More and more organizations are today using the cloud for their business as a convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for sensitive or security critical applications, whose enforcement in the cloud requires however particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach builds on a formalization of the ICA process and its requirements and on the consideration of the protection guarantees to be provided when outsourcing the process to external cloud services. The enforcement of the requirements leverages the use of selective encryption providing a self-protection layer on the data and on ICA reports, the hierarchical organization of keys based on the organizational structure, and compact tags for regulating write operations. Our solution enables the management of the ICA process with cloud-based services, while ensuring satisfaction of the protection requirements.
(2024). Enforcing Corporate Governance Controls with Cloud-based Services [journal article - articolo]. In IEEE TRANSACTIONS ON SERVICES COMPUTING. Retrieved from https://hdl.handle.net/10446/287760
Enforcing Corporate Governance Controls with Cloud-based Services
Paraboschi, Stefano;
2024-01-01
Abstract
More and more organizations are today using the cloud for their business as a convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for sensitive or security critical applications, whose enforcement in the cloud requires however particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach builds on a formalization of the ICA process and its requirements and on the consideration of the protection guarantees to be provided when outsourcing the process to external cloud services. The enforcement of the requirements leverages the use of selective encryption providing a self-protection layer on the data and on ICA reports, the hierarchical organization of keys based on the organizational structure, and compact tags for regulating write operations. Our solution enables the management of the ICA process with cloud-based services, while ensuring satisfaction of the protection requirements.File | Dimensione del file | Formato | |
---|---|---|---|
Enforcing_Corporate_Governance_Controls_with_Cloud-based_Services.pdf
accesso aperto
Versione:
publisher's version - versione editoriale
Licenza:
Creative commons
Dimensione del file
1.13 MB
Formato
Adobe PDF
|
1.13 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo