Академический Документы
Профессиональный Документы
Культура Документы
THESIS
DECLARATION
I, MBANZABUGABO Jean Baptiste, ID# UD30956SCO39530 do declare that this research
thesis is my own work. I have to the best of my knowledge acknowledged all authors and/or sources
from where I got information. I further declare that this work has not been submitted to any
University or research institute for the award of a degree or any of its equivalents.
DEDUCTION
To God Almighty,
For his protection, care and who has always been with me during the difficult time in my life.
To my regret father NTAWUSEKANARYO Dominic,
To my mother MUKANKUSI Athanasie,
To the Daddy Pierre Bultez,
To my brothers and sisters: Consulate, Nathalie, Rose, Claver, Samson, Tomas, Lewis and Samuel.
For their love and prayers.
To the family of NTEZIRYAYO Christophe, MUKAMAN Devine, MAHINA N.Jacob
For their moral support.
ACKNOWLEDGEMENTS
First and foremost, I thank the God our creator for all the good things and life he has given to me
including the success in my studies. You have answered my prayers and desires whenever I have
asked for assistance, you provide to me with strength to go and make everything happen. Therefore
I will praise you.
This thesis would not have been possible without the guidance of AIU academic team and Dr.
Edward Lambert who are well known with the generous help and support.
Special thanks to all respondents for important information which contributed highly and positively
to analyze the scope and all about the research matter and hence the result is found.
I am very grateful to all of the IT consultants, Business Leading companies, Web hosting
companies, IT Managers of Higher Learning Institution in Kigali, cloud computing solution
companies and providers for their time to answer my question and doubt via interview, e-mails,
posts , I will awere all your contributions.
TABLE OF CONTENTS
DECLARATION ..................................................................................................................................................... 2
DEDUCTION......................................................................................................................................................... 3
ACKNOWLEDGEMENTS ....................................................................................................................................... 4
ABSTRACT ........................................................................................................................................................... 6
CHAPTER 1. GENERAL INTRODUCTION AND BACKGOUND OF THE STUDY ........................................................ 7
1.0 Introduction .............................................................................................................................................. 7
1.2. DESCRIPTION AND BACKGROUND OF THE STUDY................................................................................... 7
1.3. GENERAL ANALYSIS AND PROBLEM OF INVESTIGATION ........................................................................ 8
1.4 GENERAL OBJECTIVE OF THE STUDY ...................................................................................................... 10
1.4.1 SPECIFIC OBJECTIVES: ......................................................................................................................... 11
1.5 METHOD OF INVESTIGATION ................................................................................................................. 11
CHAPTER 2. CURRENT INFORMATIONAND REFERENTIAL FRAMEWORK ........................................................ 12
CHAPTER 3. DISCUSSION AND THEORETICAL FRAMEWORK ............................................................................ 15
CHAPTER 4: RESULTS OF THE STUDY ................................................................................................................ 25
MANAGERIAL AND POLICY IMPLICATIONS ................................................................................................... 26
GENERAL CONCLUSION .................................................................................................................................... 30
REFERENCES AND BIBLIOGRAPHY .................................................................................................................... 31
ABSTRACT
Cloud computing is one of the latest innovations of IT which claims to be all capable of driving the
future world of IT within minimum costs. This concept of cloud computing being one side widely
accepted by normal users while on the other hand majority of the Organizations have some serious
security concerns before moving to this form of IT evolution.
Critics have raised concerns about privacy and security associated with unauthorized access and
use of information stored in the cloud for malicious purposes (McCreary 2008). A commonplace
observation is that while cloud providers offer sophisticated services, their performances have been
weak in policies and practices related to privacy and security (Wittow & Buller 2010; Greengard &
Kshetri 2010).
Businesses and consumers have expressed distrust in the cloud and are cautious in using it to store
high-value data or sensitive information. Due to weak security, the cloud arguably remains a
largely nascent technology (Stewart 2010) and critics have argued that its costs may outweigh the
benefits (Tillery 2010).
This research, would seek to argue that issues related to ERPs security and privacy in the cloud
system and how they can be addressed if and only if there are Security Mechanism and pillars that
will ensure the praiseworthiness of confidentiality to the legitimates users of the service.
It was found that fear has been that intellectual property and other sensitive information stored in
the cloud could be stolen. Worse still, cloud providers may not notify their clients about security
breaches. Evidence indicates that many businesses tend to underreport cybercrimes due to
embarrassment, concerns related to credibility and reputation damages and fears of stock price
drops. The fears can be eradicated via the implementation of authentication pillar with which the
cloud service provider guaranty an asynchronous system with data replication to be looked-in and
data integrity to be bilateral on one eye viewer another.
Keywords
Cloud, ERP on-premises, Cloud ERP, ERP Providers, cloud users, Third-party service provider,
Information Linking, Information Leakage, Intruders, Data in Transit, Data at Rest, Data in Use,
Service Outsourcing and Data Risk Management, on-premise ERP and massive data storage,
Intrusion Detection system, Virtual private network Novel Cloud dependability model, Hadoop Distribution
system and Security Framework.
6
(Zielinski 2009). A second criticism is that there has been arguably a disturbing lack of respect for
essential privacy among major cloud providers (Larkin 2010, p. 44). For instance, in a complaint
filed with the Federal Trade Commission (FTC), the Electronic Privacy Information Center (EPIC)
argued that Google misrepresented the privacy and security of its users data (Wittow & Buller
2010). Cloud providers are also criticized on the ground that they do not conduct adequate
background security investigations for their employees (Wilshusen 2010). This issue is rather
important since significant proportions of cybercrimes are associated with malicious insiders.
