Cloud computing is becoming increasingly popular as companies look for ways to improve efficiency and reduce costs.

Security in this context is essential. Now comes the international standard ISO 27017, providing guidance on how to implement security controls for cloud services for both customers and suppliers.

AWS certificate

This guide is intended for cloud companies and their customers.

ISO 27017 is an **addition **to ISO 27002, which is a widely used framework for information security management.

Its full name is: ISO/IEC 27017:2015 Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services

Given that the vast majority of companies use or provide cloud services, the use of ISO27017 is useful for these companies, as it includes additional controls specifically related to cloud computing, such as data classification, secure access to cloud services and customer separation in a system with multiple customers.

Implementing ISO 27017 can help organizations ensure that their data is protected when stored or processed in the cloud. It can also help improve the security of cloud-based applications and services.

Organizations that adopt ISO 27017 can demonstrate their commitment to protecting cloud data. This gives them a competitive edge in the marketplace, and helps them build trust with their customers.

ISO 27017 is a flexible standard that can be adapted to the specific needs of any organization. It is important to note, however, that it does not replace ISO 27002. It should be used in conjunction with ISO 27002 to provide a comprehensive approach to information security management.

This standard adds 7 new items to your ISMS declaration of applicability, and modifies 37 others.

CLD 6.3.1 -Shared Roles and Responsibilities Within a Cloud Computer Environment

CLD 8.1.5 – Removal of cloud service customer assets

CLD 9.5.1 – Segregation in virtual computing environments

CLD 9.5.2 – Virtual machine hardening

CLD 12.1.5 – Administrator’s operational security

CLD 12.4.5 – Monitoring of cloud services

CLD 13.1.4 – Alignment of security management for virtual and physical networks

As for the 37 other changes or adjustments, the standard places a great deal of emphasis on roles and responsibilities, the relationship with customers in terms of support and training for internal teams, ownership of information assets in a dematerialized world, and encryption methods, especially for controlling access or blocking unauthorized access.

In addition, each item is described from the point of view of “cloud customer” and/or “cloud service provider”, in order to clearly describe the security measures and tailor them to the organization’s context. Do you know your role?

Finally, from the organization’s point of view, the benefits of implementing ISO 27017 are as follows:

  • Enhanced security for data stored or processed in the cloud
  • Enhanced protection for cloud-based applications and services
  • Greater confidence in data security in the cloud
  • A competitive edge in the market
  • Increased trust from customers and other stakeholders.

I invite you to click on “Follow” to continue learning more about the field of information security.