Will ISO certification help bring stronger confidence in the security of the cloud model?

tswayne
tswayne 30 weeks ago

One concern that I hear regularly about cloud computing is worry about data security. ISO (International Organization for Standardization) has cleared a standard for data transfer between public and private clouds called the Cloud Data Management Interface. Would you seek out providers with ISO certification? Is this likely to actually improve security practices among cloud providers, or is it mere window dressing like belonging to the Better Business Bureau?

Tags: CDMI, ISO certification, security
Topic: Cloud Computing
Answer this Question

Answers

3 total
MrISO
MrISO 30 weeks ago
Vote Up (7)

Good question!

 

ISO standards are created by global consensus with end users actively participating. They're also reviewed and updated on an ongoing basis to ensure relevancy. The family of ISO management standards, which includes ISO 27001 for Information Security, are all about processes, which means they are equally relevant for small and large organisations. All great reasons why the likes of ISO 27001 have become internationally recognised and respected...

 

Whilst ISO 27001 is a great all-rounder, ISO recognise the need for more specialist standards too. In fact, they have just released ISO 27032 which provides guidelines for cybersecurity.

http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1667

 

Achieving certification to ISO 27001 is far more than simply gaining a membership. It requires a third-party Certification Body to come in and check the organisation meets the requirements of the standard. You must also have a re-audit every year to ensure you still complying and continually improving. As such, it is a much more powerful message to clients.

 

Google have had their Google Apps for Business certified to ISO 27001 to demonstrate their information security credentials to clients, helping to alleviate concerns you have mentioned.

http://www.british-assessment.co.uk/articles/google-brings-iso-27001-int...

 

Right behind them is Microsoft. How many chances do businesses get to compete on a level playing field with the likes of Microsoft and Google? ISO 27001 can provide that sort of credibility to cloud computing providers.

http://www.computerworld.com/s/article/9139820/Microsoft_wants_ISO_secur...

 

I hope that provides some food for thought. If you would like to read up more on ISO 27001, i've written the following article.

http://www.british-assessment.co.uk/articles/taking-information-security...

 

stylor
stylor 30 weeks ago
Vote Up (2)

 

It should. ISO is a rigid set of standards.  While not the ISO certification that you are specifically refering to, ISO 27001 has been a gold standard for security standards for some time, and if a company (Google for instance) is ISO 27001 certified, it sends a message to me that they take security very seriously.  I definitely respect ISO certification, and given the choice between two companies, one with ISO and one without, I would go with the one that is ISO certified.  Check this out to get an idea how comprehensive the procedures and audit checklists are:

http://www.globalmanagergroup.com/iso-27001-it-security-standard-documen...  

 

jimlynch
jimlynch 30 weeks ago
Vote Up (3)

I don't think it will hurt, and it may help a lot by encouraging providers to adhere to a standard. Standards to help bolster confidence and encourage customers to move toward providers that have them.

I'd say stay tuned over the next year or two, and watch to see which providers adapt them and then see if their customer bases increase. We'll know eventually if customers really value this particular standard.

Answer this Question

Related Questions

pwarren
pwarren
1 year ago
Will Dropbox start paying attention to their security?

Earlier this week, Dropbox accidentally turned off password authentication for its 25 million users for a four-hour period. This, on the...

Tags: cloud computing, Dropbox, security
4 Answers
Answer It
lbloom
lbloom
13 weeks ago
TRUSTED VOICE
Is Quickbooks Online safe?

Given the rising surge in hacking attacks from Anonymous, Lulzsec, as well as attacks from Russia and China, is a cloud-based service...

Tags: accounting, cloud, finances, quickbooks, security
5 Answers
Answer It
ncharles
ncharles
1 year ago
Does the Cloud need better PR for consumer acceptance?

Some people in the media are questioning whether or not "the Cloud" has become a dirty phrase, after all the highly public and humbling...

Tags: cloud, pr, security
4 Answers
Answer It
SilverHawk
SilverHawk
1 year ago
What do you make out of recent reports claiming vulnerabilities in Amazon's AMI?

I've seen a couple of articles claiming that there are security vulnerabilities and backdoors. Clearly security is one major concern...

Tags: amazon, AMI, cloud, security
2 Answers
Answer It
pcaulfield
pcaulfield
1 year ago
How do you decide whether to allow employees that "BYOD" to use Dropbox and other cloud storage services?

We have a limited BYOD (Bring You Own Device) policy, and are just dipping our toes in the water at this point. One thing a friend who...

Tags: BYOD, cloud storage, security
2 Answers
Answer It

Ask a question

Join Now or Sign In to ask a question.
Citrix links cloud-based storage to SharePoint and Azure
Citrix Systems is making its cloud-based storage service ShareFile more Microsoft-friendly with SharePoint integration and the ability to store data on Azure.
Salesforce.com aims its customer service, social monitoring apps at governments
Salesforce.com is hoping to set the standard for how government bodies deliver online services to citizens using mobile devices.
Does Yahoo's 1TB of Flickr storage signal bigger cloud plans?
With Flickr now offering users 1TB of free photo storage, Yahoo may just be getting started when it comes to cloud storage.
VMware launches network-savvy cloud service
VMware has launched its long-anticipated public infrastructure as a service (IaaS), touting its virtual networking capabilities as a differentiator from other established hybrid cloud offerings.
Amazon Web Services gets FedRAMP certification for US government cloud use
Amazon Web Services has finally received certification under the Federal Risk and Authorization Management Program, which the company said will lower the cost of implementing its cloud services among government organizations and agencies in the U.S.
Music labels promise to split iRadio royalties equally with artists; what could go wrong?
Directly licensing music from labels could let Apple and others offer music services which may be better for the listener, but potentially less profitable for recording artists
How VMware will try to shake up the cloud market this week
There have been rumors and speculation. There have been whispers and rumblings. But this week VMware is expected to release details about its plans to launch a public cloud offering, the central part of its new hybrid cloud strategy.
Yahoo on Tumblr: We won't 'screw it up'
Yahoo has confirmed widespread reports that it will acquire the popular blogging service Tumblr, and also promised not to "screw it up." The deal is worth about $1.1 billion, nearly all in cash.
Former Amazon cloud engineer tells all on Reddit
Amazon is notoriously hush-hush about its internal operations.
No big-bang Apps news at I/O, but some announcements merit attention
Apps, Google's flagship product for enterprise IT, had a minor presence at this week's I/O developer conference, but some announcements at the show and in prior weeks deserve attention from customers of the cloud email and collaboration suite.

Most Active Members

jimlynch

jimlynch

0 questions | 1603 answers

TRUSTED VOICE
Christopher Nerney

Christopher Nerney

2 questions | 179 answers

becker

becker

43 questions | 92 answers

TRUSTED VOICE
wstark

wstark

41 questions | 70 answers

lsmall

lsmall

14 questions | 87 answers

TRUSTED VOICE