Will ISO certification help bring stronger confidence in the security of the cloud model?

tswayne

One concern that I hear regularly about cloud computing is worry about data security. ISO (International Organization for Standardization) has cleared a standard for data transfer between public and private clouds called the Cloud Data Management Interface. Would you seek out providers with ISO certification? Is this likely to actually improve security practices among cloud providers, or is it mere window dressing like belonging to the Better Business Bureau?

Answer this Question

Answers

4 total
MrISO
Vote Up (14)

Good question!

 

ISO standards are created by global consensus with end users actively participating. They're also reviewed and updated on an ongoing basis to ensure relevancy. The family of ISO management standards, which includes ISO 27001 for Information Security, are all about processes, which means they are equally relevant for small and large organisations. All great reasons why the likes of ISO 27001 have become internationally recognised and respected...

 

Whilst ISO 27001 is a great all-rounder, ISO recognise the need for more specialist standards too. In fact, they have just released ISO 27032 which provides guidelines for cybersecurity.

http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1667

 

Achieving certification to ISO 27001 is far more than simply gaining a membership. It requires a third-party Certification Body to come in and check the organisation meets the requirements of the standard. You must also have a re-audit every year to ensure you still complying and continually improving. As such, it is a much more powerful message to clients.

 

Google have had their Google Apps for Business certified to ISO 27001 to demonstrate their information security credentials to clients, helping to alleviate concerns you have mentioned.

http://www.british-assessment.co.uk/articles/google-brings-iso-27001-int...

 

Right behind them is Microsoft. How many chances do businesses get to compete on a level playing field with the likes of Microsoft and Google? ISO 27001 can provide that sort of credibility to cloud computing providers.

http://www.computerworld.com/s/article/9139820/Microsoft_wants_ISO_secur...

 

I hope that provides some food for thought. If you would like to read up more on ISO 27001, i've written the following article.

http://www.british-assessment.co.uk/articles/taking-information-security...

 

stylor
Vote Up (10)

 

It should. ISO is a rigid set of standards.  While not the ISO certification that you are specifically refering to, ISO 27001 has been a gold standard for security standards for some time, and if a company (Google for instance) is ISO 27001 certified, it sends a message to me that they take security very seriously.  I definitely respect ISO certification, and given the choice between two companies, one with ISO and one without, I would go with the one that is ISO certified.  Check this out to get an idea how comprehensive the procedures and audit checklists are:

http://www.globalmanagergroup.com/iso-27001-it-security-standard-documen...  

 

jimlynch
Vote Up (6)

I don't think it will hurt, and it may help a lot by encouraging providers to adhere to a standard. Standards to help bolster confidence and encourage customers to move toward providers that have them.

I'd say stay tuned over the next year or two, and watch to see which providers adapt them and then see if their customer bases increase. We'll know eventually if customers really value this particular standard.

emmawtn007
Vote Up (5)

Indeed!! As we know something is better than nothing. If a company is having ISO 27001 certification it means they fulfill all standard criteria required to meet security level. In other side Better Business Bureau gives all business vews and affiliated company can get more trust than other one.  

 

Emma

www.isoconsultant.us

Ask a question

Join Now or Sign In to ask a question.
In the wake of recent security breaches of medical databases, doctors can’t be too careful
Through a predictive form of rendering, gaming from the cloud may be possible.
Jumping into the growing NoSQL market, Microsoft has debuted a simple data store through the Azure cloud hosting service.
Most people start thinking about retirement when they turn 70, if they haven't already called it a career. Not Oracle CEO Larry Ellison, who passed that milestone Sunday.
Cloud computing isn't just for the enterprise; it's likely to bring big changes to small businesses too, survey finds.
A year ago VMware laid out an ambitious plan, now it's time to hear the details.
Ryan Carmack, the 9 year-old son of the famed programmer and game designer, has released Pong-clone called Angry Face
It's not surprising that former Microsoft CEO Steve Ballmer abruptly gave up his board seat some six months after leaving the top job, and the move should help cement the regime and strategy of his successor Satya Nadella, according to several industry observers.
Venture capital fundraising has picked up steam in the U.S., with cloud computing, mobile technology and robotics getting solid backing.
A new study reveals that Java developers make the most while JavaScript programmers are the most wanted
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+