A cloud business intelligence security evaluation framework for small and medium enterprises

Abstract

Cloud business intelligence has practical importance in data management and decision-making, but the adoption and use among South African small and medium enterprises remain relatively low compared to large business enterprises. The low uptake persists irrespective of the awareness and acceptance of the benefits of Cloud business intelligence in the business domain. Cloud business intelligence depends on the cloud computing paradigm, which is susceptible to security threats and risks that decision-makers must consider when selecting what applications to use. The major objective of this study was to propose a security evaluation framework for Cloud business intelligence suitable for use by small and medium enterprises in small South African towns. The study utilised the exploratory sequential mixed-method research methodology with decision-makers from five towns in the Limpopo Province. Both qualitative and quantitative methods were used to analyse the data. The findings show that the level of adoption of Cloud business intelligence in the five selected towns was lower than reported in the literature, and decision-makers were eager to adopt and use safe Cloud business intelligence, but this was hindered by their inability to evaluate security in these applications. Factors preventing the adoption of Cloud business intelligence were decision-makers’ limited knowledge of the applications and security evaluation, the inability to use industry security frameworks and standards due to their complexities, mistrust of cloud service providers in meeting their obligations when providing agreed services, and lack of security specialists to assist in the evaluation process. Small and medium enterprises used unapproved security evaluation methods, such as relying on friends who were not information technology security specialists. A security evaluation framework and checklists were proposed based on the findings of the study and the best practices of the existing industry frameworks and standards. The proposed security evaluation framework was validated for relevance by information technology security specialists and acceptance by small and medium enterprise decision-makers. The study concluded that the adoption and use of Cloud business intelligence were hindered by the lack of a user-friendly security evaluation framework and limited security evaluation knowledge among decision-makers. Furthermore, the study concluded that the proposed framework and checklists were a relevant solution as they were accepted as useful to assist decision-makers to select appropriate Cloud business intelligence for their enterprises. The main contribution of this study is the proposed security evaluation framework and the checklists for Cloud business intelligence, for use by decision-makers in small and medium enterprises in small South African towns in the Limpopo Province.