Stay Compliant OstrideLabs


Hamish Ostride Labs

Hamish Lister

Senior Content Manager

Hamish is a senior content manager at Ostride Labs. Hamish’s diverse background in technical research, analysis and market demand are the main drivers behind the topics he enjoys exploring and writing about.

Read more

Cloud Security and ISO 27017

Updated 12 Oct 2021


As we move forward in the 21st century, old-school business practices have been replaced by more sophisticated systems and processes that increase the speed and accuracy of operations but leave organizations at greater risk to modern threats like cyberattacks. What may seem like an innocent database of corporate customer information is actually a great asset for hackers.


For companies that rely on the cloud for the storage of sensitive information and critical cloud native processes, dependable cloud security solutions, preferably in line with ISO standards, are imperative. 


Moreover, with an increasing number of companies utilizing cloud native principles to host and deploy applications via the cloud, the security of their cloud-based infrastructure becomes even more paramount.


Cloud Security


Cloud security is a cyber security discipline devoted to protecting cloud computing infrastructures. This includes keeping data confidential and secure across all Internet-based systems, applications, and platforms. Protecting these systems requires the combined efforts of cloud providers and customers who use them, whether individuals, startups, or multinational commercial enterprises.


Cloud providers host services on their servers through an always-on internet connection. Since their business relies on customer loyalty, cloud security measures are used to keep customer data confidential and secure. However, cloud security is also partly in the hands of customers. Understanding both of these frameworks is critical to a healthy cloud security solution.


What is ISO 27017?


How can your organization continue to enjoy the speed and efficiency of cloud storage while maintaining a secure cloud infrastructure and protecting your customer data? This is where ISO 27017 comes into play.


It is a security standard and technique designed for users and cloud service providers that ensures a safer cloud-based environment and minimizes the risk of security problems. It is also used for integrating cloud-based security controls used by or provided by an organization. It is a set of security controls based on the ISO 27002 guidelines that govern the safe and efficient operation of cloud services that keep your organization and your customer data safe from external threats. ISO 27017 captures all the risk-based thinking and security considerations needed to stay online and applies them directly to the security of cloud storage.


We understand that maintaining advanced cloud security systems can be a complex and time-consuming process, with the problem being exacerbated in the case of small organizations that do not have the resources to hire someone specifically for this job. ISO 27017 helps to ease the burden on the organization by introducing a management team with primary risk areas to manage and a set of proven best practices to secure your cloud systems.


Why Is ISO 27017 Important?


Quality assurance of Cloud Storage Information Technology such as ISO is important for a number of reasons. First and foremost, if an organization’s systems are to be compromised, fines and sanctions may prove to be a significant threat to the survival of a business. Depending on the country, there are strict penalties for organizations that have failed to properly protect their networks and cloud infrastructure, let alone the irreparable damage to the organization’s reputation in the eyes of their customers.


A report from tech giant IBM states that on average, data breaches cost $3.8 million to completely repair. For example, British Airways has been fined in excess of £180m (revised to £20m) for violating the General Data Protection Regulation (GDPR) customer data protection laws. British Airways was aware of its 429,000 customers accessed by an unauthorized third party and is now paying a hefty sum for failing to protect its systems.


Misconfigured or improperly secured cloud storage systems are one of the most common causes of data breaches, and they add in the range of $500,000 in damages, meaning organizations do not yet see the value of properly securing cloud storage and internal networks, or the consequences of failing to do so. Implementing the ISO 27017 system ensures that the cloud storage used by your organization is configured according to the highest standard of cloud security to nullify any potential breaches.


Second, it is important to show your customers that your organization does take seriously the threat of data breaches, being on the front foot when it comes to rectifying any shortcomings in its information technology department to ensure that customers are comfortable providing their information to your organization. Cloud security management is an easy area to outclass competitors in, while simultaneously boosting customer confidence in your ability to keep their personal information secure.


Why Should my Organization Get Certified to ISO 27017?


If you are an organization working as a cloud storage provider or using cloud storage within your operations, ISO 27017 is critical to ensure you are using the best, most up-to-date security practices. In many cases, it is necessary to qualify for certain major projects and governments, as they will only consider working with organizations that have a systematic and proven approach to risk reduction while providing seamless cloud-based solutions.


Certification Benefits


  • You will be considered for large, lucrative projects reserved for companies with comprehensive cloud storage security infrastructures that maintain customer trust by delivering on promises and exceeding expectations regarding data protection.


  • You will gain a more complete understanding of your online systems and operations


  • You’ll be able to actively address system vulnerabilities 


  • Encourage the confidence of consumers and stakeholders in your ability to protect their information or programs


  • Introduce a strong sense of accountability


  • Empower employees with a purposeful information security mission statement


  • Surmount regulatory barriers in the context of online operations


  • Enjoy informative decision-making consistent with risk-based thinking and a consistent and effective cycle of improvement


Is ISO 27017 Certification Worth It and Should You Upgrade?


To summarise, ISO 27017 provides very useful guidance that should be followed by both cloud service providers and their customers. While it is useful for providers to have independent certification to indicate compliance with this high security standard, it does not completely remove the responsibility from the customer.


In any event, ISO 27017’s predecessor, 27001, is a perfect adequate basic standard for all cloud-based service providers that want to protect their information and is easily the most popular worldwide. With the introduction of 27017, comes the decision whether to upgrade.

It is definitely appealing to companies that offer cloud solutions and want to cover all the angles when it comes to cloud security, but there are factors to consider, including cost and viability.



Our newsletter (you’ll love it):

    Let's talk!