Risks arising cloud computing adoption. Empirical evidences from Italian SMEs

Journal title MANAGEMENT CONTROL
Author/s Adele Caldarelli, Luca Ferri, Marco Maffei
Publishing Year 2016 Issue 2016/3
Language Italian Pages 22 P. 27-48 File size 647 KB
DOI 10.3280/MACO2016-003003
DOI is like a bar code for intellectual property: to have more infomation click here

Below, you can see the article first page

If you want to buy this article in PDF format, you can do it, following the instructions to buy download credits

Article preview

FrancoAngeli is member of Publishers International Linking Association, Inc (PILA), a not-for-profit association which run the CrossRef service enabling links to and from online scholarly content.

This paper examines the issues relating to the implementation of cloud computing in Italian SMEs. The aim is to measure the perception of the risks usually associated to the introduction of cloud computing in Italian SMEs identified as first-time adopters. The analysis relies upon a questionnaire disseminated through 400 individuals belonging to the Accounting and/or Information and Communication Technology divisions of 200 Italian SMEs, during the implementation phase of cloud computing. The survey was conceived as to obtain information about the perceived risks in terms of likelihood and impact before cloud computing adoption and after six months of implementation. The data gathered were therefore helpful to put into light the perceived risks of cloud computing implementation. The results show that there is a strong risks perception before this tool implementation indipendentely from the personal experience of the respondent. Hence, this research contributes to the ongoing debate on cloud computing potential in firms, deepening the issues relating to its introduction.

Keywords: Cloud computing, ICT, rischi.

