About the Author(s)

Viresh Moonasar symbol
School of Business Leadership, University of South Africa, Midrand, South Africa

Visvanathan Naicker Email symbol
Department of Business and Information Administration, Faculty of Business and Information Management, Cape Peninsula University of Technology, Cape Town, South Africa


Moonasar, V., & Naicker, V., 2020, ‘Cloud capability maturity model: A study of South African large enterprises’, South African Journal of Information Management 22(1), a1242. https://doi.org/10.4102/sajim.v22i1.1242

Original Research

Cloud capability maturity model: A study of South African large enterprises

Viresh Moonasar, Visvanathan Naicker

Received: 23 Apr. 2020; Accepted: 02 Sept. 2020; Published: 27 Nov. 2020

Copyright: © 2020. The Author(s). Licensee: AOSIS.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Background: The adoption of cloud services can enable enterprises to realise improved cost structures, agility and productivity, yet the rate of adoption has been measured. Despite the benefits of cloud computing and the fact that the overall adoption of public cloud services is gaining momentum, South African large enterprises are cautious in adopting the services of cloud service providers because of perceived challenges of cloud adoption.

Objectives: The objective of this study was to examine how do South African large enterprises assess and advance their cloud readiness and maturity such that cloud service practices contribute positively to business efficiency and agility whilst mitigating against the perceived risks of cloud computing.

Method: This research employed a qualitative approach using in-depth interviews. Sixteen South African large enterprise cases were studied by interacting with respondents associated with cloud decision-making. Data were collected from specific cases, utilising non-probability sampling.

Results: Reinvention of the organisation can be enabled through the advanced, integrated cloud and analytic features available through the global public cloud providers such as artificial intelligence and machine learning. A cloud maturity framework and a cloud capability maturity model to optimise and advance cloud maturity status are presented.

Conclusion: This article guides information technology (IT) managers to achieve an optimal cloud maturity status level using a proposed cloud capability maturity model. The cloud framework developed in this study will assist IT managers and decision-makers to use evidence-based management principles to determine their maturity of cloud adoption.

Keywords: cloud maturity; cloud service model; cloud capability maturity model; cloud service provider.


According to Moonasar and Naicker (2018), large enterprises could use frameworks to assess their readiness and maturity of cloud services adoption. This research builds on those concepts and presents the qualitative interview data analysis and results of the study by Moonasar (2019).

The benefits of cloud services adoption by large enterprises include the following: enablement and realisation of improved cost structures, greater agility and improved productivity. These cloud adoption benefits have resulted in an acceleration of cloud service implementation by large enterprises (Moonasar 2019). Cloud services are also a key component of the value chain of emerging technologies such as the Internet of Things (IoT). Cloud, as a technology and a platform, is also rapidly evolving. For example, a novel Cloud IoT paradigm is described by Botta et al. (2016), where Cloud and IoT are merged as disruptive and as an enabler of future application scenarios. The problem is that despite the benefits of cloud computing (CC) and the fact that the overall adoption of public cloud services is gaining momentum, South African large enterprises are cautious in adopting the services of local cloud service providers because of perceived challenges of cloud adoption. Many of the respondents, who were interviewed during this study, confirmed this view (Moonasar 2019).

The main research question is, ‘how do South African large enterprises assess and advance their cloud readiness and maturity?’ The key benefits of mature cloud service practices are their positive contribution to improved business efficiency and agility. In addition, optimising cloud maturity mitigates the perceived risks of CC.

Although the features and proficiencies of CC ‘have been widely discussed, entry into the cloud is still lacking in terms of practical, real frameworks’ (Bildosola et al. 2015:1). There are limitations associated with existing technology adoption theories that limit their suitability in assessing an organisation’s propensity to adopt new technologies. The technology acceptance model (TAM), diffusion of innovation (DOI) theory, the technology, organisation and environment (TOE) framework, resource dependency theory (RDT) and the information technology (IT) governance model are useful theories associated with technology adoption. However, each of these models has inherent limitations when applied to cloud adoption. The TAM focuses on the perceived usefulness and the users’ perceived use of the technology being adopted. Diffusion of innovation theory, developed in 1962, originated in communication to explain how technology innovations or a product gains momentum and is adopted by an organisation. Innovation, through the use of cloud technology, enables organisations to reinvent their business models. The TOE framework focuses on technology and organisational and environmental impacts of technology adoption on an organisation. Resource dependency theory evaluates the impact of an organisation’s dependency on critical resources. The key aim of the IT governance model is improved IT governance and risk management.

This research proposed a cloud capability maturity model (CCMM), for organisations based on the relevant constructs of each of these theories. It also presents the feedback from the industry participants on the CCMM model. This research proposes an adapted model, to assist chief information officers (CIOs) and IT managers to assess and progress their readiness and maturity of cloud adoption. Managers of large enterprises can use evidence-based principles as a basis for practices to close the ‘research-practice gap’ (Conway & Curry 2012).

A framework or model is needed to determine the state of readiness and maturity of South African enterprises to either initiate or accelerate the adoption of local cloud provider services. Improved maturity of existing cloud-service practices or new adoption of cloud services could improve business productivity and profitability. The output of this qualitative research is a CCMM that guides organisations to evolve their cloud maturity. This maturity model is the result of the survey conducted with the industry participants.

Therefore, the purpose of this research is to improve the understanding of the particular business or management problem of assessing the readiness, and therefore maturity to adopt CC technology.

Literature review

The findings of the literature review support the need for a cloud maturity model to guide large enterprises.

