Kurumsal Düzeyde Bulut Servis Sağlayıcılarına Geçiş Süreçlerinde Teknoloji-Örgüt-Çevre Çerçevesiyle Engellerin Analizi ve Stratejik Çözüm Yaklaşımları

Yıl 2025, Cilt: 18 Sayı: 4, 335 - 354, 31.10.2025

Baris Celiktas , Berat Birgin , Mevlüt Serkan Tok

https://doi.org/10.17671/gazibtd.1678237

Öz

Kurumsal düzeyde bulut servis sağlayıcılarına geçiş süreçleri, teknik, örgütsel ve yasal boyutlarda karşılaşılan çok katmanlı engeller nedeniyle sıklıkla yavaşlamakta ya da sekteye uğramaktadır. Bu çalışma, söz konusu engelleri Teknoloji-Örgüt-Çevre (TÖÇ) çerçevesi kapsamında sınıflandırmakta ve bütüncül bir analiz sunmaktadır. Araştırma yöntemi olarak, sistematik literatür taraması, 2025 Flexera Cloud raporu ve AWS, Azure, Google Cloud gibi önde gelen bulut servis sağlayıcıların Cloud Adoption Framework (CAF) dokümanları temel alınarak üçlü bir veri kaynağı yaklaşımı benimsenmiştir. Bulgular, özellikle kriptografik karmaşıklık, maliyet belirsizliği ve sistem entegrasyonundaki zayıflıklar gibi teknolojik engellerin en baskın kategoriler olduğunu ortaya koymaktadır. Bu engellerin dağılımı görsel olarak modellenmiş, ayrıca anahtar yönetimi, güvenli hesaplama, algoritma seçimi, erişim kontrolü ve regülasyon uyumluluğu gibi beş temel kriptografik unsur arasındaki yapısal bağımlılıklar bir akış modeliyle ortaya konmuştur. Çalışma, TÖÇ çerçevesiyle hizalanan FinOps ve yasal uyum odaklı çözüm stratejilerini bir araya getirerek, bulut geçişini planlayan karar vericilere ve çözüm mimarlarına stratejik bir yol haritası sunmaktadır. Kavramsal çerçeveleri uygulamaya dönük modellerle ilişkilendirerek, bulut stratejisini olgunlaştırmak isteyen karar vericilere ve mimarlara yapısal bir destek sunmaktadır.

Anahtar Kelimeler

bulut bilişim , teknoloji-örgüt-çevre çerçevesi , kriptografik zorluklar , FinOps stratejileri , regülasyon uyumu , sistem entegrasyonu

An Analysis of Enterprise-Level Cloud Transition Barriers within the Technology-Organization-Environment (TOE) Framework and Strategic Solution Proposals

Öz

Enterprise-level transitions to cloud service providers are frequently delayed or disrupted due to the multi-layered nature of technical, organizational, and legal barriers. This study classifies these obstacles within the Technology-Organization-Environment (TOE) theoretical framework and provides a comprehensive analysis. Methodologically, a triangulated data source approach was adopted, combining systematic literature review, the 2025 Flexera Cloud Report, and Cloud Adoption Framework (CAF) documentation from major providers such as AWS, Azure, and Google Cloud. Findings indicate that technological barriers particularly cryptographic complexity, cost unpredictability, and weak system integration, are the most dominant. These barriers were visually modeled, and the structural interdependencies among five core cryptographic components (key management, secure computation, algorithm selection, access control, and regulatory compliance) were illustrated through a flow diagram. By aligning FinOps and compliance-oriented solution strategies with the TOE framework, the study offers a strategic roadmap for decision-makers and cloud architects planning cloud adoption. It links conceptual models to applied practices, providing structured support for organizations seeking to mature their cloud strategy.

