Use this URL to cite or link to this record in EThOS:
Title: A security model for cloud computing adoption in Saudi Arabian government organisations
Author: Alassafi, Madini Obad
ISNI:       0000 0004 7225 5045
Awarding Body: University of Southampton
Current Institution: University of Southampton
Date of Award: 2018
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Cloud computing plays an essential role in public organisations and private sector companies, while also reducing the cost of using information technology services. Not only is cloud computing available for users to access anytime and anywhere, but also makes it possible for them to pay for only what they use. In Middle Eastern developing countries, such as Saudi Arabia, cloud computing is still not extensively adopted compared with countries in the West. In order to encourage the adoption of cloud services, this research addresses the essential to investigate the security factors which are associated with cloud computing, and which influence organisations’ desire to adopt the cloud services. Subsequently, this study has developed a theoretical framework that associates security in cloud adoption. In light of the above, the main contribution of this study is the Security Cloud Adoption Framework development in order to support an investigation into the security factors that influence the adoption of cloud computing in KSA government organisations. This research proposes a framework which can be used to understand and evaluate security in cloud adoption; particular emphasis is placed on risks, social aspects, and benefits when implementing security in the cloud services. The proposed framework consists of three categories, namely the Security Social category, the Cloud Security Risks category, and the Cloud Security Benefits category. The framework factors were identified by critically reviewing studies found in the literature, together with factors from the industrial standards within the context of the KSA. The methods used in this confirmatory study were expert interviews and questionnaires. Interviews were conducted with 12 security experts in different Saudi government organisations to confirm the aforementioned factors and to identify those omitted from previous studies. The second method used was questionnaires, which were distributed to 32 IT and security experts from different Saudi government organisations in order to confirm the security factors in the security cloud adoption framework. This framework was subsequently developed. The outcomes from the expert interviews exposed that the proposed security factors in the security cloud adoption framework are statistically significant. In addition to this, the analysis of the interview outcomes and the questionnaire results indicated that there is an additional factor, namely Failure of Client-side encryption, which could potentially affect the adoption of cloud services in KSA government organisations. Experts and security specialists expressed the belief that this factor may influence cloud adoption. The findings of this research were used to improve the suggested framework. Finally, in the validation study, a new instrument was used with 215 IT and security experts in different Saudi government organisations; the purpose of this was to explore the relationship among security factors and to test the model. The instrument was evaluated using a group of experiments; the security experts evaluated the instrument applying the content validity ratio, while the security experts had a part in the validation study. The validation study involved important two tests which examined the internal reliability and the correlation analyses. After applying Structural Equation Modelling (SEM), the resulting data clearly showed a good fit of the structural model and measurement analyses. The key outcomes of the validation study revealed that the relationships among security factors were discovered to have a direct and statistically significant effect in the model. This specifies that the proposed model fits the data and applies to the Saudi context. The contributions of this research are as follows: firstly, it developed a security cloud framework within the KSA context and, secondly, the framework was extended to a security cloud instrument for measurement and validation of the model. Overall, the outcomes of this study are of valuable information in terms of recommendations to cloud providers, government organisations, administrators, and policy makers. Simply put, these findings can assist in the implementation of cloud computing and encourage the spread of this phenomenon across countries in the Middle Eastern, particularly in Saudi Arabia.
Supervisor: Wills, Gary Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available