Question
How to record and report security-related behaviour in an operating cloud system?
Context
Audits are important for organisations in cloud environment given a pay-per-use business model. A thoroughly conducted audit program can assure financial and operational well-being of an organisation.
Solution
Security Audit Guidelines defined the important steps or tasks to be executed for systematically reviewing and monitoring cloud resources for security best practices. For example, AWS se- curity audit guideline provides the steps to review the application security configuration ranging from user credential management to identity and access control management.
References
Cloud Security Auditing: Challenges and Emerging Approaches - www.infoq.com
Data and infrastructure security auditing in cloud computing environments - www.sciencedirect.com