More and more organizations are today using the cloud for their business as a quite convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for functions that, already in-house, may result sensitive or security critical, and whose enforcement in the cloud requires then particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach is based on the use of selective encryption and of tags to provide a level of self-protection to data and for enabling only authorized parties to access data and perform operations on them, providing privacy and integrity guarantees, as well as accountability and non-repudiation.
Enforcing Corporate Governance's Internal Controls and Audit in the Cloud / S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, P. Samarati (IEEE ... INTERNATIONAL CONFERENCE ON CLOUD COMPUTING). - In: CLOUD 2020[s.l] : Institute of Electrical and Electronics Engineers (IEEE), 2020. - ISBN 978-1-7281-8780-8. - pp. 453-461 (( Intervento presentato al 13. convegno IEEE International Conference on Cloud Computing tenutosi a Beijing (China (virtual)) nel 2020 [10.1109/CLOUD49709.2020.00067].
Enforcing Corporate Governance's Internal Controls and Audit in the Cloud
S. De Capitani di Vimercati
Primo
;S. ForestiSecondo
;P. SamaratiUltimo
2020
Abstract
More and more organizations are today using the cloud for their business as a quite convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for functions that, already in-house, may result sensitive or security critical, and whose enforcement in the cloud requires then particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach is based on the use of selective encryption and of tags to provide a level of self-protection to data and for enabling only authorized parties to access data and perform operations on them, providing privacy and integrity guarantees, as well as accountability and non-repudiation.File | Dimensione | Formato | |
---|---|---|---|
dfps-cloud2020.pdf
accesso aperto
Tipologia:
Pre-print (manoscritto inviato all'editore)
Dimensione
399.95 kB
Formato
Adobe PDF
|
399.95 kB | Adobe PDF | Visualizza/Apri |
Enforcing_Corporate_Governances_Internal_Controls_and_Audit_in_the_Cloud.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
281.59 kB
Formato
Adobe PDF
|
281.59 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.