Towards a secure infrastructure-as-a-service adoption in emerging economies: evidence from Kenyan organizations

The adoption of Infrastructure as a Service (IaaS) is accelerating across organizations in emerging economies, driven by the need for scalable, cost-efficient, and flexible IT infrastructure. However, persistent security concerns including data breaches, regulatory non-compliance, vendor lock-in, and limited organizational readiness continues to hinder secure adoption, particularly in contexts characterized by evolving regulatory frameworks and constrained cybersecurity capacity. Existing cloud security frameworks such as NIST, ISO/IEC 27001, and the Cloud Security Alliance (CSA) Cloud Controls Matrix provide valuable guidance but remain largely generic and insufficiently adapted to the socio-technical realities of developing environments.
This study addresses this gap by proposing a context-aware security model for IaaS adoption in Kenyan organizations. Drawing on a quantitative research design, data were collected from 150 IT and security professionals across 30 organizations. The study integrates key dimensions like security risk management, governance and compliance, organizational readiness, trust, and user awareness into a unified conceptual framework.
The proposed model extends existing literature by bridging the disconnect between technical security controls and organizational adoption factors, offering a holistic and empirically grounded approach to secure cloud adoption. By contextualizing global security standards to local regulatory and institutional conditions, the study provides actionable insights for policymakers and practitioners seeking to enhance cloud security in resource-constrained environments. The findings contribute to advancing cloud security research in emerging economies and support the development of more resilient and adaptive IaaS adoption strategies.