The international standard ISO / IEC 27017, related to the security of cloud services, is a modified and expanded application of the ISO 27002 standard (directly related to ISO27001. It complements this latter standard and establishes good security practices in the framework of cloud services For each control point, the possible considerations regarding services that the client or provider may have in the cloud are specified.
It is important that the ISO 27017 standard focuses on cloud service providers, on the security of all these services and applies, responsibilities / obligations, of customers, allowing to standardize relations between the customer and the cloud service provider. This standard is complemented by others such as ISO27018 especially relevant in the context of application services (SaaS) that process personal information and have limited application in the case of our infrastructure services. Some risks covered by this standard:
Data leak during upload / download, inside the cloud
Insecure or ineffective data deletion
Denial of Service Distribution (DDoS)
Economic Denial of Service (EDoS)
Performing malicious scans or detections
As a partner in Spain of instant27001 (including ISO27017), CISA auditor by ISACA, trained in ISO27001 by SGS and 27017 by BSI and a collaborative IT expert with justice, I can help you adapt to these standards whether your objective is to be certified in ISO27001 or if You want to improve your level of information security or have an ISMS (Information Security Management System) adapted to your needs (requested by your clients now or in the future, essential for specifications, etc).
If you wish, fill out the side form and I will contact you.