Introduction

Cloud computing (CC) changes how organizations manage their IT landscape, challenges traditional IT governance approaches, and requires organizations to adjust their sourcing processes (Yanosky, 2008; Armbrust et al., 2010; Winkler and Brown, 2013; Ragowsky et al., 2014). With CC, organizations can gain on-demand network access to a shared pool of managed and scalable IT resources, such as servers, storage, and applications (Mell and Grance, 2011). Because IT sourcing decisions entail substantial economic and strategic risks (Martens and Teuteberg, 2009; Benlian and Hess, 2011), managers must have extensive judgment and insight regarding organizational structures, interdependencies, processes, and habits to thoroughly comprehend decision alternatives and the set of required structural choices (McIvor and Humphreys, 2000; Cullen et al., 2005; Moses and Åhlström, 2008; Aubert et al., 2012). However, empirical insight into cloud-sourcing decisions remains scarce (Yang and Tate, 2012).

CC is an evolution and specific form of IT outsourcing (ITO); thus, the extensive body of research on ITO provides a valuable basis for investigating cloud-sourcing decisions. During the last two decades, IS researchers have applied various economic, strategic, organizational, and social theories to identify determinant factors that drive ITO and have produced a considerable body of knowledge on ITO decision making (Dibbern et al., 2004; Lacity et al., 2010). However, rather than leveraging this insightful body of knowledge on ITO, the majority of research on the determinant factors of cloud-sourcing decisions focuses on technological aspects of CC and their implications for decision making (e.g., Koehler et al., 2010; Wu et al., 2011; Brender and Markov, 2013; Gupta et al., 2013; McGeogh and Donnellan, 2013).

The few studies that apply a broader theoretical perspective predominantly draw on transaction cost economics (TCE) (e.g., Benlian et al., 2009; Asatiani et al., 2014). However, traditional, purely economic factors cannot sufficiently explain sourcing decisions for IT services (Vetter et al., 2011; Bidwell, 2012), as the ‘ITO phenomenon is more complex than can be accommodated by one decision-making theory’ (Lacity et al., 2011: 140). Hence, IT sourcing decisions need to be investigated using an integrative research model from multiple theoretical perspectives (Tiwana and Bush, 2007; Benlian et al., 2009; Lacity et al., 2011).

CC and ITO share basic principles, benefits, and challenges (Leimeister et al., 2010; Benlian and Hess, 2011). However, CC bears certain peculiarities, such as shifting task responsibilities, on-demand self-service procurement, advanced governance approaches, and short-term usage-based contracts for standardized services (Susarla et al., 2010; Benlian and Hess, 2011; Malladi and Krishnan, 2012; Chen and Wu, 2013), which require an examination of the ITO literature in the context of CC. This article accordingly aims to identify determinant factors of cloud-sourcing decisions that proved to be robust in extant research on CC and ITO. Specifically, we address the following two research questions: RQ1: What can we learn from the rich body of research on ITO to identify determinant factors of cloud-sourcing decisions? RQ2: Are there differences between the determinant factors of ITO decisions and the determinant factors of cloud-sourcing decisions, and if so, do the peculiarities of CC explain these differences?

To derive determinant factors of cloud-sourcing decisions, we conducted a systematic review of the CC and ITO literature until April 2014 and identified 88 articles that empirically examined IT sourcing decisions. By applying the method of Jeyaraj et al. (2006) to systematically code and aggregate the determinant factors that influence decision making, we aggregated findings from both quantitative and qualitative research. We extracted 111 determinant factors and coded 542 relationships describing the influence of these factors on decision making. Further, to identify differences between the determinant factors of ITO decisions and the determinant factors of cloud-sourcing decisions, we divided the coded relationships into relationships applicable to ITO and relationships applicable to CC. We then compared and contrasted results within the ITO literature with results within the CC literature and identified (i) factors with consistent empirical evidence for CC, (ii) factors with consistent empirical evidence for ITO or the overall sample but only limited evidence for CC, and (iii) factors with inconclusive empirical evidence for CC and ITO. In this article, we discuss whether the peculiarities of CC explain the inconclusive results. Based on our discussion, we derive a set of determinant factors of cloud-sourcing decisions that have proved to be robust in extant research on CC and ITO. Accordingly, we explain which findings from ITO research are applicable to CC and which findings may require reconsideration in the era of CC.

This review answers the appeal of Lacity et al. (2011: 147), who call for the development of an ‘endogenous ITO theory rather than continuing to rely heavily on reference discipline theories’. We draw from research within the IS community, endogenously derive determinant factors of cloud-sourcing decisions, and discuss our findings through the lens of CC peculiarities. In this manner, our results provide a basis for future research and contribute to the development of endogenous theories in the IS domain. Researchers can draw from our derived set of determinant factors of cloud-sourcing decisions to advance research on decision making or acquisition in the field of CC. Practitioners may use the set of determinant factors to guide their procurement processes and to identify challenges that may arise during the adoption, acquisition, or integration of cloud services.

The remainder of this article is organized as follows: first, we provide a background on CC and IT sourcing decisions. We then describe the research method and discuss our findings. We close with a discussion of the implications of our work for future research, the limitations of our work, and a conclusion.

Background

This section defines the CC sourcing model and our unit of analysis. We then differentiate this literature review from existing literature reviews on CC and distinguish CC from ITO to provide a basis for the discussion of our findings.

Cloud computing

CC provides on-demand network access to a shared pool of managed and scalable IT resources on a pay-per-use basis (Mell and Grance, 2011). IT resources refer to hardware (Infrastructure as a Service, IaaS), development platforms (Platform as a Service, PaaS), and applications (Software as a Service, SaaS), and they ‘can be rapidly provisioned and released with minimal management effort or service provider interaction’ (Mell and Grance, 2011: 3). Customers do not own, manage, or operate the underlying infrastructure, platform, or application capabilities but rather access resources remotely through the Internet (Mell and Grance, 2011). The benefits of CC include up-to-date IT resources on a pay-per-use basis with a high degree of flexibility and low upfront capital investment (Armbrust et al., 2010). Research on CC has broadly adopted the CC definition of Mell and Grance (2011), who distinguish five key characteristics, three service models (IaaS, PaaS, and SaaS), and four deployment models (private, public, community, and hybrid cloud). The five key characteristics are the provision of (i) on-demand self-service access to (ii) virtualized, shared, and managed IT resources that are (iii) scalable on-demand, (iv) available over a network, and (v) priced on a pay-per-use basis.

IaaS provides virtualized computing resources (e.g., servers, storage, networks) on which users can deploy, control, and run arbitrary software (including operating systems and applications), but users do not own, manage, and operate these virtualized computing resources (Mell and Grance, 2011). Examples of such services include Amazon EC2 and Rackspace Cloud. PaaS offers a highly integrated environment in which to design, build, test, and deploy custom applications (Foster et al., 2008) ‘without the cost and complexity of buying and managing the underlying hardware and software layers’ (Marston et al., 2011: 178) but with benefits from features such as ‘automatic scaling and load balancing, authentication services, communication services or graphical user interface (GUI) components’ (Leimeister et al., 2010: 5). Examples of these services include Microsoft Azure and Google App Engine. SaaS provides software applications that run on cloud infrastructures, that are remotely accessible through the Internet, and that are typically accessed by end users via a thin client interface (e.g., a web browser). In the context of SaaS, users do not own, manage, or operate the underlying infrastructure, platform, or even individual application capabilities (Mell and Grance, 2011). Examples range from complex enterprise applications, such as SAP Business ByDesign, to office, email, and collaboration services, such as Google Apps.

Public clouds are owned, managed, and operated by external providers and are made available to the general public over the Internet (Armbrust et al., 2010: 50), whereas private clouds are ‘provisioned for exclusive use by a single organization’ (Mell and Grance, 2011: 3) and are not available to the general public. However, given clouds’ public availability, security and privacy have become important concerns in public CC (European Network and Information Security Agency, 2011; Jansen and Grance, 2011). Private clouds are ‘easier to align with security, compliance, and regulatory requirements [than public clouds]’ (Ramgovind et al., 2010: 2), but they offer fewer benefits, for example, in terms of cost reduction and scalability. Mixed forms of private and public clouds aim to combine the benefits of both public and private clouds. Community clouds are ‘controlled and used by a group of organizations that have shared interests, such as specific security requirements’ (Marston et al., 2011: 180), where ‘its strengths and weaknesses fall between those of a private cloud and those of a public one’ (European Network and Information Security Agency, 2011: 55). Hybrid clouds are a combination of public and private cloud services; ‘typically, noncritical information is outsourced to the public cloud, while business-critical services and data are kept within the control of the organization’ (Marston et al., 2011: 180).

