Security in clouds

PREPARE FOR ISO 27017:2015 CLOUD SECURITY CERTIFICATION

1

  • Certify for ISO 27001 first
  • PID (Project Initiation Doc) Drivers, business Case
  • Project sponsor Project manager
  • Buy-in of all stakeholders

2

  • Define scope
  • Gap assessment
  • Recommendations
  • Road map to address gaps

3

  • 37 Cloud controls from ISO 27002

plus

  • Removal of CC* customer assets
  • Protection of virtualized set up
  • Virtual machine hardening
  • Admin ops & procedures in CC
  • Customer monitoring CC activity
  • Align physical & virtual mgmt

4

  • Internal audit
  • Management review
  • Corrective action plan, ATR
  • Certification audit stage 1
  • Certification audit stage 2
  • Address NCs
  • Achieve ISO 27017 certification
*Cloud Computing