Geleneksel BT Yönetişimi ile Yeni Nesil Bulut Yönetişimi Çerçevelerinin Uyumlaştırılması ve Dengelenmesindeki Zorluklar ve Fırsatların Risk Modellemesi

Yıl 2025, Cilt: 12 Sayı: 2, 411 - 435, 29.12.2025

Ahmet Efe

https://doi.org/10.47097/piar.1741326

Öz

Bu çalışma, geleneksel BT yönetişim yapıları ile bulut yönetişiminin ortaya çıkan paradigmaları arasındaki yakınsama ve dengeyi şekillendiren karmaşık dinamikleri sistematik bir biçimde incelemekte ve hesaplamalı bir modelleme yaklaşımı geliştirmektedir. Çalışma, bu yönetişim alanlarının uyumlaştırılmamasının; güvenlik ihlalleri, düzenleyici uyumsuzluk, maliyet artışları, operasyonel istikrarsızlıklar ve paydaş güveninde azalma gibi kritik risklere maruziyeti artırdığını, bunun da nihayetinde finansal kayıplara, hukuki sorumluluklara ve yenilik kapasitesinin zayıflamasına yol açabileceğini ileri sürmektedir. Niteliksel literatür sentezi ile gelişmiş risk modellemesini ve modelin iş akışı temsillerini bütünleştiren karma yöntemli bir araştırma tasarımına dayanan çalışma, yönetişim parçalanması, siber güvenlik açıkları ve kurumsal strateji ile uyumsuzluk gibi zorlukları ele alan kapsamlı bir risk değerlendirme çerçevesi ortaya koymaktadır. Bulgular, bulut yönetişiminin geleneksel BT yönetişimine entegre edildiğinde, kurum genelinde bütünsel bir yönetişim duruşu sağladığını ve organizasyonel çevikliği güçlendirdiğini göstermektedir. Risklerin ötesinde, analiz bulut benimsemesinin ölçeklenebilir mimariler, operasyonel uyarlanabilirlik ve maliyet etkinliği yoluyla yönetişimde yenilik için bir katalizör işlevi görebileceğini vurgulamaktadır. Önerilen risk modelleme çerçevesi, yapılandırılmış bir entegrasyon metodolojisi ile birlikte, BT ve bulut yönetişim paradigmalarının uyumlaştırılmasına rehberlik edecek risk-temelli stratejik içgörüler üretmekte; böylece operasyonel dayanıklılığı ilerletmekte ve bulut yoğun ortamlarda uzun vadeli rekabet avantajının sürdürülmesine katkı sağlamaktadır.

Anahtar Kelimeler

BT Yönetişimi , Bulut Yönetişimi , Yönetişim Entegrasyonu , Risk Modellemesi , Stratejik Uyum

Risk Modeling of Challenges and Opportunities in Harmonizing Traditional IT Governance with Emerging Cloud Governance Frameworks

Öz

This study undertakes a systematic exploration and computational modeling of the intricate dynamics shaping the convergence and equilibrium between traditional IT governance frameworks and the emergent paradigms of cloud governance. It posits that the lack of harmonization across these domains heightens organizational exposure to critical risks—including security breaches, regulatory non-compliance, cost escalation, operational disruptions, and erosion of stakeholder trust—which may ultimately culminate in financial losses, legal liabilities, and impeded innovation. Drawing upon a mixed-methods research design that synthesizes qualitative literature analysis with advanced risk modeling and a demonstrative workflow, the study formulates a comprehensive risk assessment framework that addresses governance fragmentation, cybersecurity vulnerabilities, and misalignment with enterprise objectives. The findings underscore that cloud governance introduces novel oversight mechanisms which, when effectively integrated with conventional IT governance, facilitate an enterprise-wide governance posture and reinforce organizational agility. Beyond mitigating risks, the analysis reveals that cloud adoption can function as a catalyst for governance innovation by enabling scalable architectures, operational adaptability, and enhanced cost efficiency. The proposed risk modeling framework, complemented by a structured methodology for governance integration, yields risk-informed strategic insights to guide organizations in reconciling IT and cloud paradigms—thereby advancing operational resilience and sustaining long-term competitive advantage in cloud-intensive environments.

Anahtar Kelimeler

IT Governance , Cloud Governance , Governance Integration , Risk Modeling , Strategic Alignment

