The field of cybersecurity has both from a research and business aspect grown rapidly over the la... more The field of cybersecurity has both from a research and business aspect grown rapidly over the last decade as a response to the numerous security breaches. The use of cloud and IoT solutions has challenged many of the commonly held practices and demanded that new methods and practices are developed. In particular, a major concern with the use of IoT has been the security of the technology and for cloud computing, in general, there is a lack of control of the underlying infrastructure and services. The use of either technology in safety-critical installations deserves a broad focus on the trustworthiness of such solutions. The special track “Cloud Cyber Security and Privacy: Readiness for the Next Decade (CCSP:RND)” takes a forward-looking perspective to improve the understanding of security in safety-critical installations. The special track includes five publications on security topics that aim to deepen the understanding of how to improve security and how to retain information for...
Proceedings of the 2nd International Conference on Complexity, Future Information Systems and Risk
Unikernels allow application deployment through custom-built minimal virtual machines. The author... more Unikernels allow application deployment through custom-built minimal virtual machines. The authors investigate how unikernels and their inherent minimalism benefit system security. The analysis starts with common security vulnerability classes and their possible remediation. A platonic unikernel framework is used to describe how unikernels can solve common security problems, focusing both on a micro-and macro level. This theoretical framework is matched against an existing unikernel framework, and the resulting mismatch is used as a starting point for the research areas the authors are currently working on. We demonstrate how using a single responsibility unikernel-based architectural framework could be used to reduce complexity and thus improve enterprise cloud security.
international conference on cloud computing, Apr 18, 2021
Finding a robust security mechanism for audit trail logging has long been a poorly satisfied goal... more Finding a robust security mechanism for audit trail logging has long been a poorly satisfied goal. There are many reasons for this. The most significant of these is that the audit trail is a highly sought after goal of attackers to ensure that they do not get caught. Thus they have an incredibly strong incentive to prevent companies from succeeding in this worthy aim. Regulation, such as the European Union General Data Protection Regulation, has brought a strong incentive for companies to achieve success in this area due to the punitive level of fines that can now be levied in the event of a successful breach by an attacker. We seek to resolve this issue through the use of an encrypted audit trail process that saves encrypted records to a true immutable database, which can ensure audit trail records are permanently retained in encrypted form, with no possibility of the records being compromised. This ensures compliance with the General Data Protection Regulation can be achieved.
In previous literature, an inclusive practice approach to counteract possible areas of concern re... more In previous literature, an inclusive practice approach to counteract possible areas of concern regarding cloud-based security for virtual learning environments has been proposed. In this paper, the theoretical framework 'transformability theory' underpinning such a proposal is applied in the context of higher education. Practicalities and limitations applying to such an idealised approach in a real context are explored in the form of a case study. The case study includes both the multiple and mixed roles that learning analytics and usability play in cloud-based security. Whilst such roles provided by technology still rely on the need for a social and technical system approach based on a pedagogical focus aligned with educational beliefs, attitudes and practices, observations from the case study show that risks and threats can be managed on a perception and actual occurrence basis. Such encouraging findings from this pilot study support the need for a larger more substantial ...
This paper presents a practical solution to the problem of limited bandwidth in Quantum Key Distr... more This paper presents a practical solution to the problem of limited bandwidth in Quantum Key Distribution (QKD)-secured communication through using rapidly rekeyed Internet Protocol security (IPsec) links. QKD is a cutting-edge security technology that provides mathematically proven security by using quantum physical effects and information theoretical axioms to generate a guaranteed non-disclosed stream of encryption keys. Although it has been a field of theoretical research for some time, it has only been producing market-ready solutions for a short period of time. The downside of this technology is that its key generation rate is only around 52,000 key bits per second over a distance of 50 km. As this rate limits the data throughput to the same rate, it is substandard for normal modern communications, especially for securely interconnecting networks. IPsec, on the other hand, is a well-known security protocol that uses classical encryption and is capable of exactly creating site-t...
Advances in Security in Computing and Communications, 2017
Achieving cloud security is not a trivial problem to address. Developing and enforcing good cloud... more Achieving cloud security is not a trivial problem to address. Developing and enforcing good cloud security controls are fundamental requirements if this is to succeed. The very nature of cloud computing can add additional problem layers for cloud security to an already complex problem area. We discuss why this is such an issue, consider what desirable characteristics should be aimed for and propose a novel means of effectively and efficiently achieving these goals through the use of well-designed unikernel-based systems. We have identified a range of issues, which need to be dealt with properly to ensure a robust level of security and privacy can be achieved. We have addressed these issues in both the context of conventional cloud-based systems, as well as in regard to addressing some of the many weaknesses inherent in the Internet of things. We discuss how our proposed approach may help better address these key security issues which we have identified.
