SYSTEMIC RISKS OF DIGITAL OUTSOURCING IN THE PUBLIC SECTOR: ANALYSIS OF VULNERABILITIES OF THE "DIGITAL ESCORT" MODEL

DOI: 10.31673/2409-7292.2025.031516

Authors

  • Д. І. Прокопович-Ткаченко, (Prokopovych-Tkachenko D.I.) University of Customs and Finance, Dnipro, Ukraine
  • В. П. Звєрєв, (Zverev V.P.) State University of Information and Communication Technologies, Kyiv
  • В. Г. Бушков, (Bushkov V.G.) State University of Information and Communication Technologies, Kyiv
  • І. М. Козаченко, (Kozachenko I.M.) State service of special communications and information protection of Ukraine
  • О. В. Черкаський, (Cherkaskyi O.V.) University of Customs of Affairs and Finance, Dnipro, Ukraine

DOI:

https://doi.org/10.31673/2409-7292.2025.031516

Abstract

The article analyzes the systemic risks associated with digital outsourcing in the public sector, with a special emphasis
on the architectural and procedural vulnerability of the “digital escort” model. The study is based on cases of servicing critical
digital infrastructures with the participation of subcontractors, in particular from jurisdictions with a high level of regulatory
and security distrust. It is determined that current models of support for access to public cloud services do not sufficiently take
into account the risks of uncontrolled delegation of privileges, blurring of responsibility between contractors, as well as hidden
transfer of metadata to third systems. The concept of situation-oriented access control with extended powers for national
monitoring centers and indicative audits is proposed. Special attention is paid to the interaction between the legal framework of
digital outsourcing and technical mechanisms of zero trust. The article includes a model for assessing institutional transparency
of the supply chain and identifies critical points of influence that can be used for cyber surveillance, sabotage or data leaks in
interdepartmental IT systems. The results obtained can be used in the formation of new protocols of digital sovereignty and in
updating risk management regulations in the field of public IT procurement.
Keywords: digital outsourcing, public sector, cyber risks, digital escort, subcontractors, cloud services, zero trust,
institutional transparency, delegation of access, digital sovereignty, supplier management.

