One of the most robust certifications a cloud service provider can attain is ISO 27001 certification. Attaining ISO certification is is a reflection of the company’s commitment to security across multiple functions, and a reflection of tremendous time and resource investment by these cloud providers. Specifically, the security standard audits and certifies across 11 domains
- Security policy – management direction
- Organization of information security – governance of information security
- Asset management – inventory and classification of information assets
- Human resources security – security aspects for employees joining, moving and leaving an organization
- Physical and environmental security – protection of the computer facilities
- Communications and operations management – management of technical security controls in systems and networks
- Access control – restriction of access rights to networks, systems, applications, functions and data
- Information systems acquisition, development and maintenance – building security into applications
- Information security incident management – anticipating and responding appropriately to information security breaches
- Business continuity management – protecting, maintaining and recovering business-critical processes and systems
- Compliance – ensuring conformance with information security policies, standards, laws and regulations
Only 4% of Cloud Providers ISO 27001 Certified
Given how extensive the certification process is, it’s not particularly surprising that only 4% of the 3,571 cloud service providers used by over 200 companies are ISO 27001 certified. More surprising is the fact that, in today’s market where security breaches result in PR nightmares and executive beheadings, enterprises use so many services that are not certified and put so much sensitive corporate data at risk.
As a cloud provider, in the security space no less, we believe that it’s incredibly important to validate the investments we’ve made in security. To that end, we are incredibly proud to announce that McAfee (formerly Skyhigh Networks) has attained ISO 27001 Certification, joining the ranks of esteemed cloud providers like Salesforce, Workday, Servicenow, Box, Jive, and Ping.
An Industry First
McAfee is the first Cloud Access Security Broker to attain ISO 27001 certification, building on McAfee’s commitment to open standards and controls (McAfee was also the first vendor to publish CSA controls in STAR registry as well)
The certification also reflects the maturity of controls and practices that McAfee has in place, which aligns with feedback we’ve received from customers like BMC Software, Cisco, Diebold, and DirecTV.
If you’d like to see which cloud services you’re company is using and which of those are ISO 27001 certified, sign up for a free McAfee Cloud Discovery and Risk Assessment.
About the Author
Categories: Cloud Security