During recent years, CC has received enormous attention from academics and practitioners, resulting in a disparate collection of publications from research and practice. To synthesize the body of knowledge on CC, researchers have conducted literature reviews that provide a general overview of CC research (Yang and Tate, 2012), that focus on a specific domain (Ermakova et al., 2013), or that focus on particular aspects, such as security (Khorshed et al., 2012). However, this study is the first to survey and synthesize the literature on IT sourcing decisions, to discuss differences between findings on CC and ITO, and to derive determinant factors of cloud-sourcing decisions. To distinguish this literature review from previous literature reviews, an overview of existing literature reviews on CC is presented in Appendix A.

Cloud-sourcing decisions

The unit of analysis in this article is determinant factors of cloud-sourcing decisions. We define a cloud-sourcing decision as an organization’s decision to adopt and integrate cloud services from external providers into their IT landscape, that is, the customer organization’s assessment of CC offerings from one or more providers in any form of service model (IaaS, PaaS, SaaS) or deployment model (public, private, community, hybrid). We thereby explicitly exclude organizational (internal) activities related to data center virtualization and IT services provided by an internal IT department.

Concerning IT sourcing decisions, researchers have investigated a range of dependent constructs, including the ‘intention to increase the level of SaaS adoption’ (Benlian and Hess, 2011), ‘ASP adoption intention’ (Yao et al., 2010), ‘netsourcing decision’ (Loebbecke and Huyskens, 2006), or the ‘degree of IS outsourcing’ (Ang and Straub, 1998). These examples highlight researchers’ use of different constructs to denote adoption decisions of various sourcing options (e.g., CC, ASP, ITO). In our work, we follow Lacity et al. (2010, 2011) and use one meta-construct to subsume these constructs, that is, the IT sourcing decision.

Cloud computing as new form of ITO

ITO can be defined as ‘the significant contribution by external vendors in the physical and/or human resources associated with the entire or specific components of the IT infrastructure in the user organization’ (Loh and Venkatraman, 1992a: 9). Cost advantages, flexibility, and competitive advantages are possible benefits that have made ITO one of the most important strategic concepts in recent decades (Leimeister et al., 2010) and an intensively studied field within IS research (Dibbern et al., 2004; Lacity et al., 2010).

Application service provision (ASP) is a ‘form of outsourcing, specifically selective outsourcing, where firms rent packaged software and associated services from a third party’ (Bennett and Timbrell, 2000: 196). Jayatilaka et al. (2003) extend this definition and define ASP as an IS application service that is offered, hosted, and managed by a vendor on a rental basis. Researchers argue that SaaS emerged as an advanced form of ASP (Heart, 2010; Benlian and Hess, 2011) and that CC ‘has the same key attributes as the “standard” ASP model, and exposes the user to the same risks’ (Schwarz et al., 2009: 774). The definitions of ASP and SaaS as well as their similarities in strategic, technical, and economic opportunities and risks (Kern et al., 2002; Schwarz et al., 2009; Armbrust et al., 2010; Marston et al., 2011) support this proposition. Furthermore, both ASP and SaaS share similar business and pricing models (Weinhardt et al., 2009). Given the purpose of this research and the similarities between ASP and SaaS, we consider SaaS to be an advanced form of ASP and do not further differentiate these two sourcing options.

CC and ITO share common characteristics and provide similar benefits to users; research findings on ITO adoption are thus applicable to CC adoption to a certain extent (Benlian and Hess, 2011; Malladi and Krishnan, 2012; Chen and Wu, 2013). However, certain peculiarities regarding CC distinguish it from ITO and therefore induce the need to re-examine the determinant factors of sourcing decisions for CC. For instance, compared with traditional ITO, CC induces a shift in task responsibilities during decision processes and self-service procurement, provides standardized services with a narrower scope, enables new scenarios of outsourcing and governance arrangements, and uses short-term usage-based contracts (Susarla et al., 2010; Benlian and Hess, 2011; Malladi and Krishnan, 2012; Chen and Wu, 2013). Table 1 summarizes the major differences between CC and ITO.

Table 1 Comparison of cloud computing and IT outsourcing
Full size table

To determine what we can learn from the rich body of research on ITO and to identify determinant factors of cloud-sourcing decisions, we use the arguments listed in Table 1 as analytical devices to discuss the differences identified in the literature between CC-related findings and ITO-related findings. Therefore, we first survey the literature and aggregate the existing research on IT sourcing decisions. The next section describes our literature search, selection, and coding methods.

Research method

In this section, we first describe the scope of the literature review and the criteria that we applied to identify the 88 relevant articles that were published before April 2014. We then explain the applied method to code and aggregate the determinant factors of IT sourcing decisions.

Scope of the review

To ensure a high-quality literature review, we followed the guidelines by Webster and Watson (2002). This structured approach assumes that the major contributions in a research field are primarily found in journals of high reputation and quality. Therefore, we considered the Senior Scholars’ Basket of Journals (Association for Information Systems, 2011) and the top 50 journals (including selected ACM/IEEE Transactions) of the AIS journal ranking (Association for Information Systems, 2005). To include the latest research on CC but still focus on high-quality contributions, we broadened the scope by additionally considering leading conferences of the IS community. The peer selection of outlets considered in this literature review consisted of 68 journals and 3 conferences (see Appendix B). We aimed to gather all contributions dedicated to CC or related paradigms that focus on sourcing decisions. We therefore searched publications by title, keywords, and abstract using the following list of keywords: (Cloud OR IaaS OR PaaS OR SaaS OR XaaS OR ‘Infrastructure as a Service’ OR ‘Platform as a Service’ OR ‘Software as a Service’ OR ‘IT service’ OR ‘Application Service’ OR ASP OR Outsourcing) AND (Adoption OR Assimilation OR Choice OR Decision OR Determinant OR Diffusion OR Driver OR Infusion OR Inhibitor OR Option OR Select OR Usage OR Use).

Inclusion and exclusion criteria

We included only completed peer-reviewed research articles that empirically investigate organizational sourcing decisions in the context of CC, ASP, or ITO and excluded conceptual articles, news articles, and reviews of prior research. To transfer findings from the ITO context to the CC context and to discuss what the literature on cloud-sourcing decisions can learn from the literature on ITO decisions (i.e., which findings are transferable to the CC context and which findings might require reconsideration), we had to limit the context of the ITO articles included to a common denominator. Therefore, studies concerning ITO were included only if they investigate sourcing decisions that are similar to sourcing decisions for cloud services. We used the following inclusion criteria for the selection process:

Applicability to CC

When considering articles concerning ITO, we referred to the descriptive ITO framework of de Looff (1995), who describes which parts of an organization’s IT function are outsourced according to three dimensions:

  • functional information systems (the business process that a system supports or controls, such as customer relationship management or order scheduling);

  • components (hardware, software, data, personnel, and procedures); and

  • activities (planning, development, implementation, maintenance, and operation).

For example, an organization can outsource the development of the software for a customer relationship management system. To include only outsourcing types that are comparable to sourcing decisions concerning one of the three cloud service models (IaaS, PaaS, and SaaS), we included only articles that investigate selective outsourcing of at least the maintenance and operation of the hardware or software of any functional information system to an external provider while keeping the business process itself in-house. Therefore, we excluded, for example, research focusing on software development, help desk, desktop maintenance, or business process outsourcing, as these types of outsourcing are specific in terms of the associated managerial problems, required capabilities, and implications for the workforce (Lacity and Hirschheim, 1993b; Baldwin et al., 2001; Wholey et al., 2001). For studies that investigate the outsourcing of multiple functions and that distinguish their results according to outsourced functions, we referred to the subsample and results of the outsourced function that is similar to CC (e.g., we used the subsample of ‘system & data center operations’ in Dibbern and Heinzl (2009)).

External services

This research focuses on services delivered by external providers. We excluded organizational (internal) activities related to data center virtualization and IT services provided by the internal IT department, as the managerial implications of internal IT service provision differ from those of outsourcing. For instance, internally delivered cloud services are easier to align with security, compliance, legal, and regulatory requirements than externally delivered cloud services (European Network and Information Security Agency, 2011). Thus, inhibitors such as data location (Browning and MacDonald, 2011), vendor lock-in (Armbrust et al., 2010), and loss of control (Spink, 2010) play a subordinate role in internal cloud service provision.

Private sector

Because certain factors play a significant role in public sector sourcing decisions but not in private sector sourcing decisions (Arlbjørn and Freytag, 2012), we included only articles that investigate sourcing decisions for private sector organizations. For instance, only cloud service providers that are certified by the Federal Risk and Authorization Management Program (FedRAMP) are allowed to provide cloud services for US public sector organizations (General Services Administration, 2012). Furthermore, specific laws and regulations apply (e.g., the Federal Information Security Management Act of 2002; Title 44 US Code § 3541, et seq.), and different stakeholders or forces have a voice in public sector sourcing decisions (e.g., the government). Thus, to retain focus on a similar set of outsourcing decisions, we excluded public sector studies (e.g., Janssen and Joha, 2011).

