Guest user Created: Nov 08, 2017 Last commented: Nov 08, 2017

Cloud environment and information security scope/boundaries

I am currently implementing ISO for an organisation that will be predominantly cloud based but still hold its core traditional in house values. My question is, what thought must be given to the impact of cloud computing on the organisations scope/boundaries, and how to you define a clear scope/boundary when the organisation makes use of cloud service providers.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 08, 2017

Additionally, where does the responsibility and accountability fall in this type of model.

Answer: The main concern regarding information security in cloud environments when it is provided by cloud service providers is the level of access the providers will have to the organization's information and systems, because this will have a direct impact in the controls that will have to be implemented to each party, and in the contractual clauses that will have to be included in the service agreement with the providers.

For example, a IaaS provider will not have access to the organization's systems, only to the physical infrastructure. On the other hand, a SaaS provider will have access to systems and data. So these two scenarios will require completely different security requirements to be fulfilled.

This article will provide you further explanation about scope considering cloud environments:
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 08, 2017

Expert Advice Community