A current trend in Information Technology (“IT”) is called “Cloud Computing”. Customers who utilize cloud environments can easily access services, application programs (“applications”) and computing infrastructure hosted by other companies. Often, this access is “on demand” on an as-needed basis, with dynamic scaling of capacities to fit the instantaneous computing needs of the customer.
Cloud Computing has advantages for customers in that they may be able to reduce the IT costs, physical space (e.g. buildings, rooms, power, air conditioning), and compliance support that they are required to maintain internally. Instead, these costs are shifted to the one or many hosting companies, and the customer then pays only for the computing resources they use.
This is not a total solution to compliance requirements for these customers, though. Customers that use cloud-based services still must support their established company compliance policies. This normally requires that they keep track of specific customer and internal administrative actions with the cloud based services.
For example, cloud service customers may have their own auditing and reporting environments which analyze what their users are doing by correlating data from different applications. The collected and correlated data can be used to produce compliance reports that then are used to track normal operations, and to fulfill audit requirements.
To reduce costs of operation, these customers often prefer to automate audit processes to the maximum extent possible for monitoring audit readiness throughout the year and not just during official audits. When using cloud services, this data is not always readily available, however. If it is, it is usually not enabled for automation and continuous audit readiness monitoring.
Existing audit automation technologies collect audit and log data on IT systems and send it to centralized servers where the data can be analyzed. These technologies require that data collectors know details about the IT systems and the applications that run on them. For example, collector agents need to know where audit data resides and its format.
However, in a cloud environment, a customer may not know where (e.g. which server computer) a particular application is running. Consequently, customers may not be able to rely on collectors to gather and send back the audit data required for analysis.