Summary
Cloud computing seems to solve many problems of conventional data processing. Due to the flexibility, mobility, and cost savings, users can customize their computing power more efficiently. However, there are also disadvantages. Users in part lose control over their data, e. g. they do not know where, how and under what circumstances their data is stored and processed, or who has access to their data. We describe the benefits and risks of cloud services and their impact on the acceptance and use on the (end-) users. We conclude that trust in cloud computing is a key factor that mitigates risks and can make the use of cloud computing services more effective.
Zusammenfassung
Cloud Computing scheint die Lösung vieler Probleme herkömmlicher Datenverarbeitung zu sein. Nutzer können raumzeitlich flexibel und kostengünstig auf eine Vielzahl von Rechenleistungen zugreifen. Diesen Vorteilen stehen aber auch negative Auswirkungen gegenüber. Oftmals verlieren Kunden durch die Auslagerung der Daten an Cloud Service Anbieter die Kontrolle über ihre Datenbestände, d. h. sie wissen nicht wo, wie und unter welchen Umständen diese gespeichert und verarbeitet werden, bzw. wer darauf zugreifen kann. Der Beitrag fasst die Vor- und Nachteile für Nutzer zusammen und bezieht sich auf technische Merkmale des Cloud Computing, theoretische Aspekte der Vertrauensforschung und empirische Ergebnisse der nutzerzentrierten Forschung zur Cloud.
1 Introduction
The term cloud computing is intended to symbolise almost endless, flexible, on-demand access to IT-resources. The idea of cloud computing is therefore already regarded as one of the core innovations in information and communications technology in the 21st century (Buyya et al. 2009). For many observers it marks an important step in the direction of virtual companies, flexible work structures and informatisation of manufacturing processes (Industry 4.0) with the aim to provide computing as a utility (cf. Armbrust et al. 2009; Buyya et al. 2009). In recent years, considerable hype has developed about the Cloud concept and the associated technology. Both in the media and in the business sector there has been a rapid growth of interest in solutions from the Cloud and the turnover of Cloud providers has increased many times over (Gartner 2010; BITKOM 2013).
However, the metaphor of the cloud can also symbolise obscurity – both about the actors involved in the cloud and about the ways in which it operates. The data are out of reach, so that the user no longer feels able to control and protect them as well as perhaps with a local hard drive. Trust in providers and their clouds has not been increased by the disclosures of massive surveillance of national and international data traffic and doubts about security and data protection in particular have reduced willingness to use cloud solutions. After a series of breakdowns, there are also concerns about their technical reliability (Cachin and Schunter 2011). However, trust is a key factor for a user facing a decision on whether to accept the risks involved and to begin to use the cloud (Gebauer et al. 2012).
A number of empirical investigations and reviews have addressed the acceptance of Business Clouds as well as the trust in their services and described economic advantages and disadvantages (e. g. Armbrust et al. 2009; Buyya et al. 2009). However, we focus on the interaction of an individual user with a cloud service (Consumer Cloud). In this context, psychological aspects of trust in the cloud are highlighted and the factors influencing trust and acceptance are discussed.
We begin by considering the cloud itself and the components that impact users’ trust. Risks relating to the cloud are discussed and the ways in which these can may change users’ attitudes. Our aim is to provide a broad overview of user-side research on the cloud and to demonstrate the risks and advantages with regard to the various actors, provision models and service levels.
2 Cloud Computing
The cloud includes a number of forms of data storage, levels of service, business models as well as provider- and user-profiles. Cloud computing is characterised by virtualised information and communications resources (see Figure 1), which to a certain extent can be provided elastically via the Internet (Labes 2012; Cáceres et al. 2010).
Integrated descriptive cloud computing model.
2.1 What is Cloud Computing?
According to the widely adopted definition of the US National Institute of Standards and Technology, there are five essential characteristics of cloud computing (Mell and Grance 2011):
On-demand self-service: Consumers can provision capabilities without human interaction with the provider of the resources (e. g. networks, server time, storage, etc.).
Broad network access: These resources can be accessed over a broadband network (usually via the Internet) using a wide range of end devices.
Resource pooling: The resources are available in a server pool to serve a number of consumers (multi-tenant model). The consumer has no influence on the physical and virtual resources used or their location.
Rapid elasticity: The resources can be adapted in accordance with the demand. Such scaling up or down is usually rapid and automatic, without the consumer having to do anything. The resources therefore appear to be unlimited, i. e. they can be acquired to any quantity at any time.
Measured service: The cloud systems control and optimise their performance by measuring the use. The monitoring, control and protocolling provides transparency for providers and customers about the extent to which the service is used and the costs incurred.
2.2 Actor Constellations in the Cloud
Rather than coming from a single provider as a package, a cloud solution is frequently supplied by a series of different actors (Buyya et al. 2009; Habib et al. 2012; Heininger et al. 2012; Walterbusch and Teuteberg 2012). At the same time, when it comes to reaching a decision on whether to use cloud services it is possible to distinguish between various user groups and user perspectives – depending on the level and field of application (see Table 1).
Various actors in the cloud, modified after Habib et al. 2012 (p. 4–5).
| Actor | Responsibilites | Examples |
|---|---|---|
| Cloud provider | Hosting and management of infrastructure, provision of services (IaaS, PaaS, SaaS) for brokers, resellers, consumers | Amazon E2C (IaaS), Google App Engine (PaaS), Dropbox (SaaS) |
| Cloud broker | Negotiating relationships between consumers and providers (without owning the infrastructure), adding extra services (cloud security and identity management) for consumers | RightScale (IaaS) |
| Cloud reseller | Selling services in the name of the provider, e. g. when providers expand in new regions and countries (local IT resellers), consumers / users are often confronted with the reseller | Pi2 Square (Google), NeuStar Inc. (IBM) |
| Cloud consumer |
|
Private user or enterprises and organisations |
|
Animoto, Gaming | |
| Cloud auditor | Independent auditing, evaluation and certification of individual actors (Provider, Broker, Reseller, Carrier), e. g. in relation to security, reliability and privacy | ISO 27001 standard |
| Cloud carrier | Seizure of interconnection of actors, e. g. by providing network, cable, telecommunication | Telecommunications industry |
On the consumer side, two actor relationships can be distinguished. The ‘Business Cloud’ offers “Business-to-Business” (B2B) services (Armbrust et al. 2009). For the private consumers, cloud services are provided as “Business-to-Consumer” (B2C) services, and this cloud model is called the Consumer Cloud (Hu et al. 2010).
