a descriptive literature review about cloud computing ... · about cloud computing security are...
TRANSCRIPT
2017 International Conference on Computer Science and Application Engineering (CSAE 2017)
ISBN: 978-1-60595-505-6
A Descriptive Literature Review about Cloud Computing
Security Research in the IS Discipline
Zhenwei Yu1, Zhiying Wang
1,*, Nianxin Wang
1, Xiang Su and Shilun Ge
1,2
1School of Economics and Management, Jiangsu University of Science and
Technology, 212003 Zhenjiang, China 2School of Management, Yancheng Institute of Technology, 224051 Yancheng,
China
ABSTRACT
Security issues are one of the biggest obstacles to widespread adoption of
cloud computing. We conducted a descriptive literature review on cloud
computing security research that was published between 2006 to February 2017.
A total of 74 papers were selected from 13 top IS journals, 2 top electronic
commerce journals, 5 top management journals, 9 CNAIS (China Association for
Information Systems) Level A journals, 2 premiers IS conference proceedings
and Computers & Security for our analysis. We analyzed the articles based on
year of publication, publication outlets, keywords, research perspectives, and
data sources. For this, basic statistics analysis and visualization analysis were
adopted. The results show that although current research provides useful
information on cloud computing security and facilitates the accumulation of
cloud computing security knowledge, there are still some deficiencies.
INTRODUCTION
Due to the benefits of cloud computing, such as on-demand computing
power with quick implementation, low maintenance, fewer IT staff and a
consequently lower cost [1], many companies have been shifting their business
processes to cloud computing [2]. Despite these advantages, cloud computing is
not exclusive of risks, and security is the biggest of these [3]. The risks of cloud
computing security (hereafter as CCS) are different from the risks of traditional
information system (hereafter as IS) because of technologies used in cloud such
as multi-tenancy and virtualization technologies [4]. Security has become one of
the biggest obstacles that hamper the widespread adoption of cloud computing
[5]. Risk perceptions caused by security issues may have negative effects on
people’s trust in cloud services providers.
Academics in the computing science discipline and information system
discipline have paid much attention to CCS, and some academics have done
research that reviews existing security issues and technology [6-8]. However,
literature reviews in the computing discipline mainly discuss security issues and
technology. In the information system (IS) discipline, the existing papers
concerning about cloud computing security are mainly literature reviews about
421
cloud computing, which take cloud computing security as one of the parts. A few
existing review papers only synthesize the existing specific security issues. There
are fewer literature reviews specifically concerning the research state of CSS in
the IS discipline. Due to the importance of CCS in the IS discipline, it is essential
to make a systemic review of the existing literature about CCS in the IS
discipline to assess the current state of research and identify potential future
research directions. As per our knowledge, no study has been conducted
specifically to analyze the current research status of CCS in the IS discipline.
This study has two main parts. The first part is about searching for literature.
The second part of the study consists of our analysis of the results of these
selected papers. We analyzed the articles based on year of publication,
publication outlets, keywords, research perspectives, and data sources. For this,
basic statistics analysis and visualization analysis were adopted. Based on the
results of this part of the study, we discussed future research directions in cloud
computing security. This study contributes to the understanding of cloud
computing security by providing a descriptive literature review from the
perspective of the IS discipline.
LITERATURE REVIEW
Cloud computing security has been research hotspots in both computing
science discipline and information system (IS) discipline. In the computing
science discipline, some academics have done research that reviews existing
security issues and technology; for example, Kuyoro et al. conducted an analysis
of cloud computing security issues and challenges, focusing on the types of
cloud computing and service delivery[9]. Rong et al. [6] pointed out that
although many technological methods contributed to better security
performances in the cloud, there are still no perfect solutions, and many
challenges—such as service-level agreements for security and holistic security
mechanisms—need to be resolved in the future[6]. Zunnurhain & Vrbsky have
focused on identifying and describing the prime security attacks on clouds with
the goal of providing theoretical solutions for individual problems and
integrating the solutions[7]. Jensen et al. focused on technical security issues
caused by the usage of cloud services, especially cross-domain
Internet-connected collaborations[8].
In the information system (IS) discipline, the existing papers concerning
about cloud computing security are mainly literature reviews about cloud
computing, which take cloud computing security as one of the parts. A few
existing papers are specifically focused on reviewing the research state of cloud
computing security, but they only synthesize the existing security issues. For
example, Venters & Whitley reviewed cloud computing research structured
around technological and service dimensions, including security
equivalence[10]. There are also literature reviews concerning IS, which are to
some degree related to cloud computing security. For example, Soomro et al.
reviewed literature related to management’s role in IS to explore specific
422
managerial activities that enhance IS management[11].
These reviews from both the computing and IS disciplines provide
meaningful insights into current research on cloud computing security and
enrich the knowledge accumulation regarding cloud computing security.
However, literature reviews in the computing discipline mainly discuss security
issues and technology. There are fewer literature reviews specifically
concerning the research state of cloud security in the IS discipline. The purpose
of this study was to existing IS research about CCS to analyse the current state
of research and to identify future research directions.
RESEARCH METHODOLOGY
Because CCS belongs to an emerging research area, this study adopts a
descriptive literature review for synthesizing existing knowledge in the IS
discipline and identifying future research directions.
Scope of the Literature Search
Cloud computing security research resides in an interdisciplinary area that
includes technological, behavioural, managerial and social dimensions[12].
Existing reviews focus on papers that study technological issues [13]; papers
concerning security management issues in the IS discipline are rarely analysed.
To assess the current research state of CCS in the IS discipline, we referred to the
literature search scope in the existing literature review of cloud computing
research in the IS discipline[12] and selected 13 top IS journals, 2 top electronic
commerce journals, 5 top management journals, 9 CNAIS (China Association for
Information Systems) Level A journals and 2 premiere IS conference
proceedings. Besides these, and to strengthen the comprehensive nature of the
review, we also selected Computers & Security as a supplemental source. This
publication is highly relevant to security, and many IS researchers have
published articles on it. The scope of the literature search is shown in Figure 1,
where we have added abbreviations to easily identify each publication.
For the term ‘cloud computing’, which was coined by industry practitioners
in 2006 [14], we conducted keywords and abstract searches across these sources
for the years between 2006 to February 2017, using the following phrases:
(“cloud computing” or “cloud service” or “on-demand service” or “IaaS
(Infrastructure-as-a-Service)” or “PaaS (Platform-as-a-Service)” or “SaaS
(Software-as-a-Service)”) and (“security” or “secure” or “safety” or “safe” or
“risk” or “danger”). These phrases were modified from the existing literature
reviews of cloud computing research in the IS discipline[12]. The initial searches
resulted in 391 hits.
423
Management Information Systems Quarterly (MISQ)
Information Systems Research (ISR)
Journal of Management Information Systems (JMIS)
Information Systems Journal (ISJ)
Journal of the Association for Information Systems (JAIS)
Journal of Strategic Information Systems (JSIS)
Communications of the Association for Information Systems (CAIS)
ACM Transactions on Management Information Systems (ACM TMIS)
European Journal of Information Systems (EJIS)
Information & Management (IM)
Decision Support Systems (DSS)
Journal of Information Technology (JIT)
Communications of the ACM (CACM)
Service Science (SS)
Management Science (MS)
Decision Sciences (DS)
Harvard Business Review (HBR)
Sloan Management Review (SMR)
ACM Transactions on Computer-Human Interaction (ACM TCHI)
ACM Transactions on Knowledge Discovery from Data (ACM TKDD)
IEEE Transactions on Knowledge and Data Engineering (IEEE TKDE)
Journal of the Association for Information Science and Technology (JAIST)
Omega-International Journal of Management Science (OIJMS)
International Journal of Information Management (IJIM)
INFORMS Journal on Computing (IJC)
Journal of Informetrics (JI)
Information Sciences (ISS)
International Conference on Information Systems (ICIS)
Americas Conference on Information Systems (AMCIS)
Computers & Security(CS)
International Journal of Electronic Commerce (IJEC)
Electronic Commerce Research and Applications (ECRA)
13
2
5
2
9
1
Figure 1. Scope of the Literature Search.
