Article Preview
Top1. Introduction
Digitalization of public sector has been in progress since the 1950’s (Banister & Grönlund, 2017), and innovative digital technologies continuously provoke new service models. These technologies enable citizens to access government services through multiple channels seamlessly. They also provide organizations in the public sector with the means to work together in environments which are built on complex, but scalable, interoperable infrastructures. To continue create public value, agile governance is needed (Soe & Drescher, 2018). Therefore, as the public sector worldwide tends to incorporate online service-oriented architecture across multiple domains, this has been triggering them to adopt and deal with models such as cloud computing services.
According to the ISO/IEC (2014), cloud computing is defined as an evolving paradigm “for enabling network access to a scalable and elastic pool of sharable physical or virtual resources with self-service provisioning and administration on demand” (para. 3.2.5), whereas cloud service is described as “one or more capabilities offered via cloud computing” (para. 3.2.8). The resources referred to in this definition include, for example, servers, operating systems, networks, software, applications and storage equipment. According to Gartner (April 11, 2018) 47% of government organizations around the world are actively using cloud services. They forecast that global adoption of cloud technologies will continue to expand rapidly even in the context of COVID-19 pandemic due to the continued flexibility and agility of the innovative digital technologies. They estimate that the spending on public cloud services of the total global enterprise IT budget will exceed to 45% by 2026 from 22% in 2021 (Gartner, August 2, 2021). Furthermore, the ‘Gartner’s 2018 CIO Agenda’ survey conducted among the CIOs in 98 countries, including 461 government CIOs, shows that technology-investments related to cloud services/solutions, business intelligence/analytics, and data-infrastructure were the most crucial in achieving organizations’ missions (Gartner, January 23, 2018).
Given the society’s growing dependencies on the digital environment, information security risk management in the public sector has become a major concern. Public cloud service usage is a type of outsourcing, and outsourcing is an ‘evermore complex’ arrangement (Gozman & Willcocks, 2015). The public sector, in general, needs to maintain some essential procedures capable of distinguishing the sensitivity of the data due to two spectrums: (1) legal requirements that public sector data should be openly available, and (2) the obligations to safeguard data that can impact national security (Gleeson & Walden, 2016). As the continuity of business is increasingly relying on the cloud computing environment, it is imperative to have carefully tailored strategic decision-making on cloud adoption. In this case, a good fit between outsourcing and business strategy is crucial for the advantages for organizational performance (Lee, 2006; Hahn et al., 2013). However, achieving such fit in these decisions is challenging, both due to practical and socio-political reasons (Khajeh-Hosseini et al., 2010). Gartner (2021) in this regard reveals that the success rate for governments’ cloud deployment (63%) is a bit of behind the all-industry global average (68%). They argue that this success ratio can be improved if the government CIOs avoid cloud projects with unrealistic objectives given the realities of their organizations and focus on the agility and scalability of IT for the ‘whole organization’.