improve cloud service usage specifications and enhance data protection in cloud environments
organizations around the world are increasingly aware of the business value that cloud computing brings and are taking steps to transition to the cloud due to the flexibility, continuity, and scalability that cloud services offer. one of the main challenges of cloud computing is how to address the security and privacy concerns of enterprises planning to adopt it and the cloud service providers (gsps) that implement it.
iso/iec 27017 is an international standard for securing cloud services that defines specific requirements for gsps. iso/iec 27017 builds on the controls defined in iso/iec 27001, adding additional controls and implementation guidance specifically designed to help businesses securely set up and use cloud services to protect information stored and/or processed in the cloud. the iso/iec 27017 standard works in conjunction with the iso/iec 27001 family series of standards to provide enhanced controls for cloud service providers and cloud service customers. unlike many other technology-related standards, the iso/iec 27017 standard sets out the roles and responsibilities of both parties in helping to ensure that cloud services are as secure and reliable as other data contained in certified information management systems.
as the global use of cloud technology continues to grow, enterprises must strategically consider the risks of storing protected information and explore security options to protect their information systems. there are multiple security standards available to cloud service providers and users to protext cloud-based environments and to minimize the potential risk of security incidents, iso/iec 27017 provides value to businesses moving data to and/or sharing data in the cloud (including gsps).
the iso/iec 27017 standard allows organizations to work on long-term goals. by having an internationally standardized framework to build their cloud security, after internalization of requirements, organizations will be able to reduce operational and reputational risks and work toward a sustainable future. the standard broadly covers the following subjects: asset ownership, recovery measures in the event of gsp dissolution, disposal of assets with sensitive information, segregation and storage of data, security management adjustments for virtual and physical networks, etc. the standard can help cloud providers identify important security aspects while identifying suitable partners.
the iso/iec 27017 standard is a unique technical standard that addresses the business needs of customers and cloud service providers. iso/iec 27017 is designed to help recommend and implement controls for cloud-based organizations, not only relevant to organizations whose information is stored in the cloud, but also to providers of cloud-based services to other companies that may have sensitive information, meeting this standard will help businesses build trust with customers and other stakeholders, demonstrating a competitive advantage.
○ iso/iec 27001-2013 information technology - security technology - information security management system - requirements
○ iso/iec 27002-2022 information security, cybersecurity and privacy protection information security control
○ gb/t 37724-2019 information technology-industrial cloud service-capabilities general requirements
○ gb/t 37738-2019 information technology-cloud computing-cloud service quality evaluation indicator
○ provide customers and stakeholders with greater confidence in the security of their data and information;
○ provide a competitive advantage and demonstrate robust controls over data protection;
○ protect brand reputation and reduce the risk of negative publicity caused by data leakage;
○ ensure compliance with local regulations and reduce the risk of fines for data breaches;
○ provides general guidelines covering different countries to facilitate doing business globally and gaining opportunities as a preferred supplier.
tel: 86-400 821 5138
fax: 86-21 3327 5843
email:noa@noagroup.com