Likewise, new bugs and vulnerabilities targeting the cloud are proliferating (Brynjolfsson et al.
2010).
Critics have raised concerns about privacy and security associated with unauthorized access and use
of information stored in the cloud for malicious purposes (McCreary 2008). A commonplace
observation is that while cloud providers offer sophisticated services, their performances have been
weak in policies and practices related to privacy and security (Wittow & Buller 2010; Greengard &
Kshetri 2010).
Businesses and consumers have expressed distrust in the cloud and are cautious in using it to store
high-value data or sensitive information. Due to weak security, the cloud arguably remains a
largely nascent technology (Stewart 2010) and critics have argued that its costs may outweigh the
benefits (Tillery 2010). According to an IDC report released by the research firm, International Data
Corporation (IDC) in October 2008, security concern was the most serious barrier to cloud adoption
for organizations. Organizations rightfully worry about hidden costs associated with security
breaches or lawsuits tied to data privacy restrictions (Zielinski 2009).
Enterprise resource planning software is an enormous piece of software that integrates the entire
organisation into one giant entity while capturing, changing and automating the organizational
processes.
Chances of a successful implementation of an ERP in an organisation are less. Also, it takes sizeable
amount of manpower, cost and effort to deploy and maintain the ERP. An entire ERP application
being outsourced is a relatively new idea and has been under discussion frequently for its
advantages and some latent disadvantages. In todays world with such economic conditions, it
becomes imperative for an organization to reduce its operating costs while increasing overall
efficiency with the same amount of resources and to fulfill consumer demands simultaneously. This
is where a cloud and secured based ERP can really help an organisation, if not for some very
pertinent disadvantages that have to be overcome to make this a more viable option to a best of
breed or an off the shelf ERP solution, globally.
Cloud computing can also help to divert the attention of the dedicated workforce away from
maintenance and development and direct it towards the core processes that actually benefit the
organisation in a much better way.
Barriers to adoption of a cloud computing are organisation specific based on massive data Security.
However, there are some common issues that push organisations towards the adoption of such a
system. These comprise of cost savings, fault tolerance, on demand service, scalability and
flexibility, massive data storage, reliance and compliance of data formats.
The Concerns todays regarding a cloud based system include security, scalability, ease of
migration and licensing issues. There are some notable disadvantages that need to be overcome.
A very pertinent issue is regarding the security of the organizational data. Since the data is stored
in the cloud, an organization does not have a direct control over it. The security of the
organizational data is the responsibility of the service provider and this throws up a lot of issues
for an organization to consider before and after migrating to a cloud based Systems. Another
important issue is of a possible vendor lock in that might disallow the organisation to migrate to
another service provider when it desires it. Another issue is what if cloud service provider
releases the organizations confidential data.
However, there are four different types of Clouds Figure 1-2, according to Huth and Cebula (2011),
users can subscribe to any type of these clouds depending on their needs:
1. Public cloud - A public cloud can be accessed by any subscriber with an internet connection
and access to the cloud space.
2. Private cloud - A private cloud is established for a specific group or organization and limits
access to just that group.
3. Community cloud - A community cloud is shared among two or more organizations that
have similar cloud requirements.
4. Hybrid cloud - a hybrid cloud is essentially a combination of at least two Clouds, where the
Clouds included are a mixture of public, private, or community.
10
To analyse if a cloud systems and ERP could prove to be a suitable alternative to the
traditional on-premise ERP and for local, massive data storage accessibility
To ascertain the merits and demerits of a cloud computing Technology and suggest best
practices as of the security concerns to be implemented as pertinent solution regarding the
security of the organizational data stored in the current world of Cloud systems.
What are the various security techniques being used by the leading Cloud Computing
providers to prevent unauthorized access to data within the Cloud?
How the data is being transferred and retrieved between the Cloud and a local network based
ERPS?
What organizational and Environmental factors impact the adoption of cloud computing?
How can we guaranty Cloud users to fear not about security problems that are expected in
future Cloud Computing?
architectures run in-the-cloud where the physical location of the infrastructure is determined by the
provider (Varia, 2008) and is abstracted from the organisation, thus allowing the focus to shift from
IT to business innovation. The benefits of cloud computing are widely discussed in practice,
focusing on increased agility, availability, flexibility, cost savings and interoperability (Kim, 2009).
The separation of service provider from infrastructure provider has made it much easier for new
services to be established online quickly and with low financial risk, and to scale those, services as
demand dictates (Murray, 2009 ; Buyya, 2009). Using someone elses infrastructure on a pay-peruse basis converts the fixed costs into a variable cost based on actual consumption , reducing initial
investment and risk (Buyya, et al., 2008) (Fox, 2009). Also the demand for online services can be
very variable and poor response due to overload can risk losing customers (Pandey, et al. , 2009).
Cloud computing provides easy scalability and the flexible creation and dismantling of resources
that customers need only temporarily for special projects or peak workloads (Leavitt, 2009 ; Fox,
2009 ; ECONOMIST, 2009) giving it choice and control over its infrastructure. The ability to scale
the use of cloud power to match the demand also mitigates the risk of failure (ECONOMIST,2009)
while making the organisations more adaptable.
