information poaching a decision making factor iene-vlietvan_31310… · web viewinformation...

Information poaching as a decision making factor when outsourcing e-mail5-May-23

Information poaching as a decision making factor when outsourcing e-mail

Master Thesis Economics & ICT

By Johannes van Vliet [email protected] University Rotterdam

Supervisor G.J. van der PijlCoreader W. Pijls

May 5, 2023

mailto:[email protected]


5-May-23

Acknowledgement

First of all I want to thank Gert J. van der Pijl. As my supervisor for this project he helped me to create a clear view on how to present my results. Gert also motivated me to finish this thesis with an eye for quality and detail.

Secondly I want to thank my colleagues at Protiviti. Although my thesis project lasted longer than expected, they supported me to plan al the work next to my day to day work. Besides that, they helped me to look at my thesis with a business kind of view. This helped to enhance the degree of significance of the results.

Last but not least I would like to thank my parents, friends and girlfriend. They all motivated me to finish my thesis and master degree.

Wateringen, 4th August 2010

Hans van Vliet


5-May-23

Executive summary

Information is by the day getting more important for individuals and organizations. This growing dependency combined with new technologies, lead to unknown situations. The increasing dependency of information is also followed and related to the digitalization of information. The digitalization of information is primarily focuses on the advantages. However, there are also some possible risks that can occur. While information is vital for organizations it is very important to define clear controls and laws to secure that information.

A new form of digitalization that focuses on information is Software as a Service. This form of outsourcing provides its users with a service that they can use based on their dependency of it. In this process the service is hosted at the provider. Here a provider can supply multiple users with a high quality service combined with low cost. This form of outsourcing is closely related to traditional outsourcing transactions, with the difference that it now exists in a digital form. Due to this new form of outsourcing new security related questions arise. For example a important questions is, how do we know this information is stored safely?

A risk related to the storage of information is called information poaching. Information poaching is the treat that the receiving party or a third party usages the information send to gain economic advantage. Information poaching is relatively new and can lead to a reserved position for organizations that are thinking to outsource their email. A possible solution to this problem is to create trust at organizations. This can be accomplished by applying controls. If we can control the outsourcing process and especially the threat of information poaching, organizations will sooner decide to outsource their email.

This thesis starts with discussing the current literature on outsourcing. These theories are primarily focused on traditional outsourcing transactions. Following the literature review we discuss our survey that we conducted discussing topics on and related to outsourcing email. The results of the survey are explained and in the next chapter we have related the survey results to the existing literature on outsourcing.

This thesis concludes by discussing the research question and by advising how to overcome the problem. We can conclude that information poaching influences the decision of organizations to outsource their email. This logical reaction from organizations is that they will have a reserved position against outsourcing their email. This reserved position can be taken away by implementing controls. Currently a group of authorities that focus on protecting data, are forcing service providers to use a privacy by design plan. In this plan service provider defines on beforehand how they are going to secure the privacy norms and laws of their clients. However, defining a privacy by design plan does not ensures that organizations act as stated in it. A solution to this problem is to on beforehand define a privacy by design plan and audit this plan on a annual base. The data security authorities can play an important role in this process. First of all by forcing the service providers by creating a privacy by design plan and finally by implementing a certifications for organizations that pass the audits.


5-May-23

Table of ContentsAcknowledgement.................................................................................................................................2

Executive summary................................................................................................................................3

Chapter 1. Introduction....................................................................................................................7

1.1 Research Question..................................................................................................................8

1.2 Methodology..........................................................................................................................8

1.3 Scope......................................................................................................................................9

Chapter 2. Literature review..........................................................................................................10

2.1 Outsourcing..........................................................................................................................10

2.2 Core competences................................................................................................................12

2.3 Transaction Cost Theory.......................................................................................................14

2.3.1 Coordination Costs.......................................................................................................17

2.3.2 Operations Risk............................................................................................................17

2.3.3 Opportunism Risk........................................................................................................17

2.3.4 The transaction cost model..........................................................................................18

2.4 Trust, control and risk...........................................................................................................19

2.5 Information poaching...........................................................................................................22

2.6 Influence of the market........................................................................................................25

Chapter 3. Analysis of survey results and hypotheses....................................................................27

3.1 Introduction..........................................................................................................................27

3.1.1 Population....................................................................................................................27

3.1.2 Hypothesis and closed questions..................................................................................27

3.1.3 Likert scale....................................................................................................................27

3.1.4 Cronbach’s Alpha..........................................................................................................27

3.1.5 Composition of the participants...................................................................................28

3.2 Hypothesis 1.........................................................................................................................28

3.2.1 Sample test Hypothesis 1..............................................................................................30

3.2.2 Cronbach’s Alpha Hypothesis 1....................................................................................31

3.3 Hypothesis 2.........................................................................................................................31

3.3.1 Sample test Hypothesis 2A...........................................................................................33

3.3.2 Sample test Hypothesis 2B...........................................................................................34

3.3.3 Cronbach’s Alpha Hypotheses 2A and 2B.....................................................................35

3.4 Hypothesis 3.....................................................................................................................37


5-May-23


3.5 Hypothesis 4.........................................................................................................................39


3.5.2 Cronbach’s Alpha Hypothesis 4....................................................................................41

3.5.3 Hypothesis 4A...............................................................................................................42

3.5.4 Sample test Hypothesis 4a............................................................................................42

3.6 Correlations and multiple regressions..................................................................................44

3.6.1 Correlations on degree of trust and advantages of using SaaS.....................................44

3.6.2 Multiple regression on degree of trust and advantages of using SaaS.........................44

3.7 Important factors during consideration of outsourcing........................................................47

Chapter 4. Consolidation of survey results with the existing literature..........................................48

4.1 Trust.....................................................................................................................................48

4.2 Core competences................................................................................................................50

4.3 Information poaching...........................................................................................................51

4.4 Transaction Cost Theory.......................................................................................................52

Chapter 5. Conclusion and further research...................................................................................54

5.1 Research question................................................................................................................54

5.2 Conclusion............................................................................................................................54

5.3 Recommendations for further research...............................................................................56

5.3.1 Trust..............................................................................................................................56

5.3.2 Core competences........................................................................................................56

Bibliography.........................................................................................................................................58

Appendix..............................................................................................................................................61

A1. Survey results Hypothesis 1....................................................................................................61





5-May-23

List of figuresFigure 1 The Balance between In-house Production and Outside procurement (Clemons et al. 1993.)

.....................................................................................................................................................15Figure 2 Traditional Investment to Reduce Coordination Cost Increased Transactions Risk. Firms

preferred to Make Such Investments In-house (Clemons et al. 1993.)........................................15Figure 3 Current Investments in Information Technology May Not Increase Transactions Risk. Firms

Can Now Safely Outsource (Clemons et al. 1993)........................................................................16Figure 4 The base case preferred mode of economic transaction........................................................18

List of TablesTable 1 Independent 2 sample T Test Hypothesis 1 by SPSS................................................................30Table 2 Cronbach's Alpha for Hypothesis 1..........................................................................................31Table 3 Paired 2 sample T Test Hypothesis 2A by SPSS........................................................................34Table 4 1 sample T Test Hypothesis 2B by SPSS...................................................................................35Table 5 Cronbach's Alpha for Hypothesis 2A question number 9.........................................................36Table 6 Cronbach's Alpha for Hypothesis 2A question number 10.......................................................36Table 7 Cronbach's Alpha for Hypothesis 2B........................................................................................36Table 8 1 sample T Test Hypothesis 3 by SPSS......................................................................................38Table 9 1 sample T Test Hypothesis 4by SPSS......................................................................................41Table 10 Cronbach's Alpha for Hypothesis 5........................................................................................41Table 11 Paired 2 sample T Test Hypothesis 4A by SPSS......................................................................43Table 12 Correlation of trust related to advantages of using SaaS.......................................................44Table 13 Multiple regression degree of trust part 1.............................................................................44Table 14 Multiple regression degree of trust part 2.............................................................................45Table 15 Multiple regression degree of trust part 3.............................................................................46Table 16 Results question 19................................................................................................................47Table 17 summary of the results of our hypotheses............................................................................48Table 18 Statistic summary of the survey results of questions 6, 7 and 8............................................61Table 19 Combined results of the organizations that are outsourcing.................................................62Table 20 Combined results of the organizations that are not outsourcing..........................................62Table 21 Results question 18................................................................................................................66Table 22 Combined results of organizations that are outsourcing and the factor trust.......................66Table 23 Statistic summary of the survey results of questions 11 , 12 , 13, 14, 15, 16 and 17.............67Table 24 Combined results of the questions related to Hypothesis 3..................................................67Table 25 Statistic summary of the survey results of questions 16 and 17............................................68Table 26 Statistic summary of the survey results of questions 9..........................................................63Table 27 Statistic summary of the survey results of questions 10........................................................64Table 28 Combined results of the sub-questions of question number 9..............................................64Table 29 Combined results of the sub-questions of question number 10............................................64Table 30 Combined results of the sub-questions (divided by its amount of questions) of question

number 9 and 10..........................................................................................................................64Table 31 Statistic summary of the survey results of questions number 5 and 15................................65Table 32 Combined results of the sub-questions of questions number 5 and 15.................................65


5-May-23

Chapter 1. Introduction

At present, many organizations are outsourcing different processes; these processes differ in size and scale, ranging from accounting and administrative tasks to even outsourcing of a complete sales department. The main reason for organizations to outsource is obtaining lower costs.

Recently, a new type of outsourcing is offered on the market: Software as a Service (SaaS). This outsourcing opportunity provides companies with the ability to use software as needed versus licensing all devices with all applications. This service is comparable to for example the outsourcing of mobile phone services. Some examples of SaaS are for instance webhosting, online customer relationship management systems and external e-mail management.

The decision to outsource a service, for example email, may lower software licensing costs for organizations (Cain, 2009) and may also shift the responsibility of maintaining the service for a third party. On the other hand, outsourcing a service such as e-mail may raise questions related to the safety and privacy of the information an organization is sending.

Currently there is an interesting discussion going on, on how to protect and respect the privacy of people and companies that use online services. This discussion is lead by several authorities that focus on protecting data. The main focus is Google, which at the launch of their new service, Google Buzz February 9th 2010, made the inaccuracy to disregard the fundamental privacy laws and norms. The data privacy authority’s of several countries joined and wrote Google a letter in which they mentioned that they were very disappointed in the way Google treated the privacy of their users. In the letter, they recommended Google to use Privacy by Design for future services. Privacy by design means that, in early design phase of a new service a company investigates on how to protect and respect that data privacy norms and laws.

The concept of SaaS is a considerably new service offered on the market. It is currently (2010) only offered by a small number of organizations. When organizations consider outsourcing software or a part of it, it is important to have a clear overview of what is offered on the market. In this study, we often use the term software package; it is therefore important to know how it is meant to be understood here. A software package is defined in this thesis as a pack of separate software programs combined to a joined package which can be purchased by organizations. Currently, there is no clear overview of the different packages available on the market. This lack of information makes it difficult for organizations to decide which package and subsequently which provider to choose. Because there is not much information on SaaS, questions may raise what possible advantages there are in using it. Furthermore, organizations could also have doubts to use the service because of the lack of information on for instance decision making factors such as security and availability. Currently, service providers are trying to build more trust aimed at potential customers by presenting the service as visible, secure, managed, audited and valid (Kennedy et al., 2009). It is interesting to examine how and if SaaS providers can show this trust.

Organizations require a trustworthy service provider for their e-mail. This may prove to be a difficult goal to achieve when service providers can have all sorts of different intentions. Both parties are commercially driven and therefore aim for a maximized profit as a goal. Organizations that are using


5-May-23

the service also value the quality of the service (Lee, 1996). A contract is crucial in outsourcing transactions to ensure that the interests of both parties are served. What are the other control measures that can secure and assure the requirements of both parties? Besides a contract, many companies are under the impression that they have to trust the provider of the service to live up to work for the best results for the outsourcing party. From the literature of Das (2001), organizations have to be aware that an outsourcing transaction has a significant part of risk related to it (Das et al., 2001). Besides the risk factors mentioned in the contract there are other factors related to outsourcing that can affect the relation and also factors not mentioned in the contract that can influence the relation between two parties. These factors cannot even be directly visible, however they can have a significant influence on a successful outsourcing transaction.

The decision to outsource an important process can be examined from different perspectives; in this thesis the examination is performed from an accounting perspective. Taking this into account angle, aspects as security, information poaching and durability of the service are examined. Information poaching, equal to loss of information, is a relatively new term that is clearly gaining in importance due to the increased use of external services. As mentioned in earlier literature on outsourcing, the loss of information is an important factor for organizations deciding to outsource (Widener and Selto, 1999). Information poaching can also increase transaction costs and more specifically operations risks (Clemons et al., 2004).

1.1 Research Question In the introduction to this study, several aspects related to outsourcing software and the possible effect of external factors on it has been discussed. An important issue that surfaces when examining the outsourcing process is called “information poaching”. The threat of information poaching in combination with outsourcing is related to the main question of this thesis, which is; “What is the effect of information poaching when e-mail is outsourced to a SaaS provider”. In several papers researchers suggest that information poaching is a possible threat when outsourcing. How does this relate to outsourcing a service as e-mail? The main question is rather broad, thus for making it more specific, several sub-questions on this topic have been formulated. The following sub-questions are discussed in this thesis:

1. What are the possible risks when outsourcing an internal service such as e-mail to an external service provider?

2. What are the possible risks for an organization when working with SaaS provider?

3. To what extend is the concept of information poaching known to organizations?

4. To what degree is information poaching acknowledged as a threat when outsourcing a service as e-mail?

5. When information poaching because outsourcing e-mail is acknowledged as a possible threat, does this affect the decision making process of the customer?

6. To what extend can organizations control the possible negative effects when outsourcing e-mail to a SaaS provider?


5-May-23

1.2 Methodology The second chapter of the thesis consists of a literature study on several different topics related to the research question. Different methodologies on outsourcing and information poaching are discussed. Finally they are linked to the concluding results. We also compare the literature about outsourcing physical/traditional services and a relatively new service as e-mail. The literature on outsourcing can be partially used when outsourcing a digital service. Besides the current theories there are some new effects like information poaching which can influence the outsourcing relation. This makes it interesting to look into which degree the current literature is applicable when outsourcing a service as e-mail.

The third chapter of the thesis consists of the results of a survey performed among organizations interested in outsourcing their e-mail to a SaaS provider. The results of the surveys are used to verify the hypothesis with the intention to answer the research question. We first contacted the providers of SaaS and asked them to cooperate with the surveys by supplying us with names of companies that are interested in outsourcing their e-mail. Organizations considering to outsource or already outsourcing their e-mail are asked to participate in an online survey with questions related to outsourcing e-mail and information poaching. Besides that, we will distribute our survey among online communities of organizations that are interested in software as a service.

In the fourth chapter of this thesis, the information from the surveys is compared to the information from the literature study. While doing so, it will provide an insight into which degree we can apply and relate the general literature on outsourcing to outsourcing a service as e-mail. We furthermore discuss the importance and the effect of information poaching on outsourcing a service as e-mail.

Finally, recommendations and conclusions are provided after analyzing the survey results in relation to the existing literature, these findings are presented in chapter five.

1.3 Scope The scope of this thesis is limited to outsourcing email to a SaaS provider. SaaS provides several more services that may be interesting for organizations; however, in this study the main focus lies on outsourcing e-mail. There are multiple risks when outsourcing a service as e-mail, nevertheless, this thesis is focused on the danger of information poaching.


5-May-23

Chapter 2. Literature review

In our thesis we will research a relatively new and unexplored form of outsourcing, outsourcing e-mail to a SaaS provider. The aim of our study is to prove to which degree we can relate the existing literature about outsourcing to our thesis topic about SaaS. In this chapter of our literature review we will first examine some general theories about outsourcing. Subsequently, we will examine some theories in more detail, and after processing our survey results we will finally link them to our findings in chapter 4.