2017 International Conference on Engineering and Technology (ICET), 2017
Achieving enterprise security is a huge challenge, which becomes much more challenging when cloud... more Achieving enterprise security is a huge challenge, which becomes much more challenging when cloud is added to the mix, due to the multi-tenancy nature of cloud ecosystems. Once we add the dimensions of the Internet of Things (IoT) and Big Data, this problem becomes exponentially more complex. We consider why this is so and highlight a number of key research questions which have yet to be resolved. We seek to address the problem by combining a number of emerging research techniques which we and our collaborators have developed, in such a way as to improve the chance of achieving a better level of security and privacy for enterprises.
IT security and privacy is a challenging problem to address, and when cloud is used, there is an ... more IT security and privacy is a challenging problem to address, and when cloud is used, there is an exponential increase in the challenge. A particular challenge is the cloud forensic problem, which arises when an attacker succeeds in breaching a cloud system, because one of the first aims is to delete the forensic trail, and there is little to prevent this from happening in cloud. Quite apart from the obvious difficulties this will present to finding out who has breached the system and how they got in, there will now be a far more pressing problem to be dealt with, namely, the forthcoming European Union General Data Protection Regulation. Once a breach has been identified, it is also necessary for the company to report the impact of the breach, to include which records were accessed, modified, deleted, or exfiltrated, on pain of punitive levels of fine. Where the forensic trail has been compromised, this might prove to be a huge challenge to comply with. We propose addressing this problem through the use of Unikernel based monitoring systems which can ensure both full forensic and audit trails can be maintained.
Many cloud users are blindly heading into a potentially devastating regulatory disaster zone. Giv... more Many cloud users are blindly heading into a potentially devastating regulatory disaster zone. Given the shortcomings of the cloud due to the cloud forensic problem, this is likely to mean many cloud users will be unable to be compliant with the forthcoming EU General Data Protection Regulation when it comes into effect on 25th May, 2018. We consider the possible use of a crypto-currency based mechanism to address the as yet unsolved cloud forensic problem. Crypto-currencies are becoming a global phenomenon, and gaining more attention from media, venture capitalists, financial and government institutions. We focus on the operational risk and the market risk related to cryptocurrencies, especially the dominating Bitcoin. The operational risk encompasses the actions that undermine the technological infrastructure and security assumptions of crypto-currencies. We discuss how the implementation of block chain technology could improve the efficiency of financial infrastructure, as well as...
Conventional web based systems present a multiplicity of attack vectors. One of the main componen... more Conventional web based systems present a multiplicity of attack vectors. One of the main components, the database, is frequently configured incorrectly, often using default settings, which leave the system wide open to attack. Once a system has been attacked, valuable audit trail and system log data is usually deleted to cover the trail of the perpetrator. Given the average industry time between breach and discovery, there is often little forensic trail left to follow. Of equal importance is that in cloud settings, where new instances are automatically spooled and shut down to follow the demand curve, any data stored on the running instance before shut down is lost. We demonstrate how the configuration of a simple immutable database, running on a separate private system can go a long way to resolving this problem. Index Terms-Cloud security and privacy; immutable database; forensic trail.
Information security in the cloud presents a serious challenge. We have identified fundamental we... more Information security in the cloud presents a serious challenge. We have identified fundamental weaknesses when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. Of course, merely having an effective audit trail is not enough — we actually have to examine it regularly to realise the potential benefits it offers. Keywords—security; privacy; audit; audit trail.
In today’s corporate world, the notion of corporate governance has taken a more important role in... more In today’s corporate world, the notion of corporate governance has taken a more important role in the management of large corporates. There is a growing consensus that large corporates ought to take more of a stewardship approach to running a company in a clear attempt to move away from the agency theory approach, with all its attendant problems and issues. A fundamental component of corporate governance concerns the adequate recognition of risk faced by the organisation and dealing with it appropriately. Traditional corporate IT risk is well understood, as are the mitigation strategies needed to address this important area. Large corporates also understand risk theory well, and how finding the right balance between risk and profitability is key to ensuring profitability can be maximised while ensuring long term sustainability and resilience are also achieved. We assert that the cloud computing paradigm, while economically attractive to corporates, provides such a step change from t...
