Auditing for Cloud Computing

Keywords: Cloud Auditing, Compliance, governance, Regulation.
Authors: Jonathan Sinclair, SAP Research.
Abstract: Cloud computing is a paradigm evolution that benefits from virtualization technologies and introduces “everything-as-a-service” as a technical and business concept supported by pay-per-use pricing models. Whilst the on-demand characteristics of this novel paradigm provide revolutionary advances in technical ability, the changes while incorporating this into an IT infrastructure raise many complex problems and risks with regards to auditing. Auditing is the process of tracing and logging significant events the take place during the system run-time for analysis, and can be seen as a vital tool in validating and securing systems.

Cloud architectures enable a convenient on-demand infrastructure in terms of placement and elasticity allowing the consumer a configurable computing resource without requiring the knowledge of how it is implemented. Though this is exactly the black-box problem for auditing processes. This research discusses the expected fundamental challenges for auditing of Cloud infrastructures: i) Enhancing and developing new auditing standards in light of the new technologies used in the business process, ii) The creation and storage of auditing logs and iii) The configuration and maintenance of the audit trail. In order for organizations to utilize Cloud infrastructures, challenges with regards to compliance; regulation; governance and security need to be overcome.