  1. Almulla S.A., Yeun C.Y. (2010), Cloud computing security management, Proceeding of: Engineering Systems Management and Its Applications (ICESMA), 2010 Second International Conference on, 1, 1, pp. 1-7.
  2. Alshamaila Y., Papagiannidis S. & Li F. (2013), Cloud computing adoption by SMEs in the north east of England: A multi-perspective framework, Journal of Enterprise Information Management, 26(3), pp. 250-275. DOI: 10.1108/17410391311325225
  3. Anderson P., Tushman M.L. (1990), Technological Discontinuities and Dominant Designs: A Cyclical Model of Technological Change, Administrative Science Quarterly, 35, 1, pp. 604-633. DOI: 10.2307/2393511
  4. Armbrust M., Fox A., Griffith R., Joseph A.D., Katz R., Konwinski A., Lee G., Patterson D., Rabkin A., Stoica I., Zaharia M. (2010), A view of cloud computing, Communications of the ACM, 53, 4, pp. 50-58. DOI: 10.1145/1721654.1721672
  5. Azzali S., Mazza T. (2011), La valutazione degli Information Technology Controls nell’ambito di sistemi di controllo interno: I risultati di una ricerca empirica, Management Control, 3, pp. 91-118. DOI: 10.3280/MACO2011-003005
  6. Badger L., Grance T., Patt-Corner R., Voas J. (2012), Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology, USA, CreateSpace Independent Publishing Platform.
  7. Bakos J.Y., Treacy M.E. (1986), Information technology and corporate strategy: a research perspective, MIS Quarterly, 10, 2, pp. 107-119. DOI: 10.2307/249029
  8. Banca d’Italia (2009), Relazione annuale al Governo, available on-line at https://www.bancaditalia.it/UIF/pubblicazioni-uif/relazione-2009.pdf.
  9. Banca d’Italia (2011), Relazione annuale al Governo, available on-line at https://www.bancaditalia.it/UIF/pubblicazioni-uif/relazione-2011.pdf.
  10. Banca d’Italia (2013), Relazione annuale al Governo, available on-line at https://www.bancaditalia.it/UIF/pubblicazioni-uif/relazione-2013.pdf.
  11. Benzécri J.P., (1973), L’analyse des données. Analyse des correspondances, Dunod, Paris.
  12. Black S.E., Lynch L.M. (2004), What's driving the new economy: The benefits of workplace innovation, Economic Journal, 114, 1, pp. 97-116.
  13. Black S.E., Lynch L.M. (2001), What's driving the new economy: The benefits of workplace innovation, Staff Report, Federal Reserve Bank of New York, 118, available online at: http://www.econstor.eu/bitstream/10419/60637/1/331485036.pdf.
  14. Brehmer, B. (1987), The psychology of risk. In Singleton W.T. and Hovden J. (Eds.), Risk and decisions, New York, Wiley.
  15. Brender N., Markov I. (2013), Risk perception and risk management in cloud computing: Results from a case study of Swiss companies, International Journal of Information Management, 33, 5, pp. 726–733.
  16. Bresnahan T.F., Brynjolfsson E., Hitt L.M. (2002), Information Technology, Workplace Organization, and the Demand for Skilled Labor: Firm-Level Evidence, Quarterly Journal of Economics, 117, 1, pp. 339-376. DOI: 10.1162/003355302753399526
  17. Broberg J., Venugopal S., Buyya R., (2008), Market-oriented grids and utility computing: The state-of-the-art and future directions, Journal of Grid Computing, 6, 3, pp. 255-276.
  18. Bugamelli M., Pagano P. (2004), Barriers to investment in ICT, Applied Economics, 36, 20, pp. 2275-2286. DOI: 10.1080/000368404200027003
  19. Buyya R., Yeo C.S., Venugopal S. (2008), Marked oriented cloud computing: vision, hype, and realty for delivering IT services as cloud computing utilities, The 10th IEEE International Conference on High Performance Computing and Communications, 10, 1, pp. 5-13.
  20. Buyya R., Yeo C.S., Venugopal S., Broberg J., Brandic I. (2009), Cloud computing and emerging IT platforms: vision, hype and reality for delivering computing as the 5th utility, Future Generation Computer Systems, 25, 6, pp. 599-616.
  21. Cantino V. (2008), I "nuovi" sistemi informativi per il controllo di gestione, in Cesaroni F.M., Demartini P., a cura di, Ict e informazione economico-finanziaria. Saggi sull'applicazione delle nuove tecnologie nelle grandi e nelle piccole e medie imprese, Milano, FrancoAngeli.
  22. Carroll M., Merwe A., Kotze P. (2011), Secure Cloud Computing: Benefits, Risks and Controls, IEEE Information security in South Africa, 1, 1, pp. 1-9.
  23. DOI: 10.1109/ISSA.2011.6027519
  24. Chapman C.S., Kihn L.A. (2009), Information system integration, enabling control and performance, Accounting, Organization and Society, 34, 2, pp. 151-169.
  25. Chen Y.S. & Chang C.H. (2013), Greenwash and green trust: The mediation effects of green consumer confusion and green perceived risk, Journal of Business Ethics, 114(3), 489-500.
  26. Chiucchi M.S., Gatti M., Marasca S. (2012), The relationship between management accounting Does the organizational life cycle affect the management accounting system and ERP systems in a medium-sized firm: a bidirectional perspective, Management Control, Suppl. 3, pp. 39-65. DOI: 10.3280/MACO2013-SU3003
