How Cloud Service Providers Can Prove Their Data Security Claims

Cloud service providers (CSPs) often claim that their customers' personal data is secure in their clouds. You can now check to see whether that is the case, thanks to a global standard published in 2014. People often refer to the standard as ISO 27018but its official title is "ISO/IEC 27018:2014 — Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors."

Standard Ensures Privacy and Data Protection

CSPs can use ISO 27018 to prove they are handling personal data in a manner that not only safeguards customers' data but also protects customers' privacy. For example, when CSPs follow this standard, they are guaranteeing that they will:

  • Give customers control over their personal data
  • Not use customers' personal data for marketing or advertising purposes
  • Not let third parties access customers' personal data, unless a customer allows it
  • Let customers know about any unauthorised access to their data as soon as possible
  • Let customers know when subcontractors will handle their data

ISO 27018 has many other guidelines about how CSPs should protect customers' privacy and data. They include the need for restrictions that limit or ban transmitting customers' personal data over public networks and storing it on transportable media. CSPs even need to have proper data backup and recovery procedures in place to achieve ISO 27018 certification.

To become ISO 27018 certified, CSPs must go through an assessment process. During this process, independent third parties verify that the CSPs are properly handling their customers' personal data. Once a CSP achieves certification, it must undergo annual audits to maintain that certification.

In 2015, Microsoft and Dropbox for Business were the first two major providers to achieve ISO 27018 certification. Other big-name companies are expected to follow their lead.

A Mark of Trust

When a CSP is ISO 27018 certified, you have some assurance that it is protecting its customers' privacy and data. If your business is looking to store data in a public cloud, make sure you talk to potential CSPs about their efforts to adhere to the ISO 27018 standard.

About the Author

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support, which are: Poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Call us today at 1300 478 738, visit or email to find out more about how we go about achieving these outcomes.