Identification of 88 empirical articles on IT sourcing decisions

Execution of the search string and application of the defined inclusion criteria resulted in 48 relevant articles. Backward search (14 relevant articles) and forward search (14 relevant articles) were conducted subsequently. Additionally, we conducted a backward search on selected CC and ITO literature reviews (Lacity et al., 2009; Martens and Teuteberg, 2009; Lacity et al., 2010, 2011; Venters and Whitley, 2012; Yang and Tate, 2012) and identified 12 additional relevant articles. Thus, the total set of articles considered in this literature review includes 88 articles that have been published before April 2014 without limiting the time frame (see Appendix C for a list of all articles). In total, 60 articles (68%) are quantitative, and 28 are qualitative (32%). The majority of the articles originate from the ITO research stream (45 articles, 51%). ASP is the focus of 20 articles (23%), and CC is the focus of 23 articles (26%), 12 of which are dedicated to SaaS and 11 of which are dedicated to general CC.

Variable coding

We coded the 88 relevant articles based on the method developed by Jeyaraj et al. (2006) and applied to the ITO context by Lacity et al. (2010, 2011). The applied method enabled us to include results from both qualitative and quantitative studies. To aggregate the findings across studies, we adapted the iterative method of Lacity et al. (2010) that requires individual articles to be coded multiple times. In each iteration, we followed a three-step approach to examine a set of 20 randomly selected articles. To ensure consistent coding, two researchers independently coded all of the articles and discussed any conflicting results after each iteration.

Step 1: Code author variables

For each independent and dependent variable in an article, we coded the name and definition as given by the authors (‘author variable’ and ‘author variable definition’).

Step 2: Code relationships

We coded each examined relationship between the independent and dependent variables. To uniformly code the relationships between the independent and dependent variables from qualitative and quantitative studies, we applied the coding template of Lacity et al. (2010), which is depicted in Table 2. For each relationship, one of four possible values was assigned (+, −, M, 0).

Table 2 Relationship coding scheme, adapted from Lacity et al. (2010)
Full size table

Step 3: Code master variables

We independently combined and aggregated the coded author variables (see step 1) and developed a set of ‘master variables’ and ‘master variable definitions’ (see Appendix E for the variable definitions). Each researcher independently mapped the author variables of the 20 articles on the master variables. The master variables were complemented by new master variables in each iteration. If new variables were added, then previously coded articles were re-examined to determine whether any variables needed to be refined based on the addition of the new master variables. After each iteration, we met and discussed the master variables and relationship coding. Variable definitions as well as conflicting mappings and relationships were discussed and adapted. This process continued until all of the articles were coded.

Verification of coding and grouping of master variables

One researcher conducted a final check through all of the articles and coded relationships to ensure that all of the variables were coded consistently with the master variable list. For consistency checks, each master variable definition was cross-checked with the definitions of all of the author variables mapped on the master variable as well as the definitions from seminal theoretical articles (e.g., Williamson (1981) for asset specificity).

To facilitate discussion of a large number of variables that cover diverse facets of IT sourcing, we categorized the variables into seven broader categories. We divided the factors into the following categories: asset characteristics, technology characteristics, solution characteristics, client firm characteristics, individual characteristics of the decision maker, environmental characteristics, and vendor firm characteristics. The variables and categories evolved inductively from the literature.

Identification of determinant factors of cloud-sourcing decisions

To identify the determinant factors of cloud-sourcing decisions with consistent results in previous research, we counted the number of times that the relationship between a master variable and the dependent meta-variable IT sourcing decision was studied and the number of times that this relationship is reported to be positively significant, negatively significant, nonsignificant, or significant but non-directional (e.g., categorical variables, see Table 2). Next, we applied the decision rule of Lacity et al. (2010) and identified master variables that have been examined multiple times and that have produced consistent results. In terms of multiple examinations, we extracted all of the master variables that were empirically examined to influence sourcing decisions at least five times. In terms of consistent results, we selected only master variables for which at least 60% of the findings are consistent (i.e., significantly positive, significantly negative, or significant but non-directional). This minimum threshold ensures that more than half of the evidence produced the same findings.

We then divided our coding results into two batches. The first batch consists of coded relationships between the master variables and sourcing decisions in the ITO context, and the second batch consists of coded relationships between the master variables and sourcing decisions in the CC context (including ASP because we treated ASP as form of SaaS; see background section). We assessed each extracted master variable by comparing and contrasting the coded relationships for CC and ITO. The next section reports the results of our assessment and presents the factors with consistent empirical evidence for CC, the factors with consistent empirical evidence for ITO but only limited evidence for CC, and the factors with contradicting or inconclusive findings in the CC and ITO contexts.

Findings

The coding of 88 empirical articles on IT sourcing decisions resulted in 625 relationships between the independent and dependent variables, of which 542 have a direct influence and 83 have an indirect influence (e.g., second-order constructs or moderators) on IT sourcing decisions. Of the 542 relationships related to sourcing decisions, 272 were coded for the CC model, and 270 were coded for the ITO model. We aggregated the independent variables for all studies into a set of 111 independent master variables (see Appendix E for the definitions). The entire coding scheme is available from the authors upon request.

Appendix D lists the set of 111 master variables and the 542 aggregated relationships between the master variables and sourcing decisions. Appendix D provides details on the most frequently studied variables in the CC and ITO contexts as well as results from empirical examinations of the relationships between the independent variables and IT sourcing decisions. The findings are briefly discussed below.

Asset characteristics

We denote the asset as an object of the sourcing decision, that is, the object being outsourced. Asset characteristics are specific to the type of asset that is considered for sourcing from an external service provider, such as the strategic importance of the application being outsourced. Independent variables that examine the influence of asset characteristics on sourcing decisions are the most frequently studied among the seven categories. This category contains 17 independent variables that have been examined 140 times. Cost savings is the most commonly studied determinant (51 times: 22 times for cost savings in general, 20 times for production costs, and 9 times for transaction costs), followed by asset specificity (37 times: 15 times for technical specificity, 11 times for site specificity, and 11 times for human asset specificity), and the strategic importance of the asset (13 times).

The results for only two variables (cost savings and the strategic importance of the asset) are consistent for both CC and ITO (i.e., the same findings at least 60% of the time and at least five examinations for both CC and ITO). The results for the two variables measurement problems and technical complexity are consistent for ITO only, as research on this variable in the CC context is lacking. Further, the results for cost uncertainties are consistent in the overall sample, but research on this variable is lacking in both subsamples (investigated fewer than five times in each subsample). Finally, the results for asset specificity are consistent for CC but inconsistent for ITO.

Solution characteristics

Solution characteristics denote characteristics that are specific to a concrete solution (i.e., a cloud service), such as functional characteristics or contract specifics. The solution characteristics category consists of seven independent variables whose influence on sourcing decisions has been examined only eight times. Consequently, because of a lack of empirical evidence, none of the variables meets our inclusion criteria. The only independent variable whose influence on sourcing decisions was studied twice is perceived contract clarity, and both studies report a positive, significant relationship between perceived contract clarity and sourcing decisions (Pinnington and Woolcock, 1995; Currie et al., 2004).

Technology characteristics

Technology characteristics include determinant factors that are inherent to the particular sourcing option (i.e., CC or ITO), such as the risk of losing access to data and the benefits of increased scalability. Researchers have investigated a rich array of technology characteristics as determinant factors of IT sourcing decisions, predominantly concerning the risks or benefits of the desired sourcing option. In all, the relationship between technology characteristics and sourcing decisions has been examined 128 times. Technology characteristics include 19 independent variables, nine of which are specific benefits and four of which are specific risks of the examined sourcing option. Some studies aggregate several risks or benefits within one generic risk/benefit construct (e.g., Daylami et al., 2005), others investigate how specific risks/benefits influence sourcing decisions (e.g., Saya et al., 2010), and others employ a two-stage model (e.g., Benlian and Hess, 2011). Some technology characteristics are conceptualized as benefits (e.g., better security (Gupta et al., 2013) or increased availability (Currie et al., 2004)) as well as risks (e.g., availability risks (Lechesa et al., 2011) or security risks (Wu et al., 2011)). The most frequently examined benefits are access to specialized resources (20 times), a focus on core competencies (17 times), and flexibility (16 times). The most frequently examined risks are security concerns (15 times), loss of control (eight times), and availability concerns (five times).

The results for only two independent variables are consistent for CC and ITO decisions (access to specialized resources and flexibility gains). The result for security risks, availability risks, reduced time to market, and perceived complexity are consistent for CC, but research on these variables in the ITO context is lacking. Focus on core competencies and quality improvements have consistent results in the ITO context; however, research on these variables in the CC context is lacking. The results for risk of losing control are consistent in the overall sample, but research on this variable is lacking in both subsamples.

