Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail

Robert Anderson Keith Duncan, Mark Whittington

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Downloads (Pure)

Abstract

Information security in the cloud presents a serious challenge. We have identified fundamental weaknesses when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. Of course, merely having an effective audit trail is not enough — we actually have to examine it regularly to realise the potential benefits it offers.
Original languageEnglish
Title of host publicationCLOUD COMPUTING 2016
Subtitle of host publicationThe Seventh International Conference on Cloud Computing, GRIDs, and Virtualization
EditorsCarlos Becker Westphall, Yong Woo Lee, Stefan Rass
PublisherIARIA
Pages137-142
Number of pages6
ISBN (Print)978-1-61208-460-2
Publication statusPublished - 24 Mar 2016
EventThe Seventh International Conference on Cloud Computing, GRIDs, and Virtualization - H10 ROMA CITTA Via Pietro Blaserna, 101 (Quartiere Marconi) Roma 00146, Rome, Italy
Duration: 20 Mar 201624 Mar 2016
http://www.iaria.org/conferences2016/CLOUDCOMPUTING16.html

Conference

ConferenceThe Seventh International Conference on Cloud Computing, GRIDs, and Virtualization
Abbreviated titleCloudComp 2016
CountryItaly
CityRome
Period20/03/1624/03/16
Internet address

Fingerprint

Audit
Privacy
Information security
Cybercrime

Keywords

  • security
  • privacy
  • audit
  • audit trail

Cite this

Duncan, R. A. K., & Whittington, M. (2016). Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail. In C. B. Westphall, Y. W. Lee, & S. Rass (Eds.), CLOUD COMPUTING 2016 : The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization (pp. 137-142). IARIA.

Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail. / Duncan, Robert Anderson Keith; Whittington, Mark.

CLOUD COMPUTING 2016 : The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization. ed. / Carlos Becker Westphall; Yong Woo Lee; Stefan Rass. IARIA, 2016. p. 137-142.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Duncan, RAK & Whittington, M 2016, Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail. in CB Westphall, YW Lee & S Rass (eds), CLOUD COMPUTING 2016 : The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization. IARIA, pp. 137-142, The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization, Rome, Italy, 20/03/16.
Duncan RAK, Whittington M. Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail. In Westphall CB, Lee YW, Rass S, editors, CLOUD COMPUTING 2016 : The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization. IARIA. 2016. p. 137-142
Duncan, Robert Anderson Keith ; Whittington, Mark. / Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail. CLOUD COMPUTING 2016 : The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization. editor / Carlos Becker Westphall ; Yong Woo Lee ; Stefan Rass. IARIA, 2016. pp. 137-142
@inproceedings{471e2b96caa94b43bc93140e02f1be1e,
title = "Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail",
abstract = "Information security in the cloud presents a serious challenge. We have identified fundamental weaknesses when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. Of course, merely having an effective audit trail is not enough — we actually have to examine it regularly to realise the potential benefits it offers.",
keywords = "security, privacy, audit, audit trail",
author = "Duncan, {Robert Anderson Keith} and Mark Whittington",
note = "Winner of best paper award.",
year = "2016",
month = "3",
day = "24",
language = "English",
isbn = "978-1-61208-460-2",
pages = "137--142",
editor = "Westphall, {Carlos Becker } and Lee, {Yong Woo} and Stefan Rass",
booktitle = "CLOUD COMPUTING 2016",
publisher = "IARIA",

}

TY - GEN

T1 - Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail

AU - Duncan, Robert Anderson Keith

AU - Whittington, Mark

N1 - Winner of best paper award.

PY - 2016/3/24

Y1 - 2016/3/24

N2 - Information security in the cloud presents a serious challenge. We have identified fundamental weaknesses when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. Of course, merely having an effective audit trail is not enough — we actually have to examine it regularly to realise the potential benefits it offers.

AB - Information security in the cloud presents a serious challenge. We have identified fundamental weaknesses when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. Of course, merely having an effective audit trail is not enough — we actually have to examine it regularly to realise the potential benefits it offers.

KW - security

KW - privacy

KW - audit

KW - audit trail

M3 - Conference contribution

SN - 978-1-61208-460-2

SP - 137

EP - 142

BT - CLOUD COMPUTING 2016

A2 - Westphall, Carlos Becker

A2 - Lee, Yong Woo

A2 - Rass, Stefan

PB - IARIA

ER -