Cloud Computing Security Standards: ISO 27018 One Year In

One of the major concerns that businesses and individual alike have with cloud storage and computing is security. Will my files be safe? Where will they be stored? These are all legitimate questions, and though we hear of many security failures and hacks in the news, cloud computing is an ever evolving technology that proves to have greater benefits than the potential risks. One way the industry is meeting these increasing security demands is to implement standards and protocols that cloud computing services can adhere by to ensure security and overall user piece of mind.

A New Cloud Privacy Standard

The International Standards Organization (ISO) and the International Electro technical Commission (IEC) issued ISO 27018, last summer. The ISO 27018 is the first privacy-specific international standard for cloud computing services. This new standard manages personally identifiable information (“PII”) kept in a public cloud setting. The ISO 27018 also defines the security and privacy standards data controller and data processors. Compared to the pre-existing information internet security standards that it precedes, ISO 27018 is expressly customized to cloud computing services.

What Is The New Standard?

The ISO 27018 describes ideal practices for public cloud computing and cloud storage. It establishes security principles to safeguard personal information, and delivers a privacy compliance framework that deals with the important responsibilities of a data processor under EU data protection laws.

Virtually any organization that processes PII via a cloud computing service under a legal arrangement may be certified under ISO 27018 – which means all varieties of organizations, such as public and private companies, government organizations and charitable organizations, qualify.

User and Supplier Benefits

The ISO 27018 has key benefits useful for businesses. This new standard could be applied as a separate measure while evaluating or comparing public cloud service provider’s privacy controls. Regulators can utilize the ISO 27018 like a checklist while measuring privacy protection across different industry sectors or borders. Especially when it comes to things such as cloud computing, cloud storage, internet security

ISO 27018 furthermore gives cloud computing service providers a way to stand out from their competitors. Now, one year later, it’s normal for customer’s opting for cloud computing services or cloud storage services to comprise ISO 27018 certification as required in a supplier’s responses.


In the cloud computing industry, wherein security and compliance are highly important to users, ISO 27018 can potentially grow to be a pertinent privacy differentiator. Even though the International Standards Organization lacks the authority to enforce the execution of the ISO 27018 for users is because it enables them to independently assess the capability of a cloud service provider. Additionally it offers one standard list of privacy settings that are combined with security framework many companies already are utilizing.

Contact Us today for more information on how our cloud and IT services can meet your needs.