Firstly lets start with the definition of IT auditing:
“The process of collecting and evaluating evidence to determine whether a computer system (information system) safeguards assets, maintains data integrity, achieves organizational goals effectively and consumes resources efficiently.”
Below are a few of the security standards and how they relate back to businesses.
However, IT security in the cloud is mainly concerned with data access and user privileges, in both the physical and virtual layers, and what we are seeing is a change on what businesses need audited:
- What used to be static is not static anymore: Dynamic change in IP addressing, Domain’s, Data Centres
- Audit Analysis and Too much Data: How to retrieve, correlate, and extract meaningful data from an ever increasing amount of data sources. How do you track all of this? Big Data challenges.
- Auditing is becoming a service: Consumers may need to track the Business Processes across multiple providers and an audit trail might span multiple domains and providers.
These points present challenges around how we think about our data and where it is going. We are seeing trends that organisations are now reliant offsite security control.
For example the data does not physically sit on your site anymore – which in itself raises numerous points:
- How is data is stored, transmitted, and processed outside the organisation.
- The challenges of “shared” computing environments.
- No physical control of data
- Physical and logical access might be controlled by the provider.
- No controls to prevent data modification
- No logging on events on data (access, modification, transmission)
However an IT audit does not need to stop at the file level. Here at Polarseven we can dive down into Service Availability which can present its own challenges:
- Bottlenecks in connectivity
- Change control
- Provider viability
- Reliance on providers and their Disaster Recovery processes
In conclusion around auditing and cloud computing – it still presents some interesting challenges:
- Security will be an ongoing issue for Cloud Computing. It should be a part of your strategy as you move to the cloud. PolarSeven can help out to understand what challenges you have.
- Cloud Computing is cheaper. People will continue to use it – regardless of security challenges. PolarSeven can provide services around providing best practice for the security of your data.