Cloud computing

There is no single, widely adopted definition of CC (Basson 2014). Gartner (2020:1) and National Institute’s (NIST) commonly referenced definitions of CC are described here, according to which CC is: ‘[a] style of computing where scalable and elastic IT-enabled capabilities are delivered as a service to external customers using Internet technologies’. The National Institute defines that (Mell & Grance 2011):

[C]loud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (i.e. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (p. 50)

Gartner and Durao et al. (2014) specifically define cloud services as those services that are consumed over the Internet. Whilst this is commonly the case with public cloud services, cloud services can also be retrieved through dedicated or assured rate access links. Dedicated access links may be preferred over public Internet links because of contracted Service Level Agreements for uptime and throughput. Public cloud service providers such as Amazon Web Services (AWS) and Microsoft Azure have also augmented best-effort Internet access with their Direct Connect and Express Route services, respectively. These global cloud service providers are currently the leading service providers of Infrastructure as a Service (IaaS) cloud service worldwide. Microsoft has only launched a data centre in the African continent in 2019 and AWS has announced an imminent launch. This offers South African enterprises more choices of cloud configurations, making the need for a governing framework even more relevant.

The IoT is a fresh approach, relying on the communication of smart devices (things) with each other and with cloud resources through the Internet (Cavalcante et al. 2016). The emergence of these innovative technologies should not be viewed as competitive technologies to CC. Cloud computing is an enabler of these technologies (Han et al. 2015). Cloud services are an integral part of the IoT value chain.

This research, therefore, focuses on the cloud maturity assessment of 16 South African large enterprises. Whilst many enterprises have an understanding of server virtualisation implementations, they may not be procedurally ready for cloud deployment (Alvarez 2012). Large organisations could face greater challenges with cloud services adoption as they are associated with larger, complex and integrated IT infrastructure and processes (Nasir & Niazi 2011).

Cloud computing is consequently a developing concept (Chihande 2015). Maturity models are accordingly required to guide enterprises through the various stages of cloud maturity. The use of cloud maturity models will benefit enterprises to evolve to an optimal state of maturity by considering best practices. This model allows an organisation to examine its current capabilities and characteristics (descriptive), list and recommend actions (prescriptive), and enables comparisons with peers in similar industry verticals by benchmarking their status (Weiss et al. 2013).

This research proposes that readiness to adopt cloud services is based on adherence to best practices (guided and derived through theory). Therefore, the propensity to adopt specific cloud service models will determine the cloud maturity of an organisation. An enterprise’s cloud adoption can be complex, as described by Trivedi (2013:3): ‘Cloud Computing adoption requires that organisations have readiness on multiple dimensions including Governance, Process Analysis and Improvement, Application Rationalisation and Modernisation, and Hardware and Software Standardisation’.

Readiness typically determines the degree of cloud adoption by enterprises. Key indicators of a cloud adoption journey include Proof of Concepts (PoCs) of infrastructure services, virtualisation of user desktop and the use of platform and software as services. The enterprise cloud adoption journey is usually a phased approach spanning multiple 5-year plans.

Enterprises adopt cloud services and technologies at different points in time because of differences in their readiness for cloud adoption. The approach of cloud service adoption also varies from using the cloud as complementary to existing IT systems to the cloud as a total replacement strategy. Cloud computing and cloud service adoption is, therefore, dynamic and requires guidelines and best practices (Conway & Curry 2012). Besides, different enterprises are at several varying stages of cloud adoption. These enterprises need guidelines and best practices to progress through the stages of cloud maturity, that is, from an initial state to a preferred optimal state.

This research has concentrated on the CCMM as it is the most broadly recognised maturity model (Weiss et al. 2013). The CCMM also provides for enhanced complexity and focus on organisational processes and procedures, making it a suitable choice for a cloud adoption maturity model (Duarte 2013).

Key themes identified in the literature review

Cloud adoption is a complex process. There are multiple definitions of CC and various service and deployment models. The benefits of CC are also accompanied by real and perceived challenges to the enterprise. The various available technology adoption models have inherent advantages and disadvantages. The theoretical framework of this research was generated by applied advantages of these available frameworks: TAM (Davis 1989), DOI (Rogers 2003), IT governance framework (Weill & Ross 2005), TOE (Tornatzky & Fleischer 1990) and RDT (Boyd 1990).

The proposed model leverages the advantages of the well-known theories of technology adoption to best suit cloud adoption by large organisations. The proposed conceptual model of this study is aimed at an organisation rather than an individual level of technology or cloud adoption. The specific contexts of the market or industry in terms of technology, environment and social systems of the DOI model (MacVaugh & Schiavone 2010) render it more relevant to cloud adoption than the TAM (which is focused on technology adoption by individuals).

The constructs of this framework are, therefore, not the generic constructs of existing models but have been adapted to create a model that guides cloud adoption. Cloud adoption is contextual as it could be affected by various factors, for example, the location of the physical cloud infrastructure; the performance of the cloud service provider (CSP) infrastructure; connectivity characteristics such as latency, bandwidth costs and availability of access links/bandwidth to corporate offices that need connectivity to the CSP, compliance and support of emerging technology. Specific regulation compliance requirements such as data sovereignty or performance (latency) may also govern which cloud services need to be adopted by specific enterprises (Alharthi et al. 2015), for example, Protection of Private Information Act (POPI).