2.1 OutsourcingOutsourcing was introduced during the 1980’s. Since the early 1990’s, outsourcing has evolved from only outsourcing traditional services like administration to the outsourcing of data, marketing and IT related services (Chalos, 1995). This change in services is related to the increasing costs of internal non-core-business activities. The transformation of the business structure of organizations can lead to more specialized organizations. These more specialized organizations are able to focus more and more on core competences.

The outsourcing process can be defined as a process of subcontracting certain processes to a third party. An important factor mentioned in the introduction is the relation of an organization with a third party. It is essential to understand that the company that is outsourcing and the outsourcing vendor are not partners. Their main goal is the same, they both want to make a profit, however besides that the outsourcing organization expects stability of a service (Lacity and Hirschheim, 1995). These two goals do not go well together as both parties may have different expectations of the service.

Chalos (1995) states in his paper that the process of outsourcing has evolved during the years; McFarlan (1995) specifies the evolution of outsourcing in his study about the change in outsourcing in relation to the growth of IT outsourcing. McFarlan (1995) defines two specific reasons that effected the growth of the number of outsourced IT services. McFarlan (1995) states that the acceptance of strategic alliances and IT’s changing environment motivate organizations to outsource their services (McFarlan et al., 1995). The value of strategic alliances is widely recognized among organizations. The benefits of having a partner for a strategic alliance can range from having more experience with a certain process to saving costs by focusing on a single part of the complete process. The paper of McFarlan (1995) is published in 1995; McFarlan assumed at that time that the number of companies outsourcing IT services would grow.

The decision to outsource a service can be based on several reasons that may differ in relation to the organization wanting to outsource a service. The main reason for organizations to outsource their services is of an economic nature, often explained and analyzed using Transaction Cost Economics (TCE). We will discuss this theory in more detail in chapter 2.4 of our literature review. An additional reason for the change in services is the increased demand for flexibility. This reason is mainly related to the production of goods and services. It is vital that an organization can quickly adapt to a changing environment. Another reason that makes it interesting for companies to outsource is the decrease of economic ties to means of production. By outsourcing certain activities, organizations can have more or lower flexible costs. Obviously, this reason depends on the agreements there are


5-May-23

with the outsourcing provider. Other reasons defined by Martin (1997) to outsource, are lowering costs for maintenance activities, technological innovations and stricter safety standards leading to more specialized personnel (Martin, 1997). Most of these reasons are applicable to almost any outsourcing transaction regardless of the outsourced tasks.

In addition to the reasons by Martin (1997) to outsource a service as e-mail, Lindenberg (2000) defined a theory based on goals motivating organizations to outsource. This motivation discussed by Lindenberg (2000), can influence decisions made by parties in a transaction. These decisions can be critical for the success of the relation. Lindenberg (2000) states in his paper that an organization will select a specific goal, assumed to be the most important one: the focal goal. This process where parties prioritize their goals is called framing. In this process, Lindenberg identified three frames for an organization to adapt and use in their relation with another party. The first frame defined by Lindenberg (2000) is the gain frame, based on increased resourcing. A party will mainly focus on increasing their own resources, for example increasing their profit. The second frame is the loss frame; in this frame an organization focuses on limiting the loss. This frame is interconnected with the gain frame. This interconnection between two frames means that when a party expects a loss or something negative to happen, a gain frame situation can switch directly to a loss frame. The final and third frame determined by Lindenberg (2000) is the normative frame. The normative frame is based on the motivation of a party to act in a proper way and do the right thing. The explanation of the proper way and the right thing are based on moral behavior and the accepted norms of the party (Lindenberg, 2000). In the study of Lindenberg (2000), the focus lies on the danger of information poaching. Information poaching, discussed in more detail in chapter 2.5 of this study, is a threat which will probably be hard to detect and to protect a party from.

When organizations want to outsource a service based on the advantages, the decision to outsource can be made very quickly. However, an organization has to make the decision to outsource a service very carefully, because there are more things to take into account than only advantages. McFarlan (1995) defines an important thing for organizations while making the decision to outsource a service, he states that it is easier to outsource than to insource again (McFarlan et al., 1995). As a consequence, when an organization outsources a service and the results are not as expected, it will be difficult to undo the change. Taking this into consideration makes it even more important to have a clear insight in the outsourcing transaction and control measures used in the outsourcing relationship.

When we consider the theory of McFarlan (1995) that it is easier to outsource than to insource a service, it is important to control the possible negative effects during the outsource transaction. Lee (1996) states in his paper that control measures are important for the consuming party to secure the rights, liabilities and expectations of both parties (Lee, 1996). An interesting question for organizations is; “how do we control the processes we outsource?” If there is almost no control over the transaction and no control measures for the transactional relation, there may be a thin line between success and failure of the outsourced relation/transaction. If we know that an outsourcing decision may in the end lead to failure, we also have to consider some other important factors.

Because of the importance of a successful outsourcing transaction, a fair amount of literature is available on transactions between organizations and on control measures in outsourcing transactions. Some important issues in relation to control are subjects such as transfer of assets,


5-May-23

staffing, pricing and payment, warranty and liability, intellectual property and information security (Lee, 1996). The two factors mentioned by Lee (1996): intellectual property and information security, are important factors in the final decision to outsource a service as e-mail. It is vital for the outsourcing party to have full control and ownership of its information assets. In our case, when we outsource a service as e-mail, intellectual property is an important issue which has to be controlled to secure the ownership of the information exchanged by e-mail.

The other issue mentioned by Lee (1996) is information security, which is closely related to intellectual property. Because e-mail is based on the exchange (transaction) of information between sender and receiver, the security of this information is very important. For the majority of the transactions a written contract is the instrument to secure the rights, liabilities and expectations of both parties. Contracts are the most important documents in court when there are disagreements between two parties; this makes it important to have clear and legal content in the documents. However, if we look at topics like intellectual property and information security in relation to outsourcing of e-mail services, this can be a major issue as it is impossible to define everything in a contract (Lee, 1996).

Besides a contract, there are more and different methods on how to secure information. For example, information can be encrypted, which makes it harder to intercept and to use. On the other hand, in many cases the provider of the service still has access to the information even if it is encrypted. With this possibility, the provider of the service can do a lot of damage to the outsourcing party (Lee, 1996). The two issues mentioned by Lee (1996), intellectual property and information security, are especially important in relation to the threat of information poaching, which is further discussed in chapter 2.5 of the literature review.

2.2 Core competencesA reason for an organization to outsource a service, is to focus more on the core competences of the organization. In many organizations the belief is that core competences are known, however it is often difficult to identify the specific core competences. As core competences are hard to define, they are also often confused with core technologies. Prahalad (1993) states in his paper that a core technology can be defined as a component of a core competence. Another difference between a technology and a competence is that technology can be stand-alone and a competence cannot (Prahalad, 1993). Prahalad and Hamel (1990) state that core competences are often mistaken by core products and end products. Prahalad and Hamel (1990) state that it is essential to make a precise distinction since they all require a different approach (Prahalad and Hamel, 1990).

Prahalad and Hamel (1990) discuss in their paper the importance of correctly identifying the core competences of an organization and how difficult it is to correctly identify them. Prahalad and Hamel (1990) mention three specific steps to identify core competences in a company. First, they state that a core competence provides potential access to a wide variety of markets; second, a core competence should make a specific contribution to the end product, and finally, a core competence has to be hard to copy by competitors (Prahalad and Hamel, 1990). It is important to distinguish the differences between the competences in an organization. This is especially important as outsourcing a core competence will enhance the level of risk related to the transaction. When a core competence is not correctly identified and is yet outsourced, the negative effect for the organization’s outsourcing of this core competence, can be considerable.


5-May-23

Prahalad (1993) defines that one of the most important things to understand about the competences in an organization, is that although they can involve a technology. They also involve the governance process and collective learning of the organization. Taking this into account definition Prahalad (1993) constructed the following view of a competence (Prahalad, 1993);

Competence = (Technology x Governance Process x Collective learning)

An example to show the importance of core competences while considering outsourcing is explained in the following case about outsourcing e-mail.First, we examine a company depending on its e-mail, an online holiday-booking website. The reservation system of the website is based on an online booking system which mainly works in combination with e-mail. The second organization is a restaurant working with reservations made via telephone and via their website. The risk in outsourcing the e-mail service of the holiday-booking website is higher compared to that of the restaurant.This is related to the differences between the core competences of the two organizations. The restaurant’s core competence is most probably serving their customers a good meal in terms of quality and quantity for a reasonable price. When the restaurant owners decide to outsource e-mail, the risk and the possible damage are not that high. On the other hand, the core competence of the holiday booking website is receiving and forwarding their bookings to hotels. Logically so, the different degrees of risk based on the importance of the service for a company, have to be taken into account.

In the literature about core competences from Prahalad and Hamel (1990) we see some interesting facts that could influence the decision of organizations to outsource their e-mail. Prahalad and Hamel (1990) mention that if a core competence is outsourced, the level of risk will be higher. It is obvious that organizations don’t want a high level of risk outsourcing a service.

When we know that organizations want to keep the level of risk as low as possible, it is interesting to research if e-mail is recognized as a core competence by organizations. If so, how does it affect the decision of organizations to outsource their e-mail to a SaaS provider. In most cases, e-mail will not be defined as a core competence but more likely as a core technology. Something related to core competences and core technologies is the dependency of organizations of a service. In both core competences and core technologies, organizations depend on a specific thing and in our case e-mail. This dependency is easier to identify and can be related to the facts of core competences and core technologies.Taking this into account question we constructed the following hypothesis which we will test by analyzing our survey results.

H1. Organizations that outsource their e-mail do not significantly differ based on the dependency of importance of e-mail in organizations, from organizations that do not outsource their e-mail.

2.3 Transaction Cost TheoryThere are several theories organizations can base their decision to outsource a service on. An often used theory is the TCE. The original groundwork for TCE was done by Oliver R. Williamson who discusses the theory in his papers and books. Williamson (1979) defines that the decision to outsource a service is based on the costs related to transactions. This sum of costs originates from


5-May-23

the production and transaction costs (Williamson, 1979). The production costs can be defined as all the costs of producing the product or service. Besides the direct cost of producing a product or service, there are also costs related to the transaction. These costs are for example the costs of searching a proper provider, the costs for setting up a contract and the costs for coordinating the transaction. Williamson (1985) defines the transaction costs as the “costs of running the economic system” (Williamson, 1985). The model defined by Williamson (1985,1979) can be illustrated as follows,

Total Cost = Production Cost + Transaction Cost

Based on the transaction cost theory, the decision to outsource a service such as e-mail can be calculated by adding the transaction costs to the production costs of e-mail. Van der Meer-Kooistra et al (1999) state that there are three elements that influence the outsourcing relationship and the degree of control that is used in shaping the relation. She states that the transaction, the transaction environment and the different parties all influence the relationship of the transaction. Based on this, she concludes that it is crucial to understand the effect these elements can have on the transaction. Besides the effect of the elements on the transaction, Van der Meer-Kooistra et al (1999) also states that it can influence the total costs of the transaction (Van der Meer-Kooistra et al., 1999).

In a paper by Clemons et al. (1993), the “Move to the middle” hypothesis is examined. The “Move to the middle” hypothesis states that organizations are more and more pushed to a move to the middle or move to the market. This move is based on the decreased costs for coordination and the lowered level of risk related to the transaction. The change in transaction costs and coordination risk is achieved by using IT (Clemons et al. 1993). Clemons et al. (1993) illustrate this by the following figures;

Figure 1 The Balance between In-house Production and Outside procurement (Clemons et al. 1993.)


5-May-23

Figure 1 Clemons et al. (1993) shows the sum of the costs for outsourcing is similar to the costs of in-house production. In this situation, organizations can decide for in-house production as well as for outside procurement.

Figure 2 shows that IT lowered the coordination costs for an in-house production and also for outside procurement. This difference in cost and risk leads to more in-house production, because the risk (transactions risk) of outsourcing is higher.

Figure 2 Traditional Investment to Reduce Coordination Cost Increased Transactions Risk. Firms preferred to Make Such Investments In-house (Clemons et al. 1993.)


5-May-23

The third figure (Figure 3) is the current situation for organizations considering to outsource their services. In both situations (in-house production and outside procurement) IT lowered the coordination costs, and compared to Figure 2, the transactions risk has decreased significantly. It decreased to a certain point that makes it interesting for organizations to outsource. Two examples of IT decreasing the amount of coordination costs are for example online supplier search and comparison and the use of e-mail.

Clemons and Reddi (1994) define that the transaction cost theory is especially interesting when an organization wants to outsource an IT related service. The researchers looked at the transaction costs and managed to split it up into three specific elements.The first element Clemons and Reddi (1994) define in there paper is based on the costs of for example searching the right provider and monitoring the service provided. Clemons and Reddi (1994) define these costs as: coordination costs. Besides direct costs, which are related to the transaction, there are also indirect costs related to the transaction such as risk. The factor risk can generate extra costs which eventually can influence the decision to outsource. Clemons and Reddi (1994) describe two important kinds of risk, operations risk and opportunism risk. These two risk factors can influence the decision of an organization to outsource a service or to keep performing the service in house.

Transaction Cost = Coordination Cost + Operations Risk + Opportunism Risk

The terms coordination costs, operations risk and opportunism risk together construct the term transaction costs (Clemons and Reddi, 1994). In the next chapter, the different sub terms are individually discussed.

Figure 3 Current Investments in Information Technology May Not Increase Transactions Risk. Firms Can Now Safely Outsource (Clemons et al. 1993).


5-May-23

2.3.1 Coordination CostsA major component and probably the most clearly defined component of the transaction costs are the coordination costs. Malone (1988) defines the term coordination as a body of principles of how activities of separated factors can be coordinated (Malone, 1988). In another paper by Malone (1994) he defines the term coordination as something that is based on dependencies. He states that if there are no dependencies, there is also no coordination needed (Malone, 1994). Clemons and Reddi (1994) define the term coordination costs combined from two different kinds of cost. They state that coordination costs consist of direct costs, such as the costs of delivering and coordinating the service and indirect costs related to the coordination costs. Indirect costs are costs such as the costs for inventories (Clemons and Reddi, 1994).

When we look at the explanation of the term coordination costs, it seems like it is pretty clear how to calculate the amount of costs which can be defined as the coordination costs. Especially when we pick a product which is a regular product to buy for an organization. For example, if we take a pen. If an organization purchases a pen, the coordination costs consist of the costs for finding a supplier, costs for the delivery of the pen and the costs for storing the pen in the warehouse. These costs are easy to define. From these costs, it is possible to calculate the coordination costs. However, if we look at a service and especially a service such as e-mail, it can be harder to define all costs. There are similar costs as for purchasing a pen, for example the costs of finding the right supplier. On the other hand, there are also different costs which are harder to define. For example, the costs of integrating the service in the current system, writing a contract that secures all kind of new things like server availability and creating acceptance among the employees for the new service. Besides these examples, there are more things that affect the coordination costs and make it a harder component of the transaction costs theory to define.

2.3.2 Operations RiskOperations risk is defined as the risk that the partner in an outsourcing relation, which is most of the time the supplier of the service, underperforms. Underperforming means that the other party does not deliver the service as agreed. This underperforming can be done intentionally by the provider to gain more advantage out of the transaction, for example by delivering a service with a lower quality. On the other hand, underperforming can occur due to effects that cannot be controlled by the other party, these effects can be for instance the weather or an earthquake. Clemons and Reddi (1994) mention in their research that IT can influence underperformance which is done intentionally. However, it does not have an effect on underperformance which happens unintentionally (Clemons and Reddi, 1994).

2.3.3 Opportunism RiskOpportunism risk can be created out of two situations. The first form of opportunism risk is when an organization has to make an investment in the relation that is relation specific. This means investments specific to the relation of the transaction, which can be lost or misused after the investment is made. The second form of opportunism risk is when organizations work with small number bargaining. This can create the situation that an organization is to dependent of a certain party, because of the scanty alternatives. In their paper, Clemons and Reddi (1994) state that if an organization makes relation specific investments to coordinate with their suppliers, IT can influence the opportunism risk (Clemons and Reddi, 1994).

