You’re negotiating a contract for cloud services. To clinch the deal, the cloud provider’s rep leans across the table, fixes her gaze and tells you, “By the way, the service is certified ISO 27018 compliant.”
ISO 270-what? Should you sign, or step back? IT execs will be increasingly faced with just such a choice, thanks to the advent of the ISO 27018 standard for protecting personally identifiable information (PII) in the cloud, which was adopted by the International Standards Organization (ISO) in July 2014.
With data breaches, the loss of PII and identity theft continuing without letup, any measures to stem the tide are of great interest to the IT community. Even so, only Microsoft and Dropbox thus far have announced ISO 27018-compliant cloud services. Microsoft certified its Azure cloud service, Dynamics CRM and ERP cloud-based applications and Office 365 cloud-based business productivity applications in February 2015. Dropbox announced in April 2015 that Dropbox for Business had been certified. Considering the universe of cloud providers and their services, it’s a small beginning, but most observers believe it’s just a matter of time until most if not all cloud providers announce compliance with the standard.