Filtering Process
First, we scanned titles for apparently irrelevant articles. Second, we
skimmed through abstracts and read full texts if necessary. Finally, we excluded
papers from non-refereed journals. We screened the papers by using 3 action
cards to discard irrelevant papers (see TABLE I).
TABLE I. THREE ACTION CARDS.
Does the paper concern CCS?
If Action
Yes Keep
No Remove
Does the paper concern CCS as its main topic?
If Action
Yes Keep
No,CCS is only mentioned peripherally. Remove
Does the paper focus on CCS from the IS perspective?
If Action
Yes Keep
No Remove
After reviewing the 391 papers found in the initial search, a total of 74 were
selected for this study.
424
ANALYSIS OF RESULTS
The selected 74 papers were organized according to our index (year, titles,
authors, etc.) into a table by EXCEL, and we analyzed the papers by year of
publication, publication outlets, keywords, research perspectives and data
sources. The dimensions of analysis partly referred to the existing literature
reviews by Yang et al.[1, 14]
Distribution of the Articles by Year
The analysis of distribution of the articles by year can reflect the growing
trend of enthusiasm on the research topic[14]. As shown in Figure 2, the number
of papers increased substantially from 2009 to 2016. From 2011 to 2014, the
number of articles on CCS increased significantly. In 2014, 15 articles were
published. The amount of studies in 2015 was equal to the number from 2014. In
2016, there were 16 articles published—a high point. In our study, the scope of
the literature search lasts until February 2017. A total of 5 articles not included in
the figure was published between the beginning of 2017 to February 2017. Based
on the state of current research, we predict that the number of articles in 2017
will surpass every year before it.
Figure 2. Distribution of the articles by year.
Publication Outlets
We also analyzed the publication outlets of these papers, as shown in
TABLE II. It could provide guidance for academics who want to publish papers
or search for high-quality research on CCS[1].
Based on TABLE II, it is obvious that the distribution of these 74 articles on
publication is not uniform but rather concentrated mainly in Computer &
Security (19), AMCIS (16), ISS (11) and IJIM (9).
As its name indicates, Computer & Security is highly relevant to computer
security, and CCS is no exception. AMCIS is viewed as one of the leading
conferences for presenting the broadest variety of research done by and for IS
425
TABLE II. DISTRIBUTION OF THE ARTICLES BY PUBLICATION OUTLETS.
Journal Total Journal Total
IJEC 1 AMCIS 16
ECRA 1 ICIS 4
CACM 8 ISR 2
IJIM 9 JIT 1
ISS 11 DSS 1
IEEE
TKDE
1 CS 19
academicians in the Western Hemisphere. In recent years, CCS has often been
adopted by the conferences as a research issue that attracts IS academicians from
all over the world. Similarly, ISS and IJIM are also concerned with cloud
security.
Visualization Analysis on Keywords
We conduct a visualization analysis on keywords in these papers to identify
the current research hotspot and to learn which issues academics are most
concerned about. First, we extracted all keywords from the 74 papers into a text
file. Then, the most common keywords, such as ‘cloud computing’, ‘security’
and ‘secure’, were excluded. To make the statistic accurate, with no missing
words, we made all words lower case. After that, common words such as ‘and’,
‘is’ and ‘the’ were also removed. In addition, we set the maximum number of
words in the layout to 100 for a better visual perception. The result of this
visualization analysis is shown in Figure 3.
Figure 3. Visualization analysis on keywords.