Anahtar Kelimeler

cloud computing , Technology-Organization-Environment (TOE) framework , cryptographic challenges , FinOps strategies , regulatory compliance , system integration

Kaynakça

• M. Armbrust et al., “A View of Cloud Computing”, Commun. ACM, vol. 53, no. 4, pp. 50–58, Apr. 2010.
• Pragati Priyadarshinee, Rakesh D. Raut, Manoj Kumar Jha, Bhaskar B. Gardas, Understanding and predicting the determinants of cloud computing adoption: A two staged hybrid SEM - Neural networks approach, Computers in Human Behavior, Volume 76, Pages 341-362, 2017.
• Peter M. Mell and Timothy Grance. SP 800-145. The NIST Definition of Cloud Computing. Technical Report. National Institute of Standards & Technology, Gaithersburg, MD, A.B.D., 2011.
• Gangwar, H., Date, H. and Ramaswamy, R., "Understanding determinants of cloud computing adoption using an integrated TAM-TOE model", Journal of Enterprise Information Management, Vol. 28 No. 1, pp. 107-130, 2015.
• B. M. R. Wilson, B. Khazaei and L. Hirsch, "Enablers and Barriers of Cloud Adoption among Small and Medium Enterprises in Tamil Nadu", 2015 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), Bangalore, India, pp. 140-145, 2015.
• W. Hadhri, T. Maherzi, and A. Ben Youssef, “E-Skills and the Adoption of Cloud Computing,” Thunderbird Int. Bus. Rev., vol. 59, no. 5, pp. 635–645, 2017.
• Ibrahim Shafiu, William Yu Chung Wang, and Harminder Singh. Drivers and barriers in the decision to adopt IaaS: a public sector case study. Int. J. Bus. Inf. Syst. 21, 2 (January 2016), 249–267, 2016.
• Al-Jabri, I.M. and Alabdulhadi, M.H. ‘Factors affecting cloud computing adoption: perspectives of IT professionals’, International Journal of Business Information Systems, Vol. 23, No. 4, pp.389–405, 2016.
• P. Yang, N. Xiong and J. Ren, "Data Security and Privacy Protection for Cloud Storage: A Survey," in IEEE Access, vol. 8, pp. 131723-131740, 2020.
• T. Erl, Z. Mahmood, and R. Puttini, Cloud Computing: Concepts, Technology, & Architecture. Prentice Hall, 2013.
• S. Zhang et al., "Practical Adoption of Cloud Computing in Power Systems—Drivers, Challenges, Guidance, and Real-World Use Cases," in IEEE Transactions on Smart Grid, vol. 13, no. 3, pp. 2390-2411, May 2022.
• Michael Seifert, Stephan Kuehnel, and Stefan Sackmann. 2023. Hybrid Clouds Arising from Software as a Service Adoption: Challenges, Solutions, and Future Research Directions. ACM Comput. Surv. 55, 11, Article 228 (November 2023), 35 pages.
• L. Zhang, H. Xiong, Q. Huang, J. Li, K. -K. R. Choo and J. Li, "Cryptographic Solutions for Cloud Storage: Challenges and Research Opportunities," in IEEE Transactions on Services Computing, vol. 15, no. 1, pp. 567-587, 1 Jan.-Feb. 2022.
• R. Charanya and M. Aramudhan, “Survey on access control issues in cloud computing,” in 2016 International Conference on Emerging Trends in Engineering, Technology and Science (ICETETS), Feb. 2016, pp. 1–4.
• F. Bonomi, R. Milito, P. Natarajan, and J. Zhu, “Fog Computing: A Platform for Internet of Things and Analytics,” 2014.
• Garrison, G., Kim, S., & Wakefield, R. L. (2012). Success factors for deploying cloud computing. Communications of the ACM, 55(9), 62–68.
• Huang, J., Nicol, D.M. Trust mechanisms for cloud computing. J Cloud Comp 2, 9 (2013).
• I. Gupta, A. K. Singh, C. -N. Lee and R. Buyya, "Secure Data Storage and Sharing Techniques for Data Protection in Cloud Environments: A Systematic Review, Analysis, and Future Directions," in IEEE Access, vol. 10, pp. 71247-71277, 2022.
• A. Ometov, O. L. Molua, M. Komarov, and J. Nurmi, "A Survey of Security in Cloud, Edge, and Fog Computing," Sensors, vol. 22, no. 3, p. 927, Jan. 2022.
