Analysis of Enabling and Inhibiting of Cloud Storage Restriction Policy Implementation in Higher Education: A Systematic Literature Review
DOI:
https://doi.org/10.63158/journalisi.v8i1.1444Keywords:
cloud storage restriction, higher education, systematic literature review, socio-technical systems, data governanceAbstract
This study examines enabling and inhibiting factors affecting the implementation of cloud storage restriction policies (e.g., quotas, retention/archiving, data classification, and exceptions) in higher education institutions. A PRISMA-guided systematic literature review was conducted using Scopus and complementary manual searches in Google Scholar, covering English-language publications from the last ten years. Following de-duplication and staged screening, 30 studies were included for synthesis. Findings were analyzed using the Socio-Technical Systems (STS) framework and mapped across People, Structure, Technology, and Process dimensions to capture the interplay between policy design, implementation practices, and technical enforcement. Results indicate that implementation success is driven by human readiness and governance capacity, especially continuous training and mentoring, clear communication, and leadership support that helps balance cost control with user acceptance and compliance. Technological enablers include adequate infrastructure, platform/service integration, and strong access control and information security mechanisms to ensure consistent enforcement. Key barriers include limited digital and data literacy, resistance to change and concerns about data deletion, uneven IT capacity across units, weak SOPs, siloed coordination, complex bureaucracy, vendor dependence, and budget constraints. The study recommends a holistic approach combining strengthened governance, standardized processes, targeted technology investment, and structured change management.
Downloads
References
[1] A. Santos, J. Martins, P. Duarte Pestana, R. Goncalves, H. Sao Mamede, and F. Branco, “Factors Affecting Cloud Computing Adoption in the Education Context - Systematic Literature Review,” IEEE Access, vol. 12, no. March, pp. 71641–71674, 2024, doi: 10.1109/ACCESS.2024.3400862.
[2] M. Yang, L. Tan, X. Chen, Y. Luo, Z. Xu, and X. Lan, “Laws and regulations tell how to classify your data: A case study on higher education,” Inf. Process. Manag., vol. 60, no. 3, p. 103240, 2023, doi: 10.1016/j.ipm.2022.103240.
[3] L. Halawi and A. Makwana, “The GDPR and UK GDPR and its impact on US academic institutions,” Issues Inf. Syst., vol. 24, no. 2, pp. 232–241, 2023, doi: 10.48009/2_iis_2023_120.
[4] Thomais Gkrimpizi, V. Peristeras, and I. Magnisalis, “Classification of Barriers to Digital Transformation in Higher Education Institutions: Systematic Literature Review,” Educ. Sci., vol. 13, no. 746, pp. 1–24, 2023.
[5] C. W. Budiyanto, R. Latifah, H. Saputro, A. Prananto, I. Education, and U. S. Maret, “The Barriers and Readiness to Deal With Digital Transformation in Higher Education,” TEM J., vol. 13, no. 1, pp. 334–348, 2024, doi: 10.18421/TEM131.
[6] B. Althani, “Migration challenges of legacy software to the cloud: a socio-technical perspective,” Cogent Bus. Manag., vol. 12, no. 1, p., 2025, doi: 10.1080/23311975.2025.2503421.
[7] D. Moher, A. Liberati, J. Tetzlaff, D. G. Altman, and T. P. Group, “Preferred Reporting Items for Systematic Reviews and Meta-Analyses : The PRISMA Statement,” Int. J. Surg., vol. 6, no. 7, 2010, doi: 10.1371/journal.pmed.1000097.
[8] S. C. Barbara Kitchenham, “Guidelines for performing systematic literature reviews in software engineering,” Ebse Tech. Rep., vol. 5, 2007.
[9] R. Dekker, P. van den Brink, and A. Meijer, “Social media adoption in the police: Barriers and strategies,” Gov. Inf. Q., vol. 37, no. 2, p. 101441, 2020, doi: 10.1016/j.giq.2019.101441.
[10] R. Hope Adams and I. I. Ivanov, “Using Socio-Technical System Methodology to Analyze Emerging Information Technology Implementation in the Higher Education Settings,” Int. J. e-Education, e-Business, e-Management e-Learning, vol. 5, no. 1, pp. 31–39, 2015, doi: 10.17706/ijeeee.2015.5.1.31-39.
[11] D. Pillen and M. Eckard, “The impact of the shift to cloud computing on digital recordkeeping practices at the University of Michigan Bentley historical library,” Arch. Sci., no. 0123456789, 2022, doi: 10.1007/s10502-022-09395-2.
