Cloud Computing at a Cross Road: Quality and Risks in Higher Education

The key determinants of cloud computing provide a convincing argument for HEIs and its stakeholders to adopt the innovation. These benefits reflect the essential quality characteristics of the cloud, such as Broad network Access; Measured Service; On-demand Self-Service; Rapid Elasticity; and Resource Pooling. However, there are also risks associated with the cloud, leading to non-adoption, such as Confidence, Privacy, Security, Surety and Trust. Understanding the impact of these factors can support multiple stakeholders, such as students, lecturers, senior managers and admins in their adoptive decision of CC in their respected institutions. Using the Multiview 3 (MV3) methodology, a research model was proposed to explore the key qualities and risks that determine the adoption or non-adoption of CC by UK HEIs from multiple perspectives. An exploratory qualitative study was conducted on 32 University stakeholders across 2 UK Universities. The findings suggest that security, privacy and trust are the key determinants to non-adoption as participants felt that the cloud cannot fully guarantee the safeguarding of sensitive information. Determinants to cloud adoption include improving relationships between students and teachers via collaborative tools, in addition to proposing cloud apps for mobile devices for accessing virtual learning materials and email securely off-campus. In conclusion, University stakeholders are still at a cross-road when it comes to cloud adoption, but future advances of the cloud may help to steer their decision to adopt this innovative technology given its overwhelming potential.


Background
Recently, cloud computing (CC) has become a major player in education [1]. CC via novel computing paradigms enables students, teachers and admins, among other stakeholders at Universities to access a host of cloud services. These computing paradigms are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a service (IaaS) (see Sultan [1]).
CC virtualizes resources, for example, software applications, enabling them to be distributed over the Internet as opposed to deploying them on student computers or workstations [2]. As such, CC can now allow for e-learning systems, mobile learning and online distance learning [3]- [8].
Higher education institutions (HEIs), including Universities and Colleges, are now starting to implement three types of CC models, namely private clouds, which colleges have used to establish their own CC environment [9], while governments have invested in shared clouds for Universities [10]. In addition, Universities also purchase CC services from third-party service providers [11].
The problem pertaining to this research is a limited understanding of the quality and risks associated with CC that influences HEIs', namely Universities' adoptive decision. Currently, CC is widely accepted among various firms, industries, businesses and even government agencies [12]- [18]. However, there is limited research to support the quality and risks associated with CC, particularly with an emphasis on UK Universities. Therefore, the quality and risks associated with CC have been studied from a user perspective in the context of UK Universities.
In sum, quality in the context of this study is defined as the quality elements or characteristics, which make CC a powerful and viable technology for Universities to adopt (see Literature Review). Whereas, the risks refer to the potential barriers or dangers that may dissuade Universities from adopting CC.

Purpose
This paper explored the quality and risks of CC adoption in HEIs from multiple perspectives. In particular, the quality was measured through the essential characteristics of the cloud, which influences adoption, as well as the risks which influence the non-adoption of the cloud (see literature review). Adoption refers to stakeholders' acceptance of CC, whereas non-adoption refers to the rejection of CC. Since there is no prior research to the authors' knowledge on assessing the quality and risks of CC adoption from multiple perspectives, this was a great opportunity to fill the existing literature gap. To answer the research questions, a qualitative study was conducted where multiple HEI stakeholders were interviewed (namely students, teachers, senior management and admins) about adopting current and new potential IS solutions, such as CC.

Literature Review
Recent studies have stressed the importance of CC in a number of HEIs situated  [11], as well as establish their own CC environments [9].
There is a myriad of research that supports the linkage between CC and HEIs, as well as the adoption and use of the technology at a user level, namely by students [24]- [29]. By employing TAM3 (Technology Acceptance Model), researchers have been able to demonstrate the acceptance or adoption of CC by students [25]. On an organisational level, Behrend [25] found that cost-effectiveness is considered as the key influencing factor toward the acceptance of CC [25]. Although Behrend [25] [26] did not study the levels of CC adoption and acceptance by teachers, they did exhibit "clear differences" in terms of their system needs when questioned.
HEIs are now moving to the cloud for a number of reasons [27], especially for economic purposes [30] [31]. In the context of education, Katzan [32] found that CC balances both economies of scale and control, providing a lower total cost of ownership. This is heavily linked to the quality of CC, which influences HEIs' adoptive decision. This paper has defined quality as the key elements or characteristics, which make CC a powerful and viable technology to adopt, as well as reflecting the efficient and economic nature of the cloud.
Mell and Grance [33] identified five essential quality characteristics of the cloud: • Broad Network Access: users can access network resources from a range of devices; • Measured Service: the cloud can automatically control and enhance resource use via the introduction of a measured service, which can be altered to suit the needs of the HEI. This is a highly efficient and cost-effective aspect of the cloud as a metering service only allows users to pay for what they use, and thus no money is wasted on downtime; • On-demand Self-Service: this enables students, teachers and admins, among other key HEI stakeholders (users) to have anytime, anywhere access to a number of cloud resources, such as email, storage and applications without human interaction with the service vendor; • Rapid Elasticity: similar to measured service, rapid elasticity is the process of adjusting cloud system resources to meet user demands; • Resource Pooling: this refers to the use of cloud resources via a network, and cloud vendors use shared computing resources to provide cloud services to their users [33] [34] [35]. The above quality characteristics are all linked to the advantages of adopting CC, particularly in terms of cost-effectiveness and the deployment of hardware and software [36]. CC enables HEIs to develop quality, low-cost education at a global level. Not only that, Shayan [37] found that depending on individual machines to meet computing needs is no longer financially justified. Similarly, Seigle [38] found that aggregating IT services also justifies the quality and efficient  [27]. Sultan [1] found that the quality cloud improves efficiency, reduces costs, and is an ideal model for the education sector. The customisability of cloud services, as well as the pay-as-you-go metered service, have a significant effect on the financial decisions associated with IT spending. Therefore, CC encompasses a paradigm shift for various IT developments in HEIs.
Despite these compelling arguments for the adoption of CC via the quality aspects of the technology, there are, however, a number of risks associated with the cloud, which can sway HEIs' adoptive decision, leading to non-adoption.
The risks associated with the cloud leading to non-adoption, include confidence, surety and trust [37] [39] [40] [41] [42]. Confidence refers to users' willingness and readiness to use and accept a cloud solution; this is a branch of cultural resistance in which users may reject the technology purely based on their unfamiliarity and the unwillingness to adapt to change [11]. Surety refers to the cloud solution delivering its intended purpose, which with new innovations can be uncertain since this is a novel technology, which many users will not be accustomed to. Trust refers to users' acceptance of the cloud solution based on having full confidence in the technology, but given the many potential risks of novel technologies, users will more than likely not trust the innovation [1].
For example, Reeves, Blum [43] founds that "building an IT organization's confidence in a solution requires a combination of consistent performance, verifiable results, service guarantees, transparency, and plans for contingencies" (p.33). It is clear that the majority of cloud services have a poor track record when it comes to building trust when migrating from existing services to a new solution that is supposed to add quality and benefit, given that it is a relatively new technology with potential uncertainty [41]. The cloud can therefore only flourish with time, experience and reputation. Another issue is that many HEIs are unskilled and lack the required knowledge to manage risk, as well as service performance at a third party service level, all of which requires a degree of confidence [37]. For example, a lack of confidence in CC in the commercial sector stems from: • Poor risk management skills; • Vendor lock-in; • Management issues; • Market immaturity; • Inadequate or absent service level agreements (SLA).
In HEIs, similar issues occur via the concerns which are influenced by a lack of trust in such institutions to deliver quality cloud services to their stakeholders.
Katz, Goldstein [41] found that Institutional culture is cited as a barrier to Potential adopters stressed that they would only be persuaded to move to the cloud if the security and privacy issues surrounding the cloud are addressed.
In short, CC is becoming heavily linked to e-learning systems in HEIs. Previously, conventional e-learning systems were only endogenous to HEIs [44]. CC can offer its stakeholders, such as students, teachers and admins, a quality low-cost computing solution, as well as the ability to develop virtual computing environments, especially in areas, such as distance or online learning and science education [3]. However, CC is still a relatively new technology that is vulnerable to risk, but with a long-term commitment, time and experience, potential adopters will begin to realise the true quality of this fascinating and innovative piece of computing technology. Therefore, this leaves potential stakeholders of CC at a cross-road. Please refer to Table 1 for a full summary of the quality and risks of CC.

Research Model
The multiview framework, developed by Avison and Wood-Harper and the more recent multi-view 3 (MV3) framework by Bell and Wood-Harper [45] is an approach that support the analysis, design and the development of information systems (IS), as well as evaluating possible solutions to IS related issues from a number of perspectives. Using a soft systems approach, it draws on a number of elements, such as human activity systems, socio-technical systems, data analysis and structured analysis, besides tackling the different perspectives of people using IS. In other words, multiview helps to determine multiple perspectives through individual perceptions of the IS development process or in the context of this research the quality and risks of adopting a cloud solution in HEIs. Therefore, this research used the MV3 model to explore the quality and risks of CC in higher education. Further, the MV3 model is a novel framework, particularly to the CC and educational areas as to the researcher's knowledge, no previous studies have applied such a model in this context. Multiview can be used by researchers to explore the quality and risks associated with the adoption of technological innovation from multiple  [45]. In the current study, the technical perspective refers to the quality (or characteristics) and risks of the cloud, which influence adoption. The organisational perspective refers to HEIs, namely Universities' and their decision to adopt the technology based on weighing the pros and cons of the cloud solution. The personal perspective refers to the individuals involved with the system, namely stakeholders, such as students, teachers, senior management and admins, as well as their needs and expectations from the cloud solution.
The proposed model has been inspired by the MV3 model by Bell and Wood-Harper [45]. It includes a number of elements, such as key stakeholders involved in the CC adoption process (personal), quality and risks of the cloud system (technical), and the targeted institution, UK Universities (organisational). Figure 1 demonstrates the research model.  [43]. The framework was developed, considering these qualities and risks of the cloud, and consists of three key components.  The following research questions were derived from the review of the current literature on the quality and risks of CC adoption: RQ1: What quality characteristics of the cloud influence stakeholders' (students, teachers, senior management and admins) acceptance of CC, leading to adoption?
RQ2: What risks of the cloud influence stakeholders' (students, teachers, senior management and admins) rejection of CC, leading to non-adoption?

Participants
The participants were made up of various stakeholders situated at two UK Universities situated in North-West England with some prior knowledge and experience of adopting a cloud solution. One University had gone ahead with the adoption process, whereas the other did not. In addition, the stakeholders were made up of students, lecturers, senior management and administrators operating within the University's business school, all of whom were interviewed accordingly.
Given the limited case studies of CC adoption among UK HEIs, this was a great opportunity to assess the effectiveness of CC adoption in UK HEIs from multiple stakeholder perspectives based on the quality and risks of this innovation. Moreover, a sample of 32 university stakeholders was interviewed; 16 stakeholders from University A, namely 4 students, 4 lecturers, 4 senior managers and 4 admins, and the same sample was applied to University B.

Data Collection
UK HEIs (Universities) represent the research population and sample. Ross (2010) claims that HEIs are potential consumers of cloud technologies, thus justifying the chosen sample and population. Semi-structured interviews were the main data collection tool, and multiple University stakeholders were interviewed on-campus in a private room. Students, lecturers, senior managers and admins were all volunteers willing to participate in the current study, and were obtained via word of mouth by other students and lecturers who knew them personally.
In total, 32 (16 in University A and 16 in University B) interviews were conducted (out of an initial sample of 40), thus yielding an 80% response rate. Eight interviewees failed to attend the interview sessions. Therefore, 32 valid responses were analysed.

Data Analysis
The research data was analysed using a thematic analysis. After the data was transcribed, it was analysed and presented in a descriptive format, where the most significant findings were deduced. The data was analysed using a qualita-

Findings & Discussion
The interview findings of the research are presented in this section. There was a total of 18 University stakeholders who were interviewed, namely University students, lecturers, senior managers and admins, across two UK Universities situated in North-West England in order to determine the quality and risk factors which influence adoption and non-adoption of CC from multiple perspectives (technical, organisational and personal). Thematic analysis was used to analyse the data, where a number of themes were deduced from the findings according to each perspective of the MV3 methodology (see Research Model and Methods chapters). Moreover, Table 2 provides a summary of the research participants:

