t
tswayne
Oct 22, 2012

Will ISO certification help bring stronger confidence in the security of the cloud model?

One concern that I hear regularly about cloud computing is worry about data security. ISO (International Organization for Standardization) has cleared a standard for data transfer between public and private clouds called the Cloud Data Management Interface. Would you seek out providers with ISO certification? Is this likely to actually improve security practices among cloud providers, or is it mere window dressing like belonging to the Better Business Bureau?

e
emmawtn007
02/20/2014

Indeed!! As we know something is better than nothing. If a company is having ISO 27001 certification it means they fulfill all standard criteria required to meet security level. In other side Better Business Bureau gives all business vews and affiliated company can get more trust than other one.  

 

Emma

www.isoconsultant.us

M
MrISO
10/24/2012

Good question!

 

ISO standards are created by global consensus with end users actively participating. They're also reviewed and updated on an ongoing basis to ensure relevancy. The family of ISO management standards, which includes ISO 27001 for Information Security, are all about processes, which means they are equally relevant for small and large organisations. All great reasons why the likes of ISO 27001 have become internationally recognised and respected...

 

Whilst ISO 27001 is a great all-rounder, ISO recognise the need for more specialist standards too. In fact, they have just released ISO 27032 which provides guidelines for cybersecurity.

http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref16...

 

Achieving certification to ISO 27001 is far more than simply gaining a membership. It requires a third-party Certification Body to come in and check the organisation meets the requirements of the standard. You must also have a re-audit every year to ensure you still complying and continually improving. As such, it is a much more powerful message to clients.

 

Google have had their Google Apps for Business certified to ISO 27001 to demonstrate their information security credentials to clients, helping to alleviate concerns you have mentioned.

http://www.british-assessment.co.uk/articles/google-brings-iso-27001-int...

 

Right behind them is Microsoft. How many chances do businesses get to compete on a level playing field with the likes of Microsoft and Google? ISO 27001 can provide that sort of credibility to cloud computing providers.

http://www.computerworld.com/s/article/9139820/Microsoft_wants_ISO_secur...

 

I hope that provides some food for thought. If you would like to read up more on ISO 27001, i've written the following article.

http://www.british-assessment.co.uk/articles/taking-information-security...

 

s
stylor
10/23/2012

 

It should. ISO is a rigid set of standards.  While not the ISO certification that you are specifically refering to, ISO 27001 has been a gold standard for security standards for some time, and if a company (Google for instance) is ISO 27001 certified, it sends a message to me that they take security very seriously.  I definitely respect ISO certification, and given the choice between two companies, one with ISO and one without, I would go with the one that is ISO certified.  Check this out to get an idea how comprehensive the procedures and audit checklists are:

http://www.globalmanagergroup.com/iso-27001-it-security-standard-documen...  

 

jimlynch
10/22/2012
I don't think it will hurt, and it may help a lot by encouraging providers to adhere to a standard. Standards to help bolster confidence and encourage customers to move toward providers that have them.

I'd say stay tuned over the next year or two, and watch to see which providers adapt them and then see if their customer bases increase. We'll know eventually if customers really value this particular standard.
Answer this