[12] S. Mahmood, M. Chadhar, and S. Firmin, “Addressing Cybersecurity Challenges in Times of Crisis: Extending the Sociotechnical Systems Perspective,” Appl. Sci., vol. 14, no. 24, 2024, doi: 10.3390/app142411610.
[13] C. K. Jim and H. C. Chang, “The current state of data governance in higher education,” Proc. Assoc. Inf. Sci. Technol., vol. 55, no. 1, pp. 198–206, 2018, doi: 10.1002/pra2.2018.14505501022.
[14] C. K. Wong and R. Parthasarathy, “University student data privacy, security and policy management,” Eur. Chem. Bull., vol. 12, no. 5, pp. 3398–3402, 2023, doi: 10.48047/ecb/2023.12.si5a.0227.
[15] B. Ghodoosi, T. West, Q. Li, G. Torrisi-Steele, and S. Dey, “A systematic literature review of data literacy education,” J. Bus. Financ. Librariansh., vol. 28, no. 2, pp. 112–127, 2023, doi: 10.1080/08963568.2023.2171552.
[16] N. Wang, H. Liang, S. Ge, Y. Xue, and J. Ma, “Enablers and inhibitors of cloud computing assimilation: an empirical study,” Internet Res., vol. 29, no. 6, pp. 1344–1369, 2019, doi: 10.1108/INTR-03-2018-0126.
[17] E. Santos, M. Carvalho, and S. Martins, “Sustainable Enablers of Knowledge Management Strategies in a Higher Education Institution,” Sustain. , vol. 16, no. 12, 2024, doi: 10.3390/su16125078.
[18] A. I. Regla and P. S. Marquez, “Workplace document management system employing cloud computing and social technology,” in Comput. Sci. Technol.: 6th ICCST 2019, Kota Kinabalu, Malaysia, Aug. 29–30, 2019, Singapore: Springer, 2020, pp. 415–424, doi: 10.1007/978-981-15-0058-9_40.
[19] D. Kolevski and K. Michael, “Cloud computing data breaches: A socio-technical review of literature,” in Proc. 2015 Int. Conf. Green Comput. Internet Things (ICGCIoT), Oct. 2015, pp. 1486–1495.
[20] P. Reid, “Categories for barriers to adoption of instructional technologies,” Educ. Inf. Technol., vol. 19, no. 2, pp. 383–407, 2014, doi: 10.1007/s10639-012-9222-z.
[21] A. N. Tashkandi and I. M. Al-Jabri, “Cloud computing adoption by higher education institutions in Saudi Arabia: An exploratory study,” Cluster Comput., vol. 18, no. 4, pp. 1527–1537, 2015, doi: 10.1007/s10586-015-0490-4.
[22] B. M. R. Wilson, B. Khazaei, and L. Hirsch, “Enablers and Barriers of Cloud Adoption among Small and Medium Enterprises in Tamil Nadu,” Proc. - 2015 IEEE Int. Conf. Cloud Comput. Emerg. Mark. CCEM 2015, pp. 140–145, 2016, doi: 10.1109/CCEM.2015.21.
[23] J. Fernandes, C. Machado, and L. Amaral, “Towards a readiness model derived from critical success factors, for the general data protection regulation implementation in higher education institutions,” Strateg. Manag., vol. 28, no. 1, pp. 4–19, 2023, doi: 10.5937/straman2200033f.
[24] I. S. Bianchi and R. D. Sousa, “IT Governance mechanisms in higher education,” Procedia - Procedia Comput. Sci., vol. 100, pp. 941–946, 2016, doi: 10.1016/j.procs.2016.09.253.
[25] J. Mcleod, “Using the cloud for records storage : issues of trust,” Arch. Sci., vol. 17, no. 4, pp. 349–370, 2017, doi: 10.1007/s10502-017-9280-5.
[26] T. Fiebig et al., Heads in the Clouds? Measuring Universities’ Migration to Public Clouds: Implications for Privacy & Academic Freedom, vol. 2023, no. 2. 2023. doi: 10.56553/popets-2023-0044.
[27] W. M. Al-Rahmi, N. Yahaya, M. M. Alamri, N. A. Aljarboa, Y. Bin Kamin, and F. A. Moafa, “A model of factors affecting cyber bullying behaviors among university students,” IEEE Access, vol. 7, pp. 2978–2985, 2019, doi: 10.1109/ACCESS.2018.2881292.
