Thanks for this… quite timely too as I am in the middle of undertaking research for a professional doctorate degree in information security. My research is around the auditability - or lack of - of cloud service providers by cloud customers. As a 3rd party assurance consultant we are getting more and more resistance from suppliers/partners of cloud services to audit them. My research aims to review existing cloud audit frameworks
and draw out any gaps – and propose a new framework that allows CSP auditability. The proposal is to develop an audit authority that can perform audits of cloud service providers using the proposed framework. The audit reports can then be made available to businesses so they do not have to audit the CSPs themselves.
I have contacted the CSA for their input and hoping to get their feedback soon.
1 - Would you happen to have mapping of cloud audit frameworks that highlights common controls and differences?
2 - Also what is your opinion on the Cloud Audit Authority proposal?