Standards for securing cloud-based services

British Standards contain the combined knowledge of experienced UK subject experts often working together with their international colleagues in an open, consensus-based process.

You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:

Standard number/name Description/Benefits Published by
BS ISO/IEC 27002 Code of practice for information security controls

Cloud computing involves a special type of supplier relationship. BS ISO/IEC 27002 deals with supplier relationships in general

BIP 0117. Cloud computing: A practical introduction to the legal issues A book on legal issues in cloud computing is available from BSI Publications that covers information security issues in detail BSI
BIP 0116. Managing security in outsourced and offshored environments. How to safeguard intellectual assets in a virtual business world Addresses cyber security issues when outsourcing including cloud services BSI
NIST SP 800-146, Cloud Computing Synopsis and Recommendations A general introduction to cloud computing US National Institute of Standards and Technology
NIST SP 800-144, Guidelines on Security and Privacy in Public Cloud Computing Concentrates on information security aspects US National Institute of Standards and Technology
Matrix of potential cloud security controls The Cloud Security Alliance has published a comprehensive matrix of potential cloud security controls. This spreadsheet is designed to guide cloud vendors in their provision of cyber security measures and assist prospective cloud customers in assessing the overall security risk in using particular cloud providers. The Cloud Security Alliance