• K. Sasikumar and S. Nagarajan, "Comprehensive Review and Analysis of Cryptography Techniques in Cloud Computing," in IEEE Access, vol. 12, pp. 52325-52351, 2024.
• D. Tiwari and G. R. Gangadharan, “SecCloudSharing: Secure data sharing in pubcloud using ciphertext-policy attribute-based proxy re-encryption with revocation,” Int. J. Commun. Syst., vol. 31, no. 5, p. e3494, 2018.
• J. Hwang, K. Bai, M. Tacci, M. Vukovic and N. Anerousis, "Automation and orchestration framework for large-scale enterprise cloud migration," in IBM Journal of Research and Development, vol. 60, no. 2-3, pp. 1:1-1:12, March-May 2016.
• M. A. Himmel and F. Grossman, "Security on distributed systems: Cloud security versus traditional IT," in IBM Journal of Research and Development, vol. 58, no. 1, pp. 3:1-3:13, Jan.-Feb. 2014.
• Internet: Flexera, State of the Cloud Report, https://info.flexera.com/CM-REPORT-State-of-the-Cloud, 10.04.2025. Tiago Oliveira, Manoj Thomas, Mariana Espadanal, “Assessing the determinants of cloud computing adoption: An analysis of the manufacturing and services sectors,” Information & Management, Volume 51, Issue 5, 2014, Pages 497-510.
• A. Ahmad, S. U. Khan, H. U. Khan, G. M. Khan and M. Ilyas, "Challenges and Practices Identification via a Systematic Literature Review in the Adoption of Green Cloud Computing: Client’s Side Approach," in IEEE Access, vol. 9, pp. 81828-81840, 2021.
• Ibrahim, H.M., Ahmad, K. & Sallehudin, H. Understanding the technology and humans as determinants of cloud computing adoption for digital preservation of research outputs in university libraries. Educ Inf Technol 30, 6163–6211, 2025.
• Qatawneh, N. Building a framework to drive government systems' adoption of cloud computing through IT knowledge. Discov Sustain 5, 282, 2024.
• D. Soto, S. Shirai, M. Ueda, M. Higashida, Y. Uranishi and H. Takemura, "Cloud Computing Challenges and Needs in Higher Education Institutions in Post-COVID-19 Times: A Case of a Japanese Survey," in IEEE Access, vol. 12, pp. 168043-168059, 2024.
• Seifert, M., Kuehnel, S. HySOR: A Simulation Model for the Sharing of Risk in a Service Level Agreement-Aware Hybrid Cloud. Bus Inf Syst Eng (2024).
• Raza Nowrozy, Khandakar Ahmed, A. S. M. Kayes, Hua Wang, and Timothy R. McIntosh. 2024. Privacy Preservation of Electronic Health Records in the Modern Era: A Systematic Survey. ACM Comput. Surv. 56, 8, Article 204 (August 2024), 37 pages.
• Alshdadi, A.A., AlGhamdi, R., Alassafi, M.O. et al. A validation of a cloud migration readiness assessment instrument: case studies. SN Appl. Sci. 2, 1370 (2020).
• Munjal, S., Colaco, P., Sharma, D. et al. A novel approach for allocating resources in a multi-cloud environment. Int J Syst Assur Eng Manag (2025).
• M. Ahmad El Skafi, M. M. Yunis, A. Zekri and J. Bu Daher, "The Confluence of Big Data and Cloud Computing in SME Adoption Strategies," in IEEE Access, vol. 13, pp. 37789-37811, 2025.
• Kotulski, Z., Nowak, T., Sepczuk, M. et al. Keeping Verticals’ Sovereignty During Application Migration in Continuum. J Netw Syst Manage 32, 67 (2024).
• Angeliki Kitsiou, Maria Sideri, Michail Pantelelis, Stavros Simou, Aikaterini–Georgia Mavroeidi, Katerina Vgena, Eleni Tzortzaki, and Christos Kalloniatis. 2024. Developers’ mindset on self-adaptive privacy and its requirements for cloud computing environments: Developers’ mindset on Self-Adaptive... Int. J. Inf. Secur. 24, 1 (Feb 2025).
• A. Santos, J. Martins, P. Duarte Pestana, R. Gonçalves, H. São Mamede and F. Branco, "Factors Affecting Cloud Computing Adoption in the Education Context—Systematic Literature Review," in IEEE Access, vol. 12, pp. 71641-71674, 2024.
