Managing information in the cloud: Best practice frameworks

It’s predicted that more than $1 trillion in IT spending will be directly or indirectly affected by the shift to cloud during the next five years. This is no surprise as the cloud is one of the main digital technologies developing in today’s fast-moving world. It’s encouraging that CEOs recognize that it’s crucial for them to champion the use of digital technologies to keep up with today’s evolving business environment.

There are however still concerns overusing cloud services and the best approach for adoption. That’s where BSI can help. We recognize that responding to emerging technologies can be difficult, especially with an ever-growing variety of products and services. As a business improvement partner, we work with clients to understand key drivers and help develop the best practice standards that build greater resilience.

What Influences Organizations to Store Information on the Cloud?

Business strategy and objectives should help organizations decide the best approach to cloud computing. This may involve using public cloud services, a private cloud, or a hybrid cloud solution. It will often be influenced by your resources and priorities.

Security concerns still top the list as a barrier to cloud adoption, particularly with public cloud provisions. 91% of organizations are very or moderately concerned about public cloud security. This isn’t just within IT departments, 61% of IT professionals believe cloud data security is an executive concern.

This is critical considering the variety of cloud services that support the wider business operations, such as Customer Relationship Management (CRM) systems, HR self-service portals, and business complaint systems to name a few. Getting executive buy-in can help align cloud service offerings and improve delivery. Plus, it can support instilling a best practice approach to security throughout the business, ensuring all employees are trained on how to recognize information security threats and the action they need to take to support the business.

To read more on the topic of cybersecurity, click here.

Despite these challenges, many organizations are influenced by the benefits of managing information on the cloud. These benefits include:

  • Agility: you can respond more quickly and adapt to business changes
  • Scalable: cloud platforms are less restrictive on storage, size, number of users
  • Cost savings: no physical infrastructure costs or charges for extra storage, exceeding quotas etc
  • Enhanced security: standards and certification can show robust security controls are in place
  • Adaptability: you can easily adjust cloud services to make sure they best suit your business needs
  • Continuity: organizations are using cloud services as a backup internal solution

Standards to help you Manage Information on the Cloud

We have a range of standards that focus on putting appropriate frameworks and controls in place to manage cloud security.

BS ISO/IEC 27001 Information security, cybersecurity and privacy protection. Information security management systems. RequirementsIt is the foundation of all our cloud security solutions. It describes the requirements for a best practice system to manage information security including understanding the context of an organization, the responsibilities of top management, resource requirements, how to approach risk, and how to monitor and improve the system.

It also provides a generic set of controls required to manage information and ensures you assess your information risks and control them appropriately. It’s relevant to all types of organizations regardless of whether they are involved with cloud services or not, to help with managing information security against recognized best practices.

BS EN ISO/IEC 27017 is an international code of practice for cloud security controls. It outlines cloud-specific controls to manage security, building on the generic controls described in BS EN ISO/IEC 27002. It’s applicable to both Cloud Service Providers (CSPs) and organizations procuring cloud services.

It provides support by outlining roles and responsibilities for both parties, ensuring all cloud security concerns are addressed and clearly owned. Having BS EN ISO/IEC 27017 controls in place is especially important when you procure cloud services that form part of a service you sell to clients.

BS EN ISO/IEC 27018 is an international code of practice for Personally Identifiable Information (PII) on public clouds. It builds on the general controls described in BS EN ISO/IEC 27002 and is appropriate for any organization that processes PII. This is particularly important considering the changing privacy landscape and focus on protecting sensitive personal data.

All businesses need to continually evolve their cybersecurity management in order to effectively manage the cyber risks associated with cloud use. With a BSI Knowledge subscription, you will have the flexibility and visibility to manage the key standards you need in order to improve your cloud security processes with confidence. Build your own custom collection of standards, or opt for access to one of our pre-built modules, such as GBM24 Information Technology – Software & Networking, and keep up-to-date with any relevant changes to your information management strategy. Request to learn more.

Ensure that your organization is efficiently managing data on the cloud by adopting these standards today.