The major CSPs usually leverage lower operating costs by building their mega data centres in remote locations that offer cheaper land and electricity facilities. Customer premises and users can therefore be located thousands of kilometres away. The performance impacts are negligible and the economies of scale benefits are great for long-term, rarely accessed gigantic volumes of archival data. However, for many modern business applications, public clouds located far away hamper the required real-time responsiveness of more frequently accessed and performance-sensitive workloads (Rubin 2015).

A local CSP could offer the required lower latency cloud services. This could be the smart solution for organisations seeking scalability, agility and pay-as-you-use features of CSPs. Whilst small companies simply access cloud services over the Internet, larger enterprises and government agencies have established their private cloud capabilities and complex intranets (Lecklider 2017).

There could be great optimisation and risk mitigation benefits for large enterprises that assess their cloud maturity using a maturity model. This could reverse the current status in South Africa, where small and medium enterprises (SMEs) have adopted more public cloud services than larger enterprises (Pieterse 2013).

Conceptual model

The framework shown in Figure 1 has been developed using the relevant constructs of technology adoption theories, for example, DOI, TOE, RDT and the IT governance theory.

FIGURE 1: Conceptual framework for the cloud capability maturity model.

These are the input variables of the cloud adoption maturity model. Each of the cloud service models is assessed individually to achieve the desired business goals of efficiency and agility. This model has been adapted from a previous study on cloud adoption using the TOE theory by Lal and Bharadwaj (2016). This model was conceptualised as the theoretical basis of the survey questionnaire and the resultant CCMM.

The conceptual model proposed in this research utilises the DOI theory constructs as a subset of the independent variables. The very definitions of the constructs of the DOI model reflect its inherent subjectivity.

The Relative Advantage construct is defined as the ‘degree to which an innovation is perceived as being better than the idea it supersedes’, whilst Complexity is defined as the ‘degree to which an innovation is perceived to be relatively difficult to understand and use’ (Rogers 2003:15). These constructs are dependent on the perception of individuals and organisations that make them subjective.

The RDT of the proposed conceptual model also uses the construct of the organisation’s trust in the CSP. Trust is a rich and complex mental attitude. Castelfranchi and Falcone (2000) argue in support of a perceptive understanding of trust based on an intricate mix of beliefs and values. Therefore, the RDT also contributes an additional subjective component to the conceptual model of this study.

As depicted in Figure 1, the independent variables of this study are the constructs of the DOI, TOE, RDT and IT governance theories. Relative Advantage, Complexity, Trialability, Compatibility and Reinvention are key constructs of DOI (Sahin 2006) that diffuse innovative technology through a social system or organisation (Rogers 2003). Innovation, through cloud adoption, could result in the organisation gaining a relative advantage over their competitors.

These levels of complexity of cloud solutions and compatibility with existing systems influence the level of the new technology adoption by the organisation. Some innovative technologies that have been incorporated are Artificial Intelligence (AI) IoT and the concepts of Fogging and Mist.

The cloud is a core component of the IoT value chain. The platform, software operating systems, applications and analytics (machine language) are usually hosted in the cloud (Taivalsaari & Mikkonen 2015) using IaaS, Platform as a Service (PaaS) and Software as a Service (SaaS).

The conceptual model of this study proposes that the readiness and therefore the propensity to adopt specific cloud service models will determine the cloud maturity of an organisation. According to Rightscale (2016), there are four stages of cloud maturity:

  • Cloud watchers: these organisations are planning, evaluating and strategising but are yet to adopt any cloud services.
  • Cloud beginners: beginner organisations have recently started cloud adoption projects or are testing proofs-of-concept. This newly acquired knowledge and experience regulate which forthcoming projects could be deployed in the cloud.
  • Cloud explorer: explorers have several applications already implemented in the cloud. The focus of these organisations is on scaling and moving more projects to the cloud.
  • Cloud focused: focused businesses are committed to cloud users that aim to optimise business efficiency and agility through the cloud.

The operational performance of cloud platforms and software, contextual organisational characteristics (top management support and organisation size) and unique environmental dynamics (regulatory and corporate compliance, availability and ability of CSPs in South Africa and the geographic location) are examined as the constructs of the TOE theory. Information technology governance theory and the RDT contribute risk mitigation by evaluating impacts of control over crucial resources that impact business operations. The alignment of IT and the use of the cloud to business goals are crucial.

This framework aims to enable large enterprises to evolve their cloud maturity level. The propensity of the enterprise to adopt specific cloud service models (e.g. IaaS, PaaS and SaaS) is related to enhanced cloud maturity levels. This framework supports enterprises to assess their current cloud maturity level and proposes activities to advance to an optimised state. Cloud readiness and adoption thus facilitate not only business efficiency but also business transformation.

The outputs of the research and framework are business efficiency and agility that ultimately lead to business transformation. The IT governance model supports this business transformation by an alignment of IT (cloud) to business objectives. The constructs of the framework presented in Figure 1 define the domains and levels of the CCMM. The CCMM is the recommended guide for enterprises.

Research methods and design

The research methodology supports and validates the proposed conceptual framework by exploring participants’ perceptions towards the adoption of CC and the cloud maturity of their organisation. The literature review suggests that understanding cloud adoption decision-making in organisations is a complex endeavour and therefore requires a multi-approach depending on the problem context (Bayramusta & Nasir 2016).

The constructivist or interpretive paradigm is suitable for this research because of different worldviews that specific decision-makers in an organisation may have regarding cloud adoption. The interpretive paradigm was, therefore, adopted for this research based on the reasoning that business, management, organisational behaviour and business situations are complex, unique and contextual.

