1. Home
  2. Training Library
  3. Virtualisation and cloud computing [CISMP]

Enhanced cloud service controls

Enhanced cloud service controls

Users place a lot of trust in cloud providers to keep their data safe and secure. 

To this end ISO/IEC 27017 & 27018 aim to reduce the risk of security problems by providing enhanced controls for cloud service providers and cloud service customers.

What does the standard provide?

The standard provides cloud-based guidance on 37 of the controls in ISO/IEC 27002 but also features seven new cloud controls that address the following:

  1. Who is responsible for what between the cloud service provider and the cloud customer. 
  2. The removal/return of assets when a contract is terminated. 
  3. Protection and separation of the customer’s virtual environment. 
  4. Virtual machine configuration. 
  5. Administrative operations and procedures associated with the cloud environment. 
  6. Cloud customer monitoring of activity within the cloud. 
  7. Virtual and cloud network environment alignment.

Unlike many other technology-related standards ISO/IEC 27017 clarifies both party’s roles and responsibilities to help make cloud services as safe and secure as the rest of the data included in a certified information management system. 

ISO 27017 is about information security controls for cloud services (generic), and ISO 27018 is specifically developed for protecting privacy in the cloud.

What’s next? 

Next up, you’re going to taking a look at IT infrastructure security. Before moving on, take a minute to note down any security measure you can think of that might fall under this umbrella.

Difficulty
Beginner
Duration
37m
Description

In this Course on virtualisation and cloud computing, you will learn about the advantages of the cloud, how it works and cloud model types. You will also explore the security and privacy issues, commercial risks, and service controls involved in cloud computing and virtualisation.

About the Author
Students
23055
Labs
101
Courses
733
Learning Paths
43

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.