Data security governance for Software-as-a-Service Cloud computing environment: A South African perspective

Abstract

Abstract Numerous weaknesses, dangers, and risks to the data being distributed in the cloud environment are presented by cloud computing (CC). Data is an asset of all businesses, so all organizations should work to protect its security and integrity, especially those that deal with a lot of data that is generated frequently from many sources. Financial institutions handle a lot of consumer data; therefore, in order to earn the trust of their clients, they must make sure that their data is secure when put in the cloud. Destructive attacks that could result in significant financial losses, legal repercussions, and reputational damage could occur if appropriate safety measures and security governance processes and standards are not implemented. The purpose of this study was to create a data security governance model for the Software-as-a-Service cloud computing environment used by South African financial institutions. A conceptual model was developed based on four theories that served as the foundation for this study: the Technology-Organization-Environment model, information security theory, risk management theory and control and audit theory. This study used a quantitative methodology that involved statistical analysis of data gathered from South African financial institutions. The Krejcie and Morgan's technique was used to choose a sample size of 308 from an available population of 845 respondents. In order to test the proposed hypotheses, critical ratio was used. The results showed that for the development of SaaS cloud computing data security governance, technological factors and top management support are crucial.