General Findings
As well as the key findings, some general findings were deduced from the research data, mostly pertaining to the stakeholder roles in UK HEIs. Students' role was self-explanatory as they conduct research for assignments and exams, as well as monitor their course progress through email and the existing Virtual Learning Environment (VLE) employed at the University. Lecturers, however, are responsible for teaching students, conducting lecturers, grading exams and assignments, as well as other teaching-related duties. Senior managers or heads of department roles are similar to those of lecturers as they also engage For example, lecturers and senior managers perceived quality as a high priority before considering the acceptance of a cloud solution. L1A and L2B indicated that for the cloud to work, the system would have to include some type of on-demand virtual learning environment so that would enable them to grade their students work and even conduct more collaborative lectures with them, thus helping towards the acceptance of CC among University staff.
S3A and S1B further emphasised that they would like a system that enables them to access course material and grades from a range of devices, anytime, anywhere as they pointed out that the existing VLE has compatibility issues with certain devices, such as smart phones. S4B further emphasised that a cloud app, which combines a cloud VLE with existing Google cloud services, such as Gmail and Gdocs would be great and as a result support CC.
A2A and A2B stated that CC would be an ideal technology if it could facilitate the admission process at the University. The participants also highlighted that they currently have outdated database software that has very limited features and that a new system with better accessibility and more features would be necessary to facilitate the admission process.
SM1A, SM3A and SM4Ball agreed with lecturers, students and administrators to some extent and further indicated that accepting CC can achieve by familiarising stakeholders with the potential benefits of the cloud. However, the stakeholders did raise some concern about the technical issues related to the security and privacy risk factors in the cloud. The findings indicate that security risks are the most influencing factor which prevents HEIs from adopting CC. This stems from security issues being one of the most annoying barriers for HEIs, thus making HEIs become hesitant about migrating to the cloud. Security is essential for HEIs, and they will never risk its compromise. A1A, A4A, A2B and A3B all indicated that security is a must in the University. The participants emphasise Advances in Internet of Things that they handle highly sensitive student and staff data on a daily basis, and cannot trust the technology unless both students and their work colleagues information will not be compromised.
Several students (S1A, S2A, S3B and S4B) emphasised that they were uncertain about their personal data remaining secure as they would be accessing these cloud services from a wide range of apps, which are potentially vulnerable to hackers, and thus uncertainty of the cloud was highlighted as a huge issue for them. SM2B also reported that having the will to adopt the cloud requires the readiness to not only embrace the technology, but to be prepared for potential cloud hacks or attacks leading to the expose of personal data and student data.
Although the participant praises the innovativeness of the cloud, they highlighted that it is a risky innovation solution. In addition, the admins shared a similar view (A2B and A4B) by stating that no new system is worth the risk of disclosing personal admission data.

Discussion
This study aimed to determine the quality and risk factors that could potentially influence the adoption or non-adoption of CC in UK HEIs. The findings were interpreted based on the research model. The model proposed HEIs' adoptive decision of a cloud solution from multiple perspectives, namely technical, organisational and personal perspectives.
It was determined from the findings that each University stakeholder had differing system needs, and thus it was expected that stakeholders would have very different and specific expectations from CC. For example, students' needs stem from having a cloud solution which enables them to access course materials and emailing systems from a range of devices with anytime anywhere features. This directly relates to the quality of the cloud in terms of on-demand self-service and broad-network access characteristics [1] [27] [33]- [38]. Students also believed that the cloud is a great idea granted that it supports their learning outcomes.
Therefore, students demand a cloud solution that delivers efficient and broad access to course materials and other important course data.
Admins, on the other hand, demand a cloud solution that is secure and private as these were perceived key risks to non-adoption identified [37] [39] [40] [41] [43]. Since they are responsible for handling student admissions, this was expected from the admin staff as they work with sensitive data on a daily basis.
Security and privacy are crucial when considering CC, and it has the highest priority. The findings suggest that security is perceived differently from each set of participants based on their technical awareness and its usefulness towards UK The research has determined that the technical perspective is more related to the quality aspects of the cloud as the essential characteristics were clearly emphasised by the participants. Security was also technical as the technology itself has a duty to safeguard sensitive information. Therefore, failing to meet these demands would result in non-adoption, as opposed to adoption. The organisational perspective was found to have a direct linkage to improving relationships between the HEI and its students and staff via collaborative tools. Finally, the personal perspective was related to the potential solutions the stakeholders gave to meet their individual needs and expectations from the cloud, leading to adoption. One of the most notable examples was one student's proposed cloud apps for mobile devices in which they can access their virtual learning materials and email securely off-campus.
In conclusion, the technical, organisational and personal perspectives are mostly related to the quality aspects of the cloud, particularly among various stakeholders who voiced their concerns about security and accessibility of the cloud, as well as potential solutions. The risks, however, were more personal, since any stakeholders had concerns about how data would be protected by the cloud. Security, however, was found to be related to all aspects as this affects not only the technology and HEIs but also the individuals who use the system. Table  3 provides a summary of the quality and risks of the cloud from multiple perspectives according to the research findings.