The five features of the qualitative research approach, as defined by Yin (2011), were found suitable in studying cloud maturity and adoption. This research on cloud adoption readiness and maturity was subjected to both deductive and inductive reasoning and utilised theory testing by ‘pattern matching’ as a deductive procedure of this qualitative research (Yin 2009).

The interviews were personally conducted. A pilot study assisted in testing and refining the final study data collection procedures, instruments and analysis strategies. A funnel approach was recommended as the most typical and effective approach in constructing an interview or discussion guide.

The units of analysis of this research were South African large enterprises. These organisations were represented by CIOs, IT managers and technical/IT employees. The units of observation were CIOs and IT managers who helped the researcher understand their organisation’s cloud adoption readiness and maturity. This research used a non-probability sampling method. Therefore, although inferences to the population can be made, these cannot be made on a statistical basis.

The number of interviewees or participants included in this research was guided by the study of Creswell (2013), Guest et al. (2006) and Lal and Bharadwaj (2016). A homogeneous population (Guest et al. 2006) recommends a sample size of 12 qualitative interviews, whilst phenomenology studies typically contain 3–10 interviews. Sixteen interviews were conducted for this research.

Data analysis

The sample frame consisted of 33 individuals from 33 different large enterprise organisations, which were invited to participate in the study. A purposive sampling technique was utilised to generate a sample of accessible, cooperative organisations that may be interviewed or used as part of a case study.

This sampling technique is supported by Yin (2011:88) as follows: ‘[i]n qualitative research, the samples are likely to be chosen in a deliberate manner known as purposive sampling’.

Figure 2 shows that there were a total of 16 research participants (accepted interviews), resulting in a response rate of 48.49%. The average age of the participants was 42.63 years, with a standard deviation of 5.28 years.

FIGURE 2: Age distribution of the study participants.

This is an indication that the participants have considerable experience about and insights into the IT and business management environments. The minimum age of the participants was 36 years and the maximum age was 54 years.

Figure 3 shows that the respondents had a minimum of 11 years and a maximum of 30 years of IT experience.

FIGURE 3: Years of experience of the study participants.

Different industrial sectors were interviewed. There were five sectors and eight subsectors. The sectors included in this study were Construction, Finance and Business, Manufacturing, Retail and Motor Trade and Repair Services, and Transport, Storage and Communications. The Logistics and Supply Chain subsector is one of the dominant sectors in KwaZulu-Natal (KZN) province, where most participating organisations are based. Two participants represented enterprises based in the Western Cape province and a further two represented organisations from Gauteng. The remaining 12 organisations have headquarters in KZN.

Emergent codes

This research defined codes that were used to annotate the interview data. These codes were determined from the literature review and the proposed conceptual model shown in Figure 1. Forty-three unique codes were numbered, named and described from feedback presented by the research participants. There was an original list of 37 a priori codes and a resultant of six emergent codes. The emergent codes are shown in Table 1. These are additional contributions to the study identified during the interview of the industry experts.

TABLE 1: Emergent code list.
Codes, categories and themes

There were a total of 740 sections of data that were coded. Features and Functionality, Lower Costs and Latency were the codes that appeared with the highest frequencies of 68, 51 and 43 occurrences, respectively. The frequency of categories and themes that were established from the codes are important as it is the data that inform the CCMM proposed in this research.

Codes were grouped into categories. Categories were then grouped further into themes. These themes are presented in Table 2.

TABLE 2: Themes, categories and codes.
Ethical consideration

Ethical clearance was obtained from the Graduate School of Business Administration, University of South Africa, in November 2017 (Clearance number: 2017_SBL_DBL_024_FA).

Results and discussions

Due to the voluminous nature of the verbatim responses, this information may be requested from the authors.

Organisations have differentiated plans and processes for the adoption of different cloud service models (i.e. IaaS, PaaS and SaaS) and deployment models (i.e. Public, Private and Hybrid cloud).

The interview data show that innovation within an organisation is a key driver of cloud adoption. These findings were supported by the DOI theory and specifically the findings from the DOI sub-category of Reinvention within the DOI theme of this study. This DOI theme had the highest number of emergent codes that were not part of the a priori code set. Innovation through new features and functionality through the cloud, mobility, skills required and specialisation provided by cloud providers are key considerations for CC. The responses were consistent with the Gartner Hype Cycle (Gartner 2015a), which shows that the adoption of Hybrid cloud will reach its plateau in only 2–5 years (between 2017 and 2020).

Local data centres are preferred to international data centres because of compliance. Data privacy, risks and security are key compliance issues that could be mitigated by the adoption of cloud services from South African CSP. Performance requirements of the cloud are key considerations when choosing a cloud service provider, for example, latency. Bandwidth, dedicated links, Internet links and latency are some of the key factors that affect an organisation’s performance of cloud-based systems. Most organisations have experience with concepts and practice of server virtualisation, but they are not ready for cloud deployment (Alvarez 2012). Large organisations with widespread IT assets and intricate IT processes find it difficult to adopt cloud services (Nasir & Niazi 2011). The reinvention of the organisation through CC is, therefore, a maturing concept (Chihande 2015).

Performance requirements of different enterprise workloads are impacted by the type of cloud access link (either dedicated access links (with SLAs) or Internet links to the cloud). Global data centre presence in South Africa will drive the organisational adoption of cloud, for example, Microsoft. Support for this proposition is validated through multiple themes and categories. The reinvention of the organisation can be enabled through the advanced, integrated cloud and analytic features available through the global public cloud providers. Data privacy and performance of the platform because of latency are also key constructs that will be addressed by a local presence in South Africa. Remote access to organisational cloud systems is an important characteristic of the cloud. The growth and proliferation of Apple iPhone Operating System (iOS) and Android smart devices have made a major impact on the consumer and commercial world. Information technology organisations have had to adopt this novel technology and allow devices to connect to the corporate network (Tsalis & Gritzalis 2014).

