Auditing in the Cloud
-
Upload
tcarrucan -
Category
Technology
-
view
649 -
download
3
description
Transcript of Auditing in the Cloud
![Page 1: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/1.jpg)
Auditing in the Cloud
Can Technology improve Audit compliance ..... and how secure is it?
Tony Carrucan CEO Mediasphere
Rich Neal CEO Auditflow
![Page 2: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/2.jpg)
1. Choose your response from the corresponding keypad button(s).
2. The light will go GREEN to confirm your response has been received.
3. You can change your answer (whilst voting is open) simply by pressing your new response button(s).
(The system will only count the last vote)
HOW TO USE THE KEYPADS
![Page 3: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/3.jpg)
Keypad Responses
Please note all responses for this
session will be ANONYMOUS
![Page 4: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/4.jpg)
Where are you from?
12%24%0%2%61%1. Australia
2. NZ
3. Singapore
4. China
5. Other
![Page 5: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/5.jpg)
Are you:
1 2 3
61%
15%
24%
1. Male
2. Female
3. Not sure
![Page 6: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/6.jpg)
Are you in public practice?
1 2
62%
38%
1. Yes
2. No
![Page 7: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/7.jpg)
Do you understand what the Cloud is about?
1 2 3 4
22%
9%
28%
41%
1. Absolutely
2. Sort of
3. Not really
4. Clear as mud
![Page 8: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/8.jpg)
Do you think the Cloud is secure?
1 2 3 4
6%
13%
38%
44%1. Yes
2. I think so
3. I don’t think so
4. No
![Page 9: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/9.jpg)
Do you think content and applications are more likely to be up to date if hosted in the Cloud?
1 2 3 4
40%
9%6%
46%
1. Yes
2. I think so
3. I don’t think so
4. No
![Page 10: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/10.jpg)
Do you audit?
1 2
43%
57%1. Yes
2. No
![Page 11: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/11.jpg)
How many SME audits would you do annually?
1 2 3 4 5 6
42%
21%
5%
16%16%
0%
1. 1 - 5
2. 6 – 10
3. 11 – 15
4. 16 – 20
5. 21 – 50
6. 51+
![Page 12: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/12.jpg)
How many SMSF audits would you do annually?
1 2 3 4 5 6 7
56%
0%
11%
0%0%
33%
0%
1. 1 - 5
2. 6 – 10
3. 11 - 26
4. 27 - 50
5. 51 - 100
6. 101 – 500
7. 500+
![Page 13: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/13.jpg)
The World has Changed!
![Page 14: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/14.jpg)
![Page 15: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/15.jpg)
The Next 5 Years
![Page 16: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/16.jpg)
Device Growth of Adoption
![Page 17: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/17.jpg)
![Page 18: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/18.jpg)
Why is Everyone Talking About the Cloud?Cloud Computing is a revolution that will change your business for the better, letting you work faster, cheaper and better…. and from anywhere, just about.
Cloud Computing is one term for Internet-based software and hardware platforms – basically, instead of installing programs on your own computer, you access them over the Internet – Gmail is cloud computing, in fact most of what Google offers is cloud computing – you access it via a web interface.
![Page 19: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/19.jpg)
![Page 20: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/20.jpg)
![Page 21: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/21.jpg)
What is Cloud Computing?
![Page 22: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/22.jpg)
Gartner Cloud Computing Research 2011
![Page 23: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/23.jpg)
Your Company as a Social Enterprise
During his Dreamforce keynote earlier this year, Mark Benioff, CEO of Salesforce spoke of the power and absolute inevitability of the social revolution and the need for companies to transform themselves into social enterprises. All of that is best achieved, he said, through the use of cloud technology and philosophy.
![Page 24: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/24.jpg)
![Page 25: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/25.jpg)
![Page 26: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/26.jpg)
Queensland Premier’s WebsiteToward Q2: Tomorrow’s Queensland
![Page 27: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/27.jpg)
www.myq2.com.au Gov 2.0 in the Cloud
![Page 28: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/28.jpg)
MyQ2 – My Site in the Cloud
![Page 29: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/29.jpg)
Technical Cloud 101= Software, Platform, Infrastructure-as-a-Service
SaaS or Software-as-a-Service is the application allowing you to perform your daily activities/tasks on your desktop computer but on-demand.Software on-demand means you only use when you need, thus only pay and consume resources when you need anywhere anytime.
PaaS or Platform-as-a-Service delivers computing platform allowing your application to consume computing resources as needed.
IaaS or Infrastructure-as-a-Service is the infrastructure or environment where servers and resources are managed and securely monitored.
![Page 30: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/30.jpg)
Where do Acronyms fit in?
Though not all SaaS providers rely on PaaS and/or IaaS
![Page 31: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/31.jpg)
Infrastructure-as-a-Service
Virtualisation2+ Virtual machines with HA
Managed Firewall/Router/VPN etc.
Virtualisation2+ Virtual machines with HA
Managed Firewall/Router/VPN etc.
HardwareDual quad-core Processors, DAS/SAN/NAS storage,
redundant PSU and NIC, etc.
HardwareDual quad-core Processors, DAS/SAN/NAS storage,
redundant PSU and NIC, etc.
NetworkingRouters, VLAN, Managed switches, etc
NetworkingRouters, VLAN, Managed switches, etc
Data commTier-1 Bandwidth, Public/WAN IP, etc
Data commTier-1 Bandwidth, Public/WAN IP, etc
Application Server Stack
Application Server Stack
Application Server Stack
Application Server Stack
Application Server Stack
Application Server Stack
![Page 32: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/32.jpg)
Platform-as-a-Service
DeploymentSoftware deployment, customisation, Billing,
Provisioning, Monitoring
DeploymentSoftware deployment, customisation, Billing,
Provisioning, Monitoring
Development & APIUser Interface, Business Logic, Data Model
Development & APIUser Interface, Business Logic, Data Model
Application ServicesCore computing platform, Queue Services, Scalability,
High Availability, Resource Management
Application ServicesCore computing platform, Queue Services, Scalability,
High Availability, Resource Management
Operating SystemsRHEL, Solaris, Debian, Windows Server, Ubuntu, etc.
Operating SystemsRHEL, Solaris, Debian, Windows Server, Ubuntu, etc.
Software Access
Software Access
Software Access
Software Access
Software Access
Software Access
Data and FileStorage, Database Cluster, & Data warehouse
Data and FileStorage, Database Cluster, & Data warehouse
![Page 33: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/33.jpg)
Software-as-a-Service
User InterfaceUser Interaction, Roles and Access, Customisation,
User InterfaceUser Interaction, Roles and Access, Customisation,
Subscription-based
Subscription-based
Transaction-based
Transaction-based Ad-basedAd-based
Application featuresUser management, Customer management, online
forms, reporting tools, etc.
Application featuresUser management, Customer management, online
forms, reporting tools, etc.
Data AccessControlled access to data directly from application or
Web Service API
Data AccessControlled access to data directly from application or
Web Service API
Data and FilesStorage, Database Cluster, & Data warehouse
Data and FilesStorage, Database Cluster, & Data warehouse
![Page 34: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/34.jpg)
Auditing-as-a-Service
Engagement PartnerMonitor firms audit workflow
Engagement PartnerMonitor firms audit workflow
Review PartnerSee what review points are outstanding with clients
Review PartnerSee what review points are outstanding with clients
ManagerWorking and managing audit engagements
ManagerWorking and managing audit engagements
Junior AuditorWorking on client audit assignments
Junior AuditorWorking on client audit assignments
SME AuditSME Audit Corporate Audit
Corporate Audit SMSF AuditSMSF Audit
Intermediate AuditorWorking on client audit assignments
Intermediate AuditorWorking on client audit assignments
![Page 35: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/35.jpg)
![Page 36: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/36.jpg)
Current challenges with Data
1. Data Confidentiality and Compliancy
2. Data Segregation
3. Data Integrity
• Lack of understanding about cloud technologies leads accountants and auditors to assume that data is safer on their own computers and servers.
