Based on ISO/IEC 27001 for Cloud Services
As the global usage of cloud technology continues to grow, businesses must strategically consider the risk of storing protected information and explore viable security options in order to protect their information systems. One of the key challenges of cloud computing is how it addresses the security and privacy concerns of businesses planning to adopt it and those of cloud service providers (CSPs) implementing it. The fact that the valuable enterprise data will reside outside the corporate firewall raises serious concerns. Hacking and various cyber-attacks to the cloud infrastructure can have a domino effect and affect multiple clients even if only one site is attacked.
ISO/IEC 27017 is designed to assist in the recommendation and implementation of controls for cloud-based organisations. This is not only relevant to organisations which store information in the cloud, but also for providers which offer cloud-based services to other companies who may have sensitive information. This standard is built upon the ISO 27002 standard, but allows for specific controls to be added for the needs of cloud organisations and their end-users.
The standard extensively covers topics like asset ownership, recovery action if the CSP gets dissolved, disposal of assets with sensitive information, segregation and storage of data, alignment of security management for virtual and physical networks and others. ISO/IEC 27017 standard allows organisations to commit to a long-term goal. The organisations will have an internationally standardised framework to base their Cloud Security. Upon the internalisation of the requirements needed, organisations will be able to reduce operational and reputation risks and work towards a sustainable future.
TÜV SÜD provides the expertise and experience to assess your organisation to the requirements of ISO/IEC 27017. We assess the gap between company declaration on cloud security and the implementation. We identify the areas of concerns and opportunities for the company cloud security strategy and provide support on identification of a core business strategy linked to cloud security, with a tailor-made assessment tool, can measure a programme’s performance and identify improvements and risks linked to an organisation’s business strategy.
Fill-in the adjacent form to know more about our auditing and certification services.