Cyber Risk Governance Framework for Multi-Cloud Environments: An Empirical Study of Nigerian Organisations
Keywords:
Cloud security framework, Cyber risk management, Governance model validation, Multi-cloud governance, Nigeria Data Protection ActAbstract
The rapid adoption of multi-cloud environments, where organisations simultaneously use two or more cloud service providers, has introduced a complex and layered cyber risk landscape that existing single-cloud governance frameworks are not equipped to manage. This is particularly acute in Nigeria, where banking, education, healthcare, and government institutions are increasingly dependent on cloud infrastructure yet lack a unified governance approach that applies consistently across all providers in use. This study addresses that gap by developing and validating the Cyber Risk Governance Framework for Multi-Cloud Environments (CRGF-MCE), a structured, empirically grounded, and mathematically validated governance model. A descriptive survey design was adopted, and a structured 33-item questionnaire was administered to 100 respondents drawn from Nigerian organisations operating multi-cloud environments across multiple sectors. Three differentiated Likert-type scales were used across five thematic sections covering cloud adoption, cyber threat monitoring, governance structures, risk controls, and governance challenges. A one-sample t-test was applied to test the hypothesis that significant cyber threats exist in multi-cloud environments. The hypothesis test produced a t-statistic of 17.09, far exceeding the critical value of 1.645 at α = 0.05, confirming the significant presence of seven threat categories, including misconfigurations, IAM weaknesses, insider threats, and unified visibility gaps. The CRGF-MCE was developed, comprising five integrated components and four governance layers, namely Identity and Access Management, Logging and Monitoring, Compliance Enforcement, and Policy Orchestration and was validated with a Model Validation Score of 0.7743. The framework provides Nigerian organisations with a replicable, scalable, and continuously adaptive governance system for multi-cloud environments.
References
A. R. Khan and L. K. Alnwihel, “A brief review on cloud computing authentication frameworks,” Engineering, Technology and Applied Science Research, vol. 13, no. 1, pp. 9997–10004, Feb. 2023.
Thales, “2023 Thales global cloud security study-global edition,” Thales Group Industry Research, 2023.
F. Ogene, “Cybersecurity and IT governance challenges in Nigeria: Strategic investment needs and the path forward for a resilient digital economy,” International Journal of Computer Applications, vol. 186, no. 55, pp. 41–46, Dec. 2024.
S. V. Ugbedeojo, “Data protection and compliance in Nigeria: Challenges and opportunities,” SSRN Electronic Journal, 2025.
Cloud Security Alliance, “Top threats to cloud computing: Pandemic eleven,” CSA Research Report, 2022.
N. W. Antwi, “Threat detection in multi-cloud environments,” in Ensuring Secure and Ethical STM Research in the AI Era, H. M. Zangana and M. Omar, Eds., IGI Global, 2025, pp. 111–190.
A. Fernanda, M. Huda, and A. R. Fadri Geovanni, “Application of learning cloud computing technology (cloud computing) to students in higher education,” International Journal of Cyber and IT Service Management, vol. 3, no. 1, pp. 32–39, Mar. 2023.
A. O. Akinade, P. A. Adepoju, A. B. Ige, and A. I. Afolabi, “Cloud security challenges and solutions: A review of current best practices,” International Journal of Multidisciplinary Research and Growth Evaluation, vol. 6, no. 1, pp. 26–35, Jan. 2024.
K. Stouffer, T. Zimmerman, C. Tang, J. Lubell, J. Cichonski, M. Pease, and J. McCarthy “Cybersecurity framework version 1.1: Manufacturing profile,” U.S. Department of Commerce, National Institute of Standards and Technology, 2020.
ISO/IEC 27001:2022, Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements, 3rd ed. Geneva, Switzerland: International Organization for Standardization and International Electrotechnical Commission, 2022.
Cloud Security Alliance, “Cloud controls matrix version 4.0,” CSA Publications, 2023.
K. G. Hartman, “SANS 2023 multi-cloud security survey: Navigating the complexities of Multiple Clouds,” SANS Institute, Dec. 2023.
A. Yeboah-Ofori, A. Jafar, T. Abisogun, I. Hilton, W. Oseni and A. Musa, “Data security and governance in multi-cloud computing environment,” 2024 11th International Conference on Future Internet of Things and Cloud (FiCloud), Vienna, Austria, 2024, pp. 215–222.
