Abstract
Cloud computing has achieved great commercial success to date, but its associated risks may impede firms from adopting it more effectively. This paper addresses the issue from the perspective of firms that use cloud computing and argues that the modularization of firms’ internal IT systems play an important role in enabling their adoption of cloud services. We performed detailed empirical analyses employing a dataset containing 457 firms classified as small and medium-sized enterprises (SMEs) as well as large enterprises. Our empirical results mainly suggest that internal IT modularity aimed for organization-wide, top-down strategic business transformation can help firms better adopt application-level cloud services regardless of their firm size. Bottom-up non-strategic internal IT modularity siloed in individual projects can foster the use of server-level cloud services for SMEs, but not for large enterprises. Our findings reveal support for the general prior understanding of (a) the negative effect of internal IT expenditure and cloud-based software’s quality and risk concerns on application-level cloud adoption, and (b) the positive effect of perceived benefits of cloud-based software on application-level cloud adoption for both SMEs and large enterprises. Finally, when SMEs develop more custom Web services in house, they tend to adopt fewer server-level cloud services externally. The theoretical development and empirical analysis of the effect of IT modularity and firm size on cloud adoption contribute to our understanding of how firms can be more internally ready to use cloud computing effectively.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
Cloud computing is an inherently scalable and flexible information technology (IT) model that emphasizes ubiquitous access to various IT resources based on the pay-per-use or utility-like billing model, rather than the ownership of such resources [58]. Since the commercialization of cloud computing in the early years of the twenty-first century, many companies have embraced various cloud computing services, which is now generating debate on the value of subscribing to external cloud services over acquiring conventional internal IT resources such as in-house servers and software. Increasingly, firms value the efficacy and flexibility offered by cloud services. For instance, the New York Times utilized external cloud services to complete the processing of its enormous amount of newspaper archives in less than two days (NYT [66]. At the same time, firms are also concerned about the potential risks imposed by this new IT consumption model [2, 7, 17, 45, 78, 97]. A classic example is that financial service firms are hesitant to use cloud computing because of the coercive legal and regulatory challenges and pressures such as issues of financial privacy, customer data protection, and business continuity [16, 31, 49]. Tackling this controversy, this paper suggests that internal IT modularization in firms may help them better evade and govern the perceived risks as well as improve IT resource connection flexibility so that they may have a much easier time to adopt cloud computing services.
Numerous prior papers have discussed challenges and risks posed by cloud technologies, such as data security, privacy, availability, and integrity from cloud service providers’ technical perspective ([1]; [3, 15, 18, 22, 44, 70, 76, 81, 89, 108]. However, there is a scarcity of literature that considers mitigating cloud risks and promoting cloud adoption from the cloud firm users’ standpoint. Real-world cases show that certain changes in a firm’s internal IT systems may help mitigate the risks and uncertainties when using external cloud services. Docker (NYT [65], a popular tech company in San Francisco that focuses on providing “lightweight containers of code”, makes applications easy to move across different computer systems including cloud computing. By putting software into “containers” or modules, making changes in one application will not affect other parts of the systems. Mohawk Fine Papers [26] sought an alternative way, a service-based model, to solve its previously rigid, costly point-to-point EDI (Electronic Data Interchange) connections with business partners. They built a service-oriented architecture (SOA) in the Amazon cloud and integrated various cloud-based services with its on-premises enterprise resource planning (ERP) system. The new model allowed Mohawk to quickly set up new business relationships whilst minimizing the costs and technical hurdles. Such cases illustrate that firms, as cloud users, may adopt cloud computing more easily if they modularize their internal IT systems.
Modularity as a broad concept has been extensively studied in IS literature. Prior studies expounded the importance and benefits of modularity in various industries. Modularity can hide and reduce system complexity [11, 51, 69, 80, 99, 100], stimulate innovation by allowing freedom in module design, and mix and match of modules [6, 11, 21, 34, 51, 55, 86], as well as promote flexibility and agility [12, 29], Luthria and [54, 75, 77, 95, 106]. However, there is no prior research about firms’ internal IT modularity as an enabler of cloud adoption. Therefore, this paper addresses the important research questions: Are firms more likely to adopt cloud computing if they modularize their internal IT systems, and to what extent does internal IT modularity influence firms to adopt cloud computing, ceteris paribus?
The purpose of our study is to theoretically link IT modularity with cloud adoption and empirically examine the relationship between a firm’s internal IT modularity and cloud computing adoption. Using data from 457 firms (SMEs and large enterprises) across various industries and countries, we examine how internal IT modularity can influence a firm’s ability to adopt application-level cloud services such as Software as a Service (SaaS) applications and server-level cloud services such as Infrastructure as a Service (IaaS) and Platform as a Service (PaaS).
2 Theoretical framework and hypotheses
2.1 Cloud computing and its taxonomy
As an evolving paradigm, cloud computing may have a broad and varying definition, depending on what aspects of cloud computing are emphasized. Nevertheless, there is a fair definition that covers the essence of cloud computing given by Mell and Grance [58, p. 6]: “A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” Mell and Grance [58] summarize the three-tier basic service models from bottom to top as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). IaaS provides cloud users with the capability to provision processing, storage, networks, and other raw computing resources based on which users can build up their own platforms and applications. PaaS enables cloud users to develop and deploy user-created or acquired applications in the cloud using the programming languages and the computing platform supported by the cloud provider. SaaS provides cloud users with ready-for-use applications running in the cloud. More concisely, the above three basic service models can be classified into two major types: server-level services (i.e., IaaS and PaaS) and application-level services (i.e., SaaS) [78].
2.2 IT Modularity
Simon [80] proposes the early notions of modularity such as nearly decomposable systems and loosely coupled components in addressing the architecture of complex systems. Emerging largely due to the successful practice of module-based design in managing complex technologies in the computer industry, the explicit term of modularity is defined as a general set of design principles for composition of a complex system of small subsystems or units that can be designed independently yet function together as an integrated whole [12]. The subsystems or units are called modules. As to IT modularity, prior literature indicates that the concept is instrumental in both IT infrastructure and IT architecture.
2.2.1 IT infrastructure and architecture modularity
IT infrastructure modularity is often discussed as one of the dimensions of IT infrastructure flexibility [92]; [23, 30, 35, 43, 89]. Byrd and Turner (2000) [92] show that the technical component of IT infrastructure flexibility comprises two distinct factors: integration and modularity. The factor of modularity consists of two sub-factors: application functionality and data transparency [37]. Application functionality is about the ability to add, modify, and remove the modules of software applications with little or no widespread effect on the applications collectively. Data transparency is about the free retrieval and flow of data between authorized personnel in an organization, or between organizations regardless of location [37].
Tiwana and Konsynski (2010) [94]. p. 288) define IT architecture modularity as “the degree to which an organization’s IT portfolio is decomposed into relatively autonomous subsystems”. The subsystems are atomic, fine-grained units of functionality which can be software components, modules, objects or services, and they can be easily mixed and matched with other modules to construct a new process [42, 75, 82, 101].
2.2.2 IT Modularity consolidated
In line with prior literature, we define IT modularity as a general set of design principles for composition of a complex IT system (infrastructure or architecture) from small autonomous subsystems or modules that can be designed independently, yet function together as an integrated whole, reflecting the degree to which a firm’s IT portfolio is decomposed into independent, reusable subcomponents.
2.3 Firm size
Firms generally can be grouped into two coarse categories: small and medium-sized enterprises (SMEs) and large enterprises. There is no universally agreed definition of SME as it varies in different countries and can be measured using a qualitative or quantitative approach, and yet in either approach there are various indicators that may be utilized [14, 32]. In the former approach, the classification of SME can be determined by such factors as management style, organizational structure, and traits of personnel, while in the latter approach it can be determined by number of employees (headcount) or a financial criterion such as annual turnover, total assets, or total annual sales [14, 39]. Although the number of employees is a widely used criterion for the SME classification, different countries or regions have adopted various grouping criteria [14]. We follow the predefined and well-accepted definition from Forrester Research,Footnote 1 and define an SME as a company whose number of employees is between 2 and 999, while a large enterprise is one with 1,000 or more employees.
