Cloud security standards and compliance
Multiple security standards have been developed to protect customer assets when using cloud services. These standards can be broadly classified as advisory, security frameworks, and technical specifications. Customers need to evaluate to what extent the cloud service providers are in compliance with these standards. A list of the security standards is provided here:
- ISO/IEC 27001, a high-level management systems standard series and its associated cloud service specific standards ISO/IEC 27017 (for security) and ISO/IEC 27018 (for protection of personal data)
- Standards addressing specific aspects of cloud computing: ISO/IEC 27033 for network security, ISO/IEC 27034 for application security, ISO/IEC 19086 for cloud service SLAs
- Technology-specific security standards such as OASIS KMIP (key management), FIPS 140-2 (approved cryptographic modules), and OASIS SAML 2.0 (security assertions, used in IAM implementations)
- ISO/IEC 20889 standardizes de-identification...
