A validation of security determinants model for cloud adoption in Saudi organisations’ context

  • Madini O. Alassafi
  • Hany F. Atlam
  • Abdulrahman A. Alshdadi
  • Abdullah I. Alzahrani
  • Rayed A. AlGhamdiEmail author
  • Seyed M. Buhari
Original Research


Governments across the world are starting to make a dynamic shift to cloud computing so as to increase efficiency. Although, the cloud technology brings various benefits for government organisations, including flexibility and low cost, adopting it with the existing system is not an easy task. In this regard, the most significant challenge to any government agency is security concern. Our previous study focused to identify security factors that influence decision of government organisations to adopt cloud. This research enhances the previous work by investigating on the impact of various independent security related factors on the adopted security taxonomy based on critical ratio, standard error and significance levels. Data was collected from IT and security experts in the government organisations of Saudi Arabia. The Analysis of Moment Structures (AMOS) tool was used in this research for data analysis. Critical ratio reveals the importance of Security Benefits, Risks and Awareness Taxonomies on cloud adoption. Also, most of the exogenous variables had strong and positive relationships with their fellow exogenous variables. In future, this taxonomy model can also be applied for studying the adoption of new IT innovations whose IT architecture is similar to that of the cloud.


Cloud security factors Cloud adoption Structure equation modelling Saudi government organisations 


  1. 1.
    Alassafi MO, Alharthi A, Alenezi A, Walters RJ, Wills GB (2016) Investigating the security factors in cloud computing adoption: towards developing an integrated framework. J Internet Technol Secur Trans (JITST) 5(2):486–494Google Scholar
  2. 2.
    Winkler V (2009) Securing the cloud: cloud computer security techniques and tactics. ElsevierGoogle Scholar
  3. 3.
    Alhussain T, AlGhamdi R, Alkhalaf S, Alfarraj O (2013) Users’ perceptions of mobile phone security: a survey study in the Kingdom of Saudi Arabia. Int J Comput Theory Eng 5(5):793–793CrossRefGoogle Scholar
  4. 4.
    Alassafi MO, Hussain RK, Ghashgari G, Walters RJ, Wills GB  (2017) Security in organisations: governance, risks and vulnerabilities in moving to the cloud.  In: International workshop on enterprise security. Springer, Cham, pp 241–258. CrossRefGoogle Scholar
  5. 5.
    Alkhater N, Wills G, Walters R (2014) Factors Influencing an organisation’s intention to adopt cloud computing in Saudi Arabia. In: 2014 IEEE 6th international conference on cloud computing technology and science. IEEE, pp 1040–1044Google Scholar
  6. 6.
    Alsanea M, Barth J (2014) Factors affecting the adoption of cloud computing in the government sector: a case study of Saudi Arabia. Int J Cloud Comput Serv 3(6):1–16Google Scholar
  7. 7.
    Alharbi ST (2017) Trust and acceptance of cloud computing: a revised UTAUT model. In: 2014 international conference on computational science and computational intelligence, vol 2. IEEE, pp 131–134Google Scholar
  8. 8.
    Alturki SM (2017) Analysis and identification of cloud usage in private and public sector in Saudi Arabia. Int J Comput Appl 162(4):17–21Google Scholar
  9. 9.
    Alharbi F, Atkins A, Stanier C (2015) Strategic framework for cloud computing decision-making in healthcare sector in Saudi Arabia. The seventh international conference on ehealth, telemedicine, and social medicine 1:138–144Google Scholar
  10. 10.
    Alassafi MO, Alharthi A, Walters RJ, Wills GB (2016) Security risk factors that influence cloud computing adoption in Saudi Arabia government agencies. In: 2016 international conference on information society (i-Society). IEEE, pp 28–31Google Scholar
  11. 11.
    Alnatheer M, Nelson K (2009) A proposed framework for understanding information security culture and practices in the Saudi context. In: Proceedings of the 7th Australian information security management conference, Perth, Australia, pp 6–17Google Scholar
  12. 12.
    AlGhamdi R, Drew S, AbuGabah A (2011) Designing government strategies to facilitate diffusion of online commerce: a focus on KSA. J Inf Syst Manag 1(3):97–106Google Scholar
  13. 13.
    AlGhamdi R (2012) Diffusion of the adoption of online retailing in Saudi Arabia. PhD thesis, Griffith University, Brisbane, AustraliaGoogle Scholar
  14. 14.
    Alfarraj O, Drew S, AlGhamdi R (2012) EGovernment stage model: evaluating the rate of web development progress of government websites in Saudi Arabia. Int J Adv Comput Sci Appl 2(9):82–90Google Scholar
  15. 15.
    Alshahrani MSA, Alsadiq MAJ (2014) Economic growth and government spending in Saudi Arabia: an empirical investigation. Int Monet Fund. CrossRefGoogle Scholar
  16. 16.
    Alharthi A, Alassafi MO, Walters RJ, Wills GB (2017) An exploratory study for investigating the critical success factors for cloud migration in the Saudi Arabian higher education context. Telemat Inf 34(2):664–678CrossRefGoogle Scholar
  17. 17.
    Alshehri M, Drew S, Alhussain T, Alghamdi R (2012) The impact of trust on e-government services acceptance: a study of users’ perceptions by applying UTAUT model. Int J Technol Diffus (IJTD) 3(2):50–61CrossRefGoogle Scholar
  18. 18.
    Khan KM, Malluhi Q (2010) Establishing trust in cloud computing. IT Prof 12(5):20–27CrossRefGoogle Scholar
  19. 19.
    Pearson S (2013) Privacy, security and trust in cloud computing. Privacy and security for cloud computing. Springer, London, pp 3–42CrossRefGoogle Scholar
  20. 20.
    Badger L, Bernstein D, Bohn R, De Vaulx F, Hogan M, Iorga M, Mao J, Messina J, Mills K, Simmon E, Sokol A (2014) US government cloud computing technology roadmap. US Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MDCrossRefGoogle Scholar
  21. 21.
    Catteddu D (2009) Cloud computing: benefits, risks and recommendations for information security. In: Iberic web application security conference. Springer, Berlin, pp 17–20. CrossRefGoogle Scholar
  22. 22.
    Chang V, Kuo Y-H, Ramachandran M (2015) Cloud computing adoption framework—a security framework for business clouds. Future Gener Computer Syst 57(27):24–41Google Scholar
  23. 23.
    Atlam HF, Alassafi MO, Alenezi A, Walters RJ, Wills GB (2018) XACML to build access control policies for internet of things. In: Proceedings of the 3rd international conference on internet of things, big data and security, Madeira, Portugal, pp 253–260Google Scholar
  24. 24.
    Kanday R (2012) A survey on cloud computing security. In: 2012 international conference on computing sciences. IEEE, pp 302–311Google Scholar
  25. 25.
    Kajiyama T (2013) Cloud computing security: how risks and threats are affecting cloud adoption decisions. Doctoral dissertation, San Diego State University, California, USAGoogle Scholar
  26. 26.
    Latif R, Abbas H, Assar S, Ali Q (2014) Cloud computing risk assessment: a systematic literature review. Future information technology. Springer, Berlin, pp 285–295CrossRefGoogle Scholar
  27. 27.
    Ferdous MS, Hussein R, Alassafi M, Alharthi A, Walters R, Wills G (2016) Threat taxonomy for cloud of things. Internet Things Big Data Anal Recent Trends Challenges 1:149–191Google Scholar
  28. 28.
    Cloud Security Alliance (2013) The notorious nine. In: Cloud computing top threats in 2013 CSA, CSA Glob. Staff, pp 1–14Google Scholar
  29. 29.
    Che J, Duan Y, Zhang T, Fan J (2011) Study on the security models and strategies of cloud computing. Procedia Eng 23:586–593CrossRefGoogle Scholar
  30. 30.
    Bhattasali T, Chaki R, Chaki N (2013) Secure and trusted cloud of things. In: 2013 annual IEEE India conference (INDICON). IEEE, pp 1–6Google Scholar
  31. 31.
    Jajodia S, Kant K, Samarati P, Singhal A, Swarup V, Wang C (eds) (2014) Secure cloud computing. Springer, New YorkGoogle Scholar
  32. 32.
    Jasti A, Shah P, Nagaraj R, Pendse R (2010) Security in multi-tenancy cloud. In: 44th annual 2010 IEEE international Carnahan conference on security technology. IEEE, pp 35–41Google Scholar
  33. 33.
    Lian JW, Yen DC, Wang YT (2014) An exploratory study to understand the critical factors affecting the decision to adopt cloud computing in Taiwan hospital. Int J Inf Manage 34(1):28–36CrossRefGoogle Scholar
  34. 34.
    AlGhamdi R, Drew S (2011) Seven key drivers to online retailing in KSA. In: Proceedings of the IADIS international conference on e-Society. Avila, Spain, pp 237–244Google Scholar
  35. 35.
    Wyld DC (2013) The cloudy future of government IT: cloud computing and the public sector around the world. First ACIS/JNU International Conference on Computers. Networks, Systems and Industrial Engineering. IEEE, pp 164–169Google Scholar
  36. 36.
    Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11CrossRefGoogle Scholar
  37. 37.
    Rebollo O, Mellado D, Fernández-Medina E, Mouratidis H (2015) Empirical evaluation of a cloud computing information security governance framework. Inf Softw Technol 58:44–57. CrossRefGoogle Scholar
  38. 38.
    Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM workshop on cloud computing security. ACM, pp 91–96Google Scholar
  39. 39.
    Mahyar A (2014) The factors that influence on adoption of cloud computing for small and medium enterprises. Master Thesis, Universiti Teknologi Malaysia, Johor, MalaysiaGoogle Scholar
  40. 40.
    Sabi HM, Uzoka F-ME, Langmia K, Njeh FN (2016) Conceptualizing a model for adoption of cloud computing in education. Int J Inf Manage 36(2):183–191CrossRefGoogle Scholar
  41. 41.
    Straub DWM, Loch KD, Hill CE (2003) Transfer of information technology to the Arab World. J Global Inf Manage 9:6–28. CrossRefGoogle Scholar
  42. 42.
    Weerakkody N (2008) Research methods for media and communication. Oxford University PressGoogle Scholar
  43. 43.
    Sen J (2015) Security and privacy issues in cloud computing. In: Cloud technology: concepts, methodologies, tools, and applications. IGI Global, pp 1585–1630Google Scholar
  44. 44.
    Chang V, Ramachandran M, Yao Y, Kuo YH, Li CS (2016) A resiliency framework for an enterprise cloud. Int J Inf Manage 36(1):155–166CrossRefGoogle Scholar
  45. 45.
    Zhang X, Wuwong N, Li H, Zhang X (2010) Information security risk management framework for the cloud computing environments. In: 2010 10th IEEE international conference on computer and information technology. IEEE, pp 1328–1334Google Scholar
  46. 46.
    Yahya F, Chang V, Walters J, Wills B (2014) Security challenges in cloud storage. In: 6th international conference on cloud computing technology and science. IEEE, pp 1–6Google Scholar
  47. 47.
    Saunders M, Lewis P, Thornhill A (2009) Research methods for business students, 5th edn. Pearson, New YorkGoogle Scholar
  48. 48.
    Wolf EJ, Harrington KM, Clark SL, Miller MW (2013) Sample size requirements for structural equation models: an evaluation of power, bias, and solution propriety. Educ Psychol Measur 73(6):913–934CrossRefGoogle Scholar
  49. 49.
    Revilla MA, Saris WE, Krosnick JA (2014) Choosing the number of categories in agree–disagree scales. Sociol Methods Res 43(1):73–97MathSciNetCrossRefGoogle Scholar
  50. 50.
    Sekaran U, Bougie R (2016) Research methods for business: a skill building approach. WileyGoogle Scholar
  51. 51.
    Choudrie J, Ghinea G (2013) Silver surfers, e-government and the digital divide: an exploratory study of UK local authority websites and older citizens. Interact Comput 25(6):417–442CrossRefGoogle Scholar
  52. 52.
    Byrne BM (2010) Structural equation modeling with AMOS: basic concepts, applications, and programming, 2nd edn. RoutledgeGoogle Scholar
  53. 53.
    Hair JF, Black WC, Babin BJ, Anderson RE (2010) Multivariate data analysis, 7th edn. Pearson Higher Education, LondonGoogle Scholar
  54. 54.
    Bentler PM (1990) Comparative fit indexes in structural models. Psychol Bull 107(2):238–246CrossRefGoogle Scholar
  55. 55.
    Kline R (2011) Principles and practice of structural equation modeling, 3rd edn. Guilford Press, New YorkzbMATHGoogle Scholar
  56. 56.
    Wheaton B (1987) Assessment of fit in overidentified models with latent variables. Sociol Methods Res 16(1):118–154CrossRefGoogle Scholar
  57. 57.
    Pallant J (2013) SPSS survival manual. McGraw-Hill Education, UKGoogle Scholar
  58. 58.
    Hooper D, Coughlan J, Mullen MR (2008) Structural equation modelling: guidelines for determining model fit. Electron J Bus Res 6(1):53–60Google Scholar
  59. 59.
    Finkelstein DM (2005) A beginner’s guide to structural equation modeling, 1st edn. Taylor & FrancisGoogle Scholar
  60. 60.
    Tabachnick BG, Fidell LS (2012) Using multivariate statistics, 6th edn. PearsonGoogle Scholar
  61. 61.
    Hoyle RH (1995) Structural equation modeling: concepts, issues, and applications. SageGoogle Scholar
  62. 62.
    Almorsy M, Grundy J, Müller I (2010) An analysis of the cloud computing security problem. 17th Asia-Pacific software enginering confnference (APSEC 2010). Australia, Sydney, pp 7–15Google Scholar
  63. 63.
    Changchit C, Chuchuen C (2018) Cloud computing: an examination of factors impacting users’ adoption. J Comput Inf Syst 58(1):1–9Google Scholar

Copyright information

© Bharati Vidyapeeth's Institute of Computer Applications and Management 2019

Authors and Affiliations

  1. 1.Department of Information Technology, Faculty of Computing and ITKing Abdulaziz UniversityJeddahSaudi Arabia
  2. 2.Electronic and Computer Science DepartmentUniversity of SouthamptonSouthamptonUK
  3. 3.Faculty of Computing and Information TechnologyUniversity of JeddahJeddahSaudi Arabia

Personalised recommendations