Journal of International Technology and Information Management

Document Type



Privacy and security issues are frequently presented as major inhibitors of cloud adoption. Some of these are operational issues and others relate to regulatory and compliance requirements that vary by industry and location. There is a growing body of guidance that seeks to clarify the implications of these concerns for various parts of the cloud supply chain. This paper provides a review of the business and legal risks associated with cloud computing and critically reviews the guidance available. It pays particular attention to the implications of the PRISM revelations for the development of a cloud marketplace that aims to keep data private and secure. A number of responses to cloud risks are available, including technological fixes and business responses. Each response has its own costs and requirements in terms of organisational capability and the paper evaluates the various responses that potential cloud adopters can use to manage the risks associated with cloud computing.