CPA firm’s cloud auditing provider for performance evaluation and improvement: an empirical case of China

While CPA (Certified Public Accountant) firms utilize cloud auditing technologies to generate auditing reports and convey information to their clients in the Internet of Things (IoT) Era, they often cannot determine whether cloud auditing is a secure and effective form of communication with clients. Strategies related to cloud auditing provider evaluation and improvement planning are inherently multiple attribute decision making (MADM) issues and are very important to the auditor industry. To overcome these problems, this paper proposes an evaluation and improvement planning model to be a reference for CPA firms selecting the best cloud auditing provider, and illustrates an application of such a model through an empirical case study. The DEMATEL (decision-making trial and evaluation laboratory) approach is first used to analyze the interactive influence relationship map (IIRM) between the criteria and dimensions of cloud auditing technology. DANP (DEMATEL-based ANP) is then employed to calculate the influential weights of the dimensions and criteria. Finally, the modified VIKOR method is utilized to provide improvement priorities for performance cloud auditing provider satisfaction. Based on expert interviews, the recommendations for improvement priorities are privacy, security, processing integrity, availability, and confidentiality. This approach is expected to support the auditor industry to systematically improve their cloud auditing provider selection

End-to-End Trust Fulfillment of Big Data Workflow Provisioning over Competing Clouds

Cloud Computing has emerged as a promising and powerful paradigm for delivering data- intensive, high performance computation, applications and services over the Internet. Cloud Computing has enabled the implementation and success of Big Data, a relatively recent phenomenon consisting of the generation and analysis of abundant data from various sources. Accordingly, to satisfy the growing demands of Big Data storage, processing, and analytics, a large market has emerged for Cloud Service Providers, offering a myriad of resources, platforms, and infrastructures. The proliferation of these services often makes it difficult for consumers to select the most suitable and trustworthy provider to fulfill the requirements of building complex workflows and applications in a relatively short time. In this thesis, we first propose a quality specification model to support dual pre- and post-cloud workflow provisioning, consisting of service provider selection and workflow quality enforcement and adaptation. This model captures key properties of the quality of work at different stages of the Big Data value chain, enabling standardized quality specification, monitoring, and adaptation. Subsequently, we propose a two-dimensional trust-enabled framework to facilitate end-to-end Quality of Service (QoS) enforcement that: 1) automates cloud service provider selection for Big Data workflow processing, and 2) maintains the required QoS levels of Big Data workflows during runtime through dynamic orchestration using multi-model architecture-driven workflow monitoring, prediction, and adaptation. The trust-based automatic service provider selection scheme we propose in this thesis is comprehensive and adaptive, as it relies on a dynamic trust model to evaluate the QoS of a cloud provider prior to taking any selection decisions. It is a multi-dimensional trust model for Big Data workflows over competing clouds that assesses the trustworthiness of cloud providers based on three trust levels: (1) presence of the most up-to-date cloud resource verified capabilities, (2) reputational evidence measured by neighboring users and (3) a recorded personal history of experiences with the cloud provider. The trust-based workflow orchestration scheme we propose aims to avoid performance degradation or cloud service interruption. Our workflow orchestration approach is not only based on automatic adaptation and reconfiguration supported by monitoring, but also on predicting cloud resource shortages, thus preventing performance degradation. We formalize the cloud resource orchestration process using a state machine that efficiently captures different dynamic properties of the cloud execution environment. In addition, we use a model checker to validate our monitoring model in terms of reachability, liveness, and safety properties. We evaluate both our automated service provider selection scheme and cloud workflow orchestration, monitoring and adaptation schemes on a workflow-enabled Big Data application. A set of scenarios were carefully chosen to evaluate the performance of the service provider selection, workflow monitoring and the adaptation schemes we have implemented. The results demonstrate that our service selection outperforms other selection strategies and ensures trustworthy service provider selection. The results of evaluating automated workflow orchestration further show that our model is self-adapting, self-configuring, reacts efficiently to changes and adapts accordingly while enforcing QoS of workflows