When teaching the Learning Tree Cloud Computing course, one of the biggest perceived barriers to cloud adoption I hear from attendees is security. As we discuss this, and in exercises and case studies discuss planning a migration to the cloud, we highlight that governance and standards are required for the cloud.
One of the standards we discuss is ISO/IEC 27001. This standard, whilst not cloud specific, is important for cloud providers as it ensures certain levels of management and control are in place. Any organisation achieving this certification has to satisfy a three stage audit process, undertaken by independent auditors and regularly checked thereafter.
By achieving ISO/IEC 27001 certification, a cloud provider would give potential customers a measurable indication that security and risk management of data is in place. This may not only provide cloud vendors with a competitive advantage, but also be a key factor in persuading management to move to the cloud or not.
In November, Amazon achieved ISO/IEC 27001 for its Amazon Web Services (AWS). This is significant as it provides a recognised measure related to the level of security and risk management in place for those choosing to use this service. If, combined to this adopters consider that Amazon also has successfully completed a SAS 70 type II audit then it is clear that governance is now being applied to the cloud.
Amazon have set the bar in the range of Cloud Computing services offered, and are now doing the same in governance. Its is only a matter of time before the other major vendors follow. If you would like to know more about Cloud Computing and how it may benefit your organisation why not consider attending the Learning Tree Cloud Computing Course.