A data security model for Software-as-a-Service cloud computing environment: A case of financial institutions in South Africa.
Dibetle, Masego Prudence
Dibetle, Masego Prudence
Citations
Altmetric:
Abstract
Cloud computing (CC) presents several vulnerabilities, threats, and risks of the data that is being deployed in the cloud environment. Data is the most important asset of all organizations, hence its security and integrity should be preserved in all organizations especially those dealing with voluminous and highly generated data from various sources. Financial institutions work with many customers’ information. Such institutions must ensure that their data is safe if deployed in the cloud, thus gaining customers’ trust. Failure to put necessary safety measures and security governance protocols and standards in place could result in destructive attacks that could lead to huge financial losses, legal implications,
and undermining of reputation. This implies that data governance is essential for any organization more especially for those who seeks to migrate their data in the cloud environment. Much as this is so, literature indicates that there are few standardized approaches for providing data security in the cloud computing environment, especially with financial
institutions that are interdisciplinary, cross-sectorial, multinational, multi-site complex operational environments, and that deal with huge data and depend on information for their day-to-day operations. This study sought to design a data security governance model for the Software-as-a-Service cloud computing environment in the South African financial institutions. Four theories of the technology-organization-environment (TOE) model − information security theory, risk management theory, and control and audit theory were discussed and formed a basis on which the conceptual model of the study was designed. Based on the conceptual model and the reviewed literature a close-ended questionnaire was designed and used to collect data from South African financial institutions that analysed quantitatively. Simple random sampling was used to collect data from 308 respondents that had been determined by Krejcie and Morgan's technique from a finite population of 845. Being that the questionnaire was to be distributed online using Google form link, an inclusive criteria was used to determine the respondents that were to be selected for the simple random sampling of the distribution of the questionnaire. Collected data was analysed using descriptive and inferential statistics. Results of the study indicated that technological aspects and top management support are essential for data governance in the SaaS cloud computing as their contribution towards the overall model’s prediction was highly significant. The results shown of the study indicate that the overall prediction of the conceptual model for the SaaS
cloud DSG to improve competitiveness in financial institutions is 67.4% (R2 =.674). When the SaaS cloud DSG is properly analysed, the combination of the TOE framework, information security framework, risk management framework, and control and audit framework contributes 67.4% to the forecast of competitiveness. This study contributes to the theoretical ongoing debate of data governance in the cloud computing environment. This implies that future researchers can leverage the empirical findings of this study to extend research in data governance in cloud environment. Further still, the designed model for the study when evaluated and validated will be used for the implementation of data governance practices in the cloud environment. By doing so, this study will be making a significant practical contribution. Due to the Covid-19 constraints of lockdown in which situation this study was conducted, data collection only focused on financial institutions that were mostly banks whereas financial institutions also include those that provide services such as insurance, credit unions and loan associations. Therefore, this study recommends that future research to widen the scope of data collection to include credit unions, loan associations, medical aid associated and/or other financial institutions dealing with voluminous data on a day-to-day basis in order to have a good generalization of the study’s findings.
Description
Submitted in fulfilment of the requirements for the degree Master of Computing: Informatics in the Department of Informatics
Faculty of Information and Communication Technology
Tshwane University of Technology
Date
2022-08-15
Journal Title
Journal ISSN
Volume Title
Publisher
Tshwane University of Technology
Collections
Research Projects
Organizational Units
Journal Issue
Keywords
Cloud computing, Technology-organization-environment (TOE), Vulnerabilities, Risks, Data governance