Cloud based ERP has a much smaller time scale for configuration and deployment. This has a
fundamental impact on the agility of a business and the reduction of costs associated with time
delays (ISACA, 2009 ; Hayes, 2009) allowing organisations to realise the competitive advantage at
a much earlier stage than the non adapters. Organisational data is available and accessible globally
through internet improving the overall collaboration in the organsation (Scale, 2009 ; Armbrust, et
al., 2009).
When data is stored beyond the organisation, even with lock-tight security and data management
standards, there are confidentiality and privacy risks associated with this model, not to mention
potential industrial sabotage (Fox, 2009 ; Leavitt, 2009 ; Pandey et al., 2009 ; Das et al.,2009). Also,
with a distributed application architecture, there is no possibility for local customization and
development an you are limited to the interface the service provider gives you (Fox, 2009).
Besides security, there are legal and regulatory issues that need to be taken care of. When moving
applications and data to the Cloud, the providers may choose to locate them anywhere on the planet
(Pandey et al., 2009) which subjects it to the laws of that country. For example, specific
cryptography techniques could not be used because they are not allowed in some countries.
Performance concerns may stop some companies from using cloud computing for transaction
13
oriented and other data-intensive applications (Leavitt, 2009) (Hayes, 2009). Cloud services have
reduced the cost of content storage and delivery, but they can be difficult to use for non-developers,
as each service is best utilised via unique web services, and have their own unique quirks. (Tari, et
al., 2009). A user could also get a nasty surprise if they have not understood what they will be
charged for (Broberg, et al., 2008). Vendor lock-in is another problem that an organisation may have
to face if they want to migrate towrds a new service provider. (Armbrust, et al., 2009).
People are focusing on the core technologies that will lead their business forward over the next five
years and want to know how to manage varying degrees of risk wisely. They are wary of making a
complete jump in computing ideology in one fell swoop (ECONOMIST, 2010)
14
Every organisation may have its own reasons to either acquire or shun a cloud based ERP systems
and these factors are unique to each organisation which reflects the disposition of the organisation
lending itself to being subjective.
Issues revolving around privacy, and ownership and access to data raise interesting questions in the
cloud. As a visual aid, Figure 1 schematically represents how privacy and security issues in the
cloud are tightly linked to the institutional and technological environments.
Various characteristics of the cloud affect organizations perceptions of confidentiality, integrity,
and availability of the
cloud (Left part of Figure
1). Formal and informal
institutions, on the other
hand, affect perception of
legitimacy
and
trustworthiness
of
the
Assessment
of
institutional
and
technological
and
facilitators
inhibitors
organizations
affect
adoption
1.
Cloud
actors
changes
(Katyal
Brenner
2004).
2001;
Moreover,
institutional actors vary in their timing of responses. For instance, whereas trade and professional
associations and industry standard organizations are taking measures to respond to security and
16
privacy issues in the cloud, government agencies have been slow to adopt necessary legislative,
regulatory and other measures to monitor users and providers of the cloud.
THE CLOUDS NEWNESS AND UNIQUE VULNERABILITIES
The clouds newness and uniqueness present special problems. With the evolution and popularity of
virtualization technology, new bugs, vulnerabilities and security issues are being found
(Brynjolfsson et al. 2010). The cloud, however, is not a familiar terrain for most IT security
companies. A lack of mechanisms to guarantee security and privacy has been an uncomfortable
reality for many cloud providers.
Virtualization as one of the implementational model of Cloud Technology, it has found that a user
may be able to access to the providers sensitive portions of infrastructure as well as resources of
other client environments that are managed by the same cloud provider
Figure 2. Cloud computing Layers according to Gartner, 2009.
Experts argue that such vulnerabilities
could have more adverse impacts in the
cloud than in an on-premise computing
(Owens 2010).
The cloud is also forensically challenging
in the case of a data breach. For instance,
some public cloud systems may store and
process data in different jurisdictions,
which vary in terms of laws related to
security, privacy, data theft, data loss and
intellectual property theft (McCafferty
2010). Some organizations may encrypt
their data before storing in the cloud.
17
18
INSTITUTIONAL ENVIRONMENT
Institutional theory is described as a theory of legitimacy seeking (Dickson et al., 2004, p. 81). To
gain legitimacy, organizations adopt behaviors irrespective of the effect on organizational efficiency
(Campbell 2004). Institutional influence on adoption decisions related to the cloud becomes an
admittedly complex process when providers and users of the cloud have to derive legitimacy from
multiple sources such as employees, clients, client customers, professional and trade associations
and governments.
19
challenges and constraints for companies that have responsibilities to meet stringent compliance
related to these frameworks and reporting requirements for their data (McCafferty 2010; NW 2010).
The cloud has several important new and unique features, which create problems in writing
contracts. For instance, an analysis of the contracts between Google and Computer Sciences
Corporation (CSC) with the City of Los Angeles indicated several problems related to data breach
and indemnification of damages. Google was a CSC subcontractor in the arrangement. An attorney
analyzing the case noted that some of the complexity in the case would have been avoided if the
term "lost data" was defined more clearly in the contracts (NW 2010).
While some experts understandably argue that it would not be practical to hold cloud providers
liable for everything, current regulations are heavily biased in favor of cloud providers. For instance,
in the event of a data breach in the cloud, the client, not the vendor, may be legally responsible
(Zielinski 2009). However, cloud providers are required to keep sensitive data belonging to a federal
agency within the country. While Google Apps are FISMA certified for its government cloud,
which is not necessarily the case for the private industry (Brodkin 2010).
