Paper Unlock

Authors: Thomas Rübsamen 1 ; Christoph Reich 1 ; Nathan Clarke 2 and Martin Knahl 1

Affiliations: 1 Furtwangen University, Germany ; 2 Plymouth University, United Kingdom

ISBN: 978-989-758-182-3

ISSN: 2184-5042

Keyword(s): Cloud Computing, Audit, Federated Cloud, Security, Digital Evidence.

Related Ontology Subjects/Areas/Topics: Cloud Applications Performance and Monitoring ; Cloud Computing ; Cloud Computing Enabling Technology ; Federated Cloud ; Platforms and Applications ; Security, Privacy, and Compliance Management ; Services Science

Abstract: With the increasing importance of cloud computing, compliance concerns get into the focus of businesses more often. Furthermore, businesses still consider security and privacy related issues to be the most prominent inhibitors for an even more widespread adoption of cloud computing services. Several frameworks try to address these concerns by building comprehensive guidelines for security controls for the use of cloud services. However, assurance of the correct and effective implementation of such controls is required by businesses to attenuate the loss of control that is inherently associated with using cloud services. Giving this kind of assurance is traditionally the task of audits and certification. Cloud auditing becomes increasingly challenging for the auditor the more complex the cloud service provision chain becomes. There are many examples for Software as a Service (SaaS) providers that do not own dedicated hardware anymore for operating their services, but rely solely on oth er cloud providers of the lower layers, such as platform as a service (PaaS) or infrastructure as a service (IaaS) providers. The collection of data (evidence) for the assessment of policy compliance during a technical audit is aggravated the more complex the combination of cloud providers becomes. Nevertheless, the collection at all participating providers is required to assess policy compliance in the whole chain. The main contribution of this paper is an analysis of potential ways of collecting evidence in an automated way across cloud provider boundaries to facilitate cloud audits. Furthermore, a way of integrating the most suitable approaches in the system for automated evidence collection and auditing is proposed. (More)


Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Rübsamen, T.; Reich, C.; Clarke, N. and Knahl, M. (2016). Evidence Collection in Cloud Provider Chains.In Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-182-3, ISSN 2184-5042, pages 59-70. DOI: 10.5220/0005788700590070

author={Thomas Rübsamen. and Christoph Reich. and Nathan Clarke. and Martin Knahl.},
title={Evidence Collection in Cloud Provider Chains},
booktitle={Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},


JO - Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Evidence Collection in Cloud Provider Chains
SN - 978-989-758-182-3
AU - Rübsamen, T.
AU - Reich, C.
AU - Clarke, N.
AU - Knahl, M.
PY - 2016
SP - 59
EP - 70
DO - 10.5220/0005788700590070

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.