A recent Gartner study predicts double-digit growth in all cloud sectors, reaching a total spend of $210 billion dollars by 2016. But as enterprise organizations continue to investigate the benefits to moving data and application management to third party cloud service providers, concern for data security and privacy remains the primary reason for a pause to full implementation. According to a 2014 global study from BT, data security and trust in cloud-based services is a cause for unease among IT decision makers within large organizations. Almost half of respondents admitted that they are “very or extremely anxious” about the security implications surrounding the cloud. The question many IT decision makers are asking is; When relying on a cloud provider, how do you know what security protocols are in place and how well are they performing? As is the case with all partnerships, trust is paramount to a relationships success.
Prof. Edward Humphreys, Convenor of the ISO working group is responsible for information security management standards including ISO/IEC 27001, ISO/IEC 27002 and the cloud security standard ISO/IEC 27017. He believes that creating a climate of trust is the most important prerequisite when outsourcing IT. “Companies need to have assurance in the underlying cloud provider,’ Humphreys says, “Many users may not understand that they need to select a cloud service provider that has good governance over the processing of personal data; and those that do know this may have difficulty knowing how to verify that good governance is in place. This situation can lead to increased risks for the protection of personal data.” ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles for the public cloud computing environment.
Microsoft has announced that it is the first major cloud provider to adopt the first international cloud privacy standard developed by the International Organization for Standardization (ISO). Independent auditors at the British Standards Institute (BSI) have verified that Microsoft Azure, Office 365 and Dynamics CRM Online are all in compliance with the standard. “Adherence to ISO 27018 provides a number of important security safeguards,” said Microsoft executive vice president and general counsel Brad Smith, “It ensures that there are defined restrictions on how we handle personally identifiable information, including restrictions on its transmission over public networks, storage on transportable media and proper processes for data recovery and restoration efforts. In addition, the standard ensures that all of the people, including our own employees, who
process personally identifiable information, must be subject to a confidentiality obligation. The validation that we’ve adopted this standard is further evidence of our commitment to protect the privacy of our customers online.”
Image courtesy of Stuart Miles at FreeDigitalPhotos.net