Based on the frequency of words in the analysis, ‘data’ is what most concerns
academics in their research on CCS in the IS discipline. It appeared 20 times in
these 74 papers. Among them, Computers & Security mentioned it 6 times.
According to the results of this visualization analysis, it can be concluded that
academics in the IS discipline are very interested in security issues related to
data.
426
Distributions of Articles by Research Perspective
Stakeholders in cloud computing mainly include cloud service providers,
enterprise users and individual users, and the demands for cloud computing
security are different for different stakeholders, so we intended to classify the
selected articles according to their research perspectives. We wanted to find out
which perspective the academics chose to do research. The analysis results are
shown in Figure 4.
Figure 4. Distribution of the articles by research perspective.
Based on our analysis of the articles’ content, we found 6 different research
perspectives. There were 16 papers from multiple perspectives including cloud
services providers and users [15, 16], data owners, data storage service providers
and auditors [17, 18], users and auditors, government and enterprise [19]. There
were 4 papers from individual level of enterprise including business managers,
employees, IT departments and senior IT personnel [20-22]. There were 8 papers
from whole organizational level of enterprise including adoption, security
protocols and policies [23-25]. There were 8 papers from specific industry
including financial industries [26, 27], health care [28-31]. There were 12 papers
from general users, which did not make a clear distinction between the enterprise
and the individual. There were 26 papers from general providers including SaaS,
PaaS or IaaS providers, which occupied more than one-third of the 74 papers.
Distributions of Articles by Data Source
This study makes a descriptive literature review of CCS from the IS
discipline. Based on the analysis of previous research methods in IS, papers
using data analysis are more convincing than those without any data. This makes
it necessary to analyze the data sources adopted by the 74 papers. The analysis
result is shown in Figure 5.
As is shown in Figure 5, research data is mainly gathered through
experiments, surveys, simulations and interviews. It is notable that there are as
many as 18 papers that did not use data. The data relating to CSS mainly
belonged to backstage databases. In consideration of data security, cloud service
providers may not be willing to publicly disclose these data. As a result, it is
427
difficult to collect critical data when doing research on CCS. Given this
difficulty, it is unsurprising that so many papers do not use data in their studies.
Figure 5. Distributions of articles by data source.
DISCUSSION
Based on the findings above, we believe that, in the future, researchers
should pay more attention to enterprise users, data security management and the
data sources of real business operation in enterprises.
Need for Attention to Enterprise Users’ Perspectives
As is shown in Figure 4, more than one-third of the 74 papers studied
conducted research from the perspective of cloud services providers; the research
on enterprise users is scarce. It is important to highlight the research on CCS
from the enterprise users’ perspective because cloud computing is not simply
about a technological improvement of data centers but a fundamental change in
how IT is provisioned and used [32]. Due to the advantages of cloud computing,
more enterprises are using some variety of cloud services. However, security has
been one of the main concerns that hamper the growth of cloud computing.
Enterprises need to consider the benefits and security risks in order to make
decisions about the adoption of cloud computing [33].
Enterprise users are the main bodies of cloud computing adoption; it is
therefore essential to do research on CSS from the perspective of enterprise users
so that cloud computing can fully live up to its potential [34].
Need for Attention to Data Security Management
As is shown in Figure 3, many academics have conducted research on cloud
computing data security issues. In the past, IS was treated as a technical issue
[35]. Most existing research focused on technological solutions. However,
these did not prove to be sufficient [11]. Some research suggested that IS issues
should also be studied in a management context [35, 36]. Due to the nature of
the cloud computing deployment model, data security has become an important
428
focus of cloud computing [37]. Most existing research focused on data security
technology but did not pay much attention to the security requirements of data
itself, which is the receiver of technology. The object of data security
technology, then, became a ‘black box’, which means it was invisible and out of
control for users. Soomro et al. proposed decisions related to CCS and also
emphasized the role of management [11]. For the sake of making reasonable
decisions about cloud computing data security, an enterprise’s data security
should focus on the comprehensive analysis of the particular organization [38].
