This paper investigates the use of cloud services in the public sector and management of information security challenges in the procurement of such services. The findings are based on an exploratory approach that included a systematic literature review and a survey among the public agencies and municipalities in Sweden. The literature review is used to derive a conceptual framework that structures our empirical results into the three groups: 1) contractual and legal, 2) operational, and 3) managerial competency. The survey explored all these three groups. The findings show that the information security challenges are mostly related to the potential breaching of national security and laws applicable to cross-border cloud services. Most of the cloud contracts of public organizations are found to be supplier driven. In this case, lack of knowledge and awareness in managing procurement are mostly raised compared to technical risks.
Funding agency:
Örebro University, Sweden