A validation of security determinants model for cloud adoption in Saudi organisations’ context


Governments across the world are starting to make a dynamic shift to cloud computing so as to increase efficiency. Although, the cloud technology brings various benefits for government organisations, including flexibility and low cost, adopting it with the existing system is not an easy task. In this regard, the most significant challenge to any government agency is security concern. Our previous study focused to identify security factors that influence decision of government organisations to adopt cloud. This research enhances the previous work by investigating on the impact of various independent security related factors on the adopted security taxonomy based on critical ratio, standard error and significance levels. Data was collected from IT and security experts in the government organisations of Saudi Arabia. The Analysis of Moment Structures (AMOS) tool was used in this research for data analysis. Critical ratio reveals the importance of Security Benefits, Risks and Awareness Taxonomies on cloud adoption. Also, most of the exogenous variables had strong and positive relationships with their fellow exogenous variables. In future, this taxonomy model can also be applied for studying the adoption of new IT innovations whose IT architecture is similar to that of the cloud.

This is a preview of subscription content, access via your institution.

Fig. 1


  1. 1.

    Alassafi MO, Alharthi A, Alenezi A, Walters RJ, Wills GB (2016) Investigating the security factors in cloud computing adoption: towards developing an integrated framework. J Internet Technol Secur Trans (JITST) 5(2):486–494

    Google Scholar 

  2. 2.

    Winkler V (2009) Securing the cloud: cloud computer security techniques and tactics. Elsevier

  3. 3.

    Alhussain T, AlGhamdi R, Alkhalaf S, Alfarraj O (2013) Users’ perceptions of mobile phone security: a survey study in the Kingdom of Saudi Arabia. Int J Comput Theory Eng 5(5):793–793

    Article  Google Scholar 

  4. 4.

    Alassafi MO, Hussain RK, Ghashgari G, Walters RJ, Wills GB  (2017) Security in organisations: governance, risks and vulnerabilities in moving to the cloud.  In: International workshop on enterprise security. Springer, Cham, pp 241–258. https://doi.org/10.1007/978-3-319-54380-2_11

    Google Scholar 

  5. 5.

    Alkhater N, Wills G, Walters R (2014) Factors Influencing an organisation’s intention to adopt cloud computing in Saudi Arabia. In: 2014 IEEE 6th international conference on cloud computing technology and science. IEEE, pp 1040–1044

  6. 6.

    Alsanea M, Barth J (2014) Factors affecting the adoption of cloud computing in the government sector: a case study of Saudi Arabia. Int J Cloud Comput Serv 3(6):1–16

    Google Scholar 

  7. 7.

    Alharbi ST (2017) Trust and acceptance of cloud computing: a revised UTAUT model. In: 2014 international conference on computational science and computational intelligence, vol 2. IEEE, pp 131–134

  8. 8.

    Alturki SM (2017) Analysis and identification of cloud usage in private and public sector in Saudi Arabia. Int J Comput Appl 162(4):17–21

    Google Scholar 

  9. 9.

    Alharbi F, Atkins A, Stanier C (2015) Strategic framework for cloud computing decision-making in healthcare sector in Saudi Arabia. The seventh international conference on ehealth, telemedicine, and social medicine 1:138–144

    Google Scholar 

  10. 10.

    Alassafi MO, Alharthi A, Walters RJ, Wills GB (2016) Security risk factors that influence cloud computing adoption in Saudi Arabia government agencies. In: 2016 international conference on information society (i-Society). IEEE, pp 28–31

  11. 11.

    Alnatheer M, Nelson K (2009) A proposed framework for understanding information security culture and practices in the Saudi context. In: Proceedings of the 7th Australian information security management conference, Perth, Australia, pp 6–17

  12. 12.

    AlGhamdi R, Drew S, AbuGabah A (2011) Designing government strategies to facilitate diffusion of online commerce: a focus on KSA. J Inf Syst Manag 1(3):97–106

    Google Scholar 

  13. 13.

    AlGhamdi R (2012) Diffusion of the adoption of online retailing in Saudi Arabia. PhD thesis, Griffith University, Brisbane, Australia

  14. 14.

    Alfarraj O, Drew S, AlGhamdi R (2012) EGovernment stage model: evaluating the rate of web development progress of government websites in Saudi Arabia. Int J Adv Comput Sci Appl 2(9):82–90

    Google Scholar 

  15. 15.

    Alshahrani MSA, Alsadiq MAJ (2014) Economic growth and government spending in Saudi Arabia: an empirical investigation. Int Monet Fund. https://doi.org/10.5089/9781484348796.001

    Article  Google Scholar 

  16. 16.