Cyber-security presents a serious challenge. Cybersecurity in the cloud presents a far more serio... more Cyber-security presents a serious challenge. Cybersecurity in the cloud presents a far more serious challenge, due to the multi-tenant nature of cloud relationships and the transitory nature of cloud instances. We have identified a fundamental weakness when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. A major weakness is the need to ensure the audit trail is properly preserved. We propose that some simple changes in approach are undertaken, which can considerably improve the status quo, while radically improving the ability to conduct forensic examination in the event of a breach, but of course, merely having an effective audit trail is not enoughwe actually have to analyse it regularly to realise the potential benefits it offers.
Cloud security and privacy is a very challenging problem to solve. We started a project to explor... more Cloud security and privacy is a very challenging problem to solve. We started a project to explore a new approach to addressing this problem by utilising a unikernel based solution. In this paper, we outline the technical details of such an approach, identifying how this new approach can better address the issues involved. We have demonstrated how this new approach can improve the status quo.
Achieving information security and privacy is not a trivial exercise. This becomes much more chal... more Achieving information security and privacy is not a trivial exercise. This becomes much more challenging in the cloud, due to the multi-tenancy nature of cloud ecosystems. We are concerned that the traditional legacy compatible approach to software development is holding enterprises back from achieving effective security and privacy, particularly in the cloud. In this paper we discuss the implications of the traditional approach to software development and question why we stick to this approach, despite the fact that this approach makes the job of security and privacy far more difficult.
All corporate businesses are under constant attack. There is no doubt that the adoption of a mult... more All corporate businesses are under constant attack. There is no doubt that the adoption of a multitude of cheap Internet of Things devices have proved to be a great enabler of the vastly expanded potential for data collection to run systems, processes, and machines more effectively. Unfortunately, their very cheapness often means that security is not appropriately considered during design, and that the incorporation of such devices can introduce a new route in to corporate systems for attackers. The audit trail is often the single most important target for attackers to allow them to cover their tracks and remain hidden in the system for a long duration. Therefore, we must ensure we take extra precautions to properly secure this important record in a cryptographically secured immutable database, for without it, we have no means to forensically discover who has perpetrated attacks, nor how they penetrated our systems. In this paper, we explore a method of securely collecting and stori...
Many people assume that cloud audit is no more difficult than IT audit in general. We provide an ... more Many people assume that cloud audit is no more difficult than IT audit in general. We provide an outline of the evolution of cloud, providing an explanation of how it differs from conventional IT. We then discuss some of the benefits and drawbacks of cloud, particularly in connection to audit challenges, highlighting the dangers and shortcomings of many approaches. Keywords—security; privacy; standards; compliance; audit.
Ahead of the introduction of the EU General Data Privacy Regulation (GDPR), we consider some impo... more Ahead of the introduction of the EU General Data Privacy Regulation (GDPR), we consider some important unresolved issues with cloud computing, namely, the insecure cloud audit trail problem and the challenge of retaining cloud forensic evidence. Developing and enforcing good cloud security controls is an essential requirement for this is to succeed. The nature of cloud computing architecture can add additional problem layers for achieving cloud security to an already complex problem area. Historically, many corporates have struggled to identify when their systems have been breached, let alone understand which records have been accessed, modified, deleted or ex-filtrated from their systems. Often, there is no understanding as to who has perpetrated the breach, meaning it is difficult to quantify the risk to which they have been exposed. The GDPR seeks to improve this situation by requiring all breaches to be reported within 72 hours of an occurrence, including full identification of ...
The use of IT based systems in mainstream education brings a particular focus to bear on security... more The use of IT based systems in mainstream education brings a particular focus to bear on security. When these systems involve the use of cloud, the challenge increases exponentially. There are a great many benefits to be gained from cloud use, and therefore, we argue that developing a suitable approach to provide a secure cloud based learning environment, which would be used to facilitate use for inclusive practice in mainstream education would be a worthwhile goal. We demonstrate how to develop such an approach, which we believe could provide a more effective approach than traditional technology based approaches. Keywords–Inclusive education; security; privacy;cloud system.
The field of cybersecurity has both from a research and business aspect grown rapidly over the la... more The field of cybersecurity has both from a research and business aspect grown rapidly over the last decade as a response to the numerous security breaches. The use of cloud and IoT solutions has challenged many of the commonly held practices and demanded that new methods and practices are developed. In particular, a major concern with the use of IoT has been the security of the technology and for cloud computing, in general, there is a lack of control of the underlying infrastructure and services. The use of either technology in safety-critical installations deserves a broad focus on the trustworthiness of such solutions. The special track “Cloud Cyber Security and Privacy: Readiness for the Next Decade (CCSP:RND)” takes a forward-looking perspective to improve the understanding of security in safety-critical installations. The special track includes five publications on security topics that aim to deepen the understanding of how to improve security and how to retain information for...
Proceedings of the 2nd International Conference on Complexity, Future Information Systems and Risk
Unikernels allow application deployment through custom-built minimal virtual machines. The author... more Unikernels allow application deployment through custom-built minimal virtual machines. The authors investigate how unikernels and their inherent minimalism benefit system security. The analysis starts with common security vulnerability classes and their possible remediation. A platonic unikernel framework is used to describe how unikernels can solve common security problems, focusing both on a micro-and macro level. This theoretical framework is matched against an existing unikernel framework, and the resulting mismatch is used as a starting point for the research areas the authors are currently working on. We demonstrate how using a single responsibility unikernel-based architectural framework could be used to reduce complexity and thus improve enterprise cloud security.
international conference on cloud computing, Apr 18, 2021
Finding a robust security mechanism for audit trail logging has long been a poorly satisfied goal... more Finding a robust security mechanism for audit trail logging has long been a poorly satisfied goal. There are many reasons for this. The most significant of these is that the audit trail is a highly sought after goal of attackers to ensure that they do not get caught. Thus they have an incredibly strong incentive to prevent companies from succeeding in this worthy aim. Regulation, such as the European Union General Data Protection Regulation, has brought a strong incentive for companies to achieve success in this area due to the punitive level of fines that can now be levied in the event of a successful breach by an attacker. We seek to resolve this issue through the use of an encrypted audit trail process that saves encrypted records to a true immutable database, which can ensure audit trail records are permanently retained in encrypted form, with no possibility of the records being compromised. This ensures compliance with the General Data Protection Regulation can be achieved.
In previous literature, an inclusive practice approach to counteract possible areas of concern re... more In previous literature, an inclusive practice approach to counteract possible areas of concern regarding cloud-based security for virtual learning environments has been proposed. In this paper, the theoretical framework 'transformability theory' underpinning such a proposal is applied in the context of higher education. Practicalities and limitations applying to such an idealised approach in a real context are explored in the form of a case study. The case study includes both the multiple and mixed roles that learning analytics and usability play in cloud-based security. Whilst such roles provided by technology still rely on the need for a social and technical system approach based on a pedagogical focus aligned with educational beliefs, attitudes and practices, observations from the case study show that risks and threats can be managed on a perception and actual occurrence basis. Such encouraging findings from this pilot study support the need for a larger more substantial ...
This paper presents a practical solution to the problem of limited bandwidth in Quantum Key Distr... more This paper presents a practical solution to the problem of limited bandwidth in Quantum Key Distribution (QKD)-secured communication through using rapidly rekeyed Internet Protocol security (IPsec) links. QKD is a cutting-edge security technology that provides mathematically proven security by using quantum physical effects and information theoretical axioms to generate a guaranteed non-disclosed stream of encryption keys. Although it has been a field of theoretical research for some time, it has only been producing market-ready solutions for a short period of time. The downside of this technology is that its key generation rate is only around 52,000 key bits per second over a distance of 50 km. As this rate limits the data throughput to the same rate, it is substandard for normal modern communications, especially for securely interconnecting networks. IPsec, on the other hand, is a well-known security protocol that uses classical encryption and is capable of exactly creating site-t...
Advances in Security in Computing and Communications, 2017
Achieving cloud security is not a trivial problem to address. Developing and enforcing good cloud... more Achieving cloud security is not a trivial problem to address. Developing and enforcing good cloud security controls are fundamental requirements if this is to succeed. The very nature of cloud computing can add additional problem layers for cloud security to an already complex problem area. We discuss why this is such an issue, consider what desirable characteristics should be aimed for and propose a novel means of effectively and efficiently achieving these goals through the use of well-designed unikernel-based systems. We have identified a range of issues, which need to be dealt with properly to ensure a robust level of security and privacy can be achieved. We have addressed these issues in both the context of conventional cloud-based systems, as well as in regard to addressing some of the many weaknesses inherent in the Internet of things. We discuss how our proposed approach may help better address these key security issues which we have identified.
2017 International Conference on Engineering and Technology (ICET), 2017
Achieving enterprise security is a huge challenge, which becomes much more challenging when cloud... more Achieving enterprise security is a huge challenge, which becomes much more challenging when cloud is added to the mix, due to the multi-tenancy nature of cloud ecosystems. Once we add the dimensions of the Internet of Things (IoT) and Big Data, this problem becomes exponentially more complex. We consider why this is so and highlight a number of key research questions which have yet to be resolved. We seek to address the problem by combining a number of emerging research techniques which we and our collaborators have developed, in such a way as to improve the chance of achieving a better level of security and privacy for enterprises.
IT security and privacy is a challenging problem to address, and when cloud is used, there is an ... more IT security and privacy is a challenging problem to address, and when cloud is used, there is an exponential increase in the challenge. A particular challenge is the cloud forensic problem, which arises when an attacker succeeds in breaching a cloud system, because one of the first aims is to delete the forensic trail, and there is little to prevent this from happening in cloud. Quite apart from the obvious difficulties this will present to finding out who has breached the system and how they got in, there will now be a far more pressing problem to be dealt with, namely, the forthcoming European Union General Data Protection Regulation. Once a breach has been identified, it is also necessary for the company to report the impact of the breach, to include which records were accessed, modified, deleted, or exfiltrated, on pain of punitive levels of fine. Where the forensic trail has been compromised, this might prove to be a huge challenge to comply with. We propose addressing this problem through the use of Unikernel based monitoring systems which can ensure both full forensic and audit trails can be maintained.
Many cloud users are blindly heading into a potentially devastating regulatory disaster zone. Giv... more Many cloud users are blindly heading into a potentially devastating regulatory disaster zone. Given the shortcomings of the cloud due to the cloud forensic problem, this is likely to mean many cloud users will be unable to be compliant with the forthcoming EU General Data Protection Regulation when it comes into effect on 25th May, 2018. We consider the possible use of a crypto-currency based mechanism to address the as yet unsolved cloud forensic problem. Crypto-currencies are becoming a global phenomenon, and gaining more attention from media, venture capitalists, financial and government institutions. We focus on the operational risk and the market risk related to cryptocurrencies, especially the dominating Bitcoin. The operational risk encompasses the actions that undermine the technological infrastructure and security assumptions of crypto-currencies. We discuss how the implementation of block chain technology could improve the efficiency of financial infrastructure, as well as...
Conventional web based systems present a multiplicity of attack vectors. One of the main componen... more Conventional web based systems present a multiplicity of attack vectors. One of the main components, the database, is frequently configured incorrectly, often using default settings, which leave the system wide open to attack. Once a system has been attacked, valuable audit trail and system log data is usually deleted to cover the trail of the perpetrator. Given the average industry time between breach and discovery, there is often little forensic trail left to follow. Of equal importance is that in cloud settings, where new instances are automatically spooled and shut down to follow the demand curve, any data stored on the running instance before shut down is lost. We demonstrate how the configuration of a simple immutable database, running on a separate private system can go a long way to resolving this problem. Index Terms-Cloud security and privacy; immutable database; forensic trail.
Information security in the cloud presents a serious challenge. We have identified fundamental we... more Information security in the cloud presents a serious challenge. We have identified fundamental weaknesses when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. Of course, merely having an effective audit trail is not enough — we actually have to examine it regularly to realise the potential benefits it offers. Keywords—security; privacy; audit; audit trail.
In today’s corporate world, the notion of corporate governance has taken a more important role in... more In today’s corporate world, the notion of corporate governance has taken a more important role in the management of large corporates. There is a growing consensus that large corporates ought to take more of a stewardship approach to running a company in a clear attempt to move away from the agency theory approach, with all its attendant problems and issues. A fundamental component of corporate governance concerns the adequate recognition of risk faced by the organisation and dealing with it appropriately. Traditional corporate IT risk is well understood, as are the mitigation strategies needed to address this important area. Large corporates also understand risk theory well, and how finding the right balance between risk and profitability is key to ensuring profitability can be maximised while ensuring long term sustainability and resilience are also achieved. We assert that the cloud computing paradigm, while economically attractive to corporates, provides such a step change from t...
