Government Cloud Computing Strategies: Management of Information Risk and Impact on Concepts and Practices of Information Management

Abstract

Research Problem The objective of this research is to investigate the extent to which the government cloud computing strategies of New Zealand, Australia, the United States, the United Kingdom, Canada and Ireland are supported by defined processes for considering the information risks of shifting to cloud computing, and assessing the impact of these approaches on concepts and practices of information management. Methodology The study undertook a qualitative analysis of published policies, strategies and guidance documents published by regulatory agencies within the target jurisdictions, investigating these documents for evidence of a process to assess and manage information risks. Results The study provides an assessment of the adequacy of governments’ guidance frameworks in preparing government organisations to properly assess the risks, opportunities, and necessary controls for information in a cloud service. Implications The gaps in guidance demonstrated by the study identify opportunities for a more rigorous assessments of the effectiveness of information management controls and privacy safeguards implemented by government organisations, and points to characteristics which could be assessed against in more specific case studies.