In November 2015, AWS announced it was the first cloud provider to achieve ISO 27017 certification, an internationally-recognized protocol that outlines security standards for the dynamic, fast-growing cloud computing industry.
But what does this new credential mean for AWS customers?
Good News for Customers
Seeking ISO certification reinforces AWS’ commitment to forward-thinking cloud-computing security. It provides added transparency and independent assurance AWS will follow this advanced, world-class code of practice.
AWS customers will be able to use innovative security features including Amazon Inspector, AWS Web Application Firewall (WAF), and AWS Config Rules. These improve a user’s ability to manage security, enhance control, and achieve more comprehensive and transparent compliance. Customers can rely on AWS’ credentials when creating their secure, compliant cloud computing capabilities.
Why is ISO 27017 important?
ISO 27017 is the newest code of practice released by the International Organization of Standardization. It is the first ISO to establish guidelines specific to cloud computing, building on ISO 27002 by providing additional controls for virtual environments. The International Organization of Standardization developed ISO 27017 in response to the European Commission’s appeal for more substantive security regulations to ease customer concerns in Europe and promote the quick adoption of cloud computing across economic sectors.
All AWS Regions and AWS Edge Locations are within the scope of the AWS ISO 27017 assessment. The ISO’s third-party assessor is EY CertifyPoint, a global, independent institute responsible for granting and maintaining ISO certifications.
New Controls to Enhance Cloud Security in ISO 27017
The advanced controls suggested in ISO 27017, which are compatible with those outlined in earlier certifications (ISO 27001 and ISO 27002), provide guidance on:
- Outlining shared roles and responsibilities within a cloud computing environment
- Clarifying regulations regarding the segregation of information in virtual computing settings
- Defining the administrator’s duties in maintaining operational security
- Charting guidelines for monitoring cloud services
- Aligning the security management of virtual networks with protocols for physical networks
- News Release: iTMethods Recognized as a Member of AWS Service Delivery Program for Aurora and Database Migration Service - November 29, 2016
- iTMethods Recognized as an Inaugural Member of Amazon Web Services’ (AWS’) Public Sector Partner Program - November 29, 2016
- Join iTMethods at AWS re:Invent 2016 in Las Vegas! - November 24, 2016
- Case Study: The University of Alberta - November 17, 2016
- iTMethods Attends the AWS Enterprise Summit in Toronto - October 25, 2016
- Case Study: UGroupMedia Inc Leverages the AWS Cloud to Handle Explosive Demand - September 6, 2016
- Case Study: Topline Ventures Leverages the Cloud for Global Expansion - August 10, 2016
- Case Study: Limelight Realizes Rapid Growth on the AWS Cloud - July 8, 2016
- iTMethods Achieves AWS Managed Service Provider (MSP) Partner Status - March 29, 2016
- Introducing AWS Database Migration Service - March 24, 2016