Project topics and materials
Get Complete Project Material File(s) Now! »
Conceptual Framework
This chapter describes the conceptual framework of the research reported in this thesis and presents the research questions. According to Miles and Huberman (1994), a conceptual framework “explains, either graphically or in narrative form, the main things to be studied— the key factors, constructs or variables—and the presumed relationships between them” (p. 18). In other words, a conceptual framework is “the researcher’s representation of the conceptual structure brought to the research process” (Carroll & Swatman, 2000, p. 237), therefore, the conceptual framework presented here provides an overview of how the five original publications that are part of this thesis are linked and how they fit into the “bigger picture” of the research problem.
Figure 3.1 diagrammatically represents the conceptual framework used in this study. Reflecting the process approach (Mingers, 2001) described in Chapter I, the framework consists of three main stages: Exploration, Analysis, and Validation. The figure also shows the data collection approach for each stage. The Exploration stage identifies the specific research problem and involves understanding the particular phenomenon which is under investigation within the research problem context. This stage also defines the main expected outcome of the research: a conceptual model that can be used as a tool for guiding efforts to maintain and improve organisational resilience within cloud environments. The Analysis stage identifies essential aspects of the conceptual model in order to define a sound baseline, and refines this baseline based on experts’ opinions. It then further develops the model. The final stage, Validation, involves an empirical test of the proposed model.
Conceptual Framework
This research takes a sequential cumulative approach, with each stage building on the previous stages’ insights and findings including feedback from the research community. The associated findings were reported to relevant audiences through five publications and the feedback gathered from the reviewers’ comments was incorporated in the subsequent stage of the research. In the following sections the framework is deconstructed to explain each of its components.
Stage 1: Exploration
This research began with the objective of understanding how the introduction of cloud computing environments as an ICT services sourcing model impacts business continuity activities in an organisation. In this early stage, only one assumption was made: that despite all the hype about cloud computing environments, this type of sourcing model is not infallible. In other words, even the most reputable cloud services can malfunction (“go down”) and therefore it is crucial that organisations providing and consuming cloud services are prepared for system failures. This objective and associated assumption reflect the explicit interest of the researcher in exploring the topic of business continuity in cloud computing environments from an ICT readiness perspective.
The Exploration stage was divided into two parts in order to define the research problem and specific phenomenon of interest, and gain an understanding of the latter. The following subsections describe the main activities of this stage.
Identifying the phenomenon and motivation
The aim of the Exploration stage was to explore and understand the current research landscape concerning the topic of business continuity preparedness in cloud computing environments, and to some extent validate its relevance as a research topic. Business continuity management encompasses incident preparedness, disaster recovery planning, and emergency response management (International Organization for Standardization, 2012). It has been defined as a “holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience” (International Organization for Standardization, 2012, p. 2). In accordance with this definition, building organisational resilience in cloud computing environments became the focus of this research and the motivation driving the initial exploration of this topic was to identify how the adoption of cloud computing as an ICT services sourcing model affects the ability of an organisation to survive and thrive when exposed to cloud services disruptive incidents.
To gain an understanding of the topic, a literature review approach was chosen that concentrated on two specific subjects: cloud computing as an ICT services sourcing model; and organisational resilience, particularly in the ICT context. In the former, several academic and practitioner association publications were identified from targeted searches and analysed, with a focus on those describing the fundamental components and benefits of cloud computing as well as the barriers to its adoption. In the latter, academic publications and several industry standards were reviewed. This analysis revealed that while the need for organisations to exhibit high reliability in the face of adversity has increased and the key role of ICT resilience is well recognised, disruptions and mechanisms to keep businesses running in ICT-based interorganisational environments – such as cloud computing – have not been greatly studied. However, the need for novel concepts in this topic has been recognised (Caralli et al., 2010b; Maurer & Lechner, 2014; Morisse & Prigge, 2014). These findings supported the research topic and led to the research problem being defined as:
Research Problem: There is a need to strengthen the ability of organisations to not only survive but also thrive when exposed to disruptive incidents within a cloud environment.
