There has been a steady growth of organizations achieving ISO 27001 certification, where over 7,300 organizations worldwide have already been certified compliant with ISO 27001 or equivalent national variants. The graph from Ted Humphrey’s site ISO27001certificates.com shows a clear trend that the need for managing information security is greater than ever before.
While cloud computing is amongst the most hyped technologies ever in recent years, organizations are careful on how they perceive and consume such technology. Organizations are looking into the benefits offered by the on-demand provisioning of computing resources and the ability to align information technology with business strategies. However, clients are also concerned about the security risks of cloud computing and the loss of direct control over the security of systems for which they are accountable. For instance, in the article, Cloud computing: Now & beyond 2013, Pravin Lal, Director, Sapient Global Markets explains, “To be in heavily regulated sectors, such as the financial services sector, the deployment of a cloud computing solution is likely to come under a greater degree of scrutiny than in other sectors. Addressing data security concerns through certifications, neutral third party security and privacy audits and tighter contracts will lead to a higher level of cloud adoption.” This may inevitably increase the importance of how IT vendors, especially payroll outsourcing vendors that handle sensitive data, on data security management. IT vendors will need to be better equipped to deal with change and rapid evolution of the threat environment. They have the obligations to protect and manage their client’s data to increase clients’ confidence.
In the same article, Rajesh Janey, President, EMC, made an interesting comment, “I feel the movement to the cloud is not defined by the size of an organization, instead it is defined as an organizations ability to adopt an IT as a service model or continuing to remain in an owned model.” Depending on how risk adverse the organization is, IT vendors are adopting different models to meet the demands of large enterprises and SMEs who can choose between software as a service model or to remain in an owned model. As increasing budgets for security solutions and support are becoming less tolerable by enterprises, and small businesses do not have the capital to deal with the problem, software as a service model is an attractive solution to reduce cost of ownership, such as expenses for hardware, software and maintenance. However, for enterprises to move towards cloud, SaaS vendors will need to increase transparency about their security policies.
In summary, as cloud technologies mature and security become a requirement for doing business, it is likely that ISO 27001 will gather real momentum in another year or two. For more information the benefits of ISO 27001 certification, you may read the article on Four key benefits of ISO 27001 implementation.