Prior literature finds different behaviors between SMEs and large enterprises when they adopt cloud services. Talukder and Zimmerman [88] point out that the economic benefits and costs of using cloud services may vary depending on the company size and its current in-house IT resources and overheads. SMEs typically have a much less burden to maintain legacy IT resources, internal processes, IT staffing and technical skill base than large enterprises, making it easier for SMEs to adopt new models of IT infrastructure. At the same time, SMEs don’t have the access to capital and the ability to leverage the existing human, software and hardware resources that large enterprises typically have. Cloud computing may mitigate the lack of internal IT resources for SMEs and hence may be extremely attractive to SMEs. Kushida et al. [50] concur this opinion and point out that large enterprises are highly sensitive to data security and therefore they are usually more reluctant than SMEs to have their data stored in an external cloud. Consequently, the authors summarize that the hurdles for cloud adoption by large enterprises are still high while SMEs face a greater set of immediate benefits with lower hurdles for adoption.
2.4 IT modularity and adoption of cloud computing
Prior literature suggests that IT modularity might reduce asset specificity, coordination costs, and opportunism as defined in transaction cost economics (TCE), and hence alleviate some of the challenges and risks associated with cloud computing. In addition, IT modularity can facilitate vertical de-integration and outsourcing which are relevant to the theory of TCE.
Williamson [103] posits that the determinants of transaction costs are frequency, specificity, uncertainty, bounded rationality, and opportunistic behavior. TCE focuses on the risk of opportunism such as lock-in (hold-up), below-peak effort, or the misappropriation of proprietary information [90, 104]. Asset specificity has received the earliest attention and is a highly influential attribute of the transaction [72]. Williamson [105] defines asset specificity as the extent to which an investment made for a specific use has a higher value than it would have if it were reassigned to an alternative use, and states that transaction-specific assets (e.g., specialized physical and human investments for a task) are valueless in redeployment for another task.
Baldwin [10] points out that transactions are more likely to be located at module boundaries than in their interiors. Modularizations create new module boundaries with (relatively) low transaction costs. Modules, by definition, are separated from one another by thin crossing points – the boundaries of modules. Modularization makes transactions feasible where they were previously impossible or highly costly. Argyres and Bigelow [5] argue that in the situation with a dominant or several major standards, modularity is associated with vertical de-integration because of the highly standardized components when they study the early US auto industry. Sanchez and Mahoney [75] indicate that a modular product architecture already implies the engineering interfaces to be standardized. Shared standards reduce specificity and provide a form of embedded control that reduces search, monitoring, and enforcement costs. Standardized interfaces help structure the technical dialogue between component design engineers, hence reducing the need for unstructured dialogue and reducing the total amount of product-specific dialogue [6, 61]. By reducing the required communication, modular architectures also mitigate the hazard of proprietary information being leaked to another component designer [91]. By reducing asset specificity and leakage concerns, increasing product architecture modularity fosters greater use of a market-based mechanism for governing the transactions between component designers at the expense of vertical integration [79, 105]. Clemons and Hitt [24] note that modularity can help reduce the risk of poached information. By making information modular, a firm may distribute different components to different suppliers, which makes it less likely for any single supplier to reconstruct the complete set of information that has economic value. This has a direct implication that IT modularity can help mitigate the concerns of privacy, security, and data ownership in cloud computing. Clemons et al. [25] argue that IT can reduce coordination costs without increasing the associated risks, which lead to more outsourcing and less vertical integration. As a result, IT modularity may reduce the coordination costs between a company’s internal IT systems and an external cloud so that the company can more easily move its IT components to the external cloud. Hoetker [40] claims that when designing a modular product, a firm will be more likely to consider external suppliers because the transaction costs of communication and opportunism become lower. The theory of TCE suggests that the advantages of long-term and internal suppliers become less important in the presence of product modularity. Product modularity may reduce the risk of opportunism by making it easier for firms to switch suppliers, hence making them less vulnerable to lock-in (hold-up) by a particular supplier. In a modular system, component outsourcing enables the firm to purchase components from multiple suppliers, hence decreasing switching costs [74]. As Mikkola and Skjoett-Larsen [60] indicate, one of the main reasons for outsourcing is to shift initial investment costs and the risk of demand uncertainty to a supplier. Cloud firm users can transfer their internal IT utilization risks and costs to cloud providers, which is a major advantage championed by Armbrust et al. [7] for using cloud computing, and it suggests that internal IT modularity can facilitate use of multiple cloud providers’ services to increase availability and reduce the risk of vendor lock-in. Mikkola [59] emphasizes that companies can achieve explicit financial gains by outsourcing non-core activities to reduce the unit costs and investments. By doing so, companies free their scarce capital to be directed to where they hold a competitive advantage. This is typically what many companies have been doing when they start considering adopting external cloud services – they first delegate their non-core functions or applications into third-party clouds, as they need more time and experience to understand and deal with the potential cloud risks that may impact their core business activities. When reviewing the determinants of cloud-sourcing decisions from influential prior empirical articles, Schneider and Sunyaev [78] summarize that most studies find that technical specificity, one of the three categories of asset specificity, has a significantly obstructive effect on cloud-sourcing decisions. Greater levels of modularity in a firm’s internal IT assets may facilitate adoption of external cloud computing by reducing internal technical specificity and its associated transaction costs, thereby promoting de-integration and outsourcing.
In practice, IT modularity can be implemented in a firm’s internal IT systems at different scales and to varying degrees, depending on the specific IT practices of that firm. Generally speaking, IT practices can be grouped into two main levels: those designed and implemented as integral core and non-core components of the entire firm’s structure directed by long-term company-wide business and IT strategies, and those that don’t align with the overall IT strategy but are only required by non-strategic activities such as ad hoc, temporary or experimental IT development and deployment projects in siloed departments. Modularization in IT systems complying to the former type of IT practices can be termed as strategic IT modularity, while modularization in IT systems for isolated processes and functionality following the latter type of IT practices can be termed as non-strategic IT modularity. In other words, a firm may consider modularizing its internal IT systems from a top-down (strategic business transformation) or a bottom-up (local project development and management) approach [102].
The two levels of IT modularization have quite distinct effects. Like any new technology, oftentimes IT modularity is first embraced through curiosity by managers who want to explore and understand its value in specific units of functionality [102]. This type of bottom-up approach typically is limited to a certain small scale – for example, a set of projects within a certain siloed department or unit in the firm initiated by a department manager or project manager. These modularizations are hence often isolated and there is no guarantee that the relevant IT resources have been optimized for reusability and efficiency by the entire firm. On the other hand, IT modularity can be implemented using a top-down approach, with company-wide or even industry-wide business strategies and goals borne in mind. In such cases, strategic business drivers, such as customer satisfaction, quick response to changing market conditions as well as creating a flexible, on-demand business, are often the motivation to facilitate business transformation enabled by IT modularity such as in the form of SOA [20, 102]. A top-down approach will more likely help implement internal IT modularity in a systematic and strategic way than a bottom-up approach. Hence, strategic IT modularity is much more influential and may involve a variety of enabled tactics to be rolled out throughout a company. For example, IT modularity with open standards can make it easier for firms to outsource applications to an external third-party provider [102]. Incorporating third-party products and enhancing B2B (business-to-business) transactions are two other exemplary tactics that can be achieved by strategic IT modularization of SOA [102].
Internal IT system modularization at the enterprise-wide strategic level involves profound architectural shifts and transformations from a relatively tightly intertwined, monolithic design to a relatively loosely coupled, autonomous, self-contained module-based design wherein each module or component serves a specific service or functionality purpose. The strategic-level transformation affects a wide range of systems as well as the business processes, functions, and components within a firm. Once complete, the components of the internal IT systems in the firm become much more nimble, scalable, and more readily modified, removed, connected to, or replaced by external services via standardized interfaces.