• Guo, R., Tafti, A. & Subramanyam, R. Internal IT modularity, firm size, and adoption of cloud computing. Electron Commer Res 25, 319–348 (2025).
• Kavre, M.S., Sunnapwar, V.K. & Gardas, B.B. Cloud manufacturing adoption: a comprehensive review. Inf Syst E-Bus Manage (2023).
• Ukeje, N., Gutierrez, J. & Petrova, K. Information security and privacy challenges of cloud computing for government adoption: a systematic review. Int. J. Inf. Secur. 23, 1459–1475 (2024).
• Tianzhang He and Rajkumar Buyya. 2023. A Taxonomy of Live Migration Management in Cloud Computing. ACM Comput. Surv. 56, 3, Article 56 (March 2024), 33 pages.
• Aymen Akremi and Mohsen Rouached. 2021. A comprehensive and holistic knowledge model for cloud privacy protection. J. Supercomput. 77, 8 (Aug 2021), 7956–7988.
• Li, G., Zhou, M., Feng, Z. et al. Research on Key Influencing Factors of E-Government Cloud Service Satisfaction. Wireless Pers Commun 127, 1117–1135 (2022).
• F. Mostajabi, A. A. Safaei and A. Sahafi, "A Systematic Review of Data Models for the Big Data Problem," in IEEE Access, vol. 9, pp. 128889-128904, 2021.
• Jewan Singh, Vibhakar Mansotra, Shabir Ahmad Mir, and Shahzada Parveen. 2021. Cloud feasibility and adoption strategy for the INDIAN school education system. Education and Information Technologies 26, 2 (Mar 2021), 2375–2405.
• Almaiah, M.A., Al-Khasawneh, A. Investigating the main determinants of mobile cloud computing adoption in university campus. Educ Inf Technol 25, 3087–3107 (2020).
• Hsu, PF. A Deeper Look at Cloud Adoption Trajectory and Dilemma. Inf Syst Front 24, 177–194 (2022).
• Angelos-Christos Anadiotis, Raja Appuswamy, Anastasia Ailamaki, Ilan Bronshtein, Hillel Avni, David Dominguez-Sal, Shay Goikhman, and Eliezer Levy. 2020. A system design for elastically scaling transaction processing engines in virtualized servers. Proc. VLDB Endow. 13, 12 (August 2020), 3085–3098.
• M. O. Alassafi, R. AlGhamdi, A. Alshdadi, A. Al Abdulwahid and S. T. Bakhsh, "Determining Factors Pertaining to Cloud Security Adoption Framework in Government Organizations: An Exploratory Study," in IEEE Access, vol. 7, pp. 136822-136835, 2019.
• Usama Ahmed, Imran Raza, and Syed Asad Hussain. 2019. Trust Evaluation in Cross-Cloud Federation: Survey and Requirement Analysis. ACM Comput. Surv. 52, 1, Article 19 (January 2020), 37 pages.
• S. Kamara and K. Lauter, “Cryptographic Cloud Storage,” in Financial Cryptography and Data Security, 2010, pp. 136–149.
• E. Barker, “Recommendation for Key Management Part 1: General.” 2016, doi: 10.6028/NIST.SP.800-57pt1r4.
• L. Zhou, V. Varadharajan, and M. Hitchens, “Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage,” IEEE Trans. Inf. Forensics Secur., vol. 8, no. 12, pp. 1947–1960, Dec. 2013.
• L. Zhou, V. Varadharajan, and M. Hitchens, “Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage,” IEEE Trans. Inf. Forensics Secur., vol. 10, no. 11, pp. 2381–2395, Nov. 2015.
• V. C. Hu et al., “Guide to Attribute Based Access Control (ABAC) Definition and Considerations.” 2014.
• A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” in Advances in Cryptology, 1985, pp. 47–53.
• D. Boneh and M. Franklin, “Identity-Based Encryption from the Weil Pairing,” in Advances in Cryptology - CRYPTO 2001, 2001, pp. 213–229.
• C. Cocks, “An Identity Based Encryption Scheme Based on Quadratic Residues,” 2001, vol. 2260, pp. 360–363.
• J. Horwitz and B. Lynn, “Toward Hierarchical Identity-Based Encryption,” in Advances in Cryptology - EUROCRYPT 2002, 2002, pp. 466–481.
• C. Gentry and A. Silverberg, “Hierarchical ID-Based Cryptography,” in Advances in Cryptology - ASIACRYPT 2002, 2002, pp. 548–566.
