Today’s companies rely heavily on in-company information technology standards (ICITS) to reduce costs, ensure flexibility, and facilitate the planning, implementation, and operation of IT systems. Steering and managing ICITS has proven to be challenging, revealing the need for efficient governance mechanisms. But even though prior research demonstrates the challenges of ICITS, viable advice on how to implement ICITS is scarce.

Thus, we developed an organizational design theory for the management of ICITS based on the framework of organizational control theory. We conducted a critical case study to identify basic goals, constitutive elements, and fundamental mechanisms of a working ICITS management. The resulting design goals and principles were then evaluated and further refined in the light of additional expert interviews. With our work, we extend the body of theoretical knowledge on the management of ICITS and help practitioners master the various challenges occurring in this domain.

Please read more about our research in our latest paper accepted for publication in Information Systems Frontiers.

Blockchain technology has been in the interest of IS researchers and practitioners for several years. One key reason for this curiosity is the possibility to carry out peer-to-peer transactions without a trusted intermediary. Building upon this capability, many researchers posited that blockchain technology would remove traditional intermediaries from their market position. This process has been described in electronic markets literature as Disintermediation. However, other researchers proposed a more distinct perspective by proposing that blockchain technology will not facilitate Disintermediation in all settings. Thus, no unified view on this topic exists yet.

Our literature review identifies three dominating concepts in blockchain literature: Extensive Disintermediation, Limited Disintermediation, and Re-Intermediation. We further highlight in our findings that most of the identified literature does not consider all market functions as described in the electronic markets literature. Hence, we provide a structured overview of the field and possibilities for future research.

Please read more about our research that has been accepted for presentation at the 30th European Conference on Information Systems (ECIS 2022) which will take place from June 18 to 24 in Timisoara, Romania.

I am happy that Electronic Markets published our position paper “The transparency challenge of blockchain in organizations” which is now available online (Open Access).

This paper discusses the challenges of blockchain applications in businesses and the public sector related to an excessive degree of transparency. We first point out the types of sensitive data involved in different patterns of blockchain use cases. We then argue that the implications of blockchains’ information exposure caused by replicated transaction storage and execution go well beyond the often-mentioned conflicts with the GDPR’s “right to be forgotten” and may be more problematic than anticipated. In particular, we illustrate the trade-off between protecting sensitive information and increasing process efficiency through smart contracts. We also explore to which extent permissioned blockchains and novel applications of cryptographic technologies such as self-sovereign identities and zero-knowledge proofs can help overcome the transparency challenge and thus act as catalysts for blockchain adoption and diffusion in organizations.

In the industrial Internet of Things (IIoT), digital platforms have recently received significant attention. Although IIoT platforms revolve around similar business objectives, they address various use cases and, thus, differ considerably in their architectural setup. While research has already investigated IIoT platforms from a business or design perspective, little is known about their underlying technology stack and its implications.

To unveil different IIoT platform configurations and better understand their architectural design, we systematically developed and validated a taxonomy of IIoT platforms’ architectural features based on related literature, real-world cases, and expert interviews. On this foundation, we identified and discussed five IIoT platform archetypes (Allrounder, Device Controller, Data Hub, Service Enabler, Connector).

Our findings contribute to the descriptive knowledge in this ambiguous research field while also elucidating the interplay of IIoT platforms’ architectural setup and their purpose. From a managerial viewpoint, our results may guide practitioners in comparing and selecting a suitable IIoT platform.

Please read more about our research in our latest paper published in Electronic Markets.

Last week, I had the pleasure of participating in automotiveIT's digital roundtable on the topic of "Navigate the Next in the European Automotive Industry - Digitalization and Focusing on the Core Business". Together with the moderators Pascal Nagel, Yannick Tiedemann and Klaus Straub, as well as the other panelists Stephan Fingerling, Christoph Röger, Thomas Buck, Martin Köhn and Jörg Sommer, this resulted in an interesting and lively discussion on the digitalization of the automotive industry and the implications for the IT function. It was great fun!

The use of Internet services is currently creating data silos that are not very transparent and can hardly be controlled. In terms of the digital sovereignty of the individual, it is therefore desirable for users to be able to decide for themselves when, how and for what purpose personal data is transmitted. The concept of self-sovereign identities addresses this point and attempts to address the current challenges of digital identity management.

On behalf of the Verbraucherzentrale NRW, I have written a (German-language) article that discusses the conceptual foundations as well as the opportunities and challenges of self-determined identities and shows how they can contribute to strengthening consumers' digital sovereignty. Please find the article here.

In our discussion paper "Mythbusting Self-Sovereign Identity (SSI)" (so far only available in German), we take current opinions about SSI in the public domain and critically examine them in the context of seven myths. An English version will most probably also be available in a couple of weeks.

Blockchain-based systems become increasingly attractive targets for cybercrime due to the rising amount of value transacted in respective systems. However, a comprehensive overview of existing attack vectors and a directive discussion of resulting research opportunities was missing up to now.

Thus, employing a structured literature review, we extracted and analyzed 87 relevant attacks on blockchain-based systems and assign them to common attack vectors. We subsequently derived a research framework and agenda for information systems research on the cybersecurity of blockchain-based systems.

We structured our framework along the users, developers, and attackers of both blockchain applications and blockchain infrastructure, highlighting the reciprocal relationships between these entities. Our results show that especially socio-technical aspects of blockchain cybersecurity are underrepresented in research and require further attention.

Please read more about our research in our latest paper published in the International Journal of Information Management (50 days' free access).