As the use of cloud computing grows constantly, so does the need to ensure cloud security. Data breaches and other forms of attacks happen mainly as a result of poor security practices, complicated controls, and misconfigurations. This makes cloud security essential to the effective operation of cloud services.

Organizations adopting cloud technology must ensure that the level of security of their cloud systems meets their requirements and complies with the applicable laws and regulations.

Implementing the guidelines of ISO/IEC 27017 helps cloud service providers and customers to establish, implement, and maintain information security controls related to cloud services. ISO/IEC 27017 provides additional guidance in selecting information security controls applicable to cloud services based on risk assessment and other cloud-specific information security requirements. In addition, cloud service providers that process personally identifiable information (PII) in the cloud can implement the guidelines of ISO/IEC 27018 to meet the requirements of applicable regulations and legislation related to the protection of PII.