No matter what the size of a firm, such an organization-wide modularization significantly reduces the transaction costs of exchange and communication between various components and processes within the firm and outside of the firm, which enables the firm to cost-effectively and strategically consider which components should be kept in house and which should be migrated and replaced by external cloud application services with an effortless connection using unified interfaces, and hence closely and effectively fulfill its business strategies. Application-level cloud services (i.e., SaaS) are typically off-the-shelf, ready-to-use software applications that provide a broad variety and possibility of specific software services and functionality with standardized interfaces and communication protocols to be connected, integrated and interact with firms’ internal IT systems. Given the unlimited possibility of application-level services offered in the cloud, any type of firm may have a good chance to locate and find suitable application-level cloud services to fulfill its business strategy as long as it strategically modularizes its company-wide internal IT systems. For example, SOA, a typical IT modularization approach, can be implemented at the strategic, organization-wide level to transform a firm’s internal IT systems into a service-based paradigm and make it much easier for the firm to strategically consider outsourcing or connecting services to third-party cloud application services, based on the firm’s specific needs and regardless of its size. Large enterprises may consider adopting peripheral services such as emailing, billing and invoicing, logistics and human resource management provided by the relevant service components in a cloud-based enterprise resource planning (ERP) software suite, so they can implement those processes in a more cost-effective manner without having to worry too much about the imposed risks of migrating such non-core operations into the cloud. SMEs, on the other hand, may consider using cloud applications to fulfill some core, essential business processes and operations when they do not possess or cannot afford creating their own capabilities in these areas, so they can focus on cultivating and advancing their key business competitiveness and strengths quickly.
By contrast, as non-strategic internal IT modularization typically occurs in localized projects with piloting or experimenting purposes specific to the context and need in a firm, such a modularization can reduce the local transaction costs between the involved components in a small, limited scope. Such a localized improvement typically is independent of outward connections or integrations with readily available application-level cloud services. Rather, such a small-scope modularization is intended to enable the firm to develop its own specific internal capability that is only well understood by the firm itself. No matter what stage firms are at and how large they are, they will seek to evolve and innovate to sustain or improve their competitiveness. They will do so by quickly and cost-effectively conducting locally modularized pilot or experimental projects, to acquire and test novel internal capabilities. Regardless of firm size, non-strategic internal IT modularization may typically have a negative impact on adoption of external application-level cloud services which cannot meet such highly tailored, firm-specific needs.
Therefore, regardless of firm size, strategic IT modularity may enable firms to adopt and connect with more external third-party applications, while ad hoc, non-strategic IT modularity may instead hinder outsourcing of internal IT projects to external application providers or obstruct integration with application-level cloud services. We propose the relevant hypotheses as follows:
Hypothesis 1a (H1a)
Strategic IT modularity is positively associated with adoption of application-level cloud computing for both SMEs and large enterprises.
Hypothesis 1b (H1b)
Non-strategic IT modularity is negatively associated with adoption of application-level cloud computing for both SMEs and large enterprises.
Server-level cloud services are more technically sophisticated and harder to manage and utilize, compared to application-level cloud services, and often require more specific IT expertise to acquire, develop and deploy. Hence, we posit that SMEs and large enterprises have different technology adoption patterns, as the two types of firms have many different considerations and concerns regarding server-level cloud services. As Talukder and Zimmerman [88] have observed, company size may play an important role in whether and how much a company will adopt a certain cloud service. For example, large enterprises have a much deeper pocket than SMEs in terms of various aspects such as market value and position, revenue, profit, staff, management, partnership, reputation, and IT resources and expertise, so they are usually not compelled to acquire more IT resources externally but very concerned about their overall reputation, business continuity, quality of service, customer satisfaction, customer data safety, and privacy [31, 73]. As a result, when considering server-level cloud services that are more technically complex and harder to oversee than application-level services, large enterprises may exercise prudent caution against adopting server-level cloud services as compared to application-level cloud services [19]. On the other hand, SMEs largely do not harbor the kinds of legacy burdens that large enterprises have. Instead, their biggest concerns are usually those obstacles that impede their growth and expansion, such as internal financial and IT resource shortages,so, SMEs are much more likely to consider adopting server-level cloud services, which could be the ideal way to quickly obtain and scale external IT resources in a cost-effective manner [8, 84]. Therefore, it is informative to test the heterogenous propositions for SMEs and large enterprises as two separate groups regarding server-level cloud services. In particular, for SMEs, strategic IT modularity may increase the use of external server-level cloud services rather than acquiring them in-house. Non-strategic IT modularity may also enhance the use of external server-level cloud services because SMEs can more cost-effectively develop siloed IT projects using external server-level cloud services than by developing them in-house. We submit, by contrast, that large enterprises are more likely to avoid using server-level cloud services in the first place regardless of how much their internal IT systems are modularized, given their concerns about compatibility with legacy internal IT resources. Therefore, we posit the following:
Hypothesis 2a (H2a)
Strategic IT modularity is positively associated with adoption of server-level cloud computing for SMEs.
Hypothesis 2b (H2b)
Non-strategic IT modularity is positively associated with adoption of server-level cloud computing for SMEs.
Hypothesis 3a (H3a)
Strategic IT modularity is not associated with adoption of server-level cloud computing for large enterprises.
Hypothesis 3b (H3b)
Non-strategic IT modularity is not associated with adoption of server-level cloud computing for large enterprises.
3 Research design and methodology
3.1 Data
We used a cross-sectional data source from Forrester Research for our empirical analyses. The data comes from a comprehensive online survey of adoption trends in software technology conducted by Forrester, of companies ranging from very small businesses and startups (2–10 employees) to global enterprises (20,000 + employees) in North America (US and Canada) and Europe (UK, Germany, and France) covering major industries of manufacturing (primary products, consumer products, chemicals & petroleum, high-tech products, and industrial products), retail & wholesale (retail, and wholesale & distribution), services (transportation & logistics, professional services, construction & engineering services, media, entertainment & leisure, utilities, telecom services, financial services, and insurance), and public sector (public services, and government) during the period between December, 2008 and February, 2009.
Our final data sample comprises 457 firms including 189 SMEs and 268 large enterprises, for which data is available for the variables employed in our analysis. The sample characteristics of the data can be found in Table 1. Compared to the distribution of the firms across different industries in the original survey dataset, the final sample is in the similar distribution pattern, which indicates that it is a reasonably representative reflection of the various firms in the original survey dataset containing 2,227 firms in total.
3.2 Variables
Cloud adoption at the server level (PerVirSer) and application level (PerSaaS), the two dependent variables in the regression models, are measured by the percentages of virtual server and SaaS usage in the relevant survey questions, respectively (see Table A1). The two dependent variables are constructed as numeric percentages ranging from 0 to 100% using the most relevant survey questions that we can identify in the Forrester survey. Server-level cloud adoption is measured by the percentage of a firm’s applications currently deployed in a virtual server at hosting or cloud service provider, and hence represents external virtualized cloud platform and hardware resources a firm has currently adopted. Application-level cloud adoption is measured by the percentage of a firm’s applications currently deployed in Software as a Service (SaaS), and hence represents external cloud software and applications a firm has currently adopted. The continuous nature of the two dependent variables will provide the coefficient estimates of the independent variables with more intuitive and meaningful interpretations, thus enriching our understanding in the regression results and findings.
The independent variables of IT modularity are based on the prior literature of how IT modularity is measured. Many prior constructs of IT modularity were discussed as important dimensions of IT flexibility. The relevant literature reveals that IT modularity entails the following characteristics: (1) service-oriented or service-based, (2) modular, (3) loosely coupled, (4) object-oriented, (5) reusable and reconfigurable, (6) standardized, and/or (7) componentized ([92]; [23, 30, 35, 94]. Referencing the listed and derived keywords for IT modularity, we thoroughly searched the entire original survey for all possible relevant questions and found that some survey questions about service-oriented architecture (SOA) were highly relevant to IT modularity. These questions reference the concept of IT modularity at two distinct levels, and thus can be used as proxies for measuring the two distinct IT modularity variables: (1) SOA used for strategic business transformation is pertinent as a proxy for measuring the company-wide strategic IT modularity and named as BizTranSOA, which is a dummy variable that represents whether a firm has currently implemented strategic IT modularity or not, and (2) ProjSOA is a numeric scale measure that represents the degree of how much local non-strategic IT modularity a firm has currently implemented in solution delivery projects for both new applications and existing applications (see Table A1).
