Enhancing Information Security in Cloud Adoption: Governance, Risks, and Vulnerabilities in Sri Lankan Organizations

Abstract

Cloud computing has rapidly emerged as a critical infrastructure for organizations seeking to enhance their operational efficiency and scalability. However, the transition to cloud environments brings with its significant security challenges, especially in the context of governance, risk management, and vulnerabilities. The research identifies key variables, including governance frameworks, risk management strategies, organizational readiness, market competition pressures, and cloud service provider selection, and evaluates their impact on information security effectiveness (ISE). Employing a rigorous methodology, which includes Partial Least Squares Structural Equation Modeling (PLS-SEM), the study reveals that governance structures and risk management strategies are critical determinants of ISE. Furthermore, the moderating role of organizational size is emphasized. In addition to identifying these critical factors, the study addresses challenges specific to the Sri Lankan context, such as regulatory compliance and resource constraints, and proposes best practices and mitigation strategies to enhance cloud security. By bridging gaps in the existing literature and offering actionable insights for practitioners and policymakers, this research contributes to the broader discourse on cloud security, providing a foundation for secure and efficient cloud adoption in Sri Lanka.