Information Technology Reference
In-Depth Information
has on the cloud computing platform. The review would include access controls, disaster
recovery, web server security, and data protection.
Standards have been developed for implementing cloud computing security such as ISO
27017. This new standard is based on ISO 27002. Most cloud computing service providers
have also developed their own internal security standards. ISACA has also developed
guidelines for auditing cloud computing security.
Auditing security on a cloud computing platform would require the use of a combination
of tools which could include checklists and questionnaires for testing security compliance.
The IS audit team might also consider using software interrogation tools which can be used
to test various technologies used by the service providers. Key technologies include virtual-
ization servers, network infrastructure, database systems, physical storage, and application
systems.
The challenges of security in a cloud computing platform are many, and security should
be managed effectively and proactively with the active involvement of client enterprises.
Service providers can only go up to a certain limit in terms of providing security. Providing
security training to users is a key aspect of securing systems on the cloud platform. User
awareness training is an important security component as fraud and data theft has been per-
petuated by employees.
A robust internal security system is critical to the successful implementation of a secure
environment in the enterprise. The cloud service provider should also ensure that their en-
vironment is secure and cannot be easily penetrated.
Cloud computing will be one of the major IT services in the near future, and IS auditors
need to prepare for this new development in terms of acquiring new skills. The use of cloud
computing experts will grow, and the demand for such experts will also grow.
Auditing Databases
One common audit which often requires the use of other experts is database auditing. Many
database systems used by large enterprises are complex and integrated with other databases
and application systems. In order to get good results and if the audit is highly technical, it is
recommended to use other experts who have the required qualifications and competencies.
Technical database system audits would require reviewing the structure of the database, ap-
plication system and database account mapping, data integrity checks, database security,
data tables, queues, triggers, object storage, and use of alerts and queries. How these fea-
tures are configured differ from one database to the other. The configuration in Oracle data-
bases will not be the same as in MS-SQL databases. So an expert in Oracle will be more
suitable to provide expert services on an Oracle database infrastructure audit.
Search WWH ::
Custom Search