During this stage, the researcher became aware of the importance of building organisational resilience in partnership with others, particularly when some processes have moved outside of the traditional organisational boundaries as is the case with cloud services. At this point the notion of dependency arose as a key concept. Problems that result from dependency are referred in the literature as coordination problems; in fact, Malone and Crowston (1994) define coordination as managing dependencies. Malone and Crowston (1994) and Crowston and Osborn (2003) propose coordination theory as a framework for analysing complex processes in terms of actors performing interdependent activities. In this research, the coordination concept was used as a “sensitising device” which allows the researchers to view the research problem in a particular way (Klein & Myers, 1999). This concept was used both to guide the initial research design and as part of the iterative process of data collection and analysis (Walsham, 1995).
This initial exploration of the state of the problem and the importance of its solution led to the defining of the main objective of this research:
Research Objective: To provide a conceptual tool for guiding efforts to maintain and improve resilience within a cloud environment.
Additional findings and insights concerning this stage are presented in Article I.
Understanding the phenomenon
The next part of the Exploration stage was to set the boundaries for, and scope of, the rest of this research. Initially, an exploratory empirical study was proposed in order to identify the main issues that organisations consuming cloud services face when handling disruptive incidents and the types of mechanisms being used by these organisations to prepare, respond and learn from these events. However, after a preliminary assessment of the research design described in Article I, a different approach was chosen. Before exploring how organisations are changing their ICT resilience activities as a result of adopting cloud computing as an ICT services sourcing model, a conceptual understanding of the phenomenon was needed as there has been little research in this area.
Previous research has established sets of organisational resilience requirements and specific operational processes in the ICT context. However, most of the information systems literature applies ICT organisational resilience concepts to a single organisation only (Morisse & Prigge, 2014) and assumes that ICT services are mainly provided in-house. Cloud services have some important characteristics that make them quite different to in-house ICT services. It is therefore apparent that further understanding of how the elements involved in a cloud computing environment impact the existing ICT resilience processes, was needed. To address this need, Article II presents a research framework designed to provide a roadmap for researchers exploring the area of ICT resilience in cloud computing environments.
To gain the necessary conceptual understanding of the phenomenon a literature review approach was chosen. From this review a cloud baseline architecture founded on three dimensions – principles, actors, and architecture building blocks – was compiled (Behrendt et al., 2011; Cisco Systems, 2011; Cloud Security Alliance, 2013; Khasnabish et al., 2013; Liu et al., 2011; Liu, Zhang, Hu, & He, 2012; Oracle Corporation, 2012). Then a set of specifications divided on the stages of the organisational resilience lifecycle– preventive, continuity, and improvement – was derived from the most popular organisational resilience standards and models (American National Standards Institute, 2009; International Organization for Standardization, 2012; National Fire Protection Association, 2004; Standards Australia/Standards New Zealand, 2010) and a set of 26 ICT process areas (Caralli et al., 2010b) was compiled. This led to the development of the first research question:
Research Question 1: How do the main reference architecture characteristics of cloud computing environments affect the ICT operational resilience requirements?
The key contribution of this stage was the development of a multi-level research framework to identify major differences in studying ICT operational resilience between cloud computing environments and in-house environments. This framework captures key issues from the macro level of cloud computing’s architectural building blocks to the micro level of organisational resilience capabilities. At the macro level it aims to bridge current ICT resilience processes and high-level cloud service components and at the micro level it is designed to analyse linkages among resilience process areas in order to identify dependencies that should be considered when conducting a comprehensive study of a specific process area. The research framework was published as Article II.
Stage 2: Analysis
After gaining a conceptual understanding of the research areas under investigation, the researcher realised that the proposed conceptual model needed to address a set of specific issues presented in the research framework. Accordingly, this stage was divided into two parts: definition and validation of a sound baseline for the model; and development of the model. This led to the development of the second research question:
Research Question 2: How should the existing processes and mechanisms be adjusted?
What new processes and mechanism should be created?
The following subsections describe the main activities of this stage.
Defining baseline
Having defined the development of a conceptual model as the main outcome of this research, the researcher set about defining a sound baseline as the starting point of its development. In line with the definition of Wand and Weber (2002) a conceptual model as “a representation of selected phenomena in some domain” (p. 363), the proposed conceptual model is a representation of how ICT operational resilience activities in an organisation are impacted by consuming cloud services. Based on the research framework and on an extensive relevant literature review, three essential elements were identified as part of the model’s baseline: four foundations on which the model is developed; specific organisational resilience challenges that the model addresses; and its high-level representation. This analysis resulted in the definition of the baseline that was published as Article III. Particularly, the four foundations on which the baseline is set up are presented below:
• F1: Designing flexible processes to not only maintain and return to the desired state but also to continue to function in the face of disturbance (Dalziell & McManus, 2004).
