External information systems services perform calculations outside of traditional security authorization boundaries established by organizations for their information systems. Traditional authorization boundaries related to physical space and asset control are expanded (both physically and logically) with the use of external services. “External services may be provided by entities within the organization but outside the security authorization boundaries established for the organization's information systems, by entities outside the organization, or in the public sector (e.g., federal agencies) or in the private sector (e.g., commercial service providers). , or a combination of public and private sector options (Gallagher, 2015).” External information systems services may include the use of service-oriented architectures (SOA), cloud-based services (infrastructure, platform, software), or data centers.