2.3 Service Levels in the Cloud
Three service levels are distinguished for the Cloud (Mell and Grance 2011; see Figure 1):
Infrastructure as a Service (IaaS): Basic resources such as computer processing and storage are provided, together with the necessary network infrastructure. Customers choose what they need, but are then responsible for its operation (e. g. Amazon Elastic Compute Cloud, EC2).
Platform as a Service (PaaS): Resources are provided for the production of applications and software products, e. g. development tools, programming interfaces, and operating systems. Since users are free from administering the underlying infrastructure they can concentrate fully on their development tasks (e. g. Google App Engine).
Software as a Service (SaaS): An environment is provided to implement software or an application in the cloud. The necessary infrastructure is provided and the programs run “in the cloud”, usually accessed via a browser (e. g. Microsoft Office 365).
The three service levels are hierarchically arranged, and the resources at a higher level include the resources of the lower levels.
Private consumers mostly use SaaS-solutions, e. g. cloud storage services (own Cloud, Dropbox) or software packages made available via the browser (Hu et al. 2010; Ion et al. 2011). IaaS or PaaS solutions can only be used by private consumers with specialist knowledge. However, if businesses move their customer-related information and communications technology into the cloud (B2B model for customer services), then customers can be indirectly affected by the processing of their data in the cloud without being aware of this (Chow 2009).
2.4 Deployment Models in the Cloud
Apart from the service levels, it is possible to distinguish between three basic deployment models (see Figure 1).
Public Cloud: Public clouds make infrastructure and resources publicly accessible via the Internet.
Private Cloud: A Private Cloud is only accessible within an existing organisational structure (e. g. company network, Intranet). A further distinction is made between a self-administered data centre (corporate cloud), a consumer data centre that is administered by the provider (managed cloud), and an external data centre administered by the provider (outsourced cloud).
Hybrid cloud: A hybrid cloud offers a combination of the other two models. Some services are publicly available, while others are private.
Taken together, the definition, the service levels, the deployment models, and actors can be presented in a general, descriptive model of cloud computing (Figure 1). The model includes the essential defining elements (virtualisation, scalability, device independence). The levels and deployment models are independent from one another. Dependencies exist solely between the actors and the demands they place on the levels and deployment models. In the following, the possible benefits and risks for cloud users are considered.
3 Good Prospects: Reasons for Using the Cloud
Using the cloud can offer cost savings and flexibility (cf. Repschläger et al. 2010). The scalability means that any conceivable amount of resources can be made available as required for a specific period. This means that the infrastructure, platform, and software no longer have to be purchased, licensed, installed, stored or maintained (Erl, 2013). The use-dependent payment (pay-as-you-go) allows for an extremely cost-efficient use of the resources. Furthermore, additional savings are made as a result of space saving and lower energy consumption.
The virtualised cloud systems create a variety of innovative, highly-individualised service applications (Marston et al. 2011). These include in particular mobile applications which are able to process context-based data (e. g. from sensors) and provide services (Fernando et al. 2013). Resource-intensive big data analyses become possible for smaller companies and even for individuals.
3.1 Prospects for Businesses
The literature on cloud computing has increasingly concentrated on the potential benefits for businesses who are using cloud sourcing for their IT activities (cf. Armbrust et al. 2009). Organisations and companies benefit in different degrees from the advantages offered by the cloud. The consumers of cloud computing have only low start-up costs, if any, in contrast to the investments otherwise required in IT infrastructure. In the case of SaaS, a more powerful, flexible and maintenance-friendly environment is achieved for software, which promotes more rapid software releases (Repschläger et al. 2010).
The core business of many providers of cloud services is not cloud computing itself but some other IT business which requires immense resources in order to cope with short term spikes in demand. Apart from such spikes only about 5 to 20 % of these resources are needed (Armbrust et al. 2009). The remaining unused IT resources are exploited to offer cloud services to other businesses and users in order to generate further incomes (Fehling, 2014).
3.2 Prospects of the Users
In particular with SaaS, users are able to adapt software and services flexibly to their needs and requirements. Empirical results show that the easy access to these services via network resources on a variety of end devices has considerable influence on the decision to use a cloud service. The greater the flexibility of access to data in the cloud is perceived to be, then the more positive is the attitude to the services and the more likely it is that these services will be used (Bhattacherjee and Park 2014; Park and Ryoo 2013; Park and Kim 2014). An additional incentive lies in the support for cooperation with other users and systems. If users view the possibility of exchanging data with others in the cloud positively, then they will also assess the cloud service more positively (Park and Ryoo 2013). And when users see potential for increased performance or efficiency and hope for support from the functionalities of the cloud service, then they use the system more frequently and intensively (Backhaus and Brandenburg 2014; Behrend et al. 2011; Bhattacherjee and Park 2013; Optiz et al. 2012; Gangwar et al. 2015; Park and Kim 2014; Wu 2011a). Other studies report a relationship between ease of use or usability and the use of cloud services (Behrend et al. 2011; Gangwar et al. 2015; Opitz et al. 2012; Wu 2011): If a cloud service can be used easily, quickly and intuitively, it will be appreciated more and used more frequently.
4 Trust
Despite the advantages offered by the cloud, many users remain sceptical of this technology (Uusitalo et al. 2010; Meske et al. 2014). The extent to which potential customers are prepared to use a cloud service depends on their perception of its trustworthiness and of the risks involved (Gebauer et al. 2012).
But what does “trust” actually mean in the context of interaction between user and cloud? To answer this question it is first necessary to clarify how trust between individuals is characterised, before considering the interaction between humans and technology and trust-specific weaknesses of the cloud.
4.1 Interpersonal Trust
Our daily life is characterised by uncertain and risky interactions with other people and institutions. The future behaviour of interaction partners cannot be foreseen with certainty and there is a possibility that the behaviour of one partner will be to the disadvantage of the other. In order to make cooperation possible, one party (the trustor) may decide to act on the basis of trust in the other (the trustee). Trust then reduces the uncertainty and complexity of the situation (Luhmann 1968) and makes it possible to act without prior information about future events (cf. James 2002).
