Information Security Governance, Risks and Vulnerabilities in Cloud Adoption: A Systematic Literature Review of Sri Lankan Organizations

Abstract

Cloud computing has emerged as a transformative technology for organizations globally, offering exceptional scalability, flexibility, and cost-efficiency. However, the migration to cloud environments presents substantial security challenges, particularly for Sri Lankan organizations struggling with a unique regulatory landscape and limited cybersecurity infrastructure. This systematic literature review evaluates the governance frameworks, risk management strategies, and vulnerabilities associated with cloud adoption, using the PRISMA methodology. It highlights the role of tailored governance models such as COBIT 5 and ISO/IEC 27001, along with advanced security practices like encryption, multi-factor authentication, and continuous monitoring. Additionally, the review examines the impact of the COVID-19 pandemic, which accelerated cloud adoption but exposed organizations to heightened risks due to rushed implementations and expanded attack surfaces. Furthermore, this study emphasizes cultural and organizational factors, the evolving regulatory landscape, and sustainability concerns, proposing strategies for Sri Lankan organizations to balance secure cloud adoption with environmental objectives. By synthesizing key findings, this review offers actionable insights to help Sri Lankan organizations secure cloud adoption, ensuring regulatory compliance and robust information security while leveraging the technology's full potential.