Kaynakça

• Alaranta, M., & Mathiassen, L. (2013). Managing risks: Post-merger integration of information systems. IT Professional, 15(2), 30–37. https://doi.org/10.1109/MITP.2012.76
• Apeh, A. J., Hassan, A. O., Oyewole, O. O., & Olatunji, O. A. (2023). GRC strategies in modern cloud infrastructures: A review of compliance challenges. Computer Science & IT Journal, 3(1), 1–15.
• Brown, A. E., & Grant, G. G. (2005). Framing the frameworks: A review of IT governance research. Communications of the Association for Information Systems, 15(1), 696–712. https://doi.org/10.17705/1CAIS.01538
• Bryce, C. (2019). Security governance as a service on the cloud. Journal of Cloud Computing, 8(1), 23. https://doi.org/10.1186/s13677-019-0146-0
• Chamba, L. T., & Chazireni, B. (2023). Hybrid governance systems: The new paradigm of governance for public sector efficiency in state-owned enterprises in South Africa. African Journal of Public Administration & Environmental Studies, 2(1), 45–59.
• Chebrolu, S. B. (2011). Assessing the relationships among cloud adoption, strategic alignment, and IT effectiveness. Journal of Information Technology Management, 22(2), 13–29.
• Chinamanagonda, S. (2021). Research on IT governance, risk, and value: Automating cloud governance—Organizations automating compliance and governance in the cloud. MZ Computing Journal, 2(3), 55–67.
• Chittister, C. G., & Haimes, Y. Y. (2002). Systems integration via software risk management. IEEE Transactions on Systems, Man, and Cybernetics - Part C: Applications and Reviews, 32(4), 397–410. https://doi.org/10.1109/TSMCC.2002.805130
• Choi, G. Y., Seo, J., & Kwon, H. Y. (2024, June). A comparative study of national cloud security strategy and governance. In Proceedings of the 25th Annual International Conference on Digital Government Research (pp. 241–250). ACM. https://doi.org/10.1145/3632678.3632725
• Cloud Security Alliance. (2019). Cloud controls matrix (CCM). https://cloudsecurityalliance.org
• Cohn, B. L. (2014). Data governance: A quality imperative in the era of big data, open data and beyond. Illinois Science, Technology & Policy Journal, 10(3), 811–830.
• De Haes, S., & Van Grembergen, W. (2009). An exploratory study into the design of an IT governance minimum baseline through Delphi research. Journal of Service Science and Management, 2(2), 134–142. https://doi.org/10.4236/jssm.2009.22016
• Debreceny, R. S. (2013). Research on IT governance, risk, and value: Challenges and opportunities. Journal of Information Systems, 27(1), 129–135. https://doi.org/10.2308/isys-10341
• Efe, A. (2013). COBIT-5 framework as a model for the regional development agencies in Turkey. International Journal of eBusiness and eGovernment Studies, 5(1), 33–42.
• Efe, A. (2016). Kamu sektöründe hizmetler ve alt yapı kurgulamasının Türkiye’de kalkınma ajansları üzerinde COBIT-5 modeliyle analizi ve modelleme. Sosyal ve Beşeri Bilimler Dergisi, 8(2), 17–40.
• Efe, A. (2020a). IT based innovation at the management mindset of organisations. Dijital Çağda İşletmecilik Dergisi, 3(2), 136–148. https://doi.org/10.46238/jobda.777770
• Efe, A., & Bensghir, T. K. (2019). Innovation in the governance paradigm: From IT-governance to good enough governance. Yönetim Bilişim Sistemleri Dergisi, 5(1), 31–51.
• Efe, A., & Şerefoğlu, C. (2020). A governance model for increasing the positive effects of institutions on the long run economic growth. Artvin Çoruh Üniversitesi Uluslararası Sosyal Bilimler Dergisi, 6(2), 95–114. https://doi.org/10.22466/acusbd.815892
• Ferreira Rebelo, M., Silva, R., & Santos, G. (2017). The integration of standardized management systems: Managing business risk. International Journal of Quality & Reliability Management, 34(3), 395–405. https://doi.org/10.1108/IJQRM-07-2015-0100
• Gade, K. R. (2023). Data governance in the cloud: Challenges and opportunities. MZ Computing Journal, 4(1), 22–33.
• Gebauer, J., & Schober, F. (2006). Information system flexibility and the cost efficiency of business processes. Journal of the Association for Information Systems, 7(3), 8. https://doi.org/10.17705/1jais.00089
• Hardy, G. (2006). Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory, and compliance challenges. Information Security Technical Report, 11(1), 55–61. https://doi.org/10.1016/j.istr.2005.12.003
• Heier, H., Borgman, H. P., & Bahli, B. (2012). Cloudrise: Opportunities and challenges for IT governance at the dawn of cloud computing. In 2012 45th Hawaii International Conference on System Sciences (pp. 4425–4434). IEEE. https://doi.org/10.1109/HICSS.2012.262
• ISACA. (2012). COBIT 5: A business framework for the governance and management of enterprise IT. ISACA.
• Islam, S., Fenz, S., Weippl, E., & Mouratidis, H. (2017). A risk management framework for cloud migration decision support. Journal of Risk and Financial Management, 10(2), 10. https://doi.org/10.3390/jrfm10020010
• IT Governance Institute. (2003). Board briefing on IT governance (2nd ed.). IT Governance Institute.