The decision to migrate the enterprise data centre to the cloud is impacted by the structure and size of South African large enterprises. Multinational organisations, staff diversity, executive support (top down) and the size of the organisation need to be considered when migrating or migrated to the cloud. Mode 1 and Mode 2 traits were observable in most of the organisations interviewed. Enterprise IT organisations usually divide their focus between efficiency (lower costs) and agility, referred to as Mode 1 and Mode 2, respectively, by Gartner (Aden 2015). Agile (digital) businesses have a greater impact on the customer experience and general company success. This agility is achieved by the ability to deploy innovation swiftly through services that enable agility (Gartner 2015b):

[T]raditionally, infrastructure has been built for Mode 1 of bimodal IT, and designed for resiliency and repeatability. Infrastructure for business agility is Mode 2-focused and demands rapid scalability, agility and versatility. (p. 1)

Cloud was initially used primarily for Mode 2 innovative projects but Forbes analyst Ruckle (2015:1) points out that IT wants ‘everything in the cloud’.

Organisations are rethinking infrastructure strategy, emphasising integrated systems. Mode 2 innovation requires executive buy-in to enable agility, scalability and responsiveness to rapidly changing market in digital business. ‘It seems clear that enterprise IT organisations have not abandoned [the] so-called Mode 1 IT delivery, but it’s also apparent that Mode 2 is coming on strong’ (Aden 2015:1). The cloud migration decision is driven by the South African environment (e.g. power stability and bandwidth costs). The benefit of stable electricity as well as reducing the energy liability of IT services by modernising hardware infrastructure through virtualisation, using energy efficiency through advanced CSP hardware technology, reducing costs with a pay-as-you-go structure and reducing the data centre footprint through new data centre designs is an attractor of the cloud. There were 19 codes identified from the interviews that supported this finding.

South African large enterprises view cloud service providers to be reliable and trustworthy. The construct of CSP trust showed that the research participants perceived that there are reasonable availability and quality of CSPs in South Africa. This view that the diffusion of innovation is affected by technology, environment and social systems in the specific context of market or industry is supported by MacVaugh and Schiavone (2010). Cloud computing is a specific complex adoption of IT that would also be subjected to the problem context as perceived by the relative stakeholders (Jokonya, Kroeze & Van Der Poll 2012). There is a preference for local CSPs because of data governance and data control. There were 106 codes identified from the respondent interviews that supported this finding. The main driver of cloud adoption of organisational flexibility is valid for different workloads, different organisational levels and certain enterprises. Chief executive officers and CIOs of digital businesses may choose cloud for business agility, whilst IT managers may opt for cloud because of operational efficiencies. The interview data reflected 64 responses coded as the category ‘Mode’, which supports this finding.

Organisations perceive South African cloud vendors to lock them in once they migrate. The participants had concerns that once cloud services had been adopted, there would be challenges with changing providers or the services model. The view that a ‘lack of formally agreed standards raises the risk of vendor lock-in making it difficult for users to move their data to the most cost-effective provider’ is supported by Yang et al. (2014:444). None of the organisations interviewed had any formal exit contracts with their CSPs. A formal exit contract could help mitigate vendor/data lock-in and should be integrated into an enterprise cloud maturity framework. This information is supported by the ‘Lock-in’ coded data of the study.

South African organisations have limited formal assessments of their cloud maturity level. The category on processes included frameworks, audits and agreements. The data from this process indicated that there is limited evidence that South African organisations have assessed their cloud maturity level. The proposed theoretical model can assist an organisation to assess and evolve its current cloud maturity level. The independent variables of the theoretical framework could be used as domains of a CCMM. The maturity level of each organisation varies; each organisation will need to assess the different domains in their specific context.

Adopted conceptual model

The initial proposed conceptual model had to be modified to the adopted conceptual model, as shown in Figure 4, which is based on the research findings.

FIGURE 4: Adopted theoretical basis for the cloud capability maturity model.

The main change in the adopted conceptual model, compared to the initial proposed framework, is the inclusion of the codes that emerged during the inductive qualitative research process. These codes were not a priori or predetermined from the literature review and have now been incorporated into the adopted conceptual model.

The following codes emerged during the data analysis phase of the study: Features and Functionality, Mobility, Skills, Specialisation, Multinational and Staff diversity.

The emergent codes Features and Functionality and Mobility were categorised as Reinvention, whilst Skills and Specialisation were categorised as Complexity.

Both the Reinvention and Complexity categories were a component of the DOI theme. Multinational organisations and Staff diversity were emergent codes that were categorised as Organisational Structure that is part of the TOE theme.

Contributions to the body of knowledge

An improved cloud maturity conceptual model and a pragmatic cloud capability maturity model are the main contributions of this study. The research developed and validated the conceptual model which can assist organisations in evolving the stage of their organisational cloud maturity to a higher level.

Other significant contributions of this research include theory development through the refining of an existing theory that focuses on organisational behaviour. Although existing models such as TAM and Unified Theory of Acceptance and Use of Technology (UTAUT) are valuable TAMs, there are also several areas that require development.

