Managing Compliance and Auditing in Cloud
Gupta, Gunjan (2022)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202205179895
https://urn.fi/URN:NBN:fi:amk-202205179895
Tiivistelmä
Cloud services have emerged as an essential and promising IT solution to many organizations to enable cost efficiency, flexibility, resiliency, agility, and speed. Cloud service providers are implementing and adhering to many cybersecurity measures to ensure the security and confidentiality of users’ data. However, organizations' security risks have increased with the arrival of new security challenges like widespread
adoption of remote work, constantly changing network security vulnerabilities, and changes in the legal and geopolitical landscape. To build trust and compliance in the cloud environment, it is of paramount importance to have a proper audit to better understand the security posture of their applications and ensure sufficient measures are implemented during the adoption of the cloud. The objective was to research and analyze areas where traditional audits and compliance need to be changed to address cloud-specific attributes and recommendations.
A combination of qualitative and constructive research methodology was used. Once the general and comprehensive knowledge was gathered through ’document analysis/literature review’ and ’un-structured interview’ methods of qualitative research methodology, constructive research methodology together with the semi-structured interview was used to develop a ‘cloud audit checklist’.
The research demonstrates that auditors should know cloud-specific areas, its delivery and service model, key risks, division of roles and responsibilities, and cloud-specific auditing frameworks to move from traditional IT auditing to cloud-specific auditing. Organizations should always understand the security and compliance risks of overall business opportunity and appetite for risk before adopting the cloud. The desired outcome was achieved by developing a cloud audit checklist using a comprehensive study of literature material and having feedback from participants during interviews.
adoption of remote work, constantly changing network security vulnerabilities, and changes in the legal and geopolitical landscape. To build trust and compliance in the cloud environment, it is of paramount importance to have a proper audit to better understand the security posture of their applications and ensure sufficient measures are implemented during the adoption of the cloud. The objective was to research and analyze areas where traditional audits and compliance need to be changed to address cloud-specific attributes and recommendations.
A combination of qualitative and constructive research methodology was used. Once the general and comprehensive knowledge was gathered through ’document analysis/literature review’ and ’un-structured interview’ methods of qualitative research methodology, constructive research methodology together with the semi-structured interview was used to develop a ‘cloud audit checklist’.
The research demonstrates that auditors should know cloud-specific areas, its delivery and service model, key risks, division of roles and responsibilities, and cloud-specific auditing frameworks to move from traditional IT auditing to cloud-specific auditing. Organizations should always understand the security and compliance risks of overall business opportunity and appetite for risk before adopting the cloud. The desired outcome was achieved by developing a cloud audit checklist using a comprehensive study of literature material and having feedback from participants during interviews.