Regulatory overreach
There have been concerns about possible overreach by law enforcement agencies. The FBI's audits
indicated the possibility of overreach by the agency in accessing Internet users information
(Zittrain 2009).
For some analysts, the biggest concern has been the governments increased ability to access
business and consumer data and censor and a lack of constitutional protections against these actions
(Talbot 2010). The cloud is likely to make it easier for governments to spy on citizens. Governments
worldwide, however, differ in their approach to and scale of web censorship and surveillance.
Especially, the cloud is likely to provide authoritarian regimes a fertile ground for cyber-control
activities.
and take into account the different assumptions and value systems are likely to be successful
(Schneider 1999).
Professional associations measures
Compared to established industrial sectors, in nascent and formative sectors such as cloud
computing, there is no developed network of regulatory agencies. For instance, there are few, if any,
national or international legal precedents for the cloud industry (McCafferty 2010). As a
consequence, there is no stipulated template for organizing, and thus pressures for conformity are
less pronounced (Greenwood & Hinings 1996). In such settings, professional and trade associations
may emerge to play unique and important roles in shaping the industry (Kshetri & Dholakia 2009).
These associations norms, informal rules, and codes of behavior can create order, without the laws
coercive power, by relying on a decentralized enforcement process where noncompliance is
penalized with social and economic sanctions (North 1990).
Various professional and trade associations are also constantly emerging and influencing security
and privacy issues in the cloud in new ways as a result of their expertise and interests in this issue.
A visible example is the Cloud Security Alliance (CSA) (www.cloudsecurityalliance.org), a group
of information security professionals. The CSA is working on a set of best practices as well as
information security standards for cloud providers (Crosman 2010).
Industry standards and certification programs
Some argue that industry standards organizations may address most of the user concerns related to
privacy and security in the cloud industry (Object Management Group 2009). Organizations such as
Object Management Group (OMG), the Distributed Management Task Force (DMTF), the Open
Grid Forum (OGF), and the Storage Networking Industry Association (SNIA) have made efforts to
address security and privacy concerns in the cloud industry (Wittow & Buller 2010).
There are no formal processes for auditing cloud platforms. Analysts argue that auditing standards
to assess a service providers control over data (e.g., SAS 70) or other information security
specifications (e.g., the International Organization for Standardizations ISO 27001) are insufficient
to deal with and address the unique security issues facing the cloud (Brodkin 2010). Note that these
standards and specifications were not developed specifically for the cloud computing.
22
23
cyber-attacks go unnoticed or may go unnoticed for long periods of time. An organizations data in
the cloud may be stolen but it may not ever be aware that such incidents had happened.
Cloud users inertia effects
It is quite possible that organizational inertia1 may affect the lens through which users view security
and privacy issues in the cloud. Organizational inertia may constraint a firm's ability to exploit
emerging opportunities such as cloud computing. An inertia effect is likely to adversely influence an
organizations assessment of the cloud from the security and privacy standpoints.
Reduction in control is an obvious concern. Cloud users dont have access to the hardware and other
resources that store and process their data. There is no physical control over data and information in
the cloud (Wilshusen, 2010). A case in point is Google. The company provides security and privacy
assurances to its Google Docs users unless the users publish them online or invite collaborators.
However, Google service agreements explicitly make it clear that the company provides no
warranty or bears no liability for harm in case of Googles negligence to protect the privacy and
security.
Just as vital is preference for localness. From the standpoint of security, most users prefer
computing to be local. Organizations arguably ask: who would trust their essential data out there
somewhere?.
24
For instance, barriers associated with newness and inertia effects are likely to decline over time. On
the other hand, as the penetration level, width and depth of cloud increases, it is likely to be a more
attractive cybercrime target.
One implication of the dynamic aspects of the model is that institutions change over time in the
cloud industry. The idea of institutional field can be helpful in understanding this dynamic. A field
is formed around the issues that become important to the interests and objectives of specific
collectives of organizations. For a field formed around privacy and security in the cloud, these
organizations include regulatory authorities, providers and users of the cloud as well as professional
and trade association. The content, rhetoric, and dialogue among these constituents influence the
nature of field formed around the security and privacy issues associated with the cloud.
26
The model also leads to useful questions that need to be asked before making cloud related
investments. Given the institutional and technological environment, potential adopters should ask
tough questions to the vendor regarding certification from auditing and professional organizations
(e.g., AICPA), locations of the vendors data centers, and background check of the vendors
employees, etc.
The above analysis suggest that a one size fits all' approach to the cloud cannot work. The model
presented in Figure 1 would also help in making strategic decisions. For instance, organizations may
have to make decisions concerning combinations of public and private clouds. For instance, the
public cloud is effective for an organization handling high-transaction/low-security or low data
value (e.g., sales force automation). Private cloud model, on the other hand, may be appropriate for
enterprises that face significant risk from information exposure such as financial institutions and
health care provider or federal agency. For instance, for medical-practice companies dealing with
sensitive patient data, which are required to comply with the HIPAA rules, private cloud may be
appropriate.
Today, accurately or not, businesses are concerned about issues such as privacy, availability, data
loss (e.g., shutting down of online storage sites), data mobility and ownership (e.g., availability of
data in usable form if the user discontinues the services). Cloud providers are criticized on the
ground that they do not answer questions and fail to give enough evidence to trust them. In this
regard, many of the user concerns can be addressed by becoming more transparent.
