Can Forensic Audit Help Address the Cloud Forensic Problem in Light of the Requirements of the Forthcoming European Union General Data Protection Regulation?

Bob Duncan, Mark Whittington

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

There is no doubt that the forthcoming European Union (EU) General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018, will certainly concentrate many corporate minds. As for those who rely on cloud computing, there is likely to be even more consternation in the ranks, due to the issues surrounding dealing with the Cloud Forensic Problem. While it is the case that all computing systems are constantly under serious attack, this particular problem arises due to the fact that once an attacker gains a foothold in a cloud system and becomes an intruder, there is very little to prevent the intruder from gaining sufficient privileges to then completely delete all trace of their incursion, possibly deleting far more records than they need to in the process. Additionally, there is nothing to prevent them from then helping themselves to any amount of data covered by the GDPR, either by viewing it, modifying it, deleting it or ex-filtrating it from the victim system. This, then, will present a compliance nightmare to a great many cloud users, many of whom are poorly prepared to cope with this serious practical and financial challenge. In this paper, we consider how the use of robust forensic audit techniques from the accounting world might be applied to mitigate this serious challenge for such companies.
Original languageEnglish
Title of host publicationThe Ninth International Conference on Cloud Computing, GRIDs, and Virtualization
EditorsBob Duncan, Yong Woo Lee, Aspen Olmsted
PublisherIARIA
Pages84-89
Number of pages6
ISBN (Print)978-1-61208-607-1
Publication statusPublished - 20 Feb 2018
EventThe Ninth International Conference on Cloud Computing, GRIDs, and Virtualization - Barcelon, Spain
Duration: 18 Feb 201822 Feb 2018

Publication series

NameCloud Computing 2018
PublisherIARIA
ISSN (Print)2308-4294

Conference

ConferenceThe Ninth International Conference on Cloud Computing, GRIDs, and Virtualization
CountrySpain
CityBarcelon
Period18/02/1822/02/18

Fingerprint

Data privacy
Cloud computing
Industry
European Union
Compliance

Keywords

  • Forensic audit
  • GDPR compliance
  • cloud forensic problem

Cite this

Duncan, B., & Whittington, M. (2018). Can Forensic Audit Help Address the Cloud Forensic Problem in Light of the Requirements of the Forthcoming European Union General Data Protection Regulation? In B. Duncan, Y. W. Lee, & A. Olmsted (Eds.), The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization (pp. 84-89). [28013] (Cloud Computing 2018). IARIA.

Can Forensic Audit Help Address the Cloud Forensic Problem in Light of the Requirements of the Forthcoming European Union General Data Protection Regulation? / Duncan, Bob; Whittington, Mark.