The TAM is more focused on the individual behaviour rather than on organisational behaviour (Awa, Emecheta & Ojiabo 2012). The conceptual model of this research is focused on organisational behaviour and technology adoption by combining the constructs of several different theoretical models, that is, DOI, TOE, RDT and IT governance model.

This research also contributed insights into the effect of the presence of global cloud service providers which may have on South African large enterprises. Global data centres, based in South Africa, will drive the adoption of cloud services by South African large enterprises. Data privacy and performance requirements of the cloud platform because of latency will no longer be a detractor.

The reinvention of the organisation can be enabled through the advanced, integrated cloud and analytic features available through the global public cloud providers, for example, AI and Machine Learning.

Finally, the research also contributes possible options for an organisation to evolve to the next stage of cloud maturity. There is also limited empirical research on what and how business value is created from technologies, such as CC (Botta et al. 2016).

The CCMM provides a benchmark for each level of maturity. Large enterprises can assess their conformance to the domains at each level and aspire to attain higher levels of maturity, creating business value. This model could accommodate that different organisations have and operate in different contexts, for example, different drivers for cloud adoption.


The use of cloud maturity frameworks by South African large enterprises to guide them through the complex and developing cloud adoption process is recommended. This will assist organisations to narrow the ‘research-practice’ gap. This research recommends the integration of Mode 2 cloud and IT procurement, where IT aligns with, supports and promotes the attainment of business goals. Mode 2 not only complements the lean strategies of the hallmarks of Mode 1 but also enables the organisation to be more agile when faced with unanticipated business conditions (Shaik 2016). This view of the cloud as an enabler of business transformation should also be integrated strategically to fortify competitive advantage.

It is important, in some contexts, that enterprises consider the physical data presence of their cloud deployments. This is contrary to many advertisements that claim accessibility to the cloud, making the location of resources and data irrelevant. Location still matters to latency-sensitive business applications. It is recommended that enterprises consider which service models are adopted and specifically which workloads are taken to the cloud. This research has described that the location of the cloud is important as it impacts issues of data sovereignty as well as performance (latency). Compliance with the location of data needs to be carefully considered along with the location of latency-sensitive workloads. A common theme was the lack of formal exit contracts and processes between enterprises and CSPs. The research highlights the need for formal exit contracts as an area of focus for enterprises that need to be included as part of IT governance.

Finally, there is no universal solution or approach to cloud adoption and decision-making. This research recommends that the cloud maturity framework should be used within the specific context of the organisation and its business drivers, that is, the maturity framework is not prescriptive and should not be followed rigidly. The CCMM that is derived from the adopted conceptual model is discussed below.

Cloud capability maturity model

The variables and constructs of the adopted conceptual model are presented in Table 3 as domains of a CCMM. The maturity level of each organisation varies; each organisation will need to assess the different domains in their specific context.

TABLE 3: Cloud capability maturity model.

There are five levels of the CCMM. Recommended activities in each of the six domains span across each of the five levels of the model. The model describes possible effects or characteristics of each domain at each level and recommends the initiative to progress or improve maturity to the next level. The CCMM is a model that guides the progress of evolution through the continuum of maturity levels. Organisations should strive to attain the optimal level to realise the maximum business benefit:

  • Practical implementation of the CCMM could be guided as follows: those organisations that are at the initial level are likely to be experiencing bottom-up IT usage and it is recommended that some formalisation of CC is implemented, for example, address issues of management support.
  • Organisations at the assessment level have awareness of the cloud as well as executive support. Increased use of CC and implementation of CC structures and governance are the key objectives, for example, assess the performance of your applications in the cloud.
  • At the determined level, organisations have begun trialling cloud services and creating use cases for further deployment. It is recommended that the organisation starts to define IT strategy through the use of CC, for example, disaster recovery through the cloud.
  • The managed maturity level results in enterprise-wide CC deployment. Recommendations could be supply chain integration using the cloud, for example, auditing of SLAs with defined penalties.
  • The optimal state is defined by the business strategy being defined by CC. Perpetual improvement through benchmarking and research and development initiatives are recommended, for example, relative advantage over competitors using IT strategy based on the cloud.


The results of the research that supported the constructs of the DOI, TOE, RDT and IT governance theories affect the propensity of South African large enterprises to adopt cloud services and determine their associated cloud maturity level.

There was also support that global data centres, based in South Africa, will drive the adoption of cloud services by South African large enterprises. The research also supported that large enterprises have different propensities to adopt each of the different cloud service and deployment models, as technology adoption is contextual.

The research supported that South African large organisations could benefit from the theoretical model and the CCMM of this study as there is limited evidence that large enterprises have assessed their cloud maturity level.

The CCMM is based on the themes of the research findings as well as on the conceptual model. The goal of this research was to contribute to business management research by systematically examining the business model of cloud adoption. Identifying the gaps in the past, the attempt was to understand the importance that South African large organisations are currently attributing to different criteria in assessing their readiness and maturity of cloud adoption.

The objectives of this study were to develop and validate an improved cloud maturity model to guide enterprises with cloud decisions, that is, assist managers to utilise evidence-based management principles and thereby narrow the research–practice gap.

Information technology managers can use the CCMM by first identifying which level of the CCMM most closely defines their cloud maturity status. Each domain of the CCMM should be examined. The IT manager can then evolve the organisation’s cloud maturity level by following the recommendations listed in Table 3. This is an iterative process, where the IT manager continually strives to drive the organisation to the optimal cloud maturity level.

