Backup Collaboration Mobile Security Storage Strategy Virtualisation

Keeping up the standard

Article Type: Opinion          Published: 07-2016         Views: 2856      



Frank Krieger, Director of Compliance at iland, looks at ISO compliance in the Cloud and why it is important for Cloud Service Providers and their clients

More and more organisations are looking to move to cloud to benefit from scalability, cost reduction and the ability to launch new service offerings fast. The dynamic nature of cloud however necessitates security and compliance controls that frankly can be daunting. Issues around mobility and multi-tenancy, identity and access management, data protection and incident response and assessment all need to be addressed. And with multiple modes - SaaS, PaaS, IaaS, public, private, hybrid - creating added complexity in how security and compliance is carried out and by whom, this can lead IT leaders to think twice about leveraging cloud.

Organisations already in the process of implementing ISO 27001 to audit and report on the state of controls within their environment will know the immense amount of work required. However, while addressing compliance in the cloud is undoubtedly tough, it doesn't have to be an obstacle.

WHAT IS ISO 27001?
ISO 27001 is a widely adopted global security standard and framework that sets out requirements and best practices for a comprehensive approach to managing company and customer information. Proving IT security practices is an important element of achieving ISO 27001. The business benefits of ISO 27001 certification are many. ISO 27001 is an effective way to reduce the risk of your organisation suffering a data breach, satisfies audit requirements and establishes trust both internally and externally that security controls are properly managed, providing customers with greater confidence in doing business with you.

As companies race to combat security threats and address evolving compliance requirements they often struggle to implement and demonstrate the consistent security management that is core to ISO 27001. ISO 27001 is not for the faint of heart and does require significant organisational commitment.

Here are six key recommendations to help you achieve successful accreditation and maintain compliance in the cloud with ISO ISO27001:

• Engage with senior management from the outset and work with your leaders to drive standards. Buy-in is essential, and it's not just directors and VPs: CFOs, CEOs and business owners all need to be on board. Clear communication from the top is key as the whole organisation will need to align to make the initiative a success.

• Review the standards that need to be put in place - think beyond process. Many organisations will attempt to put policies and procedures in place without realising that cultural changes need to happen to make those policies and procedures stick. Without the proper alignment it can be difficult to make the changes needed to achieve on-going compliance.

• Perform a gap analysis to understand any deficiencies. Conduct an honest assessment of where you are today and where the organisation needs to get to.

• Aggressively work to educate your employees. Put a plan in place and communicate with staff that ISO is a full organisation activity and is in everyone's job description going forward. It's not a one off.

• Always be cognitive of risk. The organisation needs to objectively evaluate all levels of risk as you go through the process, including the risk that you generate yourself. A successful outcome is dependent on this and may well change the way you operate and structure your services.

• Document, document, document. As you go through you'll find that there are many pieces that need to be secured be that patching, remediation of events or incident controls. If you don't leave a record it becomes difficult to prove the path you took to compliance. Your customers will also want to know what you've been doing and how you've been doing it.

Page   1  2

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top

PREVIOUS ARTICLE