What is ISO 27001, and Why Does it Matter?

JPEG image-8F3E09CED782-1Many businesses fear security breaches and the consequences of hacks. And it’s true to say that small businesses are never immune from this threat. Cloud adoption has long been stalled by security-conscious businesses that see the cloud as a potential threat to their information.

In 2009, 68 per cent of European CIOs surveyed said that security fears were preventing cloud adoption. In 2015, security was still thought to be the single biggest barrier that was stopping businesses migrating to the cloud.

But some of these fears are based on misconceptions. In the financial services industry, and a lot of problems can be solved using risk assessments. 71 per cent of businesses now use some kind of cloud technology; the key is to be smart in the way you plan your migration and choose your provider.

Why ISO 27001 matters

ISO 27001 is an information security standard. Its sets out the minimum requirements for an organisation’s Information Security Management System (ITSM) to make sure that the organisation has a formal commitment in place. ISO 27001 covers the operation, monitoring and maintenance of information security management, ensuring staff and policies are committed to safeguarding data.

Data centres that are awarded ISO 27001 accreditation have been externally and independently audited to ensure they comply with these stringent rules. The key thing to remember is that an ISO 27001 facility has assessed risk, and put measures in place to manage it. For example, there’s a risk in storing data in the cloud, but the organisation will have evaluated this and put measures in place to manage that risk.

When you look for a cloud provider, you should ascertain whether its data centre is ISO 27001 certified, and you should check out its security policy carefully. But there’s more to check before you sign up.

What about data centre location?

The great thing about the cloud is that it’s geographically diverse; data is stored in more than one location. For businesses, this poses a new question. If data is stored in different countries, which country’s laws will protect my assets?

A few years ago, there was a great deal of fuss about the Patriot Act, a US law that allows US authorities to comb through any data within its geographical boundaries. In truth, many governments have similar laws, and data cannot be completely ring fenced, but there’s still some confusion among businesses who aren’t sure where their data should be stored. The EU has its own set of problems, with security protocols being jumbled and difficult to understand.

The safest approach is to select a provider with a data centre in the UK. You must make sure that all of your data stays in the UK, and the business does not have any operations in the USA, to avoid the potential complication of US involvement. By selecting a provider with a UK data centre, and ISO 27001 accreditation, you can move to the cloud with confidence and keep your data completely secure.