Cloud security auditing: Challenges and emerging approaches

Jungwoo Ryoo, Syed Rizvi, William Aiken, John Kissell

Research output: Contribution to journalArticlepeer-review

45 Scopus citations


IT auditors collect information on an organization's information systems, practices, and operations and critically analyze the information for improvement. One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standards of achieving financial success against various security threats. These goals are still relevant in the newly emerging cloud computing model of business, but they need customization. There are clear differences between cloud and traditional IT security auditing. In this article, the authors explore potential challenges unique to cloud security auditing; examine additional challenges specific to particular cloud computing domains such as banking, medical, and government sectors; and present emerging cloud-specific security auditing approaches and provide critical analysis.

Original languageEnglish (US)
Article number6662349
Pages (from-to)68-74
Number of pages7
JournalIEEE Security and Privacy
Issue number6
StatePublished - Nov 1 2014

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering
  • Law


Dive into the research topics of 'Cloud security auditing: Challenges and emerging approaches'. Together they form a unique fingerprint.

Cite this