Cloud computing risk and audit issues

2015

The Cloud Computing paradigm is getting popular deliberately and is being adopted in modern organizations because of its lower cost, scalability and high availability. This moves control of data from the owner to the cloud service provider and thus security and data privacy of customer or owner becomes a challenge. Cloud is a new concept and as a result of which the experience of providers in this field might not be enough to complement security. Security, being inconsistent and not robust, will have low credibility on the benefit that features of cloud computing has to offer. This research is done using exploratory method and presents an exploratory review on Information System (IS) Audit on cloud computing and security issues and prescribes a framework that can be used for Cloud Computing and Security. This research proposes an audit model for cloud computing.

2017

The cloud computing in its various form allow users to store information at remote location and reduce load at local system. Even though it is an advantage still drawback exists such as remote storage. The major security issues in cloud computing such as lack of data control, lack of trust and multi-tenancy are reviewed. The cloud computing and its service and deployment models are discussed by ways which the present security issues in cloud computing are prevented. Ensuring cloud data integrity and privacy seems to be the major issue. To overcome unauthorized access of data by cloud service providers and data users, verification is performed through trusted third party auditor. The cloud auditing needs to be performed and data security also needs to be ensured without the knowledge of the actual data stores at cloud. Researcher shows keen interest to provide a cloud framework, which preserves the privacy and ensures the integrity of cloud data. The paper reviews privacy preserving ...

2016

Many people assume that cloud audit is no more difficult than IT audit in general. We provide an outline of the evolution of cloud, providing an explanation of how it differs from conventional IT. We then discuss some of the benefits and drawbacks of cloud, particularly in connection to audit challenges, highlighting the dangers and shortcomings of many approaches. Keywords—security; privacy; standards; compliance; audit.

International Journal of Communications, Network and System Sciences, 2016

The user control over the life cycle of data is of an extreme importance in clouds in order to determine whether the service provider adheres to the client's pre-specified needs in the contract between them or not, significant clients concerns raise on some aspects like social, location and the laws to which the data are subject to. The problem is even magnified more with the lack of transparency by Cloud Service Providers (CSPs). Auditing and compliance enforcement introduce different set of challenges in cloud computing that are not yet resolved. In this paper, a conducted questionnaire showed that the data owners have real concerns about not just the secrecy and integrity of their data in cloud environment, but also for spatial, temporal, and legal issues related to their data especially for sensitive or personal data. The questionnaire results show the importance for the data owners to address mainly three major issues: Their ability to continue the work, the secrecy and integrity of their data, and the spatial, legal, temporal constraints related to their data. Although a good volume of work was dedicated for auditing in the literature, only little work was dedicated to the fulfillment of the contractual obligations of the CSPs. The paper contributes to knowledge by proposing an extension to the auditing models to include the fulfillment of contractual obligations aspects beside the important aspects of secrecy and integrity of client's data.

E-Democracy 2015: Citizen Rights in the World of the New Computing Paradigms, 2015

Security is a crucial issue in cloud computing especially since a lot of stakeholders worldwide are involved. Achieving an acceptable security level in cloud environments is much harder when compared to other traditional IT systems due to specific cloud characteristics like: architecture, openness, multi-tenancy etc. Conventional security mechanisms are no longer suitable for applications and data in the cloud, since new security requirements have emerged. Furthermore, there is a clear need for a trusted security audit method for cloud providers. This paper identifies the security requirements that are specific to cloud computing and highlights how these requirements link to the cloud security policy while illustrating the structure of a General Security Policy Model. Furthermore , it proposes a method that can be adopted by cloud providers for auditing the security of their systems.

