Information technology audits fall into either the internal or external categories. Internal audits address work done by the organization employees. These look at organizational processes and primarily focus on process optimization and risk management. External audits look at an organization's ability to meet legal and regulatory requirements from an outside perspective. Audits can also evaluate data availability, integrity, and confidentiality issues. A cloud solution requires a three-way negotiation among service organizations, cloud service providers (CSPs), and end users. The goal is to ensure productivity while maintaining an acceptable degree of security.
Cloud security audits look at whether security-relevant data is transparent to CSP customers, data encryption policies, and protections that address the co-located customer environment. The scale, scope, and...