Can Improved Transparency Reduce Supply Chain Risks In Cloud Computing?

As organisations move sensitive data to the cloud, their risk profile increases due to the integrated supply chain utilised in cloud computing. The risk is made visible in situations where a cloud offering is federated, with customer data located in multiple datacenters, under the control of multiple providers and sub-providers in different jurisdictions. This problem is further exacerbated by the disposition of cloud providers to keep details of suppliers, data location, architecture, and security of infrastructure confidential from the cloud customers. As such, the shallowness of transparency amongst cloud providers makes it difficult for customers to assess the risk of cloud adoption. In this study, we report on our research into finding out how much customers know about their supply chain. We evaluate the transparency of cloud providers based on their published information and determine the resultant risk of limited visibility of the supply chain. In the course of the research, we identified eight transparency features, which, at a minimum, cloud providers should make available to their current or prospective customers, which we argue had no adverse impact on the competitiveness or profitability of the provider. The study concludes that ultimately, cloud supply chain transparency remains a customer-driven process.