Making the decision to contract for cloud services: Managing the risk of an extreme form of IT outsourcingi

Abstract

Obtaining cloud computing services can be viewed as a form of outsourcing, and as such it shares the essential risk profile of all outsourcing contracts concerning opportunistic behavior, shirking, poaching, and opportunistic renegotiation. Developing cloud computing is also an advanced technological development effort, and as such it shares all of the risks of large and uncertain development efforts and the essential risk profile of all development efforts where for a variety of reasons success cannot be ensured, including functionality, political, project, technical, and financial risks. Since E-Government services are almost by definition delivered online, rather than by visiting government service locations or through paper-based interaction, they would appear an obvious candidate for cloud-based delivery; consequently the risks of cloud-based delivery services are of critical interest to the safe execution of numerous E-Government missions. This paper focuses on understanding the risks, both through understanding standards and understanding contracting for cloud services. Standards for cloud computing may reduce many of the risks of opportunistic behavior on the part of vendors. Standards efforts cannot mitigate most of the development risks of cloud computing; no amount of legislation or standardization can make it possible for firms to do that which they could not have done, or that which is indeed algorithmically or computationally infeasible. © 2011 IEEE.