Low High

Low

High

Price Risk

Transactions Risk

Partnership Market supplier

Vertical integration Vertical integration


5-May-23

2.3.4 The transaction cost modelBased on the three elements: coordination costs, operations risk and opportunism risk, Clemons and Reddi (1994) created a model that shows the movement of organizations based on a calculation of the transactions costs (Clemons and Reddi, 1994).

When we look at Figure 4 we can immediately see some important decisions for an organization. Based on the calculation of the transaction costs of Clemons and Reddi (1994) organizations can decide to choose three different things. The first option is to vertically integrate the service into the organization. This means not outsourcing the service but producing it in-house. When organizations decide to perform the required service in-house, they do not have to deal with the effect of opportunism risk. Another advantage of vertical integration is that operations risk can be considered as non-existent. The second option for an organization is searching for a partnership; in this case the organization chooses a provider and assumes this will be a partner in a long term relationship. The final alternative for an organization is to search the market for a supplier. When an organization searches for a market supplier, they investigate the market and the different suppliers. Eventually, they will choose the supplier with the lowest price. Besides the different forms of economic transactions, there are also several measures noted in Figure 4. The vertical line describes the level of the transaction risk and the horizontal line describes the level of the risk related to the price.

The transaction cost theory is a theory which originates from the early 1980’s. Over the years, the theory has been applied to several situations. Because outsourcing a service such as e-mail is relatively new, some different factors can influence the theory. Factors such as coordination costs, operations risk en opportunism risk are interesting to verify in relation to organizations that are considering outsourcing their e-mail based on the transaction cost theory. Based on the theory of Clemons and Reddi (1994) who formulated the previously discussed “Move to the middle” hypothesis, we would probably assume that organizations outsource their e-mail to a service

Figure 4 The base case preferred mode of economic transaction


5-May-23

provider (Clemons et al. 1993). On the other hand, if we know that factors such as data availability, data privacy and information poaching are relatively new and unexplored factors, the decision to outsource can be influenced by this. Based on this, we constructed the following hypothesis to verify the transaction cost theory in combination with the decision to outsource e-mail.

H2. Based on the transaction cost theory, organizations will outsource their e-mail to a software as a Service provider. H2.1. The advantages of SaaS are equally rated as the disadvantages. H2.2. Operations risk does play a role when outsourcing e-mail to a software as a

service provider.

2.4 Trust, control and riskWhen we look at the transaction cost theory, we can see that a part of the transactions costs exists out of transactions risk. Transactions risk is again based on two kinds of risks namely operations risk and opportunism risk (Clemons and Reddi, 1994). The two risk factors play an important role in the decision to outsource a service as for example e-mail. Risk is an issue that most organizations probably don’t like to hear when they are considering outsourcing a service. If there is risk involved in an outsourcing transaction, probably the first thing organizations will do is try to control and minimize it.

Brynjolfsson (1994) mentions in his paper that in an outsourcing relation it is almost impossible to obtain full control of the relationship. Especially when an organization takes everything that can happen during the transaction period into account. Brynjolfsson (1994) suggests that in the real world contracts are almost always incomplete. In his paper, Brynjolfsson (1994) mentions that it is almost impossible to define certain circumstances in a contract. These specific circumstances are most of the time unforeseen or too expensive to define in detail (Brynjolfsson, 1994). Because of this, logically there is a factor risk while outsourcing a service, which cannot be fully controlled using only a contract.Examining the theory of Brynjolfsson (1994), which states that contracts are almost always incomplete, we can assume that an organization has to have a certain degree of trust in their provider. This degree of trust has to cover the possible risk that cannot be secured by a contract.If we look at the word trust, this is a difficult factor to define. How can we define trust in an outsourcing transaction and where does it originate from?

Implicitly, Vosselman and Van der Meer-Kooistra (1999) suggest that there is a relationship between control and trust. As Van der Meer-Kooistra (1999) states in her paper, trust can be developed out of previous relations between parties, or it can grow over the period of a transaction. (Van der Meer-Kooistra et al., 1999). In our study, when service providers such as Google or Microsoft are examined, companies can already have a history of transactions with that company. Because of this experience, organizations can decide if the risk of outsourcing can be neglected, based on the degree of which they trust their provider.

Trust can arise from different processes based on learning and adaption. These processes are necessary to create trust between the different parties. It is needed because they strengthen the relationship between the different parties, they make the relation more durable, they make the


5-May-23

relation open for changes and finally, they stimulate interaction between the different parties which could lead to knowledge exchange and consideration for each other’s interests (Johanson and Mattson, 1987). If we look specifically at the subject of this thesis that is focused on outsourcing e-mail, trust may be an important factor in the outsourcing process. SaaS is relatively new on the market and not that much is known about the specific service. This unfamiliarity with the service creates a lot of uncertainty.

Van der Meer-Kooistra (1999) mentions in her paper three different kinds of trust. The first kind of trust is contractual trust. This sort of trust is based on the moral agreement that written or verbal contracts are agreed upon and carried out by both parties. It is not always the case that both parties act as described in the contract. The second kind of trust is based on the competence of the provider of the service, and is called competence trust. This kind of trust means that an organization outsourcing a service trusts the company to have the expertise and competences to accomplish the expected tasks. The final type of trust is goodwill trust. Goodwill trust is one of the most difficult kinds of trust to define. Goodwill trust is based on a kind of expected commitment of parties to live up to the goal to obtain the best results for both parties. Van der Meer-Kooistra (1999) finally concludes that trust is a very important factor in outsourcing relations that requires close cooperation. She also mentions that this is especially important in relations where the outsourcing party has high demands and the transaction environment is uncertain (Van der Meer-Kooistra et al., 1999).

In several studies from Van der Meer-Kooistra et al. (1999), Das et al. (2001) and Vosselman et al. (2009), the relation between control, risk and trust is discussed. If we accept the position by Brynjolfsson (1994) that full control is almost always impossible, than naturally there is a factor of risk present in an outsourcing transaction. The consuming organizations can view the risk as something naturally related to outsourcing transactions. On the other hand, if the consuming company has the best intentions for the transaction they can also trust the provider that it will operate with the best intentions for both parties. Das and Teng (2001) state that trust and control are interlinked with risk in strategic alliances (Das et al., 2001).

Along the same line of thought, Vosselman et al. (2009) suggests that control and trust are intertwined. The idea is that when the degree of control increases, the degree of trust is lower and vice versa (Vosselman et al., 2009). Another perspective suggested by Mouritsen and Thrane (2006) states that there is trust when the right controls are used. The two views from Vosselman et al. (2009) and Mouritsen and Thrane (2006) differ from one another while Vosselman et al. (2009) suggests that the degree of trust will be lower if there are more controls. On the other hand, Mouritsen and Thrane (2006) state that the degree of trust will be higher regardless of the number of control systems that are used. In our case, it is important to understand what the proper control tools are, when outsourcing e-mail. Some important remarks to the theory of Vosselman et al. (2009) are that he does not mention the fact of proper controls. What if an organization implements a lot of controls and they are all the proper ones. Will the total level of control decrease by implementing more controls? On the other hand, Mouritsen and Thrane (2006) only mention the fact of proper controls however will the level of control change in relation to the quantity of implemented proper controls? These two questions originating from both theories can be interesting to research in relation the existing theories on control.

Amount of trust

Amount of control Proper controls

Amount of trust

Amount of control Controls


5-May-23

The following figures will give a visual description of the effect of the two theories of Vosselman et al. (2009) and Mouritsen and Thrane (2006) on the degree of trust created by using controls. These figures also show that the two theories differ from each other.

If we examine the two figures we can conclude that both theories differ from each other. Another question related to the theories of Vosselman et al. (2009) and Mouritsen and Thrane (2006) is if trust in that specific theory can be seen as a substitute for or as complementary to control. When we look at the theory of Mouritsen and Thrane (2006, they define that trust can be created by using the proper controls. In this case, trust is not complementary to proper controls. On the other hand, it is also hard to define it is a substitute. The second theory of Vosselman et al. (2009) states that the

Figure 6 Decreased amount of trust created by implementing more controls Vosselman et al. (2009) and by not using the proper controls Mouritsen and Thrane (2006).

Figure 5 Increased amount of trust created by implementing less controls Vosselman et al. (2009) and by using the proper controls Mouritsen and Thrane (2006).


5-May-23

degree of trust is lower if the level of control increases. In this case, trust is described as complementary to the level of control used, because the degree of trust changes in relation to the level of control. In this situation, we can conclude that trust is not a substitute because it is dependent on the level of control.

When we look at previously discussed literature about trust, control and risk, we can make an interesting remark on the theories of Van der Meer-Kooistra (1999), Vosselman et al. (2009) and Mouritsen and Thrane (2006). Because we can ask the question: if there is trust, is there still need for control. If an organization completely trusts the provider of the service, there is no need to control the relation for possible threats. In some cases, trust arises from control but in other situations this is not the case.

If we look at the topic of this thesis, which is focused on outsourcing e-mail, trust will probably play an important role in the decision making process of organizations. The theories of Van der Meer-Kooistra (1999), Vosselman et al. (2009) and Mouritsen and Thrane (2006) mention that trust will play an important role when outsourcing a service. Taking this into account we constructed the following hypothesis based on the existing literature and our topic about SaaS.

H3. Organizations outsourcing their e-mail trust their Software as a Service provider.

2.5 Information poachingAt present, the economy is getting more and more dependent on information issues as information poaching are essential to take into consideration. Especially when an organization considers to outsource information related services such as e-mail. Because of this, the potential threat of information poaching is getting higher, which makes it even more important for organizations to secure their information. The growing importance of information poaching and the lack of research on this subject by organizations make it interesting to study this topic in relation to outsourcing a relatively new service as mail.

Clemons and Hitt (2004) discuss information poaching in relation to transaction risks and information exchange. In the paper by Clemons and Hitt (2004), the term information poaching is composed of three components. The first component is the exchange of information between two parties, the second component is the use of information by the receiving party and finally, the use of the information with the goal to do economic damage or gain an advantage (Clemons and Hitt, 2004).

Widener and Selto (1999) define the term information poaching without using these three terms. They define it as the loss of information which could allow a third party to gain economic advantage from it (Widener and Selto, 1999). Widener and Selto (1999) also state that the asset specificity of the service is related to the threat of information poaching. If the assets are more specific, thus the information confidential and detailed, the threat of information poaching is higher (Widener and Selto, 1999).

An example of the growing need of information in economics in relation to information poaching is ecommerce. Many people pay their purchases by credit card. When paying with a credit card, the receiving company obtains a great amount of important information. Besides credit card data, information on previous buying behavior is available to the obtaining company. After some time,


5-May-23

these companies have a large database with credit card data, data that can be used without the authorization of the credit card holders. If this information is used, fraud can be committed and harm can be done to the customers. Besides using it directly, the information can also be sold to a third party. The third party can use the gathered information to commit fraud, or mine the information to use it for other purposes, such as marketing. They can adjust their advertisement to the profile combined by the data of the previous purchases of specific customers (Clemons and Hitt, 2004).

Not every service has the same level of risk when outsourced to an external service provider.Clemons and Hitt (2004) describe four factors that could make information poaching more likely. The first factor is the protection of intellectual property. When intellectual property is protected in a right way, the risk of information poaching can be lower. Besides the lowering of the factor risk, legal remedies could lower the possible negative effects. The next factor is the existence of complementary assets. If the firm that supplies the service has complementary assets, it is more likely that it can use the information for its own purposes. When engaging in relations with different providers or a provider with almost no complementary assets, the risk of information poaching is lower. Another factor is limited observability, in many cases there is no clear view on providers taking advantage of the information. In this case, even remedies are hard to implement if the possible threats are unknown. The final factor is bounded rationality; in this case information poaching can be observed however it cannot be prohibited in the contract. For example, a company can be accused of entering a similar market with information obtained from the transaction. Most of the time it is hard to prove that such a move is completely based on information poaching and not on information gathered in a fair way (Clemons and Hitt, 2004).

When we know what the danger of information poaching is and which factors make it more likely to occur, it is interesting to examine how we can minimize the risk.Clemons and Hitt (2004) mention in their paper several traditional approaches for minimizing the risk of information poaching. Clemons and Hitt (2004) state that almost all remedies for limiting information poaching have some negative effects. The following approaches are mentioned by Clemons and Hitt (2004):

Incentive contracting Transfer of asset ownership Restricted activities Bonding Reputation Relational contracting Auctions and competitive bidding

The first remedy mentioned in the paper is called incentive contracting and monitoring. This is the classic remedy for limiting threats such as information poaching. It forces both parties to work for the optimal results by compensation based on effort. A side note for this remedy is that information poaching is only partially noticeable; this makes it hard to detect and to act on it. The next approach is transfer of asset ownership; in this approach transferring assets to a weaker party will encourage that party to invest in the relation. On the other hand, this transfer can lead to information poaching because the vendor has control over the assets. A different approach is restricted activities. In this method, organizations restrict the activities that can be done by one party or the other party. Because the information is more scattered between the different parties the provider can do less


5-May-23

with the available information. On the other hand, providers have a limited number of activities to handle; this can lead to higher fees in relation to the activity. Another possible solution is bonding; in this method, organizations bond to show the willingness of both parties to work for the best results. Most of the time, a third party controls this bonding relation. Another approach to minimize the risk of information poaching is reputation; if information poaching is detected it can be communicated to the market which could harm the reputation of the vendor. Through this approach the risk can be controlled, however only if it can be detected. Relational contracting is another way of minimizing the risk of information poaching; by using loosely constructed contractual agreements. This approach works best when there are mutual gains for both parties. The final approach is using auctions and competitive bidding. In this way, different providers can bid for a contract. With this approach, the risk of information poaching is high, because bidders often win the contract with the lowest possible price. If the contract does not lead to substantial benefits for the providers, the risk of information poaching is getting bigger. On the other hand, only providers qualified for the different conditions can win the contract (Clemons and Hitt, 2004). It is interesting to examine if the approaches mentioned above are applicable when outsourcing a specific service such as e-mail. Outsourcing e-mail will probably ask for a more specific approach, because the amount of information available to the provider is much bigger than when outsourcing other services.

Besides limiting the risk related to information poaching, it is also interesting to examine methods to reduce the level of risk.Clemons and Hitt (2004) mention some risk reducing approaches in their paper; however, they mention that this list of approaches is not standardized. Clemons and Hitt (2004) have identified two important rules for the reduction of risk; these are obscuring information for the provider and enhancing observability of the information provider (Clemons and Hitt, 2004). The list of risk reducing approaches by Clemons and Hitt (2004) contains the following methods:

Embed information in Systems Encryption/Separation of Models and Data Modularity of Product Modularity of Processes Seeding

The first method is embedding in information Systems, which is based on the “sealed black box” principle. The “sealed black box” principle means the system can be used but the information itself cannot. The second approach is encryption/ separation of models and data is based on securing critical data. On the other hand, les critical information is provided to supply the users with a workable service. This method resembles the embedded information systems way, but differs from it because a part of the system information is revealed. In the first method no information is revealed, the user can, however, use the service. An example of the encryption/ separation of models and data method is the Google.com search engine. Google hosts the search service, but does not offer insight into its intricate search algorithm. The next risk reduction is modularity of products, which means the vendors offer a service which cannot be transferred back into valuable and usable information for a third party. The fourth method is modularity of processes which means the separation of processes to several suppliers, with the goal that suppliers cannot construct the complete process on their own. The final risk reduction approach stated by Clemons and Hitt (2004) is called Seeding. Seeding is done by including false or wrong information, which may help to detect information poaching. When


5-May-23

certain false information is used by providers of the service, information poaching can be detected (Clemons and Hitt, 2004).

The literature on information poaching is only recently published and not that much research has been done on the subject of information poaching. This makes information poaching a subject for which further research is needed to support the different theories.

In our survey, we try to find evidence if information poaching is really recognized as a threat by organizations. To prove this, we constructed a hypothesis which we tested using the results of our survey.

H4. Information poaching is not recognized as a threat by organizations, when outsourcing their e-mail to a SaaS provider.

2.6 Influence of the marketImportant for companies when choosing an IT service provider is the construction of all the different SaaS providers, which we further on will call the market of service providers. When an organization does not know the market, it is hard to keep the different suppliers apart. Important to know is which providers are present on the market and how they differ from the other providers in a positive or negative way. In this thesis, we focus on the providers of IT and more specific SaaS and e-mail.

If we look at the market of SaaS providers we can distinguish several major players on the market. Service providers like EDS (HP), Google and Yahoo are some of the important players on the market. These providers have already earned some credits in the IT market by providing other services. A survey of Forrester Research shows that two thirds of the companies who have been surveyed for SaaS have already evaluated their current services and specifically their e-mail (Voce, 2009). Taking this into account survey we can conclude that organizations are getting ready to make a change in their current IT structure. The next steps for organizations will logically be evaluating the market and trying to evaluate the possibilities of outsourcing their e-mail. In the paper of Voce (2009) the question was posed to IT professionals, as to why they evaluate their current mail systems. The results of this survey are straight forward: 42% of the questioned IT managers evaluated their current mail system because it was perceived as being too expensive, 31% evaluated their current system because of server consolidation, also other less important factors that triggered the IT professionals, e.g. upgrading software, change of leadership and merger or acquisition (Voce, 2009). In addition to the reasons for IT professionals to evaluate their processes, Voce (2009) asked them for barriers or concerns on changing services. Two major barriers or concerns mentioned by IT professionals are security concerns and e-mail availability. When an e-mail system of a company is unavailable, the organization can miss vital mail traffic. For instance, when a production company misses some information due to unavailability of e-mail, they can lose money by over or under production. Important to understand is that most companies do not immediately notice that their e-mail services are down. Most of the time they detect that their mail system is not working, because they are waiting to receive some specific mail or they cannot send mail. At that time valuable information can already be lost. Taking this into account, we can conclude that availability of the service is vital for organizations; it may be one of the important factors when deciding to choose a service provider. Another concern mentioned is security; this problem is the most important barrier for IT professionals in the previously mentioned research by Voce (2009). E-mail exchange of organizations can contain very important and private information; this information cannot be passed on to


5-May-23

unauthorized recipients. Because SaaS most of the time is web based, everyone can access the information if the security of the service is insufficient. Loss of information can harm the organization. Why, because they can lose business to competitors’; the loss of information can also undermine the trust of the company’s clients. If we look at the issues for IT professionals to base their evaluation on, we can assume that security and availability are two important factors for organizations considering outsourcing. If IT service providers cannot deal with these demands, they are not suitable to be potential candidates for entering the outsourcing market.

When we know what the critical success factors of a service are, in our case security and availability, it is important to see if/how we can control it. Cuganesan and Lee (2006) state in their paper that, by using a system which tracks all actions between a supplying and consuming organization; at the end of the evaluation it is clear how both parties functioned during that period. In this way, consuming organizations can make important decisions based on the history of all actions. On the other hand, suppliers are able to make the performance of their service more visible to their customers. This can create a situation where buyers do not want to change to another party, because they are satisfied with their current provider (Cuganesan and Lee, 2006). Dubey and Wagle (2007) discuss in their paper the change providers of SaaS have to make in order to satisfy the demands of their customers. There are three specific points mentioned, how providers have to change their current abilities. All the points are related to the attitude of the providers towards their customers. First, outsourcing providers have to be able to handle unexpected events, Dubey and Wagle (2007) mention that customers rely more and more on online knowledge bases and forums to solve their problems. The information posted in forums is most of the time up to date and the problems of the users are similar to the problems of the customers. The degree of technical knowledge at forums is also at a certain level that the majority of the readers/customers can relate their own problems to the posted problems. Providers can set up these places and provide helpful information and can let it work based on enthusiastic users with knowledge about the product/service in combination with people of the organization itself. They also mention that the R&D policy has to change; the online updates of the software have to be bug free otherwise this will directly affect their customers. Currently, many software programs are updated often because of the software bugs in it. These bugs can be a possible threat for companies. Finally, they have to create another mindset for the service they deliver, from a focus on shrinking the service to hosting it in the best way (Dubey et al., 2007).

There are some major points for organizations while deciding to choose for a service provider. However, besides acknowledging the critical success factors it is also important to know how they can be controlled. In a paper by Cuganesan and Lee (2006), they point out a market based accounting tool for organizations to control the suppliers of services. They mention that suppliers need to comply with the requirements set by the consuming parties. In return, buyers commit their business relation to that specific supplier. An important note on the previous statement is that from the suppliers to comply with the requirements of the consuming parties, the second selection is based on price criteria (Cuganesan and Lee, 2006).


5-May-23

Chapter 3. Analysis of survey results and hypotheses

3.1 IntroductionWhen we look at the literature discussed in chapter two we see different interesting theories. These theories mainly relate to outsourcing in general. Since outsourcing e-mail to a SaaS provider is relatively new, it is not yet examined if these theories are applicable to this form of outsourcing. Because we want to examine if the existing theories on outsourcing related to outsourcing e-mail to a service provider we created four hypotheses. To verify these hypotheses we created a survey.

3.1.1 PopulationThe organizations we selected for our survey are chosen based on their interest in SaaS and more specifically e-mail. We purposed 1500 organizations with our questions. With a response of 77 organizations of the total group, the response rate is 5%.

3.1.2 Hypothesis and closed questionsIn our survey we have chosen to apply closed questions. This decision is made based on the way we want to process our results. The results of our survey are processed based on our hypotheses. Since we use closed questions in our survey, we can calculate the different statistics of the separate questions. The statistics of these questions can be compared to the values of our hypotheses.

Our Null Hypotheses are based on the literature of chapter 2. Chapter 2 states several theories on which organizations can act when outsourcing a service. In this chapter we compare the existing literature and the results of our survey.

3.1.3 Likert scaleIn our survey we placed 20 questions. At the first five questions respondents were able to choose multiple predefined answers to the questions. These questions where mainly focused on introducing the respondent to the topic of the survey. The introductive questions are also used to gather information from which we can identify specific groups.

The second part of the survey contains questions based on a Likert scale i. We use Likert scales for the different questions, since at the end of the survey this will provide us with clear values. In our survey we applied a Likert scale of seven to the questions. This scale offers the respondent a clear choice to answer the questions.

3.1.4 Cronbach’s AlphaWhen testing some of our hypothesis we had to combine different questions. Because of this, we have to examine if the different questions measure the same concept. We can examine this relation by using Cronbach’s Alpha ii. Cronbach’s Alpha tests if the different questions are consistent with each other. We test Cronbach’s Alpha by using SPSS iii while doing this we can calculate if our alpha is higher than 0.6. When our alpha is lower than 0.6 the correlation between the different questions is too low. This means the questions do not measure the same topic.

3.1.5 Composition of the participantsThe survey is spread by using LinkedIn communities which topics are on outsourcing email, SaaS or topics related to this. Besides that the survey is spread via LinkedIn and also among customers of a


5-May-23

company providing SaaS services (Plushosting). By distributing the survey among people that are knowledgeable, we were able ask specific questions.

In the following chapter we will test the 4 hypotheses;1. Hypothesis 1. “Organizations that outsource their e-mail do not significantly differ based on

the dependency of importance of e-mail in organizations, from organizations that do not outsource their e-mail.”

2. Hypothesis 2. “Based on the transaction cost theory, organizations will outsource their e-mail to a software as a Service provider.”

a. “The advantages of SaaS are equally rated as the disadvantages.”b. “Operations risk does play a role when outsourcing e-mail to a software as a service

provider.”3. Hypothesis 3. “Organizations outsourcing their e-mail trust their Software as a Service

provider.”4. “Information poaching is recognized as a threat by organizations, when outsourcing their e-

mail to Software as a Service provider.”a. “The degree in which the information send by email is valuable to a service provider

compared to a third party do not significantly differ.”

3.2 Hypothesis 1Our first hypothesis is based on the theory of Prahalad and Hamel (1990). Prahalad and Hamel (1990) examined the importance of core competences and core technologies. In their paper Prahalad and Hamel (1990) write about the importance of clearly recognizing the core competences in an organization. They state that if a service is a core competence or core technology, the level of risk when outsourcing is higher.

Prahalad and Hamel (1990) state that it is hard to define a core competence or core technology, especially for the organizations itself. Because of this difficulty in defining core competences and core technologies, we composed a new theory based on the dependency of organizations of a service. This theory is based on the previous discussed theories of Prahalad and Hamel (1990) about core competences and core technologies. Taking this into account we deducted the following thought; the dependency of a service is closely related to the theories of core competences or core technologies. This dependency of a service is easier to research, because organizations are more capable of answering questions about their dependency of a service, instead of core competences and core technologies. Core competences and core technologies are factors that will sooner be recognized by people that are specialized in them. We derived taking this into account theory the following hypothesis;

“Organizations that outsource their e-mail do not significantly differ based on the dependency of importance of e-mail in organizations, from organizations that do not outsource their e-mail.”

To prove if we can reject the hypothesis we defined a null hypothesis and an alternative hypothesis. We based the null hypothesis on the theory of Prahalad and Hamel (1990) about core competences and core technologies. First we examine the null hypothesis by using a subset of our results. This selection is based on organizations that do or not use SaaS.


5-May-23

We constructed four questions that relate to the dependency of organizations on a service. These questions can supply us with information to verify hypothesis 1. The first question we use for this hypothesis is question number four. This question determines if an organization is using SaaS. The question splits up the results into two groups. One group using SaaS and the other group not using it. In our survey there is also the possibility of filling in “Don’t know/unsure”, this group is excluded when examining hypothesis 1.

Question 4: How long has your company been using Software as a Service services?

Subsequent to separating the responses into two groups, we use three questions to determine the dependency of organization of their e-mail service. The first two questions(6 and 7) are based on a Likert scale of 7. 1 is the least important and 7 is extremely important. Besides rating the question, organizations could also fill in N/A that stands for not applicable.

Question 6: Rank the importance of e-mail in your organization?

Question number seven is again based on a Likert scale of 7.

Question 7: To which degree would an e-mail service that is not available for one hour effect your daily business?

The fourth question used is question number 8. Question number 8 is based on a scale, where the respondents could define the amount of business processes in which e-mail is essential. The answering scale started with the choice for 1 business process. Each other option was increased by one and finally 7 or more than 7.

Question 8: In how many of your business processes (e.g. Purchasing, Manufacturing, Marketing and Sales, Accounting, Recruitment, Technical support, Managerial) is e-mail essential for continuing business?

To verify our null hypothesis we have to define a value that can be tested by using the survey results. We first determine a value for our null hypothesis and alternative hypothesis. These values are used to verify our hypothesis by doing an independent 2 sample T test iv. The values for the null hypothesis and the alternative hypothesis are based on the theory of Prahalad and Hamel (1990) on core competences and core technologies

When we examine the literature we would assume that if organizations are more dependent of a service, the level of risk will be higher. If this is the case organizations will probably not outsource their service. Another choice is that they can wait until the service is more embedded into the

business world. If we take this in consideration we can define our Null Hypothesis as and

the Alternative Hypothesis as .

3.2.1 Sample test Hypothesis 1At chapter 3.2.1 we will discuss the results of our survey that relate to hypothesis 1. We will also test if we can reject our Null Hypothesis.

To verify our hypothesis we use a 2 sample T test which can be illustrated as followed:


5-May-23

The starting statistics defined based on our response group and hypothesis 1 are:Null hypotheses = H0 =Alternative Hypotheses = HA =Alpha = = 0.05

The following table shows a 2 sample T test as we performed it in SPSS:

Group Statistics

Response

usage of Saas

N Mean Std. Deviation Std. Error Mean

Hypothesis_1 0 20 15,8000 4,27477 ,95587

1 39 17,3333 3,54915 ,56832

Levene's Test

for Equality

of Variances

t-test

for

Equality

of

Means

95%

Confidence

Interval of

the

Difference

F Sig. t df Sig.

(2-

taile

d)

Mean

Difference

Std.

Error

Differ

ence

Low

er

Up

per

Hypothesis_1 Equal

variances

assumed

,110 ,742 -1,465 57 ,149 -1,53333 1,046

88

-

3,62

967

,56

300

Equal

variances

not

assumed

-1,379 32,760 ,177 -1,53333 1,112

06

-

3,79

646

,72

979

Table 1 Independent 2 sample T Test Hypothesis 1 by SPSS

To verify the results of our survey we first separated the group of respondents into two group. Number 1 stands for organizations that are using SaaS and 0 for organizations that are not. As discussed we tested our hypothesis by using SPSS. We started by looking at the F value and the level of significance of the test. This determines if the variances are equal. In this case when we use an alpha of 0.05, we can conclude that the variances are equal. Because, our test output of F0.110 with a significance of 0.742 is higher than 0.05. Since our variances are equal we can use the first line in Table 1 which is labeled as “Equal variances assumed”.

As discussed our Null Hypothesis is stated as , with an alpha of 0.05. We can view from our 2 sample T test that the level of significance of the test is 0.149. If we compare 0.149 with our alpha


5-May-23

of 0.05, we can conclude that it is higher than our alpha. This proves that we cannot reject our Null hypothesis that .

3.2.2 Cronbach’s Alpha Hypothesis 1Since we want to verify our hypothesis, we constructed several questions that help to verify hypothesis. When using several questions, it is important to examine if they measure the same concept. We can examine this by using Cronbach’s Alpha. Cronbach’s Alpha tests if the different questions are consistent which each other. We can test Cronbach’s Alpha by using SPSS. After that, have to analyze if our alpha is higher than 0.6. If it is lower than 0.6, the correlation between the different questions is too high. The higher the response alpha of our Cronbach’s Alpha test, the better it is for the level of significance of our combined questions.

Case Processing Summary

N %

Cases Valid 72 93,5

Excludeda 5 6,5

Total 77 100,0

a. Listwise deletion based on all variables in the

procedure.

Reliability Statistics

Cronbach's

Alpha

N of Items

,760 3Table 2 Cronbach's Alpha for Hypothesis 1

When we analyze Table 2, we can conclude that the alpha for question 6, 7 and 8 is 0.760. This shows that the different questions used to answer hypothesis 1, measure the same concept and are internally consistent with each other.

3.3 Hypothesis 2Our second hypothesis is based on a well known theory in the outsourcing literature. This theory is called the Transaction Cost Theory found by Williamson (1979). The transaction cost theory is constructed out of three important factors. These components are the coordination cost, transactions risk and production cost. The transaction cost theory is an interesting theory that can be applied to the discussion to outsource e-mail to a SaaS provider. Since the Transaction Cost Theory is a rather broad theory to directly apply on our subject, we decided to split up our main hypothesis in several sub hypotheses. Our main hypothesis is illustrated as below.

“Based on the transaction cost theory, organizations will outsource their e-mail to a software as a Service provider.”

When we look at the Transaction Cost Theory we know from our literature review that it is only a part of the total cost. The total cost are important when outsourcing a service to an external service


5-May-23

provider. Answering the main hypothesis will be rather difficult. However, answering sub hypotheses is possible by using the results of the survey. It is interesting to examine if organizations rate the advantages higher than the disadvantages. If the disadvantages are higher rated than the advantages, organizations would probably not decide to outsource their e-mail to an external service provider.

“The advantages of SaaS are equally rated as the disadvantages.”

In our survey we used question number nine to rate the advantages of using SaaS instead of using an internal service. This question is based on the Likert scale of seven with one no advantage and seven great advantage. Users are also able to choose Not Applicable.

Question 9: Rate the following advantages of using Software as a Service for especially e-mail rather than an internal software solution.

Faster deployment Lower cost Easy user interface Scalability (additional storage capability as business grows) Expertise of Software as a Service Vendors Accountability of Software as a Service vendors to remain competitive

The disadvantages of outsourcing e-mail to a SaaS provider are discussed at question number 10. This question is also based on a Likert scale of seven with an additional option Not Applicable.

Question 10: How would you rate the following factors as the major areas of concern of using Software as a Service and especially related to e-mail?

Data privacy Integration issues with other applications Customization of product Complex pricing models Vendor lock-in

Based on the literature of the transaction cost theory, organizations are probably more interested in the advantages than in the areas of concern of using SaaS. On the other hand outsourcing e-mail to a SaaS provider is relatively new on the market and not that well known and researched. Because of the lack of information and experience with this kind of transactions, organizations can be reserved to make the decision to outsource. If we base our value on the facts mentioned above we assume that the advantages will be assessed higher than the disadvantages. Taking this into account we

constructed the Null Hypothesis as and the Alternative hypothesis as .