Need for Attention to the Data Sources of Enterprise Information System
Based on Figure 5, due to the lack of data about enterprise information
system, most academics dealing with CCS gather data by experiments, survey,
simulation and interviews. Compared with using the real data about business
operations from enterprise information system, adopting these kinds of data to do
research is bound to make research conclusions limited; they are not credible
enough to interpret real business issues fully. In the big data era, data is the core
competence of enterprises. Data leakage does only bring huge economic losses
for enterprises, but can also lead to many problems, such as core competence
disappearance, loss of earnings, reputation damage and even bankruptcy or being
taken over [39]. The major challenge of cloud computing data security is the
separation of ownership and control of data [40]. Enterprises losing control of
their data need to adopt new data control strategies [41]. Existing researches in
the IS discipline rarely pay attention to CCS with the data sources from
enterprise information system [42]. It is essential to make a greater effort to use
the data sources from enterprise information system.
CONCLUSIONS AND LIMITATIONS
This study adopts a descriptive literature review for synthesizing existing
literature on cloud computing security in IS discipline. We analysed the articles
by year of publication, the publication outlets, keywords, research perspective
and data source. Based on the findings, we discussed future research directions
in cloud computing security. 1) Research perspective: It is important to highlight
the research on cloud computing security from the enterprise users’ perspective.
2) More research on data security management in cloud computing needs to be
done. 3) Data source: To make cloud security research more practical and
meaningful, it is essential to pay more attention to use the data sources from
enterprise information system, which will make data security research
conclusions more valuable and practical. This study contributes to the
understanding of cloud computing security by providing a descriptive literature
review from the perspective of the IS discipline.
Our study has a few limitations. First, the scope of literature selected in
this study is limited. Second, the descriptive method is not entirely objective.
429
Cloud computing security belongs to an emerging research area that, in the IS
discipline, is in a developmental period, and the total amount of literature is
small. As an exploratory study, we adopted a descriptive literature review and
interpreted the results based on our analyses of certain papers, and it was
inevitable that we would add a little bit of human subjective opinion to make
the results meaningful. We believe that it is necessary to develop a better
method to make the literature review more objective in future research.
ACKNOWLEDGEMENT
This research has been funded by National Science Foundation of China
(Nos. 71331003, 71471080, 71471078, and 71471079), Humanities and Social
Science Research Projects in Ministry of Education of China (No.
16YJA630056). Higher School Philosophy & Social Sciences Foundation of
Jiangsu Province Education Department in China (No. 2015SJB852), Science
and Technology Innovation Project of Graduate Student of Jiangsu University of
Science and Technology in China (YCX16S-17), Jiangsu University of Science
and Technology Pre-research Project of NSFC in China (No. 633041303).
REFERENCES
1. Yang H., and M. Tate. 2012. “A Descriptive Literature Review and Classification of
Cloud Computing Research,” J. Communications of the Association for Information
Systems, 31(2):35-60.
2. Abbas A., K. Bilal, L. Zhang, and S. U. Khan. 2015. “A Cloud Based Health Insurance
Plan Recommendation System: A User Centered Approach,” J. Future Generation
Computer Systems, 43-44:99-109.
3. Latif R., H. Abbas, S. Assar, and Q. Ali. 2014. “Cloud Computing Risk Assessment: A
Systematic Literature Review,” J. Lecture Notes in Electrical Engineering, 276:285-295.
4. Ali M., S. U. Khan and A. V. Vasilakos. 2015. “Security in Cloud Computing:
Opportunities and Challenges,” J. Information Sciences, 305:357-383.
5. Fernandes D. a B., L. F. B. Soares, J. V. Gomes, M. M. Freire, and P. R. M. Inácio. 2014.
“Security Issues in Cloud Environments: A Survey,” J. International Journal of
Information Security, 13(2):113-170.
