ISO 27017
Cloud customers are concerned about security - it remains a key reason why organizations hesitate to adopt cloud services despite the flexibility and scalability the cloud can offer. A key concern focuses around the ability of cloud service providers (CSPs) to treat customer data with sufficient care and attention.
The main elements of this are the worries that data could end up in the wrong hands and what control does a customer have over careless operators. But there are other concerns too: issues such as customer identity, segregation of assets on virtual servers and what happens to assets in the event of a CSP going out of business are also issues that play on potential cloud users' minds.
The ISO 27001 series addresses some of these concerns but a new standard, ISO/IEC 27017 Information technology - Security techniques, goes further and offers more peace of mind for potential cloud customers. Typical cloud standards and technical standards that address the cloud provider controls and guidance aimed at the cloud service provider.
It's not only the separation of responsibilities that the standard helps define: ISO/IEC 27017 also goes into much more detail about the type of security controls that service providers should be implementing - helping reduce the barriers to cloud adoption. ISO/IEC 27017 offers a way for cloud service providers to indicate the level of controls that have been implemented.
This means documented evidence - backed up by independent sources like certification to certain standards-show that appropriate policies have been implemented and, most importantly, what types of controls have been introduced. This information should be shared with the cloud customer before any contract is signed to help alleviate any potential issues in the future.
In cases where independent audits aren't practical or would pose a greater risk to information security , the standard does provide an option for CSPs to self-assess. When this is the case, the CSP must tell customers that they have self-assessed.
The cloud offers organizations and consumers a variety of benefits: cost savings, flexibility and mobile access to information top the list. It also raises concerns about data protection and privacy; particularly around personally identifiable information (PII). PII includes any piece of information that can identify a specific user.
Whether you're new to ISO/IEC 27018 or looking to take your expertise further, we have the right approach to make you certified. We offer packages that can be customized to your business to get you started with information security management. An ISO/IEC 27018 package can be designed to remove the complexity of getting you where you want to be - whatever your starting point.
It provides clarity regarding who is responsible for what between the cloud service provider and the cloud customer
It provides clarity regarding who is responsible for what between the cloud service provider and the cloud customer
Inspires trust on the business as customers have greater reassurance to customers and stakeholders
To whom does ISO/IEC 27018 apply?
This code of practice applies to CSPs that process PII under contract for other organizations.
https://www.infoworld.com/article/3000021/cloud-computing/iso-27018-compliance-heres-what-you-need-to-know.html
What Our Customers Say?
Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.