Cyber-security presents a serious challenge. Cybersecurity in the cloud presents a far more serio... more Cyber-security presents a serious challenge. Cybersecurity in the cloud presents a far more serious challenge, due to the multi-tenant nature of cloud relationships and the transitory nature of cloud instances. We have identified a fundamental weakness when undertaking cloud audit, namely the misconceptions surrounding the purpose of audit, what comprises a proper audit trail, what should be included, and how it should be achieved and maintained. A properly specified audit trail can provide a powerful tool in the armoury against cyber-crime, yet it is all too easy to throw away the benefits offered by this simple tool through lack of understanding, incompetence, mis-configuration or sheer laziness. A major weakness is the need to ensure the audit trail is properly preserved. We propose that some simple changes in approach are undertaken, which can considerably improve the status quo, while radically improving the ability to conduct forensic examination in the event of a breach, but of course, merely having an effective audit trail is not enoughwe actually have to analyse it regularly to realise the potential benefits it offers.
Cloud security and privacy is a very challenging problem to solve. We started a project to explor... more Cloud security and privacy is a very challenging problem to solve. We started a project to explore a new approach to addressing this problem by utilising a unikernel based solution. In this paper, we outline the technical details of such an approach, identifying how this new approach can better address the issues involved. We have demonstrated how this new approach can improve the status quo.
Achieving information security and privacy is not a trivial exercise. This becomes much more chal... more Achieving information security and privacy is not a trivial exercise. This becomes much more challenging in the cloud, due to the multi-tenancy nature of cloud ecosystems. We are concerned that the traditional legacy compatible approach to software development is holding enterprises back from achieving effective security and privacy, particularly in the cloud. In this paper we discuss the implications of the traditional approach to software development and question why we stick to this approach, despite the fact that this approach makes the job of security and privacy far more difficult.
All corporate businesses are under constant attack. There is no doubt that the adoption of a mult... more All corporate businesses are under constant attack. There is no doubt that the adoption of a multitude of cheap Internet of Things devices have proved to be a great enabler of the vastly expanded potential for data collection to run systems, processes, and machines more effectively. Unfortunately, their very cheapness often means that security is not appropriately considered during design, and that the incorporation of such devices can introduce a new route in to corporate systems for attackers. The audit trail is often the single most important target for attackers to allow them to cover their tracks and remain hidden in the system for a long duration. Therefore, we must ensure we take extra precautions to properly secure this important record in a cryptographically secured immutable database, for without it, we have no means to forensically discover who has perpetrated attacks, nor how they penetrated our systems. In this paper, we explore a method of securely collecting and stori...
Many people assume that cloud audit is no more difficult than IT audit in general. We provide an ... more Many people assume that cloud audit is no more difficult than IT audit in general. We provide an outline of the evolution of cloud, providing an explanation of how it differs from conventional IT. We then discuss some of the benefits and drawbacks of cloud, particularly in connection to audit challenges, highlighting the dangers and shortcomings of many approaches. Keywords—security; privacy; standards; compliance; audit.
Ahead of the introduction of the EU General Data Privacy Regulation (GDPR), we consider some impo... more Ahead of the introduction of the EU General Data Privacy Regulation (GDPR), we consider some important unresolved issues with cloud computing, namely, the insecure cloud audit trail problem and the challenge of retaining cloud forensic evidence. Developing and enforcing good cloud security controls is an essential requirement for this is to succeed. The nature of cloud computing architecture can add additional problem layers for achieving cloud security to an already complex problem area. Historically, many corporates have struggled to identify when their systems have been breached, let alone understand which records have been accessed, modified, deleted or ex-filtrated from their systems. Often, there is no understanding as to who has perpetrated the breach, meaning it is difficult to quantify the risk to which they have been exposed. The GDPR seeks to improve this situation by requiring all breaches to be reported within 72 hours of an occurrence, including full identification of ...
The use of IT based systems in mainstream education brings a particular focus to bear on security... more The use of IT based systems in mainstream education brings a particular focus to bear on security. When these systems involve the use of cloud, the challenge increases exponentially. There are a great many benefits to be gained from cloud use, and therefore, we argue that developing a suitable approach to provide a secure cloud based learning environment, which would be used to facilitate use for inclusive practice in mainstream education would be a worthwhile goal. We demonstrate how to develop such an approach, which we believe could provide a more effective approach than traditional technology based approaches. Keywords–Inclusive education; security; privacy;cloud system.
Uploads
Papers by BOb Duncan