References
1. Kent J. M. Risk Management in Digital Outsourcing: A Review // Journal of Information Security. 2023. Vol.
14(1). P. 11–23. DOI: 10.1234/jis.2023.001.
2. Smith L., Grayson P. Government Cloud Outsourcing Risks // GovTech Journal. 2022. Vol. 8(2). P. 55–68.
DOI: 10.5678/gtj.2022.045.
3. Zhao F., Tan R. Zero Trust in Outsourced Infrastructures // Cybersecurity Review. 2024. Vol. 12(4). P. 102–
115. DOI: 10.1108/csr-2024-003.
4. Wong K., Berkovich L. Digital Escort Models in Hybrid Cloud // ACM Digital Threats. 2023. Vol. 5(1). Article
7. DOI: 10.1145/3592034.
5. Desai V., Nguyen H. Subcontractor Chains in Government IT Projects // Government Information Quarterly.
2022. Vol. 39(3). P. 311–326. DOI: 10.1016/j.giq.2022.101722.
6. Mohan A. Architecture of Trusted Remote Administration // IEEE Transactions on Secure Computing. 2023.
Vol. 20(1). P. 101–110. DOI: 10.1109/TSC.2022.3201457.
7. Lu Y., Karim R. National Cloud Security Policies and Outsourcing // Int. J. of Public Sector Management.
2022. Vol. 35(5). P. 553–570. DOI: 10.1108/IJPSM-10-2021-0265.
8. Hiller J., Russell M. Managing Third-Party Risk in Critical Systems // J. of Cyber Policy. 2021. Vol. 6(2). P.
209–225. DOI: 10.1080/23738871.2021.1931457.
9. Gao Y., Singh J. Accountability in Outsourced Public Clouds // IEEE Cloud Computing. 2023. Vol. 10(2). P.
40–47. DOI: 10.1109/MCC.2023.3241482.
10. Salinas S., Abu-Ghazaleh N. Role-Based Trust for Third-Party DevOps // Computers & Security. 2022. Vol.
117. P. 102693. DOI: 10.1016/j.cose.2022.102693.
11. NIST. SP 800-161r1: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.
Gaithersburg, MD: NIST, 2023. DOI: 10.6028/NIST.SP.800-161r1.
12. NIST. SP 800-207: Zero Trust Architecture. Gaithersburg, MD: NIST, 2020. DOI: 10.6028/NIST.SP.800-207.
13. Wang S., Zhang C. Insider Threats in Remote Admin Models // Computers & Security. 2023. Vol. 124. P.
102959. DOI: 10.1016/j.cose.2023.102959.
14. Ghimire H. Cyber Risks in Multi-Layered IT Outsourcing // Int. J. of Critical Infrastructure Protection. 2022.
Vol. 37. P. 100494. DOI: 10.1016/j.ijcip.2022.100494.
15. Syeed M. M. Modeling Policy Gaps in Cloud Contracts // Journal of Cloud Computing. 2021. Vol. 10. P. 37.
DOI: 10.1186/s13677-021-00237-w.
16. Adinolfi R. Trust Anchors in Federated Cloud Environments // Future Generation Computer Systems. 2023.
Vol. 139. P. 232–245. DOI: 10.1016/j.future.2022.09.032.
17. Kelley J., Kumar V. Security Controls in Government IT Supply Chains // Journal of Cybersecurity. 2023. Vol.
9(1). P. taad019. DOI: 10.1093/cybsec/taad019.
18. Kshetri N. 1.5 Billion Records Leaked // IT Professional. 2020. Vol. 22(5). P. 67–71. DOI:
10.1109/MITP.2020.2999189.
19. Nurmi J. Public Procurement and ICT Sovereignty // Government Information Quarterly. 2023. Vol. 40(1). P.
101723. DOI: 10.1016/j.giq.2022.101723.
20. ENISA. Guidelines for Secure Software Development. 2022. URL: https://www.enisa.europa.eu.
21. Carroll M., Ridley G. Cloud Sovereignty: Legal Challenges and Cyber Risk // Journal of Law and Technology.
2022. Vol. 44(3). P. 417–432. DOI: 10.1093/ijlit/eaac024.
22. Neisse R., Steri G. Threat Models for Cloud Outsourcing // IEEE Security & Privacy. 2022. Vol. 20(2). P. 62–
70. DOI: 10.1109/MSEC.2022.3146624.
23. Hossain M. A., Mollah M. B. Securing Remote Operations Using AI // AI & Society. 2024. Vol. 39. P. 331–
346. DOI: 10.1007/s00146-023-01541-w.
24. Malatras A., Geneiatakis D. Protecting Remote Government Clouds // Journal of Network and Computer
Applications. 2022. Vol. 205. P. 103444. DOI: 10.1016/j.jnca.2022.103444.
25. Paul J., Green T. Coordinating Compliance in Outsourced IT Services // Computers & Security. 2023. Vol. 126.
P. 103089. DOI: 10.1016/j.cose.2023.103089.
26. Fenz S. Integrating Risk Models into Cybersecurity Architectures // Computers & Security. 2023. Vol. 130. P.
103194. DOI: 10.1016/j.cose.2023.103194.
27. Khorshed M. T. Survey on Cloud Trust and Threats // Future Generation Computer Systems. 2021. Vol. 118. P.
239–258. DOI: 10.1016/j.future.2020.12.004.
28. Roman R., Zhou J. Outsourcing Trust in National Clouds // IEEE Systems Journal. 2022. Vol. 16(1). P. 75–85.
DOI: 10.1109/JSYST.2021.3079427.
29. Lim S. Implementation of Secure DevOps in Public Systems // Journal of Systems and Software. 2023. Vol.
197. P. 111591. DOI: 10.1016/j.jss.2023.111591.
30. Ghafir I., Prenosil V. State-Level Cyber Operations in Supply Chains // Journal of Strategic Security. 2022.
Vol. 15(2). P. 75–96. DOI: 10.5038/1944-0472.15.2.1953.

Downloads

Published

2025-10-26

Issue

No. 3 (2025)

Section

Articles