• D. Boneh, X. Boyen, and E.-J. Goh, “Hierarchical Identity Based Encryption with Constant Size Ciphertext,” in Advances in Cryptology -- EUROCRYPT 2005, 2005, pp. 440–456.
• C. Gentry and S. Halevi, “Hierarchical Identity Based Encryption with Polynomially Many Levels,” in Theory of Cryptography, 2009, pp. 437–456.
• Craig Gentry and Brent Waters. 2009. Adaptive Security in Broadcast Encryption Systems with Short Ciphertexts. In Proceedings of the 28th Annual International Conference on Advances in Cryptology - EUROCRYPT 2009 - Volume 5479. Springer-Verlag, Berlin, Heidelberg, 171–188.
• A. Sahai and B. Waters, “Fuzzy Identity-Based Encryption,” in Advances in Cryptology - EUROCRYPT 2005, 2005, pp. 457–473.
• C. Gentry, “Fully Homomorphic Encryption Using Ideal Lattices,” in Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, 2009, pp. 169–178.
• Rivest, R.L., Adleman, L. and Dertouzos, M.L. (1978) On Data Banks and Privacy Homomorphisms. In: Foundations of Secure Computation, Academia Press, Ghent, 169-179.
• D. Boneh, E.-J. Goh, and K. Nissim, “Evaluating 2-DNF Formulas on Ciphertexts”, Theory of Cryptography, 2005, pp. 325–341.
• Li, Z., Ma, C., Zhao, M., & Choi, C. (2019). Efficient oblivious transfer construction via multiple bits dual-mode cryptosystem for secure selection in the cloud. Journal of the Chinese Institute of Engineers, 42(1), 97–106.
• Nouf Alkhater, Robert Walters, Gary Wills, An empirical study of factors influencing cloud adoption among private sector organisations, Telematics and Informatics, Volume 35, Issue 1, 2018, Pages 38-54.
• S. Gülburun and M. Dener, “Bulut Bilişim Güvenliğindeki Zorluklar ve Güncel Çalışmalar Üzerine Bir İnceleme,” Bilişim Teknolojileri Dergisi, vol. 15, no. 1, pp. 45–53, 2022. C. Paşaoğlu and E. Cevheroğlu, "Protection of Personal Data in the Cloud Computing Systems using Cryptology Methods," Bilişim Teknolojileri Dergisi, vol. 13, no. 2, pp. 183–189, 2020.
• Adi Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (Nov. 1979), 612–613.
• L. Chen, M. Ali Babar and B. Nuseibeh, "Characterizing Architecturally Significant Requirements," in IEEE Software, vol. 30, no. 2, pp. 38-45, March-April 2013.
• J. Fuller, M. Bixby, and J. Stengel, Cloud FinOps: Collaborative, Real-Time Cloud Financial Management. Sebastopol, CA: O’Reilly Media, A.B.D, 2019.
• Internet: Amazon Web Services, AWS Cloud Adoption Framework, https://docs.aws.amazon.com/pdfs/whitepapers/latest/overview-aws-cloud-adoption-framework/overview-aws-cloud-adoption-framework.pdf, 16.04.2025.
• Internet: Microsoft, Microsoft Cloud Adoption Framework for Azure, https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/, 16.04.2025.
• Internet: Google Cloud, The Google Cloud Adoption Framework, https://services.google.com/fh/files/misc/google_cloud_adoption_framework_whitepaper.pdf, 16.04.2025.
• Itzhak Aviv, Uri Ferri, Russian-Ukraine armed conflict: Lessons learned on the digital ecosystem, International Journal of Critical Infrastructure Protection, Volume 43, 2023.
• Internet: United States Congress. (2018). Clarifying Lawful Overseas Use of Data Act. Public Law No. 115-141, Division V, Sections 101–105. https://www.congress.gov/115/plaws/publ141/PLAW-115publ141.pdf, 10.08.2025.
• Internet: UK National Audit Office. (2022). Digital transformation in the NHS. https://www.nao.org.uk/wp-content/uploads/2019/05/Digital-transformation-in-the-NHS.pdf, 10.08.2025.
• Internet: Financial Conduct Authority. (2024). Final Notice: TSB Bank plc. https://www.fca.org.uk/publication/final-notices/tsb-bank-plc-2024.pdf, 10.08.2025.
• Internet: European Banking Authority. (2019). EBA Guidelines on outsourcing arrangements. https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf, 10.08.2025.