This article was produced by Olswang LLP, which joined with CMS on 1 May 2017.
New ISO standards for cloud service providers
There is a seemingly unstoppable shift of data from old "on-premise" solutions to the cloud. There have been many calls to find an information security standard for cloud service providers. The International Organisation for Standardisation ("ISO") has announced the development of two cloud specific standards, ISO 27017 and ISO 27018. The two standards are due for official release in 2015. You can read more on these standards in the Olswang Datonomy Blog here.
New cloud security guidance
The Communications-Electronics Security Group ("CESG"), the information security arm of the GCHQ, has also recently published a Risk Management Guide as part of its Cloud Security Guidance. The Cloud Security Guidance is aimed at public sector organisations, but is equally useful for private enterprise. The guidance takes the form of a seven step approach for risk management when assessing and using cloud services. The seven steps are (1) know your business requirements; (2) understand your information or application; (3) understand which security principles your service implements; (5) understand what assurance is available in their implementation; (6) consider what additional mitigations consumers can apply; and (7) consider whether the remaining risks are acceptable.
Top security threats and how to avoid them - a new report from the UK ICO
In May, the ICO published a report which identified eight common IT security threats which have commonly arisen during the ICO's investigations into data breaches. These include failure to update software, inappropriate locations for data processing and failure to take appropriate steps when decommissioning software or services. Read the full article here.
