Skyhigh Networks1, a Cloud Access Security Broker (CASB), has announced its certification to the ISO 27018 standard by BSI Group.
ISO 27018 is a standard that outlines guidelines for protecting Personally Identifiable Information (PII) stored in the cloud. Since the publication of ISO 27018 in 2014, only a handful of cloud service providers have achieved certification such as Microsoft, Amazon and Box. As Skyhigh says, customers can have greater confidence over how their data is managed in the cloud. Jeff Haskill, chief information security officer for AstraZeneca, said: Personal privacy of our employees, collaborators and patients is our primary concern. We believe that the ISO 27018 standard is an important differentiator when comparing differing cloud service providers, so its great news that Skyhigh is certified. And Carla Arend, Research Director Cloud Practice at IDC, said: ISO 27018 is an important standard giving enterprises confidence that cloud providers are a safe place for personal information. According to IDC s cloud research, security and compliance concerns remain top of mind for European organisations looking to use cloud services and IDC suggests that every organisation should be looking carefully at the security and privacy standards that their suppliers conform to.
ISO 27018 covers:
Control: Customers control how their data is used by the cloud provider
Transparency: Disclosure of policies relating to third party access, data residency and the return, transfer, and deletion of PII
Investigation: The prompt and thorough examination of any breach that may have led to the loss of sensitive customer information
Communication: Notification of all security incidents and law enforcement requests
Compliance: Yearly third party audits of the on-going conformance to standard guidelines. Balaji Thiagarajan, senior vice-president of Engineering and Operations at Skyhigh said: We have a history of adopting global standards that matter to enterprises in every vertical and the ISO 27018 certification is just the latest example of us placing customer needs first. As the market leading CASB, Skyhigh enables organisations to embrace cloud services with unparalleled visibility, compliance, data security, and threat protection.
Skyhigh has also been certified for ISO 27001, FIPS 140-2 and TRUSTe.
References
- ^ Skyhigh Networks (www.skyhighnetworks.com)