Abstract:
Research Problem
The objective of this research is to investigate the extent to which the government cloud computing strategies of New Zealand, Australia, the United States, the United Kingdom, Canada and Ireland are supported by defined processes for considering the information risks of shifting to cloud computing, and assessing the impact of these approaches on concepts and practices of information management.
Methodology
The study undertook a qualitative analysis of published policies, strategies and guidance documents published by regulatory agencies within the target jurisdictions, investigating these documents for evidence of a process to assess and manage information risks.
Results
The study provides an assessment of the adequacy of governments’ guidance frameworks in preparing government organisations to properly assess the risks, opportunities, and necessary controls for information in a cloud service.
Implications
The gaps in guidance demonstrated by the study identify opportunities for a more rigorous assessments of the effectiveness of information management controls and privacy safeguards implemented by government organisations, and points to characteristics which could be assessed against in more specific case studies.