Visible to the public Enforcing Corporate Governance's Internal Controls and Audit in the Cloud

TitleEnforcing Corporate Governance's Internal Controls and Audit in the Cloud
Publication TypeConference Paper
Year of Publication2020
AuthorsVimercati, S. de Capitani di, Foresti, S., Paraboschi, S., Samarati, P.
Conference Name2020 IEEE 13th International Conference on Cloud Computing (CLOUD)
Date Publishedoct
Keywordsauditing, business data processing, business organizations, cloud computing, cloud-based services, cloud-based solutions, compositionality, corporate governance, cryptography, data access, data privacy, data protection, Encryption, encryption audits, ICA functions, integrity guarantee, Internal Controls and Audit functions, internal controls and audit process, organizational aspects, Organizations, outsourcing, Predictive Metrics, privacy guarantee, process control, pubcrawl, Resiliency, security, security of data, Selective Encryption, Self-protection
AbstractMore and more organizations are today using the cloud for their business as a quite convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for functions that, already in-house, may result sensitive or security critical, and whose enforcement in the cloud requires then particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach is based on the use of selective encryption and of tags to provide a level of self-protection to data and for enabling only authorized parties to access data and perform operations on them, providing privacy and integrity guarantees, as well as accountability and non-repudiation.
Citation Keyvimercati_enforcing_2020