• What would happen if you lost your laptop? – is your data encrypted or just protected by your password...how safe is your password.
Lets explore the risks and mitigation strategies in the cloud.
![Page 37: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/37.jpg)
![Page 38: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/38.jpg)
![Page 39: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/39.jpg)
![Page 40: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/40.jpg)
Cloud Computing Adoption
Is cloud computing just a trend or is it a technology that you seriously consider in your business?
![Page 41: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/41.jpg)
• Compliance requirements escalated• Accuracy & responsibility in financial reporting• Simplicity – amongst complexity of changing rules
Financial Planners / Accountants alike require a full suite of reliable, compliant applications.
GFC – What did we learn?
![Page 42: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/42.jpg)
96%
4%
96% of Small / Medium Australian Company auditors
fail compliance test ASIC Report - 2008/2009
![Page 43: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/43.jpg)
Over 570,000 audits conducted in Australia per annum. 450,000 of these are SMSF audits
Over 10 million audits conducted annually worldwide. International Auditing Standards have been adopted by 125 countries
![Page 44: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/44.jpg)
Industry not keeping up with •Changing regulations
•Enormous volume of requirements,
•Low margin for their fees,
•Time constraints,
•Lack of tools & knowledge
![Page 45: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/45.jpg)
The average audit firm using traditional audit practice
- Every now and then, we run out of data storage space, buy more servers, update printer, replace ink, or revert backup because your junior has deleted the wrong folder. Then every year you need to update all your software licenses.
- Why for pay for software, servers, hire a team of IT professionals when all can be on the cloud
Create / Setup Client files
Create / Setup Client files
Preliminary work
Preliminary work
Audit planning process
&Audit
procedures
Audit planning process
&Audit
procedures
Review processReview process
Audit completeand
Archiving
Audit completeand
Archiving
Email & Fax correspondence
Email & Fax correspondence Folder and Files
management through Windows
Explorer
Folder and Files management
through Windows Explorer
Managing Client Contacts
Managing Client Contacts
File versioning and Track changes
File versioning and Track changes
Multi-user accessMulti-user access
![Page 46: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/46.jpg)
Cloud• Easily and constantly updated• Processes to guide compliance• Secure access to data• Unlocks the process• Builds around the client
• Simplifies support• Seamless upgrades• Client centric• Centrally managed
![Page 47: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/47.jpg)
What does it mean to you and your Auditing team (Benefits)
1. Do what you and your audit team excel at doing
2. Reduce cost
3. Mobility and accessibility
4. No software upgrade hassle
5. No tape backup and System backup to worry about
6. Compliance and references up to date and automated
7. Collaboration with audit engagement team
8. Eco-friendly
9. Lesser or no paper storage required
10.Business continuity and high availability
![Page 48: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/48.jpg)
Risks and Issues
1. Security of information
2. Contingency plan
3. Disaster recovery plan
4. Confidentiality of information
5. Always connected
6. Offshore Data Storage, legislation and jurisdiction
![Page 49: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/49.jpg)
Cloud Security
IT analyst firm, Gartner, identifies seven specific security issues that users should raise with app vendors before purchasing.
1.Privileged user access.
• Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical and personnel controls" IT shops exert over in-house programs.
• Get as much information as you can about the people who manage your data.
• "Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access," Gartner says.
http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853
![Page 50: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/50.jpg)
Cloud Security
2. Regulatory compliance.
• Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider.
• Traditional service providers are subjected to external audits and security certifications.
• Cloud computing providers who refuse to undergo this scrutiny are "signalling that customers can only use them for the most trivial functions," according to Gartner.
![Page 51: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/51.jpg)
3. Data location.
• When you use the cloud, you probably won't know exactly where your data is hosted. In fact, you might not even know what country it will be stored in.
• Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers, Gartner advises.
Cloud Security
![Page 52: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/52.jpg)
Cloud Security
4. Data segregation.
• Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all.
• "Find out what is done to segregate data at rest," Gartner advises.
• The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists.
• "Encryption accidents can make data totally unusable, and even normal encryption can complicate availability," Gartner says.
![Page 53: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/53.jpg)
Cloud Security
5. Recovery.
• Even if you don't know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster.
• "Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure," Gartner says.
• Ask your provider if it has "the ability to do a complete restoration, and how long it will take."
![Page 54: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/54.jpg)
Cloud Security
6. Investigative support.
• Investigating inappropriate or illegal activity may be impossible in cloud computing, Gartner warns.
• "Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centres.
• If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible."
![Page 55: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/55.jpg)
Cloud Security
7. Long-term viability.
• Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event.
• "Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application," Gartner says.
![Page 56: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/56.jpg)
Top security tips for you and what you can do
As a end-user, we must consider the following:
1. Strong password – more than 8 characters, combination of alphanumeric and uppercase/lowercase characters.
2. Replacing alpha characters in your password with special characters;
eg. a -> @, i -> !, b -> 6, q -> 9, s -> 5 or %, e -> 3 or #
http://howsecureismypassword.net/
3. Have a security question answer that has nothing to do with the question
4. Not to use remember me feature on your web browser
5. Ensure you login through and stay on HTTPS protocol. If your App vendor don’t provide it then question whether possible exposed data is acceptable in the type of work you are undertaking.
![Page 57: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/57.jpg)
Common security practices by providers
1. Application level Encrypted data transfer through VPN or HTTPS protocols Encrypted passwords Provide captcha after multiple login failure attempts Policy and role based access Uploading file restriction At the code-base level: SQL Injection proof, data defamation, Session
management
2. Platform level Firewall and IP tables Access log and Monitoring tools
3. Infrastructure level DMZ and first level of Firewall Network Isolation (VLAN, domain (Ipsec) security, etc)
![Page 58: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/58.jpg)
Do you understand what the Cloud is about?
1 2 3 4
61%
3%0%
35%
1. Absolutely
2. Sort of
3. Not really
4. Clear as mud
![Page 59: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/59.jpg)
![Page 60: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/60.jpg)
Do you think the Cloud is secure?
1 2 3 4
35%
12%12%
42%1. Yes
2. I think so
3. I don’t think so
4. No
![Page 61: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/61.jpg)
![Page 62: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/62.jpg)
Do you think content and applications are more likely to be up to date if hosted in the Cloud?
1 2 3 4
69%
0%3%
28%
1. Yes
2. I think so
3. I don’t think so
4. No
![Page 63: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/63.jpg)
![Page 64: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/64.jpg)
THANK-YOU!Please leave your
keypad on the table or your chair, it won’t
open your garage door or turn on your TV!
I have programmed it to send an electric
bolt if you take out of room … Thank you www.keepad.com
![Page 65: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/65.jpg)
References and future readings
http://www.mindtouch.com/blog/2008/05/28/differences-between-saas-and-cloud-software/
http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853
http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf
http://cloudsecurity.trendmicro.com/tag/iaas/
http://blogs.oracle.com/gbrunett/entry/security_recommendations_for_iaas_providers
http://social.technet.microsoft.com/wiki/contents/articles/3794.aspx
http://social.technet.microsoft.com/wiki/contents/articles/security-implications-of-cloud-service-models.aspx
http://www.csoonline.com/article/660065/saas-paas-and-iaas-a-security-checklist-for-cloud-models
http://www.securityinfowatch.com/root%20level/7-requirements-saas
http://www.saasblogs.com/saas/demystifying-the-cloud-where-do-saas-paas-and-other-acronyms-fit-in/
http://www.rightwaysolution.com/SaaS.html
Charles, E. Getting your head around the cloud, In Practice Magazine, 2011, Issue 1
![Page 66: Auditing in the Cloud](https://reader034.fdocuments.in/reader034/viewer/2022051411/546c80ddaf795985168b4a72/html5/thumbnails/66.jpg)
Keep in Contact
Tony Carrucan
CEO Mediasphere
www.mediasphere.com.au
Richard Neal
CEO Auditflow
www.auditflow.com.au