Head Ads

What are Main Standards for Security in Cloud Computing


What are Main Standards for Security in Cloud Computing

Standards for Security in Cloud Computing
Standards for Security in Cloud Computing

Cloud computing has become the new normal for businesses of all sizes. Its scalability flexibility and cost effectiveness are undeniable. However with great power comes great responsibility especially when it comes to data security. To ensure a safe and secure cloud environment adhering to established security standards is crucial. Let’s explore some key standards that bolster cloud security:

1. International Organization for Standardization (ISO) 27001: Information Security Management Systems (ISMS):

This is the gold standard for information security management. ISO 27001 outlines a framework for establishing implementing maintaining and continually improving an information security management system (ISMS). An ISMS helps organizations systematically manage information risks including those associated with cloud computing.

2. ISO/IEC 27017: Cloud Security – Information security for cloud service use:

This standard builds upon ISO 27001 and provides specific guidance for securing cloud environments. It covers areas like risk management service level agreements (SLAs) with security considerations and incident reporting for cloud services.

3. Cloud Security Alliance (CSA) Security Trust and Assurance Registry (STAR):

Developed by the Cloud Security Alliance a non profit organization the CSA STAR program provides a comprehensive framework for assessing the security posture of cloud service providers (CSPs). The program offers different levels of assurance (STAR Self Assessment CSA STAR Attestation CSA STAR Certification) based on the rigor of the assessment.

4. National Institute of Standards and Technology (NIST) Special Publication (SP) 800 161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations (FISMA):

This publication developed by the National Institute of Standards and Technology (NIST) in the US provides a risk based approach to managing supply chain risks including those associated with cloud computing services. While primarily aimed at US federal agencies the guidance is valuable for any organization utilizing cloud services.

5. The Payment Card Industry Data Security Standard (PCI DSS):

For businesses that handle credit card information adhering to PCI DSS is mandatory. This standard outlines specific requirements for protecting cardholder data which also applies to cloud environments where such data is stored or processed.

Choosing the Right Standards:

The specific security standards you need to comply with will depend on your industry regulatory environment and the type of data you handle in the cloud. However understanding the major standards like those mentioned above provides a strong foundation for securing your cloud environment.

Beyond Standards: Building a Robust Security Posture

Adherence to security standards is an essential first step.

Here are some additional practices that strengthen your cloud security:

·       Encryption: Encrypt your data at rest and in transit to ensure confidentiality.

·       Identity and Access Management (IAM): Implement robust IAM controls to restrict access to cloud resources based on the principle of least privilege.

·       Regular Security Audits: Proactively identify and address vulnerabilities through penetration testing and security assessments.

·       Data Backup and Recovery: Have a robust backup and recovery plan in place to ensure business continuity in case of a security incident.

By adhering to established security standards and implementing best practices you can create a secure and resilient cloud environment. Remember security is an ongoing process not a one time fix. Regular monitoring vigilance and adaptation are key to protecting your valuable data in the ever evolving cloud landscape.

Sources info

1.     sendbird.com/blog/sendbird granted iso 27001 certification

2.     itic.org/advocacy/resources ajax.dot?p=26&fromDate=01/01/1990

3.     www.nist.gov/advanced communications/nists leadership advanced communications

No comments

Note: Only a member of this blog may post a comment.