Our second sub hypothesis is based on another factor of the transaction cost theory, called operations risk. Operations risk can be defined as, a provider of a service that during a transaction underperforms (Clemons and Reddi, 1994). A risk that originates out of this is the term information poaching. Another important issue when outsourcing e-mail is the availability percentage of the vendor. An e-mail service that is down, could do a lot of economic damage to organizations. Clemons and Reddi (1994) also mention factors such as earthquakes and the weather that could almost not be controlled. Thus, for this hypothesis we only focus on factors related to operations risk that can be controlled. We constructed the following sub hypothesis.


5-May-23

“Operations risk does play a role when outsourcing e-mail to a software as a service provider.”

We placed two questions in our survey. This questions research if operations risk does play a role when outsourcing e-mail. The first question focuses on the availability percentage of e-mail. E-mail will probably be a very important service within most organizations. Because of this we assume that a lot of organizations would choose a high availability percentage. If we for example calculate the downtime of a 99% percentage, this would come down to a downtime of 100 minutes per week that is 430 minutes per month which is over 7 hours. Most companies would find that unacceptable.

Question 5: What is the minimum availability percentage of your e-mail that you would like your vendor to guarantee?

o 99%+o 98%+o 97%+o 96%+o 90% to 95%+o 80% to 89%+o Less than 80%o Does not matter

Our second question focuses on the risk of intentionally underperforming of the provider. This risk can be explained as the risk that a provider misuses the data. Question number 15 is based on a Likert scale from one to seven, where one stands for not likely and seven for extremely likely.

Question 15: How would you rate the likeliness of the misuse of your e-mail data by the vendor when working with a service provider?

If we look at the questions we would expect that organizations would see both threats as important factors. Factors, which can influence the decision to outsource a service. Taking this into account we

constructed the following value, 6 (2*6 = 12 = 12).

3.3.1 Sample test Hypothesis 2AHypothesis 2A is tested by conducting a Paired 2 sample T test:

The starting statistics defined based on our response group and hypothesis 2A are:

Null hypotheses = H0 = Alternative Hypotheses = HA =Alpha = = 0.05

The following table shows a Paired 2 sample T test as we performed it in SPSS:

Paired Samples Statistics


5-May-23

Mean N Std. Deviation Std. Error

Mean

Pair 1 Hypothesis_2A_adv_6 4,9011 59 1,48237 ,19299

Hypothesis_2A_adv_5 4,5763 59 1,14656 ,14927

Paired Samples Correlations

N Correlation Sig.

Pair 1 Hypothesis_2A_adv_6 &

Hypothesis_2A_adv_5

59 -,100 ,452

Paired Samples Test

Paired Differences t df Sig. (2-

tailed)Mean Std.

Deviatio

n

Std. Error

Mean

95% Confidence

Interval of the

Difference

Lower Upper

Pair

1

Hypothesis_2A_a

dv_6 -

Hypothesis_2A_a

dv_5

,32486 1,96247 ,25549 -,18656 ,83628 1,272 58 ,209

Table 3 Paired 2 sample T Test Hypothesis 2A by SPSS

When we examine Table 3 we can see the results of our paired 2 sample T test. The column with the

most interesting numbers is the one called Sig. (2-tailed). In this column we can see that is significant with a degree of 0.209. This level of significance is 2 tailed. For our hypothesis we want to know a 1 tailed test. To create a 1 tailed level of significance, we take the Sig. (2-tailed) and divide it by two. The level of significance that exists out of that calculation is 0.1045. This level of significance is higher than our alpha of 0.05. Taking this into account we can conclude that we cannot reject our

Null Hypothesis that . We can also state that we do not have enough significant evidence to

prove that has a higher overall average than .

3.3.2 Sample test Hypothesis 2BHypothesis 2B is tested by conducting a 1 sample T test:


5-May-23

The starting statistics defined based on our response group and hypothesis 2B are:Null hypotheses = H0 = 12Alternative Hypotheses = HA =Alpha = = 0.05

Table 4 displays the statistical output of SPSS for hypothesis 2B:

One-Sample Statistics


Hypothesis_2B 70 9,8286 2,14659 ,25657

Test Value = 12

t df Sig. (2-tailed) Mean Difference 95% Confidence Interval of the

Difference

Lower Upper

Hypothesis_2B -8,463 69 ,000 -2,17143 -2,6833 -1,6596Table 4 1 sample T Test Hypothesis 2B by SPSS

When we look at Table 4 we can see the results calculated by SPSS for a 1 Sample T Test for hypothesis 2B. We can look at the column called Sig. (2-tailed). This column displays the level of significance of our 1 Sample T Test. We can see that the level of significance is 0.000, which is lower

than our alpha of 0.05. This means that we reject our Null Hypothesis that 12.

3.3.3 Cronbach’s Alpha Hypotheses 2A and 2BBecause we are using several sub-questions to prove if we can reject hypothesis 2A and/or 2B we have to calculate Cronbach’s Alpha. In the following part we computed Cronbach’s Alpha by using SPSS. We aim to find values above 0.6, which would support that the questions are related and internal consistent with each other.

Hypothesis 2A


N %

Cases Valid 64 83,1

Excludeda 13 16,9

Total 77 100,0


procedure.


Cronbach's

Alpha

N of Items

,872 6Table 5 Cronbach's Alpha for Hypothesis 2A question number 9


5-May-23

In Table 5 we can view Cronbach’s Alpha for question number 9. Question number 9 exists out of 6 questions based on the advantages of using SaaS. We can see that the Cronbach’s Alpha of question number 9 is 0.872. This means that the 6 different questions measure the same concept and are internally consistent.


N %

Cases Valid 66 85,7

Excludeda 11 14,3

Total 77 100,0


procedure.


Cronbach's

Alpha

N of Items

,737 5Table 6 Cronbach's Alpha for Hypothesis 2A question number 10

The second question related to Hypothesis 2A is question number 10. This question is constructed out of 5 separate questions. The five questions are all related to the disadvantages of using SaaS. Table 6 illustrates the Cronbach’s Alpha for the different questions. When we examine the values we can conclude that the questions are related to each other and internally consistent. This because the Cronbach’s Alpha is 0.737, which is higher than the lowest level of 0.6.

Hypothesis 2B


N %

Cases Valid 70 90,9

Excludeda 7 9,1

Total 77 100,0


procedure.


Cronbach's

Alpha

N of Items

,060 2Table 7 Cronbach's Alpha for Hypothesis 2B

Our second hypothesis is based on two questions. These questions both contribute to the hypothesis on operations risk. When we look at the Cronbach’s Alpha of the two questions calculated in Table 7,


5-May-23

we can see that it is too low. This low number indicates that the 2 questions do not measure the same concept and are not internally consistent.

When we look at the results of the two questions we can observe that question number 15, which is about the likeliness of the misuse of e-mail is rated very low with a mean of 3,24. On the other hand, the availability percentage that is expected is rated higher with a mean of 6.6. The Cronbach’s Alpha in Table 7 indicates that we cannot use the combination of the two questions to calculate our hypothesis. Because the questions are not internally consistent with each other.

3.4 Hypothesis 3When organizations outsource a service that is important for their business process, it is likely that there is a factor risk involved. As an organization first has full control on their service, it now has to trusts the future of the service to an external party.

When making the decision to outsource, an organization will probably gain several benefits in comparison to hosting the service internally. When outsourcing to the market risk will play a role. This risk is almost impossible to exclude. Brynjolfsson (1994) states that, in the real world there are no contracts that are not incomplete and that could fully secure every risk in a transaction (Brynjolfsson, 1994). If we assume that Brynjolfsson (1994) is right, there will always be a factor risk. The logically response on risk is the factor trust. When there is risk and no trust, organizations will not outsource their service to an external provider. The theories from Van der Meer-Kooistra (1999), Vosselman et al. (2009) and Mouritsen and Thrane (2006) discuss the factor risk in close relation with risk, trust and control. They state that trust plays an important role, when outsourcing a service to an external provider.

In this thesis we examine the decision to outsource a service, such as e-mail. It is relatively new service and not that much is known and researched about it. Taking this into account it is interesting to examine if organizations that are already outsourcing their e-mail trust their provider. A possible result could be that organizations only focus at the benefits of the transaction and neglect the possible risks. If this is the case, it is interesting to research the effect of the possible risks. However, first we have to find evidence to support our hypothesis.

“Organizations outsourcing their e-mail trust their Software as a Service provider.”

Hypothesis 3 can be examined by combining some specific questions from our survey. We have split the participants into two groups. The first groups are organizations that already are outsourcing their e-mail. The second group is not yet outsourcing their e-mail. The filtering of the two groups is done by the following question.

Question 4: How long has your company been using Software as a Service services?

The second question of our survey focuses on the fact if people trust an external service provider. Question 18 is based on a Likert scale of seven. Here organizations are able to rate the degree in which they trust a service provider. There is also an option to rate Not Applicable. We constructed questions number 18 as follows.

Question 18: To which degree do/would you trust your service provider when outsourcing your e-mail?


5-May-23

After separating the results into two groups and examining question 18 we can test hypotheses 3. We test if we can reject our hypotheses. We composed a value based on the literature by which we can test our hypotheses. Based on the Likert scale the value has to be between one and seven. If we look at the literature on trust, control and risk we can assume that organizations trust their service

provider. If we base or hypothesis on this knowledge we can state our Null Hypotheses as 6.

3.4.1 Sample test Hypothesis 3To verify hypothesis 3 we use a 1 sample T test which can be illustrated as below:

The starting statistics defined based on our response group and hypothesis 2 are:Null hypotheses = H0 = 6Alternative Hypotheses = HA = 6Alpha = = 0.05

Table 8 presents the results from our 1 sample T test which we performed in SPSS.



Degree of trust 39 5,18 1,412 ,226

Test Value = 6

t df Sig. (2-tailed) Mean Difference 95% Confidence Interval of the

Difference

Lower Upper

Degree of trust -3,629 38 ,001 -,821 -1,28 -,36Table 8 1 sample T Test Hypothesis 3 by SPSS

If we want to verify our hypothesis we have to use a 1 sample T Test in SPSS. The results of the test are displayed in Table 8 and interpreted as followed. When we examine our test results we can directly look at the columns at Table 8. and more specifically the one called Sig. (2-tailed). In this column we can find our level of significance, 0.001. This value of significance is based on a 2 tailed test. However, for our study we want a 1 tailed level of significance. For our 1 tailed test we can use the T value of Table 8, -3,629.

For testing our hypothesis we defined an alpha of 0.05. If we compare our alpha with the results of our 1 sample T Test, we can conclude that -3,629 is smaller than our alpha of 0.05. Taking this into account we can conclude that we can reject our Null hypothesis.

3.5 Hypothesis 4An interesting new term that appears when researching the outsourcing theory, is information poaching. Information poaching is already commonly used in different kinds of transactions. However, it is also interesting to research in relation with outsourcing e-mail. If we look at the


5-May-23

existing literature some interesting facts are discussed by Clemons and Hitt (2004). Clemons and Hitt (2004) state that information poaching exists out of three components.

1. Exchange of information2. Use of the information by the receiving party3. Whit the goal to gain economic advantage

The three components are all applicable when outsourcing a service such as e-mail. Because of the close relation of information poaching to our subject, it is interesting to research if the possible threat is also recognized. To verify this we composed hypothesis 4.

“Information poaching is recognized as a threat by organizations, when outsourcing their e-mail to Software as a Service provider.”

To verify our hypothesis we composed several questions which are related to information poaching. We also constructed questions that relate to the level of awareness of information poaching. The first question we use is based on the awareness of people of the risks when outsourcing your e-mail. As discussed in our literature review there are several risks when outsourcing a service. A few examples of risks are the loss internal knowledge of the service, availability of the service and vendor lock in. We constructed the questions related to hypothesis 4 based on a Likert scale from one to seven with an additional option to rate it as Not Applicable.

Question 11: Are you aware of the possible risks when outsourcing your e-mail service to an external software as a service provider?

Besides if organizations are aware of the risks when outsourcing a service such as e-mail. It is also interesting to examine if they recognize the threats of sending and receiving data. Question twelve is constructed as follows.

Question 12: Are you in general aware of the possible risks when sending and receiving private data by e-mail?

Question number 13 is based on the awareness of the degree privacy of de data. We want to know if organizations aware of the fact that a lot of data they are sending and receiving can be private for other people? Not always is the information send by e-mail interesting for the sending or receiving party. However, in some cases the data could be interesting for a third party.

Question 13: How would you rate the degree of privacy of the information you are sending by e-mail?

The following question discusses the fact if organizations view the process of sending private data by mail as an inhibiting factor. Organizations can recognize risk of sending private information when outsourcing e-mail. However, they can also neglect it.

Question 14: Do you see e-mail that contains private data as a possible inhibiting factor when deciding to outsource your e-mail?

Question number 15 is related to the fact how organizations would rate the likeliness of the misuse of the e-mail data. An organization can acknowledge the fact that information poaching is a threat, on the other hand they can see it as something that would not happen very fast to their data.


5-May-23

Question 15: How would you rate the likeliness of the misuse of your e-mail data by the vendor when working with a service provider?

The following two questions (16 & 17) are related to the awareness of organizations on how valuable the information is that organizations are sending. If we look at information poaching, the data is not always directly interesting for a service provider. However, for a third party the information can be very interesting and valuable. It is interesting to examine if organizations are aware of the fact that the information they are sending can be valuable for a service provider or a third party.

Question 16: How valuable is the information you are sending and receiving for a service provider?

Question 17: How valuable is the information you are sending and receiving for a third party?

When we look at the questions asked at the participants of our survey, we aim to verify if organizations recognize information poaching as a threat when outsourcing e-mail. To verify our hypothesis we used several questions. Some questions are related to the awareness of the information organizations are sending. Other questions are related to the degree in which organizations see information poaching as a threat that could happen. Clemons and Hitt (2004) mention one specific factor that could make information poaching more likely. They mention that limited observability enhances the amount of risk (Clemons and Hitt, 2004). When we examine our situation on outsourcing e-mail to an external service provider, this does not enhance the amount of observability of the process. It is also hard to observe what happens with the information send by e-mail and stored at the data centre service provider. The term information poaching is relatively unknown to organizations. We assume that not that many organizations would recognize information poaching as a threat. Furthermore, a lot of organizations would probably be not that familiar with the term information poaching. Besides that they will not recognize it as a threat. However, the limited amount of observability could stimulate organizations to create awareness on the risk of information poaching. If we construct our Null Hypothesis based on the

facts mentioned in the literature study we can state it as 5 (7*5= 30 or 30).

3.5.1 Sample test Hypothesis 4If we want to verify hypothesis 4 we can use a 1 sample T test

The starting statistics defined based on our response group and hypothesis 4 are:Null hypotheses = H0 = 5Alternative Hypotheses = HA =Alpha = = 0.05

Table 9 presents the results from our 1 sample T test in SPSS:



5-May-23

N Mean Std. Deviation Std. Error

Mean

Hypothesis_4 71 32,7465 6,94616 ,82436

Test Value = 30

t df Sig. (2-tailed) Mean

Difference

95% Confidence Interval of the

Difference

Lower Upper

Hypothesis_4 3,332 70 ,001 2,74648 1,1024 4,3906Table 9 1 sample T Test Hypothesis 4by SPSS

Hypothesis 4 can be tested by using the values of Table 9. When we look at the results we can see the level of significance for a 2 tailed test. Because we are testing a value of 30 or higher for our hypothesis, we have to look at a 1 tailed test. The output of SPSS shows the T value.

For our hypothesis we stated an alpha of 0.05. If we compare that with the results of our 1 sample Z Test we can view that 3,332 is larger than our alpha of 0.05. Taking this into account we can conclude that we cannot reject our Null hypothesis.

