ISO/IEC 27017 is an international standard that provides guidelines for the information security of cloud services by extending the foundational standards ISO 27001 and 27002 with specific controls and guidance for cloud providers and customers to address cloud-specific risks such as shared responsibilities, multi-tenancy, and virtualization. It proposes additional measures and helps establish consistent security standards to ensure trust and security in the cloud.
What ISO 27017 does:
Extension for the cloud: Adds specific controls not fully covered in ISO 27002.
Target audience: Targets cloud service providers (CSPs) and their customers.
Includes: Additional controls for 37 existing ISO 27002 controls and 7 new, cloud-specific controls (CLDs).
Benefits: Provides a framework for aligning security management across virtual and physical networks, reduces risks, and standardizes provider-customer relationships.
Certification: Enables certification that demonstrates compliance with international security standards for cloud services, often as an extension of an existing ISO 27001 certification.
Key Aspects:
Shared Responsibility: Highlights the shared responsibility of providers and customers in the cloud.
Cloud Risks: Addresses risks such as virtualization, multi-tenancy, and asset management in the cloud.
In Summary:
ISO 27017 is the gold standard for cloud security, applying general information security (ISO 27001/27002) to the specific requirements of cloud services and creating a trusted environment for cloud usage.
Unlock the secrets of effective cloud security with ISO 27017:2015. Explore essential controls and guidance to strengthen your SaaS security strategy today!
Key Cloud Security Controls: A Deep Dive into ISO 27017:2015 Read More »