Since geographic dispersion of data is an important factor associated with cost and performance of
the cloud, an issue that deserves mention relates to regulatory arbitrage. Experts expect that
countries update their laws individually rather than to act in a multilateral fashion (TR 2010).
Economies worldwide vary greatly in terms of the legal systems related to the cloud. Due to the
newness, jurisdictional arbitrage is higher for the cloud compared to the IT industry in general. In
this regard critics are concerned that cloud providers may store sensitive information in jurisdictions
that have weak laws related to privacy, protection and availability of data (Edwards 2009).
Anecdotal evidence suggests that due to increasingly important roles in national security, many high
technology sectors are characterized by a high degree of protectionism. The atmosphere of suspicion
and distrust among states can lead to such protectionism. To capture the feelings that accompany
intergovernmental distrust, consider the U.S.China trade and investment policy relationship.
27
Chinese leaders are suspicious about possible cyber-attacks from the U.S. There has been a deep
rooted perception among Chinese policy-makers that Microsoft and the U.S. government spy on
Chinese computer users through secret back doors in Microsoft product. Chinese leaders thus may
be uncomfortable with the idea of storing data on clouds provided by foreign multinationals. U.S.
policy makers are equally concerned about Chinese technology firms internationalization. The
above analysis indicates that such concerns are likely to be even more prominent in cloud
computing.
Cyber-espionage has been an obvious application of the cloud. If there is any lesson that recent
major cyber-espionage activities teach, it is that countries with strong cyber-spying and cyberwarfare capabilities such as China will be in a good position to exploit the clouds weaknesses for
such activities.
In view of the technological capabilities of extra-legal and illegal organizations, one area that
deserves attention is the escalation of economic and industrial espionage activities such as
intellectual property theft. There have been reports that U.S. government agencies such as the
Defense Department as well as private companies have been targets and victims of such activities24.
It is thus reasonable to expect that the cloud may enable an upgrade of these activities to industrial
espionage.
Nonetheless, security and privacy issues in the developing world need to be viewed in the context of
weak defense mechanisms of organizations. Information technologys follow diffusion concept can
be helpful in understanding a weak defense. Many companies in developing countries lack
technological and human resources to focus on security. Hollow diffusion can be human-related
(lack of skill and experience) or technology-related (inability and failure to use security products)
(Otis & Evans 2003). Especially for developing-based organizations that do not deal with highvalue and sensitive data the cloud may provide low-cost security to address some of the securityrelated human and technological issues.
Providers and users of the cloud face additional challenges in developing economies. Various
aspects of the institutional environment may weaken the clouds value proposition and discourage
investors. In many developing countries, factors such as corruption, the lack of transparency, and a
weak legal system can exacerbate security risks. The high-profile attacks on Google cloud allegedly
by China-based hackers in 2009 were an eye opener for the cloud industry.
28
A final issue that deserves mention relates to the impacts of clouds controlled by the developing
world players on security issues of industrialized countries. It is tempting for global cloud players to
use cheaper hosting services in developing countries. Cyber-criminals, however, find it more
attractive to target rich economies.
29
GENERAL CONCLUSION
It has been sorely defined cloud computing as management and provision of different resources,
such as, software, applications and information as services over the cloud (internet) on demand.
Cloud computing is based on the assumption that the information can be quickly and easily accessed
via the net. With its ability to provide dynamically scalable access for users, and the ability to share
resources over the Internet, cloud computing has recently emerged as a promising hosting platform
that performs an intelligent usage of a collection of services, applications, information and
infrastructure comprised of pools of computers, networks, information and storage resources. Cloud
computing is a multi-tenant resource sharing platform, which allows different service providers to
deliver software as services and deliver hardware as services in an economical way. However along
with these advantages, storing a large amount of data including critical information on the cloud
motivates highly skilled hackers, thus creating a big constraint to business data owners, therefore
there is a need for the security pillars and confidentially mechanism to be considered and
implemented as one of the top solution of the burning issues while considering Cloud Computing
technology so that Legitimate as well as illegitimate organizations and entities can be ensured to do
not gaining access to data on the cloud through illegal, extralegal, and quasi-legal means.
One fear has been that intellectual property and other sensitive information stored in the cloud could
be stolen. Worse still, cloud providers may not notify their clients about security breaches. Evidence
indicates that many businesses tend to underreport cybercrimes due to embarrassment, concerns
related to credibility and reputation damages and fears of stock price drops.
The fears can be eradicated via the implementation of authentication pillar with which the cloud
service provider guaranty an asynchronous system with data replication to be looked-in and data
integrity to be bilateral on one eye viewer another.
Despite all, Rwandans found cloud technology to be a solution since there is fear of if uncertain
disaster on business big data but also the cost matter of cloud service not limited to service assess
since Internet and infrastructure remain as challenging and barrier to this innovative tech, one way
solution is Internet to be available, rule set to protect online and remote system as well as cost
rational.
30
Dubey, A., & Wagle, D. (2007, May). Delivering software as a service. The McKinsey Quarterly
Web Exclusive .
ISACA. (2009). Cloud Computing: Business Benefits With Security, Governance and Assurance
Perspectives. Rolling Meadows, USA: ISACA Emerging Technology.
Kim, W. (2009). Cloud Computing: Today and Tomorrow. Journal of object technology , 8 (1).