3.5.2 Cronbach’s Alpha Hypothesis 4For the 1 sample T test of hypothesis 4 we used several questions. We want to examine if these questions are related to the same topic. To accomplish this we computed in SPSS Cronbach’s Alpha for question 11, 12, 13, 14, 15, 16 and 17. We aim to find a Cronbach’s Alpha of 0.6 or higher.


N %

Cases Valid 71 92,2

Excludeda 6 7,8

Total 77 100,0


procedure.


Cronbach's

Alpha

N of Items

,660 7Table 10 Cronbach's Alpha for Hypothesis 4

When we look at Table 10 we can see that the Cronbach’s Alpha for the questions that are related to hypothesis 4 is 0,666. This value describes that there is an internal consistence between the different questions used to answer hypothesis 4.

3.5.3 Hypothesis 4AWhen we look at the results of hypothesis 4, there is an interesting difference between two outcomes. The statistical outcomes of the following two questions differ a lot from each other;

Question 16: How valuable is the information you are sending and receiving for a service provider?


5-May-23

Question 17: How valuable is the information you are sending and receiving for a third party?

Question 16 and 17 are almost the same, the only difference is that question number 16 focuses on the service provider and question number 17 at a third party. Because of the deviation in outcomes it is interesting to examine. We examine in the following part if the replies on questions 16 and 17 differ from each other.

“The degree in which the information send by email is valuable to a service provider compared to a third party do not significantly differ.”

When we compare the means of both questions we recognize a difference. Question number 16 has a mean of 3.86 and question number 17 has a mean of 5.21. This difference in means seems interesting for our results. Therefore we test if there is a statistical difference between both means.

We constructed the Null Hypothesis as and the Alternative hypothesis as .

3.5.4 Sample test Hypothesis 4aTo verify the two means of hypothesis 4a we conducted a Paired 2 sample T Test, which can be explained as followed.

The starting statistics defined based on our response group and hypothesis 4A are:Null hypotheses = H0 = Alternative Hypotheses = HA = Alpha = = 0.05

The Paired 2 sample T Test is conducted by using SPPS, the results are presented at Table 11.

Paired Samples Statistics

Mean N Std. Deviation Std. Error Mean

Pair 1 Valuable

3rd

3,86 72 1,886 ,222

Valuable

SP

5,19 72 1,479 ,174

Paired Samples Correlations

N Correlation Sig.

Pair 1 Valuable 3rd &

Valuable SP

72 ,449 ,000


5-May-23

Paired Samples Test

Paired Differences t df Sig. (2-

tailed)Mean Std.

Deviation

Std. Error

Mean

95% Confidence Interval

of the Difference

Lower Upper

Pair

1

Valuable 3rd –

Valuable SP

-1,333 1,800 ,212 -1,756 -,910 -6,286 71 ,000

Table 11 Paired 2 sample T Test Hypothesis 4A by SPSS

When we examine our paired 2 sample T test of hypothesis 4A, we need to look at one specific column. If we look at the column called Sig. (2-tailed), we can see that the 2 tailed level of significance for our Null Hypothesis is 0.000. This level of significance is lower than our alpha of 0.05. This means that we can reject our Null Hypothesis. For our 1 tailed test we can divide our level of significance by 2. After that we can again compare it with our alpha. This level is yet again lower than our alpha of 0.05. This means that there is enough statistical significant evidence that we cannot reject our Alternative Hypothesis.


3.6 Correlations and multiple regressions

3.6.1 Correlations on degree of trust and advantages of using SaaSWe used SPSS to derive Table 12. Table 12 displays the correlations between the degree of trust and the advantages of using SaaS. The correlation of the two variables shows the effect of one variable on the other variable. The most interesting column to examine is the column that displays the degree of trust correlated with the advantages of using SaaS.

Degree of trust

Faster deploym

ent

Lower cost

Easy user interface

Scalability

Expertise of SaaS vendors

Accountability of Softw

are

Degree of trust Pearson Correlation

1 ,299* ,317** ,341** ,339** ,381** ,245*

Sig. (2-tailed)

,014 ,008 ,004 ,004 ,001 ,043

N 75 67 69 68 70 70 69

**. Correlation is significant at the 0.01 level (2-tailed).

Table 12 Correlation of trust related to advantages of using SaaS.

When we look at Table 12, we can see for every variable related to another specific variable 3 values. First we can see the N, which stands for the amount of variables that have information about both factors. The second number is the Pearson Correlation which is known as R. This value can be positive or negative which influences the variable. We can see in Table 12 that all factors have a positive correlation on the degree of trust. The third variable is the level of significance of the correlation, as we can see most variables are significant with an alpha of 0.05(displayed with 1 star). Some of the variables are even significant with an alpha of 0.01(displayed with 2 stars).

3.6.2 Multiple regression on degree of trust and advantages of using SaaSFor the multiple regression analyses we will use the degree of trust as our outcome. On the other hand we will use the advantages of using SaaS as predictor variables. This means that we explain the degree of trust based on the advantages of using SaaS.

Model Summary

Model R R

Square

Adjusted R Square Std. Error of the

Estimate

Multiple

regression

degree of trust

,496a ,246 ,166 1,287

a. Predictors: (Constant), Accountability of Software as a Service vendors to remain

competitive, Lower cost, Faster deployment, Easy user interface, Scalability (additional

storage capability as business grows), Expertise of Software as a Service VendorsTable 13 Multiple regression degree of trust part 1


5-May-23

Table 13 shows interesting variables that are calculated by a multiple regression analyses. In the second column of the table we can see that the model is correlated at R = 0.496. This is a average value. Because the correlation can be between 0 which means no correlation and 1 perfectly correlated. This correlation is the multiple correlation coefficient, it takes into account all the combinations of the variables together. In the second column we can see the R Square. This value shows that almost 25 percent of the variance of the degree of trust can be predicted by the 6 variables. In the third column the adjusted R square is displayed. The adjusted R square takes in consideration the amount of observations which makes the value lower.

ANOVAb

Model Sum of Squares df Mean Square F Sig.

1 Regression 30,298 6 5,050 3,051 ,012a

Residual 92,687 56 1,655

Total 122,984 62

a. Predictors: (Constant), Accountability of Software as a Service vendors to remain competitive, Lower

cost, Faster deployment, Easy user interface, Scalability (additional storage capability as business grows),

Expertise of Software as a Service Vendors

b. Dependent Variable: Degree of trustTable 14 Multiple regression degree of trust part 2

Table 14 displays the multiple regression which shows the level of significance of the model. When we look at Table 14, we can see that the level of significance is very wel. The level of significance is 0.012 which is much lower than the normal statistical level of significance of 0.05.


5-May-23

Coefficientsa

Model Unstandardized Coefficients Standardized

Coefficients

t Sig.

B Std. Error Beta

1 (Constant) 3,050 ,610 5,000 ,000

Faster deployment ,057 ,125 ,073 ,453 ,652

Lower cost ,006 ,115 ,008 ,053 ,958

Easy user interface ,098 ,106 ,143 ,919 ,362

Scalability (additional storage

capability as business grows)

,150 ,133 ,197 1,122 ,267

Expertise of Software as a

Service Vendors

,256 ,136 ,345 1,879 ,065

Accountability of Software as

a Service vendors to remain

competitive

-,174 ,132 -,233 -1,312 ,195

a. Dependent Variable: Degree of trustTable 15 Multiple regression degree of trust part 3

The final Table 32 shows the coefficients of the multiple regression analyses. We first have to determine the constant. The constant is the variable which is dependent of all the other variables. In this table it states that if all other factors are zero the average degree of trust will be 3.050. If we look further in the column of the unstandardized coefficients, we can see that almost all advantages have a positive effect on the degree of trust. The only factor that negatively influences the degree of trust, is the accountability of SaaS to remain competitive.

The final column shows the significance of the variables. In this column we can see that the values are significant if we compare them with our standard level of significance of 0.05.When we look at the final column we can see that every single factor is positively correlated. Besides that all values are significant with the outcome variable degree of trust. The reason for the differences in the level of significance, is that a multiple regression analyses looks at combination of the 6 variables together.


5-May-23

3.7 Important factors during consideration of outsourcingOne of the questions in our survey (number 19) was based on different variables that can be important for organizations when considering outsourcing e-mail to a SaaS provider. The following table presents the results of question number 19.

Software as a Service Survey

What are the factors that are important when considering outsourcing a service such as e-mail?(Multiple answers are possible)Answer Options Response Percent Response Count

Vendor name 35,1% 27Vendor popularity 24,7% 19Vendor reputation 85,7% 66Vendors client portfolio 49,4% 38Vendors company size 48,1% 37Vendors terms 64,9% 50Total 237

Amount of surveys 77Table 16 Results question number 19

When we examine Table 16 we first need to take into account that it is possible for organizations to fill in multiple answers. This is the reason that the percentages don’t count up to 100%. For example, when we look at vendor name, we can see that 27 times it was voted as important. This means 35.1% of the 77 organizations that filled in the survey answered it as important.

When we examine Table 16 and specifically the column with the voting percentages, we can see some interesting outcomes. The percentages that deviate from the averages are the vendors terms and vendor reputations. The terms of the vendor are probably important because the service is relatively new. Besides that, most of the time it is a big step for organizations to outsource an important service such as e-mail.

The second percentage that stands out of the table is vendor reputation. Vendor reputation is the highest rated factor. We can conclude that 85.7% percent of the organizations that filled in the survey, pointed out vendor reputation as important. Taking this into account we can assume that previous experiences with the provider or the reputation of the provider on the market could take this reservation away.


5-May-23

Chapter 4. Consolidation of survey results with the existing literature

As discussed in this thesis, outsourcing e-mail to a SaaS provider and information poaching are relatively new and unexplored. This causes a lack of literature on the topics. It can also lead to a shortcoming of information for organizations. In this thesis we have first discussed the existing literature on outsourcing. In this chapter we will relate this literature to our survey results. Taking this into consideration we will try to find parallels and differences between the existing literature and outsourcing e-mail. We also try to clarify information poaching in relation to outsourcing e-mail.

The following Table 17 shows a summary of the results of our hypotheses.

Hypothesis Statistical notation

Significance Null hypothesis

Cronbach’s Alpha

1 “Organizations that outsource their e-mail do not significantly differ based on the dependency of importance of e-mail in organizations, from organizations that do not outsource their e-mail.”

0.149 Not reject 0.760

2 “Based on the transaction cost theory, organizations will outsource their e-mail to a software as a Service provider.”

NA NA NA NA

2A “The advantages of SaaS are equally rated as the disadvantages.”

0.1045 Not reject 0.872 and 0.737

2B “Operations risk does play a role when outsourcing e-mail to a software as a service provider.”

12 0.000 Reject ,060

3 “Organizations outsourcing their e-mail trust their Software as a Service provider.”

6 -3,629 Reject NA

4 “Information poaching is recognized as a threat by organizations, when outsourcing their e-mail to Software as a Service provider.”

5 3,332 Not reject 0,666

4A “The degree in which the information send by email is valuable to a service provider compared to a third party do not significantly differ.”

0.000 Reject

Table 17 summary of the results of our hypotheses

4.1 TrustWhen outsourcing a service as e-mail, which is an important service for a lot of organizations. We can assume that there is a high probability that there is risk involved during the transaction, especially


5-May-23

because e-mail can obtain a lot of private data. Besides that, the level of observability of the service provider and the data is low. This form of risk is discussed in previous published literature on outsourcing.

In the existing literature on outsourcing an important part of the research is on control, risk and trust (e.g. Van der Meer-Kooistra, 1999, Vosselman et al., 2009 and Mouritsen and Thrane, 2006). For instance the literature written by Vosselman et al. (2009) and Mouritsen and Thrane (2006) both discuss the creation of trust. Vosselman et al. (2009) states, when the amount of controls increases the amount of trust decreases, on the other hand Mouritsen and Thrane (2006) state that trust increases when the proper controls are used.

These two theories can be related to the results of our survey. Hypothesis 3 test if organizations that currently outsource their service trust their service provider. If we relate this hypothesis in relation to the results of our survey, we can conclude that we cannot accept our hypothesis. This means that organizations trust their service provider. When we look at the theory of Vosselman et al. (2009) that states that the right amount of controls and in particular not too much controls increase the amount trust, we can assume that this theory is probably not related to our subject about outsourcing e-mail. When we examine this subject, we can conclude that there are probably almost no controls against threats as information poaching.

The case that there are almost no controls compared to a situation where you can or have to select the right amount of controls is completely different. In our case there is probably not a lot to choose, because there are few options. A second theory discussed in our literature from Mouritsen and Thrane (2006), focuses on proper controls. In this theory they state that proper controls can enhance the amount of trust. This theory is probably more related to our subject. Because as mentioned before the range of available controls is low. As mentioned before outsourcing e-mail and threats as information poaching are relatively new situations for organizations. The fact that they are relatively new an unknown, is the main reason why there is a lack of knowledge on the proper controls to implement in such a situation.

When we examine our literature study and use the results of our survey to calculate our hypothesis. We can conclude that there is a degree of trust that can be created by the terms of the vendor, the reputation of the vendor or a proper contract. We also calculated some correlations for the advantages of using SaaS in relation to trust. When we look at the results, we can conclude that all advantages are positive correlated and statistical significant. The highest correlation is computed out of the variable, expertise of SaaS provider. Some other interesting positive correlations are: easy user interface and the scalability of the service. When we calculated the multiple regressions we can conclude that these regressions are significant on their own. However, they do not statistical correlate mutually. The previous mentioned factors create a degree of trust. Again they do not create a larger amount of trust when combined. To create a higher degree of trust their probably have to be clear controls. A possible control could be auditing. Auditing is discussed in the chapter on information poaching.

An alternative theory created by Van der Meer-Kooistra (1999) states that, trust can be created out of previous relations or during a transaction (Van der Meer-Kooistra et al., 1999). From the results of


5-May-23

our survey we can conclude that the reputation of a vendor is rated high. In our survey 85.7% of the organizations rated vendor reputation as an important factor when considering outsourcing e-mail. This outcome can be related to the theory of Van der Meer-Kooistra (1999), that trust can be created out previous relations. The second theory of Van der Meer-Kooistra (1999), that trust can be created during a relation is not supported by the results of our survey.

When we summarize our findings we can state that trust is an important factor when outsourcing email. Trust is most likely to be created by factors such as;

The terms of the vendor The reputation of the vendor Expertise of the vendor The presence of a proper contract.

A higher degree of trust is currently not there. This low degree of trust can be explained by the lack of proper controls.

4.2 Core competencesA theory discussed in our literature review, is the theory on core competences and core technology’s from Prahalad (1993) and Prahalad and Hamel (1990). This theory is based on the importance and essence of certain processes or technologies in organizations. Prahalad (1993) and Prahalad and Hamel (1990) state that outsourcing a core competence or a core technology creates a higher degree of risk. Taking this into account we can assume that the higher the importance of service, the more organizations would be reserved to outsource that service.

Core competences and core technologies are both hard to define especially by the organizations itself. Taking this into account point of view we decided to deduct a theory. This theory states that when the dependency of an organization of a specific service is high, the higher the possible risk will be. In our survey we placed several questions that focus on the dependency of organizations of their e-mail service. From the results of our survey we can conclude that e-mail is an important service for many organizations. We can also state that the dependency of e-mail is high for organizations.

We divided the respondents of our survey into two groups. The first group is the group that is already using SaaS. The second group is the group that is not yet using it. When we look at the averages of both groups, we can see that group one has an average of 5.267 and the second group has an average of 5.778. It is interesting to observe that the dependency of e-mail in organizations that do not outsource their service seems to be higher than organizations that are already outsourcing their e-mail. This difference could be related to the theory of Prahalad (1993) and Prahalad and Hamel (1990). This theory states the higher the dependency of a service the higher the risk when outsourcing. This could also lead to the fact that less organizations choose to outsource that specific service. In our research we used a hypothesis that aims to research if the two means (averages) are equal. When we examine our final results we observe that we cannot reject our hypothesis. We can conclude that there is enough statistical evidence that both means do not significantly differ from each other.


