The use of cloud services is increasing worldwide as industries continue to grow. With this dynamic growth in cloud technology, issues of security arise. Businesses must consider the risk of protecting sensitive data and explore various available options to protect them. The primary problem while selecting cloud service providers (CSPs) is businesses’ security and privacy-related concerns. The fact that all the company’s data will be stored in an external firewall. Cyber-attacks to such cloud infrastructures can cause a domino effect and, as a result, can affect other business clients as well which can be minimized by complying Information Security Control – ISO 27017.
ISO/IEC27017 is specially designed for assisting in recommending and implementing the controls for cloud-based industries. They are essential for organizations storing sensitive data in the cloud and CSPs that offer cloud-based services to other sectors. This standard was modified according to the ISO 27002 standard that permits a specific control integration as per the needs of cloud organizations.
The standard substantially covers issues like asset ownership, initiating the recovery action when CSP gets dissolved, assets disposing of that contains:
ISO/IEC 27017 standard enables the organizations to commit for a long duration. The organizations already have an international standardized framework based on their cloud security, but integration with all the requirements can quickly reduce the operation and reputation risk. This way, organizations can seamlessly work towards their sustainable future.
The ISO/IEC 27017 provides guidelines for the cyber security controls applicable for the use of cloud services. They also offer supplementary assistance for the 37 controls that are specified in ISO/IEC 27002 and 7 extra controls related to cloud computing that addresses the following parameters:
Standard is defined as, “Information technology – Security Techniques – Code of Practice for the Information Security Controls based on ISO/IEC 27002 for cloud services”.
ISO/IEC 27017:2015 has eighteen segregations along with a long annex that covers the followings:
Here is the list of some most popular cloud computing services that follow the standard:
Before carrying out the cybersecurity assessment, you should know how cloud services are provided to the clients. Some of the most common cloud service models currently available in the market are:
Figure 1 – Assets control by cloud service models
ISO 27017 is considered the most appealing standard to organizations as it offers various cloud-related services that cover all the issues that come with cloud computing. In addition, it is the perfect basic standard that protects the organization’s sensitive information and provides the framework to manage cloud security.
Author,
Rohit Sharma
Audit & Compliance Team
Varutra Consulting Pvt. Ltd.
Introduction In the era of digitalization, data security has become a paramount concern. Every day,…
I.Introduction Bluetooth has become an integral technology for billions of smartphones, computers, wearables, and other…
I. Introduction In today's ever-evolving cybersecurity landscape, staying ahead of adversaries has become a challenge.…
Introduction In an increasingly interconnected world, the financial industry is becoming more vulnerable to cyber…
Introduction In today's interconnected world, where smartphones are an extension of our lives, ensuring the…
Introduction Unseen and unpredictable, zero-day threats loom as a constant menace to modern businesses. Detecting…