Information security controls for cloud services
ISO 27017 is a special standard, which is a part of the ISO 27001 series of standards. It is designed for security around cloud services.
Irrespective of whether you are a cloud service provider or a customer, the standard is applicable and its requirements can be used to enhance your security controls and measures.
The standard can help leverage your IT, security and support teams to ensure they understand various cloud security requirements, underlying risks and good practices in the provision or acquisition of cloud-based services.
Some of the controls emphasised by the standard include:
- The roles and responsibilities between the cloud service provider and the customer.
- Responsibilities at the end of the contract (such as the return, archiving or deletion of data).
- Segregation, boundaries and security around various client’s cloud environments.
- Security use and configuration of virtual machines and components.
- Operational processes and procedures used by privileged users.
- Alignment of the cloud network environment.
- Monitoring of cloud services.
Benefit of implementing the ISO 27017 standard include:
- Assurance to key internal and external stakeholders that robust security controls are in place to protect data in the cloud.
- Provides baseline requirements and guidelines to align offices and teams who are geographically segregated.
- Compliance with applicable regional and international regulations associated with data and cloud security.
- Reduce the likelihood of security incidents, events or breaches and protect your reputation.
- Certify to an international standard.
- Easily integrate into any existing standard framework such as (ISO 27001, 9001 etc.).
For more information please contact us.