ISO/IEC 27017:2015
ISO/IEC 27017:2015 chalks out guidelines for controls specific to information security that would be taken into account during the provisioning and deployment of cloud services. This guideline is relevant for both cloud service providers and the service consumers.
The guidance is provided in 2-types:
- When there is separate guidance for cloud service providers and the service consumers
- When there is same guidance for cloud service providers and the service consumers
Why is ISO/IEC 27017: 2015 required?
This provides supplementary recommendations for control lists specified in ISO/IEC 27002 which addresses information security threats and risk considerations. The controls are specific to cloud services unlike ISO/IEC 27002 that are intended to mitigate the risks that accompany the technical and operational features of cloud services.
This control list comprises of 14 operational controls right from Management direction for information security to Information security aspects of business continuity management and Compliance.
The additional list of controls include:
| Description | Controls |
| Relationship between cloud service customer and cloud service provider | Shared roles and responsibilities within a cloud computing environment |
| Responsibility for assets | Removal of cloud service customer assets |
| Access control of cloud service customer data in shared virtual environment | Segregation in virtual computing environments Virtual machine hardening |
| Operational procedures and responsibilities | Administrator’s operational security |
| Logging and monitoring | Monitoring of Cloud Services |
| Network security management | Alignment of security management for virtual and physical networks |
Is Tata Communications ISO/IEC 27017:2015 certified?
Tata Communications has achieved ISO/IEC 27017: 2015 certification of Information Security Management System (ISMS) for the delivery of managed cloud services – Tata Communications Vayu Cloud and Tata Communication Vayu Cloud Storage by GSMC.
ISO/IEC 27017: 2015 in-scope services:
| Tata Communications Vayu Cloud & Tata Communication Vayu Cloud Storage | In-Scope services |
| Compute | Cloud services, Virtual Services, Auto Scaling |
| Network | VPN Gateway, Load balancer, switches, router, WAF, Firewall, NFV |
| Storage/ Backup | Block, File and ICS (Object) backup Scheduled data backup and data restoration |
| Database | Managed Oracle, MS-SQL, DB2 or MySQL database administration |
| Middleware | Managed Middleware service is offered on applications including JBOSS; TOMCAT; Apache Application maintenance |
| Hypervisor | VMware, Hyper-V and KVM |
| Load balancer | Static, Dynamic, Persistence : NFV-Virtual Appliance, Physical Appliance |
| Security | SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth |
ABOUT ISO/IEC 27017:2015
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
Other certifications
We offer a wealth of experience and a wide portfolio of products designed to help your business grow. Discover more exciting opportunities and create a truly bespoke solution.
Disclaimer: IZO™ Cloud is now Tata Communications Vayu Cloud. TATA COMMUNICATIONS VAYU branded services are available in India only.
What’s next?
Experience our solutions
Engage with interactive demos, insightful surveys, and calculators to uncover how our solutions fit your needs.
Exclusively for You
Stay updated on our Cloud Fabric and other platforms and solutions.