How Cloud Service Providers Can Prove Their Data Security Claims

Cloud service providers (CSPs) often claim that their customers' personal data is secure in their clouds. You can now check to see whether that is the case, thanks to a global standard published in 2014. People often refer to the standard as ISO 27018 but its official title is "ISO/IEC 27018:2014 — Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors."

Standard Ensures Privacy and Data Protection

Cloud Service Providers can use ISO 27018 to prove they are handling personal data in a manner that not only safeguards customers' data but also protects customers' privacy. For example, when cloud service providers follow this standard, they are guaranteeing that they will:

• Give customers control over their personal data
• Not use customers' personal data for marketing or advertising purposes
• Not let third parties access customers' personal data, unless a customer allows it
• Let customers know about any unauthorised access to their data as soon as possible
• Let customers know when subcontractors will handle their data

ISO 27018 has many other guidelines about how cloud service providers should protect customers' privacy and data. They include the need for restrictions that limit or ban transmitting customers' personal data over public networks and storing it on transportable media. cloud service providers even need to have proper data backup and recovery procedures in place to achieve ISO 27018 certification. To become ISO 27018 certified, cloud service providers must go through an assessment process. During this process, independent third parties verify that the cloud service providers are properly handling their customers' personal data. Once a cloud service provider achieves certification, it must undergo annual audits to maintain that certification. In 2015, Microsoft and Dropbox for Business were the first two major providers to achieve ISO 27018 certification. Other big-name companies are expected to follow their lead.

A Mark of Trust

When a cloud service provider is ISO 27018 certified, you have some assurance that it is protecting its customers' privacy and data. If your business is looking to store data in a public cloud, make sure you talk to potential cloud service providers about their efforts to adhere to the ISO 27018 standard.

Trust the best to take care of you

Multi IT & Telephony Solutions are cloud solution specialists. Our expert IT team know the intricate details of cloud solutions and which cloud solutions will be beneficial to your business. By understanding you and your business needs we can increase your productivity while reducing your costs. Contact Multi IT now to discuss a cloud solution that is right for you and your business.