Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

Why cloud software providers are embracing ISO27001

 

You can’t help but notice that the trend towards the cloud has now become a stampede, and choosing a cloud-based solution is rapidly becoming the default position of many organizations. This is even more true at the smaller end of the company size spectrum, where a new start-up can now gain access to the kind of computing power and functionality that previously was a major differentiator for the big boys.

But placing your data in the cloud carries obvious risks and prompts questions such as “where is my data?”, “how safe is it?” and “can I trust the cloud provider to look after it?”. These concerns are understandable and up to now have acted as a brake on the widespread adoption of cloud solutions. Customers want reassurance and they are becoming increasingly aware of what to look for when seeking that reassurance. The days when a few well-chosen words on the cloud provider’s website would satisfy these concerns are coming to an end; customers want proof of the provider’s commitment to security, and the best (and, in many cases, the only) proof they will accept is an ISO/IEC 27001 certificate.

The increasing demand for proof

In a recent conversation with a hosting provider in the UK who is trying to expand by hiring more sales staff, they explained that many of the interviewees became less interested in the job once they realized that the company wasn’t certified. The general feeling was that the lack of certification would hamper the sales process so much that the job would be an uphill struggle and presumably therefore not be as lucrative as it otherwise would. Based on their recruitment experience this company is now on the verge of achieving certification to ISO27001 and sees it as essential to competing in their marketplace.

And it’s not just customers that are showing an interest in the ISO27001 standard; we are increasingly hearing of various regulatory bodies who are now mandating certification to all, or at least major parts, of it too. Certainly the gambling commissions of many countries now require a long list of ISO27001 controls to be in place and the trend could well be towards full certification before too long. Similarly, the national bodies that oversee internet domain registrations are also going heavily down this route. We would expect more of this to happen as these regulatory bodies try to ensure they fulfil their brief to oversee their industry to the best of their ability.

ISO27001 is now an essential part of business strategy

Given these pressures to adopt the standard and certify to it, many cloud providers are now coming to the conclusion that it is an essential part of their business strategy. They are also realizing that it saves a lot of time in responding to the security sections of invitations to tender if they can simply state that they are ISO27001 certified. Add to that the fact that they are very visible and obvious targets for criminal gangs, hacktivists and even state-sponsored groups and the argument for putting in place a recognized way of managing their information security risks becomes even stronger.

The international appeal of a cloud-based solution means that most vendors have customers spread throughout the world and the fact that ISO27001 is an international standard, created by representatives from almost all countries and recognized as best practice worldwide, means that it is the clear choice.

Adoption is becoming widespread

ISO27001 adoption is increasing and, according to the ISO survey 2014 (the latest available at the moment) there are now nearly 24,000 certified organizations worldwide, with Japan and the UK leading the way. If we compare this with the number of organizations certified to the more general ISO9001 quality standard, which now stands at over one million, there is probably plenty of appetite remaining for greater adoption of ISO27001, particularly given the fact that the ISO has recently harmonized these standards together to make them easier to adopt as a pair.

So if you’re in the cloud business, ISO27001 is worth starting to read up about and consider adding it to your management and business agenda very soon, because it’s likely that the competition certainly is already.

Over 3000 businesses have purchased our toolkits

Testimonials

Compared to competing toolkits, your ISO27001 document structure was very good. The provided "Introduction" of each was useful (I have moved those out of the core documents and into a more comprehensive manual) for the general audience vs security staff. The inclusion of references to 27017 and 27018 were appreciated. You provided more "ISMS-C" oriented artefacts than competitors.

Trusted By Design Inc.
Canada

View all Testimonials