Outages, interruptions, breaches and disaster are still a fact of life, even for the cloud. Question is how are you prepared to handle it? From legal and regulatory requirements to intellectual property rights and protection of records, these all have specific customer requirements within ISO/IEC 27017.
From a legal perspective, it is critical that you can show due diligence and that you have applied a standard of care. This is especially important when called upon to provide digital evidence or other information from within the cloud computing environment. Working to and complying with ISO/IEC 27017 as a best practice framework will help you feel prepared should you encounter any forensic investigations or challenges around the privacy of information.
Offering or adopting the cloud can still cause misunderstandings and apprehension. Any organization entrusting sensitive customer data to a third party has come to know there are grey areas where rights and responsibilities have not been clearly defined. There’s a lot that’s been taken on trust and that’s not necessarily the best long-term approach for success – especially when ISO/IEC 27017 now makes responsibilities crystal clear.