Abstract:
It would seem that some companies have been slow or unable to secure their cloud activities or to be aware of breaches in a timely manner. The European Union (EU)s General Data Protection Regulation (GDPR) has been introduced with the intent of sufficient threat of meaningful fines that direc- tors will now take cloud security seriously, even if they had not perceived it as a strategic priority before. However, just introducing such penal incentives does not mean that solutions are easy to implement. Whilst the perfect solution would always include stopping attackers from becoming intruders, once the attacker gets access the challenge is not just the immediate fiscal damage to the company or its trading partners, but also to the very records and integrity of the databases themselves. Once the intruder gains a foothold, they may then be able to grant themselves sufficient privileges to completely delete all trace of their incursion, possibly deleting far more records than they need to. They may remain undetected within the system, accessing, modifying, deleting or ex-filtrating data at will from the victim’s system. This is referred to as the Cloud Forensic Problem. This, then, presents a compliance nightmare to a great many cloud users, many of whom are poorly prepared to cope with this serious practical and financial challenge. In this paper, we consider how experience and traditional techniques from the accounting world might be applied and adapted to mitigate this serious challenge.