ISO/IEC 27017:2015

ISO/IEC 27017:2015 chalks out guidelines for controls specific to information security that would be taken into account during the provisioning and deployment of cloud services. This guideline is relevant for both cloud service providers and the service consumers.
The guidance is provided in 2-types:

  1. When there is separate guidance for cloud service providers and the service consumers
  2. When there is same guidance for cloud service providers and the service consumers

 

Why is ISO/IEC 27017: 2015 required?

This provides supplementary recommendations for control lists specified in ISO/IEC 27002 which addresses information security threats and risk considerations. The controls are specific to cloud services unlike ISO/IEC 27002 that are intended to mitigate the risks that accompany the technical and operational features of cloud services.

This control list comprises of 14 operational controls right from Management direction for information security to Information security aspects of business continuity management and Compliance.
The additional list of controls include:

DescriptionControls
Relationship between cloud service customer and cloud service providerShared roles and responsibilities within a cloud computing environment
Responsibility for assetsRemoval of cloud service customer assets
Access control of cloud service customer data in shared virtual environmentSegregation in virtual computing environments
Virtual machine hardening
Operational procedures and responsibilitiesAdministrator’s operational security
Logging and monitoringMonitoring of Cloud Services
Network security managementAlignment of security management for virtual and physical networks

 

Is Tata Communications ISO/IEC 27017:2015 certified?

Tata Communications has achieved ISO/IEC 27017: 2015 certification of Information Security Management System (ISMS) for the delivery of managed cloud services – IZO Private Cloud and IZO Cloud Storage by GSMC.

 

ISO/IEC 27017: 2015 in-scope services:

IZO Private Cloud & IZO Cloud StorageIn-Scope services
ComputeCloud services, Virtual Services, Auto Scaling
NetworkVPN Gateway, Load balancer, switches, router, WAF, Firewall, NFV
Storage/ BackupBlock, File and ICS (Object) backup
Scheduled data backup and data restoration
DatabaseManaged Oracle, MS-SQL, DB2 or MySQL database administration
MiddlewareManaged Middleware service is offered on applications including JBOSS; TOMCAT; Apache
Application maintenance
HypervisorVMware, Hyper-V and KVM
Load balancerStatic, Dynamic, Persistence : NFV-Virtual Appliance, Physical Appliance
SecuritySIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth

 

Review all of our global compliance programs


Contact us

Contact us to learn how we can help you unleash collaboration, creativity, and commercial innovation.