Original Author: ISO
Original Link: http://www.iso.org/iso/home/news_index/iso_magazines/isofocusplus_index.htm
Risk Briefing Summary:
The January – February 2015 ISOFocus magazine has been released online by ISO [link above].
This issue focused on Cloud Computing and in particular the “End of Cloud Chaos”.
The magazine discusses ISO/IEC 27018 – “the first International Standard on security of personal data in the cloud”
Extract from the Publication:
So how can companies create a standard service level agreement for cloud services ? How can they make better-informed decisions when assessing whether to use a cloud computing solution and which solution best meets their business needs ?
Published in 2014, ISO/IEC 27018 is the first International Standard that focuses on protection of personal data in the cloud. Although only a few months old, the new standard should finally give cloud users confidence that their service provider is well-placed to keep data private and secure.
Yalamova adds, “ ISO/IEC 27018 specifies certain minimum types of security measures that cloud pro- viders should adopt, if applicable, including encryption and access controls. The cloud standard also requires cloud providers to implement security awareness pol- icies and make relevant staff aware of the potential consequences (for staff, the cloud provider and the customer) of breaching privacy and security rules.”
As the first-ever standard that deals with the protection of personal data for the cloud, ISO/IEC 27018 has the following key objectives :
- Help cloud service providers that process personally identifiable information to address applicable legal obligations as well as customer expectations
- Enable transparency so customers can choose well-governed cloud services
- Facilitate the creation of contracts for cloud services
- Provide cloud customers with a mechanism to ensure cloud provid- ers’ compliance with legal and other obligationsIn a nutshell, ISO/IEC 27018 provides a practical basis to induce confidence in the cloud industry. At the same time, the public cloud industry will have clear guid- ance in order to meet some of the legal and regulatory concerns of its clients. What’s not to like ?