ECONOMIST. (2009, November 10). Cloud Computing : Economist Debate. Retrieved December
13, 2009, from http://www.economist.com: /debate/files/view/CSC_Cloud_Computing_Debate0.pdf
Al-Mashari, M., & Zairi, M. (2000). Supply-chain re-engineering using enterprise-resource planning
(ERP) systems: an analysis of a SAP R/3 implementation case,. International Journal of Physical
Distribution & Logistics Management , 30 (3/4), 296-313.
Alvesson, M., & Skoldberd, K. (2000). Reflexive Methodology. SAGE Publications Ltd.
Armbrust, M., Fox, A., Griffith, R., Joseph, A., Katz, R., Lee, G., et al. (2009). Above the Clouds: A
Berkeley View of Cloud Computing. University of California at Berkley, USA, Technical Report
No. UCB/EECS-2009-28,.
Babbie, E., & Mouton, J. (2001). The practice of social research. Cape Town: Oxford University
Press.
Bazeley, P. (2004). Issues in Mixing Qualitative and Quantitative Approaches to Research. In R.
Buber, J. Gadner, & L. Richards (Eds.), Applying Qualitative Methods to Marketing Management
Research (pp. 141-56.). Palgrave Macmillan.
Bennett, K., Layzell, P., Budgen, D., Brereton, P., Macaulay, L., & Munro, M. (2000). Servicebased software: the future for flexible software. Seventh Asia-Pacific Software Engineering
Conference (pp. 214-221). APSEC .
Bingi, P., Sharma, M. K., & Godla, J. K. (1999). Critical issues affecting an ERP implementation.
Information Systems Management , 16 (3), 7-14.
31
Bogdan, R., & Biklen, S. K. (1992). Qualitative research for education: An introduction to theory
and methods. Boston: Allyn and Bacon.
Bolender, J. (1998, April). Factual Phenomenalism: a Supervenience Theory. SORITES , pp. 16-31.
Boykin, R. F. (2001). Enterprise resource-planning software: a solution to the return material.
Computers in Industry , 45, 99-109.
Broberg, J., Buyya, R., & Tari, Z. (2008). MetaCDN: Harnessing Storage Clouds for high
performance content delivery. Technical Report GRIDS-TR-2008-11, Grid Computing and
Distributed Systems Laboratory, University of Melbourne, Australia.
Bryman, A., & Bell, E. (2003). Business Research Methods. Oxford: Oxford University Press.
Bulkeley, W. M. (1996). A cautionary network tale: Fox Meyers high-tech gamble. Wall Street
Journal Interactive Edition .
Buyya, R. (2009). Market-Oriented Cloud Computing: Vision, Hype, and Reality of Delivering
Computing as the 5th Utility. 9th IEEE/ACM International Symposium on Cluster Computing and
the Grid.
Buyya, R., Yeo, C. S., & Venugopal, S. (2008). Market-oriented Grids and Utility Computing: The
State-of-the-art and Future Directions. Journal of Grid Computing , 6 (3), 255-276.
Chen, I. J. (2001). Planning for ERP systems: analysis and future trend. Business Process
Management Journal , 7 (5), 374-86.
Creswell, J. (1994). Research Design: Quantitative and Qualitative Approaches. Thousand Oaks,
CA: Sage.
Das, A., Reddy, R., Reddy, S., & Wang, L. (2009). Information Intelligence in Cloud ComputingHow can Vijjana, a Collaborative, Self-organizing, Domain Centric Knowledge Network Model
Help. Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence
Research: Cyber Security and Information Intelligence Challenges and Strategies. Oak Ridge,
Tennessee: ACM NewYork.
Davenport, T. (1998). Putting the Enterprise into the Enterprise System. Harvard Business Review ,
121-131.
David, M., & Sutton, C. (2004). Social Research: The Basics . London: Sage Publications Ltd .
32
Denzin, N. K., & Lincoln, Y. S. (1998). The landscape of qualitative research: Theories and issues.
Thousand Oaks: Sage Publications.
Du Plooy, G. M. (2001). Communication Research: Techniques, Methods and Applications,. Juta:
Landsowne.
Dubey, A., & Wagle, D. (2007, May). Delivering software as a service. The McKinsey Quarterly
Web Exclusive .
ECONOMIST. (2009, November 10). Cloud Computing : Economist Debate. Retrieved December
13, 2009, from http://www.economist.com: /debate/files/view/CSC_Cloud_Computing_Debate0.pdf
Elliot, R. (1995). Therapy process research and clinical practice : Practical strategies. Research
foundations for psychotherapy practice , 49-72.
Firestone, W. (1987). Meaning in method: The rhetoric of quantitative and qualitative research.
Educational Researcher , 16 (7), 16-21.
Fox, R. (2009). Library in the clouds. OCLC Systems & Services , 25 (3), 156-161.
Gable, G. (1998). Large package software: a neglected technology. Journal of Global Information
Management , 6, 34.
Gardiner, S. C., Hanna, J. B., & LaTour, M. S. (2002). ERP and the re-engineering of industrial
marketing processes: a prescriptive overview for the new-age marketing manager. Industrial
Marketing Management , 31, 357-365.
Ghauri, P., & Gronhaug, K. (2005). Research methods in business studies: A practical guide. Essex
: England: Pearson Education Limited.
Gilles, L. (2000). Improving the external validity of marketing models: A plea for more qualitative
input. International Journal of Research in Marketing , 17, 177.
Glaser, B. G., & Strauss, A. L. (1967). The Discovery of Grounded Theory: Strategies for
Qualitative Research. New York: Aldine Publishing Company.
