G. Morris (2000). "Why Don't Men Ever Stop to Ask For
Directions? Gender, Social Influence, and Their Role in Technology Acceptance
and Usage Behavior." MIS Quarterly 24(1): 115-139.
Venkatesh, V., et al. (2003). "User Acceptance of Information Technology: Toward a
Unified View " MIS Quarterley 27(3): 425-478.
Von Nordenflycht, A. (2010). "What is a professional service firm? Toward a theory and
taxonomy of knowledge intensive firms " Academy of Management Review
35(1): 155-174.
Ward, B. T. and J. C. Sipior (2010). "The Internet Jurisdiction Risk of Cloud
Computing." Information Systems Management 27(334-339).
Yang, H.-D., et al. (2009). "Social Influence on Knowledge Worker's Adoption of
Innovative Information Technology." Journal of Computer Information Systems:
25-36.
85
Yao, M. Z., et al. (2007). "Predicting User Concerns About Online Privacy." Journal of
the American Society for Information Science & Technology 58(2): 710-722.
Yoo, C. (2010). "The Changing Patterns of Internet Usage." Federal Communications
Law Journal 63: 67-89.
Zand, D. E. (1972). "Trust and Managerial Problem Solving Administrative Science
Quarterly 17(2): 229-339." Administrative Science Quarterly 17(2): 229-339.
Zucker, L. G., et al. (1996). Collaboration Structure and Information Dilemmas in
Biotechnology: Organizational Boundaries as Trust Production. .
86
APPENDIX A
QUESTIONNAIRE ON TRUST IN THE CLOUD: A COGNITIVE-
BEHAVIORAL FRAMEWORK OF TECHNOLOGY ADOPTION FOR
CLOUD COMPUTING IN ORGANIZATIONS
The purpose of this research is to identify the types of behavior that the Information
Systems professionals / managers have taken on, and how their decisions of adopting the
cloud storage technology and service are made in organizations in.
This questionnaire will be used to measure the users’ trust in the security of the cloud
computing.
Instructions: Please mark the item that illustrates your best answer:
Demographic Information
1. Gender female male
2. Age Range
21 – 30 41 – 50 61 - 70
31 – 40 51 – 60 71 +
3. Education
High School Bachelor’s degree
Associate’s degree Master’s degree
Doctorate’s degree
4. Position
IT Manager/Director IT Professional
Manager Programmer Other
5. Experience year in this position
Less than 5 5- 10 11- 20 21 – 30 +30
87
6. Type of Company
Insurance Bank Government agencies
Education Computer/IT Healthcare Other (Please
specify)
7. Have you ever heard of cloud computing?
Yes No
8. Have you used cloud storage before? (yes no)
Yes No
9. What kind of cloud storage
Box IBM Microsoft Azure
Amazon Others? Please write down your service provider’s
name.
10. Has anyone close to you ever used cloud storage?
Yes No
88
Attitude
Str
on
gly
Dis
ag
ree
Dis
ag
ree
So
mew
ha
t
Dis
ag
ree
Nei
ther
Ag
ree
no
r
Dis
ag
ree
So
mew
ha
t
Ag
ree
Dis
ag
ree
som
e w
ha
t
Ag
ree
Str
on
gly
Ag
ree
1. Using cloud storage is a right and
helpful idea.
1
2
3
4
5
6
7
2. Using cloud service is an
acceptable solution to my corporate
data storage.
1
2
3
4
5
6
7
3. Use cloud storage is a good idea.
1
2
3
4
5
6
7
4. I am excited about the idea of using
the cloud storage.
1
2
3
4
5
6
7
5. Use cloud storage is a positive idea.
1
2
3
4
5
6
7
6. I am bored about the idea of using
the cloud storage.
1
2
3
4
5
6
7
Perceived Risk
7. I believe that my corporate data
stored on, and manage by this
cloud storage services provider is
secure.
1
2
3
4
5
6
7
8. I am comfortable that the service
provider of this cloud storage
solution will not use unsuitable
methods to collect my personal
data.
1
2
3
4
5
6
7
9. I am skeptical about putting my
corporate information in someone
else hands.
1
2
3
4
5
6
7
10. I perceive that my corporate data
stored on, and managed by this
cloud storage service provided is
well protected.
1
2
3
4
5
6
7
11. I believe the service provider of
89
this cloud storage solution will
perform due diligence, and secure
our corporate data.
1
2
3
4
5
6
7
Knowledge in Cloud Computing
Security
12. I have sufficient knowledge about
the cloud storage security.
1
2
3
4
5
6
7
13. I possess enough knowledge to use
and work with cloud storage.
1
2
3
4
5
6
7
14. I have sufficient experience in
knowing the security of the cloud
storage services.
1
2
3
4
5
6
7
15. I am confident that the service
provider has sufficient and
knowledgeable technical personnel
to manage and secure the cloud
storage.
1
2
3
4
5
6
7
Perceived Behavioral Control
16. I possess enough knowledge to use
cloud storage.
1
2
3
4
5
6
7
17. I am certain that the personal
information I provide to the
services provider is secure.
1
2
3
4
5
6
7
18. I have the knowledge that the
service provider does not use
unsuitable methods to collect my
personal data.
1
2
3
4
5
6
7
19. Using the cloud storage service is
easy.
1
2
3
4
5
6
7
20. Using the cloud storage service is
simple.
1
2
3
4
5
6
7
21. Using the cloud storage service is
under my control.
1
2
3
4
5
6
7
90
Subjective Norm
22. The reputation and recognition of
the services provider influence me
in my decision whether to use
cloud storage.
1
2
3
4
5
6
7
23. Most people who are important to
me think it is a good idea to use
cloud storage
1
2
3
4
5
6
7
24. The advertisement of the services
provider influence me in my
decision whether to use cloud
storage.
1
2
3
4
5
6
7
25. The competitiveness in my industry
influences me in my decision
whether to use cloud storage
1
2
3
4
5
6
7
26. Most people who are important to
me would use cloud storage.
1
2
3
4
5
6
7
Trust Intention
Cognitive Trust
27. For me, using the cloud storage in
the next six months is important.
1
2
3
4
5
6
7
28. I plan to use cloud storage in the
next six months.
1
2
3
4
5
6
7
29. I anticipate I will use cloud storage
in the next six months.
1
2
3
4
5
6
7
Emotional Trust
30. The Platform as a Service (PaaS) of
this service provider is dependable
and honest in providing secure
cloud storage services.
1
2
3
4
5
6
7
31. The services provider is competent
and trustworthy in handling and
securing my data.
1
2
3
4
5
6
7
Behavioral Outcome
Performance-related
consequence of the behavior
91
32. Had my company failed to
implement cloud storage
technology during the past three
years?
1
2
3
4
5
6
7
33. Is my company currently adopting
and using the cloud storage
technology?
1
2
3
4
5
6
7
34. Is my company likely to
continuously use the cloud storage
technology in the next three years?
1
2
3
4
5
6
7
Personal-related consequence of
the behavior
35. Had I failed to use the cloud
storage technology when the
company required me to during the
past three years?
1
2
3
4
5
6
7
36. After the cloud storage is
implemented, do I have limited
access to corporate information
when I need them?
1
2
3
4
5
6
7
37. Do I expect my company to
continuously use the cloud storage
technology in the next three years?
1
2
3
4
5
6
7
92
APPENDIX B
DETERMINING SAMPLE SIZE TABLE
93
APPENDIX C
IRB APPROVAL LETTERS
94
95
96
APPENDIX D
HOJA INFORMATIVA