Repository logo
 

Information Security and Privacy Challenges of Cloud-based Computing: A Government Perspective

Files

Thesis embargoed until 17th December 2026(2.99 MB)

Date

2025

Authors

Supervisor

Gutierrez, Jairo A.
Petrova, Krassie

Item type

Thesis

Degree name

Doctor of Philosophy

Journal Title

Journal ISSN

Volume Title

Publisher

Auckland University of Technology

Abstract

In recent years, cloud computing has changed communications, business, service delivery, and citizen engagement paradigms. The high scalability of cloud computing enables it to provide infinite on-demand computing resources that eliminate the need for hardware provisioning, which makes users enjoy enhanced services. Adopting cloud computing services in government operations is transformative, offering scalability, cost efficiency and improved service delivery. However, as identified from the comprehensive literature review, this transition is often hindered by information security and privacy concerns, with extension to compliance and data sovereignty. This study examined the challenges associated with the government's intention to adopt cloud services, conceptualised the UTAUT model and hypothesised that information security, privacy, governance framework, and performance expectancy significantly influenced the government's intention to adopt cloud services, while perceived risk moderates the identified factors. Quantitative methods were employed to investigate the findings and examine the challenges associated with the government's intention to adopt cloud services. Through a questionnaire survey, 230 valid responses were collected from the participants from Nigeria Ministries, Departments, and Agencies. These responses were analysed through inferential statistical analysis using multiple linear regression analysis to identify the relationship between independent and dependent variables and further test the hypothesis using structural path analysis. These findings reveal that perceived risk has a limited impact on the government's intention to adopt cloud services, while information security, privacy, governance framework and performance expectancy are fundamental factors influencing the government's intention to adopt cloud computing. Further, it underscores the government's need to establish robust cloud security governance frameworks. The findings reinforce the global need by showing that information security and privacy are not just a technical concern but a strategic and governance factor influencing decision-making about cloud adoption intention. Whereas perceived risks are often highlighted in technology adoption theories as a contributing factor, these findings show a shift in the notion that comprehensive governance frameworks and proven security practices could mitigate their influence on government adoption of cloud technology. This research proposes a cloud information security and privacy governance framework (CISPGF) for the government to mitigate these challenges and align cloud adoption with government priorities and regulatory requirements. The framework comprises five pillars: Information Security and Privacy, Governance, Compliance (Evaluation and Certification), Framework Control Objectives/Implementation, and Government Organisation. Each pillar addresses critical aspects of cloud governance, focusing on data sovereignty, securing sensitive data for government and citizens, ensuring compliance with local and international laws and regulations, fostering public trust, and enabling operational resilience. This study contributed to the academic body of knowledge and technical practice by addressing the challenges associated with cloud adoption in government operations and proposed a mitigation mechanism for adoption. The scholarly contribution of the framework enriches the body of knowledge on secure cloud governance, especially from public sector perspectives. Additionally, the technical contributions offer actionable strategic mechanisms for the government to adopt cloud services securely. Together, these contributions bridge the gap between theory and practice, supporting government organisations in achieving secure, transparent, scalable and compliant cloud adoption. This dual contribution makes the study highly relevant for future academic research, government, cloud service providers, and other regulated sectors.

Description

Keywords

Source

DOI

Publisher's version

Rights statement

Permanent link

http://hdl.handle.net/10292/19320

Collections

Doctoral Theses