More and more organizations are today using the cloud for their business as a convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for sensitive or security critical applications, whose enforcement in the cloud requires however particular care. In this article, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach builds on a formalization of the ICA process and its requirements and on the consideration of the protection guarantees to be provided when outsourcing the process to external cloud services. The enforcement of the requirements leverages the use of selective encryption providing a self-protection layer on the data and on ICA reports, the hierarchical organization of keys based on the organizational structure, and compact tags for regulating write operations. Our solution enables the management of the ICA process with cloud-based services, while ensuring satisfaction of the protection requirements.
Enforcing Corporate Governance Controls with Cloud-based Services / S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, P. Samarati. - In: IEEE TRANSACTIONS ON SERVICES COMPUTING. - ISSN 1939-1374. - 17:6(2024 Dec), pp. 3583-3596. [10.1109/TSC.2024.3451179]
Enforcing Corporate Governance Controls with Cloud-based Services
S. De Capitani di VimercatiPrimo
;S. ForestiSecondo
;P. Samarati
Ultimo
2024
Abstract
More and more organizations are today using the cloud for their business as a convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for sensitive or security critical applications, whose enforcement in the cloud requires however particular care. In this article, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach builds on a formalization of the ICA process and its requirements and on the consideration of the protection guarantees to be provided when outsourcing the process to external cloud services. The enforcement of the requirements leverages the use of selective encryption providing a self-protection layer on the data and on ICA reports, the hierarchical organization of keys based on the organizational structure, and compact tags for regulating write operations. Our solution enables the management of the ICA process with cloud-based services, while ensuring satisfaction of the protection requirements.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Enforcing_Corporate_Governance_Controls_With_Cloud-Based_Services.pdf
accesso aperto
Descrizione: Article
Tipologia:
Publisher's version/PDF
Dimensione
1.64 MB
Formato
Adobe PDF
|
1.64 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
