More and more organizations are today using the cloud for their business as a convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for sensitive or security critical applications, whose enforcement in the cloud requires however particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach builds on a formalization of the ICA process and its requirements and on the consideration of the protection guarantees to be provided when outsourcing the process to external cloud services. The enforcement of the requirements leverages the use of selective encryption providing a self-protection layer on the data and on ICA reports, the hierarchical organization of keys based on the organizational structure, and compact tags for regulating write operations. Our solution enables the management of the ICA process with cloud-based services, while ensuring satisfaction of the protection requirements.

(2024). Enforcing Corporate Governance Controls with Cloud-based Services [journal article - articolo]. In IEEE TRANSACTIONS ON SERVICES COMPUTING. Retrieved from https://hdl.handle.net/10446/287760

Enforcing Corporate Governance Controls with Cloud-based Services

Paraboschi, Stefano;
2024-01-01

Abstract

More and more organizations are today using the cloud for their business as a convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for sensitive or security critical applications, whose enforcement in the cloud requires however particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach builds on a formalization of the ICA process and its requirements and on the consideration of the protection guarantees to be provided when outsourcing the process to external cloud services. The enforcement of the requirements leverages the use of selective encryption providing a self-protection layer on the data and on ICA reports, the hierarchical organization of keys based on the organizational structure, and compact tags for regulating write operations. Our solution enables the management of the ICA process with cloud-based services, while ensuring satisfaction of the protection requirements.
articolo
2024
De Capitani di Vimercati, Sabrina; Foresti, Sara; Paraboschi, Stefano Giulio; Samarati, Pierangela
(2024). Enforcing Corporate Governance Controls with Cloud-based Services [journal article - articolo]. In IEEE TRANSACTIONS ON SERVICES COMPUTING. Retrieved from https://hdl.handle.net/10446/287760
File allegato/i alla scheda:
File Dimensione del file Formato  
Enforcing_Corporate_Governance_Controls_with_Cloud-based_Services.pdf

accesso aperto

Versione: publisher's version - versione editoriale
Licenza: Creative commons
Dimensione del file 1.13 MB
Formato Adobe PDF
1.13 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/287760
Citazioni
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact