Improve the security of your cloud. ISO27017 audit.


Improve the security of your cloud. ISO27017 audit.

The ISO27017 standard provides controls for providers and customers of cloud services. Unlike many other technology-related standards, ISO 27017 clarifies roles and responsibilities to help make cloud services as secure as the rest of the data included in a certified Information Management System.

Who is responsible for what happens between the service provider and the customer
Disposal of assets when a contract is terminated
Protection and separation of the virtual environment of the client
Set up a virtual machine
Operations and administrative procedures related to the cloud environment
Track customer activity in the cloud
Alignment of the virtual and cloud network environment

ISO27017 audit.

This standard helps all the data that the customer needs to be sure of their protection against possible risks. In the case of cloud service providers, they must provide information to customers about the architecture, the technology used, the security measures adopted and the functionalities available, as well as the context of use (for example, the encryption technology used or the geographical location of the data centers).

The ISO 27017 standard focuses not only on cloud service providers, but also on the security of all these services; in fact, the customer’s point of view is also taken into account. These additional requirements make it possible to standardize relations between the client and the cloud service provider. The supplier must also establish the customer’s place in these operating procedures and in the management of modifications, updates or incidents. In general, the standard stresses the importance of clearly defining the role and responsibilities of the customer and the provider in terms of security.

The ISO27017 standard allows the buyer of the cloud service to identify the most relevant points and guides him when choosing his partners. The ISO 27017 standard allows to standardize the relationships between customers and cloud service providers through a common analysis and exchange model, thus facilitating management. Companies that comply with the ISO 27017 standard, allow users of their services to enjoy better security guarantees.

The importance of ISO27017 lies in the precision with which it establishes relationships between customers and cloud service providers, determining what the customer can demand and what information the provider must provide.

Compliance with this guide strengthens cybersecurity and service management regarding architecture, security measures, available functionalities, encryption technology and geographic location of the data.

This standard contemplates 37 controls in the cloud -based on ISO 27002-, along with 7 additional ones that allow strengthening the security of cloud services.

As an ISO27017 auditor trained in BSI and completed with my training in ISO27001 by SGS and CISA Auditor by ISACA I help companies to improve and implement information security management systems, also called ISMS, along with the use of the instant27001 tool which I am a partner in SPAIN.

Luis Vilanova Blanco. ISO27001, ISO27017 Auditor