Glass, R., & Vessey, I. (1999). Enterprise Resource Planning Systems: Can They Handle the
Enhancement Changes Most Enterprises Required ? Proceedings of First International Workshop
on Enterprise Management and Enterprise Resource Planning Systems: Methods, Tools and
Architectures.
33
Glasser, B. (1992). Basics of Grounded Theory Analysis: Emergence Versus Forcing. Mill Valley,
CA: Sociology Press.
Glasser, B. (1978). Theoretical sensitivity: Advances in the methodology of grounded theory. Mill
Valley: CA: Sociology Press .
Gray, D. E. (2004). Doing Research in the Real World. London: Sage Publications.
Guba, E. G., & Lincoln, Y. S. (1994). Competing paradigms in qualitative research : Handbook of
Qualitative Research. Sage.
Gupta, A. (2000). Enterprise resource planning:the emerging organizational value systems.
Industrial Management & Data Systems , 100 (1).
Hayes, B. (2009). Cloud computing. Communications of the ACM , 51 (7), 9-11.
Hoffer, J. A., Valacich, J. S., & George, J. F. (1999). Modern Systems Analysis and Design.
Reading, MA: Addison Wesley.
Kolb, D. A., & Fry, R. (1975). Toward an applied theory of experiential learning. London, UK:
John Wiley.
Kolb, D. (1984). Experiential Learning experience as a source of learning and development. New
Jersey: Prentice Hal.
Kvale, S. (1996). Interviews: An Introduction to Qualitative Research Interviewing. London: Sage
Publications.
Leavitt, N. (2009). Is cloud computing really ready for prime time? Computer , 42 (1), 15-20.
Leedy, P. D. (1997). Practical Research : Planning and Design. New Jersey: Prentice Hall.
Light, B. (2001). The maintenance implications of the customization of ERP Software. JOURNAL
OF SOFTWARE MAINTENANCE AND EVOLUTION: RESEARCH AND PRACTICE , 13, 415
429.
Lincoln, Y. S., & Guba, E. G. (1985). Naturalistic inquiry. Beverly Hills: Sage Publications.
Lindolf, T. R., & Taylor, B. C. (2002). Qualitative Communication Research Methods, . Thousand
Oaks, California: Sage .
34
Markus, M. L., & Tanis, C. (2000). The enterprise systems experience from adoption to success.
In Framing the Domains of IT Research: Glimpsing the Future Through the Past , 173--207.
Markus, M. L., Axline, S., Petrie, D., & Tanis, C. (2000). Learning from adopters experiences with
ERP: problems encountered and success achieved. Journal of Information Technology , 15, 245
265.
Marshall, M. N. (1996). Sampling for qualitative research (Vol. 13). Fam Pract.
Mason, J. (2002). Qualitative Researching,. London: Sage.
Maxwell, J. A. (1992). Understanding and validity in qualitative research. Harvard Educational
Review , 62 (3), 279-300.
Maykut, P., & Morehouse, R. (1994). Beginning Qualitative Research: A Philosophic and Practical
Guide. London: The Falmer Press.
Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis (2 ed.). London: Sage.
Mouton, J., & Marais, H. J. (1990). Basic Concepts: The Methodology of the Social Sciences . South
Africa: HSRC Press.
Murray, P. (2009). Enterprise Grade Cloud Computing. Hewlett Packard .
Osterle, H., Fleisch, E., & Alt, R. (2000). Business Networking. Berlin: Springer.
Pandey, S., Buyya, R., & Vecchiola, C. (2009). Cloudbus Toolkit for Market-Oriented Cloud
Computing. In Proceeding of the 1st International Conference on Cloud Computing
(CloudCom2009). Beijing, China: Springer: Germany.
Parr, A., & Shanks, G. (2000). A Model of ERP Project Implementation. Journal of Information
Technology , 15 (4), 289-304.
Patton, M. Q. (2001). Qualitative evaluation and research methods. Thousand Oaks: Sage
Publications.
Rossman, C., & Marshall, G. B. (1999). Designing qualitative research. Thousand Oaks: Sage
Publications.
Rossman, G. B., & Rallis, S. F. (2003). Learning in the field: an introduction to qualitative
research. Sage Publications.
35
Saunders, M., Lewis, P., & Thornhill, A. (2003). Research Methods for (3 ed.). Harlow: Prentice
Hall.
Scale, M. S. (2009). Cloud computing and collaboration. Library Hi Tech New , 26 (9), 10-13.
Smith, N. C., & Dainty, P. (1991). Management Research Handbook. London: Routledge.
Spens, K. M., & Kovacs, G. (2006). A content analysis of research approaches in logistics research.
International Journal of Physical Distribution and Logistics Management , 36 (5), 374-390.
Stedman, C. (1999). Tracking changes - a must in ERP projects; business users sometimes fail to
realize importance. Computerworld , pp. 41-2.
Stiles, W. B. (1993). Quality control in qualitative research. Clinical Psychology Review , 13, 593 618.
Strauss, A., & Corbin, J. (1990). Basics of Qualitative Research. Newbury Park, CA: Sage.
Symon, G., & Cassell, C. (1994). Qualitative research in work contexts. Thousand Oaks, CA: Sage
Publications.
Tari, Z., Buyya, R., & Broberg, J. (2009). Creating a Cloud Storage Mashup for High
Performance, Low Cost Content Delivery. Proc. Service-Oriented Computing--ICSOC 2008
Workshops (pp. 178183). Berlin: Springer.