Trust is seen as the behavioural willingness of the trustor to make himself vulnerable to the actions of the trustee (Mayer et al. 1995). This willingness is based on the expectation or the subjective conviction that the trustee will act reliably and in a socially acceptable way (Kumar 1995, Zucker 1986, Luhmann 1968). The trustor has no way of influencing the behaviour of the trustee (Whitener et al. 1998), and enters voluntarily into a situation in which the damage incurred if the trustee exploits the vulnerability is greater than the potential benefit to the trustor (Dasgupta 1988).
The decision to exercise trust depends on the assessed risk (extent and probability of the potential damage) and the perceived trustworthiness of the trustee (Mayer et al. 1995). If the risk is high and / or the trustworthiness low then the willingness to extend trust is markedly lower than in a situation with less risk and a trustee who is perceived to be more trustworthy.
In most cases, the trustworthiness is based on perceived attributes of the trustee, known to the trustor as a result of previous interactions or through information from third parties. Such attributes include benevolence, integrity, and the ability to satisfy the expectations of the trustor (Mayer et al. 1995; Mayer and Davis 1999; Jarvenpaa et al. 1998, see Figure 2). Perceived benevolence relates to whether the behaviour of the trustee is oriented solely towards their own interests or also takes the interests of the trustor into consideration. Perceived integrity describes the extent to which the behaviour of the trustee draws on values and norms which the trustor regards as good and proper. Perceived ability represents the extent to which the trustee is felt to have the requisite skills and experience.
User trust in the cloud.
In many situations, behaviour which seems to be based on trust and an assessment of trustworthiness does in fact follow other rules. On the one hand, a trustor may not be aware of the risks involved, or may have a false impression of them. In this case, he is not acting on the basis of trust but on the basis of ignorance. On the other hand, there may be situations in which control mechanisms remove the uncertainty and risk for the trustor (e. g. by a contract). In this case, trust is no longer necessary because of the situational control or due to impending juridical consequences.
4.2 Trust in the Cloud Provider
Interpersonal trust can also be applied to the relationships between cloud providers and customers (Söllner et al. 2011). Users cannot fully monitor the actions of a cloud provider, because they have neither the necessary expertise nor the time for this (Buch et al. 2014). They therefore enter into a risky dependency and by using the cloud they increase their vulnerability (Simpson 2014). Furthermore, the provider will in most cases be pursuing commercial goals. This influences the perception of benevolence and integrity (perceived trustworthiness, see 4.1). The concept of trust must be slightly amended to take this into account. Users trust a cloud provider if they perceive him as trustworthy and therefore regard the risk to be acceptable (cf. Buch et al. 2014). Users act on the basis of their subjective conviction that the provider of the cloud service will help them to achieve their objective and will not exploit their vulnerability or act solely on the basis of economic goals (Söllner et al. 2012).
4.3 Trust in the Cloud
With regard to the cloud itself, the idea of perceived trustworthiness seems to be inappropriate, because a technical system cannot display benevolence or integrity. Technologies do not have a will of their own, or motives or intentions (Beldad et al. 2010; Friedman et al. 2000; Lee and See 2004). Research on trust in automation (Lee and See 2004) proposes other dimensions to describe the trustworthiness of technologies (cf. Söllner et al. 2012; Lee and See 2004, cf. Figure 2), namely process, performance, and purpose. The process of a system describes the extent to which the user is able to understand which structures and processes are involved in the operation of the system and how these interact (analogous to the integrity concept). The performance of the system relates to the support which a user feels that the system is able to provide (analogous to the ability to achieve specific goals). This also includes aspects such as reliability and predictability of the system. Purpose covers the reason for the development of the system (analogous to benevolence), and whether the user is clear about the aims and intentions of the system developer.
In the case of the cloud, the performance and the process transparency are of considerable importance. Performance refers to the robustness of the cloud and the reliability of the underlying infrastructure. Process transparency with regard to the cloud refers to clarity and an understanding of the technical and organisational processes behind the service.
4.4 User Characteristics: Generalised Trust and System Trust
Willingness to extend trust is situationally-dependent, but at the same time is also a personality trait (Schulz et al. 2009). A distinction must therefore be made between specific trust and generalised trust (cf. Mayer et al. 1995; McKnight and Chervany 2002). Generalised trust is influenced by an individual’s own culture and their personal experience, so that people in the extent to which they extend trust to other people or things (Cheung and Lee 2006). Together with further contextual factors, generalised trust influences the specific trust in a given situation (see Figure 2). Whether an individual trusts the cloud therefore depends on their personal experience and the generalised trust.
Another aspect is the system trust, which can be located between the generalised trust as a disposition and the context-specific trust (cf. Schulz et al. 2009). System trust describes the trust in systems which are relevant over and beyond a specific situation. For example, the Internet is a system which is equally important for a variety of trust situations relating to the cloud. Since most cloud services are provided via the Internet, this is also an object of trust that must be taken into consideration (see Figure 2). Many users state that they do not trust the cloud because they are generally mistrustful of the Internet (Eggert et al. 2014).
4.4.1 Conclusions About Trust in the Cloud
The trust in the cloud is influenced not only by aspects such as the trustworthiness of the provider and the technology but also by trust-relevant user characteristics (generalised trust and system trust, see Figure 2). The extent of the trust determines the extent to which users are willing to become dependent on the cloud.
Trust is a very deficit-oriented concept. Like the air we breathe, we only really notice trust when there is a lack of it (cf. Baier 1986). In the cloud, a range of characteristics lead to such a lack which makes users reluctant to process their data in the cloud.
5 Poor Prospects? Trust-Relevant Aspects in the Cloud
The cloud brings with it new problems in comparison with traditional local data processing that weaken trust in the cloud. These relate to data security (Fernandes et al. 2014; Hashizume et al. 2013; Takabi et al. 2010), privacy (Cavoukian 2008; Pearson 2012; Svantesson and Clark 2010), as well as to legal aspects and compliance (Chaput and Ringwood 2010; Ryan and Falvey 2012). In addition, cloud services lack transparency regarding the various service levels, deployment models and actor constellations (Habib et al. 2012).
5.1 Threats to Security and Data Protection
With cloud computing, data is no longer stored locally by the service provider but at a location unknown to the user. Users of these services are vulnerable if the provider accesses their data and passes these on to others (Cavoukian 2008). Therefore, they must rely on the provider handling their data confidentially, respecting their private sphere, and ensuring adequate protection against unwanted access. The threat involved in using the cloud also increases in comparison with local processing simply as a result of the number of additional technical systems that must be made available in order to implement the cloud service (Ghosh and Arce 2010). Each individual sub-system of the service has its own security gaps and hazards which accumulate for the entire system. In comparison with locally stored software, the risk of attack increases for a mobile application, e. g. as a result of the use of (wireless) network connections and via the server hosting the application. Particularly in the case of Web applications (SaaS) security gaps in the Web browser can allow hackers access to data (Hashizume et al. 2013).
