Information Technology Reference
In-Depth Information
- Perceived Usefulness:
Degree to which the adopter believes that the
adoption increases its performance; this includes cost- and quality-related
benefits;
-Trust:
Degree to which the adopter believes that the adoption is free of
risks, which includes mainly security-related but also social and strategic
risks.
Below, cloud-based systems for (strong) user authentication are referred to as
Authentication as a Service
(AaaS). Such systems are operated and maintained
by
Authentication Service Providers
(ASP) in order to determine a user's iden-
tity by specified means and to assert this to respective target systems. Here, it
must be noted that AaaS regards user authentication
from
the cloud and not
within
existing cloud systems [e.g., 2]. The results of the aforementioned survey
emphasizes the relevance of AaaS. Of 164 participating organizations, 12.8%
plan to invest in cloud-based services for multi-factor authentication within the
next three years. In the medium and long run further 7.9% intend to use such
systems. Findings of
support this. According to a survey
among 324 IT security decision-makers conducted in 2008, 75% were planning
or considering changes or upgrades to their customer authentication processes;
72% showed general interest in AaaS [7].
Forrester Research
3 Research Design
Inthefirstpartofthissection,thebasiccontent-related concept of the study is
laid out which includes a total of 50 hypotheses (H). The applied methodology
is introduced and justified afterward.
3.1 Concept
RQ1: Development (H1-H4).
We initially argue that the relevance of AaaS
is induced by an increasing demand for strong (multi-factor) authentication and
a hypothesized decreasing significance of inherently weak knowledge-based au-
thentication methods (H2). Thus, we not only expect the increasing importance
of such systems (H1) but also of strengthening biometric (H3) and token-based
authentication methods (H4) required to implement AaaS systems. To investi-
gate this development, we intend to evaluate the general relevance of AaaS as
well as authentication approaches today, short-, medium- and long term.
RQ2: Application Fields (H5-H19).
Since the respective type of an AaaS
consumer implicates different individual requirements (e.g. regarding service
level agreements (SLA), interface design), one must differentiate whether it is
an organization that adopts such a service or a private person employing it
autonomously. Based on related literature [e.g., 4, 12, 14], we identified possi-
ble networked application fields which were then hypothesized regarding their
potential relevance for AaaS employments (see result tables 2 & 3).