W. Dashti, A. Sajid, A. Jahangeer, and A. Zafar, “Security challenges over cloud environment from service provider prospective,” Cloud Computing and Data Science, pp. 12–20, Apr. 2020.
M. Soori, B. Arezoo, and R. Dastres, “Virtual manufacturing in industry 4.0: A review,” Data Science and Management, vol. 7, no. 1, pp. 47–63, Mar. 2024.
J. L. Salas-Riega, Y. Riega-Virú, M. Ninaquispe-Soto, and J. M. Salas-Riega, “Cybersecurity and the NIST framework: A systematic review of its implementation and effectiveness against cyber threats,” International Journal of Advanced Computer Science and Applications, vol. 16, no. 6, Jan. 2025.
H. S. Lallie, L. A. Shepherd, J. R.C. Nurse, A. Erola, G. Epiphaniou, C. Maple, and X. Bellekens, “Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic,” Computers & Security, vol. 105, pp. 1–20, Jun. 2021.
A. Klinke and O. Renn, “Adaptive and integrative governance on risk and uncertainty,” Journal of Risk Research, vol. 15, no. 3, pp. 273–292, 2012.
M. Vanitha, M. Navya Patel, K. Madhumitha, J. Sathvika, “Enhancing insider threat detection in cloud environments through ensemble learning,” International Journal of Communication Networks and Information Security, vol. 16, no. 5, pp. 638–647, Dec. 2024.
F. Paul, “HashiCorp state of cloud strategy survey 2022: Multi-cloud is working,” HashiCorp Research, 2022.
Virtana, “State of multi-cloud management report,” Virtana Research, 2022.
ISACA, “Cloud governance and risk management,” ISACA Research Report, 2024.
T. O. Abe, I. S. Akinadewo, O. I. Oluwagbade, O. O. Efuntade, and M. E. Dagunduro, “Risk management committee practices on sustainability accounting practices among listed Nigerian non-financial companies,” Asian Journal of Economics, Finance and Management, vol. 7, no. 1, pp. 1092–1105, Oct. 2025.
M. S. M. Arifin, S. Md Radzi, N. A. M. M. Nawi, M. R. M. Rosman, and N. A. Alimin, “Cybersecurity threats among SMEs in Malaysia: Risks and challenges,” Journal of Information and Knowledge Management, vol. 15, no. SI1, May 2025.
B. A. Buhari, B. S. Muhammad, B. A. Bodinga, and M. D. Sifawa, “Adoption of cloud computing by IT based small and medium scale enterprises in Northwestern Nigeria,” International Journal of Advanced Networking and Applications, vol. 13, no. 5, pp. 5119–5127, 2022.
M. Waqdan, H. Louafi, and M. Mouhoub, “Security risk assessment in IoT environments: A taxonomy and survey,” Computers & Security, vol. 154, Jul. 2025.
Y. W. Hong, T. S. Teck, L. S. Geok, R. T. Fernandez, M. Tesaloti, C. H. Liau, and S. M. Fahim, “Digital governance frameworks and transparent institutions: A business-driven approach to accountable institution development in sustainable public administration,” Lex localis - Journal of Local Self-Government, vol. 23, no. S5, pp. 1629–1640, Aug. 2025.
T. Yamane, Statistics: An Introductory Analysis, 2nd ed. New York: Harper and Row, 1967.
H. El-Sofany, S. A. El-Seoud, O. H. Karam, B. Bouallegue, and A. M. Ahmed, “A proposed secure framework for protecting cloud-based educational systems from hacking,” Egyptian Informatics Journal, vol. 27, Sep. 2024.
A. Ukil, A. D. Sarkar, and D. Jana, “Security policy enforcement in cloud infrastructure,” Computer Science & Information Technology (CS & IT), pp. 1–9, Sep. 2013.
J. O. Oyeniyi and O. A. Oyeniran, “Optimizing information security in cloud environments: A risk management approach and guide for enterprise cloud security,” Journal of Cybersecurity Education, Research and Practice, vol. 2025, no. 1, May 2025.
J. Osakwe and I. Haitula-Waiganjo, “Data security and compliance through effective data governance,” International Journal of Information Security, vol. 4, no. 1, pp. 69–97, Apr. 2025.
