IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca

More and more organizations are today using the cloud for their business as a quite convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for functions that, already in-house, may result sensitive or security critical, and whose enforcement in the cloud requires then particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach is based on the use of selective encryption and of tags to provide a level of self-protection to data and for enabling only authorized parties to access data and perform operations on them, providing privacy and integrity guarantees, as well as accountability and non-repudiation.

Enforcing Corporate Governance's Internal Controls and Audit in the Cloud / S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, P. Samarati (IEEE ... INTERNATIONAL CONFERENCE ON CLOUD COMPUTING). - In: CLOUD 2020[s.l] : Institute of Electrical and Electronics Engineers (IEEE), 2020. - ISBN 978-1-7281-8780-8. - pp. 453-461 (( Intervento presentato al 13. convegno IEEE International Conference on Cloud Computing tenutosi a Beijing (China (virtual)) nel 2020 [10.1109/CLOUD49709.2020.00067].

Enforcing Corporate Governance's Internal Controls and Audit in the Cloud

S. De Capitani di Vimercati
Primo
;S. Foresti
Secondo
;P. Samarati
Ultimo
2020

Abstract

More and more organizations are today using the cloud for their business as a quite convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for functions that, already in-house, may result sensitive or security critical, and whose enforcement in the cloud requires then particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach is based on the use of selective encryption and of tags to provide a level of self-protection to data and for enabling only authorized parties to access data and perform operations on them, providing privacy and integrity guarantees, as well as accountability and non-repudiation.
Cloud-based services; outsourcing; internal controls and audit process; selective encryption;
Settore INF/01 - Informatica
   Multi-Owner data Sharing for Analytics and Integration respecting Confidentiality and Owner control (MOSAICrOWN)
   MOSAICrOWN
   EUROPEAN COMMISSION
   H2020
   825333

   High quality Open data Publishing and Enrichment (HOPE)
   HOPE
   MINISTERO DELL'ISTRUZIONE E DEL MERITO
   2017MMJJRE_003
2020
Institute of Electrical and Electronics Engineers (IEEE)
Book Part (author)
03 - Contributo in volume
File in questo prodotto:
File Dimensione Formato  
dfps-cloud2020.pdf

accesso aperto

Tipologia: Pre-print (manoscritto inviato all'editore)
Dimensione 399.95 kB
Formato Adobe PDF
Visualizza/Apri
399.95 kB Adobe PDF Visualizza/Apri
Enforcing_Corporate_Governances_Internal_Controls_and_Audit_in_the_Cloud.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 281.59 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
281.59 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/903580
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact