Lucknow: Researchers at the Indian Institute of Management (IIM) Lucknow, led by Prof. Arunabha Mukhopadhyay from the Information Technology and Systems department, have introduced a groundbreaking framework to facilitate the adoption of Software-as-a-Service (SaaS) technologies in India’s capital markets and banking sectors. Despite the widespread global use of SaaS, its adoption in India, particularly in regulated industries, has lagged due to concerns over data security, privacy, and regulatory compliance.
The research findings, published in the prestigious Journal of Organisational Computing and Electronic Commerce, provide valuable insights into the hesitation surrounding SaaS adoption in India. The paper is co-authored by Prof. Swati Jain from IIM Amritsar and Mr. Shubhendu Dutta, a PhD candidate at IIM Kashipur, alongside Prof. Mukhopadhyay.
SaaS, which delivers cloud-based software applications over the internet, eliminates the need for organisations to maintain software on their own servers. While services like Google Drive and Microsoft 365 highlight SaaS’s cost-efficiency and flexibility, Indian firms in highly regulated sectors remain cautious.
A Risk-Based IT Governance Framework
The IIM Lucknow study introduces a risk-based IT governance framework tailored to regulated sectors, enabling organisations to assess the risks associated with SaaS adoption. The framework focuses on two critical factors:
- Top Management’s Approach to Risk:
- Preferences, problem framing, and decision-making domains.
- Emphasis on data security and regulatory compliance.
- Organisational Practices:
- IT governance archetypes.
- Risk management processes.
The framework also includes a risk score model tested on a capital market firm, allowing organisations to weigh the benefits against the potential risks of adopting SaaS.
Leadership’s Role in Decision-Making
The research highlights that leadership’s perception of and response to risks significantly influence SaaS adoption decisions. Prof. Mukhopadhyay and his team developed a model that considers risk tolerance, security measures, and internal processes. When risks are perceived as high, the model suggests mitigation strategies. If risks are manageable, the organisation can proceed with implementation.
“Our study, including a case study of a capital market firm, demonstrates that organisations evaluate SaaS adoption not merely based on the technology but through comprehensive risk assessment,” Prof. Mukhopadhyay explained. “We emphasise managing risks related to data security and regulatory compliance. The framework enables organisations to make more informed decisions regarding SaaS adoption.”
Implications for SaaS Providers and Organisations
The study’s practical applications are far-reaching. SaaS providers can adapt their offerings to address security and compliance concerns specific to regulated industries. For organisations, especially in banking and capital markets, the framework provides a structured approach to evaluate risks and adopt SaaS solutions with greater confidence.
This research not only enhances the understanding of technology adoption in regulated sectors but also bridges the gap between innovation and compliance, paving the way for broader SaaS acceptance in India’s critical industries.