Towards It Audit Approach of Public Sector Cloud Services Under Conditions of Martial Law in Ukraine

Abstract

This study is driven by the urgent need to understand the implementation of cloud computing by public users in Ukraine during martial law. It specifically addresses a critical gap in literature: the effectiveness and security of cloud services in a high-risk environment. The research focuses on Microsoft Azure, a widely-used cloud service, under these extraordinary circumstances. Our methodology involved a comprehensive IT audit of Microsoft Azure’s cloud services. This audit was meticulously designed to evaluate whether Azure sufficiently supports the operational objectives of its public users amidst heightened cyber threats. It also examined Azure’s compliance with regulatory requirements in response to these threats, and documented the effectiveness and adequacy of the service. The findings reveal key insights. We discovered certain vulnerabilities in Azure’s framework that necessitate risk response measures, control enhancements, and development of strategic actions by public service officials. Importantly, our study provides recommendations for optimizing workload architecture based on the IT audit outcomes. This research contributes significantly to the understanding of cloud computing’s role and reliability in crisis scenarios, like that of martial law in Ukraine. It offers valuable guidance for public sector entities relying on cloud services during emergencies, and sets a precedent for future studies in this rapidly evolving field.