  27. Chou D.C. (2015), Cloud computing: A value creation model, Computer Standards & Interfaces, 38, pp. 72-77.
  28. Chow R., Golle P., Jakobsson M., Staddon J., Shi E., Staddon J., Masuoka R., Molina J. (2009), Controlling Data in the cloud: outsourcing computation without outsource control, Proceedings of the 2009 ACM workshop on cloud computing security, pp. 85-90.
  29. Communication from the commission to the european communities. Parliament, the council, the european economic and social committee and the committee of the regions (2012), Unleashing the Potential of Cloud Computing in Europe, white paper, Brussels, 27.9.2012.
  30. Corbetta P. (2003), La ricerca sociale: metodologia e tecniche, Milano, il Mulino.
  31. Dahbur K., Tarakji A.B. (2011), A survey risks, threats and vulnerabilities in cloud computing, Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, Amman, Jordan.
  32. Doherty E., Carcary M., Conway G. (2012), Risk management considerations in cloud computing adoption, Research by innovation value institute (IVI), pp. 2-7.
  33. Dutta, A., Peng G.C.A., & Choudhary A. (2013), Risks in enterprise cloud computing: the perspective of IT experts, Journal of Computer Information Systems, 53(4), pp. 39-48.
  34. Enslin Z. (2012), Cloud computing adoption: control objectives for information and related technology (cobiT) - mapped risk and risk mitigating, African Journal of Business Management, 6, 37, pp. 10185-10194. DOI: 10.5897/AJBM12.679
  35. Fan C.K., Chen T.C. (2012), The risk management strategy of applying cloud computing, International Journal Of Advanced Computer Science And Applications, 3, 9, pp.18-27.
  36. Fanning K., Centers D.P. (2012), Platform as a service: is time to switch, The Journal of Corporate Accounting And Finance, 23, 5, pp. 21-25.
  37. Gable G.G. (1994), Integrating case study and survey research methods: an example in information systems, European journal of information systems, 3(2), 112-126.
  38. Gangwar H., Date H. & Ramaswamy R. (2015), Understanding determinants of cloud computing adoption using an integrated TAM-TOE model, Journal of Enterprise Information Management, 28(1), 107-130. DOI: 10.1108/JEIM-08-2013-0065
  39. Grobauer B., Walloshek T., Stoker E. (2011), Understanding cloud computing vulnerabilities, IEEE TRANSACTION ON COMPUTERS, 9, 2, pp. 50-57.
  40. Hyvönen T., Järvinen J., Pellinen J., Rahko T. (2009), Institutional Logics, ICT and Stability of Management Accounting, European Accounting Review, 18, 2, pp. 241-275.
  41. DOI: 10.1080/0963818080268151
  42. Ibrahim S., He B., Jin H. (2011), Towards Pay-As-You-Consume Cloud Computing, IEEE International Conference on Services Computing, pp.519-528.
  43. Ionescu B., Ionescu I., Stanciu A., Mihai F., Tudoran L. (2012), From e-accounting towards cloud accounting in Romania, Proceedings of the 7th International Conference Accounting and management information systems AMIS 2012, 7, 1, pp. 983-1004.
  44. Kaiserswerth M., Brian O., Brunschwiler T. (2012), Cloud Computing, SATW White Paper in Cloud Computing, pp. 1-55.
  45. Khidzir, N. Z., Mohamed, A., & Arshad, N. H. (2010, March). Information security risk factors: Critical threats vulnerabilities in ICT outsourcing. In Information Retrieval & Knowledge Management, (CAMP), 2010 International Conference on (pp. 194-199), IEEE.
  46. Lamboglia R., D’Onza G. (2013), Un modello di gestione del rischio reputazionale. Dall’identificazione al fronteggiamento, Management Control, 3, pp. 7-34.
  47. DOI: 10.3280/MACO2013-003002
  48. Lawler J., Joseph A., Howell-Barber H. (2012), A case study of determinants of an effective cloud computing strategy, Review of Information Systems, 16, 3, pp. 145-156.
  49. Lee L.S., Mautz, R.D. Jr. (2012), Using cloud computing to manage the costs, The Journal of Corporate Accounting And Finance, 23, 2, pp. 11-16.
  50. Linciano P., Soccorso N. (2012), La rilevazione della tolleranza al rischio degli investitori attraverso il questionario, Consob discussion papers, N. 4/2012.
  51. Mangiuc D.M. (2012a), Cloud identity and access management - a model proposal, Proceedings of the 7th International Conference Accounting and management information systems AMIS 2012, 7, 1, pp. 1014-1027.
  52. Mangiuc D.M. (2012b), Delivering security in the cloud, Proceedings of the 7th International Conference Accounting and management information systems AMIS 2012, 7; 1, pp. 1005-1013.
  53. Marchi L., Mancini D. (2009), Gestione informatica dei dati aziendali, Milano, FrancoAngeli.
  54. Marston S., Li Z., Bandyopadhyay S., Zhang J., Ghalsasi A. (2011), Cloud computing - the business perspective, Decision Support Systems, 51, 1, pp. 176-189.
  55. Martens B. & Teuteberg F. (2012). Decision-making in cloud computing environments: A cost and risk based approach, Information Systems Frontiers, 14(4), 871-893.
