The University of Southampton
University of Southampton Institutional Repository

A security model for cloud computing adoption in Saudi Arabian government organisations

A security model for cloud computing adoption in Saudi Arabian government organisations
A security model for cloud computing adoption in Saudi Arabian government organisations
Cloud computing plays an essential role in public organisations and private sector companies, while also reducing the cost of using information technology services. Not only is cloud computing available for users to access anytime and anywhere, but also makes it possible for them to pay for only what they use. In Middle Eastern developing countries, such as Saudi Arabia, cloud computing is still not extensively adopted compared with countries in the West. In order to encourage the adoption of cloud services, this research addresses the essential to investigate the security factors which are associated with cloud computing, and which influence organisations’ desire to adopt the cloud services. Subsequently, this study has developed a theoretical framework that associates security in cloud adoption.

In light of the above, the main contribution of this study is the Security Cloud Adoption Framework development in order to support an investigation into the security factors that influence the adoption of cloud computing in KSA government organisations. This research proposes a framework which can be used to understand and evaluate security in cloud adoption; particular emphasis is placed on risks, social aspects, and benefits when implementing security in the cloud services. The proposed framework consists of three categories, namely the Security Social category, the Cloud Security Risks category, and the Cloud Security Benefits category. The framework factors were identified by critically reviewing studies found in the literature, together with factors from the industrial standards within the context of the KSA. The methods used in this confirmatory study were expert interviews and questionnaires. Interviews were conducted with 12 security experts in different Saudi government organisations to confirm the aforementioned factors and to identify those omitted from previous studies. The second method used was questionnaires, which were distributed to 32 IT and security experts from different Saudi government organisations in order to confirm the security factors in the security cloud adoption framework. This framework was subsequently developed. The outcomes from the expert interviews exposed that the proposed security factors in the security cloud adoption framework are statistically significant. In addition to this, the analysis of the interview outcomes and the questionnaire results indicated that there is an additional factor, namely Failure of Client-side encryption, which could potentially affect the adoption of cloud services in KSA government organisations. Experts and security specialists expressed the belief that this factor may influence cloud adoption. The findings of this research were used to improve the suggested framework.

Finally, in the validation study, a new instrument was used with 215 IT and security experts in different Saudi government organisations; the purpose of this was to explore the relationship among security factors and to test the model. The instrument was evaluated using a group of experiments; the security experts evaluated the instrument applying the content validity ratio, while the security experts had a part in the validation study. The validation study involved important two tests which examined the internal reliability and the correlation analyses. After applying Structural Equation Modelling (SEM), the resulting data clearly showed a good fit of the structural model and measurement analyses. The key outcomes of the validation study revealed that the relationships among security factors were discovered to have a direct and statistically significant effect in the model. This specifies that the proposed model fits the data and applies to the Saudi context.

The contributions of this research are as follows: firstly, it developed a security cloud framework within the KSA context and, secondly, the framework was extended to a security cloud instrument for measurement and validation of the model.

Overall, the outcomes of this study are of valuable information in terms of recommendations to cloud providers, government organisations, administrators, and policy makers. Simply put, these findings can assist in the implementation of cloud computing and encourage the spread of this phenomenon across countries in the Middle Eastern, particularly in Saudi Arabia.
University of Southampton
Alassafi, Madini Obad
231b07cb-5a2c-4875-b213-e7c32f328863
Alassafi, Madini Obad
231b07cb-5a2c-4875-b213-e7c32f328863
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0

Alassafi, Madini Obad (2018) A security model for cloud computing adoption in Saudi Arabian government organisations. University of Southampton, Doctoral Thesis, 287pp.

Record type: Thesis (Doctoral)

Abstract

Cloud computing plays an essential role in public organisations and private sector companies, while also reducing the cost of using information technology services. Not only is cloud computing available for users to access anytime and anywhere, but also makes it possible for them to pay for only what they use. In Middle Eastern developing countries, such as Saudi Arabia, cloud computing is still not extensively adopted compared with countries in the West. In order to encourage the adoption of cloud services, this research addresses the essential to investigate the security factors which are associated with cloud computing, and which influence organisations’ desire to adopt the cloud services. Subsequently, this study has developed a theoretical framework that associates security in cloud adoption.

In light of the above, the main contribution of this study is the Security Cloud Adoption Framework development in order to support an investigation into the security factors that influence the adoption of cloud computing in KSA government organisations. This research proposes a framework which can be used to understand and evaluate security in cloud adoption; particular emphasis is placed on risks, social aspects, and benefits when implementing security in the cloud services. The proposed framework consists of three categories, namely the Security Social category, the Cloud Security Risks category, and the Cloud Security Benefits category. The framework factors were identified by critically reviewing studies found in the literature, together with factors from the industrial standards within the context of the KSA. The methods used in this confirmatory study were expert interviews and questionnaires. Interviews were conducted with 12 security experts in different Saudi government organisations to confirm the aforementioned factors and to identify those omitted from previous studies. The second method used was questionnaires, which were distributed to 32 IT and security experts from different Saudi government organisations in order to confirm the security factors in the security cloud adoption framework. This framework was subsequently developed. The outcomes from the expert interviews exposed that the proposed security factors in the security cloud adoption framework are statistically significant. In addition to this, the analysis of the interview outcomes and the questionnaire results indicated that there is an additional factor, namely Failure of Client-side encryption, which could potentially affect the adoption of cloud services in KSA government organisations. Experts and security specialists expressed the belief that this factor may influence cloud adoption. The findings of this research were used to improve the suggested framework.

Finally, in the validation study, a new instrument was used with 215 IT and security experts in different Saudi government organisations; the purpose of this was to explore the relationship among security factors and to test the model. The instrument was evaluated using a group of experiments; the security experts evaluated the instrument applying the content validity ratio, while the security experts had a part in the validation study. The validation study involved important two tests which examined the internal reliability and the correlation analyses. After applying Structural Equation Modelling (SEM), the resulting data clearly showed a good fit of the structural model and measurement analyses. The key outcomes of the validation study revealed that the relationships among security factors were discovered to have a direct and statistically significant effect in the model. This specifies that the proposed model fits the data and applies to the Saudi context.

The contributions of this research are as follows: firstly, it developed a security cloud framework within the KSA context and, secondly, the framework was extended to a security cloud instrument for measurement and validation of the model.

Overall, the outcomes of this study are of valuable information in terms of recommendations to cloud providers, government organisations, administrators, and policy makers. Simply put, these findings can assist in the implementation of cloud computing and encourage the spread of this phenomenon across countries in the Middle Eastern, particularly in Saudi Arabia.

Text
Final Thesis
Restricted to Repository staff only until 19 September 2019.
Available under License University of Southampton Thesis Licence.

More information

Published date: February 2018

Identifiers

Local EPrints ID: 418978
URI: https://eprints.soton.ac.uk/id/eprint/418978
PURE UUID: 74f31ff6-a24a-423c-afc7-32cbf1203f69
ORCID for Madini Obad Alassafi: ORCID iD orcid.org/0000-0001-9919-8368
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 27 Mar 2018 16:30
Last modified: 14 Mar 2019 01:51

Export record

Contributors

Author: Madini Obad Alassafi ORCID iD
Thesis advisor: Gary Wills ORCID iD

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×