Client firm characteristics

With 24 independent variables, the client characteristics category contains the most variables among the seven categories. Researchers have examined the influence of client characteristics on sourcing decisions 127 times. Client size is the most frequently discussed variable in this category (26 times). Furthermore, researchers have investigated determinant factors such as internal IT capabilities (22 times) and industry (10 times). Only the results for industry are consistent results with both models. The results for top management support are consistent for ITO only, as findings on this variable in the CC context are scarce. Further, the results for internal IT capabilities are consistent for ITO but inconsistent for CC, and the results for client size are inconsistent with both models. The results for strategic vulnerability are consistent in the overall sample, but research on this variable is lacking in both subsamples.

Individual characteristics

Findings on the individual level are scarce, as most articles adopt a firm-level perspective. This category contains 13 variables, which researchers examined 22 times in relation to sourcing decisions. Only the influence of a decision maker’s attitude toward outsourcing has been examined more than five times, and the results are consistent in the overall sample, but research on this variable is lacking in both subsamples.

Environmental characteristics

Overall, the 23 variables within the category of environmental characteristics have been examined 86 times. In our sample, uncertainty (24 times: 17 times for environmental uncertainty and seven times for behavioral uncertainty), market maturity (16 times), and institutional influences (24 times: 14 times for mimetic pressures, six times for coercive pressures, three times for normative pressures, and one time for an aggregated construct) are the most commonly examined independent variables. Market maturity is the only independent variable with consistent results across both models. The results for uncertainty are inconsistent for both CC and ITO, while the results for institutional influences are consistent for ITO but nonsignificant for CC.

Vendor firm characteristics

Vendor characteristics include eight variables that have been examined 31 times in total. Vendor service capability (14 times), support (four times), and trustworthiness (three times) are the most commonly examined independent variables in this category. Service capability is the only independent variable that has been examined more than five times, and the results are consistent for CC, although research on this variable in the ITO context is lacking.

Intermediate summary of findings

A comparison of findings from the ITO literature with findings from the CC literature, as summarized in the preceding section, revealed three types of determinant factors: (i) factors with consistent empirical evidence regarding their influence on cloud-sourcing decisions; (ii) factors with consistent empirical evidence regarding their influence on IT sourcing decisions but only limited evidence for the CC context (examined fewer than five times in the CC context); and (iii) factors with inconclusive empirical evidence in the CC and ITO contexts. For the first type of factors, the empirical results are consistent in the CC literature and are lacking in the ITO literature or are consistent in both the ITO literature and the CC literature. For the second type of factors, consistent empirical results have not yet been reported in the CC literature, but they show promise as determinant factors of cloud-sourcing decisions because the results for these factors are consistent in the overall sample and/or in the ITO sample. The third type of factors requires further discussion because the results for the two subsamples are inconclusive. Since the results for factors of type (i) and (ii) are already consistent in the literature (for either CC or ITO or for both), we do not further discuss these factors. We include these factors in our suggestions for further research, as researchers have already provided strong empirical evidence for their influence on IT sourcing decisions. Figure 1 depicts the derived factors of type (i) and (ii). To identify the most robust findings, we adapt a tiered legend from Lacity et al. (2010), which is based on the proportion of consistent findings in the overall sample. We use the symbol ‘++’ if more than 80% of the evidence shows a positive and significant relationship between the independent variable and the dependent variable (IT sourcing decision). We use the symbol ‘+’ if 60%–80% of the evidence is significantly positive. Likewise, we use ‘−−’ for relationships that are shown to be significantly negative more than 80% of the time and ‘−’ if 60%–80% of the evidence is significantly negative. The symbol ‘✓’ indicates for each subsample (CC, ITO) whether a factor is examined at least five times with consistent evidence, while the symbol ‘•’ indicates that the factor lacks examinations for the subsample (less than five times examined).

Figure 1
figure 1

Determinant factors with consistent empirical evidence regarding the influence on IT sourcing decisions.

Full size image

To fulfill the objective of this article and to maintain a concise and meaningful discussion, the next section focuses on the puzzling differences and inconclusive findings in the determinant factors of sourcing decisions between CC and ITO. Table 3 summarizes the factors with inconclusive results.

Table 3 Determinant factors with inconclusive empirical evidence regarding the influence on ITO decisions and the influence on cloud-sourcing decisions
Full size table

Discussion of findings

In this section, we discuss the factors with inconclusive and contradicting results in the CC and ITO contexts. We therefore use the arguments in Table 1 (see background section) to examine whether the inconclusive findings can be explained by peculiarities in the CC sourcing model. We discuss each factor according to the following structure. First, we summarize the main results of the articles that examined each factor. We then discuss why there may be inconsistencies between the CC and ITO contexts and offer recommendations for future research based on our discussion. Table 4 summarizes the factors that we discuss in this section, the arguments regarding which peculiarities of CC (see Table 1) could explain the identified inconsistencies, and the factors that might induce context-specific results because of interaction effects with other factors.

Table 4 Summary of discussion of inconclusive findings, the peculiarities of CC that might explain the inconclusive findings, and recommendations for future research
Full size table

Asset characteristics

Asset specificity is used in reference to three major categories of assets: site specificity, physical asset specificity (also referred to as technical specificity), and human asset specificity (Williamson, 1981).

Site specificity is examined 11 times in total, including eight times for CC and three times for ITO. Except for one occurrence for CC (Loebbecke and Huyskens, 2006), all findings show a significant, negative influence of this factor on sourcing decisions (91%) (e.g., Dibbern et al., 2003). Hence, the findings are consistently negative for CC and for the overall sample, but there is a lack of evidence regarding this factor in the ITO context.

The increased network dependence of CC increases the risks that affect site specificity, such as the risk of service breakdowns because of possible network outages, which may result in a temporary loss of access to data. Hence, site specificity requires particular consideration for assets that are required on a daily basis (e.g., a customer relationship management system). Furthermore, resource pooling increases the risk of information leakage (Brender and Markov, 2013) resulting from malicious behavior in shared environments (Subashini and Kavitha, 2011). In this context, site specificity concerns not just specific resources that are only available on-site (e.g., geographical location of an investment) but also restrictions on the data that are stored and processed within the asset (Rieger et al., 2013). Hence, site specificity requires particular consideration for assets that store sensitive data or that are liable to specific regulatory requirements (e.g., accounting systems). Site specificity may also be moderated by differences between service models, for instance, an asset that bears a strong competitive advantage, such as an advanced algorithm or a newly developed method (e.g., ‘Summly’ (Lessin, 2013)). A company may not want to outsource software development to an external contractor because knowledge could be leaked (high site specificity). However, running the algorithm in compiled code with external IaaS or PaaS solutions to increase the scalability of its use could be a valid sourcing option. By contrast, if a strategic advantage does not evolve from the asset to be outsourced (e.g., an application) but rather emerges from the data that are stored within the application (e.g., highly detailed consumer data that are stored in a market researcher’s database), then cloud sourcing may not be a feasible option. Companies that rely on their unique data cannot allow such data to leak. However, outsourcing the software development of the application that grants access to their database may be an acceptable solution for such companies.

As discussed above, several indicators facilitate the need for context-specific considerations of site specificity as a determinant of cloud-sourcing decisions. In particular, we emphasize the need to distinguish the influence of site specificity according to the type of asset that is outsourced and the service model that is under consideration.

The relationship between technical specificity and sourcing decisions is examined 15 times in the examined articles, including 10 times in the CC context and five times in the ITO context. For ITO, the results for technical specificity are inconsistent (a significantly negative influence two of five times (40%) (Aubert et al., 1996; Wholey et al., 2001) and a significantly positive influence one of five times (20%) (Aubert et al., 2004). For CC, six of the ten studies (60%) are consistent and report a significant, negative influence (e.g., Watjatrakul, 2005). However, 20% (two of ten times) report a significant, positive relationship (Diana, 2009; Asatiani et al., 2014), which is contrary to the predictions of TCE, and an additional 20% report no significant relationship (Loebbecke and Huyskens, 2006; Benlian et al., 2009).

Loebbecke and Huyskens (2006) argue that technical specificity may nevertheless generate transaction costs when applications are run remotely, but these increased transaction costs do not exceed cost savings arising from economies of scale. Thus, these cost savings may simply outweigh issues related to technical specificity. Furthermore, the influence of technical specificity is expected to vary with company size (Benlian, 2009; Asatiani et al., 2014). For instance, Benlian et al. (2009) find that technical specificity has the strongest effect on large enterprises because large enterprises tend to have complex, highly specific business processes in place that are supported by fragmented IT infrastructures with legacy systems and heterogeneous applications. Thus, the role of technical specificity may vary with company size when applications or infrastructure components are outsourced.

Increasing standardization efforts in the field of CC (Bernnat et al., 2012), open interfaces, interoperability, and custom-built mash-ups of cloud services enable customers to build highly specific solutions that may reduce the negative influence of technical specificity in the CC context. The market for SaaS is growing, and external business applications are increasingly provided externally (Winkler and Brown, 2013). Organizations are able to use cloud services even for complex enterprise software, such as enterprise resource planning or customer relationship management. Diana (2009) argue that highly complex IT environments may present more opportunities for outsourcing arrangements (e.g., outsourcing single, highly specific applications to an external cloud service provider). However, SaaS solutions are limited in terms of their customizability, which limits the uniqueness of assets that are sourced via CC. Therefore, assets with low technical specificity might be more suitable for SaaS-based sourcing (Benlian et al., 2009). Highly technically specific assets that exceed the configuration and customization limits of SaaS solutions may nevertheless be candidates for outsourcing the underlying infrastructure or platform of assets to IaaS or PaaS solutions.

As Lacity et al. (2011) note, the main constructs of TCE were developed in the 1930s and were tested and validated in product-sourcing contexts such as coal, petroleum coke, and natural gas markets. Considering the inconsistencies found in their review, the authors ask whether ‘theories based on evidence from sourcing products [can] be appropriate for studying ITO services’ (Lacity et al., 2011: 145). For IT sourcing, TCE constructs have been used in product purchasing, such as software acquisition or software development outsourcing (Tiwana and Bush, 2007), as well as in service sourcing, such as BPO (Tanriverdi et al., 2007) or CC (Benlian et al., 2009). The inconclusive findings regarding the influence of technical specificity on sourcing decisions in the ITO context have been extensively discussed in recent literature reviews (Alaghehband et al., 2011; Lacity et al., 2011). Because we found consistent empirical support for technical specificity in the context of CC, we recommend that further research examine technical specificity in cloud-sourcing decisions. In particular, differences in service models and differences according to company size may be eminent, as discussed above.

Human asset specificity yields inconsistent results. In total, the relationship between human asset specificity and sourcing decisions is studied 11 times: 2 times in the context of CC and nine times in the context of ITO. In both instances (100%) in the CC context, the relationships are nonsignificant (Loebbecke and Huyskens, 2006; Schwarz et al., 2009). In the ITO context, a significant, negative relationship is reported five of nine times (56%) (e.g., Jain and Thietart, 2013), and a nonsignificant relationship is reported four times (44%) (e.g., Dibbern and Heinzl, 2009).

Considering CC as ‘infinite computing resources available on demand, quickly enough to follow load surges’ (Armbrust et al., 2010: 50), we argue that IaaS and PaaS solutions may be particularly suitable for assets with high levels of technical complexity and human asset specificity. IaaS and PaaS enable organizations to outsource technically complex tasks (e.g., managing infrastructures of assets with extensive availability and security requirements and uncertain load surges) to an external vendor while ensuring that tasks requiring integrative knowledge of the business, processes, and environment of an organization remain in-house (e.g., highly customized software that supports core business processes and that yields a competitive advantage). This argument is supported by the findings of Aubert et al. (2012), who report that organizations are more likely to outsource if the degree of technical skills required is high (high technical complexity) and are less likely to outsource if the degree of business-related skills is high (high human asset specificity). In this vein, assets with high technical complexity and low human asset specificity may be more suitable for SaaS solutions because with decreasing human asset specificity, the tasks to execute can be served by standardized software services with open APIs to connect to more specific business functions or assets within an organization.

Only two studies have examined human asset specificity as a determinant of cloud-sourcing decisions; thus, we lack empirical evidence to further assess our argument in this discussion. Hence, we recommend further empirical research on the interaction effects of technical complexity and human asset specificity for IaaS/PaaS and SaaS solutions.

Client firm characteristics

Results regarding the influence of a client firm’s internal IT capabilities on sourcing decisions differ between the CC (inconsistent influence) and ITO (consistent negative influence) contexts. The relationship between a client’s internal IT capabilities and sourcing decisions is studied 22 times in the examined articles, with 14 articles concerning CC and eight articles concerning ITO. For CC, four of the 14 (29%) articles report a significant, negative relationship between internal IT capabilities and cloud-sourcing decisions (e.g., Kern et al., 2002), and six of the 14 (43%) articles report a significant, positive relationship (e.g., Lian et al., 2014). Of the eight investigations in the ITO context, seven (88%) report a significant, negative relationship (e.g., Kern et al., 2002).

Schwarz et al. (2009: 771) argue that limited support for internal IT capabilities is observed because there is ‘an abundant supply of IT personnel with adequate technical expertise’; thus, gaps in internal IT capabilities can be easily filled. Kern et al. (2002) argue that companies outsource their IT activities because of a lack of trained and skilled IT personnel, whereas others argue for internal IT capabilities as a prerequisite for integrating cloud services into an organization’s IT landscape (e.g., Currie et al., 2004; Lian et al., 2014). However, IT capabilities are specific to the service model that is used.

For IaaS or PaaS, which require cloud-specific knowledge of software architects, internal IT capabilities are a prerequisite for adopting IaaS or PaaS services; thus, a lack of IT capabilities would inhibit cloud sourcing. For SaaS, the lack of internal IT capabilities might be a driver if software applications cannot be developed, maintained, and operated in-house (e.g., Morabito, 2003).

A lack of internal IT capabilities can be addressed either by gaining competencies (e.g., hiring experts, training existing personnel) or by delegating IT tasks to external providers (i.e., outsourcing). Thus, the desire to hire IT personnel may be an indication of a lack of IT capabilities. Qu and Pinsonneauli (2011) find that companies that have hired or attempted to hire staff with special IT skills in the recent past are more likely to outsource IT; the authors do not distinguish between successful and unsuccessful recruiting. In the context of ITO, unsuccessful recruiting may drive outsourcing because training personnel is the only alternative, which might not be suitable if, for instance, time pressure exists. However, in the context of CC, particularly IaaS and PaaS, unsuccessful recruiting may instead inhibit the adoption of infrastructure or platform services because the necessary skills to leverage cloud benefits and to deploy cloud application may be lacking.

We recommend that further research differentiate between successful and unsuccessful recruiting activities as indicators of a lack of IT capabilities and account for IT capabilities as a driver or inhibitor depending on the service model under consideration. We argue that the contradictory findings regarding IT capabilities in the CC context can be ascribed to the new role of the IT department as a service integrator and the novel capabilities that are required (Ragowsky et al., 2014) as well as to the capabilities required for different service models.

The size of the client organization is measured in various ways, such as in terms of employees (e.g., Guenther and Tamm, 2002), market capitalization (e.g., Hall and Liedtka, 2005), total assets (e.g., Loh and Venkatraman, 1992a), total sales (e.g., Nam et al., 1996), or a combination of these measures. The influence of a client’s company size on sourcing decisions is frequently discussed in the literature, but inconsistent results are reported. In our sample, client size is studied 26 times, including 14 articles considering CC and 12 articles considering ITO. For CC, two of the 14 (14%) articles report a significantly positive relationship (Diana, 2009; Low et al., 2011), three (21%) report a significantly negative relationship (e.g., Guenther and Tamm, 2002), and three (21%) provide evidence of a non-directional relationship (e.g., Yao et al., 2010). For ITO, five of the 12 (42%) articles report a significantly positive relationship (e.g., Hall and Liedtka, 2005), and one article (8%) provides evidence of a non-directional relationship (Gonzalez et al., 2005b).

Although the findings of CC and ITO studies may be inconsistent, CC studies tend to find a negative relationship, whereas ITO research tends to find a positive relationship. However, such an argument must be used with caution given that organization size is not a significant determinant in nearly half of the reported results (46%). Ang and Straub (1998), who find a significant, positive relationship between client size and sourcing decision, argue that small organizations have greater difficulty generating economies of scale in their IT operations that allows them to justify internal operations. Arguments for client size not being a significant determinant include that the findings are ‘generally robust and valid across firms differing in sizes’ (Loh and Venkatraman, 1992a: 20) and that ‘SaaS-based outsourcing is not only targeted at SMBs [small and medium-sized businesses], but also a valid sourcing option for larger corporations’ (Benlian et al., 2009: 367). The three studies that report a negative relationship between client size and sourcing decisions are those concerning software services, and these studies argue that there might be ‘external factors at work [e.g., economical or psychological] that cause smaller companies to be more open towards the ASP approach’ (Guenther and Tamm, 2002: 1545). Consistent with this argument, Kern et al. (2002: 171) propose that ‘small and medium sized companies are especially interested in ASPs because they can get access to strategic resources which are often prohibitively costly yet essential […] to remain resource competitive against large enterprises’. According to the findings of Benlian (2009), client size has a significantly negative association with SaaS-based sourcing within subgroups of SMBs and large enterprises but has no associate across groups. However, their findings also indicate that that SMBs tend to take greater advantage of flexible software sourcing models than large corporations but that they have narrowing future adoption rates (Benlian, 2009). These findings are similar to the findings of Yao et al. (2010), who observe a U-shaped relationship between client size and sourcing decisions, meaning that small companies and large companies tend to have greater intention to adopt ASP than medium-sized companies. A similar U-shaped relationship is confirmed by Berg and Stylianou (2009).