Cloud interfaces are also susceptible to unauthorised access. Depending on the service that is provided, various interfaces are needed, for example for resource control in the case of IaaS, programming interfaces for PaaS, or user interfaces (e. g. for an SaaS application). Such interfaces are vulnerable and may be assaulted by hackers.
In many cloud environments, the customers must authorise themselves via a user account and log in. These accounts are also frequently the target for attacks (Gonzalez et al. 2012).
In addition, synchronising and processing the data also involves transferring considerable amounts of data, which provides opportunities for various types of attack (sniffing, spoofing, Man-in-the-Middle attacks, side-channel attacks; cf. Soares et al. 2014).
For all these reasons, users must be able to rely on the security standards of the provider, usually without having much expertise in this field (Buch et al. 2014).
The large, flexible resource pools mean that many different users are accessing the same physical resources. Here it is necessary to ensure that these resources cannot be decoded by other users (Cachin and Schunter 2011). This risk is increased by de-duplication. In order to minimise storage requirements, duplicate data, i. e. data which is used by many users, is only stored once (Cachin and Schunter 2011).
Expert surveys (e. g. Uusitalo et al. 2010), qualitative user surveys (e. g. Eggert et al. 2014) and also larger opinion polls (e. g. Meske et al. 2014) show that a lack of security and inadequate data protection is one of the most important constraints on decisions to use cloud services. Thus a perceived lack of security influences the willingness to make active use of an SaaS cloud service (Backhaus and Brandenburg 2014; Bhattercherjee and Park 2013; Behrend et al. 2011; Wu 2011a; Wu 2011b). Users and non-users of cloud services are similar in their assessment of privacy and data security in cloud computing and fear unauthorised access and data theft by third parties and also data misuse by the provider (Eggert et al. 2014). Park and Kim (2014) found in a survey study that if the user of cloud services has a poor opinion of the security this not only leads to a negative attitude towards the cloud service and the provider, but also results in a drastically worse perception of the overall quality of the cloud service. Furthermore, if the user has a poor assessment of the security this also has a negative influence on their assessment of the usefulness and practicality of the cloud service (Shin 2014).
5.2 Availability and Reliability
Availability and reliability are important indicators for the trustworthiness of a service (cf. Performance, 4.2). The provider should ensure that the service is permanently accessible and that the resources are available round the clock – even in the event or maintenance and repair work or unexpected events, such as natural catastrophes or power blackouts. Empirical findings show that the perceived availability and reliability have a strong influence on the assessment of usefulness, and thus on the willingness to use a cloud service (Shin 2014). In a survey, a third of all non-users of the cloud data storage services said that they were too worried about losing data (Meske et al. 2014).
5.2.1 New Dependencies
A more subtle risk involved with the use of the cloud is the so-called locked-in effect (Chow 2009). Using cloud solutions leads to the user being tied to the provider. For example, if the interoperability of software, operating system, hardware and network to other products is limited, then this can impede a switch to a competitor. The high costs of a change can lead to a dependency on the current provider and their products. Surveys show that experts attribute the key problem of vendor lock-to the lack a standardisation of cloud systems (Uusitalo et al. 2010).
5.3 Insufficient Transparency
The wide variety of models, service levels and actors mean that the underlying architectures and the structure of the cloud service are often obscured. The user will hardly be able to make out who is involved in providing which resources for the cloud service.
5.3.1 Actor Constellations and Service Levels
A cloud service is rarely made directly available by a single provider. As a rule, a service consists of a chain of various service levels. Providers of IaaS, PaaS and SaaS can be nested in a service chain, but the user will only interact with the provider of the end product of this chain. It remains obscure which other services and providers are also unwittingly involved.
This obscurity of the actor constellations can have an unsettling effect on the users. If they do not know who is involved in the service, then the exact conditions are not clear and it becomes even more difficult to assess the risk involved. Under some circumstances, actors may be involved who do not comply with the legal requirements of the user. For example, behind a European cloud provider and their service there may be a data centre which is geographically located somewhere else. The trust in this service might be much lower if the geographical location were known and the resultant security aspects were relevant.
5.3.2 Legal Issues
The geographical location of the server on which a cloud service is based may also be relevant for other reasons. If the storage location is in another country then the provider and the services may not be subject to the legislation of the user’s country. For example, if a provider has computer centres in numerous countries storing cloud service data then the user cannot be certain which jurisdiction is valid. But this determines which rights state organs or providers have to access the data and which data contents may be illegal. Government organs may even be entitled to confiscate data in digital form (files) or physically (files and server). The legal framework of cloud computing has not yet been established, which creates uncertainty because the exact consequences of using certain services are often unknown.
6 Use Without Trust
Trust in cloud services is not always the decisive factor. Sometimes users have relied on cloud services, whether because of workplace requirements or the societal influence of other groups, e. g. family, friends, or colleagues (e. g. Wu 2011a). In many cases, inadequate understanding about the cloud and a lack of background knowledge may lead to risks not being appreciated so that the cloud is used “blindly” (Eggert et al. 2014). In addition it is possible that control systems are employed which minimise the risks and create an environment in which trust is not required (Clark 2014). Such control systems may be of a technical or organisational nature.
6.1 Social Influences
In many situations, it is possible to observe a paradoxical situation in which users say that they do not trust a certain service, e. g. because they find the data protection and security inadequate, but then use this service nevertheless (cf. Norberg et al. 2007). For example, many students at German universities use Dropbox, which is one of the most favourite services in Germany (cf. Meske et al. 2014) or worldwide (cf. Hunsinger and Corley 2012). At the same time, this service often has outages and data protection problems (Caching and Schunter 2011). A closer examination of the factors influencing the use of Dropbox shows that in addition to its perceived convenience, the use of the service is also influenced by friends, family, and colleagues (Backhaus and Brandenburg 2014). People use Dropbox more frequently and more intensively if influential individuals in their environment expect or demand this. Similarly, other studies have shown that the media presence of cloud computing makes the use without trust more likely (Wu 2011a; Wu 2011b). However, many providers still mistakenly believe that they can interpret the behaviour of their users as a demonstration of trust in their services.
