Wednesday, April 22, 2015
How can ISO 27017 and 27018 help secure the cloud?
The ISO (International Organisation for Standardisation) is the world's largest developer of international standards, for pretty much everything. So it should come as no surprise that this includes IT security in the shape of ISO 27001 or ISO/IEC 27001 (formerly BS 7799) to be precise. This standard formally specifies a framework for information security management of risks to your business and as such requires a pretty comprehensive audit to identify where the risks to the business may be. Unsurprisingly, many enterprises look to their cloud providers to be certified to ISO 27001 standards (and ISO 27002, which is a code of practice for information security controls) to demonstrate that they take security seriously. But these are broad brushes, sweeping across information security management systems regardless of where they may be. Perhaps what is really needed is some kind of additional, and cloud-specific, ISO standard?