Governance, Risk Management, and Compliance Factors Influencing the Adoption of Cloud Computing in Australia

A business decision to move to the cloud brings fundamental changes in how an organization develops and delivers its Information Technology solutions. The accelerated pace of digital transformation across businesses and government agencies increases the reliance on cloud-based services. Collecting, managing, and retaining large amounts of data in cloud environments make information security and data privacy protection essential. It becomes even more important to understand what key factors drive successful cloud adoption following the commencement of the Privacy Amendment Notifiable Data Breaches (NDB) Act 2017 in Australia as the regulatory changes impact many organizations and industries. This quantitative correlational research investigated the governance, risk management, and compliance factors contributing to cloud security success. The factors influence the adoption of cloud computing within an organizational context after the commencement of the NDB scheme. The results and findings demonstrated that corporate information security policies, data storage location, management understanding of data governance responsibilities, and regular compliance assessments are the factors influencing cloud computing adoption. The research has implications for organizations, future researchers, practitioners, policymakers, and cloud computing providers to meet the rapidly changing regulatory and compliance requirements.


Authors:



References:
[1] Deloitte, “Harnessing public cloud opportunities in the government sector,” Deloitte, 2019.
[2] “State of the Cloud Report,” RightScale, 2019.
[3] McAfee, “Cloud Adoption and Risk Report,” 2019.
[4] J. Lu, “Assessing the Cost, Legal Fallout of Capital One Data Breach,” 2019.
[5] T. Kajiyama, M. Jennex, and T. Addo, “To cloud or not to cloud: how risks and threats are affecting cloud adoption decisions,” Information & Computer Security, vol. 25, no. 5, pp. 634–659, 2017.
[6] A. Mondal, S. Paul, R. T. Goswami, and S. Nath, “Cloud computing security issues challenges: A Review,” in 2020 International Conference on Computer Communication and Informatics (ICCCI), 2020, pp. 1–5.
[7] I. Senarathna, W. Yeoh, M. Warren, and S. Salzman, “Security and privacy concerns for Australian SMEs cloud adoption: Empirical study of metropolitan vs regional SMEs,” Australasian Journal of Information Systems, vol. 20, 2016.
[8] S. Tomas, M. Thomas, and T. Oliveira, “Evaluating the impact of virtualization characteristics on SaaS adoption,” Enterprise Information Systems, vol. 12, no. 3, pp. 259–278, 2018.
[9] O. Ali, A. Shrestha, A. Chatfield, and P. Murray, “Assessing information security risks in the cloud: A case study of Australian local government authorities,” Government information Quarterly, p. 101419, Oct. 2019.
[10] S. Singh, Y.-S. Jeong, and J. H. Park, “A survey on cloud computing security: Issues, threats, and solutions,” Journal of Network and Computer Applications, vol. 75, pp. 200–222, Nov. 2016.
[11] C. Yang, Q. Huang, Z. Li, K. Liu, and F. Hu, “Big Data and cloud computing: innovation opportunities and challenges,” International Journal of Digital Earth, vol. 10, no. 1, pp. 13–53, Jan. 2017.
[12] APRA, “Prudential Standard CPS 234 Information Security,” 2019.
[13] P. Leonard, “The new Australian Notifiable Data Breach Scheme,” Data Synergies, 2018.
[14] J. W. Creswell, Educational Research: Planning, Conducting, and Evaluating Quantitative and Qualitative Research. Pearson/Merrill Prentice Hall, 2008.
[15] K. F. Punch, Introduction to Social Research: Quantitative and Qualitative Approaches. SAGE, 2013.
[16] R. M. Thorndike, “Correlational procedures for research,” Wiley, 1976.
[17] S. Durst, C. Hinteregger, and M. Zieba, “The linkage between knowledge risk management and organizational performance,” J. Bus. Res., vol. 105, pp. 1–10, Dec. 2019.
[18] M. Al-Ruithe, E. Benkhelifa, and K. Hameed, “Key Dimensions for Cloud Data Governance,” in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), 2016, pp. 379–386.
[19] H. Gangwar, “Cloud computing usage and its effect on organizational performance,” Human Systems Management, vol. 36, no. 1, pp. 13–26, 2017.
[20] S. Subashini and V. Kavitha, “A survey on security issues in service delivery models of cloud computing,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1–11, Jan. 2011.
[21] V. Chang, Y.-H. Kuo, and M. Ramachandran, “Cloud computing adoption framework: A security framework for business clouds,” Future Generation Computer Systems, vol. 57, pp. 24–41, 2016.
[22] K. Brandis, S. Dzombeta, R. Colomo-Palacios, and V. Stantchev, “Governance, Risk, and Compliance in Cloud Scenarios,” NATO Adv. Sci. Inst. Ser. E Appl. Sci., vol. 9, no. 2, p. 320, Jan. 2019.
[23] W. Hussain, F. K. Hussain, O. Hussain, R. Bagia, and E. Chang, “Risk-based framework for SLA violation abatement from the cloud service provider’s perspective,” The Computer Journal, vol. 61, no. 9, pp. 1306–1322, 2018.
[24] J. W. Creswell and D. J. Creswell, Research Design: Qualitative, Quantitative, and Mixed Methods Approaches. SAGE Publications, 2017.
[25] W. M. Trochim, K. Arora, and J. P. Donnelly, Research Methods: The Essential Knowledge Base. Cengage Learning, 2015.
[26] A. Fink, Conducting Research Literature Reviews: From the Internet to Paper. SAGE Publications, 2019.
[27] S. Islam, S. Fenz, E. Weippl, and H. Mouratidis, “A Risk Management Framework for Cloud Migration Decision Support,” Journal of Risk and Financial Management, vol. 10, no. 2, p. 10, 2017.
[28] R. A. Rothrock, J. Kaplan, and F. van Der Oord, “The board’s role in managing cybersecurity risks,” MIT Sloan Management Review, vol. 59, no. 2, pp. 12–15, 2018.
[29] M. Burgess, “Protecting data from attackers: Cyber security experts in demand,” News Limited, News Limited, 04-Nov-2017.
[30] R. Kumar and R. Goyal, “Assurance of Data Security and Privacy in the Cloud: A Three-Dimensional Perspective,” Software Quality Professional, vol. 21, no. 2, pp. 7–26, 2019.
[31] J. Meese, P. Jagasia, and J. Arvanitakis, “Citizen or consumer?: contrasting Australia and Europe’s data protection policies,” Internet Policy Review, 2019.
[32] D. Watts and P. Casanovas, “Privacy and Data Protection in Australia: A Critical overview,” 2018.
[33] D. Yimam and E. B. Fernandez, “A survey of compliance issues in cloud computing,” Journal of Internet Services and Applications, vol. 7, no. 1, p. 5, May 2016.
[34] A. Furfaro, T. Gallo, A. Garro, D. Saccà, and A. Tundis, “Requirements specification of a cloud service for Cyber Security compliance analysis,” in 2016 2nd International Conference on Cloud Computing Technologies and Applications (CloudTech), 2016, pp. 205–212.
[35] E. S. Rubóczki and Z. Rajnai, “Moving towards cloud security,” Interdisciplinary Description of Complex Systems: INDECS, vol. 13, no. 1, pp. 9–14, 2015.