6.2 Lack of Knowledge and Understanding
The technological aspects and infrastructures of the cloud are too complex for most users to understand. Eggert et al. (2014) show in a sociological interview study that the users only have a vague idea of the concept of cloud computing. The authors also report that many users are not aware that they are already actively using cloud services, in particular for communications. The authors refer to this as hidden use (ibid, p. 304). In such cases trust no longer plays a role, because the users are oblivious to the potential risks involved. This problem can only be countered by disseminating knowledge widely, so that users have the chance to be informed consumers of cloud services, rather than acting in blind trust or excessive trust (cf. Lee and See 2004).
6.3 Technical Control Systems
If the users are aware of the security gaps that exist then this leads to a reduction in their trust in the service in question. Whether this loss of trust results in the cloud not being used depends on the extent of the perceived risk and on the vulnerability of the user to this risk. In order to cushion losses of trust, control systems are frequently employed in order to minimise the risk involved in digital exchanges.
The development of technical control systems draws in particular on encryption in order to protect the network connection of the consumer with the cloud against attacks by third parties. Encrypted protocols play an important role in this context (Soares et al. 2014). Other technical control mechanisms are employed to avoid data loss. Among these regular backups, redundancy, diversity and spatial separation of the security systems are the most frequent ones more robust (Ryan 2013; Huang and Nicol 2013). If users are aware of these technical measures their trust in the services is positively affected.
6.4 Organisational Control Systems
User data are often protected against illegal or improper use by means of a Service Level Agreement (SLA) between user and service provider. These SLAs cover the extent to which the private sphere of the consumer of the services is protected. Further trust-relevant aspects of the exchange relationship which are regulated in an SLA are the protection mechanisms of the provider against attacks, the responsibilities for individual parts of the services, availability and protection against breakdowns, liability in the event of data loss, etc. (Fernandes et al. 2014; Huang and Nicol 2013). The SLA also provides for legally binding entitlements if the specified performances are not provided (Huang and Nicol 2013). These specifications include parameters such as an availability rate that is regularly above 99 % (Karagiannis 2014; Fernandes 2014). An SLA creates greater security and reduces the risk perceived by the consumer. The main point is then how precisely and strictly the security-relevant aspects are defined and how much insecurity and residual risk remains.
A further organisational control system takes the form of cloud audits. The Cloud Auditors check the services with regard to their security provisions and effectiveness. As a rule, a successful audit in accordance with the relevant standards (e. g. SAS 70 II, FISMA, ISO 27001, cf. Habib et al. 2012) leads to the certification of the cloud service by an accredited public or private control agency. The certificate and the test seal (e. g. STAR) can be regarded as a sign of trustworthiness and security-relevant competence in compliance with the security standards (Habib et al. 2012).
Consumers are then able to judge services without having expert knowledge, i. e. how competent is the auditor, what are the requirements for the certification, and how thoroughly is the audit carried out? However, the fact that auditors are dependent on the market may reduce the trust in their findings. Other factors playing an important role include the experience, expertise, reputation and background of the auditors. Agencies with a high profile and a sound reputation are trusted more than new agencies still trying to establish their market position. It is interesting that unknown or fictive certificates also have the effect of increasing trust (Bär et al. 2011; Bär 2014).
Control systems such as encryption, certification and SLAs may reduce the risk of using the cloud and increase user acceptance, but they have their limits. Complete security will never be possible, and some trust will be required if the users are to accept the residual risk involved in using the cloud.
Some researchers argue that a control mechanism does not render trust unnecessary, but only shifts the trust (Tan and Thoen 2000). Control mechanisms used to minimise the risks of using the cloud will only be successful if the user trusts them. The trust has been moved from the provider to the controller of the provider. Users must trust the encryption technologies, audits, certification, and SLAs, otherwise these will be ineffective.
Even though control mechanisms are now widespread, so that a control mechanism and trust are frequently found in combination (Tan and Thoen 2000), a minimum of trust remains a precondition for every informed use of the cloud.
7 Conclusions and Prospects
Cloud computing has already made considerable advances. In the near future, the cloud will become the standard for information processing. In combination with societal developments such as ubiquitous computing and permanent connectivity this will result in massive changes in the way data are used both at work and in our private lives.
From the users’ point of view there are good reasons for relying on a cloud service, but also arguments against it (cf. Figure 1). Positive arguments for cloud services include in particular the flexibility, availability and the perceived convenience for increasing the efficiency of data processing. However, the seemingly limitless ways of combining various models, service levels and actors in the cloud result in a confusing array of service architectures.
It is precisely the obscurity of these structures which often proves too much for users and the lack of transparency diminishes their trust in the cloud. In addition there are doubts about the security and data protection, the fear of cyber-attacks, uncertainty about the server locations and the associated legal implications, as well as concerns about dependence on a combination of cloud-providers, service levels and deployment models, which contribute to a loss of control of the user’s own data (Simpson 2014). Since the perceived trustworthiness in a system or a service is influenced more by possible deficits than strengths, these negative arguments have a greater weight in the trust decision than the positive arguments.
As shown in Figure 2, other aspects ascribed to the provider also play an important role in building trust, e. g. benevolence, integrity and ability. If the user judges these aspects negatively, then this frequently leads to a lack of trust. This in turn can result in a decision not to use cloud services and to go without the many advantages they can offer.
But not only lack of trust can be disadvantageous. Users at times also tend towards blind trust, whether because they do not know that a service is cloud based, or because they are unaware of the risks. For the provider, such excessive trust may mean good business, but for the user it can have unexpected disastrous consequences.
Neither unjustified lack of trust nor excessive trust is appropriate for a decision on whether or not to use cloud services. Trust building measures should therefore aim at allowing the user to achieve an appropriate level of trust (cf. Figure 3, Lee and See 2004) so that they are in a position to realistically assess the trustworthiness of a cloud service and the provider.
Generating appropriate trust in the cloud (modified after Lee and See 2004, p. 55).
The provider can contribute with appropriate measures and control systems. Even if complete security against outages and attacks is impossible, Service Level Agreements and technical security barriers can reduce threats to an acceptable level. Sensitive data should be stored on servers at geographical locations for which the legal situation is known and which ideally corresponds to that of the user – above all as long as there are no multi-national standards, regulations and laws.