Contribution
At a higher theoretical level, this research bridges between technological innovation, as well as IS adoption and development. In the field of technological innovation, this research applied a multi-perspective theory [45] to demonstrate an emerging technology known as cloud computing (CC). In doing so, this research explored the quality and risks of CC from multiple perspectives as a means to determine whether such an innovative solution would be viable for educational settings, namely UK HEIs or Universities. At a lower theoretical level, this research aimed to conceptualise CC adoption and development to determine which quality and risks influence adoption and non-adoption in UK Universities. At the base theoretical level, this research provided a literature review of existing qualities and risks of the cloud to address the current literature gap.
At a methodological level, since the majority of studies in CC adoption are quantitative-based, a qualitative study of CC adoption from multiple perspectives was conducted. To the authors' knowledge, there are no existing studies that employ the multiview methodology to demonstrate the quality and risks of cloud adoption and development in educational settings. In addition, two case Universities situated in the UK were used to conduct the study where multiple stakeholders, such as students, lecturers, senior managers and admins were interviewed. This helped to develop a coherent and plausible narrative for the quality and risks associated with CC adoption from multipole perspectives. Advances in Internet of Things At a practical level, a CC development framework was proposed based on the MV3 methodology. This framework was used to support the authors during the research process, as well as to determine the key qualities and risks that influence the adoption or non-adoption of CC from multiple perspectives. The key components include multi-perspective factors, namely technical (CC solution); organisational: (Universities), and personal (users i.e. students, teachers, senior management and admins), as well as an assessment of the quality and risks of the cloud to influence HEI and stakeholder decisions to adopt CC based on user needs and expectations (outcome).

Limitations and Future Work
One limitation was the limited cases that were used. This research was conducted using only two UK Universities. The research could have benefitted from more cases to obtain more generalised data and broader perceptions of the quality and risks of CC adoption from multiple perspectives. Further, the sample size Future studies could take the findings of this study and apply them to other countries around the world. A comparative study of the quality and risks of CC in HEIs in developing and developed countries would help to distinguish between different stakeholder needs and expectations of the cloud as a means to facilitate the IS development process. Therefore, this will help future authors to conduct research on multiple case HEIs to obtain broader perceptions of CC in different countries around the world.

Conclusions
This study (to the authors' knowledge) is the first to explore the determinants of CC adoption by HEIs in terms of quality and risk factors from multiple perspectives. The key quality factors reflected the essential characteristics of the cloud, such as Broad network Access, Measured Service, On-demand Self-Service, Rapid Elasticity, and Resource Pooling. Whereas, Confidence, Privacy, Security, Surety, and Trust were identified as the risk factors of the cloud. Understanding the impact of these factors can support multiple stakeholders, such as students, lecturers, senior managers and admins in their adoptive decision of CC in their respected institutions.
Security was highlighted as a key determinant to non-adoption as safeguarding sensitive information is vital in the cloud and the participants appeared unconvinced about the cloud achieving this. Therefore, trust was another key determinant to non-adoption. However, determinants to cloud adoption included the cloud having the potential to improve relationships between students and teachers via collaborative tools. Students even proposed cloud apps for mobile devices for accessing virtual learning materials and email securely off-campus.
Meeting these expectations appear to be a convincing argument for cloud adoption.
In conclusion, it can be deduced that HEIs are in a position to adopt multiple cloud solutions. For example, e-mail and virtual learning services, as well as online collaboration tools and learning management systems to facilitate the teaching process and to build student-teacher relationships. However, the existing security and privacy factors of the cloud still represent a real concern for stakeholders and will more than likely reject the technology, which in turn leaves them at a cross-road. Future studies may help to steer stakeholders' decision to adopt the cloud as the technology develops in the coming years. Advances in Internet of Things feedback about the research.