The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization. ed. / Bob Duncan; Yong Woo Lee; Aspen Olmsted. IARIA, 2018. p. 84-89 28013 (Cloud Computing 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Duncan, B & Whittington, M 2018, Can Forensic Audit Help Address the Cloud Forensic Problem in Light of the Requirements of the Forthcoming European Union General Data Protection Regulation? in B Duncan, YW Lee & A Olmsted (eds), The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization., 28013, Cloud Computing 2018, IARIA, pp. 84-89, The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization, Barcelon, Spain, 18/02/18.
Duncan B, Whittington M. Can Forensic Audit Help Address the Cloud Forensic Problem in Light of the Requirements of the Forthcoming European Union General Data Protection Regulation? In Duncan B, Lee YW, Olmsted A, editors, The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization. IARIA. 2018. p. 84-89. 28013. (Cloud Computing 2018).
Duncan, Bob ; Whittington, Mark. / Can Forensic Audit Help Address the Cloud Forensic Problem in Light of the Requirements of the Forthcoming European Union General Data Protection Regulation?. The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization. editor / Bob Duncan ; Yong Woo Lee ; Aspen Olmsted. IARIA, 2018. pp. 84-89 (Cloud Computing 2018).
@inproceedings{849fc929e4c748df8d8cdeb6561d97fd,
title = "Can Forensic Audit Help Address the Cloud Forensic Problem in Light of the Requirements of the Forthcoming European Union General Data Protection Regulation?",
abstract = "There is no doubt that the forthcoming European Union (EU) General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018, will certainly concentrate many corporate minds. As for those who rely on cloud computing, there is likely to be even more consternation in the ranks, due to the issues surrounding dealing with the Cloud Forensic Problem. While it is the case that all computing systems are constantly under serious attack, this particular problem arises due to the fact that once an attacker gains a foothold in a cloud system and becomes an intruder, there is very little to prevent the intruder from gaining sufficient privileges to then completely delete all trace of their incursion, possibly deleting far more records than they need to in the process. Additionally, there is nothing to prevent them from then helping themselves to any amount of data covered by the GDPR, either by viewing it, modifying it, deleting it or ex-filtrating it from the victim system. This, then, will present a compliance nightmare to a great many cloud users, many of whom are poorly prepared to cope with this serious practical and financial challenge. In this paper, we consider how the use of robust forensic audit techniques from the accounting world might be applied to mitigate this serious challenge for such companies.",
keywords = "Forensic audit, GDPR compliance, cloud forensic problem",
author = "Bob Duncan and Mark Whittington",
year = "2018",
month = "2",
day = "20",
language = "English",
isbn = "978-1-61208-607-1",
series = "Cloud Computing 2018",
publisher = "IARIA",
pages = "84--89",
editor = "Bob Duncan and Lee, {Yong Woo} and Aspen Olmsted",
booktitle = "The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization",

}

TY - GEN

T1 - Can Forensic Audit Help Address the Cloud Forensic Problem in Light of the Requirements of the Forthcoming European Union General Data Protection Regulation?

AU - Duncan, Bob

AU - Whittington, Mark

PY - 2018/2/20

Y1 - 2018/2/20

N2 - There is no doubt that the forthcoming European Union (EU) General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018, will certainly concentrate many corporate minds. As for those who rely on cloud computing, there is likely to be even more consternation in the ranks, due to the issues surrounding dealing with the Cloud Forensic Problem. While it is the case that all computing systems are constantly under serious attack, this particular problem arises due to the fact that once an attacker gains a foothold in a cloud system and becomes an intruder, there is very little to prevent the intruder from gaining sufficient privileges to then completely delete all trace of their incursion, possibly deleting far more records than they need to in the process. Additionally, there is nothing to prevent them from then helping themselves to any amount of data covered by the GDPR, either by viewing it, modifying it, deleting it or ex-filtrating it from the victim system. This, then, will present a compliance nightmare to a great many cloud users, many of whom are poorly prepared to cope with this serious practical and financial challenge. In this paper, we consider how the use of robust forensic audit techniques from the accounting world might be applied to mitigate this serious challenge for such companies.

AB - There is no doubt that the forthcoming European Union (EU) General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018, will certainly concentrate many corporate minds. As for those who rely on cloud computing, there is likely to be even more consternation in the ranks, due to the issues surrounding dealing with the Cloud Forensic Problem. While it is the case that all computing systems are constantly under serious attack, this particular problem arises due to the fact that once an attacker gains a foothold in a cloud system and becomes an intruder, there is very little to prevent the intruder from gaining sufficient privileges to then completely delete all trace of their incursion, possibly deleting far more records than they need to in the process. Additionally, there is nothing to prevent them from then helping themselves to any amount of data covered by the GDPR, either by viewing it, modifying it, deleting it or ex-filtrating it from the victim system. This, then, will present a compliance nightmare to a great many cloud users, many of whom are poorly prepared to cope with this serious practical and financial challenge. In this paper, we consider how the use of robust forensic audit techniques from the accounting world might be applied to mitigate this serious challenge for such companies.

KW - Forensic audit

KW - GDPR compliance

KW - cloud forensic problem

M3 - Conference contribution

SN - 978-1-61208-607-1

T3 - Cloud Computing 2018

SP - 84

EP - 89

BT - The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization

A2 - Duncan, Bob

A2 - Lee, Yong Woo

A2 - Olmsted, Aspen

PB - IARIA

ER -