6. Rong C., S. T. Nguyen and M. G. Jaatun. 2013. “Beyond Lightning: A Survey on Security
Challenges in Cloud Computing,” J. Computers & Electrical Engineering, 39(1):47-54.
7. Zunnurhain K., S. V. Vrbsky. 2011. “Security in cloud computing,” presented at the
Proceedings of the 2011 International Conference on Security & Management, 2011.
8. Jensen M., J. Schwenk, N. Gruschka, and L. L. Iacono. 2009. “On Technical Security
Issues in Cloud Computing,” presented at the IEEE International Conference on Cloud
Computing. IEEE Computer Society, 2009:109-116.
9. So K. 2011. “Cloud Computing Security Issues and Challenges,” J. International Journal
of Computer Networks, 3(5):247-55.
10. Venters W., E. A. Whitley. 2012. “A Critical Review of Cloud Computing: Researching
Desires and Realities,” J. Journal of Information Technology, 27(3):179-197.
11. Soomro Z. A., M. H. Shah and J. Ahmed. 2016. “Information Security Management
Needs More Holistic Approach: A Literature Review,” J. International Journal of
Information Management, 36(2):215-225.
12. Wang N., H. Liang, Y. Jia, S. Ge, Y. Xue, and Z. Wang. 2016. “Cloud Computing
Research in the IS Discipline: A Citation/Co-Citation Analysis,” J. Decision Support
Systems, 86:35-47.
430
13. Birman K., G. Chockler and R. Van Renesse. 2009. “Toward a Cloud Computing
Research Agenda,” J. ACM SIGACt News, 40(2):68-80.
14. Yang H., M. Tate. 2009. “Where Are We at with Cloud Computing?: A Descriptive
Literature Review,” presented at the 20th Australasian Conference on Information
Systems, 2009.
15. Rasheed H. 2014. “Data and Infrastructure Security Auditing in Cloud Computing
Environments,” J. International Journal of Information Management, 34(3):364-368.
16. Hu G., D. Xiao, T. Xiang, S. Bai, and Y. Zhang. 2017. “A Compressive Sensing Based
Privacy Preserving Outsourcing of Image Storage and Identity Authentication Service in
Cloud,” J. Information Sciences, 387:132-145.
17. Liu Q., G. Wang and J. Wu. 2014. “Time-Based Proxy Re-Encryption Scheme for Secure
Data Sharing in a Cloud Environment,” J. Information Sciences, 258:355-370.
18. Razaque A., S. S. Rizvi. 2016. “Triangular Data Privacy-Preserving Model for
Authenticating All Key Stakeholders in a Cloud Environment,” J. Computers & Security,
62:328-347.
19. Desai D. 2013. “Beyond Location: Data Security in the 21st Century,” J. Communications
of the ACM, 56(1):34-36.
20. Abokhodair N., H. A. Taylor, S. J. Mowery, and J. Hasegawa. 2012. “'Heading for the
Cloud?' Implications for Cloud Computing Adopters,” presented at the 18th Americas
Conference on Information Systems, 2012.
21. Haag S., A. Eckhardt. 2014. “'Sensitizing Employees' Corporate IS Security Risk
Perception,” presented at the 35th International Conference on Information Systems,
2014.
22. Gozman D., L. Willcocks. 2015. “Crocodiles in the Regulatory Swamp: Navigating the
Dangers of Outsourcing, Saas and Shadow IT,” presented at the 36th International
Conference on Information Systems, 2015.
23. Hanus B., J. Windsor. 2013. “Multidimensional Decision Model for Investment in Cloud
Computing,” presented at the Proceedings of the 19th Americas Conference on
Information Systems, August 15-17, 2013.
24. Prasad A., P. Green, J. Heales, and G. Finau. 2014. “On Cloud Computing Service
Considerations for the Small and Medium Enterprises,” presented at the 20th Americas
Conference on Information Systems, 2014.
25. Chang V., M. Ramachandran, Y. Yao, Y-H Kuo, and C-S Li. 2016. “A Resiliency
Framework for an Enterprise Cloud,” J. International Journal of Information
Management, 36(1):155-166.
