What is Cloud Security Certification?
What is Cloud Security Certification?
The international standard ISO/IEC 27017 specifies controls for cloud services.
In addition to the ISMS (ISO/JIS Q 27001) Certification, the international standard ISO/IEC 27017 has been established specifically for cloud services. Based on this standard, Cloud Security Certification has been introduced by the Information Management System Certification Center (ISMS-AC). The objective is to ensure that cloud services can be used with confidence.
Background of Cloud Security Certification
Cloud services have become widely recognized and utilized not only by businesses but also by individuals, leading to their rapid adoption.
Consequently, issues such as data breaches and system failures have become increasingly apparent. Beyond mere convenience, there is a growing demand for enhanced security in cloud services.
Overview of Cloud Security Certifications
•International Standard: ISO/IEC 27017 provides controls specific to cloud services.
•Certification Scope: It requires existing ISMS (ISO/IEC 27001) Certification and certifies organizations that meet the security standards for cloud services.
•This is commonly referred to as "Add-on Certification.
•Target Audience for Cloud Security Certification:
•Cloud Service Providers (CSPs): Organizations that provide cloud services.
•Cloud Service Customers (CSCs): Organizations that utilize cloud services.
Benefits of Cloud Security Certification
For Cloud Service Providers (CSPs):
✓ Adds security-related added value to cloud services.
✓ Enhances reliability of the cloud service for users/customers.
For Cloud Service Customers (CSCs):
✓ Improves the level of information security, allowing for more efficient incident response measures.