A cloud maturity model has to be holistic to guide the complex, contextual nature of cloud maturity at large enterprises. There is no prescriptive approach to cloud decision-making, but this research has developed a cloud maturity framework with the potential to enhance cloud adoption outcomes and contributions to business transformation in large enterprises.


Competing interests

The authors have declared that no competing interests exist.

Authors’ contributions

All authors contributed equally to this work.

Funding information

This research received no specific grant from any funding agency in the public, commercial or not-for-profit sectors.

Data availability statement

The data that support the findings of this study are available from the corresponding author, upon reasonable request.


The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of any affiliated agency of the authors.


Aden, J., 2015, Enterprise IT procurement patterns favor cloud technologies, viewed 03 March 2016, from http://2ndwatch.com/wp-content/uploads/2016/02/Public-Cloud-Procurement.pdf

Alharthi, A., Yahya, F., Walters, R.J. & Wills, G.B., 2015, ‘An overview of cloud services adoption challenges in higher education institutions’, in Proceedings of the 5th international conference on cloud computing and services science, CLOSER 2015, Lisbon, May 20–22, 2015, pp. 102–109.

Alvarez, V., 2012, Forrester research report: Assess your cloud maturity, viewed 12 March 2017, from www.forrester.com

Awa, H.O., Emecheta, B.C. & Ojiabo, U., 2012, ‘Integrating TAM and TOE frameworks and expanding their characteristic constructs for e-commerce adoption by SMEs electronic commerce (EC)’, in Proceedings of Informing Science & IT Education Conference (InSITE), Montreal, QC, June 22–27, 2012, pp. 571–588.

Basson, B., 2014, ‘The right to privacy: How the proposed POPI bill will impact data security in a cloud computing environment’, Masters of commerce dissertation (computer auditing), Stellenbosch University, Cape Town.

Bayramusta, M. & Nasir, V.A., 2016, ‘A fad or future of IT?: A comprehensive literature review on the cloud computing research’, International Journal of Information Management 36(4), 635–644. https://doi.org/10.1016/j.ijinfomgt.2016.04.006

Bildosola, I., Rio-Belver, R., Cilleruelo, E. & Garechana, G., 2015, ‘Design and implementation of a cloud computing adoption decision tool: Generating a cloud road’, PLoS ONE 10(7), 1–21.

Botta, A., De Donato, W., Persico, V. & Pescapé, A., 2016, ‘Integration of cloud computing and Internet of things: A survey’, Future Generation Computer Systems 56, 684–700. https://doi.org/10.1016/j.future.2015.09.021

Boyd, B., 1990, ‘Corporate linkages and organizational environment: A test of the resource dependence model’, Strategic Management Journal 11(6), 419–430. https://doi.org/10.1002/smj.4250110602

Castelfranchi, C. & Falcone, R., 2000, ‘Trust is much more than subjective probability: Mental components and sources of trust’, In Proceedings of the 33rd annual Hawaii international conference on system sciences, IEEE, Maui, Hawaii, January 04–07, 2000, pp. 1–10.

Cavalcante, E., Pereira, J., Alves, M.P., Maia, P., Moura, R., Batista, T. et al., 2016, ‘On the interplay of Internet of things and cloud computing: A systematic mapping study’, Computer Communications 89–90, 17–33. https://doi.org/10.1016/j.comcom.2016.03.012

Chihande, M., 2015, ‘Post cloud computing implementation benefits and challenges realised for a South African Technology company’, Masters degree in Business Leadership (MBL) dissertation, University of South Africa (UNISA), Pretoria.

Conway, G. & Curry, E., 2012, ‘Managing cloud computing: A life cycle approach’, in F. Leymann, I. Ivanov, M. van Sinderen & T. Shan (eds.), Proceedings of 2nd international conference on cloud computing and services science, CLOSER, Porto, April 18–21, 2012, pp. 198–207. https://doi.org/10.5220/0003928401980207

Creswell, J.W., 2013, Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, 4th edn., Sage Publications, Los Angeles, CA.

Davis, F.D., 1989, ‘Perceived usefulness, perceived ease of use, and user acceptance of information technology’, MIS Quarterly 13(3), 319–340. https://doi.org/10.2307/249008

Duarte, A.R., 2013, ‘Cloud maturity model’, Master of science degree in Information Systems and Computer Engineering Examination, TECNICO, Lisboa.

Durao, F., Carvalho, J.F.S., Fonseka, A. & Garcia, V.C., 2014, ‘A systematic review on cloud computing’, Journal of Supercomputing 68(3), 1321–1346. https://doi.org/10.1007/s11227-014-1089-x

Gartner, 2015a, Gartner’s 2015 hype cycle for emerging technologies identifies the computing innovations that organizations should monitor, Gartner, viewed 11 Aug 2016, from http://www.gartner.com/newsroom/id/3114217

Gartner, 2015b, ‘Infrastructure Agility Key Initiative Overview’, Gartner, viewed 25 August 2018, from https://www.gartner.com/doc/3095417/infrastructure-agility-key-initiative-overview

Guest, G., Bunce, A. & Johnson, L., 2006, ‘How Many Interviews Are Enough?’, Field Methods 18(1), 59–82. https://doi.org/10.1177/1525822X05279903

Han, B., Gopalakrishnan, V., Ji, L. & Lee, S., 2015, ‘Network function virtualization: Challenges and opportunities for innovations’, IEEE Communications Magazine 53(2), 90–97. https://doi.org/10.1109/MCOM.2015.7045396

Hermann, W., 2008, Cloud computing – The buzzword of the year?, viewed 01 November 2015, from http://www.computerwoche.de/a/cloud-computing-das-buzzword-des-jahres

Jokonya, O., Kroeze, J.H. & Van Der Poll, J.A., 2012, ‘Towards a framework for decision making regarding IT adoption categories and subject descriptors’, in Proceedings the 2012 annual research conference of the South African Institute for Computer Scientists and Information Technologists, SAICSIT, ACM Digital Library, Centurion, October 1–3, 2012.