In particular, however, the transparency of a cloud solution should be increased in order to provide the user with more information with which to assess the trustworthiness. The integration of trust promoting components can considerably increase the acceptance of cloud services. A standardised approach such as the trust support for socio-technical systems (Söllner et al. 2012) can provide clear recommendations for the trust dimensions transparency, performance and purpose, e. g. by showing the internal processes in the evaluation systems in cloud-based applications. The consideration of such recommendations can considerably improve the transparency of cloud solutions and thus contribute to appropriate trust.
However, not only should the providers of cloud services adopt suitable measures to generate appropriate trust among their customers, but users themselves can also make a contribution. They should endeavour to acquire a minimum of technical knowledge, and also obtain relevant information about the provider. A checklist may prove useful for the systematic review of the characteristics of a service, the actors who are involved, and the available provision models (Backhaus and Thüring 2014). Such procedures cast light on the advantages and disadvantages of various cloud solutions and help to answer key questions about the location of service or the data protection in order to demonstrate for the user the consequences of migration into the cloud.
In summary, this theoretical overview of the structure of the cloud and the psychology of trust, drawing on empirical studies from user research, shows that trust is an important factor for the acceptance of cloud services. In order to help users to reach an adequate assessment of the trustworthiness of cloud services, it will be necessary in future to reach a better understanding of the mechanisms of trust building so that these can be implemented in system designs in such a way that trust is not unnecessarily lost.
About the authors
Nils Backhaus, M. Sc. studied psycholoy at Ruhr-Universität Bochum und Human Factors at Technische Universität Berlin. He works as a research assistant in research and teaching at the Chair of Cognitive Psychology and Cognitive Ergonomics at Technische Universität Berlin. His research focuses on psychological aspects in the context of human-computer interaction like trust, emotions, and user experience. He combines research approaches based in psychology, social sciences, and computing science.
Manfred Thüring studied psychology and computer science at Technische Unviersität Braunschweig and Technische Universität Berlin. Following his PhD, he worked in different enterprises in the field of information and communication technology. Since 2001 he is holding the Chair of Cognitive Psychology and Cognitive Ergonomics at Technische Universität Berlin. He co-initiated the masters programme Human Factors (M. Sc.) and is head of the Berlin Centre of Competence for Usability, UseTree.
References
Armbrust, M. et al. 2009. Above the Clouds: A Berkeley View of Cloud Computing (No. Rep. UCB/EECS, 28). Berkeley, CA: University of California. Retrieved from http://www-inst.cs.berkeley.edu/~cs10/sp11/lec/20/2010Fa/2010-11-10-CS10-L20-AF-Cloud-Computing.pdfSearch in Google Scholar
Backhaus, N. and S. Brandenburg. 2014. Unboxing Trust in Cloud Computing. A Survey Study. In: (B. Amaba, and B. Dalgetty, eds.) Advances in Human Factors, Software, and Systems Engineering, Kraków: AHFE.Search in Google Scholar
Backhaus, N. and M. Thüring. 2014. Über den Wolken: Vertrauen und User Experience in der Cloud. Mittelstand-Digital 1: 75–84.Search in Google Scholar
Baier, A. 1986. Trust and Antitrust. Ethics, 96: 231–260.10.1086/292745Search in Google Scholar
Bär, N. 2014. Human–Computer Interaction and Online Users’ Trust: Measurement of Online Users’ Trust in Websites, its Relationship with User Experience and Security Usability (Dissertation). Technische Universität Chemnitz.Search in Google Scholar
Bär, N., R. Auerswald, F. Popp and C. Weißenborn. 2011. The Effect of Fictitious and Existing Web Assurance Seals on Online-Trust. In Proceedings of the Fourth International Conference on Internet Technologies and Applications. Glyndwr: Glyndwr University.Search in Google Scholar
Behrend, T.S., E.N. Wiebe, J.E. London and E.C. Johnson. 2011. Cloud computing adoption and usage in community colleges. Behav. & Inf. Technol. 30: 231–240.10.1080/0144929X.2010.489118Search in Google Scholar
Beldad, A., M. de Jong and M. Steehouder. 2010. How shall I trust the faceless and the intangible? A literature review on the antecedents of online trust. Comput. Human Behav. 26: 857–869.10.1016/j.chb.2010.03.013Search in Google Scholar
Bhattacherjee, A. and S.C. Park. 2014. Why end-users move to the cloud: a migration-theoretic analysis. Eur. J. Inform. Syst. 23: 1–16.10.1057/ejis.2013.1Search in Google Scholar
BITKOM. 2013. Positionspapier Cloud Computing. Retrieved from http://www.bitkom.org/de/themen/61492_71486.aspxSearch in Google Scholar
Buch, M., L. Gebauer and H. Hoffmann. 2014. Vertrauen in Cloud Computing schaffen – aber wie? Wirtschaftsinformatik & Management 3: 68–77.10.1365/s35764-014-0424-6Search in Google Scholar
Burda, D. and F. Teuteberg. 2014. The role of trust and risk perceptions in cloud archiving – Results from an empirical study. JHTMR 25: 172–187.10.1016/j.hitech.2014.07.008Search in Google Scholar
Buyya, R., C.S. Yeo, S. Venugopal, J. Broberg and I. Brandic. 2009. Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Gener. Comput. Syst. 25: 599–616.10.1016/j.future.2008.12.001Search in Google Scholar
