Cloud Computing Research Question and Experimental Design
Develop a research question that addresses one of the unknowns you identified in Part I of the literature review and sketch a quantitative or qualitative study that can answer the question about what is unknown and contribute to theory. Draw on the additional resources for this course for guidance in understanding the concepts (e.g., internal validity, threats to validity, and operationalization) needed to address this question.
After a thorough review of the prevailing research and literature on the adoption and implementation of cloud computing technology, it is clear that the base of knowledge on this emerging field is continually expanding. A number of critical questions are still left unanswered, however, as is befitting an innovation which was only recently made available for public and private use. Namely, what are the implications for widespread adoption of cloud computing on the overall information security management industry, and how can the numerous security deficiencies inherent to cloud computing, risk factors which have been identified through years of rigorously applied research, be successfully anticipated and mitigated before major damage is inflicted? In order to successfully ascertain an answer to the question stated above, it is necessary to design a quantitative study which is capable of measuring the security risks associated with cloud computing in relation to similar technological advancements adopted and implemented in the past. The following outline is intended to provide a broad sketch of this eventual research project, by establishing a methodological framework through which subsequent studies may be guided.
A. The research purpose
The purpose of this research proposal is to identify the various risk factors and security concerns associated with the adoption and implementation of cloud computing technology, while applying quantitative methodology to measure the relative level of risk inherent to each risk factor when compared to previous iterations of advanced computing technology. The use of electronic mail for internal communication during the early 1990s, the advent of online commercial activity in 1997, and the development of wireless networks to facilitate online interaction will be introduced and contrasted with cloud computing, before each phenomenon is subjected to a rigorous literature review to determine the potential security risks envisioned during their initial adoption. With comparable risk factors successfully identified, the research focus will then be shifted to a precise analysis of each risk factor's actual rate of occurrence, followed by an examination of the various preventative measures, security techniques and other methods used to anticipate and mitigate these risk factors. To obtain usable data contemporary to the study, a survey-based questionnaire has been designed in an effort to develop an accurate reflection of technological innovation and implementation within the tech industry. The survey will be submitted to the information security departments of 150 major technology firms. Finally, broader conclusions will then be extrapolated from the available data, in an effort to determine whether or not the array of potential risks envisioned by experts on cloud computing represent legitimate concerns or simply a recycled amalgamation of commonly voiced concerns put forth whenever a fundamental shift in the technological realm takes place.
B. type of design and elements of the design (e.g., sample, the type of data you need to collect and how you will collect it, data analysis)
To obtain the data necessary for this study, a questionnaire-based survey will be sent to the information security management department heads of 150 technology firms, which have been in continuous operation for at least 25 years, throughout North America, Europe and Asia. This survey will consist of a total of 30 questions, with a randomized set of 20 questions sent to a particular company in an effort to lend independence to the compiled data, and each question will be designed specifically to assess the information security management protocol employed by each firm. With a sample size of this nature, the number of respondents is expected to range from 80 to 120, and considering the specialized nature of the field this sample size is large enough to provide sufficient data for the extrapolation of wider conclusions. The questionnaire will include questions regarding the targeted measures used by each firm to effect efficient and effective IT security measures, while also assessing the various risk factors identified by information security officers throughout recent eras of technological innovation. The data gathered will then be subjected to logistic analysis to determine the weighted value of each risk factor linked to cloud computing systems used by major organizations. This analysis is intended to demonstrate the relative risk of each risk factor currently associated with cloud computing, by measuring similar concerns identified be information security officers during the initial rollout of web browsing, interoffice email, wireless computing and other technological advancements.
C. The strengths and weaknesses of your envisioned design and methods
G. justification for why your chosen design and methods are more appropriate for your research question than alternatives you have considered
Quantitative studies such as the one proposed typically require sample sizes that are sufficiently large enough to produce valid interpretable data, and using a questionnaire-based survey to poll a large group of respondents is a traditionally accepted methodology within the realm of scholarly research. The aim of this experiment is to translate raw statistical data on the subject of technological adaptation, obtained from information security officers at 150 major technology companies, into a viable theory on the relative risks inherent to the adoption of cloud computing. The strength of this approach lies in the fact that social phenomena are most effectively studied through a systematic empirical investigation of statistical data. Because the survey was designed to include multiple choice, yes or no, and essay questions, the varied level of detail provided in each recorded answer is expected to provide substantial data on the specific implementation and security processes employed by large technology companies. Specificity is crucial for the sake of this study, because anticipating the IT security concerns which are likely to be voiced during the inevitable transition to widespread cloud computing requires a clear comprehension of the risk factors that afflicted large companies during previous technological revolutions.
However, a potential weakness tied to the use of surveys lies in the fact that this sample size, no matter how significant in terms of quantity, is inherently limited by the respondents' tendency towards selection bias. Simply put, out the of 150 major technology companies this survey will be sent to, the 100 -- 120 expected respondents will be very likely to share similar attributes, such as firm size, headquarters location and executive structure, that will inevitably skew the resulting data. Any information these respondents provide regarding their history with implementing new technology, and safeguarding those systems using information security management, must be couched in the knowledge that their experiences are not wholly representative of the information technology industry at large.
D. quantitative: threats to validity and how your design will address them
Whenever a researcher administers a survey to a randomized sample of individuals or organizations, the segment which chooses to respond inevitably shares similar characteristics, attitudes, and indeed, biases. For the sake of this study, a total of 200 potential survey targets will be identified, and from that group a randomized selection of 150 will be chosen for participation. Although this process does eliminate one threat to validity -- selection bias -- the tendency of survey respondents to share similar qualities admittedly narrows the scope of the research. As is the case with every survey-based quantitative study, the inadequate measurement of confounding variables that can potentially invalidate data is one of the most common threats to internal and external validity, and this project is no different. The fact that survey recipients are far more likely to respond when the questionnaire contains fewer questions is partially responsible for the influence of confounding variables. Despite this trend, however, the survey designed for this study is planned to include 30 questions, ranging from simple yes/no and multiple choice queries to extended essay-style prompts. By closely conforming the questions to the study's overall research objective, of identifying links between the security concerns over prior technological innovations and risk factors currently associated with cloud computing technology, the objective is to minimize the impact of confounding variables while obtaining comprehensive data on this complex issue.
E. quantitative: the constructs you will measure and what you will do in order to determine how to operationalize them (you need not identify specific measures)
This study is intended to demonstrate that the natural state of protectionism inspired by the construct of firm survival plays a significant role in the overall conception of cloud computing by potential adopters as unstable or insecure. In order to measure this construct, the numerical data provided by the study's survey period will be sorted to determine a baseline level of security concern for the average tech firm during periods of technological advancement. By determining the mean, median and mode from the various respondents, this baseline can be used to operationalize the construct of firm survival.…