Search results

On account of its easy and intuitive usage as well as obvious advantages (e.g. access to work data from anywhere, at any time and through any means) the evolutionary cloud computing paradigm favors the use of shadow IT. Since many employees are not aware of the associated risks and possible legal violations, unauthorized use of cloud computing services could result in substantial risk exposure for any company. The purpose of this paper is to explore and to extend the body of knowledge concerning the topic of cloud computing with regard to shadow IT.

The aim of this contribution is to identify the reasons for the use of cloud computing services and the resulting shadow IT from an employee’s perspective, to demonstrate the counteractions a company may take against the unauthorized use of cloud computing services and to elaborate on the inherent opportunities and risks. We follow a mixed-methods approach consisting of a systematic literature review, a cloud computing awareness study, a vignette study and expert interviews.

Based on a triangulation of the data sets, the paper at hand proposes a morphological box as well as a two-piece belief-action-outcome model, both from an employee’s and employer’s point of view. Our findings ultimately lead to recommendations for action for employers to counteract the risk exposure. Furthermore, also employees are sensitized by means of insights into the topic of unauthorized usage of cloud computing services in everyday working life.

The limitations of the triangulation reflect the limitations of each applied research method. These limitations justify why a mixed-methods approach is favored – rather than relying on a single source of data – because data from various sources can be triangulated.

The paper includes recommendations for action for the handling of the unauthorized usage of cloud computing services within a company, e.g., the set up of a company-wide cloud security strategy and the conduction of an anonymous employee survey to identify the status quo.

This paper fulfills an identified need to explore the usage of cloud computing services within the context of shadow IT.

Start‐up companies in particular can benefit from cloud computing services, since frequently they do not operate an internal IT infrastructure. The purpose of this paper is to present a total cost of ownership (TCO) approach for cloud computing services.

The authors applied a multi‐method approach (systematic literature review, analysis of real cloud computing services, expert interviews, case study) for the development and evaluation of a formal mathematical TCO model.

It was found that decision processes in cloud computing are conducted ad hoc and lack systematic methods. The presented method raises the awareness of indirect and hidden costs in cloud computing.

Some restrictive assumptions were made. For instance, cost types that focus on an existing internal IT infrastructure were hidden. Future research can combine risk and security aspects by means of a TCO approach. Additionally, benefits management in cloud computing is another new research field that can, for instance, be explored by means of cost‐benefit analyses.

The analysis of relevant cost types and factors of cloud computing services is an important pillar of decision making in cloud computing. The software tool allows for an easy application of the TCO model with reasonable effort.

The paper provides an evaluated mathematical model for the calculation of the TCO of cloud computing services. With this tool, decision makers are able to decide whether outsourcing into the cloud is monetarily attractive; to be more specific, whether the costs associated with cloud computing services are lower than with a pre‐existing infrastructure.