Small or medium-sized enterprises (SMEs) in particular must interact with cloud-service providers in a self-service manner and must gather information themselves (Wollersheim et al., 2013). With CC, task responsibilities shift between the provider and customer (Susarla et al., 2010). The provider is responsible for activities such as the provision and maintenance of underlying infrastructure and software applications. However, responsibilities for verifying requirements can shift from providers to customers. Additionally, CC allows business divisions to procure IT services by themselves. There is no need for administrator privileges to install local applications on end users’ devices if cloud services are accessible via a Web browser. Cloud services encapsulating functionality tailored to single divisions typically incur expenses within the monthly underwriting limits of division managers without the need for approval from higher levels of the organizational hierarchy (so-called ‘shadow IT’). These factors encourage business divisions to procure dedicated cloud services autonomously. Consequently, the sourcing process, as well as the constitution of the procurement team, in CC differs from traditional sourcing processes that include requests for information or requests for proposals. Such a self-service evaluation accompanies the use of trial cloud services and a process of reflecting on user-generated content such as blogs and forums. In other research contexts, user-generated content has proved to be particularly influential on decision making during the initial screening stage (Aggarwal and Singh, 2013). Therefore, SMEs may have different decision outcomes depending on factors such as adapted procurement processes or different constellations, roles, and division of labor within the procurement team (Kans, 2012; Fulk, 1993).

Furthermore, we want to stress that research on sourcing decisions concerning ‘green field’ vs ‘switching’ is lacking. For instance, startups or SMEs that do not have specific applications in use (e.g., a project management software) or large organizations launching a new software product may consider different factors than an organization migrating an existing product to the cloud (Serva et al., 2003).

Reflecting on the above-discussed findings, we argue that company size plays a role in cloud-sourcing decisions and recommend that further research examine this determinant factor, particularly given the self-service procurement of CC and the differences that might occur when replacing an existing system or adopting a new system.

Environmental characteristics

Uncertainty refers to the degree of unpredictability, complexity, and imperfect information that is inherent to a transaction. Two types of uncertainty exist: behavioral uncertainty and environmental uncertainty (Williamson, 1985).

In total, the relationship between environmental uncertainty and sourcing decisions is studied 17 times, including nine times in the CC context (inconsistent findings) and eight times in the ITO context (inconsistent findings). For CC, the relationships are significantly positive three of nine times (33%) (e.g., Asatiani et al., 2014), whereas the relationships are significantly negative five of nine times (56%) (e.g., Benlian, 2009). In the ITO context, the relationships are significantly positive three of eight times (38%) (e.g., McLellan et al., 1995), whereas the relationships are significantly negative four of eight times (50%) (e.g., Nam et al., 1996).

Environmental uncertainty is conceptualized in terms of technological uncertainty (e.g., Ang and Cummings, 1997), demand uncertainty (e.g., Aubert et al., 2012), requirement uncertainty (Apte et al., 1997), product uncertainty (Asatiani et al., 2014), or overall uncertainty in the external environment (e.g., Nam et al., 1996). When examining the various conceptualizations of environmental uncertainty separately (e.g., technological uncertainty vs product uncertainty), the results are inconclusive as well, predominantly because of the lack of studies using each conceptualization.

To understand the inconsistent findings in the CC context, we consider the diverging conceptualizations of environmental uncertainty and distinguish demand uncertainty (uncertainty in the volume of resources that will be required) and product uncertainty (difficulties in evaluating the capabilities of different cloud services because of information asymmetries). The on-demand pricing model of CC bears the risk of unpredicted costs or economic denial of service attacks (Brender and Markov, 2013). However, flat-rate pricing models or pricing models based on the number of registered users do not carry such risks (Koehler et al., 2010). Furthermore, under- or overutilization of resources can be compensated by a flexible contractual mode and can outweigh cost unpredictability (Saya et al., 2010). Thus, we argue that a high level of demand uncertainty positively affects cloud sourcing. In contrast, a high level of product uncertainty owing to information asymmetries may negatively affect cloud sourcing. SMEs in particular demand decision support through contractual or reputational mechanisms to mitigate such uncertainties (Benlian, 2009), for instance, certifications of cloud services (Lansing et al., 2013; Sunyaev and Schneider, 2013).

Considering the inconsistent findings for environmental uncertainty and reflecting on these findings with respect to the specific characteristics of CC (i.e., measured, on-demand self-service over a network), we argue that environmental uncertainty requires further consideration as a determinant of cloud-sourcing decisions, and we specifically differentiate between demand uncertainty as a driving factor and product uncertainty as an inhibiting factor.

Behavioral uncertainty is examined seven times: two times for CC and five times for ITO. Both studies in the CC context report a nonsignificant influence of behavioral uncertainty on sourcing decisions (Serva et al., 2003; Watjatrakul, 2005), whereas three of five (60%) of the studies in the ITO context are consistent and report significantly negative relationships (e.g., Dibbern et al., 2003).

Opportunism is a threat only for markets with a small number of vendors (Williamson, 1975). The contractual mode of cloud services with short-term contracts enables clients to switch between providers for standardized, commodity-type services at a low cost, thereby increasing the client’s willingness to switch vendors if the client is not satisfied with the outsourcing arrangement (Whitten et al., 2010). However, low-cost switching applies only to standardized services (e.g., low technical specificity) with many available provider options. Highly specialized services, which are difficult to replace and lack open interfaces, might be more difficult to source via CC. Thus, the type of asset and the interference of other factors may play a role in the influence of behavioral uncertainty on sourcing decisions. For instance, a highly mature cloud market with a high density of reputable providers may decrease the potential for opportunistic behavior (Asatiani et al., 2014). Further research is required to establish the validity of this argument.

Behavioral uncertainty induces the need to increase investments in monitoring and enforcement (Watjatrakul, 2005). The usage-based pricing models and intangibility of cloud services increase the complexity of performance measurement for clients because clients lose control over the asset and must cope with the tools and information that the vendor provides. However, sophisticated monitoring tools that providers need to establish to measure their services for billing purposes can be provided to clients as self-service reporting and monitoring tools. Hence, clients are able to thoroughly monitor services, which would not be possible with in-house service provision. Increased ease of monitoring does not necessarily decrease the risk of opportunistic behavior (Alaghehband et al., 2011), but may moderate the negative influence of behavioral uncertainty on sourcing decisions.

Research has also shown that uncertainty (behavioral and environmental) interacts with other determinant factors. For instance, Watjatrakul (2005) investigate the interference of strategic importance, asset specificity, and uncertainty. Their findings indicate that nonstrategic resources are not necessarily candidates for outsourcing; however, the interaction of the three factors plays an important role in sourcing decisions. These authors present evidence that in a highly uncertain environment, nonstrategic resources with both low and high levels of specificity are maintained in-house; by contrast, in an environment with low behavioral uncertainty, resources that are highly specific and nonstrategic are maintained in-house. Thus, organizations tend to use their specific knowledge to control for uncertainties on an internal level. These findings are consistent with the findings of Jain and Thietart (2013), who report that the risk of the expropriation of valuable (high strategic importance) firm-specific (high human asset specificity) knowledge resulting from the opportunistic behavior of vendors has a negative influence on sourcing decisions. Benlian et al. (2009) find that strategic importance is significant only for CRM and ERP applications but not for office applications, which are evaluated with low environmental uncertainty, technical specificity, strategic importance, and inimitability.

The discussion above suggests that uncertainty has interaction effects with other determinant factors from strategic, economic, or social theories, which could explain the inconsistent findings in the CC and ITO literature (Jayatilaka et al., 2003; Watjatrakul, 2005; Benlian et al., 2009; Schwarz et al., 2009). We emphasize the need to further explore the interaction effects with the flexible contractual mode of CC and the maturity of the cloud market (e.g., available providers for specific assets).

Institutional influences refer to the pressures for organizations to adjust their behaviors to conform to shared notions that may manifest as coercive (e.g., laws, regulations, or sanctions), mimetic (e.g., mimicking the behaviors of competitors, experts, or market leaders), and normative (e.g., norms, best practices, or compliance requirements) pressures (DiMaggio and Powell, 1983).

Coercive pressures are studied six times in the examined articles, four of which are in the CC context (only one time (25%) with a significantly negative influence) and two of which are in the ITO context (both finding a significantly negative influence).

The CC environment is characterized by uncertainty and a lack of transparency that inhibits adoption, as well as an immature legal situation, as indicated by legal conflicts between the United States and Europe in data protection principles (Boehler and Ramos, 2014) or the latest information revealed about the NSA PRISM program (Cloud Security Alliance, 2013). Six studies investigate coercive pressures. The three studies that show a significant, negative influence are all in industries with strong governmental regulation, such as financial services (Ang and Cummings, 1997; Rieger et al., 2013) and health care (Wholey et al., 2001). Lian et al. (2014) investigate coercive pressures in the health-care sector (Taiwan hospitals) and find no significant influence. The authors argue that the Taiwan government has implemented an electronic medical record policy that is a driver of CC adoption rather than an inhibiting factor. The other studies showing a nonsignificant influence of coercive pressures focus on multiple industries (Borgman et al., 2013; Kung et al., 2013).

