Cloud computing has gained acceptance as the way that business provides technology to both consumers and employees, despite the concern many have regarding the security of their data when housed in the cloud.
Current standards combine a collection of rules as large and diverse as the industry itself, causing confusion among providers and consumers. But a shift has been occurring as more industry standardization efforts are closing the gap despite legislative gaps, removing one of the largest barriers to the adoption of cloud solutions in highly regulated industries such as financial and healthcare.
Some industries with strict regulations for other facets of their business have taken the lead in developing standardizations that can be instituted across industries and technologies to reduce the confusion surrounding how a regulated industry can adopt cloud solutions and still remain compliant.
ISO 27018: 2019 Seeks to Standardize Cloud Requirements
The financial sector took the lead on developing some of the guidance, especially for the UK and EU. ISO 27018:2019 seeks to introduce an auditable compliance framework for cloud service providers that builds trust and promotes the rapid adoption of cloud solutions among highly regulated industries.
Datacenter Dynamics describes the standardization as, “the first privacy-specific international standard for the cloud, and seeks to create a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a data processor. Its aim is to help public cloud service providers comply with their applicable obligations when acting as a data processor and be transparent to their cloud service customers.”
The standard also addresses procedural standards in relation to the handling of the data, by requiring cloud providers to develop policies for the return, transfer, and disposal of personal data when the service comes to an end and that providers submit themselves to regular independent security reviews at set intervals.
Your Choice Matters
When looking for a cloud service provider to manage your specific industries compliance needs, you need to make sure they meet all of your legal obligations. This is where standardizations like ISO 27018 come into play. It provides a great starting point to creating confidence in the cloud industry where compliance is a significant challenge to moving data to the cloud and paving the way to creating clarity on regulations and legislation.