Auditing & Cloud Computing

Auditing & Cloud Computing
Name
Institutional Affiliation
Table of Contents
TOC o “1-3” h z u Abstract PAGEREF _Toc466641986 h 3Introduction PAGEREF _Toc466641987 h 3Defining Cloud Computing PAGEREF _Toc466641988 h 4Benefits of cloud computing PAGEREF _Toc466641989 h 5Cost Savings PAGEREF _Toc466641990 h 6Scalability PAGEREF _Toc466641991 h 6Business continuity PAGEREF _Toc466641992 h 6Collaboration efficiency and ease of access PAGEREF _Toc466641993 h 7Challenges of cloud computing PAGEREF _Toc466641994 h 7Security PAGEREF _Toc466641995 h 7Quality of Service PAGEREF _Toc466641996 h 8Downtime and difficulty of data accessibility PAGEREF _Toc466641997 h 8Auditing Standards and Regulations PAGEREF _Toc466641998 h 9Regulatory requirements PAGEREF _Toc466641999 h 9Auditing 4 Relevant Areas for Cloud Computing PAGEREF _Toc466642000 h 10Conclusion PAGEREF _Toc466642001 h 10

AbstractTechnology and ICT have become critical elements of today’s business world. The workload requiring technology intervention continues to increase as more and more devices are now getting connected to the internet. Thus, most entities have been forced to move their functions to the cloud in a bid to attain efficiency and greater flexibility. Moreover, maintaining costly IT resources has proved to be inefficient for most firms. Thus, most firms have opted to shift most of their operations to the cloud. Unfortunately, moving of organization functions to the cloud has proved to be a major challenge especially if the concerned entities do not conduct regular audits.

Conducting audits in cloud computing offers firms with an in-depth understanding of how better control and financial reporting benefits organizations. Audited cloud computing will give businesses a better analysis on their financial status and thus the models to consider for implementation to drive organizations to the realization of their organizational objectives. It would be easier to track any changes that take place across the departments and further implement relevant controls to improve the efficiency and effectiveness of organizations.
Keywords: Cloud Computing, Auditing
Auditing & Cloud Computing
IntroductionTechnology and ICT have become critical elements of today’s business world. The workload requiring technology intervention continues to increase as more and more devices are now getting connected to the internet. Thus, most entities have been forced to move their functions to the cloud in a bid to attain efficiency and greater flexibility. Moreover, maintaining costly IT resources has proved to be inefficient for most firms. Nonetheless, moving of organization functions to the cloud has proved to be a major challenge especially if the concerned entities do not conduct regular audits. A report by Wang, Wang, Ren, Cao and Lou (2012) identified that cloud services could be easily interfered with, thereby creating significant changes to the processes taking place within a business. Moreover, the fact that cloud services are done without any human intervention implies that the possibilities of data changes in the absence of auditing would also be high. Businesses whose IT environments are significantly dormant may encounter risks off alternation of data if they do not conduct regular audits on their cloud. Failure to conduct audits has been linked with loss of vital data and the modification of sensitive information. Yang and Jia (2013) explain that conducting auditing on cloud computing plays a vital role in the early identification of automated controls and potential audit issues. To this effect, the firm will be aware of the events that take place within its departments. Audited data guarantees users of the integrity of the data. It also offers an ideal methodology to help facilitate efficient audit plans and walkthroughs that are supported using controlled testing.
Defining Cloud Computing Cloud computing refers to a variety of Internet-based computing services. In cloud computing, the delivery of on-demand computing resources is done over the internet on a pay-as-you-use basis. Thus, cloud computing sees to it that shared computing resources are used instead of local servers or personal devices when handling of applications. Cloud computing operates under the use of supercomputing and high-performance devices to perform computations per second. It uses customized applications such as financial portfolios to deliver personalized information as well as offer data storage. Cloud-based applications such as the software as a service (SaaS) are managed by distant computers in the cloud. The users can access the data via the internet. Another alternative is the Platform as a Service (PaaS), which is responsible for the provision of the required support to complete the process of building and delivering web-based applications. Alternatively, users may choose to benefit from the infrastructure as a service (IaaS) platform whereby they can access computing resources including storage, networking infrastructure, storage, and data center spaces on a pay per use basis. To this effect, several companies have moved swiftly in a bid to offer public cloud services to their users. The providers are concerned with the provision of affordable computing resources.
