Cloud Sourcing and Paradigm Shift in IT Governance: Evidence from the Financial Sector

In the digital age, organizations are increasingly shifting their applications, services and infrastructures to the cloud to enhance business agility and reduce IT-related costs. However, in moving applications and data to cloud resources organizations face new risks of privacy violations. To manage this risk, organizations need to be fully aware of threats and vulnerabilities affecting their digital re-sources in cloud. Although some previous studies have focused on the emerging challenges of cloud adoption to governance and control, we know little regarding the paradigm shifts in IT governance processes and practices. To address this gap, we conducted an exploratory case study in two large companies in the financial sector. Our findings show that cloud adoption alters the locus and scope of IT governance which consequently compels organizations to rethink their control mechanisms to mitigate security risks. Our findings contribute to the literature on IT governance and IT outsourcing, and support IT executives and decision makers in mitigating the risks of cloud adoption. © 2020, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG.