The open nature of the cloud presents greater risks to data stored in
the cloud. Cloud-specific specialized measures as well as a cloud-centric
security mindset must be adopted to augment the traditional information
security doctrine.
The open nature of the cloud environment – providing broad network access,
rapid elasticity, self-provisioning functionality and resource pooling –
presents greater threats and risks to information
stored in the cloud that exceeds the scope of traditional information security
doctrine, requiring cloud-specific specialized measures as well as a
cloud-centric security mindset.
Addressing the specific needs of cloud security, ISO/IEC 27017 builds upon
ISO/IEC 27001 – providing additional controls and implementation guidance on
architecture, technology and processes to ensure information security is well
protected in the cloud. Taking into account that many cloud service providers
are often customers of other cloud services, ISO/IEC 27017 also specifies
implementation guidelines for both cloud service customers and cloud service
providers, emphasizing each entity’s role in cloud security and protecting end
users’ information.
Our certification demonstrates Ribose’s unwavering commitment to cloud
security, and we are proud to be the world’s first cloud service provider to
simultaneously cover all major cloud security certifications: CSA STAR
Certification, STAR Attestation and C-STAR Assessment together with ISO/IEC
27017.