The existence of public cloud services implies that users do not necessarily have to purchase software or hardware resources to meet their obligations. Alternatively, a user may opt to invest in a private cloud. Private clouds are solely used for particular organizations. The organizations may choose to manage their clouds internally or contract a third party to manage it for them. Private clouds are considered as an ideal alternative for cloud computing because they offer greater control of resources through the elimination of multi-tenancy. The key aspects of private clouds are that they provide a self-service interface that allows IT staffs to ensure sufficient allocation and delivery of on-demand IT resources. Companies may also choose to customize their clouds to guarantee better security governance and that their clouds meet particular security requirements. Hybrid clouds are those that use a private cloud and strategically integrate them with a public cloud. The creation of a hybrid cloud concept offers firms with an ideal way to ensure that their companies maintain critical applications and data while at the same time benefitting them on public resources such as Saas, IaaS and PaaS.
Benefits of cloud computingMore companies are adopting cloud computing because of the gains they stand to receive from it. The use of a cloud allows the business owner to set up a virtual office that offers greater flexibility and connection of the business anywhere. The increasing use of web-based devices such as tablets and smartphones have enhanced individual ability to conduct business wherever they are. The following are key benefits that user stand to receive by using cloud-based services
Cost SavingsA major benefit for organizations that rely on cloud computing is the ability to save on company’s IT costs. Reliable evidence indicates that irrespective of the type or nature of business, businesses are likely to reduce their costs of operation by moving to the cloud (Wang et al. 2012). Costs that would have been incurred in purchasing software licenses, hardware equipment and platforms can be used to generate organization income at various levels. Moreover, most contracts with companies that offer cloud-based services are renewable. To this effect, moving to the cloud offers firms with the chance to minimize their initial capital requirements and instead utilize typically lower costs
ScalabilityOne of the recommendations of an ideal computing platform is that it should be scalable. Scalability offers businesses the chance to scale up or down their operations. There are instances when enterprises are forced to revise their operation based on their resource needs. The use of cloud computing offers a platform upon which flexibility can be realized because rather than buy additional technological platforms such as servers and systems, the business can easily scale up or down without the need to purchase new resources.
Business continuity Cloud computing offers firms with a chance to back up their operations thus instill confidence in the company in the event that a disaster strikes. Cloud computing guarantees firms that their businesses would continue to meet their responsibilities within the shortest time possible even when natural disasters strike. Reliable evidence indicates that companies lose a great deal of money when they experience downtimes (Grobauer, Walloschek & Stocker, 2011). However, with cloud computing firms are guaranteed of keeping their data and operations running consistently to attain business continuity.
Collaboration efficiency and ease of accessBusinesses can share more regarding their experiences when they invest in cloud computing. The connectivity of devices facilitate easier communication and allows users to share and work on data in a secure way. In fact, surveys across various companies indicate that firms can work with their employees throughout the world on the same platform because of cloud computing powered technologies (Wang, Wang, Ren, Lou & Li, 2011). The services can be easily accessed anywhere thereby enabling the employees of a firm work remotely to meet deadlines.
Challenges of cloud computingThe above benefits indicate that investing in cloud technology offers firms with greater variety and hence the chance to exploit what ideally works for them. However, the use of cloud-based technologies have also been linked to several drawbacks including:
Security
A primary concern of the use of cloud based technologies is the security of organization data. The situation is even worsened if the firms are dependent on public cloud services, which implies that the access to important information is increased. Apparently, public cloud providers share their hardware infrastructure with numerous customers (Wei, Zhu, Cao, Dong, Jia, Chen & Vasilakos, 2014). Moreover, accessibility to the resources stored on such platforms has been made easy because all a user requires is a log-on and hence the access of data, those that can hack through such services are more likely to exploit such weaknesses to their advantage. Moreover, the fact that there is no clear understanding of the person in charge of encryption, authentication or even an understanding of where the data resides makes it difficult to ascertain whether the data is safe
Quality of ServiceThe quality of service offered by cloud providers is also a significant attribute to consider. In fact, there would be no need for investing in cloud-based alternatives when the availability of service is not guaranteed. The worst part is that a majority of cloud-based service providers are unaware of whether the resources available are adequate to meet the needs of their consumers. They also cannot account whether the performance of their services and scalability elements should be customized to meet their needs. Lack of proficient and sure ways to address the needs of consumers creates uncertainty regarding the usability of cloud-based services.
