This article discusses research conducted to conceptualise a secure cloud adoption model. The study surveyed SMEs in the Sri Lankan information technology industry using a questionnaire to determine cloud computing adoption factors. The study used Rogers' diffusion of innovation (DOI), Tornatzky and Fleischer's technology-organization-environment (TOE) framework, Venkatesh and Bala's technology acceptance model 3 (TAM3), and Venkatesh, Thong, and Xu's Unified theory of acceptance and use of technology 2 (UTAUT2) as the theoretical foundation for evaluating the reference model. Two hundred and fifty-six key officials from information technology (IT) organisations in Sri Lanka participated in the survey. The study used quantitative data coding and analysis methods with the SPSS and AMOS softwares. The findings from previous research and existing technology adoption frameworks and models were summarised to support the secure cloud adoption model (SCAM).