Information security in the cloud presents a serious challenge. We have identified fundamental weaknesses when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. Of course, merely having an effective audit trail is not enough — we actually have to examine it regularly to realise the potential benefits it offers.
|Title of host publication||CLOUD COMPUTING 2016|
|Subtitle of host publication||The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization|
|Editors||Carlos Becker Westphall, Yong Woo Lee, Stefan Rass|
|Number of pages||6|
|Publication status||Published - 24 Mar 2016|
|Event||The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization - H10 ROMA CITTA Via Pietro Blaserna, 101 (Quartiere Marconi) Roma 00146, Rome, Italy|
Duration: 20 Mar 2016 → 24 Mar 2016
|Conference||The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization|
|Abbreviated title||CloudComp 2016|
|Period||20/03/16 → 24/03/16|
- audit trail
Duncan, R. A. K., & Whittington, M. (2016). Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail. In C. B. Westphall, Y. W. Lee, & S. Rass (Eds.), CLOUD COMPUTING 2016 : The Seventh International Conference on Cloud Computing, GRIDs, and Virtualization (pp. 137-142). IARIA.