5-May-23

When we examine the theory of Prahalad (1993) and Prahalad and Hamel (1990) and we compare it with our survey results, we can observe that there is a difference based on the means of the two groups. This difference can be related to the dependency of e-mail in both groups. However, after comparing both means we cannot reject our hypothesis that the means of both groups do not significantly differ from each other. We can conclude from our results that there is no significant evidence to support our deducted theory.

4.3 Information poachingA new term that is relatively unexplored is called information poaching. Information poaching can be seen as a new threat on the market. This threat is growing relation to the growing dependency of information by organizations. This dependency can work two ways, first organizations need information to function properly and to keep the business functioning. This need for information cannot always be satisfied in a legal way. This can lead to information poaching.

Clemons and Hitt (2004) state that information poaching is constructed out of three components. They state that it exist out of the exchange of information, the use of the information by the receiving party and finally with the goal to gain economic advantage out of it (Clemons and Hitt, 2004). Another explanation is defined by Widener and Selto (1999), they explain information poaching as the loss of information which could allow a third party to gain economic advantage out of it (Widener and Selto, 1999).

When we look at the topic of this thesis outsourcing e-mail to a SaaS provider, information poaching could be an important risk for organizations that are considering outsourcing their e-mail. In our case when we examine the process of outsourcing e-mail to a SaaS provider it is not yet researched if information poaching is related to this topic. It is also not clear if information poaching indeed is recognized by organizations as a possible risk.

Our survey contains several questions that relate to the risk of information poaching and the awareness of organizations. One of our hypotheses is based on the literature on information poaching. We used our survey results to test it. The hypothesis is defined as followed, information poaching is recognized as a threat by organizations when outsourcing their e-mail to a SaaS provider. When test our hypothesis, we are not able to reject it. We can state that there is enough statistical evidence to conclude that information poaching is recognized as a threat.

When we examine the outcomes related to information poaching, there are some interesting results. First we can see that organizations are aware of the risk of information poaching. However, there are two questions which have an average lower rated mean. These are the questions on the likeliness of the misuse of information by the vendor and the degree of how valuable the information could be for the service provider. This could explain that organizations recognize a bigger threat in third parties than in their service provider. To verify if this difference in means is significant, we examined if question 16 and 17 significant differ from each other. From the results of this test we can conclude that there is a statistical significant difference. This difference is between the risk that originates from the presence of a service provider compared to a third party. We can conclude that the overall risk noticed by organizations is statistical significant lower than from a third party. This result is interesting for service providers that want to present their service as a trustworthy service, at which the risk of information poaching is minimized


5-May-23

In our survey we asked organizations a question related to the possible risks of outsourcing, what would be the major area of concern when outsourcing e-mail to a SaaS provider. The area of concern rated highest is data privacy. This can be related to our topic information poaching. From the results of our survey we can conclude that data privacy and security are the most important issues for organizations.

Currently there is a lot of discussion on securing private information on the internet. As discussed in our introduction, several authorities that focus on protecting data, are questioning service providers on how they currently secure the privacy laws and norms. They are trying to force service providers to use a clear privacy by design policy. This means that service providers on beforehand have to create a clear plan. In this plan they define how they are going to secure the privacy laws and norms of their customers. Privacy by design can be a good tool to make service providers aware of importance of securing the privacy of data.

However, a service provider can create a great plan on how they are going to use privacy by design. Nevertheless, this does not state they act like it. This risk can be controlled by audits. By auditing, information poaching can be detected and controlled. These audits have to be completed by an independent auditing firm, with an extensive knowledge on information technology and preferably with knowledge on the process of outsourcing e-mail.

4.4 Transaction Cost TheoryA theory often discussed in literatures on outsourcing is the transaction cost theory by Williamson (1979). The transaction cost theory is based on three components, coordination cost, operations risk and opportunism risk. By applying these three components organizations can be able to calculate the transaction cost.Because the transaction cost theory is often applied in IT related outsourcing cases, it could also be interesting to examine when considering outsourcing e-mail to a SaaS provider.The transactions cost theory is rather broad and it takes a lot of research to exactly define it in a way that it is applicable for a specific service. Taking this into account we decided to examine a part of the theory in relation to our subject of outsourcing e-mail to external provider.

As we discussed in chapter 2.3, the transaction cost theory is just a part of the total cost. The total costs are composed out of the production cost, together with the transaction cost. Some important decision making factors for the total cost are, the advantages and disadvantages of the decision to outsource a service. In this thesis we used two hypothesis that relate to the advantages and disadvantages of using SaaS.

From our test we are not able to find statistical evidence that the advantages of using SaaS, are significantly higher rated that the disadvantages. This result could explain the reserved position of organizations to use SaaS. If organizations do not rate the advantages higher than the disadvantages, it is more likely that they are not interested in outsourcing their e-mail. A possible explanation could be explained by the lack of knowledge that exists among organizations. Organizations probably do not have enough knowledge on the advantages and disadvantages of SaaS. The fact that proper controls are currently not yet familiar to organizations can also contribute to this result.

Another component of the transactions cost theory is operations risk. Operations risk, is the risk that a partner in an outsourcing transaction underperforms. It is important to secure the process and to


5-May-23

trust the provider, that it delivers the service as discussed and as promised. However, there is the risk that a provider underperforms. In our survey we constructed two questions that relate to operations risk. We asked our respondents a question on the availability of the service and one question on the likeliness of the misuse of the information by the vendor. From our results we cannot conclude that organizations recognize operations risk as a threat. We also calculated Cronbach’s Alpha for the previous questions. The outcome shows that the two questions are not internally consistent with each other. This means they do not measure the same subject in our research. When we examine the averages of the two questions, we can conclude that the main average of the question related to the availability is much higher than the average of the questions related to the misuse of the information by the vendor. This difference in averages, can be explained by the differences between the averages of the risk related to a vendor and a third party.

In addition we constructed hypothesis 3a. This hypothesis tests if organizations see a bigger threat in third parties than in their vendor. For hypothesis 3a we can conclude that there is statistical evidence that a third party is recognized as a bigger threat than a vendor. The results can explain our Cronbach’s Alpha for the questions about operations risk. In our survey we did not constructed a question that focuses particularly on the misuse of information by a third party. This causes that we cannot conclude, based on our Cronbach’s Alpha, that operations risk plays important role when outsourcing e-mail.


Chapter 5. Conclusion and further research

Previous to discussing our conclusion we first revisit our research questions as stated in the beginning of our thesis. Subsequently the conclusion of the research will be discussed and finally we review some further research.

5.1 Research questionThe main goal of this research is the term information poaching in relation to outsourcing e-mail. When we want to examine this in a proper way there are several questions constructed which aim to answer our main question. Our main questions is stated as follows; “What is the effect of information poaching when e-mail is outsourced to a software as a service provider?”.

The research questions which aim to support our main questions are;

What are the possible risks when outsourcing an internal service such as e-mail to an external service provider?

What are the possible risks for an organization when working with SaaS provider? To what extend is the concept of information poaching known to organizations? To what degree is information poaching acknowledged as a threat when outsourcing a

service as e-mail?o When information poaching while outsourcing e-mail is acknowledged as a possible

threat, does this affect the decision making process of the customer? To what extend can organizations control the possible negative effects when outsourcing e-

mail to a SaaS provider?

5.2 ConclusionInformation is a very important asset for organizations and it is vital for individuals. The close relation between organizations and individuals and the fact that sensitive information is often gathered and used by organizations makes it interesting to define clear controls and laws to secure that information.

When we review the current economy the trend is that organizations are trying to minimize the costs. One of the things that could reduce cost is digitalization. Digitalization can start by using email and internet up to outsourcing complete systems and services. A new form of digitalization is outsourcing email to a SaaS provider. This new sort of outsourcing can be explained as for example, outsourcing the complete email service of an organization to an external service provider. This includes as well the storage of the data at the provider. Taking into account that sensitive information is stored in email and the fact that the information is digitally stored at the service providers leads to some interesting security related questions. One of the first questions organization ask is “How do I know my (sensitive) information is safe?”.

It is clear how information stored in a physical place can be secured. Information security of information stored in a digital form and place is rather vague. A security risk related to this is called information poaching. Information Poaching can be explained, as the use of private date by a receiving party with the intend to get an economic advantage. The fact that information poaching is a


5-May-23

relatively new term leads to mistrust at organizations. This mistrust can lead to a reserved position when considering outsourcing email.

In the current literature several papers and theories are written on outsourcing services to an external provider. However, most of the literature is not applicable on outsourcing digital services, with a large data component in it. In this research we linked for instance the theory on risk, control and trust to our case on outsourcing email. We also applied theories on core competences and the transaction cost theory. Besides discussing the existing literature on outsourcing, we discussed the literature on information poaching.

To compare the general literature on outsourcing with outsourcing email to a service provider we constructed a survey which we spread among several individuals. By spreading the survey among specific groups we tried to reach people that where known with outsourcing email. The survey is completed by 77 people. We used the results of our survey to verify six hypotheses. The hypotheses are constructed based on the existing theory of outsourcing en information poaching.

An important theory applicable to outsourcing is trust. When organizations outsource their email, they have to trust their service provider that they act as stated in the contract. If we want to enhance the amount of trust in a service provider, the risk of outsourcing has to be managed. Important tools to create trust are controls. In this research trust is an important factor for organizations. Trust can be enhanced by using the proper controls. However, these controls are currently not yet tested for this kind of outsourcing. To increase the amount of trust, a decrease of risk is needed. This risk partially originates from the fact that email is an important service for organizations. The higher the level of dependency of email leads to a higher amount of risk. In our survey we found that there is a difference in means of the dependency of email. However, this difference is not statistical significant. This means that we cannot conclude that there is a difference between both groups.

An important topic in our survey is information poaching; do people recognize it as a threat when outsourcing email? From the results of our survey we can conclude based on statistical evidence that organizations are aware of the threat of information poaching. This awareness probably leads to a reserved position to decide to outsource their email. Besides the awareness of information poaching an interesting result is that organizations see a larger threat in a third party then their service provider.

The results of our survey in combination with the existing literature leads to our main questions “What is the effect of information poaching when e-mail is outsourced to a SaaS provider?”. Organizations recognize information poaching as a possible risk, when outsourcing email to a service provider. If we combine this conclusion with the fact that risk is an important factor. The logical reaction from organizations would be that there will be a reserved position for outsourcing their email. This reserved position could be taken away by clear controls. However, these controls are not yet common to most organizations.

The fact that there are almost no proven controls available leads to fewer organizations making the decision to outsource their email. However, there is a way in which organizations can control their outsourcing transaction. Currently privacy by design is a method for this problem. Privacy by design is a plan which organizations develop before they start their service. In this plan they define how they are going to secure the privacy laws and norms of their clients. In this way service providers on


5-May-23

beforehand inventories the possible risks for organizations. Besides inventorising the risk they are also stimulated to thing in a way that they can prevent instead of solving it. At the moment, there is a grouped force of authorities that focus on protecting data. This group tries to force service providers such as Google to use a clear privacy by design plan for their services.

Unfortunately by forcing service providers to define a clear privacy by design, the privacy authorities neglect an essential fact. How do they, or clients, control that service providers act as seem to defined in their privacy by design plan? A solution to this issue, in addition to the privacy by design, is that IT audits are needed to generate more trust. In this way service providers define a plan on how they are going to secure the privacy of their clients. How they manage to keep this level of security during daily process and how they show that they have delivered this level of security. This audit has to be performed during the design phase and at a periodic base to gain trust upon the security level which agreed upon.

The data privacy authorities can play an important role protecting sensitive information by SaaS providers. Not only by forcing service providers to use privacy by design and audit guidelines, but also with the creation of a digital data privacy certification. This certification can be based on an approved privacy by design plan with an audit plan on how service providers act like stated in the plan. By auditing the privacy by design plan and granting ratings for service providers on how they follow their privacy by design plan, can function as a control. This control is also visible and understandable for organizations. This visibility or quality mark could lead to more organizations outsourcing their email.

5.3 Recommendations for further researchThis thesis can be used to research some theories in more detail. Especially since not that much research is done on the topic. The following topics will give recommendations for further research on theories in relation to outsourcing e-mail and information poaching

5.3.1 TrustWhen we examine the different theory’s on trust, we see that an important way to create trust is to have clear and proper controls for the transaction. Outsourcing e-mail and especially information poaching are closely related to the risk of limited observability. Limited observability enhances the amount of risk and it also decreases the level of trust. Taking this into account point of view it would not be a good decision to outsource services that have limited observability such as e-mail. However, it is interesting to examine in more detail, the effect of limited observability of a service in relation to risk and trust.

5.3.2 Core competencesAs discussed in our chapter on core competences, we deducted a theory from the existing theory. This theory is based on the dependency of organizations of a service. We decided to deduct a theory from the existing theory while examining core competences by using surveys will be difficult.

For further research it is an interesting direction to examine core competences in relation to outsourcing e-mail. A study that primarily focuses on core competences in organizations, could explain the impact of it in relation to outsourcing e-mail. This can be a decision making factor for organizations when considering outsourcing e-mail.


5-May-23

Bibliography

(1997). European Management Journal, 15(3), 303.

Barney, J. B. (1996). The resource-based theory of the firm. Organization Science (Providence, R.I.), , 469.

Baumol, W. J. (1986). Williamson's the economic institutions of capitalism. The Rand Journal of Economics, , 279-286.

Bhutta, K. S., & Huq, F. (2002). Supplier selection problem: A comparison of the total cost of ownership and analytic hierarchy process approaches. Supply Chain Management: An International Journal, 7(3), 126-135.

Boddy, W. W. (1994). U.S. television abroad: Market power and national introspection. Quarterly Review of Film and Video, 15(2), 45-55.

Brynjolfsson, E. (1994). Information assets, technology, and organization. Management Science, , 1645-1662.

Chalos, P. (1995). Costing, control, and strategic analysis in outsourcing decisions. Journal of Cost Management, 8, 31-37.

Christopher Voce. (2009). Should your e-mail live in the cloud? A comparative cost analysis.

Christopher Voce. (2009). Should your e-mail live in the cloud? an infrastructure and operations analysis.

Clemons, E., Reddi, S., & Rowe, M. (1993). The impact of information technology on the organization of economic activity: The" move to the middle" hypothesis. Journal ofManagement Information Systems/Fall, 10(2), 9-35.

Clemons, E. K., & Hitt, L. M. (2004). Poaching and the misappropriation of information: Transaction risks of information exchange. Journal of Management Information Systems, 21(2), 87-107.

Clemons, E. K., Reddi, S. P., & Row, M. C. (1993). The impact of information technology on the organization of economic activity: The" move to the middle" hypothesis. Journal of Management Information Systems, 10(2), 9-35.

Clemons, E., & Reddi, S. (1994). The impact of IT on the degree of outsourcing, the number ofsuppliers, and the duration of contracts. System Sciences, 1994. Vol. IV: Information Systems: Collaboration Technology Organizational Systems and Technology, Proceedings of the Twenty-Seventh Hawaii International Conference on, , 4

Covaleski, M. A., Dirsmith, M. W., & Samuel, S. (2003). Changes in the institutional environment and the institutions of governance: Extending the contributions of transaction cost economics within the management control literature. Accounting, Organizations and Society, 28(5), 417-441.


5-May-23

Cuganesan, S., & Lee, R. (2006). Intra-organisational influences in procurement networks controls: The impacts of information technology. Management Accounting Research, 17(2), 141-170.

Curley, S. (2004). Ripped from the headlines: What can the popular press teach us about software piracy. Journal of Management Information Systems, 21(2), 109.

Das, T., & Teng, B. S. (2001). Studies, 22(2), 251-283.

Dubey, A., & Wagle, D. (2007). Delivering software as a service. The McKinsey Quarterly,

Han, K., Kauffman, R. J., & Nault, B. R. (2004). Information exploitation and interorganizational systems ownership. Journal of Management Information Systems, 21(2), 109-135.

Han, K. (2004). Information exploitation and interorganizational systems ownership. Journal of Management Information Systems, 21(2), 109.

Harris, A., Giunipero, L. C., & Hult, G. T. M. (1998). Impact of organizational and contract flexibility on outsourcing contracts. Industrial Marketing Management, 27(5), 373-384.

