ISOFocus #108 Leads with Trust & Confidence in Cloud Computing

Original Author: ISO
Original Link:

Risk Briefing Summary:

The January – February 2015 ISOFocus magazine has been released online by ISO [link above].

This issue focused on Cloud Computing and in particular the “End of Cloud Chaos”.

The magazine discusses ISO/IEC 27018 – “the first International Standard on security of personal data in the cloud”

Extract from the Publication:

So how can companies create a standard service level agreement for cloud services ? How can they make better-informed decisions when assessing whether to use a cloud computing solution and which solution best meets their business needs ?

Published in 2014, ISO/IEC 27018 is the first International Standard that focuses on protection of personal data in the cloud. Although only a few months old, the new standard should finally give cloud users confidence that their service provider is well-placed to keep data private and secure.

Yalamova adds, “ ISO/IEC 27018 specifies certain minimum types of security measures that cloud pro- viders should adopt, if applicable, including encryption and access controls. The cloud standard also requires cloud providers to implement security awareness pol- icies and make relevant staff aware of the potential consequences (for staff, the cloud provider and the customer) of breaching privacy and security rules.”

As the first-ever standard that deals with the protection of personal data for the cloud, ISO/IEC 27018 has the following key objectives :

  • Help cloud service providers that process personally identifiable information to address applicable legal obligations as well as customer expectations
  • Enable transparency so customers can choose well-governed cloud services
  • Facilitate the creation of contracts for cloud services
  • Provide cloud customers with a mechanism to ensure cloud provid- ers’ compliance with legal and other obligationsIn a nutshell, ISO/IEC 27018 provides a practical basis to induce confidence in the cloud industry. At the same time, the public cloud industry will have clear guid- ance in order to meet some of the legal and regulatory concerns of its clients. What’s not to like ?