Downtime and difficulty of data accessibilityAccessing data in time of need is a basic requirement of any IT system. However, cloud-based interventions do not guarantee the user of ease of access to data. Performance while on the cloud infrastructure may be significantly affected especially when the load is exceeded. Additionally, businesses may incur losses when server outages occur. Poor internet connections may also cripple the ability of the firm to access critical data resources especially when they have no knowledge of where their data has been stored. Thus, it is ideal for firms to ensure that they have a reliable strategy to mitigate unavailability of services that would make cloud services unattractive to users. The use of reliable auditing standards may also play a key role in informing relevant service providers of the elements to consider to ensure ideal functioning of cloud-based services
Auditing Standards and RegulationsIdentifying relevant methods for auditing and compliance would play key roles in giving firms the recommended confidence for working with cloud-based service providers. The management must identify an ideal scope of compliance upon which the functionality of cloud computing would be realized. Some of the requirements that firs must comply with include:
Regulatory requirementsAttaining effective governance is critical for firm managers to make management decisions that would enhance the delivery of IT services in accordance with the needs of organizations. The general governance standards include:
ISO/IEC 38500- IT Governance- The standardization offers a framework for the governance of IT within organizations. It ensures that it offers guiding principles that would translate to an efficient and acceptable use of IT services
ISO/IEC 2000- It includes a series of well-established and internationally recognized standards for the management of IT services. Nonetheless, the regulatory standard is not specific to cloud computing and its services.
COBIT (Control Objectives for Information and Related Technology) [3] – the standard was created to offer a framework for IT governance and management. The framework ensures that there is a high correlation between organizational goals and processes
Cloud Security Alliance (CSA) Cloud Controls Matrix- CSA conducts research on cloud security and offers relevant education and certification to ensure the delivery of reliable cud computing services. The organization has published Cloud Controls Matrix, which provides insight into the key security control considerations when examining the quality of cloud services offered by providers.
Auditing 4 Relevant Areas for Cloud ComputingData Protection- The cloud-based technology must be assessed to ensure that it meets the relevant security standards specified by relevant auditing standards. There should be a clear framework for encryption, authorization and data protection mechanisms. If the system fails to exhibit relevant data protection initiatives, then it would be ideal to consider the implementation of reliable security features on the cloud-based platform
Identity & Access Management- Authorization and authentication services play a key role in protecting organization data. The cloud service must be assessed on their abilities to authenticate and hence authorize users to access the platforms during use. Policies regarding password changes must also be passed to ensure that all users are well equipped with the need to protect their vital log on details. Such audits should be conducted frequently at every three months
Operations- The functionality of cloud-based services should regularly be assessed to ascertain its reliability. The platform must be evaluated to determine their compliance with standards
Technology Risk- the risks involved in using cloud-based technology must be sufficiently evaluated. The pros and cons of using the technology should be ascertained to help organization executives make an informed decision regarding the usability of the system. Most importantly, regular audits on emerging risks must be conducted frequently.
ConclusionCloud computing has consistently transformed the functionality of the technology world. More businesses admit that the gains derived from cloud computing are more than the dangers they face. Nonetheless, businesses ought to conduct due diligence on the impacts of the service on the functionality before the adoption of the technology. Identifying the relevant elements of IT infrastructure that should be moved to the cloud may also offer a firm with a competitive advantage because it would ensure maximum utilization of such resources. However, it would be essential to ensure that consistent auditing is done to ascertain the efficiency of cloud-based technologies. Identification of loopholes that may limit a firm from enjoying the use of cloud resources would help seal them to offer businesses maximum benefits.

References
Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing vulnerabilities. IEEE Security & Privacy, 9(2), 50-57.
Wang, C., Wang, Q., Ren, K., Cao, N., & Lou, W. (2012). Toward secure and dependable storage services in cloud computing. IEEE transactions on Services Computing, 5(2), 220-232.
Wang, Q., Wang, C., Ren, K., Lou, W., & Li, J. (2011). Enabling public audibility and data dynamics for storage security in cloud computing. IEEE transactions on parallel and distributed systems, 22(5), 847-859.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.
Yang, K., & Jia, X. (2013). An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Transactions on Parallel and Distributed Systems, 24(9), 1717-1726.