Would you put your money in a bank you didn’t think was operating to the highest standards?
That’s the question asked in the latest edition of ISOfocus, the magazine for the International Organization for Standardization (ISO). The point it is making is that the cloud is pretty much like a bank – you outsource your data to a third party who you entrust to protect it and allow you to access it when you need it.
Privacy concerns are a big part of cloud computing and any business or organisation that is making the leap into using cloud services has to be mindful of who it trusts to provide a top quality service.
That’s pretty much why the ISO has developed the first international standard on cloud privacy or, if you’re into technical descriptions, ISO/IEC 27018.
Professor Edward Humphreys, Convenor of the ISO working group responsible for information security management standards, is quoted in ISOfocus as saying that many organisations may not understand that they need to select a cloud service provider that has good governance over the processing of personal data. Prof. Humphreys says, “Companies need to have assurance in the underlying cloud provider.” And, he continues, “A cloud service provider needs, as part of its governance process, to have a system of controls in place that specifically addresses the protection of personal data.”
As the first ever standard that deals with protection of personal data for the cloud, ISO/IEC 27018 aims to:
• Help cloud service providers that process personally identifiable information to address applicable legal obligations as well as customer expectations
• Enable transparency so customers can choose well-governed cloud services
• Facilitate the creation of contracts for cloud services
• Provide cloud customers with a mechanism to ensure cloud providers’ compliance with legal and other obligations
Working with a well governed cloud service provider engenders a degree of trust about the approach of both organisations to the security of the data involved and the privacy of that data.
The new international standard will provide a common set of controls and objectives around applicable obligations to help prevent risk to the protection of personal data in the cloud.
iomart is proud to be one of the earliest adopters of this new standard and will work with its customers to deliver the highest standards in cloud computing as it has done since it gained its first ISO accreditation for its Information Security Management System back in 2008Subscribe to RSS Feed