Trust and IT security in IT outsourcing
MetadataVis full innførsel
Trust between the vendor and client has been identified as a critical success factor in IT outsourcing, and thus, building a trusting relationship is often strived for. However, academics request more research on the effect of different trust building mechanisms. Moreover, IT security has received increasing attention in IT outsourcing, and practitioners question how IT security can affect the level of trust between the parties. Still, empirical research on the connection between IT security and trust has not been conducted before. Hence, this study aims to contribute to the research by addressing two questions. First, how do practitioners from the Norwegian IT outsourcing market experience and explain the effect of trust building mechanisms implemented between client and vendor. Second, how do practitioners argue that IT security can affect trust between vendor and client. This paper is a continuation of the author s pre-diploma thesis which, based on a literature review, put forward the model of trust building in IT outsourcing (Austad and Lossius, 2014). The first research question of this paper aims to support and/or revise this model. Moreover, the pre-diploma thesis further proposed that IT security could be argued to affect trust. The second research question aims to empirically evaluate this proposition. A multiple case study investigation of ten Norwegian IT outsourcing relationships through 18 semi-structured interviews forms the basis for analysis and discussion. The findings from each case was analyzed separately to look for arguments supporting or contradicting the model of trust building in IT outsourcing, and the proposed link between IT security and trust. Then, the arguments and explanations were combined in a cross case analysis, which represents the primary focus of the paper. The cross case analysis entailed looking for patterns in supporting or contradictory arguments, which were further linked and compared with the theory in the conceptual background. Overall, this study reveals multiple contributions to theory and practitioners. Firstly, it provides academics and practitioners with a revised model of trust building in IT outsourcing. A majority of the mechanisms and dynamics in the original model were supported by the findings, thus strengthening the trust building effects suggested by extant literature upon which the model was built. Furthermore, this study resulted in certain revisions to the model. These comprise of adding investments as a trust building mechanism, and adding delivery and removing control as trust building dynamics. All the types of trust in the model were found to be supported. Also, the findings suggest that how the mechanisms are implemented is of great importance for its resulting effect on trust. As such, the dynamics provides explanations of how the mechanisms should be implemented to build trust. Overall, the revised model represents an empirically supported and improved explanation of trust building in IT outsourcing. Secondly, an emergent finding of the study was the model of the dynamics role in trust building in IT outsourcing. The model illustrates how delivery builds a foundation of trust, based on receiving expected gains and meeting expectations of abilities. However, to build higher levels of trust, other dynamics must be facilitated. Lastly, this study is the first, to the authors knowledge, to establish a connection between IT security and trust based on an empirical investigation. Specifically, it suggest that the extent to which IT security can affect trust, depends upon the perceived importance of this component, relative to other parts of the delivery.