More and more companies are deciding to move part of their operations to the Cloud. Undoubtedly, Cloud services have a number of features that make them particularly attractive, such as ease of access, increased availability and reduced operating costs. On the other hand, organizations that use such services (cloud customers) should identify the risks involved in storing critical information in the cloud provider’s infrastructure and implement the necessary security mechanisms.
The ISO 27017 standard specifies the necessary control mechanisms that address Information Security risks related to the provision or use of Cloud services. It is aimed at organizations that want to develop and provide or use Cloud services, i.e. both “cloud providers” and “cloud customers”.
As the title of ISO 27017 suggests (Code of practice for information security controls based on ISO / IEC 27002 for cloud services), this security standard is based on ISO 27002, the interpretive guide of the internationally recognized and certifiable ISO 27001 standard. It has the same structure as ISO 27002 and additionally provides:
A. Guidelines for the implementation of thirty-seven ISO 27002 controls in Cloud services, with a particular emphasis on logical access issues
B. Specialized security mechanisms for Cloud services, which cover seven additional control areas:
1) Shared roles and responsibilities within a Cloud computing environment
2) Removal and return of cloud customer assets upon termination of the cloud service agreement
3) Segregation in virtual computing environments
4) Virtual machine hardening
5) Security of administrative operations
6) Monitoring of Cloud services
7) Alignment of security management between virtual and physical networks.
PRIORITY, having successfully implemented complex and demanding projects related to the development of Information Security Management Systems, can help businesses or organizations that want to develop or use Cloud services to create an operating framework based on ISO 27017 and ISO 27001 standards, that would guarantee the secure provision or use of such services.
Do you want to discuss about your needs and provide you the right solutions?
Mrs. Lily Mylona,
Sales Director, PRIORITY
T. 210 2509900