International Journal of Database Theory and Application, 2016

Cloud computing in its various forms allows users to store their information at remote location and reduce the burden at their local systems. Even though this is an advantage for users but there are also many drawbacks because of this remote storage. The main drawback which needs to be dealt with is security. Recently, security is the major concern which most of the cloud service providers are facing. The users store their information in remote location with the hope of maintaining the privacy and integrity of data. In order, to maintain the privacy and integrity of users' data auditing has to be done by the Cloud Service Providers (CSP). CSP uses the Third Party Auditor (TPA) for performing the auditing. The TPA performs auditing on behalf of the data owner using different auditing mechanisms. Many auditing mechanisms have been introduced in literature. Each mechanism varies from one another in one or more characteristics. In this paper we have provided a study on the different auditing mechanisms required to preserve the privacy and integrity of data in cloud. We have presented the advantages and flaws in each mechanism compared to another. Many auditing mechanisms are arising in literature with the aim to maintain the integrity of users' data and preserve the privacy. This paper remains as the basis for different auditing mechanisms that are arising in literature. With the help of auditing mechanisms the TPA can best satisfy the needs of the users.

International Journal of Information Management, 2014

For many companies the remaining barriers to adopting cloud computing services are related to security. One of these significant security issues is the lack of auditability for various aspects of security in the cloud computing environment. In this paper we look at the issue of cloud computing security auditing from three perspectives: user auditing requirements, technical approaches for (data) security auditing and current cloud service provider capabilities for meeting audit requirements. We also divide specific auditing issues into two categories: infrastructure security auditing and data security auditing. We find ultimately that despite a number of techniques available to address user auditing concerns in the data auditing area, cloud providers have thus far only focused on infrastructure security auditing concerns.

2014 28th International Conference on Advanced Information Networking and Applications Workshops, 2014

Cloud computing is the next phase in the Internet's evolution, providing the means through which computing power, computing infrastructure, applications, business processes can be delivered to businesses and individual as a service wherever and whenever they need. Businesses who use cloud service providers (CSP) tend to have service level agreements (SLA) that act as contract and define the level of expected service from the CSP, including availability, performance and security. Recent research suggests the use of third party auditors (TPA) as a mean to monitor CSPs. This paper shows how CSP may deceit the SLA to reduce their cost and become more competitive, while avoiding detection by TPAs. The paper presents a crowdsourced TPA model to monitor the CSPs and consequently detect any deception.

Journal of Network and Computer Applications, 2014

Cloud computing has emerged as a computational paradigm and an alternative to the conventional computing with the aim of providing reliable, resilient infrastructure, and with high quality of services for cloud users in both academic and business environments. However, the outsourced data in the cloud and the computation results are not always trustworthy because of the lack of physical possession and control over the data for data owners as a result of using to virtualization, replication and migration techniques. Since that the security protection the threats to outsourced data have become a very challenging and potentially formidable task in cloud computing, many researchers have focused on ameliorating this problem and enabling public auditability for cloud data storage security using Remote Data Auditing (RDA) techniques. This paper presents a comprehensive survey on the remote data storage auditing in single cloud server domain and presents taxonomy of RDA approaches. The objective of this paper is to highlight issues and challenges to current RDA protocols in the cloud and the mobile cloud computing. We discuss the thematic taxonomy of RDA based on significant parameters such as security requirements, security metrics, security level, auditing mode, and update mode. The state-of-the-art RDA approaches that have not received much coverage in the literature are also critically analyzed and classified into three groups of provable data possession, proof of retrievability, and proof of ownership to present a taxonomy. It also investigates similarities and differences in such framework and discusses open research issues as the future directions in RDA research.

In the quest of storing huge amount of data on cloud servers, security and privacy evolve as the major concern for the user. Storage and retrieval of private information from the cloud server is the most challenging issue for users. The major issues involving storage of data on cloud servers are Confidentiality, Data Integrity, Data Availability, Data Loss or Leakage, Location and Relocation, etc. Auditing technique are being used to overcome these difficulties and ensures data safety in cloud. This paper presents a survey of ongoing research on auditing techniques that ensures a secure environment for the cloud users. Also a classification has been presented on auditability.