4 responses Oct 29

profileruthvik
Work1.docx
Home>Nursing homework help>4 responses Oct 29

Dushyanth Work:

Week 10 Discussion Cloud Computing Audit

            Investment into big data has necessitated my business to invest into cloud computing. CC refers to “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” Ryoo,  Rizvi, Aiken, & Kissel (2014).  My business can utilize computing resources void of purchasing them. Therefore, we utilize the software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service to access the services (IaaS) (Ryoo et al., 2014). However, the services expose my enterprise to lots of insecurity issues.

            My business used to undertake traditional audits, both internal and external approaches. “The internal audits refer to work done by an organization’s own employees, concern very specific organizational processes, and focus primarily on optimization and risk management” (Ryoo et al., 2014).  On the other hand, external audits allows us investigate the outside factors increase organizational risks. The authors noted that “Organizations have used traditional IT audits to evaluate issues such as availability to authorized users and integrity and confidentiality in data storage and transmission” (Ryoo et al., 2014). Therefore, my enterprise has to follow the suit of other developed organizations.

            It has to employ modern IT audits to assess the challenges of accessing multiple users on the cloud. My business has to be prepared for the confidentiality issues associated with cloud computing application (Ryoo et al., 2014). I will recommend the utilization of Cloud Security Alliance (CSA)  in definition of the audit scope. The CSA will assist us in determining the strategies required in system enumeration and testing (Ryoo et al., 2014). Thus, the audits will foster data integrity and safeguard information assets.

            Ciunci (2017) introduced the FedRAMP audit type. I believe the type will suit me company since it is “a government-wide audit program, the Federal Risk and Authorization Management Program (FedRAMP) offers a standardized approach to authorization, security assessment and continuous monitoring for cloud service providers” (Ciunci, 2017). I will use the approach to ensure my business relies on nationally approved standards. However, I have to combine with ISO 27001  standard which is “a series of information management standards developed by the International Organization of Standardization (ISO) in conjunction with the International Electrotechnical Commission (IEC)” (Ciunci, 2017).  The strategy will widen the scope of my cloud computing IT.

            My business audit will have to enter in a  service level agreements (SLA). The SLA will assist in identification of compliance requirements (Sahoo, 2012). However, I will also consider the corporate policies and standards in determining the scope of my audit. The comprehensiveness of the audit will assist tracking the efficiency of the firm’s processes and procedures. I will ensure that I align the internal audits to the organizational operations. I have to ensure I differentiate the roles of the cloud providers. I have to differentiate between cloud providers’ and my roles (Sahoo, 2012). After that, I will be able to assess the stakeholders who are lagging in security strategies.

References

Ciunci, M. (2017, October 20). Keep Your Data Safe with the Right Audit for Your Cloud Service Provider. IS Partner

Ryoo,  J., Rizvi, S., Aiken, W., & Kissel, J. (2014). Cloud Security Auditing: Challenges and Emerging Approaches. EEE Security and Privacy Magazine, 12(6): pp. 68-74: DOI: 10.1109/MSP.2013.132

Sahoo, N. (2012, December 10). Audits and compliance requirements for cloud computing. Computer Weekly, np

Naren Work:

Cloud Computing Audit

Without a doubt, the world today has witnessed an increasing pace in the adoption of modern technology for the operation and running of businesses. With the increase in the advancement and use of various technologies, cloud computing has gained popularity in its use and popularity as it is being put in operation by many organizations. In the past five years, there have been rapid changes in the cloud computing taxonomy. “During this period, the role and scope of cloud computing has drastically changed” (Rimal & Lumb, 2017). This has been as a result of the rapid development of the standards that govern data security by the cloud vendors.

Audit of cloud computing is a term used to refer to the use of third parties for the evaluation, observation, and inspection of cloud computing to assess its operational effectiveness. The audits of cloud computing may be carried out targeting various areas that may include network security, communication, data management risks and venerability. “More specifically, cloud computing has been widely used in several areas and has become one of the major key technologies in our day-to-day life – from cellular phones to connected vehicles to the networked society” (Rimal & Lumb, 2017). Audit’s significance in the world of computing is inevitable.

It is important to understand the objective of audit in cloud computing since it helps in building and understanding its scope. This works for the review of several factors of the scope of auditing such as issues of control, governance, and compliance of the cloud computing audit. The factor of scope in cloud computing comes as a result of the rapidly increasing changes in technology and gives an overview of what audit needs to be conducted in the business. “The scope of your upcoming audit gives you an idea of type of audit your cloud service provider needs to conduct” (Ciunci, 2017). It is, however, important to allocate adequate time and resources for conducting this type of audit as opposed to the traditional IT audits process. Generally, the scope in cloud computer auditing is important for the business to the understanding of issues such as, the related governance that affects cloud computing, the contractual compliance matters between the service providers of cloud service and the business, and the matters of control specifically related to the cloud computing.

When preparing to carry out a cloud computing audit, it is important to put into consideration the business strategy. The aims of the audit need to be aligned with the operational business strategy to avoid conflicting objectives between the two. “Lack of alignment between information technology (IT) and the business is a problem facing many organizations” (Faizi & Rahman, 2019). Most importantly, the process needs adequate communication between the business and the auditor. This ensures that the systems are well-coordinated and maximum security of information maintained as proper communication ensures coordination of activities.

 

References

Ciunci, M. (2017). Keep Your Data Safe with the Right Audit for Your Cloud Service Provider. Partners. Retrieved from: https://www.ispartnersllc.com/blog/the-right-audit-for-your-cloud-service-provider/

Faizi, S. M., & Rahman, S. S. (2019). Securing Cloud Computing Through IT Governance. Available at SSRN 3360869.

Rimal, B. P., & Lumb, I. (2017). The rise of cloud computing in the era of emerging networked society. In Cloud Computing (pp. 3-25). Springer, Cham.