Updated 12 Oct 2021
As we move forward in the 21st century, old-school business practices have been replaced by more sophisticated systems and processes that increase the speed and accuracy of operations but leave organizations at greater risk to modern threats like cyberattacks. What may seem like an innocent database of corporate customer information is actually a great asset for hackers.
For companies that rely on the cloud for the storage of sensitive information and critical cloud native processes, dependable cloud security solutions, preferably in line with ISO standards, are imperative.
Moreover, with an increasing number of companies utilizing cloud native principles to host and deploy applications via the cloud, the security of their cloud-based infrastructure becomes even more paramount.
Cloud security is a cyber security discipline devoted to protecting cloud computing infrastructures. This includes keeping data confidential and secure across all Internet-based systems, applications, and platforms. Protecting these systems requires the combined efforts of cloud providers and customers who use them, whether individuals, startups, or multinational commercial enterprises.
Cloud providers host services on their servers through an always-on internet connection. Since their business relies on customer loyalty, cloud security measures are used to keep customer data confidential and secure. However, cloud security is also partly in the hands of customers. Understanding both of these frameworks is critical to a healthy cloud security solution.
How can your organization continue to enjoy the speed and efficiency of cloud storage while maintaining a secure cloud infrastructure and protecting your customer data? This is where ISO 27017 comes into play.
It is a security standard and technique designed for users and cloud service providers that ensures a safer cloud-based environment and minimizes the risk of security problems. It is also used for integrating cloud-based security controls used by or provided by an organization. It is a set of security controls based on the ISO 27002 guidelines that govern the safe and efficient operation of cloud services that keep your organization and your customer data safe from external threats. ISO 27017 captures all the risk-based thinking and security considerations needed to stay online and applies them directly to the security of cloud storage.
We understand that maintaining advanced cloud security systems can be a complex and time-consuming process, with the problem being exacerbated in the case of small organizations that do not have the resources to hire someone specifically for this job. ISO 27017 helps to ease the burden on the organization by introducing a management team with primary risk areas to manage and a set of proven best practices to secure your cloud systems.
Quality assurance of Cloud Storage Information Technology such as ISO is important for a number of reasons. First and foremost, if an organization’s systems are to be compromised, fines and sanctions may prove to be a significant threat to the survival of a business. Depending on the country, there are strict penalties for organizations that have failed to properly protect their networks and cloud infrastructure, let alone the irreparable damage to the organization’s reputation in the eyes of their customers.
A report from tech giant IBM states that on average, data breaches cost $3.8 million to completely repair. For example, British Airways has been fined in excess of £180m (revised to £20m) for violating the General Data Protection Regulation (GDPR) customer data protection laws. British Airways was aware of its 429,000 customers accessed by an unauthorized third party and is now paying a hefty sum for failing to protect its systems.
Misconfigured or improperly secured cloud storage systems are one of the most common causes of data breaches, and they add in the range of $500,000 in damages, meaning organizations do not yet see the value of properly securing cloud storage and internal networks, or the consequences of failing to do so. Implementing the ISO 27017 system ensures that the cloud storage used by your organization is configured according to the highest standard of cloud security to nullify any potential breaches.
Second, it is important to show your customers that your organization does take seriously the threat of data breaches, being on the front foot when it comes to rectifying any shortcomings in its information technology department to ensure that customers are comfortable providing their information to your organization. Cloud security management is an easy area to outclass competitors in, while simultaneously boosting customer confidence in your ability to keep their personal information secure.
If you are an organization working as a cloud storage provider or using cloud storage within your operations, ISO 27017 is critical to ensure you are using the best, most up-to-date security practices. In many cases, it is necessary to qualify for certain major projects and governments, as they will only consider working with organizations that have a systematic and proven approach to risk reduction while providing seamless cloud-based solutions.
To summarise, ISO 27017 provides very useful guidance that should be followed by both cloud service providers and their customers. While it is useful for providers to have independent certification to indicate compliance with this high security standard, it does not completely remove the responsibility from the customer.
In any event, ISO 27017’s predecessor, 27001, is a perfect adequate basic standard for all cloud-based service providers that want to protect their information and is easily the most popular worldwide. With the introduction of 27017, comes the decision whether to upgrade.
It is definitely appealing to companies that offer cloud solutions and want to cover all the angles when it comes to cloud security, but there are factors to consider, including cost and viability.
Our newsletter (you’ll love it):