Kern, T., & Willcocks, L. (2000). Exploring information technology outsourcing relationships: Theory and practice. Journal of Strategic Information Systems, 9(4), 321-350.

L. Frank Kenney, Daryl C. Plummer, & Jess Thompson. (2009). What's between you and the cloud?

Lacity, M. C., & Hirschheim, R. (1995). Beyond the information systems outsourcing bandwagon: The insourcing response John Wiley & Sons, Inc. New York, NY, USA.

Lee, M. K. O. (1996). IT outsourcing contracts: Practical issues for management. Industrial Management and Data Systems, 96(1), 15-20.

Malone, T. W. (1988). What is coordination theory?

Malone, T. W., & Crowston, K. (1991). Toward an interdisciplinary theory of coordination.

Malone, T. W., & Crowston, K. (1994). The interdisciplinary study of coordination. ACM Computing Surveys (CSUR), 26(1), 87-119.

Martin, H. (1997). Contracting out maintenance and a plan for future research. Journal of Quality in Maintenance Engineering, 3, 81-90.

Matthew W. Cain. (2009). Cost optimization for E-mail infrastructures.

McFarlan, F. W., & Nolan, R. L. (1995). How to manage an IT outsourcing alliance. Sloan Management Review, 36(2), 9.

Prahalad, C. K., & Hamel, G. (2003). The core competence of the corporation. INTERNATIONAL LIBRARY OF CRITICAL WRITINGS IN ECONOMICS, 163, 210-222.

Tom Austin. (2009). Economic factors accelerate employees' use of personally owned equipment.

Turner, M., Budgen, D., & Brereton, P. (2003). Turning software into a service. Computer, 36(10), 38-44.


5-May-23

van der Meer-Kooistra, J., Vosselman, E. G. J., & te Groningen, R. (1999). Management control of interfirm transactional relationships: The case of industrial renovation and maintenance SOM Graduate School/Research Institute Systems, Organisations and Management.

van der Meer-Kooistra, J., Vosselman, E. G. J., & te Groningen, R. (1999). Management control of interfirm transactional relationships: The case of industrial renovation and maintenance SOM Graduate School/Research Institute Systems, Organisations and Management.

Vosselman, E., & Meer-Kooistra, J. (2009). Accounting for control and trust building in interfirm transactional relationships. Accounting, Organizations and Society, 34(2), 267-283.

Vosselman, E., & Meer-Kooistra, J. (2009). Accounting for control and trust building in interfirm transactional relationships. Accounting, Organizations and Society, 34(2), 267-283.

Vosselman, E. G. J. (2002). Towards horizontal archetypes of management control: A transaction cost economics perspective. Management Accounting Research, 13(1), 131-148.

Vosselman, E., & Meer-Kooistra, J. (2006). Accounting for control and relational signalling in interfirm transactional relationships.

Widener, S. K., & Selto, F. H. (1999). Management control systems and boundaries of the firm: Why do firms outsource internal auditing activities? Journal of Management Accounting Research, 11, 45-74.

Williamson, O. O. E. (1979). Transaction-cost economics: The governance of contractual relations. The Journal of Law & Economics, 22(2), 233.


5-May-23

Appendix

A1. Survey results Hypothesis 1The following graphs and tables will show a summary of the results of the specific questions related to hypothesis 1.

Figure 5 Results question 4


Cases

Included Excluded Total

N Percent N Percent N Percent

Importance 77 100,0% 0 ,0% 77 100,0%

Effect 75 97,4% 2 2,6% 77 100,0%

Ammount 74 96,1% 3 3,9% 77 100,0%

Importance Effect Ammount

N 77 75 74

Mean 6,22 5,05 5,34

Median 7,00 6,00 6,00


5-May-23

Sum 479 379 395

Range 6 6 6

Std. Deviation 1,334 1,635 1,785

Variance 1,780 2,673 3,186

Table 18 Statistic summary of the survey results of questions 6, 7 and 8


Cases



Hypothesis_1 41 95,3% 2 4,7% 43 100,0%

N Mean Median Sum Range Std. Deviation Variance

41 17,2439 18,0000 707,00 12,00 3,69310 13,639Table 19 Combined results of the organizations that are outsourcing


Cases



Hypothesis_1NOT_OUTSOUR

CING

22 91,7% 2 8,3% 24 100,0%


22 15,7727 16,5000 347,00 18,00 4,40705 19,422

Table 20 Combined results of the organizations that are not outsourcing

A2. Survey results Hypothesis 2The following graphs and tables will show a summary of the results of the specific questions related to hypotheses 2.

H2A


Cases



5-May-23


Faster deployment 69 89,6% 8 10,4% 77 100,0%

Lower cost 70 90,9% 7 9,1% 77 100,0%

Easy user interface 70 90,9% 7 9,1% 77 100,0%

Scalability (additional storage

capability as business grows)

72 93,5% 5 6,5% 77 100,0%

Expertise of Software as a

Service Vendors

72 93,5% 5 6,5% 77 100,0%

Accountability of Software as

a Service vendors to remain

competitive

71 92,2% 6 7,8% 77 100,0%

Faster

deployment

Lower cost Easy user

interface

Scalability

(additional

storage

capability as

business grows)

Expertise of

Software as a

Service Vendors

Accountability

of Software as a

Service vendors

to remain

competitive

N 69 70 70 72 72 71

Mean 4,84 5,17 4,39 5,11 4,85 4,69

Median 5,00 6,00 4,00 6,00 5,00 5,00

Sum 334 362 307 368 349 333

Range 6 6 6 6 6 6

Std. Deviation 1,844 1,777 2,066 1,843 1,933 1,809

Variance 3,401 3,159 4,269 3,396 3,737 3,274Table 21 Statistic summary of the survey results of questions 9


Cases



Data privacy 75 97,4% 2 2,6% 77 100,0%

Integration issues with other

applications

75 97,4% 2 2,6% 77 100,0%

Customization of product 75 97,4% 2 2,6% 77 100,0%

Complex pricing models 72 93,5% 5 6,5% 77 100,0%

Vendor lock-in 68 88,3% 9 11,7% 77 100,0%

Case Summaries

Data privacy Integration Customization of Complex pricing Vendor lock-in


5-May-23

issues with

other

applications

product models

N 75 75 75 72 68

Mean 5,59 5,16 4,49 3,81 4,28

Median 6,00 5,00 4,00 4,00 4,00

Sum 419 387 337 274 291

Range 6 5 6 6 6

Std. Deviation 1,839 1,525 1,589 1,675 1,803

Variance 3,381 2,325 2,524 2,807 3,249

Cases

Included Excluded Totalf


Hypothesis_2A_adv 64 83,1% 13 16,9% 77 100,0%

Table 22 Statistic summary of the survey results of questions 10

Case Summaries

Hypothesis_2A_adv


64 29,3281 29,5000 1877,00 36,00 8,75967 76,732

Cases



Hypothesis_2A_adv 64 83,1% 13 16,9% 77 100,0%Table 23 Combined results of the sub-questions of question number 9

Case Summaries

Hypothesis_4A_disadv


66 23,3182 23,5000 1539,00 29,00 5,87343 34,497

Cases



Hypothesis_2A_disadv 66 85,7% 11 14,3% 77 100,0%


5-May-23

Table 24 Combined results of the sub-questions of question number 10


Cases



Hypothesis_2A_adv_6 64 83,1% 13 16,9% 77 100,0%

Hypothesis_2A_adv_5 66 85,7% 11 14,3% 77 100,0%

Hypothesis_4A

_adv_6

Hypothesis_4A

_adv_5

N 64 66

Mean 4,8880 4,6636

Median 4,9167 4,7000

Sum 312,83 307,80

Range 6,00 5,80

Std. Deviation 1,45995 1,17469

Variance 2,131 1,380

Table 25 Combined results of the sub-questions (divided by its amount of questions) of question number 9 and 10

H2B


Cases



Availability 72 93,5% 5 6,5% 77 100,0%

Likeliness 75 97,4% 2 2,6% 77 100,0%

Availability Likeliness

N 72 75

Mean 6,60 3,24

Median 7,00 3,00

Sum 475 243


5-May-23

Range 4 6



Table 26 Statistic summary of the survey results of questions number 5 and 15


Cases



Hypothesis_2B 70 90,9% 7 9,1% 77 100,0%


70 9,8286 9,0000 688,00 10,00 2,14659 4,608Table 27 Combined results of the sub-questions of questions number 5 and 15


5-May-23


Figure 5 Results question 4


Cases



Degree of trust 75 97,4% 2 2,6% 77 100,0%

N Median Sum Std. Deviation Variance Mean Range

75 5,00 376 1,438 2,067 5,01 6Table 28 Results question 18


Cases



Degree of trust 39 95,1% 2 4,9% 41 100,0%

N Median Sum Std. Deviation Variance Mean Range

39 6,00 202 1,412 1,993 5,18 6Table 29 Combined results of organizations that are outsourcing and the factor trust


5-May-23



Cases



Awareness A 75 97,4% 2 2,6% 77 100,0%

Awareness B 76 98,7% 1 1,3% 77 100,0%

Degree of privacy 76 98,7% 1 1,3% 77 100,0%

Inhibiting 76 98,7% 1 1,3% 77 100,0%

Likeliness 75 97,4% 2 2,6% 77 100,0%

Valuable A 73 94,8% 4 5,2% 77 100,0%

Valuable B 73 94,8% 4 5,2% 77 100,0%

Awareness

A

Awareness

B

Degree of

privacy

Inhibiti

ng

Likelines

s

Valuable

A

Valuable

B

N 75 76 76 76 75 73 73

Mean 5,23 5,46 5,03 4,49 3,24 3,86 5,21

Median 6,00 6,00 5,00 5,00 3,00 4,00 6,00

Sum 392 415 382 341 243 282 380

Range 6 6 6 6 6 6 6

Std.

Deviation

1,737 1,669 1,451 1,976 1,844 1,873 1,472

Variance 3,015 2,785 2,106 3,906 3,401 3,509 2,166

Table 30 Statistic summary of the survey results of questions 11 , 12 , 13, 14, 15, 16 and 17

Case Processing Summary Hypothesis_4

Cases



Hypothesis_4 71 92,2% 6 7,8% 77 100,0%


71 32,7465 33,0000 2325,00 33,00 6,94616 48,249Table 31 Combined results of the questions related to Hypothesis 4

Survey results Hypothesis 4A


5-May-23


Cases



Valuable 3rd 73 94,8% 4 5,2% 77 100,0%

Valuable SP 73 94,8% 4 5,2% 77 100,0%

Valuable 3rd Valuable SP

N 73 73

Mean 3,86 5,21

Median 4,00 6,00

Sum 282 380


Range 6 6


Table 32 Statistic summary of the survey results of questions 16 and 17

A5. Questions survey Software as a Service and email

This survey is about the use of Software as a Service and is especially focused on the use of email. In this survey a Software as a Service provider is primarily defined as a external email provider (e.g. Gmail, Yahoo). The purpose of this survey is to clarify the motivations of organizations to outsource their email to an external service provider and to research the degree of awareness of the possible effects of the decision. The survey will take approximately 10 minutes of your time.Thank you in advance!

1. What is the primary business area of your company? Tech: Communication carriers Tech: Computer/Network consultant Tech: E-commerce/Internet Tech: Manufacturing- Hardware Tech: Manufacturing- Software Tech: Retailer/Distributer/Wholesaler(Computer related) Tech: Service provider(e.g. webhosting) Non-Tech: Advertising/Marketing/PR Non-Tech: Agriculture/Forestry/Fisheries Non-Tech: Business Services/ Consultant Non-Tech: Constructor/ Architecture/ Engineering Non-Tech: Aerospace/ Defense contractor Non-Tech: Education


5-May-23

Finance/Banking/ Accounting Non-Tech: Government Federal(Including Military) Non-Tech: Government (State Local) Non-Tech: Healthcare/Medical/Pharmaceutical/Bio-Tech Non-Tech: Insurance/real estate/legal Non-Tech: Manufacturing & Process industries Non-Tech: Mining/Oil/Gas Non-Tech: Retailer/Distributer/Wholesaler(Non-Computer) Non-Tech: Travel/Hospitality/Entertainment/Recreation Non-Tech: Transportation Utilities (Energy, Water etc.) Other

2. What is your function within your organization? IT Related Non IT related

3. What is the amount of employees working in your company? < 20 21 - 50 51 - 100 101 - 500 501- 1000 1000 Don't know/unsure

4. How long has your company been using Software as a Service services? < 1 year 1 - 2 years 2 - 3 years 3 - 4 years > 4 years not yet using Don't know/unsure

5. What is the minimum availability percentage of your email that you would like your vendor to guarantee?

99%+ 98%+ 97%+ 96%+ 90% to 95%+ 80% to 89%+ Less than 80% Does not matter

---------------------------------------------------------6. Rank the importance of email in your organization?


5-May-23

(Likert scale 7)

7. To which degree would an email service that is not available for one hour affect your daily business?(Likert scale 7)

8. In how many of your business processes (e.g. Purchasing, Manufacturing, Marketing and Sales, Accounting, Recruitment, Technical support, Managerial) is email essential for continuing business?(Likert scale 7)

9. Rate the following advantages of using Software as a Service for especially email rather than an internal software solution.

Service related advantages: Faster deployment

(Likert scale 7) Lower cost

(Likert scale 7) Easy user interface

(Likert scale 7) Easy internet access

(Likert scale 7) Scalability (additional storage capability as business grows)

(Likert scale 7)

Vendor related advantages: Expertise of Software as a Service Vendors

(Likert scale 7) Accountability of Software as a Service vendors to remain competitive

(Likert scale 7)

10. How would you rate the following factors as the major areas of concern of using Software as a Service and especially related to email?

Data privacy(Likert scale 7)

Integration issues with other applications(Likert scale 7)

Customization of product(Likert scale 7)

Connectivity Issues(Likert scale 7)

Complex pricing models(Likert scale 7)

Vendor lock-in(Likert scale 7)

Other(Textbox)


5-May-23

11. Are you aware of the possible risks when outsourcing your email service to an external software as a service provider?

(Likert scale 7)

12. Are you aware of the possible risks when sending and receiving private data by email?(Likert scale 7)

13. How would you rate the degree of privacy of the information you are sending by email?(Likert scale 7)

14. Do you see email that contains private data as a possible inhibiting factor when deciding to outsource your email?

(Likert scale 7)

15. How would you rate the likeliness of the misuse of your email data by the vendor when working with an established service provider?

(Likert scale 7)

16. How valuable is the information you are sending and receiving for a service provider?(Likert scale 7)

17. How valuable is the information you are sending and receiving for a third party?(Likert scale 7)

18. To which degree do you trust your service provider when outsourcing your email?(Likert scale 7)

19. What are the factors that are important when considering outsourcing a service such as email?- Vendor name

(Likert scale 7)- Vendor popularity

(Likert scale 7)- Vendor reputation

(Likert scale 7)- Vendors client portfolio

(Likert scale 7)- Vendors company size

(Likert scale 7)- Other(Textbox)

If there are any questions and/or comments related to this survey or to the process of outsourcing email, you can mention it in the following text box.

i Likert scale, a scale that is often used in questionnaires. This scale provides the person answering the questions with the choice for different numbers. These numbers represent the degree that for example a respondent approves with the question. A Likert scale can be a scale of 3, 5, 7 or even more. A major advantage when using a Likert scale is that, by attaching values to the different ratings of the Likert scale it is possible to calculate several statistical definitions.ii Cronbach’s Alfa, represent a method that calculates to which degree 2 different questions measure the same item. When using more than one question to test a hypothesis on a specific topic it is very important to calculate if these questions measure the same topic. The Cronbach’s Alfa calculates to which extend these questions are related to the same topic. When Cronbach’s Alfa is 6 or higher they are internally consistent, this means we can state they measure the same topic. If Cronbach’s Alfa is lower than 6 the relevance of the statistical test is too low.iii SPSS, is a statistical computer program previously called statistical package for the social sciences(SPSS)iv 2 sample T test, a statistical test which measures two specific groups relate to the pre defined hypotheses.

information poaching a decision making factor iene-vlietvan_31310… · web viewinformation...

Documents