The Economist. (2009, Oct 15). Cloud Computing: Clash of the clouds. Retrieved Dec 10, 2009,
from http://www.economist.com: /displaystory.cfm?story_id=14637206
Varia, J. (2008). Cloud Architectures. Amazon Web Services .
Cloud Computing Explained: Implementation Handbook for Enterprises, Recursive Press, ISBN
0956355609, 2009
Hadoop, the Definitive Guide, OReilly Media, ISBN: 978-0-596-52197-4, 2010
Distributed and Cloud Computing, 1st edition, Morgan Kaufmann, 2011.
Clarke, R. V. (1995). Situational crime prevention. In M. Tonry & D. P. Farrington (Eds.), Building
a safer society. Strategic approaches to crime (pp. 91150). University of Chicago Press.
Crosman, P. (2009). Securing The Clouds, Wall Street & Technology, December 1, pp.23.
36
Dean, T. J., & Meyer, G. D. (1996). Industry Environments and New Venture Formations in U.S.
Manufacturing: a Conceptual and Empirical Analysis of Demand Determinations. Journal of
Business Venturing, 11, 107-132.
Del Nibletto, P. (2010). The seven deadly sins of cloud computing, March 19, 2010, available at
http://www.itbusiness.ca/it/client/en/home/News.asp?id=56870.
Edwards, J. (2009). Cutting Through the Fog of Cloud Security. Computerworld, 43(8), 26-29.
ENSIA. (2009). Cloud Computing: Benefits, risks and recommendations for information security.
IWMSF (Information Warfare Monitor/Shadowserver Foundation), Shadows In The Cloud:
Investigating Cyber Espionage 2.0, Joint Report: Information Warfare Monitor Shadowserver
Foundation, JR03-2010, April 6, 2010, available at http://www.utoronto.ca/mcis/pdf/shadows-inthe-cloud-web.pdf.
Jepperson, R. (1991). Institutions, institutional effects, and institutionalism. In W. W. Powell & P. J.
DiMaggio (eds.). The new institutionalism in organizational analysis (pp. 143163). Chicago:
University of Chicago Press.
Katyal, N. K. (2001). Criminal law in cyberspace. University of Pennsylvania Law Review, 149(4),
10031114.
Kshetri, N. (2007). The Adoption of E-Business by Organizations in China: An Institutional
Perspective, Electronic Markets, 17(2), 113-125
Kshetri, N. (2010a). Cloud Computing in Developing Economies. IEEE Computer, October, 43(10),
47-55.
Kshetri, N. (2010b). The Global Cyber-crime Industry: Economic, Institutional and Strategic
Perspectives. New York, Berlin and Heidelberg: Springer-Verlag.
Larsen, E., & Lomi, A. (2002). Representing change: A system Model of organizational inertia and
capabilities as dynamic accumulation processes. Simulation Model Practice and Theory, 10(5), 271296. Martin, J. A. (2010). Should You Move Your Business to the Cloud?. PC World, Apr 2010,
28(4), 29-30. Martnez-Cabrera, A. (2010). Security in the computing cloud a top concern, March 6,
2010, available at http://articles.sfgate.com/2010-03-06/business/18378297_1_cyber-security-czarhoward-schmidt-qualys-rsa.
37
Messmer, E. (2010). Cloud computing providers working in secret. Network World, July
12, 2010, 27(13), 10-11. Messmer, E. (2010). Secrecy of cloud computing providers raises IT
security risks, available at http://www.mis-asia.com/news/articles/secrecy-of-cloud-computingproviders-raises-it-security-risks.
Mullins, R. (2010). The biggest cloud on the planet is owned by ... the crooks: Security expert says
the
biggest
cloud
providers
are
botnets,
March
22,
2010,
available
at
http://www.networkworld.com/community/node/58829?t51hb.
NW (Network World). (2010). Inside the cloud security risk, 27(13), p. 11. Newman, K. L. (2000).
Organizational transformation during institutional upheaval.
Stewart, B. (2010). Apple Keeps iTunes Out of the Cloud. Information Today, Oct 2010, 27(9), 4646.
Sturdevant, C. (2010). Seeding security into the cloud. eWeek, March 15, 2010, 27(6), 38-38.
Talbot, D. (2010). Security in the Ether. Technology Review, 113(1), 36-42.
Taylor, M., Haggerty, J., Gresty, D., & Hegarty, R. (2010). Digital evidence in cloud computing
systems. Computer Law & Security Review, May 2010, 26(3), 304-308.
Tillery,
S.
(2010).
How
Safe
Is
the
Cloud?,
available
at
http://www.baselinemag.com/c/a/Security/How-Safe-Is-the-Cloud-273226.
Vizard, M. (2010). Assessing the Risks of Cloud Computing, Oct 11, 2010, available at
http://www.itbusinessedge.com/cm/blogs/vizard/assessing-the-risks-of-cloudcomputing/?cs=43712.
Wilshusen, G. C. (2010). Information Security Federal Guidance Needed to Address Control Issues
with Implementing Cloud Computing. GAO Reports, July 1, 2010, preceding pp. 1-48.
Wittow, M. H., & Buller, D. J. (2010). Cloud Computing: Emerging Legal Issues for Access to
Data, Anywhere, Anytime. Journal of Internet Law, Jul 2010, 14(1), 1-10.
Zielinski, D. (2009). Be Clear on Cloud Computing Contracts. HR Magazine, Nov, 54(11), 63-65.
38
39