Recent research efforts resulted in innovative prototypes that enable certification authorities to continuously certify cloud services. Continuous service certification (CSC) involves constant collection and assessment of data relevant for validating a cloud service’s compliance with security and privacy regulations through a certification authority. While practice shows that CSC is highly beneficial for cloud providers and certification authorities alike, it remains unclear which factors actually cause these actors to participate in CSC. As a first step towards closing this knowledge gap, this study builds on the technology-push and market-pull theories to identify factors that impact certification authorities’ intention to perform CSC. We developed theoretical technology-push and market-pull models and tested them by conducting an online survey with 66 employees of certification authorities. Our findings reveal that technology-push factors, including relative advantage, organizational complexity, experimentation with innovation, influence certification authorities, on the one hand, and market-pull factors, including competitive pressure and regulatory intervention, on the other hand. By providing a synthesis and discussion of factors that influence certification authorities’ intention to perform CSC, we advance the understanding of CSC diffusion, thus paving the way for continuously reliable and secure services.
Teigeler, Heiner; Lins, Sebastian; and Sunyaev, Ali, (2019). "TECHNOLOGY-PUSH OR MARKET-PULL – WHAT DRIVES CERTIFICATION AUTHORITIES TO PERFORM CONTINUOUS SERVICE CERTIFICATION?". In Proceedings of the 27th European Conference on Information Systems (ECIS), Stockholm & Uppsala, Sweden, June 8-14, 2019. ISBN 978-1-7336325-0-8 Research Papers.