The SOA paradigm itself has been studied extensively in the IS literature [33, 36, 38, 41, 48, 62,63,64, 67, 68]. SOA is defined as [67], p. 3): “A way of reorganizing a portfolio of previously siloed software applications and support infrastructure into an interconnected set of services, each accessible through standard interfaces and messaging protocols.” SOA is a typical modularized architectural style based on the self-contained modules of services which are business functions implemented in software and wrapped with standard interfaces [41, 67]. The module encapsulation concept in SOA derives from the principles of modularity in software engineering which decompose programs into modules, objects, and components [12]. The major difference between SOA modularity and software modularity is that services in SOA represent complete business functions which are reusable in new transactions at the level of the firm or even across firms rather than of a single program or application [67]. Tafti et al. [87] identify services-based IT architecture as a representative proxy for modular architecture. Tiwana and Konsynski [94] identify SOA as the typical modular IT architecture. Considering these factors, SOA is used as a proxy of IT modularity in our study.
Various control variables spanning a firm’s decisions and perceptions toward IT, organizational characteristics (firm size and IT expenditure) as well as industry types (industry categories) are used to account for alternative explanations of cloud adoption (see Table 2 and Table A1). In detail, we control for SOAPFootnote 2 or RESTFootnote 3 Web services used for new custom applications within a firm (WSCApp). Conventional custom applications are software applications developed or customized for a specific user or a group of users within an organization, so they are typically very asset-specific to the firm and have the downsides of being very difficult and costly to maintain and upgrade due to their rigid, non-standard implementation and integration within the internal IT systems. A Web service is a special type of service that is designed to communicate over a network, and it may use Internet standards and protocols to expose its features [67]. Building custom applications such as Web services might improve their flexibility to some extent,however, the inherent rigidity and specificity of custom applications may largely remain. We also control for a firm’s attitude toward outsourcing internal applications to third parties (ImGoal_Out) which is found to be an influential factor in prior empirical literature [78] – the more a firm favors outsourcing, the more likely it will use external cloud services. Similarly, we control for the use of SaaS as the preferred deployment option (PDepSaaS), avoidance of SaaS because of the SaaS quality concerns (NoSaaS_Qual), as well as the important factor of IT flexibility and agility offered by SaaS when a firm considers adopting SaaS (SaaS_FlexAgi) according to prior empirical findings [78]. These three controls are all about a firm’s positive or negative attitudes toward using external SaaS applications, so they may directly link to SaaS adoption. In addition, our study controls for firm size as well as IT expenditure. The control for firm size (ENT) is a dummy variable with 0 indicating an SME and 1 indicating a large enterprise. As discussed previously, SMEs and large enterprises may display quite distinct reasons, acts and effects toward technology adoption [14, 28, 32, 46, 52, 83, 85]. Cloud computing may appear much more attractive to SMEs than to large enterprises [8, 47, 88]. The control variable for IT expenditure in a firm (ITSpend_ln) is widely used in many IS empirical studies. For example, Tafti et al. [87] control IT expenditure as a proxy for overall information intensity of a firm’s operations. IT expenditure will likely affect a firm’s financial ability to acquire and develop in-house IT resources, so it is relevant, and the natural logarithm of IT expenditure is used as the original value is in US dollars and thus can be disparately larger than other variables. Among the industry characteristics, our analysis controls for which industry a firm is in as in prior IS articles. Similar to Tafti et al. [87] and Tiwana [93], we use four industry dummy variables representing Manufacturing (Ind_Man), Retail & Wholesale (Ind_RnW), Various Services (Ind_Ser), and Public Sector (Ind_Pub) industries.
The pairwise correlations and descriptive statistics for the entire final sample (457 firms including both SMEs and large enterprises) are summarized in Table 2. Factor analysis and multicollinearity checks (after regressions) are used to confirm discriminant validity.
3.3 Estimation models for adoption of cloud computing
In the first step, we use two similar ordinary least squares (OLS) models with interaction terms of SOA and firm size to test whether SMEs and large enterprises data can be pooled together for the regressions for the adoption of server-level and application-level cloud services respectively as shown below.
Note that the term of Xc in the above Model 1 and 2 represents the full list of control variables (except firm size ENT) as depicted in Table 2. The important variables are explained in detail in Table A1.
After the regressions, we use a Chow test to check whether the data can be pooled together when the Chow test is insignificant at the 5% significance level, or whether the data must be split into two separate datasets for SMEs and large enterprises when the Chow test is significant at 5%.
In line with the previous arguments that the application-level cloud services may appear similar for both SMEs and large enterprises, whereas the server-level ones may appear quite different for them on various aspects, we suspect that the Chow test would be significant for Model 1 while it would be insignificant for Model 2.
Following this logic, we next propose a simplified model for the separated SME and large-enterprise datasets for the hypotheses related to server-level cloud service adoption as follows:
Note that the term of Xd in the above Model 3 represents a smaller number of the relevant control variables only for server-level cloud service adoption which exclude SaaS-related controls and firm size (ENT). The involved control variables related to the two columns of Model 3 can be seen in Table 3.
4 Empirical analysis
4.1 Regression results
We first perform regression employing the entire (final) sample of the pooled data (457 firms) for Model 1 and Model 2 and follow with two Chow tests to determine whether the pooled data can be used for the two regressions. For server-level cloud services, the Chow test is significant at the 5% level (F(3, 441) = 3.52, Prob < F = 0.015). Therefore, firm size could be driving differences in behavior across SMEs and large enterprises, and the data should be separated by firm size and Model 3 should be used for SMEs and large enterprises separately (see columns related to Model 3 in Table 3). For application-level cloud services, the Chow test is insignificant even at the 10% level (F(3, 441) = 1.40, Prob > F = 0.243), so the pooled data can be used for Model 2 (see Model 2 column in Table 3).
Table 3 presents results for all our hypotheses. For Model 2, H1a is supported (β = 2.836, t = 1.99, p = 0.048). H1b is also supported, though only at the marginal 10% significance level (β = −1.173, t = −1.82, p = 0.07). In the control variables, the goal of outsourcing is positive and significant (β = 1.074, t = 2.78, p = 0.006). SaaS as the preferred deployment method for a major application is positive and significant (β = 8.959, t = 3.29, p < 0.001). Concerns on SaaS have a significant, negative effect (β = −0.472, t = −2.20, p = 0.028). The flexibility and agility benefits of SaaS are positive and significant (β = 0.791, t = 3.29, p < 0.001). It is informative that IT expenditure has a significant, negative effect (β = −0.431, t = −2.24, p = 0.025) on adoption of application-level cloud services. For Model 3, two sets of separate results are shown for SMEs and large enterprises respectively in Table 3. H2a is not supported (β = 1.637, t = 0.74, p = 0.461). Differently, H2b is supported (β = 2.05, t = 2.05, p = 0.041). Two control variables have significant effects on server-level cloud adoption for SMEs. Custom applications developed as Web services have a strong significant, negative effect (β = −6.371, t = −2.16, p = 0.032). Again, the goal of outsourcing is positively and significantly related to server-level cloud service adoption (β = 1.739, t = 1.91, p = 0.057). The fit of the overall regression (Model 3) for large enterprises is not significant at the 10% significance level (F test = 0.53, Prob > F = 0.855), nor are the coefficient estimates of strategic SOA (β = 1.520, t = 1.37, p = 0.172) and non-strategic SOA (β = −0.672, t = −1.19, p = 0.237). Therefore, we do not find statistically significant evidence of an association between IT modularity and adoption of server-level cloud computing for large enterprises, nor do the results provide evidence to reject hypotheses H3a and H3b.
