ISO 27017 – Security Controls for Cloud Services

ISO 27017 – Security Controls for Cloud Services
By Sysprove

ISO 27017 – Security Controls for Cloud Services

Introduction

Cloud services emerged in the mid-2000s and have continued to develop to become a mainstream technology option for most organisations.  However, cloud is not just a minor technology change, it is both a strategic opportunity and a strategic challenge for organisations. The range of cloud services continues to grow, and security continues to be a key factor and enabler for cloud use. The evolution of security for cloud has resulted in cloud service providers being at the forefront of security and cloud customers have a high understanding and expectations of a robust cloud security.

As part of the International Standardization Organisation ISO’s family of Information Security Standards known as ISO 27000 a key standard is ISO 27017: associated with the Code of Practice for Information Security Controls is based on ISO/IEC 27002 for Cloud Services is specifically designed to be applied to cloud environments from the perspectives of both the provider and the consumer / customer. The standard provides additional cloud-focused implementation guidance for relevant controls.

Cloud Guidance introduced by ISO 27017 in relation to ISO 27002

For each security control the ISO 27017 standard highlights the applicability of using ISO 27002 guidelines for cloud and provides further information where relevant. The table below lists controls to be utilised and implementation guidelines are further defined for cloud services in addition to the guidelines provided within ISO 27002.

New controls introduced by ISO 27017

Furthermore, the ISO 27017 introduces additional controls with implementation guidance that specifically relate to cloud services which can be found within the Annex of the standard under “Cloud service extended control set”. The table below lists down the additional controls with a brief description.

Whether organisations are providers or consumers of cloud service, aligning with ISO 27017 provides assurances that the relevant controls have been complied with and good practices followed.

Related Posts

Cyber Safety Awareness @ Beacon School
20 Aug 2020
Cyber Security Awareness Session to the National Audit Office (NAO)

Sysprove Consulting conducted cyber security awareness sessions to the National Audit Office of Bahrain

31 Mar 2022
SABSA® Foundation (F1 & F2)

SABSA® Institute’s official starting point for developing Security Architecture Competencies.

29 Jun 2021
CIO – CISO Briefing on Information Security Architecture

Transforming Information Security from A Cost Centre To A Centre Of Excellence

05 Feb 2020
Need for Cyber Security Awareness

Importance of spreading cyber security awareness within an organisation, and why it is everyone’s responsibility to participate.

11 Jan 2020
Enhance your Knowledge and get SABSA Certified in Bahrain

SABSA® Institute’s official starting point for developing Security Architecture Competencies.

23 Aug 2022
Webinar – Cyber Security Risks to SMEs and tips to address these risks

Sysprove Consulting moderated a webinar for the Technology Committee of BCCI

01 Dec 2021
27th Edition of the COSAC Annual Conference will be held online

Attend COSAC conference on 29 & 30 Sept and gain insights from information security thought leaders

07 Sep 2020
SABSA® Foundation (F1 & F2) – Virtual Training

Sysprove in partnership with SABSA Institute and David Lynas Consulting is conducting the much sought after SABSA Foundation Training focused on attendees from the Middle East Region. The training and examination is held virtually where attendees could attend remotely.

28 Jun 2021
Sysprove’s Refined Website and Services

We have updated our website to a new layout and include several new services to fulfill the needs of our clients

03 Jun 2020
Previous Next
Close
Test Caption
Test Description goes like this