KIT | KIT-Bibliothek | Impressum | Datenschutz

Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing

Lins, Sebastian; Schneider, Stephan; Sunyaev, Ali


Cloud service certifications (CSC) attempt to assure a high level of security and compliance. However, considering that cloud services are part of an ever-changing environment, multi-year validity periods may put in doubt reliability of such certifications. We argue that continuous auditing (CA) of selected certification criteria is required to assure continuously reliable and secure cloud services, and thereby increase trustworthiness of certifications. CA of cloud services is still in its infancy, thus, we conducted a thorough literature review, interviews, and workshops with practitioners to conceptualize an architecture for continuous cloud service auditing. Our study shows that various criteria should be continuously audited. Yet, we reveal that most of existing methodologies are not applicable for third party auditing purposes. Therefore, we propose a conceptual CA architecture, and highlight important components and processes that have to be implemented. Finally, we discuss benefits and challenges that have to be tackled to diffuse the concept of continuous cloud service auditing. We contribute to knowledge and practice by providing applicable internal and third party auditing methodologies for auditors and providers, linked together in a conceptual architecture. ... mehr

DOI: 10.1109/TCC.2016.2522411
Zitationen: 46
Web of Science
Zitationen: 39
Zitationen: 70
Zugehörige Institution(en) am KIT Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
Publikationstyp Zeitschriftenaufsatz
Publikationsjahr 2018
Sprache Englisch
Identifikator ISSN: 2168-7161, 2372-0018
KITopen-ID: 1000091295
Erschienen in IEEE transactions on cloud computing
Verlag Institute of Electrical and Electronics Engineers (IEEE)
Band 6
Heft 3
Seiten 890 - 903
Vorab online veröffentlicht am 27.01.2016
Externe Relationen Abstract/Volltext
Schlagwörter Certification, cloud computing, continuous auditing, security
Nachgewiesen in Scopus
Web of Science
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page