Cáceres, J., L.M. Vaquero, L. Rodero-Merino, Á. Polo and J.J. Hierro. 2010. Service Scalability Over the Cloud. In: (B. Furht and A. Escalante, eds) Handbook of Cloud Computing Boston, MA: Springer.10.1007/978-1-4419-6524-0_15Search in Google Scholar
Cachin, C. and M. Schunter. 2011. A cloud you can trust. IEEE Spectrum 48: 28–51.10.1109/MSPEC.2011.6085778Search in Google Scholar
Cavoukian, A. 2008. Privacy in the clouds. IDIS 1: 89–108.10.1007/s12394-008-0005-zSearch in Google Scholar
Chow, R., P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka and J. Molina. 2009. Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of the 2009 ACM workshop on Cloud computing security.10.1145/1655008.1655020Search in Google Scholar
Cheung, C.M.K. and M.K.O. Lee. 2006. Understanding consumer trust in Internet shopping: A multidisciplinary approach. J. Am. Soc. Inf. Sci. Tec. 57: 479–492.10.1002/asi.20312Search in Google Scholar
Clark, D. 2014. The Role of Trust in Cyberspace. In: (R.H.R. Harper, ed.) Trust, Computing, and Society New York, NY: Cambridge University Press.Search in Google Scholar
Dasgupta, P. 1988. Trust as a Commodity. In: (D. Gambetta, ed.) Trust: Making and Breaking Cooperative Relations. New York, NY: Basil Blackwell Ltd.Search in Google Scholar
Eggert, M., D. Kerpen, K. Rüssmann and R. Häußling. 2014. SensorCloud: Sociological Contextualization of an Innovative Cloud Platform. In: (H. Krcmar, R. Reussner and R. Rumpe, eds) Trusted Cloud Computing Cham: Springer International Publishing.10.1007/978-3-319-12718-7_18Search in Google Scholar
Erl, T. 2013. Cloud computing: concepts, technology, & architecture. Upper Saddle River, NJ: Prentice Hall.Search in Google Scholar
Fehling, C., F. Leymann, R. Retter, W. Schupeck and P. Arbitter. 2014. Cloud Computing Patterns: Fundamentals to Design, Build, and Manage Cloud Applications. Vienna: Springer.10.1007/978-3-7091-1568-8Search in Google Scholar
Fernandes, D.A.B., L.F.B. Soares, J.V. Gomes, M.M. Freire and P.R.M. Inácio. 2014. Security issues in cloud environments: a survey. IJIS 13(2): 113–170.10.1007/s10207-013-0208-7Search in Google Scholar
Fernando, N., S.W. Loke and W. Rahayu. 2013. Mobile cloud computing: A survey. Future Gener. Comput. Syst. 29: 84–106.10.1016/j.future.2012.05.023Search in Google Scholar
Friedman, B., P.H. Khan Jr. and D.C. Howe. 2000. Trust online. Comm. ACM 43: 34–40.10.1145/355112.355120Search in Google Scholar
Gangwar, H., H. Date and R. Ramaswamy. 2015. Understanding determinants of cloud computing adoption using an integrated TAM-TOE model. JEIM 28.10.1108/JEIM-08-2013-0065Search in Google Scholar
Gartner. 2010. Cloud computing: the next generation of outsourcing (No. G00207255). Stanford, CT: Gartner Group. Retrieved from http://www.vmwaregrid.com/cloudreadiness/xyz/assets/Gartner_Cloud_Computing_The_Next_Gen_of_Outsourcing.pdfSearch in Google Scholar
Gebauer, L., M. Söllner and J.M. Leimeister. 2012. Hemmnisse bei der Nutzung von Cloud Computing im B2B-Bereich und die Zuordnung dieser zu den verschiedenen Vertrauensbeziehungen. In: ConLife 2012 Academic Conference, Cologne, Germany.Search in Google Scholar
Ghosh, A. and I. Arce. 2010. In Cloud Computing We Trust – But Should We? Security & Privacy, IEEE 8: 14–16.10.1109/MSP.2010.177Search in Google Scholar
Gonzalez, N., C. Miers, F. Redígolo, M. Simplício, T. Carvalho, M. Näslund and M. Pourzandi. 2012. A quantitative analysis of current security concerns and solutions for cloud computing. J. Cloud Comput. 1:11.10.1186/2192-113X-1-11Search in Google Scholar
Habib, S.M., S. Hauke, S. Ries and M. Mühlhäuser. 2012. Trust as a facilitator in cloud computing: a survey. J. Cloud Comput. 1:19.10.1186/2192-113X-1-19Search in Google Scholar
Hashizume, K., D. G. Rosado, E. Fernández-Medina and E.B. Fernandez. 2013. An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4: 1–13.10.1186/1869-0238-4-5Search in Google Scholar
Heininger, R., H. Wittges and H. Krcmar. 2012. Literaturrecherche zu IT-Servicemanagement im Cloud Computing. HMD Praxis der Wirtschaftsinformatik 49: 15–23.10.1007/BF03340753Search in Google Scholar
Hu, W., T. Yang, and J.N. Matthews. 2010. The good, the bad and the ugly of consumer cloud storage. ACM SIGOPS Operating Systems Review 44: 110–115.10.1145/1842733.1842751Search in Google Scholar
Huang, J. and D.M. Nicol. 2013. Trust mechanisms for cloud computing. J. Cloud. Comput. Adv. Syst. Appl. 2.10.1186/2192-113X-2-9Search in Google Scholar
Huang, J. and D. Nicol. 2010. A Formal-Semantics-Based Calculus of Trust. IEEE Internet Comput. 14: 38–46.10.1109/MIC.2010.83Search in Google Scholar
Hunsinger, D.S. and J.K. Corley. An Examination of the Factors Influencing Student Usage of Dropbox, a File Hosting Service. In: Proceedings of the Conference on Information Systems Applied Research, 2012.Search in Google Scholar
James Jr, H.S. 2002. The trust paradox: A Survey of Economic Inquiries into the Nature of Trust and Trustworthiness. J. Econ. Behav. Organ. 47: 291–307.10.1016/S0167-2681(01)00214-1Search in Google Scholar
Jarvenpaa, S.L., K. Knoll, and D.E. Leidner. 1998. Is Anybody Out There? Antecedents of Trust in Global Virtual Teams. J. Manage. Inform. Syst. 14: 29–64.10.1080/07421222.1998.11518185Search in Google Scholar
Karagiannis, T. 2014. The New Face of the Internet. In: (R.H.R. Harper, ed.) Trust, Computing, and Society, New York, NY: Cambridge University Press, 2014.Search in Google Scholar
Kumar, N., L.K. Scheer and J.B. Steenkamp. 1995. The Effects of Supplier Fairness on Vulnerable Resellers. J. Marketing Res. 32: 54–65.10.1177/002224379503200107Search in Google Scholar
Labes, S. 2012. Grundlagen des Cloud Computing-Konzept und Bewertung von Cloud Computing. Berlin: Universitätsverlag der TU Berlin.Search in Google Scholar
