Home // International Journal On Advances in Security, volume 9, numbers 3 and 4, 2016 // View article

Cloud Cyber-Security: Empowering the Audit Trail

Authors:
Bob Duncan
Mark Whittington

Keywords: cloud cyber-security; compliance; assurance; audit; audit trail.

Abstract:
Cyber-security presents a serious challenge. Cyber- security in the cloud presents a far more serious challenge, due to the multi-tenant nature of cloud relationships and the transitory nature of cloud instances. We have identified a fundamental weakness when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. A major weakness is the need to ensure the audit trail is properly preserved. We propose that some simple changes in approach are undertaken, which can considerably improve the status quo, while radically improving the ability to conduct forensic examination in the event of a breach, but of course, merely having an effective audit trail is not enough — we actually have to analyse it regularly to realise the potential benefits it offers.

Pages: 169 to 183

Copyright: Copyright (c) to authors, 2016. Used with permission.

Publication date: December 31, 2016

Published in: journal

ISSN: 1942-2636