Call Us

US East: +1 513 401 7107

US West: +1 213 279 1055

​UK: +44 2038 802 321

CH: +41 44 585 91 15

Email Us

Stay Connected

  • Grey LinkedIn Icon
  • Grey Facebook Icon

Where We're Located

35 Rockridge, Englewood OH 45322

Copyright (c) 2019 by Allendevaux & Company LLC.  

All rights reserved.

Secure Cloud Services

ISO/IEC 27017:2015 – Secure Cloud Services

Cloud computing has changed the way organizations deliver and consume digital services, enabling ubiquitous access to users across Internet links. Due to this public nature, enterprises should assess and mitigate information security risks from a proper technical design, to ongoing operation, governance, and audit. While implementing ISO/IEC 27001 with ISO/IEC 27002 controls brings some risk assurance and information security governance, expanded control sets through ISO/IEC 27017 are needed to provide cloud-specific implementation guidance based on security threats and risk considerations in this realm.
 

ISO/IEC 27017 addresses many critical areas, including these:
 

  • What are the cloud controls for the removal and return of assets when a customer contract is terminated?

  • What are the cloud controls for virtual machine configuration and monitoring?

  • What’s necessary to protect and separate the customer’s virtual environment in a cloud environment?

  • Who is assigned the various responsibilities between the cloud service provider and the cloud customer?

  • What administrative operations and procedures are associated with the cloud service?

 

The cloud service provider benefits from ISO/IEC 27017 in numerous ways, include these:
 

  • Adherence provides a competitive industry advantage, demonstrating robust controls for data protection;

  • Safeguards against reputation damage and regulatory fines from a data breach, because it reduces the risk associated with intention and unintentional threats;

  • Promotes trust and confidence in the service provider’s business, resulting in reassurance to customers and stakeholders alike that information is safeguarded;

  • Provides guidelines across geographies that bring consistency to data protection, promoting business growth.

 

How We Can Help

 

The professionals at ALLENDEVAUX have deep knowledge and industry experience with cloud security, including network and infrastructure best practices, and will help design an ISO/IEC 27017 cloud security programme to address appropriate areas including these controls:
 

  • supplier relationships instrumental to cloud service delivery and support;

  • information security risk management processes;

  • cloud computing specific risks beyond the norm, including network scalability and elasticity of ecosystems, self-service provisioning, administration on-demand, and cross-jurisdictional service provisioning;

  • augmented information security policy to plan for multitenancy and cloud service customer isolation, access controls by staff, access procedures, communication plan for cloud service customers during change management, lifecycle management, breach notification plan;

  • augmented mobile device policy and teleworking policy for guidance implementation and governance;

  • specific cloud service awareness and training requirements for employees and contractors;

  • specify proper media handling protocols for removable media, its disposal, and transfer;

  • user registration and deregistration for access management.