Data and infrastructure security auditing in cloud computing environments

• Auditing is the ability for cloud customers to verify the presence and functioning of their provider's security measures.
• Important security measures are divided into those needed to support data and infrastructure security.
• What specific auditing concerns must be addressed to ensure broader adoption of cloud computing technologies?
• What is the current state of service offerings in providing auditing capability for user security concerns.
• How many of the lingering audit issues could be resolved using existing approaches and how many demand new solutions.

For many companies the remaining barriers to adopting cloud computing services are related to security. One of these significant security issues is the lack of auditability for various aspects of security in the cloud computing environment. In this paper we look at the issue of cloud computing security auditing from three perspectives: user auditing requirements, technical approaches for (data) security auditing and current cloud service provider capabilities for meeting audit requirements. We also divide specific auditing issues into two categories: infrastructure security auditing and data security auditing. We find ultimately that despite a number of techniques available to address user auditing concerns in the data auditing area, cloud providers have thus far only focused on infrastructure security auditing concerns.