4.2 Tests for common method bias
The issue of common method bias (CMB) may exist when all the variables come from a single cross-sectional dataset. Common method bias refers to the amount of spurious correlation among variables due to the same method used in data collection such as a self-report survey [27, 56]. The existence of common method bias may render the conclusions erroneous or misleading by intermingling the actual phenomenon of interest with measurement artifacts that lead to either inflated or deflated results [27, 56]. To address the problem of common method bias, various methods have been introduced which can be grouped into two major categories: statistical and post hoc remedies, and procedural methods [71]. The former includes methods that can be applied using statistical knowledge after the variables have already been measured in the single source data. The latter includes methods that can mitigate or avoid such biases at the beginning of data collection. Since the Forrester survey dataset is a secondary data source, it was not possible to adopt such procedural methods in our work. Therefore, our study focuses on the statistical and post hoc methods. In the statistical and post hoc category, there are different methods that one can utilize to address common method bias such as the Harman’s single-factor test and the Lindell-Whitney marker-variable technique [53]. Specific to IS research, Malhotra et al. [56] conduct a series of comparisons among the various statistical and post hoc CMB methods to evaluate their capabilities as well as their differences. First, they find that the issue of CMB is not as serious as researchers suspected in IS research. In other words, CMB, though present, is not substantial in IS study. Furthermore, they find that, in terms of the ability to detect CMB, various methods perform similarly without significant difference. Considering these factors, we use the Harman’s single-factor test as well as the marker-variable technique to address the potential CMB issue because these two methods are the most widely used ones in social research.
There are two ways to do a Harman’s single-factor test: using exploratory factor analysis (EFA) or confirmatory factor analysis (CFA) [71]. We use Harman’s single factor test with EFA setting because it is widely known as an efficient method to detect CMB and easy to implement. In this method, if a single factor emerges or a first factor explains the major variance in the variables, CMB is regarded as extant in the data. Harman’s single factor tests with EFA are performed for all statistically significant regressions presented in Table 3. For Model 2, we perform the single factor test with orthogonal varimax rotation and do not find such an emerged single factor (χ2(78) = 2658.80, Prob > χ2 = 0.000). Similarly, for Model 3 for SMEs only, we do not find such an emerged single factor (χ2(36) = 6621.60, Prob > χ2 = 0.000). For Model 3 for large firms only, we do not find such an emerged single factor either (χ2(36) = 1190.56, Prob > χ2 = 0.000). Lindell-Whitney marker-variable technique [53] uses a marker variable that is theoretically unrelated to the principal constructs to adjust the correlations among principal constructs. Any high correlation between the marker variable and any of the principal constructs is an indication of possible common method bias [93]. For robustness, we use two different marker variables (one dummy marker variable about firm location and the other numeric one about the age of the survey respondent) to repeat the tests for Model 2 (SMEs and large firms combined), Model 3 for SMEs only, and Model 3 for large firms only (see Table A2). It is found that there is no high correlation (i.e., absolute value > = 0.80 as per Bagozzi et al. [9] in the tests. Collectively, it can be concluded that common method bias is not a serious problem in our work.
5 Discussion and conclusion
5.1 Main findings and discussion
To our knowledge, this is the first study to theoretically link IT modularity with cloud computing at two distinct levels (i.e., application vs. server level) and to empirically examine their relationships for two types of firms – SMEs and large enterprises. Our study reflects the importance of research in how technical specificity may influence cloud-sourcing decisions differently in terms of firm size and cloud service models (SaaS vs. IaaS/PaaS) [78] and is an informative and constructive endeavor toward this research direction. We find that SMEs and large enterprises display very similar behaviors toward application-level cloud adoption (i.e., SaaS applications). This reflects the fact that SaaS, the highest layer in the three-tier basic service model of cloud computing [58], is the most ready-to-use and functionality-rich one compared to the other two – PaaS and IaaS. No matter how large a firm is and what industry a firm is in, it can always find some SaaS applications that are right for it. This paper finds that a firm’s internal IT modularity on the company-wide strategic business transformation level has a positive effect on its SaaS application adoption, because IT modularity generally reduces various transaction costs and risks, enabling de-integration and outsourcing [93]. Strategic IT modularity, in particular, entails an extensive scale of changes in a firm, many of which relate to high-level, non-core business operation processes and functionality that various SaaS applications can swiftly handle, compared to in-house alternatives which are usually perceived as difficult and complicated to implement by the firm especially if it is a non-tech company or an SME, therefore the firm is likely to outsource such implementations to external SaaS applications [49]. By contrast, a firm’s non-strategic internal IT modularization in localized projects has a negative effect on adoption of external application-level cloud services. This may reflect the fact that many such siloed projects are improvised or created for an ad hoc purpose such as piloting and experimenting typically limited within a small scope in the firm and lack a strategic plan or do not align to the incumbent strategic plan,and as they involve specific technique-oriented development endeavors, they are unlikely to find readily usable SaaS solutions which address their server-level needs. The differences between such strategic and non-strategic uses of IT modularity reflect the notions of top-down and bottom-up approaches highlighted by Walker [102].
In addition to the main findings concerning SaaS adoption, there are several findings associated with the statistically significant control variables in the regression results. Our empirical findings reinforce and enrich the prior literature about the perceived benefits and risks of cloud computing [50, 88]. We observe statistically significant coefficient estimates for the relevant control variables in the expected directions, such as SaaS quality concerns about data privacy and security risks (a negative sign), and perceived SaaS flexibility and agility benefits (a positive sign). Internal IT expenditure is negatively associated with SaaS, which may suggest the superior cost-effective pay-per-use consumption and billing model of SaaS compared to the conventional license-based charging model [4, 13, 17, 50, 57, 58, 96, 107, 109], so a lower IT expenditure can actually be associated with more SaaS usage.
On the other hand, SMEs and large enterprises display distinct behaviors toward server-level cloud adoption (i.e., PaaS and IaaS raw computing resources). SMEs tend to use more server-level cloud services if they implement non-strategic modularization for their ad hoc or short-term IT projects that do not necessarily align with the overarching IT strategy across the entire organization. This finding augments certain prior findings from literature that SMEs generally lack internal server-level IT resources, which might lead them to use more such external resources [8, 84]. We also posit that internal modularization of non-strategic IT projects will further improve the firms’ likelihood of using external IaaS and PaaS services. By contrast, strategic IT modularity may not significantly influence server-level cloud adoption for SMEs. One possible explanation is that as the scope and impact of strategic IT modularity is much wider and deeper than in local IT projects, it largely pertains to systematic transformations and renovations in business processes and practices at various levels throughout the entire firm, instead of merely external raw IT resource acquisition [102].
Interestingly, if SMEs develop more new custom applications using Web services in house, they will tend to use less external server-level cloud services. Custom applications, designed for very specific needs and uses within an SME, are idiosyncratic and asset-specific IT assets for the firm. Therefore, they can become very inflexible and costly to maintain, rendering them to be much less valuable to alternative usages internally and externally. This becomes a serious problem especially in the present business environment that emphasizes responsiveness to elusive opportunities and resilience to changes and challenges. Web service may renovate these rigid IT assets to potentially become strategic resources but limited to a certain extent due to the inherent specificity of custom applications. In particular, our findings suggest that service-based custom applications offer limited value for connecting with external resources. Furthermore, service-based custom applications are software services rather than server-level raw IT resources. They become relatively more flexible and reusable inside the firm with the utilization of internal server-level IT resources, and thereby lead to reduced usage of external server-level cloud computing.
By contrast, we find that neither strategic nor non-strategic IT modularity present any significant effect on server-level cloud adoption for large enterprises. While interpreting lack of statistical significance is not straightforward, our findings may reflect decision-making complications in large enterprises regarding external server-level cloud services, such as concerns about data ownership, security and privacy in the cloud, as well as reputation and regulatory requirements [31, 73]. Large enterprises might need to ponder many more factors than SMEs when considering external cloud services. So, they usually start with using more ready-to-use, manageable and accountable SaaS applications on a trial basis, if they want to experiment with cloud services at all. Regarding the more complicated but less abstract server-level services, they are quite concerned about the profound technical and business implications and consequences of using such cloud resources and are thus reluctant to try [19, 98]. For example, a financial service firm must consider the significant enforced legal and regulatory requirements set by the government and legislation before it can use any server-level cloud services for its important businesses and services. Financial privacy issues, customer data protection issues, and business continuity issues are several salient challenges that a financial service firm must address before considering a major server-level cloud use [16]. Large companies may also have much more leeway than SMEs to postpone their decisions toward server-level cloud adoption because they usually already have abundant existing in-house IT resources. If they have a considerable amount of IT legacy systems over the years, it may also deter their use of more novel technologies such as server-level cloud computing because of the incompatibility issues. Large enterprises may also be less flexible and agile than SMEs due to their size. It is common to observe that large companies might react in a much slower manner than SMEs to changes in a business environment. Incumbent corporate culture, inertia to changes, preset business strategies, routine senior management as well as complexity of changes may all contribute to the reluctance of using server-level cloud computing for large enterprises. As an overall manifestation, large enterprises seem to be indifferent in server-level cloud service adoption when modularizing their internal IT systems, no matter on a strategic level or on a non-strategic level.
5.2 Managerial implications and concluding remarks
Cloud computing, as a disruptive IT consumption model, has gained widespread attention and acceptance by companies in various industries. This model of computing has enabled firms not only to achieve more cost savings in certain conditions, but also to create flexible and agile business innovations. Though cloud firm users might not be able to directly address the technical issues and risks of cloud computing the way that cloud providers might be able to, they can instead modularize IT systems within their own firm borders to mitigate the possibility of such risks and uncertainties, and to improve their internal readiness and flexibility to have a better success and business performance with connections to external cloud resources. They can modularize their internal IT systems in strategic or non-strategic ways, depending on what kinds of cloud services the firms want to use.
Regardless of firm size, company-wide strategic internal IT modularity should be considered by senior management as an important factor to facilitate adoption of SaaS applications. Decision makers in both SMEs and large enterprises should be aware that while there are various external SaaS services that are readily usable and easy to integrate, they need to pay careful attention to strategic modularization of their internal IT systems so that they can bring their strategic objectives to fruition. Thorough research on the benefits and the risks of SaaS is also important for firms before they decide to adopt SaaS applications. If firms want to attempt to deploy non-strategic modularization such as piloting of siloed SOA projects within a department, they should consider that such projects usually involve more exhaustive software development and customization efforts and cannot be directly fulfilled by external SaaS offerings. Specific to SMEs, non-strategic, localized modularity in IT projects should be considered as a helpful enabler for managers in SMEs to adopt IaaS and PaaS cloud services. If SMEs internally develop custom applications and embrace language and platform-independent Web services such as SOAP or REST, such a service-based approach may increase the flexibility and reusability of their internal custom applications to some extent and thus help reduce their reliance on external IaaS and PaaS services, which can be beneficial.
Despite our novel attempt to examine IT modularity and cloud adoption, our research has limitations that can be addressed in future work. Limited by the survey data, we were unable to identify many of the firms’ identities such as name and other information that could have enabled linking of the survey to other publicly available data sources. One resulting limitation is that some possibly useful control variables such as firm age [93] and industry concentration and regulation [87] could not be obtained and thus were not included in the models. As a result, certain plausible alternative explanations may not have been accounted for. Even though SOA is now a typical, widely accepted proxy for IT modularity, our study could have extended the representation of IT modularity into other variables if the data collection of such type were allowed. As Sanchez and Mahoney [75] indicate the link between product modularity and organizational modularity, future research can examine other types of modularity such as organizational modularity as a factor that influences cloud adoption decisions. The sample sizes of SMEs (189) and large enterprises (268) used in the separated regression analyses of Model 3 are relatively small. Though we have identified relevant survey questions for measuring the dependent variables (application-level cloud adoption and server-level cloud adoption) as well as the independent variables (strategic IT modularization and non-strategic IT modularization) of interest, we are constrained by the survey data which has inherent limitations. In addition, due to the relative novelty of cloud computing when the Forrester survey was conducted, many firms did not use cloud computing according to their answers in the survey, which might not reflect the changing trends of cloud adoption in more recent years, even though the essential characteristics of cloud computing may still largely remain unchanged or similar to date according to the recent literature about cloud computing characteristics, benefits and challenges [2, 4, 13, 31]. Therefore, caution is advised when considering the generalizability of the results and findings from our study.
Notes
SOAP stands for Simple Object Access Protocol which is a messaging protocol specification for interchanging data between applications written in different programming languages.
REST stands for Representational State Transfer which is a data-driven software architecture style that relies on a stateless communications protocol such as HTTP.
References
A Vouk, M. (2008). Cloud computing–issues, research and implementations. Journal of computing and information technology, 16(4), 235–246.
Ahmed, H. A. S., Ali, M. H., Kadhum, L. M., Zolkipli, M. F., & Alsariera, Y. A. (2017). A review of challenges and security risks of cloud computing. Journal of Telecommunication Electronic and Computer Engineering (JTEC), 9, 87–91.
Aldossary, S., & Allen, W. (2016). Data security, privacy, availability and integrity in cloud computing: Issues and current solutions. International Journal of Advanced Computer Science and Applications, 7(4), 485–498.
Ali, M. B., Wood-Harper, T., & Mohamad, M. (2018). Benefits and challenges of cloud computing adoption and usage in higher education: A systematic literature review. International Journal of Enterprise Information Systems (IJEIS), 14(4), 64–77.
Argyres, N., & Bigelow, L. (2010). Innovation, modularity, and vertical deintegration: Evidence from the early US auto industry. Organization Science, 21(4), 842–853.
Argyres, N. S., & Liebeskind, J. P. (1999). Contractual commitments, bargaining power, and governance inseparability: Incorporating history into transaction cost theory. Academy of management review, 24(1), 49–63.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., & Stoica, I. (2010). A view of cloud computing. Communications of the ACM, 53, 50–58.
Assante, D., Castro, M., Hamburg, I., & Martin, S. (2016). The use of cloud computing in SMEs. Procedia computer science, 83, 1207–1212.
Bagozzi, R. P., Yi, Y., & Phillips, L. W. (1991). Assessing construct validity in organizational research. Administrative science quarterly, pp. 421–458.
Baldwin, C. Y. (2008). Where do transactions come from? Modularity, transactions, and the boundaries of firms. Industrial and corporate change, 17(1), 155–195.
Baldwin, C. Y., & Clark, K. B. (2000). Design rules: The power of modularity (Vol. 1). MIT press.
Baldwin, C. Y., & Clark, K. B. (2003). Managing in an age of modularity. Managing in the modular age: Architectures, networks, and organizations, 149, 84–93.
Bello, S. A., Oyedele, L. O., Akinade, O. O., Bilal, M., Delgado, J. M. D., Akanbi, L. A., Owolabi, H. A. (2021). Cloud computing in construction industry: Use cases, benefits and challenges. Automation in Construction, 122, 103441.
Berisha, G., & Pula, J. S. (2015). Defining small and medium enterprises: A critical review. Academic Journal of Business, Administration, Law and Social Sciences, 1(1), 17–28.
Bernstein, D., Ludvigson, E., Sankar, K., Diamond, S., & Morrow, M. (2009). Blueprint for the intercloud-protocols and formats for cloud computing interoperability. In 2009 fourth international conference on Internet and web applications and services (pp. 328–336). IEEE.
Bloomberg. (2021). BOE Warns on Risks of Banking’s Reliance on Cloud Computing. Retrieved 01 Sep 2021 from https://www.bloomberg.com/news/articles/2021-07-13/boe-warns-on-risks-of-banking-s-reliance-on-cloud-computing
Caldarelli, A., Ferri, L., & Maffei, M. (2017). Expected benefits and perceived risks of cloud computing: An investigation within an Italian setting. Technology Analysis & Strategic Management, 29(2), 167–180.
Catteddu, D. (2010). Cloud Computing: benefits, risks and recommendations for information security. In Web Application Security: Iberic Web Application Security Conference, IBWAS 2009, Madrid, Spain, December 10-11, 2009. Revised Selected Papers (pp. 17–17). Springer Berlin Heidelberg.
Chen, D., & Zhao, H. (2012). Data security and privacy protection issues in cloud computing. In 2012 international conference on computer science and electronics engineering (Vol. 1, pp. 647–651). IEEE.
Cherbakov, L., Galambos, G., Harishankar, R., Kalyana, S., & Rackham, G. (2005). Impact of service orientation at the business level. IBM Systems Journal, 44(4), 653–668.
Chou, Y.-C., Chuang, H.H.-C., & Shao, B. B. (2016). The impact of e-retail characteristics on initiating mobile retail services: A modular innovation perspective. Information & Management, 53(4), 481–492.
Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., & Molina, J. (2009). Controlling data in the cloud: outsourcing computation without outsourcing control. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 85–90).
Chung, S. H., Byrd, T. A., Lewis, B. R., & Ford, F. N. (2005). An empirical study of the relationships between IT infrastructure flexibility, mass customization, and business performance. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 36(3), 26–44.
Clemons, E. K., & Hitt, L. M. (2004). Poaching and the misappropriation of information: Transaction risks of information exchange. Journal of Management Information Systems, 21(2), 87–107.
Clemons, E. K., Reddi, S. P., & Row, M. C. (1993). The impact of information technology on the organization of economic activity: The “move to the middle” hypothesis. Journal of management information systems, 10(2), 9–35.
ComputerWorld. (2012). Integration in the Cloud. Retrieved 01 Sep 2021 from https://www.computerworld.com/article/2502308/integration-in-the-cloud.html
Craighead, C. W., Ketchen, D. J., Dunn, K. S., & Hult, G. T. M. (2011). Addressing common method variance: Guidelines for survey research on information technology, operations, and supply chain management. IEEE transactions on engineering management, 58(3), 578–588.
Daniel, E. M., & Grimshaw, D. J. (2002). An exploratory comparison of electronic commerce adoption in large and small enterprises. Journal of Information Technology, 17(3), 133–147.
Ding, L., Wu, J.-X., & Ouyang, T. (2019). Promoting adaptive agility through modularity: A Chinese case. International Journal of Manufacturing Technology and Management, 33(6), 446–467.
Duncan, N. B. (1995). Capturing flexibility of information technology infrastructure: A study of resource characteristics and their measure. Journal of management information systems, 12(2), 37–57.
Elzamly, A., Messabia, N., Doheir, M., Abu Naser, S., & Elbaz, H. A. (2019). Critical cloud computing risks for banking organizations: Issues and challenges. Religación Revista de Ciencias Sociales y Humanidades, 4, 673–682.
Eniola, A. A., & Entebang, H. (2015). SME firm performance-financial innovation and challenges. Procedia-Social and Behavioral Sciences, 195, 334–342.
Erl, T. (2007). SOA principles of service design (the Prentice Hall service-oriented computing series from Thomas Erl). Prentice Hall PTR.
Ethiraj, S. K., & Levinthal, D. (2004). Modularity and innovation in complex systems. Management science, 50(2), 159–173.
Fink, L., & Neumann, S. (2009). Exploring the perceived business value of the flexibility enabled by information technology infrastructure. Information & Management, 46(2), 90–99.
Foster, I. (2006). Globus toolkit version 4: Software for service-oriented systems. Journal of computer science and technology, 21(4), 513–520.
Gibson, R. (1994). Global information technology architectures. Journal of Global Information Management (JGIM), 2(1), 28–38.
Gu, T., Pung, H. K., & Zhang, D. Q. (2005). A service-oriented middleware for building context-aware services. Journal of Network and computer applications, 28(1), 1–18.
Hatten, T. S. (2018). Small business management: Creating a sustainable competitive advantage. SAGE Publications.
Hoetker, G. (2006). Do modular products lead to modular organizations? Strategic Management Journal, 27(6), 501–518.
Huhns, M. N., & Singh, M. P. (2005). Service-oriented computing: Key concepts and principles. IEEE Internet Computing, 9(1), 75–81.
Iman, N. (2016). Modularity matters: a critical review and synthesis of service modularity. International Journal of Quality and Service Sciences.
Isal, Y. K., Pikarti, G. P., Hidayanto, A. N., & Putra, E. Y. (2016). Analysis of IT infrastructure flexibility impacts on IT-Business strategic alignment. Journal of Industrial Engineering and Management (JIEM), 9(3), 657–683.
Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. L. (2009). On technical security issues in cloud computing. In 2009 IEEE international conference on cloud computing (pp. 109–116). IEEE.
Jones, S., Irani, Z., Sivarajah, U., & Love, P. E. (2019). Risks and rewards of cloud computing in the UK public sector: A reflection on three Organisational case studies. Information Systems Frontiers, 21(2), 359–382.
Karlsson, C., & Olsson, O. (1998). Product innovation in small and large enterprises. Small Business Economics, 10(1), 31–46.
Karunagaran, S., Mathew, S. K., & Lehner, F. (2019). Differential cloud adoption: A comparative case study of large enterprises and SMEs in Germany. Information Systems Frontiers, 21(4), 861–875.
Krafzig, D., Banke, K., & Slama, D. (2005). Enterprise SOA: service-oriented architecture best practices. Prentice Hall Professional.
Kung, L., Cegielski, C. G., & Kung, H.-J. (2015). An integrated environmental perspective on software as a service adoption in manufacturing and retail firms. Journal of Information Technology, 30(4), 352–363.
Kushida, K. E., Breznitz, D., & Zysman, J. (2010). Cutting through the fog: understanding the competitive dynamics in cloud computing. Berkeley Round Table on the International Economy.
Langlois, R. N. (2002). Modularity in technology and organization. Journal of Economic Behavior & Organization, 49(1), 19–37.
Laukkanen, S., Sarpola, S., & Hallikainen, P. (2007). Enterprise size matters: objectives and constraints of ERP adoption. Journal of enterprise information management.
Lindell, M. K., & Whitney, D. J. (2001). Accounting for common method variance in cross-sectional research designs. Journal of applied psychology, 86(1), 114.
Luthria, H., & Rabhi, F. A. (2015). Service-oriented architecture as a driver of dynamic capabilities for achieving organizational agility. In The Handbook of Service Innovation (pp. 281–296). Springer.
Ma, J., & Kremer, G. E. O. (2016). A systematic literature review of modular product design (MPD) from the perspective of sustainability. The International Journal of Advanced Manufacturing Technology, 86(5), 1509–1539.
Malhotra, N. K., Kim, S. S., & Patil, A. (2006). Common method variance in IS research: A comparison of alternative approaches and a reanalysis of past research. Management science, 52(12), 1865–1883.
Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing—The business perspective. Decision support systems, 51(1), 176–189.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing.
Mikkola, J. H. (2003). Modularity, component outsourcing, and inter‐firm learning. r&d Management 33(4), 439–454.
Mikkola, J. H., & Skjoett-Larsen, T. (2003). Early supplier involvement: Implications for new product development outsourcing and supplier-buyer interdependence. Global Journal of Flexible Systems Management, 4(4), 31–41.
Monteverde, K. (1995). Technical dialog as an incentive for vertical integration in the semiconductor industry. Management Science, 41(10), 1624–1638.
Niknejad, N., & Amiri, I. S. (2019a). Introduction of service-oriented architecture (SOA) adoption. In The Impact of Service Oriented Architecture Adoption on Organizations (pp. 1–8). Springer.
Niknejad, N., & Amiri, I. S. (2019b). Literature review of service-oriented architecture (SOA) adoption researches and the related significant factors. The impact of service oriented architecture adoption on organizations, 9–41.