Hence, we argue that industry-specific effects may lead to inconsistent results regarding coercive pressures and that coercive pressures should be specifically examined with regard to companies’ originating industry. In this context, interaction effects with the degree of site specificity of the outsourced asset (e.g., related to the type of data that are stored in the outsourced asset) may arise, and these effects should thus be considered in future research as well.

The results on the influence of mimetic pressures on sourcing decisions are inconsistent in both CC and ITO research. In total, mimetic pressures are studied 14 times, including four times in the CC context and ten times in the ITO context. The influence of mimetic pressures on cloud-sourcing decisions is significantly positive in only one of four (25%) articles (Wu et al., 2011), whereas in eight of ten (80%) articles, the influence of mimetic pressures on ITO decisions is positive and significant (e.g., Fiedler et al., 2013).

The findings regarding the effect of mimetic pressures on cloud-sourcing decisions may be inconclusive because mimetic pressures may influence sourcing decisions indirectly rather than directly. Saya et al. (2010) report that institutional influences significantly affect perceived risks (e.g., security) and perceived benefits (e.g., accessibility) but do not directly affect cloud-sourcing decisions. Similarly, Benlian et al. (2009) find that the opinions of experts or market researchers play a major role in shaping the attitudes of top management toward cloud sourcing but that they have no direct influence on sourcing decisions. These authors argue that organizations appear ‘not to blindly follow the recommendations of other organizations by unreflectively imitating their behavior. Instead, the opinions of third parties seem to inform in the IT user companies’ process of building their own attitude about SaaS’. This argument is consistent with the nonsignificant results of Blaskovich and Mintchik (2010), who find a significantly positive influence of mimetic pressures on cloud-sourcing decisions only when CIO skills are weak. Considering the high level of uncertainty within the CC environment, mimicking organizations that are perceived to be more legitimate or successful is a response to uncertainty (DiMaggio and Powell, 1983). Decision makers are influenced by the environment both inside and outside their organization, and both sources of influence are strong predictors of sourcing decisions (Loh and Venkatraman, 1992b; Dibbern et al., 2012). Hu et al. (1997) argue that the combined effects of external media, vendor pressure, and internal communications among managers at the personal level significantly influence sourcing decisions. More specifically, Morgan and Conboy (2013) report that customers are negatively pre-occupied about the term cloud, and because of this perception, service providers avoid mentioning the term cloud per se and instead refer to a new service delivery model.

Although findings on the direct influence of mimetic pressures on cloud-sourcing decisions are scarce in the CC context, we argue that mimetic influences should be considered in further research as a determinant factor of cloud-sourcing decisions, particularly with respect to other factors from social or organizational theories, as research has shown that these relationships are strong and significant in the CC context (Benlian et al., 2009; Saya et al., 2010; Wu et al., 2011).

Normative pressures are investigated only three times (including two times in the CC context). The results for CC show a positive, significant influence in one of the two studies (50%) (Kung et al., 2013), and the single study in the ITO context (Fiedler et al., 2013) also shows a positive, significant relationship.

Because of the limited number of empirical investigations on normative pressures, we cannot draw conclusions based on our coding results. However, with the maturation of the cloud market and the establishment of cloud-dedicated industry associations, such as the Cloud Security Alliance or EuroCloud, a large number of norms and best practices for CC have been established. The International Organization for Standardization (ISO) is currently developing a code of practice for information security controls for CC in alignment with the prominent ISO 27000 series of standards (International Organization for Standardization, 2013). Furthermore, community cloud as a deployment model enables industry associations to provide members with cloud services that implement industry best practices and that are compliant with industry-specific regulations.

Increasing standardization efforts that are particularly suited to CC and the emergence of community cloud platforms for specific industries might drive organizations to consider CC adoption. We therefore suggest that future research incorporate normative pressures and challenge the argument regarding whether cloud-specific standardization movements and community cloud platforms drive cloud-sourcing decisions.

Implications for research

The synthesis of the literature on determinant factors of IT sourcing decisions enables us to draw conclusions based on not only the in-depth discussion of contradicting findings between research on CC and research on ITO (Figure 1, Table 3, and Table 4) but also the emergent trends in the literature. This section discusses implications for future research based on both types of findings.

To answer our first research question, we examined what we can learn from the rich body of research on ITO to identify determinant factors of cloud-sourcing decisions. Overall, within the literature on ITO, researchers have provided an extensive body of research on decision making and applied various economic, strategic, organizational, and social theories (Dibbern et al., 2004; Lacity et al., 2010). However, within the literature on CC, instead of leveraging this insightful body of knowledge, researchers have focused on technological aspects and cost savings as determinant factors, as 39% of the examined relationships between determinant factors and cloud-sourcing decisions concern these factors. The comparison of the factors identified within the ITO literature with the factors identified within the CC literature shows that a wide range of determinant factors of ITO decisions remain valid for cloud-sourcing decisions (see Figure 1). Hence, we suggest that future research in the CC context focus on factors other than technology characteristics, such as organizational, individual, and environmental characteristics.

To answer our second research question, we identified the differences between the determinant factors of ITO decisions and the determinant factors of cloud-sourcing decisions (see Table 3) and discussed how these differences might be explained (see Table 4). The results regarding the five factors asset specificity, internal IT capabilities, client size, uncertainty, and institutional influences are inconclusive between research on CC and research on ITO. Our findings concerning the differences between CC and ITO research have several implications for future research on CC.

Most of the factors with consistent results for ITO also have consistent results for CC, and most of the factors with inconsistent results for ITO also have inconsistent results for CC. There are only three exceptions: internal IT capabilities (consistent negative influence for ITO, inconsistent influence for CC), institutional influences (consistent positive influence for ITO, nonsignificant influence for CC), and asset specificity (inconsistent influence for ITO, consistent negative influence for CC). Table 4 summarizes our arguments regarding how the peculiarities of CC may alter the influence of these determinant factors on sourcing decisions in the CC context. For internal IT capabilities, we argue that the changing role of IT departments and differences between service models are reasons for the inconclusive findings in the CC literature. Despite the limited findings regarding institutional influences on cloud-sourcing decisions in the literature, we argue that the industry-specific findings in the literature (for coercive pressures), the indirect influence of mimetic pressures on sourcing decisions (e.g., interaction effects with constructs on the individual level), and the advancing activities of standardization bodies (for normative pressures) induce the need for further investigation of institutional influences in the context of cloud-sourcing decisions. Apart from the specific characteristics of service models for all types of asset specificity, the high level of network dependence (site specificity), the scope of standardized services (technical specificity), and the high level of scalability (human asset specificity) are reasons why asset specificity should be reconsidered in the CC context. Further research in the context of CC is necessary to challenge these arguments. Furthermore, we identified factors that are inconsistent for both CC and ITO: namely, client size and uncertainty. Regarding client size, we argue that owing to the on-demand self-service procurement of cloud services, decision processes change for SMEs. In-depth research focusing on decision processes in organizations of different company sizes is thus needed to further understand whether and how decision processes differ with company size. Regarding uncertainty, we argue that because of the peculiarities of CC (i.e., measured, on-demand self-service over a network), future research should distinguish environmental uncertainty by demand uncertainty and product uncertainty to clarify the inconsistent findings in the context of CC. The influence of behavioral uncertainty on cloud-sourcing decisions might be altered by usage-based pricing models and low switching costs for specific asset types. Based on all of the aforementioned arguments (see Table 4 for a summary), we call for further research to assess our arguments regarding the inconclusive findings in extant research.

Factors with limited evidence for CC but consistent empirical evidence for ITO or the overall sample may be promising determinant factors to consider in future CC research. Surprisingly, the factors with the strongest empirical evidence regarding their influence on ITO decisions are scarcely researched in the CC context. In the ITO context, empirical results regarding technical complexity (100% positive influence on sourcing decision across eight studies), quality improvements (100% positive influence on sourcing decision across ten studies), and measurement problems (89% negative influence on sourcing decision across nine studies) are generally consistent across studies. However, in the CC context, technical complexity (100% positive influence on sourcing decision in only one study), quality improvements (not examined yet), and measurement problems (67% negative influence on sourcing decision across only three studies) have scarcely been researched. In our discussion, we identify technical complexity and measurement problems as determinant factors that might interfere with asset specificity and behavioral uncertainty (see Table 4). These factors may prove to be strong predictors of cloud-sourcing decisions; thus, they should be considered in future research. Additionally, future CC research may examine factors with limited evidence in both subsamples but consistent empirical evidence in the overall sample as determinant factors of sourcing decisions. Such factors include the decision-maker’s attitude toward outsourcing, cost uncertainty, risk of losing control, and the strategic vulnerability of the client (see Figure 1).

