Risk in Enterprise Cloud Computing: Re-evaluated

A quantitative study was conducted to get the perspectives of IT experts about risks in enterprise cloud computing. In businesses, these IT experts are often not in positions to prioritize business needs. The business experts commonly known as business managers mostly determine an organization's business needs. Even if an IT expert classified a cloud computing risk to be of very high importance, the business manager may not view the risk the same way. Since it is the business manager who determines what gets addressed, mitigating such a high importance risk from technological perspective may not get the business manager's support. The risks in enterprise cloud computing was re-evaluated under qualitative methodology with the IT governance framework and capability maturity model lens. The researcher intent was to determine if business managers perceived risk factors the same way as IT managers. In order to mitigate risks, both managers need to see or understand the importance of such risks the same way. Structured online qualitative survey questions were asked of some business managers and some IT managers about the thirty-nine specified risks as a case study. The participants were chosen from people in the researcher's online professional network. The criteria for participating were two folds: a business or an IT manager of an organization based in Puget Sound area of Washington State. The study results revealed that business managers and IT managers may not always assign the same importance to the specified cloud computing risks. A risk importance was the assessment of the risk from three dimensions: probability, which is the likelihood of the risk occurrence; frequency, the number of occurrence within a period; and impact, the bad effect of the risk on a business when the risk occurs. The conclusion was that business managers do not view the risks' importance the same way as the IT managers. The need exists for these business managers to understand IT processes more. The recommendation was that organizations should allocate resources towards elaborating the importance of the CC risks to the business managers. Future study with more participants and possible industry stratification was also recommended.