Niknejad, N., Ismail, W., Ghani, I., Nazari, B., & Bahari, M. (2020). Understanding Service-Oriented Architecture (SOA): A systematic literature review and directions for further investigation. Information Systems, 91, 101491.
NYT Docker. (2015). Docker, a Software Start-Up, Sees a Future in Containers of Code. Retrieved 01 Sep 2021 from http://www.nytimes.com/2015/01/13/business/a-small-software-company-sees-a-future-in-containers-of-code.html
NYT TimesMachine. (2008). The New York Times Archives + Amazon Web Services = TimesMachine. Retrieved 01 Sep 2021 from http://open.blogs.nytimes.com/2008/05/21/the-new-york-times-archives-amazon-web-services-timesmachine
Papazoglou, M. P. (2003). Service-oriented computing: Concepts, characteristics and directions. In Proceedings of the Fourth International Conference on Web Information Systems Engineering, 2003. WISE 2003. (pp. 3–12). IEEE.
Papazoglou, M. P., Traverso, P., Dustdar, S., & Leymann, F. (2008). Service-oriented computing: A research roadmap. International Journal of Cooperative Information Systems, 17(02), 223–255.
Parnas, D. L. (1972). On the criteria to be used in decomposing systems into modules. In Pioneers and Their Contributions to Software Engineering (pp. 479–498). Springer.
Pearson, S. (2009). Taking account of privacy when designing cloud computing services. In 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing (pp. 44–52). IEEE.
Podsakoff, P. M., & Organ, D. W. (1986). Self-reports in organizational research: Problems and prospects. Journal of management, 12(4), 531–544.
Rindfleisch, A., & Heide, J. B. (1997). Transaction cost analysis: Past, present, and future applications. Journal of marketing, 61(4), 30–54.
Rivaud-Danset, D., Dubocage, E., & Salais, R. (2001). Comparison between the financial structure of SMES and that of large enterprises (LES) using the BACH database.
Sanchez, R. (1995). Strategic flexibility in product competition. Strategic management journal, 16(S1), 135–159.
Sanchez, R., & Mahoney, J. T. (1996). Modularity, flexibility, and knowledge management in product and organization design. Strategic Management Journal, 17(S2), 63–76.
Santos, N., Gummadi, K. P., & Rodrigues, R. (2009). Towards trusted cloud computing. HotCloud, 9(9), 3.
Schilling, M. A. (2000). Toward a general modular systems theory and its application to interfirm product modularity. Academy of management review, 25(2), 312–334.
Schneider, S., & Sunyaev, A. (2016). Determinant factors of cloud-sourcing decisions: Reflecting on the IT outsourcing literature in the era of cloud computing. Journal of Information Technology, 31(1), 1–31.
Shelanski, H. A., & Klein, P. G. (1995). Empirical research in transaction cost economics: a review and assessment. Journal of Law, Economics, & Organization, pp. 335–361.
Simon, H. A. (1991). The architecture of complexity. In Facets of systems science (pp. 457–476). Springer.
Singh, S., Jeong, Y.-S., & Park, J. H. (2016). A survey on cloud computing security: Issues, threats, and solutions. Journal of Network and Computer Applications, 75, 200–222.
Sinha, K., & Suh, E. S. (2018). Pareto-optimization of complex system architecture for structural complexity and modularity. Research in Engineering Design, 29(1), 123–141.
Spanos, Y., Prastacos, G., & Papadakis, V. (2001). Greek Firms and EMU: Contrasting SMEs and Large-Sized Enterprises. European Management Journal, 19(6), 638–648.
Sultan, N. A. (2011). Reaching for the “cloud”: How SMEs can manage. International Journal of Information Management, 31(3), 272–278.
Sun, H., & Cheng, T.-K. (2002). Comparing reasons, practices and effects of ISO 9000 certification and TQM implementation in Norwegian SMEs and large firms. International Small Business Journal, 20(4), 421–442.
Sun, Y., & Zhong, Q. (2020). How modularity influences product innovation: The mediating role of module suppliers' relationship-specific investments. Management Decision.
Tafti, A., Mithas, S., & Krishnan, M. S. (2013). The effect of information technology–enabled flexibility on formation and market value of alliances. Management science, 59(1), 207–225.
Talukder, A. K., & Zimmerman, L. (2010). Cloud economics: Principles, costs, and benefits. In Cloud computing (pp. 343–360). Springer.
Tchernykh, A., Schwiegelsohn, U., Talbi, E.-G., & Babenko, M. (2019). Towards understanding uncertainty in cloud computing with risks of confidentiality, integrity, and availability. Journal of Computational Science, 36, 100581.
Teece, D. J. (1977). Technology transfer by multinational firms: The resource cost of transferring technological know-how. The Economic Journal, 87(346), 242–261.
Teece, D. J. (1996). Firm organization, industrial structure, and technological innovation. Journal of Economic Behavior & Organization, 31(2), 193–224.
Terry Anthony Byrd, D. E. T. (2000). Measuring the flexibility of information technology infrastructure: Exploratory analysis of a construct. Journal of Management Information Systems, 17(1), 167–208.
Tiwana, A. (2008). Does technological modularity substitute for control? A study of alliance performance in software outsourcing. Strategic Management Journal, 29(7), 769–780.
Tiwana, A., & Konsynski, B. (2010). Complementarities between organizational IT architecture and governance structure. Information Systems Research, 21(2), 288–304.
Um, J. (2017). Improving supply chain flexibility and agility through variety management. The International Journal of Logistics Management.
Vaquero, L. M., Rodero-Merino, L., Caceres, J., & Lindner, M. (2008). A break in the clouds: towards a cloud definition. In ACM New York, NY, USA.
Vasiljeva, T., Shaikhulina, S., & Kreslins, K. (2017). Cloud computing: Business perspectives, benefits and challenges for small and medium enterprises (case of Latvia). Procedia Engineering, 178, 443–451.
Venters, W., & Whitley, E. A. (2012). A critical review of cloud computing: Researching desires and realities. Journal of Information Technology, 27(3), 179–197.
Viana, D. D., Tommelein, I. D., & Formoso, C. T. (2017). Using modularity to reduce complexity of industrialized building systems for mass customization. Energies, 10(10), 1622.
Vickery, S. K., Koufteros, X., Dröge, C., & Calantone, R. (2016). Product modularity, process modularity, and new product introduction performance: Does complexity matter? Production and Operations Management, 25(4), 751–770.
Voss, C. A., & Hsuan, J. (2009). Service architecture and modularity. Decision Sciences, 40(3), 541–569.
Walker, L. (2007). IBM business transformation enabled by service-oriented architecture. IBM Systems Journal, 46(4), 651–667.
Williamson, O. E. (1981). The economics of organization: The transaction cost approach. American Journal of Sociology, 87(3), 548–577.
Williamson, O. E. (1983). Credible commitments: Using hostages to support exchange. The American Economic Review, 73(4), 519–540.
Williamson, O. E. (2007). The economic institutions of capitalism. Firms, markets, relational contracting. In Das Summa Summarum des Management (pp. 61–75). Springer.
Worren, N., Moore, K., & Cardona, P. (2002). Modularity, strategic flexibility, and firm performance: A study of the home appliance industry. Strategic Management Journal, 23(12), 1123–1140.
Xue, C. T. S., & Xin, F. T. W. (2016). Benefits and challenges of the adoption of cloud computing in business. International Journal on Cloud Computing: Services and Architecture, 6(6), 01–15.
Yu, S., Wang, C., Ren, K., & Lou, W. (2010). Achieving secure, scalable, and fine-grained data access control in cloud computing. In 2010 Proceedings IEEE INFOCOM (pp. 1–9). IEEE.
Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: State-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18.
Funding
Open access funding provided by SCELC, Statewide California Electronic Library Consortium.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Guo, R., Tafti, A. & Subramanyam, R. Internal IT modularity, firm size, and adoption of cloud computing. Electron Commer Res (2023). https://doi.org/10.1007/s10660-023-09691-8
Accepted:
Published:
DOI: https://doi.org/10.1007/s10660-023-09691-8