IIMs develop framework for capital market, banking sector to use software without installing them

New Delhi: Researchers at Indian Institute of Management (IIM) at Lucknow, Amritsar and Kashipur have combined to develop a new framework to guide the country’s capital market players and banking sectors in adopting technologies that would enable them to use software without installing them. Referred to as Software-as-a-Service (SaaS) technologies, these are cloud-based services that deliver software applications over the Internet, eliminating the need for organisations to install and maintain software on their own servers.

While SaaS is widely used globally, its adoption in India, particularly among regulated industries, has been slow.

The research delves into the reasons for this hesitation and offers insights into how firms can assess risks involved in adopting SaaS. The research has been published in the prestigious Journal of Organisational Computing and Electronic Commerce.

“Popular SaaS applications include Google Drive and Microsoft 365. While SaaS offers cost savings and flexibility, its adoption in India has been slow, especially in highly regulated industries, due to concerns over data security, privacy, and compliance with stringent regulations,” said IIM Lucknow professor Arunabha Mukhopadhyay, who led the research.

“The research addresses these concerns by introducing a risk-based IT governance framework, designed to help organisations in regulated sectors assess the risks associated in using cloud-based software. The framework focuses on how top management makes these decisions, especially about data security, loss of control, and regulatory compliance,” he told PTI.

Other members of the team included Swati Jain from IIM Amritsar and Shubhendu Dutta from IIM Kashipur.

The team found that decisions about adopting SaaS in regulated industries depend largely on how leadership views and manages risks. The researchers developed a model that considers factors such as the organisation’s risk tolerance, security measures, and internal processes. If the perceived risks are deemed too high, the model suggests taking steps to mitigate them before adopting SaaS. If the risks are manageable, the organisation can proceed with the adoption.

“Our study, which includes a case study of a capital market firm, shows that organisations make decisions about SaaS adoption not just by evaluating the technology itself but by carefully assessing the risks involved. We emphasise the importance of managing risks related to data security and regulatory compliance,” Mukhopadhyay said.

“The framework we developed helps organisations evaluate these risks and make more informed decisions about whether to adopt SaaS. The practical implications of the study are significant. SaaS providers can leverage these findings to tailor their offerings to better meet the needs of companies in regulated industries, addressing their security and compliance concerns.

“For organisations, especially in banking and capital markets, understanding how to evaluate and manage risks will help them adopt SaaS solutions more confidently.

This research contributes to a deeper understanding of the factors influencing technology adoption, particularly in sectors where regulatory requirements and security concerns are paramount,” he added.