IIM develops framework to use software without installing them
DELHI Delhi: Researchers from the Indian Institutes of Management (IIMs) in Lucknow, Amritsar and Kashipur have jointly developed a new framework to guide the country’s capital market players and banking sectors in adopting technologies that will enable them to use software without installing it.Referred to as Software-as-a-Service (SaaS) technology, these are cloud-based services that deliver software applications over the Internet, eliminating the need for organisations to install and maintain software on their servers.
While SaaS is widely used globally, its adoption in India, particularly in regulated industries, has been slow.The research takes a deep look at the reasons for this hesitancy and provides insights on how firms can assess the risks involved in adopting SaaS. The research has been published in the prestigious Journal of Organisational Computing and Electronic Commerce.
“Popular SaaS applications include Google Drive and Microsoft 365. SaaS offers cost savings and flexibility, but its adoption has been slow in India, especially in highly regulated industries, because of concerns about data security, privacy and compliance with stringent regulations,” said Arunabha Mukhopadhyay, professor at IIM Lucknow, who led the research. “The research addresses these concerns by introducing a risk-based IT governance framework designed to help organisations in regulated sectors assess the risks associated with using cloud-based software. The framework focuses on how top management makes these decisions, especially about data security, loss of control and regulatory compliance,” she told PTI. Other team members included Swati Jain from IIM Amritsar and Shubhendu Dutta from IIM Kashipur. The team found that decisions about SaaS adoption in regulated industries depend largely on how leadership views and manages risks. The researchers developed a model that considers factors such as the organization’s risk tolerance, security measures, and internal processes. If the perceived risks are deemed too high, the model suggests taking steps to mitigate them before adopting SaaS. If the risks are manageable, the organization can go ahead with the adoption.
“Our study, which includes a case study of a capital markets firm, shows that organizations make decisions about SaaS adoption not only by evaluating the technology, but also by carefully assessing the risks involved. We emphasize the importance of managing risks related to data security and regulatory compliance,” Mukhopadhyay said.