    Alharthi A, Alassafi MO, Walters RJ, Wills GB (2017) An exploratory study for investigating the critical success factors for cloud migration in the Saudi Arabian higher education context. Telemat Inf 34(2):664–678

    Article  Google Scholar 

  17. 17.

    Alshehri M, Drew S, Alhussain T, Alghamdi R (2012) The impact of trust on e-government services acceptance: a study of users’ perceptions by applying UTAUT model. Int J Technol Diffus (IJTD) 3(2):50–61

    Article  Google Scholar 

  18. 18.

    Khan KM, Malluhi Q (2010) Establishing trust in cloud computing. IT Prof 12(5):20–27

    Article  Google Scholar 

  19. 19.

    Pearson S (2013) Privacy, security and trust in cloud computing. Privacy and security for cloud computing. Springer, London, pp 3–42

    Google Scholar 

  20. 20.

    Badger L, Bernstein D, Bohn R, De Vaulx F, Hogan M, Iorga M, Mao J, Messina J, Mills K, Simmon E, Sokol A (2014) US government cloud computing technology roadmap. US Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MD

    Book  Google Scholar 

  21. 21.

    Catteddu D (2009) Cloud computing: benefits, risks and recommendations for information security. In: Iberic web application security conference. Springer, Berlin, pp 17–20. https://doi.org/10.1007/978-3-642-16120-9_9

    Google Scholar 

  22. 22.

    Chang V, Kuo Y-H, Ramachandran M (2015) Cloud computing adoption framework—a security framework for business clouds. Future Gener Computer Syst 57(27):24–41

    Google Scholar 

  23. 23.

    Atlam HF, Alassafi MO, Alenezi A, Walters RJ, Wills GB (2018) XACML to build access control policies for internet of things. In: Proceedings of the 3rd international conference on internet of things, big data and security, Madeira, Portugal, pp 253–260

  24. 24.

    Kanday R (2012) A survey on cloud computing security. In: 2012 international conference on computing sciences. IEEE, pp 302–311

  25. 25.

    Kajiyama T (2013) Cloud computing security: how risks and threats are affecting cloud adoption decisions. Doctoral dissertation, San Diego State University, California, USA

  26. 26.

    Latif R, Abbas H, Assar S, Ali Q (2014) Cloud computing risk assessment: a systematic literature review. Future information technology. Springer, Berlin, pp 285–295

    Google Scholar 

  27. 27.

    Ferdous MS, Hussein R, Alassafi M, Alharthi A, Walters R, Wills G (2016) Threat taxonomy for cloud of things. Internet Things Big Data Anal Recent Trends Challenges 1:149–191

    Google Scholar 

  28. 28.

    Cloud Security Alliance (2013) The notorious nine. In: Cloud computing top threats in 2013 CSA, CSA Glob. Staff, pp 1–14

  29. 29.

    Che J, Duan Y, Zhang T, Fan J (2011) Study on the security models and strategies of cloud computing. Procedia Eng 23:586–593

    Article  Google Scholar 

  30. 30.

    Bhattasali T, Chaki R, Chaki N (2013) Secure and trusted cloud of things. In: 2013 annual IEEE India conference (INDICON). IEEE, pp 1–6

  31. 31.

    Jajodia S, Kant K, Samarati P, Singhal A, Swarup V, Wang C (eds) (2014) Secure cloud computing. Springer, New York

    Google Scholar 

  32. 32.

    Jasti A, Shah P, Nagaraj R, Pendse R (2010) Security in multi-tenancy cloud. In: 44th annual 2010 IEEE international Carnahan conference on security technology. IEEE, pp 35–41

  33. 33.

    Lian JW, Yen DC, Wang YT (2014) An exploratory study to understand the critical factors affecting the decision to adopt cloud computing in Taiwan hospital. Int J Inf Manage 34(1):28–36

    Article  Google Scholar 

  34. 34.

    AlGhamdi R, Drew S (2011) Seven key drivers to online retailing in KSA. In: Proceedings of the IADIS international conference on e-Society. Avila, Spain, pp 237–244

  35. 35.

    Wyld DC (2013) The cloudy future of government IT: cloud computing and the public sector around the world. First ACIS/JNU International Conference on Computers. Networks, Systems and Industrial Engineering. IEEE, pp 164–169

  36. 36.

    Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11

    Article  Google Scholar 

  37. 37.

    Rebollo O, Mellado D, Fernández-Medina E, Mouratidis H (2015) Empirical evaluation of a cloud computing information security governance framework. Inf Softw Technol 58:44–57. https://doi.org/10.1016/j.infsof.2014.10.003

    Article  Google Scholar 

  38. 38.

    Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM workshop on cloud computing security. ACM, pp 91–96

  39. 39.

    Mahyar A (2014) The factors that influence on adoption of cloud computing for small and medium enterprises. Master Thesis, Universiti Teknologi Malaysia, Johor, Malaysia

  40. 40.