• F2: Analysing how cloud characteristics affect the three distinct sets of organisational resilience activities: preventive, continuity and improvement (British Standards Institute, 2014).
• F3: Managing dependencies as all parties share responsibility in providing the environment with adequate protections (Herrera & Janczewski, 2014).
• F4: Determining the coordination mechanisms for ICT resilience processes highly impacted by cloud adoption (Caralli et al., 2010b; Herrera & Janczewski, 2014).
Finally, given the importance of this baseline for the research and due to the limited academic literature on the topic, the researcher considered that at this early stage experts’ opinions would be of significant value (Linstone & Turoff, 2002) and a preliminary assessment by a group of domain experts was designed. Primary data from semi-structured interviews with 10 experts with an average of 10+ years of experience in organisational resilience and ICT service management were collected in order to validate this baseline focusing on the model’s foundations. The interview questions were composed (see Appendix 1 for the Interview Protocol) and participants were recruited from among members of special interest groups such as the New Zealand Information Security Forum, the IT Disaster Recovery and Service Continuity Professionals group, and the Cloud Security Alliance and selected based on their expertise in both the organisational resilience and the ICT domains. Each interview lasted approximately 45–60 minutes, was audio recorded and followed guidelines by McCracken (1988). An overview of the study was given at the start of each interview and then the interviewee was asked open-ended questions from an organisational resilience perspective that were structured around three main categories: (1) the main changes introduced by consuming cloud services; (2) the main challenges of managing dependencies in a cloud environment; and (3) the main mechanisms used to coordinate efforts among all involved parties.
The main findings and insights of this assessment are presented in the first section of Article V, “Initial Conceptualisation Validation”. Overall, three foundations were accepted but a key concern regarding F4 was raised, which led to a change in the focus from organisational resilience activities in themselves to how members of a cloud supply chain can coordinate their activities to increase resilience. The analysis of the interviews showed that the problem under study is perceived and framed in practice from a supply chain perspective. Almost all the interviewees stated that it would be more beneficial to analyse how organisational resilience activities can best be coordinated across cloud supply chains rather than identifying new activities or changes in specific activities derived from sourcing ICT services from a cloud (F4). This analysis was added to the feedback gathered from Article III and resulted in a supply chain approach being adopted to further develop the model.
1 Introduction
1.1 Motivation
1.2 Scope
1.3 Research Approach
1.4 Thesis Structure
2 Literature Review
2.1 Cloud Supply Chain
2.2 Cloud Supply Chain Operational Resilience
2.3 Coordination Literature
3 Conceptual Framework
3.1 Stage 1: Exploration
3.2 Stage 2: Analysis
3.3 Stage 3: Validation
3.4 How the Publications Fit within the Conceptual Framework
4 Modelling Organisational Resilience in the Cloud
4.1 Introduction
4.2 Literature Review and Research Questions
4.3 Research Design
4.4 Expected Contributions
4.5 References
5 Issues in the Study of Organisational Resilience in Cloud Computing Environments
5.1 Introduction
5.2 Cloud Computing Architecture
5.3 Organisational Resilience High-level Conceptual Model
5.4 Research Framework – Key Issues when Studying Organisational Resilience in Cloud Computing
5.5 Conclusion
5.6 References
6 Resilient Organisations in the Cloud
6.1 Introduction
6.2 Research Design
6.3 Conceptual Model
6.4 Discussion and Further Research
6.5 References
7 Cloud Supply Chain Resilience: A Coordination Approach
7.1 Introduction
7.2 Linking the Research Domain and the Theoretical Lenses
7.3 Organisational Resilience in the Cloud Era: a View from Supply Chain Theory
7.4 Conclusions and Further Research
7.5 References
8 Cloud Supply Chain Resilience Model: Development and Validation
8.1 Introduction
8.2 Research Design
8.3 Stage 1 – Developing the Model h
8.4 Stage 2 – Empirical Findings
8.5 Conclusions
8.6 References
9 Conclusion
9.1 Summary of the Research
9.2 Contributions to Research and Practical Implications
9.3 Limitations and Future Work
10 APPENDIX
GET THE COMPLETE PROJECT
