It’s possible no industry is more familiar with the pressure to “prove security” than the cloud services industry. To attract and retain customers and avoid regulatory sanctions, today’s Cloud Service Providers (CSPs) need to prove they are secure to everyone: prospects, business partners, shareholders, regulators… the list goes on.
ISO 27017, the Code of Practice for Information Security Controls Based on ISO/IEC 27001 for Cloud Services, builds on the ISO 27002 standard to provide targeted guidance for both cloud services providers and consumers. CSP’s who extend the scope of their ISO 27001 compliant Information Security Management System (ISMS) to include ISO 27017 have confidence they are managing their cloud environments security.
With Pivot Point Security as your trusted partner, demonstrating ISO 27017 conformance year over year as an adjunct to your ISO 27001 certification is assured. Our CSP clients enjoy enhanced cloud security postures, streamlined security processes and the ability to provably demonstrate to any stakeholder that their cloud environment is secure and in compliance with applicable regulations.
- Improved customer and stakeholder confidence in your service
- Simplified ability to do business globally or in multiple regions/countries
- Streamlined contract negotiation
- Improved ability to comply with evolving laws and regulations governing the handling of information in your cloud
- Reduce the cost of cyber liability insurance (CLI)
How does ISO 27017 up your Cloud Security Game?
Besides offering guidance for public cloud services providers and consumers on many of the ISO 27001/27002 controls, ISO 27017 also describes seven additional controls:
- Shared roles and responsibilities in cloud computing environments
- Removal of cloud service customer assets
- Segregation in virtual computing environments
- Virtual machine hardening
- Administrator operational security
- Monitoring of cloud services
- Security management for physical and virtual networks
Our ISO 27017 consulting services help our CSP clients strategize, build, and certify a robust and effective ISMS with associated controls specific to public cloud security. Our experts offer a wealth of cloud security experience to guarantee that your controls conform to the ISO 27017 standard.
ISO 27017 Frequently Asked Questions (FAQ)
Part of the ISO 27000 family of globally recognized standards that help organizations keep data secure, ISO 27017 provides guidance on the information security issues specific to public cloud computing. ISO 27017 augments the guidance provided by ISO 27002 to better address cloud-specific use cases.
Part of the ISO 27000 family of globally recognized standards that help organizations keep data secure, ISO 27017 provides guidance on the information security issues specific to public cloud computing. ISO 27017 augments the guidance provided by ISO 27002 to better address cloud-specific use cases.
ISO 27001 is the most important standard in the ISO 27000 family of globally recognized standards that provide guidance and a logical framework that organizations use to keep information secure. It is the “de facto standard” for Information security and widely recognized as the best way to prove to key stakeholders that you have a strong cybersecurity program.
- Achieve conformance at your own pace– With our dedicated ISO 27017 expertise on tap, you’ll have the information, documentation and staff augmentation you need, when you need it.
- Chart a roadmap and stay on target– Routine status/coordination meetings between our ISO 27017 specialists and your in-house team will keep your project moving ahead.
- Time- and cost-effective conformance – Our subject matter expertise, proven processes and standard-driven artifacts will simplify and accelerate your conformance process, saving you time and money.
- Make sure your company conforms to ISO 27017 requirements– Pivot Point Security ensures your success by validating that all your processes and controls fully conform to the ISO 27017 guidance.
- Make sure you pass your ISO 27001 certification audit– We provide onsite support to ensure a smooth and successful certification audit, including your cloud security controls.
- Ensure you maintain your ISO 27017 conformance year upon year– Pivot Point Security provides whatever ongoing support you need to operate your cloud security controls, continually improve your public cloud security posture, implement your Internal Audit Program, and maintain ISO 27017 conformance within the scope of your ISO 27001 certification.