Abstract
Cyber-security presents a serious challenge. Cyber- security in the cloud presents a far more serious challenge, due to the multi-tenant nature of cloud relationships and the transitory nature of cloud instances.We have identified a fundamental weakness when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. A major weakness is the need to ensure the audit trail is properly preserved. We propose that some simple changes in approach are undertaken, which can considerably improve the status quo, while radically improving the ability to conduct forensic examination in the event of a breach, but of course, merely having an effective audit trail is not enough — we actually have to analyse it regularly to realise the potential benefits it offers.
Original language | English |
---|---|
Article number | 8 |
Pages (from-to) | 169-183 |
Number of pages | 15 |
Journal | International Journal on Advances in Security |
Volume | 9 |
Issue number | 3 & 4 |
Publication status | Published - 31 Dec 2016 |
Keywords
- cloud cyber security
- compliance
- audit
- audit trail