[28] H. Aydin, “A Study of Cloud Computing Adoption in Universities as a Guideline to Cloud Migration,” SAGE Open, vol. 11, no. 3, 2021, doi: 10.1177/21582440211030280.
[29] M. B. Ali, T. Wood-Harper, and M. Mohamad, “Benefits and challenges of cloud computing adoption and usage in higher education: A systematic literature review,” Int. J. Enterp. Inf. Syst., vol. 14, no. 4, pp. 64–77, 2018, doi: 10.4018/IJEIS.2018100105.
[30] V. K. and C. V. Brown, “Designing data governance,” Commun. ACM, vol. 53, no. 1, 2015, doi: 10.1145/1629175.1629210.
[31] V. M. P. D. dos S. Bruno Miguel Vital Bernardoa, Henrique S~ao Mamedeb, Jo~ao Manuel Pereira Barrosoa, “Data governance & quality management—Innovation and breakthroughs across different field,” J. Innov. Knowl., vol. 9, 2024, doi: 10.1016/j.jik.2024.100598.
[32] Y. Bounagui, A. Mezrioui, and H. Hafiddi, “Toward a unified framework for Cloud Computing governance: An approach for evaluating and integrating IT management and governance models,” Comput. Stand. Interfaces, vol. 62, pp. 98–118, 2019, doi: 10.1016/j.csi.2018.09.001.
[33] F. Cai, N. Zhu, J. He, P. Mu, W. Li, and Y. Yu, “Survey of access control models and technologies for cloud computing,” Cluster Comput., vol. 22, suppl. 3, pp. 6111–6122, 2019, doi: 10.1007/s10586-018-1850-7.
[34] S. Ahmad, S. Mehfuz, F. Mebarek-Oudina, and J. Beg, “RSM analysis based cloud access security broker: A systematic literature review,” Cluster Comput., vol. 25, no. 5, pp. 3733–3763, 2022, doi: 10.1007/s10586-022-03598-z.
[35] A. Kankanhalli, H. H. Teo, B. C. Y. Tan, and K. K. Wei, “An integrative study of information systems security effectiveness,” Int. J. Inf. Manage., vol. 23, no. 2, pp. 139–154, 2003, doi: 10.1016/S0268-4012(02)00105-6.
[36] T. Herath and H. R. Rao, “Protection motivation and deterrence: A framework for security policy compliance in organisations,” Eur. J. Inf. Syst., vol. 18, no. 2, pp. 106–125, 2009, doi: 10.1057/ejis.2009.6.
[37] D. Yimam and E. B. Fernandez, “A survey of compliance issues in cloud computing,” J. Internet Serv. Appl., vol. 7, no. 1, 2016, doi: 10.1186/s13174-016-0046-8.
[38] A. Q. Khan, M. Matskin, R. Prodan, C. Bussler, D. Roman, and A. Soylu, “Cost modelling and optimisation for cloud : a graph ‑ based approach,” J. Cloud Comput., vol. 13, no. 1, 2024, doi: 10.1186/s13677-024-00709-6.
[39] J. Opara-Martins, R. Sahandi, and F. Tian, “Critical analysis of vendor lock-in and its impact on cloud computing migration: A business perspective,” J. Cloud Comput., vol. 5, no. 1, Art. no. 4, 2016, doi: 10.1186/s13677-016-0054-z.
[40] M. J. Page et al., “The PRISMA 2020 statement: An updated guideline for reporting systematic reviews,” BMJ, vol. 372, 2021, doi: 10.1136/bmj.n71.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Journal of Information Systems and Informatics
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors Declaration
- The Authors certify that they have read, understood, and agreed to the Journal of Information Systems and Informatics (JournalISI) submission guidelines, policies, and submission declaration. The submission has been prepared using the provided template.
- The Authors certify that all authors have approved the publication of this manuscript and that there is no conflict of interest.
- The Authors confirm that the manuscript is their original work, has not received prior publication, is not under consideration for publication elsewhere, and has not been previously published.
- The Authors confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- The Authors confirm that the manuscript is not copied from or plagiarized from any other published work.
- The Authors declare that the manuscript will not be submitted for publication in any other journal or magazine until a decision is made by the journal editors.
- If the manuscript is finally accepted for publication, the Authors confirm that they will either proceed with publication immediately or withdraw the manuscript in accordance with the journal’s withdrawal policies.
- The Authors agree that, upon publication of the manuscript in this journal, they transfer copyright or assign exclusive rights to the publisher, including commercial rights