In summary, ITO research provides a valuable basis for future research on CC. Although certain specific factors may differ between these contexts, future research on CC should similarly consider integrated theoretical perspectives (e.g., Benlian et al., 2009; Kung et al., 2013; Asatiani et al., 2014; Lian et al., 2014) instead of focusing on technological factors. When comparing the determinant factors of CC and the determinant factors of ITO, we also identified factors that provide consistent empirical evidence for CC but that are scarcely considered in ITO research. However, in line with the argument above, these factors predominantly concern technological aspects: security risks, availability risks, perceived complexity of the innovation, reduced time to market, and vendor’s service capabilities. Thus, future research on ITO might consider these factors. In particular, the lack of research on vendor capabilities has already been identified in the review of Lacity et al. (2010).

As our discussion highlights, determinant factors may diverge according to the cloud service model. The three service models of CC share common characteristics (e.g., network-based access, measured service, self-service provisioning) that result in common challenges (e.g., internet connectivity, monitoring and pricing, resource management) and similar factors driving sourcing decisions. However, given our discussion (e.g., regarding the service model-specific considerations of asset specificity or the internal IT capabilities of the client firm) and empirical evidence related to outsourcing different types of IS functions (Lacity and Hirschheim, 1993a; Benlian et al., 2009; Dibbern and Heinzl, 2009), the determinant factors of decisions to source SaaS solutions may considerably differ from the determinant factors of decisions to source IaaS or PaaS solutions. Although research on IaaS and PaaS is evolving (e.g., Giessmann and Stanoevska, 2012; Repschlaeger et al., 2012), research on the determinant factors of sourcing decisions related to these service models and the differences between the service models is currently lacking. We therefore call for further research on specific cloud service models, particularly research on IaaS and PaaS adoption and comparative research on the service models.

Additionally, we encourage further research to provide inter-group comparisons, as extant research has already revealed various differences between investigated groups, such as adopters vs non-adopters (Benlian and Hess, 2011; Borgman et al., 2013; Lian et al., 2014), and differences among countries (Apte et al., 1997), industry sectors (Hancox and Hackney, 2000; Currie et al., 2004), and outsourced functions (Benlian et al., 2009; Dibbern and Heinzl, 2009). For instance, Benlian and Hess (2011) find noteworthy differences between the influences of benefits and risks for adopters vs non-adopters of SaaS. IT executives in non-adopter firms expect SaaS to improve the quality of their services and to enable a focus on core competencies, but these factors fail to drive SaaS adoption at adopter firms. In addition to identifying these differences, future research should provide evidence for the underlying mechanisms driving differences, for instance, between adopter and non-adopter firms.

Drawing from the entire set of 88 articles, we find that researchers have applied various theories to examine IT sourcing decisions. Overall, TCE (32 times) and the resource-based view of the firm (16 times) are the most frequently used theories. The majority of research applies macro-perspective theories, for both CC and ITO. Macro-perspective theories consider factors from the standpoint of an entire organization, whereas a micro-level perspective concerns an individual decision makers’ standpoint (Vetter et al., 2011). In all, 80 articles apply a macro-perspective (e.g., Yao et al., 2010), only five articles investigate determinant factors on the micro level (e.g., Li et al., 2006), and only three adopt a mixed perspective (Dibbern et al., 2003; Benlian et al., 2009; Lian et al., 2014). Researchers applying multiple perspectives or integrating micro- and macro-level theories emphasize the strong explanatory power of behavioral theories and demand further combinations of theories from various fields, such as economics and psychology. We therefore emphasize the need for further research applying a micro-level perspective to investigate cloud-sourcing decisions. We suggest that future research combine factors from strategic and economic theories with factors from social or organizational theories, particularly determinant factors from the categories individual characteristics and environmental characteristics.

Most of the studies (63 articles, 72%) draw empirical data from top management (executive board or senior managers) and neglect other members of the procurement team. However, organizational decision making involves multiple stakeholders from inside and outside the organization (Heckman, 2003; Verville and Halingten, 2003). Each stakeholder group shapes the decision process and outcome; engages in different activities, possesses specific decision rights, responsibilities, and information needs; and pursues a unique set of goals (Webster and Wind, 1972; Howcroft and Light, 2010; Bidwell, 2012; Harnisch et al., 2013; Winkler and Brown, 2013). For instance, a legal department may require different information and may have different requirements for cloud services than an IT department or the business unit (Schneider et al., 2014). In particular, because of the peculiarities of CC, such as the changed role of the IT department and the adapted decision processes, research adopting the perspectives of multiple stakeholders regarding cloud-sourcing decisions might yield fruitful results. None of the articles investigated in this study adopts a multi-level perspective and evaluates differences in determinant factors between stakeholder groups or between hierarchical levels in a company. We therefore propose that future research adopt a multi-stakeholder perspective and evaluate differences in stakeholder perceptions. This suggestion is consistent with recent calls for research on CC, ITO, and packaged software acquisition (Benlian et al., 2009; Howcroft and Light, 2010; Bidwell, 2012).

Table 5 summarizes our discussion and proposes future research directions.

Table 5 Proposed directions for future research
Full size table

Limitations

This research has certain limitations. First, we conducted a systematic literature review to derive the determinant factors of cloud-sourcing decisions. Our results inform a set of determinant factors to provide a basis for further research on cloud-sourcing decisions. Although our derived set of determinant factors does not depict the interdependencies, mediation, or moderation effects of factors, we provide suggestions regarding the moderating or interaction effects among the factors in our discussion (see Table 4 for a summary). Second, the process of selecting studies may also generate discussion. For articles focusing on ITO, authors do not always specify the type of ITO decision on which the article focuses. Some studies examine mixed types of outsourcing activities, for instance, by combining software development outsourcing and datacenter operations in a single sample, or do not clearly define the type of outsourcing that they investigate. However, by having two researchers review each article, we aimed to reduce the subjectivity of the article selection. Third, the body of knowledge considered for this research is limited to the keyword search within the top 50 publications of the AIS journal ranking and selected conferences. By applying forward and backward search processes, we aimed to mitigate this limitation. Although we cannot guarantee that we identified every CC and ITO article that investigates sourcing decisions, we are confident that we achieved good and reasonable coverage, which is preferred to ‘a comprehensive one that would make a review process at best ephemeral if not unachievable’ (Rowe, 2014: 246). Finally, we acknowledge that our coding may be subjective to a certain extent. In particular, this subjectivity may arise if researchers do not clearly define the variables that are used or if the definitions of the author variables to map on a master variable are ambiguous. However, we are confident about the reliability and validity of our findings because of the rigorous coding approach based on independent coding by two researchers and discussion of diverging variable coding.

Conclusion

In this work, we conducted a systematic literature review, surveyed and synthesized prior empirical research concerning decision making in the CC and ITO contexts, and examined the rich body of research on ITO to identify determinant factors of sourcing decisions in the CC context. We linked the ITO literature with the CC literature and discussed what the CC literature can learn from the ITO literature (i.e., which findings are transferable and which findings might need reconsideration). We then discussed whether the peculiarities of CC can explain differences between the determinant factors of ITO decisions and the determinant factors of cloud-sourcing decisions. We extracted the most frequently studied determinant factors with robust results, discussed the inconclusive findings, identified gaps in the literature, and suggested paths for future research. Furthermore, we discussed interdependencies between the variables and peculiarities of CC that may elucidate the inconsistent findings in prior research. Therefore, the article serves as both a repository of past research and a guide for future research.

The contribution of this review is threefold. First, we derived a set of determinant factors of cloud-sourcing decisions from research within the IS community. Our results provide a basis for future research in the CC context and contribute to the development of theory in the IS domain. We thereby answer the call of Lacity et al. (2011) for the development of an ‘endogenous ITO theory rather than continuing to rely heavily on reference discipline theories’ (p. 147). IS researchers can draw from our derived set of determinant factors of cloud-sourcing decisions to advance research on decision making or acquisition in the field of CC. By discussing inconclusive findings regarding the determinant factors of cloud-sourcing decisions, we identified contextual factors that are specific to the CC sourcing model and that may alter the influence of specific determinant factors of sourcing decisions. Based on these discussions, we provided concrete paths for future research endeavors. Second, we applied a method developed in IS research (Jeyaraj et al., 2006) and demonstrated its applicability to a different research setting. Third, our work contributes to practice, as the determinant factors of cloud-sourcing decisions serve as a basis for practitioner-oriented guidelines and best practices regarding how to select and offer cloud services. Furthermore, practitioners may use the set of determinant factors to guide their procurement processes and to identify challenges that may arise during the adoption, acquisition, or integration of cloud services.