CLOUD SECURITY STANDARDS: wHAT TO EXPECT AND WHAT TO NEGOTIATE Version 2.0
As customers transition their applications and data to use cloud computing, it is critically important that the level of security provided in the cloud environment is equal to or better than the security provided by their traditional IT environment. Cloud security standards and their support by prospective cloud service providers and within the enterprise should be a critical area of focus for cloud service customers.
Cloud Security Standards: What to Expect and What to Negotiate Version 2.0 will help customers understand and distinguish between the different types of security standards that exist and will help them assess the security standards support of their cloud service providers.
Version 1.0 of this white paper was published in 2013. In the interval, the cloud security standards landscape has changed significantly with the completion of cloud specific security standards, like ISO/IEC 27017 and ISO/IEC 27018, that are being adopted. The paper has been updated to highlight the status of these standards and associated certifications.
Also read the CSCC's Security for Cloud Computing: 10 Steps to Ensure Success which prescribes a series of steps to evaluate and manage the security of a cloud environment.