Abstract

As organizations increasingly adopt cloud computing, they face growing challenges in security compliance responsibilities under the shared responsibility model (Yimam & Fernandez, 2016). While cloud service providers secure the infrastructure, customers are accountable for security configurations, data protection, and adherence to regulatory frameworks (Ardagna et al., 2015). Despite clear guidelines, noncompliance remains prevalent, often due to fragmented leadership and a lack of ownership at the team level. Cloud security compliance is not only a technical challenge but fundamentally a leadership issue. IS security researchers have explored leadership theories to understand how to promote security compliance (Tejay & Winkfield, 2025). This research aims to examine the leadership approach that enhances organizational compliance with cloud security responsibilities. The complexities introduced by the shared responsibility model necessitate a shift from traditional top-down governance to a shared leadership approach. By distributing leadership across teams, organizations are better positioned to manage cloud-specific responsibilities and foster more effective, organization-wide security compliance. This TREO Talk presents a conceptual framework based on Shared Leadership Theory (Cox et al., 2003), exploring how distributed leadership practices can improve cloud security compliance. Shared leadership broadens the distribution of leadership responsibilities, extending beyond a single appointed leader to include both horizontal and vertical leadership, where individuals lead one another within teams and across the organization. We propose that formal leadership, exercised by CISOs and security leaders, is crucial in forming teams and assigning roles. However, the dynamic and cross-functional nature of cloud security also requires shared leadership, where individuals across the organization influence one another through directive, transactional, transformational, and empowering behaviors. Key team characteristics - such as proximity, size, ability, diversity, and maturity - further shape the effectiveness of shared leadership in this context. We also examine team responsiveness (affective, behavioral, and cognitive) as a critical mediator between leadership style and compliance outcomes. Ultimately, the model links shared leadership to team effectiveness, as measured by the quality, quantity, and timeliness of security compliance activities. This research contributes to the IS discipline by offering a novel perspective on leadership dynamics in cloud security governance and invites further discussion on empirical approaches to validate the framework.

Comments

tpp1289

Download

Share

COinS