Lal, P. & Bharadwaj, S.S., 2016, ‘Understanding the impact of cloud-based services adoption on organizational flexibility’, Journal of Enterprise Information Management 29(4), 566–588. https://doi.org/10.1108/JEIM-04-2015-0028

Lecklider, T., 2017, ‘Good enough for government work: EBSCOhost’, EE: Evaluation Engineering 53(12), 18–19.

MacVaugh, J. & Schiavone, F., 2010, ‘Limits to the diffusion of innovation: A literature review and integrative model’, European Journal of Innovation Management 13(2), 197–221. https://doi.org/10.1108/14601061011040258

Mell, P. & Grance, T., 2011, ‘The NIST definition of cloud computing’, NIST Special Publication, Communications of the ACM 53(6), 50.

Moonasar, V., 2019, Cloud adoption : A model to assess the self readiness and maturity of South African large enterprises, University of South Africa (UNISA), Midrand, Johannesburg.

Moonasar, V. & Naicker, V., 2018, ‘Cloud adoption: A conceptual model to assess the maturity of South African large enterprises’, Proceedings of 2018 9th International Conference on E-Business, Management and Economics, ICEME, Waterloo, ON, August 02–04.

Nasir, U. & Niazi, M., 2011, ‘Cloud computing adoption assessment model (CAAM)’, in Proceedings of the 12th International Conference on Product Focused Software Development and Process Improvement – PROFES ’11, ACM Press, Torre Canne, BR, June 20–22, 2011, pp. 34–37.

Pieterse, I., 2013, SMEs lead local cloud adoption, viewed 24 July 2016, from http://www.itweb.co.za/index.php?option=com_content&view=article&id=68797

Rightscale, 2016, State of the cloud report, Rightscale, viewed 15 February 2016, from http://assets.rightscale.com/uploads/pdfs/RightScale-2016-State-of-the-Cloud-Report.pdf

Rogers, E.M., 2003, Diffusion of innovations, 3rd edn., vol. 27, The Free Press, New York, NY.

Ruckle, J., 2015, ‘That magical (quadrant) time of year: A review of Gartner’s 2015 cloud report’, viewed 25 August 2018, from https://www.forbes.com/sites/centurylink/2015/05/19/that-magical-quadrant-time-of-year-a-review-of-gartners-2015-cloud-report/#584521e06026

Rubin, E., 2015, Latency, the hidden killer of cloud adoption, ClearSky, viewed 10 August 2016, from http://www.clearskydata.com/blog/latency-the-hidden-killer-of-cloud-adoption

Sahin, I., 2006, ‘Detailed review of rogers’ Diffusion of innovations theory and educational technology: Related studies based on rogers’ theory’, The Turkish Online Journal of Educational Technology 5, 14–23.

Shaik, S., 2016, What is a bimodal supply chain strategy?, SCM. Supply Chain Digital, viewed 20 October 2018, from https://www.supplychaindigital.com/scm/what-bimodal-supply-chain-strategy

Taivalsaari, A. & Mikkonen, T., 2015, ‘Cloud technologies for the Internet of things: Defining a research agenda beyond the expected topics’, in Proceedings – 41st Euromicro conference on Software Engineering and Advanced Applications, SEAA, Madeira, Portugal, August 26–28, 2015, pp. 484–488.

Tsalis, N. & Gritzalis, D., 2014, ‘Securing cloud and mobility: A practitioner’s guide’, Computers & Security 45, 305. https://doi.org/10.1016/j.cose.2014.02.002

Tornatzky, L.G. & Fleischer, M., 1990, ‘The processes of technological innovation’, The Journal of Technology Transfer 16(1), 45–46. https://doi.org/10.1007/BF02371446

Trivedi, H., 2013, Cloud adoption model for governments and large enterprises, Working Paper CISL# 2013–12, Cambridge, MA. https://doi.org/10.11113/jt.v73.4193

Weill, P. & Ross, J., 2005, ‘A matrixed approach to designing IT governance’, MIT Sloan Management Review 46(2), 26–34.

Weiss, D., Repschläger, J., Zarnekow, R. & Schrödl, H., 2013, ‘Towards a consumer cloud computing maturity model – Proposition of development guidelines, maturity domains and maturity levels’, in Proceedings of Pacific Asia Conference on Information Systems (PACIS) 2013, AIS Electronic Library (AISeL), Jeju Island, June 18–22, pp. 1–5.

Yang, X., Wallom, D., Waddington, S., Wang, J., Shaon, A., Matthews, B. et al., 2014, ‘Cloud computing in e-science: Research challenges and opportunities’, The Journal of Supercomputing 70(1), 408–464. https://doi.org/10.1007/s11227-014-1251-5

Yin, R.K., 2009, ‘Case study research, design and methods’, Sage 4(4), 264–267.

Yin, R.K., 2011, Qualitative research from start to finish, The Guildford Press, New York, NY, viewed 13 June 2016, from https://teddykw2.files.wordpress.com/2012/05/qualitative-research-from-start-to-finish.pdf

Crossref Citations

No related citations found.