Internal Threats from CSPs and the Continuance Intention to Use Cloud Computing

There is a growing concern among organizations using cloud computing about the alarming rate of internal attacks on private cloud-stored data such as unauthorized exposure, disclosure, and sale of customer’s confidential information by employees or associates of a cloud service provider (CSP). These unprofessional practices conducted accidentally or intentionally within the infrastructure of a service provider are internal threats. While studies have shown consistently that these unauthorized practices constitute an internal threat to data confidentiality and privacy, researchers are yet to empirically substantiate how these breaches by insiders of CSPs affect an organization’s continuance intention to use cloud computing. Furthermore, available studies on data security have not fully explored the perception of IT managers about how internal threats affect their strategy while making the decision to continue using cloud computing. Using a multinomial logistic regression, this study analyzed data collected from IT managers with cloud experience. Findings of this study indicated that internal threats such as unauthorized exposure, disclosure, and sale of customer’s data to third-party firms by employees of CSPs significantly influence the continuance intention to use cloud computing. This study benefits IT stakeholders by exploring the impacts of internal security lapses from the CSP on the decision of organizations to continue using cloud computing