    Sabi HM, Uzoka F-ME, Langmia K, Njeh FN (2016) Conceptualizing a model for adoption of cloud computing in education. Int J Inf Manage 36(2):183–191

    Article  Google Scholar 

  41. 41.

    Straub DWM, Loch KD, Hill CE (2003) Transfer of information technology to the Arab World. J Global Inf Manage 9:6–28. https://doi.org/10.4018/jgim.2001100101

    Article  Google Scholar 

  42. 42.

    Weerakkody N (2008) Research methods for media and communication. Oxford University Press

  43. 43.

    Sen J (2015) Security and privacy issues in cloud computing. In: Cloud technology: concepts, methodologies, tools, and applications. IGI Global, pp 1585–1630

  44. 44.

    Chang V, Ramachandran M, Yao Y, Kuo YH, Li CS (2016) A resiliency framework for an enterprise cloud. Int J Inf Manage 36(1):155–166

    Article  Google Scholar 

  45. 45.

    Zhang X, Wuwong N, Li H, Zhang X (2010) Information security risk management framework for the cloud computing environments. In: 2010 10th IEEE international conference on computer and information technology. IEEE, pp 1328–1334

  46. 46.

    Yahya F, Chang V, Walters J, Wills B (2014) Security challenges in cloud storage. In: 6th international conference on cloud computing technology and science. IEEE, pp 1–6

  47. 47.

    Saunders M, Lewis P, Thornhill A (2009) Research methods for business students, 5th edn. Pearson, New York

    Google Scholar 

  48. 48.

    Wolf EJ, Harrington KM, Clark SL, Miller MW (2013) Sample size requirements for structural equation models: an evaluation of power, bias, and solution propriety. Educ Psychol Measur 73(6):913–934

    Article  Google Scholar 

  49. 49.

    Revilla MA, Saris WE, Krosnick JA (2014) Choosing the number of categories in agree–disagree scales. Sociol Methods Res 43(1):73–97

    MathSciNet  Article  Google Scholar 

  50. 50.

    Sekaran U, Bougie R (2016) Research methods for business: a skill building approach. Wiley

  51. 51.

    Choudrie J, Ghinea G (2013) Silver surfers, e-government and the digital divide: an exploratory study of UK local authority websites and older citizens. Interact Comput 25(6):417–442

    Article  Google Scholar 

  52. 52.

    Byrne BM (2010) Structural equation modeling with AMOS: basic concepts, applications, and programming, 2nd edn. Routledge

  53. 53.

    Hair JF, Black WC, Babin BJ, Anderson RE (2010) Multivariate data analysis, 7th edn. Pearson Higher Education, London

    Google Scholar 

  54. 54.

    Bentler PM (1990) Comparative fit indexes in structural models. Psychol Bull 107(2):238–246

    Article  Google Scholar 

  55. 55.

    Kline R (2011) Principles and practice of structural equation modeling, 3rd edn. Guilford Press, New York

    MATH  Google Scholar 

  56. 56.

    Wheaton B (1987) Assessment of fit in overidentified models with latent variables. Sociol Methods Res 16(1):118–154

    Article  Google Scholar 

  57. 57.

    Pallant J (2013) SPSS survival manual. McGraw-Hill Education, UK

    Google Scholar 

  58. 58.

    Hooper D, Coughlan J, Mullen MR (2008) Structural equation modelling: guidelines for determining model fit. Electron J Bus Res 6(1):53–60

    Google Scholar 

  59. 59.

    Finkelstein DM (2005) A beginner’s guide to structural equation modeling, 1st edn. Taylor & Francis

  60. 60.

    Tabachnick BG, Fidell LS (2012) Using multivariate statistics, 6th edn. Pearson

  61. 61.

    Hoyle RH (1995) Structural equation modeling: concepts, issues, and applications. Sage

  62. 62.

    Almorsy M, Grundy J, Müller I (2010) An analysis of the cloud computing security problem. 17th Asia-Pacific software enginering confnference (APSEC 2010). Australia, Sydney, pp 7–15

    Google Scholar 

  63. 63.

    Changchit C, Chuchuen C (2018) Cloud computing: an examination of factors impacting users’ adoption. J Comput Inf Syst 58(1):1–9

    Google Scholar 

Download references

Author information



Corresponding author

Correspondence to Rayed A. AlGhamdi.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Alassafi, M.O., Atlam, H.F., Alshdadi, A.A. et al. A validation of security determinants model for cloud adoption in Saudi organisations’ context. Int. j. inf. tecnol. (2019). https://doi.org/10.1007/s41870-019-00360-4

Download citation


  • Cloud security factors
  • Cloud adoption
  • Structure equation modelling
  • Saudi government organisations