  56. Miraglia R.A. (2012), Editoriale. Nuove tendenze nei sistemi di controllo e di misurazione delle performance, Management Control, 2, pp. 5-14.
  57. DOI: 10.3280/MACO2012-002001
  58. Mulholland A., Pyke J., Fingar P. (2010), Enterprise Cloud Computing: A Strategy Guide for Business and Technology Leaders, Florida, Meghan-Kiffer Press Tampa.
  59. NIST (2011), Guidelines on security and privacy in public cloud computing, Gaithersburg: NIST special publication 800-144
  60. NIST (2011), The NIST definition of cloud computing - Recommendations of the National Institute of Standards and Technology, NIST Publications, available on-line at http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.
  61. Noor H.A., Yap M.L., Azlinah M., Sallehuddin A. (2007), Inherent risks of outsourcing project, Proceedings of the 8th WSEAS Int. Conference on Mathematics and Computers in Business and Economics, Vancouver, Canada, June 19-21.
  62. Oliveira T., Thomas M. & Espadanal M. (2014), Assessing the determinants of cloud computing adoption: An analysis of the manufacturing and services sectors, Information & Management, 51(5), pp. 497-510.
  63. Paoloni M. (2008), Note introduttive a “i nuovi sistemi informativi e le piccole e medie imprese), in Cesaroni F.M., Demartini P. a cura di Ict e informazione economico-finanziaria. Saggi sull'applicazione delle nuove tecnologie nelle grandi e nelle piccole e medie imprese, Milano, FrancoAngeli.
  64. Potito L. (2014), Il rischio e l’ambiente, in Potito L. a cura di, “Economia aziendale”, Lavis (TN), Giappichelli Editore.
  65. Quagli A., Dameri R.P., Inghirami I.E. (2007), I sistemi informativi gestionali, Milano, FrancoAngeli.
  66. Renn O., Benighaus C. (2013), Perception of technological risk: insights from research and lessons for risk communication and management, Journal of Risk Research, 16, 3-4, pp. 293–313. DOI: 10.1080/13669877.2012.729522
  67. Renn, O. (1990), Risk perception and risk management: A review, Risk Abstracts 7, 1, pp. 1–9.
  68. Renn O. (2004), Perception of risks. The Geneva Papers on Risk and Insurance, 29, 1, pp. 102–114.
  69. Rittinghouse J.W., & Ransome, J.F. (2016), Cloud computing: implementation, management, and security, CRC press.
  70. Rohrmann B. (1995), Technological risks – perception, evaluation, communication. In Integrated risk assessment new directions, ed. R.E. Melchers and M.G. Stewart, pp. 7–12, Rotterdam, Balkema.
  71. Rohrmann B. (1999), Risk perception research – review and documentation, RC Studies 68, Juelich, National Research Centre.
  72. Sjöberg L. (2000). Factors in risk perception, Risk analysis, 20(1), pp. 1-12.
  73. Slovic P. (1987) Perception of risk, Science, 236, 4799, pp. 280–295.
  74. Slovic P. (2000), The perception of risk, London, Earthscan.
  75. Slovic P., Fischhoff B., Lichtenstein S. (1982a), Facts and fears: understanding perceived risks, Social risk assessment, pp. 181-216.
  76. Slovic P., Fischhoff B., Lichtenstein S. (1982b), Why study risk perception, Risk Analysis, 2, 2, pp. 83-93.
  77. Streffer, C., Bücker J., Cansier A., Cansier D., Gethmann C.F., Guderian R., Hanekamp G. (2003) Environmental standards: Combined exposures and their effects on human beings and their environment, Berlin, Springer.
  78. Sultan N. (2010), Cloud computing for education: A new dawn?, International Journal of Information Management, 30, 1, pp. 109–116.
  79. Sultan, N. (2011), Reaching for the cloud, how SMEs can manage, International Journal Of Information Management, 31, 3, pp. 272–278.
  80. Tan K.S., Chong S.C., Lin B., Eze U.C. (2009), Internet‐based ICT adoption: evidence from Malaysian SMEs, Industrial Management & Data Systems, 109, 2, pp.224-244.
  81. DOI: 10.1108/02635570910930118
  82. Tiwari P.K., Mishra B. (2012), Cloud computing Security issues, challenges and solution, International Journal of Emerging Technology And Advanced Engeneering, 2, 8, pp. 306-310.
  83. Triplett J. E., Bosworth B.P. (2004), Services Productivity in the United States: New Sources of Economic Growth, Washington, D.C., Brookings Institution Press.
  84. Vouk Mladen A. (2008), Cloud Computing – Issues,Research and Implementations, Journal of Computing and Information Technology, pp. 235-246.
  85. Weinhardt C., Anandasivam A., Blau B., Borrisov N., Maini T., Michalk W., Stößer, J. (2009), Cloud computing - A classification, business models and research direction, Business & Information System Engineering, 1, 5, pp. 391-399.

  • Controllo della performance nelle aziende dei servizi: contributi e tendenze Selena Aureli, Claudio Travaglini, in MANAGEMENT CONTROL 2/2017 pp.5
    DOI: 10.3280/MACO2017-002001

Adele Caldarelli, Luca Ferri, Marco Maffei, I rischi derivanti dall’implementazione del cloud computing: un’indagine empirica nelle PMI Italiane in "MANAGEMENT CONTROL" 3/2016, pp 27-48, DOI: 10.3280/MACO2016-003003