26. Lampe U., O. Wenge, A. Müller, and R. Schaarschmidt. 2012. “Cloud Computing in the
Financial Industry–A Road Paved with Security Pitfalls?” presented at the Proceedings of
the 18th Americas Conference on Information Systems, August 9-12, 2012.
27. Lampe U., O. Wenge, A. Müller, and R. Schaarschmidt. 2013. “On the Relevance of
Security Risks for Cloud Adoption in the Financial Industry,” presented at the
Proceedings of the 19th Americas Conference on Information Systems, August 15-17,
2013.
28. Ermakova T., B. Fabian and R. Zarnekow. 2013. “Security and Privacy System
Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios,”
presented at the Proceedings of the 19th Americas Conference on Information Systems,
August 14-17, 2013.
29. Kotz D., K. Fu, C. Gunter, and A. Rubin. 2015. “Security for Mobile and Cloud Frontiers
in Healthcare,” J. Communications of the ACM, 58(8):21-23.
30. Zhou J., Z. Cao, X. Dong, N. Xiong, and A. V. Vasilakos. 2015. “4S: A Secure and
Privacy-Preserving Key Management Scheme for Cloud-Assisted Wireless Body Area
Network in M-Healthcare Social Networks,” J. Information Sciences, 314:255-276.
31. Zafar H. 2016. “Cybersecurity: Role of Behavioral Training in Healthcare,” presented at
the 22nd Americas Conference on Information Systems, 2016.
32. Creeger M. 2009. “CTO Roundtable: Cloud Computing,” J. Communications of the ACM,
52:50-56.
33. Khajeh-Hosseini A., I. Sommerville and I. Sriram. 2010. “Research Challenges for
Enterprise Cloud Computing,” presented at the 1st ACM Symposium on Cloud
Computing (SOCC), 2010.
34. Marston S., Z. Li, S. Bandyopadhyay, J. Zhang, and A. Ghalsasi. 2011. “Cloud
Computing—The Business Perspective,” J. Decision Support Systems, 51(1):176-189.
431
35. Singh A. N., A. Picot, J. Kranz, M. Gupta, and A. Ojha. 2013. “Information Security
Management (Ism) Practices: Lessons from Select Cases from India and Germany,” J.
Global Journal of Flexible Systems Management, 14(4):225-239.
36. Siponen M., M. A. Mahmood and S. Pahnila. 2014. “Employees’ Adherence to
Information Security Policies: An Exploratory Field Study,” J. Information &
Management, 51(2):217-224.
37. Bisong A., Syed and M. Rahman. 2011. “An Overview of the Security Concerns in
Enterprise Cloud Computing,” J. International Journal of Network Security & Its
Applications, 3(1):30-45.
38. Mircea M., B. Ghilic-Micu and M. Stoica. 2011. “Combining Business Intelligence with
Cloud Computing to Delivery Agility in Actual Economy,” J. Economic Computation &
Economic Cybernetics Studies & Research, 45(1):39-54.
39. Phua C. 2009. “Protecting Organisations from Personal Data Breaches,” J. Computer
Fraud & Security, 2009(1):13-18.
40. Wang Z., N. Wang, X. Su, and S. Ge. 2016. “Differentiated Management Strategies on
Cloud Computing Data Security Driven by Data Value,” J. Information Security Journal:
A Global Perspective, 25(4-6):280-294.
41. Qian R., P. Palvia. 2013. “Towards an Understanding of Cloud Computing's Impact on
Organizational IT Strategy,” J. Journal of Information Technology Case and Application
Research, 15(4):34-54.
42. Gonzenbach I., C. Russ and J. Vom Brocke. 2014. “Make or Buy? Factors that Impact the
Adoption of Cloud Computing on the Content Level,” in Enterprise Content Management
in Information Systems Research, Springer Berlin Heidelberg, pp. 145-161.
432