Lee, J.D. and K.A. See. 2004. Trust in automation: Designing for appropriate reliance. Hum. Factors: J. Hum. Fact. Ergon. Soc. 46: 50–80.10.1518/hfes.46.1.50.30392Search in Google Scholar
Luhmann, N. 1968. Vertrauen: Ein Mechanismus der Reduktion sozialer Komplexität. Stuttgart: Ferdinand Enke Verlag.Search in Google Scholar
Maring, M. 2010. Vertrauen – zwischen sozialem Kitt und der Senkung von Transaktionskosten. Karlsruhe: KIT Scientific Publ.10.26530/OAPEN_422381Search in Google Scholar
Marston, S., Z. Li, S. Bandyopadhyay, J. Zhang and A. Ghalsasi. 2011. Cloud computing: The business perspective. Decis. Support Syst. 51: 176–189.10.1016/j.dss.2010.12.006Search in Google Scholar
Mayer, R.C. and J.H. Davis. The Effect of the Performance Appraisal System on Trust for Management: A Field Quasi-Experiment. 1999. J. Appl. Psychol. 84: 123–136.10.1037/0021-9010.84.1.123Search in Google Scholar
Mell, P. and T. Grance. 2011. The NIST definition of cloud computing (Special Publication No. 800-145). Gaithersburg, MD.10.6028/NIST.SP.800-145Search in Google Scholar
Meske, C., S. Stieglitz, R. Vogl, D. Rudolph and A. Öksüz. 2014. Cloud Storage Services in Higher Education – Results of a Preliminary Study in the Context of the Sync&Share-Project in Germany. In: (P. Zaphiris and A. Ioannou, eds) Learning and Collaboration Technologies. Designing and Developing Novel Learning Experiences, Berlin; Heidelberg: Springer.10.1007/978-3-319-07482-5_16Search in Google Scholar
Moorman, C., R. Deshpande and G. Zaltman. 1993. Factors Affecting Trust in Market Research Relationships. J. Marketing 57: 81–101.10.1177/002224299305700106Search in Google Scholar
Norberg, P.A., D.R. Horne and D.A. Horne. 2007. The privacy paradox: Personal information disclosure intentions versus behaviors. J. Consum. Aff. 41: 100–126.10.1111/j.1745-6606.2006.00070.xSearch in Google Scholar
Park, S.C. and S.Y. Ryoo. 2013. An empirical investigation of end-„users“ switching toward cloud computing: A two factor theory perspective. Comput. Hum. Behav. 29: 160–170.10.1016/j.chb.2012.07.032Search in Google Scholar
Pearson, S. 2013. Privacy, Security and Trust in Cloud Computing. In: (S. Pearson and G. Yee, eds) Privacy and Security for Cloud Computing Heidelberg: Springer.10.1007/978-1-4471-4189-1Search in Google Scholar
Repschläger, J., D. Pannicke and R. Zarnekow. 2010. Cloud Computing: Definitionen, Geschäftsmodelle und Entwicklungspotenziale. HMD Praxis der Wirtschaftsinformatik 47: 6–15.10.1007/BF03340507Search in Google Scholar
Ryan, M.D. 2013. Cloud computing security: The scientific challenge, and a survey of solutions. J. Syst. Software 86: 2263–2268.10.1016/j.jss.2012.12.025Search in Google Scholar
Sasse, M.A. and I. Kirlappos. 2014. Design for Trusted and Trustworthy Services: Why We Must Do Better. In: (R.H.R. Harper, ed.) Trust, Computing, and Society New York, NY: Cambridge University Press.Search in Google Scholar
Shin, D.H. 2013. User experience in social commerce: in friends we trust. Behav. Inform. Technol. 32: 52–67.10.1080/0144929X.2012.692167Search in Google Scholar
Simpson, T.W. 2014. Computing and the Search for Trust. In: (R.H.R. Harper, ed.) Trust, Computing, and Society New York, NY: Cambridge University Press.Search in Google Scholar
Six, F., B. Nooteboom and A. Hoogendoorn. 2010. Actions That Build Interpersonal Trust: A Relational Signalling Perspective. Rev. Soc. Econ. 68: 285–315.10.1080/00346760902756487Search in Google Scholar
Soares, L.F.B., D.A.B. Fernandes, J.V. Gomes, M.M. Freire and P.R.M. Inácio. 2014. Cloud Security: State of the Art. In: (S. Nepal and M. Pathan, eds) Security, Privacy and Trust in Cloud Systems Berlin; Heidelberg: Springer.10.1007/978-3-642-38586-5_1Search in Google Scholar
Söllner, M., A. Hoffmann, H. Hoffmann and J.M. Leimeister. 2012. Vertrauensunterstützung für sozio-technische ubiquitäre Systeme. Zeitschrift für Betriebswirtschaft 82: 109–140.10.1007/s11573-012-0584-xSearch in Google Scholar
Svantesson, D. and R. Clarke, 2010. Privacy and consumer risks in cloud computing. CLSR 26: 391–397.10.1016/j.clsr.2010.05.005Search in Google Scholar
Takabi, H., J.B.D. Joshi and G.-J. Ahn. 2010. Security and Privacy Challenges in Cloud Computing Environments. IEEE Secur. Priv. Mag. 8: 24–31.10.1109/MSP.2010.186Search in Google Scholar
Tan, Y.-H. and W. Thoen. 2000. Toward a Generic Model of Trust for Electronic Commerce. Int. J. Electron. Comm. 5: 61–74.10.1080/10864415.2000.11044201Search in Google Scholar
Tschannen-Moran, M. and W.K. Hoy. 2000. A multidisciplinary analysis of the nature, meaning, and measurement of trust. Rev. Educ. Res. 70: 547–593.10.3102/00346543070004547Search in Google Scholar
Uusitalo, I., K. Karppinen, A. Juhola and R. Savola. 2010. Trust and Cloud Services – An Interview Study. Presented at the IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom) Indianapolis, IN: IEEE.10.1109/CloudCom.2010.41Search in Google Scholar
Walterbusch, M. and F. Teuteberg. 2012. Vertrauen im Cloud Computing. HMD Praxis der Wirtschaftsinformatik 49: 50–59.10.1007/BF03340757Search in Google Scholar
Wu, W.-W. 2011a. Developing an explorative model for SaaS adoption. Expert Syst. .Appl. 38: 15057–15064.10.1016/j.eswa.2011.05.039Search in Google Scholar
Wu, W.-W. 2011b. Mining significant factors affecting the adoption of SaaS using the rough set approach. J. Syst. Software 84: 435–441.10.1016/j.jss.2010.11.890Search in Google Scholar
Zucker, L.G. 1986. Production of Trust: Institutional Sources of Economic Structure, 1840–1920. Res. Organ. Behav. 8: 53–111.Search in Google Scholar
© 2015 Walter de Gruyter GmbH, Berlin/Boston
