Cloud Security Audit for Migration and Continuous Monitoring

Security assurance in cloud computing is one of the main barriers for wider cloud adoption. Potential cloud computing consumers like to know whether the controls in cloud environments can adequately protect critical assets migrated into the cloud. We present a cloud security audit approach to enable users' evaluate cloud service provider offerings before migration, as well as monitoring of events after migration. Our approach entails a set of concepts such as actor, goals, monitoring, conditions, evidence and assurance to support security audit activities. These concepts are considered as a language for describing the properties necessary for cloud security audit both before and after migration. Finally, a real cloud migration use case is given to demonstrate the applicability of the security audit approach.