Perceived IT security risks of cloud computing: Conceptualization and scale development

Abstract

Despite increasing interest in IT outsourcing (ITO) and the various benefits it promises, Cloud Computing (CC) as the currently most prevalent ITO paradigm still entails serious IT security risks. Little attention has been paid so far to fully and unambiguously capture the complex nature of IT security risks and how to measure it. Against this backdrop, we first propose a comprehensive conceptualization of Perceived IT Security Risks (PITSR) in the CC context that is based on six distinct risk dimensions grounded on an extensive literature review, Q-sorting, and expert interviews. Second, a multiple-indicators and multiple-causes analysis of data collected from 356 organizations is found to support the proposed conceptualization as a second-order aggregate construct. The results of our study contribute to IT security and ITO research, help (potential) adopters to assess risks, and enable CC providers to develop targeted strategies to mitigate risks perceived as crucial.