Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing

IEEE Transactions on Cloud Computing, Forthcoming

14 Pages Posted: 18 Feb 2016

See all articles by Sebastian Lins

Sebastian Lins

University of Cologne

Stephan Schneider

University of Cologne

Ali Sunyaev

University of Cologne

Date Written: January 27, 2016

Abstract

Cloud service certifications (CSC) attempt to assure a high level of security and compliance. However, considering that cloud services are part of an ever-changing environment, multi-year validity periods may put in doubt reliability of such certifications. We argue that continuous auditing (CA) of selected certification criteria is required to assure continuously reliable and secure cloud services, and thereby increase trustworthiness of certifications. CA of cloud services is still in its infancy, thus, we conducted a thorough literature review, interviews, and workshops with practitioners to conceptualize an architecture for continuous cloud service auditing. Our study shows that various criteria should be continuously audited. Yet, we reveal that most of existing methodologies are not applicable for third party auditing purposes. Therefore, we propose a conceptual CA architecture, and highlight important components and processes that have to be implemented. Finally, we discuss benefits and challenges that have to be tackled to diffuse the concept of continuous cloud service auditing. We contribute to knowledge and practice by providing applicable internal and third party auditing methodologies for auditors and providers, linked together in a conceptual architecture. Further on, we provide groundings for future research to implement CA in cloud service contexts.

Keywords: certification, cloud computing, continuous auditing

Suggested Citation

Lins, Sebastian and Schneider, Stephan and Sunyaev, Ali, Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing (January 27, 2016). IEEE Transactions on Cloud Computing, Forthcoming. Available at SSRN: https://ssrn.com/abstract=2734086

Sebastian Lins (Contact Author)

University of Cologne ( email )

Albertus-Magnus-Platz
Cologne, 50923
Germany

Stephan Schneider

University of Cologne ( email )

Albertus-Magnus-Platz
Cologne, 50923
Germany

Ali Sunyaev

University of Cologne ( email )

Albertus-Magnus-Platz
Cologne, 50923
Germany

HOME PAGE: http://www.isq.uni-koeln.de

Register to save articles to
your library

Register

Paper statistics

Downloads
88
Abstract Views
751
rank
288,127
PlumX Metrics