We have a suite of services to help clients manage cloud security. Each offering relates to specific controls that support with managing specific cloud risks. Here we clarify what the different assessment schemes offer to support our positioning.
IEC 27017
ISO/IEC 27017 is an international code of practice for cloud security controls. It outlines cloud specific controls to manage security, building on the generic controls described in ISO/IEC 27002. It’s applicable to both Cloud Service Providers (CSPs) and organizations procuring cloud services. It supports with outlining roles and responsibilities for both parties, ensuring all cloud security concerns are addressed and clearly owned.
CSA STAR Certification
CSA STAR certification is based on a different control set that was created by and is owned by the Cloud Security Alliance (CSA), a global industry body pioneering research and development in Cloud Security. The controls for CSA STAR certification are mapped to a number of other standards making it a useful tool for organizations wishing to review their compliance against a wide range of standards and industry best practices (including ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018).
This standard is regularly reviewed by an expert panel in the CSA to ensure in is up-to-date with industry best practice. It also contains a management capability (maturity model) to help organizations continually drive improvement and aim to enhance their cloud security.
ISO 27017 adds to the ISO/IEC 27002 cloud computing framework by providing more information, security measures, and implementation recommendations. This framework contains implementation recommendations for 37 ISO/IEC 27001 controls as well as seven additional needs.
ISO 27017 highlights the importance of physical security measures for cloud data centers. It covers aspects such as access controls, surveillance, and disaster recovery planning to safeguard the physical infrastructure supporting cloud services.
The standard provides insights into legal and regulatory factors that may impact cloud security. It helps organizations navigate complex legal landscapes and understand how data protection laws and other regulations apply to their cloud deployments.
ISO 27017 is designed to complement ISO 27001, which forms the foundation of an information security management system (ISMS). By integrating ISO 27017 controls with ISO 27001 practices, organizations can establish a comprehensive approach to managing information security in cloud environments.
ISO 27017 is globally recognized and accepted as a reference for cloud security best practices. It provides a standardized framework that organizations, cloud service providers, and auditors can use to assess and enhance the security of cloud services.
We provide a wide range of services and understand how difficult it is to get the correct help. We want to assist you and give you with the service that is best for you by sourcing our commonly asked questions.
Safeguard your valuable data at Rest, Transit, and in Motion.
Engage with Trojan Hunt India LLP so we can understand your needs and provide the right solution to help you stay protected and fulfill your security goals.
Our R&D department works 24×7 to come up with innovative solutions to address the ever-growing advance persistent threats.
Corporate Office:
C-96, 1st Floor, Greater Kailash Part-1, New Delhi 110048, India
