Patterns of Trust: Role of Certification for SME Cloud Adoption

  • Alea M. FairchildEmail author
Part of the Computer Communications and Networks book series (CCN)


Growth of cloud computing as a concept continues to pose challenges on how to deliver agile, yet secure, information technology (IT) services to enterprises. While the hype surrounding cloud computing may have peaked, the concept of “cloudwashing” (adding the term “cloud” to an existing service for marketing reasons) continues to cause confusion and inflated expectations with enterprise buyers. This fear, uncertainty, and doubt (FUD) just slows down the growth of a potentially larger market. This is especially true for small and medium sized enterprises (SMEs) who turn to IT providers to handle the underlying systems for their businesses. To assist cloud service buyers, a recent communication from the European Commission advocated voluntary certification for cloud service providers (CSPs). This has sparked a debate as to the relevance and authority of certification bodies in verifying the ability and capability of CSPs. In this research, we are developing an exploratory model looking at signaling quality, the independence of certifying authorities, and the impact of regulatory backing for trust of certification bodies, based on the existing academic literature on standards of adoption and trust. We are examining what role the third-party certifiers can play in adoption of cloud by SMEs, exploring the roles of certifiers in Europe already involved in market adoption to test our framework, together with four established cases of service providers seeking certification.


Adoption Certification Cloud governance Information economics SME Trust 



We would like to thank the Cloud Industry Forum and Andy Burton for their assistance in this research.


  1. 1.
    Buyya R, Yeo CS, Venugopal S (Sept 2008) Market-oriented cloud computing: vision, hype, and reality for delivering it services as computing utilities. In: HPCC ’08 Proceedings of the 2008 10th IEEE International Conference on High Performance Computing and Communications. IEEE Computer Society, Washington, DC, pp 5–13Google Scholar
  2. 2.
    Kim W (2009) Cloud computing: today and tomorrow. J Object Technol 8(1):65–72CrossRefGoogle Scholar
  3. 3.
    Guardian Professional (n. d.) Security, performance, fear or confusion: what’s holding back cloud adoption? Accessed 8 Dec 2012
  4. 4.
    European Commission (2012) Steering board of the European cloud partnership. Accessed 8 Dec 2012
  5. 5.
    Auriol E, Schilizzi SG (2003) Quality signaling through certification. Theory and an application to agricultural seed market. IDEI Working Paper, p 165Google Scholar
  6. 6.
    Sultan NA (June 2011) Reaching for the “cloud”: how SMEscan manage. Int J Info Manage 31(3):272–278Google Scholar
  7. 7.
    OECD (2010) Information technology outlook 2010 highlights. OECD publications. Accessed 10 Sept 2013
  8. 8.
    ENISA (2009) An SME perspective on cloud computing. Accessed 10 Sept 2013
  9. 9.
    Stening C (2009) Every cloud has a silver lining. Easynetconnect. Accessed 23 Aug 2013
  10. 10.
    Thong JYL, Yap CS (1995) CEO characteristics, organizational characteristics and information technology adoption in small businesses. Omega 23(4):429–442Google Scholar
  11. 11.
    Mehrtens J, Cragg PB, Mills AM (20 Dec 2001) A model of Internet adoption by SMEs. Info Manage 39(3):165–176Google Scholar
  12. 12.
    Keung J, Kwok F (2012) Cloud deployment model selection assessment for SMEs: renting or buying a cloud. Utility and Cloud Computing (UCC), 2012 IEEE Fifth International Conference on, p 21, 28, 5–8 Nov 2012Google Scholar
  13. 13.
    Marston S, Li Z, Bandyopadhyay S, Zhang J, Ghalsasi A (April 2011) Cloud computing—the business perspective. Decis Support Syst 51(1):176–189CrossRefGoogle Scholar
  14. 14.
    Deaton BJ (Dec 2004) A theoretical framework for examining the role of third-party certifiers. Food Control 15(8):615–619Google Scholar
  15. 15.
    Spence AM (1973) Job market signaling. Quart J Econ 87(3):355–374CrossRefGoogle Scholar
  16. 16.
    Tanner B (2000) Independent assessment by third-party certification bodies. Food Control 11:415–417CrossRefGoogle Scholar
  17. 17.
    Masters WA, Sanogo D (2002) Welfare gains from quality certification. Amer J Agr Econ 84(4):974–989CrossRefGoogle Scholar
  18. 18.
    Habib SM, Ries S, Muhlhauser M (October 2010). Cloud computing landscape and research challenges regarding trustand reputation. In: Proceedings of the 2010 Symposia and workshops on Ubiquitous, autonomic and trusted computing. IEEE Computer Society, pp 410–415Google Scholar
  19. 19.
    Jøsang A, Ismail R, Boyd C (2007) A survey of trustand reputation systems for online service provision. Decis Support Syst 43(2):618–644CrossRefGoogle Scholar
  20. 20.
    Prezas N (2008) Advent of ISO/IEC 27001 certification and its role. In: Initial inter-organizational trust. iSChannel [Journal of the Information Systems and Innovation Group, Department of Management, The London School of Economics]. 3(1):37–50. Accessed 2 Feb 2014
  21. 21.
    Fomin VV et al (2008) ISO/IEC 27001 information systems security management standard: exploring the reasons for low adoption. EUROMOT 2008 Conference, Nice, FranceGoogle Scholar
  22. 22.
    Rodríguez-Escobar JA, Gonzalez-Benito J, Martínez-Lorente AR (2006) An analysis of the degree of small companies’ dissatisfaction with ISO 9000 certification. Total Qual Manage Bus Excell 17(4):507–521CrossRefGoogle Scholar
  23. 23.
    Everett C (June 2009) Cloud computing—a question of trust. Comput Fraud Secur 2009(6):5–7Google Scholar
  24. 24.
    Burgemeestre B, Hulstijn J, Tan YH (2010) Value-based argumentation for justifying compliance. In: Deontic Logic in Computer Science. Springer, Berlin, pp 214–228Google Scholar
  25. 25.
    Backhouse J, Hsu CW, Silva L (2006) Circuits of power in creating de jure standards: Shaping an international information systems security standard. MIS Quarterly 30(Special Issue):413–438. (Standard making: a critical research frontier for information systems research)Google Scholar
  26. 26.
    Saint-Germain R (2005) Information security management best practice based on ISO/IEC 17799. Info Manage J 39(4):60–66Google Scholar
  27. 27.
    von Solms B, von Solms R (2005) From information security to… business security. Comput Secur 24:271–273CrossRefGoogle Scholar
  28. 28.
    Cloud Industry Forum (2012) ‘Certification’ within cloud computing. Hero or villain? Presentation of Andy Burton at of a round table 23rd November 2012. Brussels, BelgiumGoogle Scholar
  29. 29.
    Kim W, Kim SD, Lee E, Lee S (Dec 2009) Adoption issues for cloud computing. In: Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services. ACM, pp 3–6Google Scholar
  30. 30.
    OpenForum Academy (2012) Certification within cloud computing: hero or villain? Accessed 10 Sept 2013

Copyright information

© Springer-Verlag London 2014

Authors and Affiliations

  1. 1.Hogeschool Universiteit BrusselBrusselsBelgium

Personalised recommendations