We look at how certifications and audits boost confidence in cloud security
Cloud has reached a tipping point, with more businesses now confident about putting their information online. Even executives who used to be hesitant about going 'on-demand' are beginning to believe in the strengths of the cloud.
As many as 64.9% of IT leaders think the cloud is as secure or more secure than traditional on-premise software, according to the Cloud Security Alliance. The main providers play a key role in boosting confidence, helping to reassure IT and business leaders that sensitive data is safe and secure online.
Suppliers are taking crucial steps to beef up their security and help deliver compliance the business can rely on. The key here is independent certifications and third party audits from a variety of accredited organisations.
Take ISO/IEC 27001, the first international code of practice for cloud privacy, which defines how providers must continually improve their information security management systems. The standard includes best practice around documentation, availability and access control.
Its sister certification, ISO/IEC 27018, is an additional standard based on EU data-protection laws. It gives guidance to providers that process personally identifiable information. The certification gives peace of mind to CIOs by assessing risks and implementing state-of-the-art controls at the provider level.
Of course, IT leaders remain responsible for processes within their own organisations. Having said this, independent certification can be used in a firm's own compliance assessment, proving to internal executives and external auditors that a move to the cloud is low risk.
Certification is, in short, a clear sign that the IT industry sees cloud security as the key to continued growth. Microsoft was the first firm to become ISO/IEC 27018-compliant. Other providers have taken similar steps, helping CIOs to recognise which external suppliers can really be seen as trusted partners.
No comments:
Post a Comment