• IT Governance Institute. (2019). Governance in the cloud: Questions boards of directors need to ask. ISACA.
• Kaiser, A. K. (2021). Introduction to the new ITIL. In Become ITIL® 4 Foundation certified in 7 days: Understand and prepare for the ITIL Foundation exam with real-life examples (pp. 3–19). Independently published.
• Katari, A. (2022). Data governance in multi-cloud environments for financial services: Challenges and solutions. MZ Computing Journal, 5(1), 77–89.
• Keith, M., & Terry, C. (2024). Technological convergence: AI, machine learning, cloud computing, and computer science in harmony. International Journal of Advanced Engineering Technologies and Innovations, 1(1), 277–299.
• Khanna, A., Sah, A., Bolshev, V., Jasinski, M., Vinogradov, A., Leonowicz, Z., & Jasiński, M. (2021). Blockchain: Future of e-governance in smart cities. Sustainability, 13(21), 11840. https://doi.org/10.3390/su132111840
• Korada, V. K. S. L., Rao, P., Gupta, R., & Sharma, A. (2022). Importance of cloud governance framework for robust digital transformation and IT management at scale. Journal of Scientific and Engineering Research, 9(6), 345–357.
• Lapão, L. V. (2011). Organizational challenges and barriers to implementing IT governance in a hospital. Electronic Journal of Information Systems Evaluation, 14(1), 37–45.
• Laredo, J. A., & Ranjan, R. (2008, August). Continuous improvement through iterative development in a multi-geography. In 2008 IEEE International Conference on Global Software Engineering (pp. 232–236). IEEE. https://doi.org/10.1109/ICGSE.2008.32
• Loutchkina, I., & Nesterov, S. (2010). Exploring the factors contributing to system integration risks. International Journal of Intelligent Defence Support Systems, 3(2), 110–128.
• Loutchkina, I., Jain, L. C., Nguyen, T., & Nesterov, S. (2013). Systems’ integration technical risks’ assessment model (SITRAM). In 2013 IEEE International Conference on Systems, Man, and Cybernetics (pp. 1281–1286). IEEE. https://doi.org/10.1109/SMC.2013.219
• Madni, A. M., & Sievers, M. (2014). Systems integration: Key perspectives, experiences, and challenges. Systems Engineering, 17(1), 37–51. https://doi.org/10.1002/sys.21240
• Margetts, H. (2022). Rethinking AI for good governance. Daedalus, 151(2), 360–371. https://doi.org/10.1162/daed_a_01906
• Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing—The business perspective. Decision Support Systems, 51(1), 176–189. https://doi.org/10.1016/j.dss.2010.12.006
• O’Neil, C. (2016). Weapons of math destruction: How big data increases inequality and threatens democracy. Crown.
• Pearlson, K. E., Saunders, C. S., & Galletta, D. F. (2016). Managing and using information systems: A strategic approach (6th ed.). Wiley.
• Peterson, R. R. (2004). Crafting information technology governance. Information Systems Management, 21(4), 7–22. https://doi.org/10.1201/1078/44705.21.4.20040901/84185.2
• Raffak, H., Lakhouili, A., & Mansouri, M. (2024). Continuous integration of risk management in a business process reengineering: Towards optimization through machine learning. Emerging Science Journal, 8(3), 1118–1135. https://doi.org/10.28991/ESJ-2024-08-03-018
• Sargiotis, D. (2024). Conclusion: The evolving landscape of data governance. In Data governance: A guide (pp. 511–523). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-34325-1_25
• Siemieniuch, C. E., & Sinclair, M. A. (2006). Systems integration. Applied Ergonomics, 37(1), 91–99. https://doi.org/10.1016/j.apergo.2005.06.004
• Singh, R. K., & Modgil, S. (2025). Mapping the risks in technology integration for sustainable outcomes. Business Process Management Journal, 31(1), 77–96. https://doi.org/10.1108/BPMJ-04-2023-0226
• Sols, A. (2018). A comprehensive approach to dynamic project risk management. Engineering Management Journal, 30(2), 128–140. https://doi.org/10.1080/10429247.2018.1449181
• Stark, R. F., & Kokini, C. (2010). Reducing risk in system design through human-systems integration. Ergonomics in Design, 18(4), 4–10. https://doi.org/10.1177/1064804610365273
• Tripathi, A., & Parihar, B. (2011, June). E-governance challenges and cloud benefits. In 2011 IEEE International Conference on Computer Science and Automation Engineering (Vol. 1, pp. 351–354). IEEE. https://doi.org/10.1109/CSAE.2011.5952657
• Van Grembergen, W. (2004). Strategies for information technology governance. IGI Global.
• Van Grembergen, W., & De Haes, S. (2005). Measuring and improving IT governance through the balanced scorecard. Information Systems Control Journal, 2, 35–42.
• Van Grembergen, W., & De Haes, S. (2018). Introduction to the minitrack on IT governance and its mechanisms. In Proceedings of the 51st Hawaii International Conference on System Sciences (pp. 4927–4929). University of Hawaiʻi at Mānoa.
• Vijverberg, M. (2024). Management of cloud risk governance: Analyzing top risk topics and a maturity model [Master’s thesis]. Delft University of Technology.
• Weill, P., & Ross, J. W. (2004). IT governance: How top performers manage IT decision rights for superior results. Harvard Business Press.