INFORMATION SECURITY CONTROL FOR CLOUD SERVICES
As the global usage of cloud technology continues to grow, businesses must strategically consider the risk of storing protected information and explore viable security options in order to protect their information systems. One of the key challenges of cloud computing is how it addresses the security and privacy concerns of businesses planning to adopt it and those of cloud service providers (CSPs) implementing it. The fact that the valuable enterprise data will reside outside the corporate firewall raises serious concerns. Hacking and various cyber-attacks to the cloud infrastructure can have a domin effect and affect multiple clients even if only one site is attacked.
ISO/IEC 27017 is designed to assist in the recommendation and implementation of controls for cloud-based organisations. This is not only relevant to organisations which store information in the cloud, but also for providers which offer cloud-based services to other companies who may have sensitive information.
By adhering to the ISO/IEC 27017 guidelines, you minimise reputational risks and issues related to cloud security and sustainable development. This will encourage potential investors and sponsors to look at you as a responsible partner. By mitigating the risk of data breach and other cyber-attacks, you win stakeholder confidence and gain competitive advantage.