Update on Cloud Standards & How to Use Them to Benefit Your Organization

By |2024-01-20T21:04:42+00:00August 28th, 2023|0 Comments

Still growing in deployment worldwide, cloud technology is a popular way to augment IT operations or to even replace traditional IT infrastructures with cloud-based solutions.

Traditional reasons for moving to a cloud environment include saving money from managing on-premises systems, savings on reduced floor space due to systems migrating to clouds, saving on staff by leveraging cloud vendor expertise, and flexibility and adaptability of cloud environments to changing user requirements.

When considering a cloud solution or even when examining options for expanding or reducing cloud investments, knowledge of standards, frameworks and practices addressing cloud technology can be very helpful. From an audit perspective, documented compliance with key cloud standards is essential during an audit. Prospective and existing customers will also appreciate knowing that cloud services are being deployed in compliance with standards.

How to Use a Standard

Depending on the situation, the following are recommended steps to take when applying a standard to a specific activity:

  1.  Identify the situation where a standard may be needed;
  2.  Research existing standards;
  3.  Identify one or more standards that may be applicable;
  4.  Identify the issue(s) to be addressed by the standard(s);
  5.  Search the standard(s) for applicable sections using the table of contents and index (if provided);
  6.  Identify the content that applies to the situation(s);
  7.  Compare current policies and procedures against the standard(s);
  8.  Determine how content from the standard can apply to the situation(s);
  9.  Initiate changes to policies, procedures, etc. that align with the standard(s) via a change management function;
  10.  Conduct validation tests to ensure the changes work as desired;
  11.  Update policies, procedures, etc. to comply with the standard(s);
  12.  Complete all relevant documentation;
  13.  Review changes with senior management to secure approval before implementation;
  14.  Launch implementation via the change management process;
  15.  Launch training and awareness activities to brief employees;
  16.  Schedule a one-month review to ensure the changes are effective; and
  17.  If no changes are needed, initiate a six-month or annual review cycle

If it is determined that compliance with one or more standards must be demonstrated by an assessment or audit, maintain records on all activities in which the standard has been used.

Cloud Standards and Frameworks

The following sections list current cloud standards, frameworks and organizations that develop standards, regulations, legislation, guidance and good practice on cloud technology.

National Institute for Standards and Technology (NIST)

International Organization for Standardization (ISO, www.iso.org)

Organizations That Develop Cloud Standards

The following organizations develop standards for cloud technology, as well as guidance, frameworks and good practice techniques.  The ISO and NIST have developed the most standards, while the other organizations have committees and working groups that collaborate on issues that need to be addressed in the development of new standards and refinements to existing standards.

  • ASIS International (asisonline.org)
  • European Telecommunications Standards Institute (ETSI, etsi.org)
  • Information Systems Audit and Control Association (ISACA, isaca.org)
  • International Organization for Standardization (ISO, iso.org)
  • National Institute for Standards and Technology (NIST, nist.gov)
  • Open Grid Forum (OGF, ogf.org)
  • Organization for the Advancement of Structured Information Standards (OASIS, oasis-open.org)
  • TM Forum Cloud Services Initiative (tmforum.org)

 Federal Government

The U.S. Government has programs and legislation that can be applied to cloud technologies and applications.

  • Federal Risk and Authorization Management Program (FedRAMP)
  • Federal Information Systems Management Act (FISMA)

Professional and Technical Organizations

The following professional organizations provide guidance and recommendations on cloud technology through various committees and working groups.

Are Standards Right for your Organization?

Even if an organization does not need to officially demonstrate compliance with one or more standards, it it highly advisable to provide evidence that standards have been used, in case of a future compliance assessment or audit.  Standards, along with various frameworks and regulations, provide excellent guidance for resilience professionals for planning, design, implementation, testing and maintenance activities.

Summary

This article has examined standards and organizations that address cloud technology. The number of standards, regulations and frameworks has grown steadily over the past decade, attesting to the importance of cloud technology and services.

# # # #

Recommend0 recommendationsPublished in IT Availability & Security

Share This Story, Choose Your Platform!

FacebookTwitterRedditLinkedInTumblrPinterestVkEmail

About the Author:

Paul Kirvan, FBCI, CISA, is an independent business resilience consultant, IT auditor, and technical writer with over 35 years of experience.  Mr. Kirvan is a Fellow of the Business Continuity Institute (FBCI), a Certified Information Systems Auditor (CISA) and a member of the Resilience Association.  www.resilienceassociation.org   [email protected]
https://www.linkedin.com/in/paulkirvan/

Related Posts

16 Dangerous Myths about Corporate Data Backup
Transform Cybersecurity Decision-Making With Cyber Risk Quantification
10 Tips to Fight Compliance Fatigue
New Cybersecurity Standards for 2024
Maintaining Cybersecurity Amidst World Crises

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2022 Risk and Resilience Hub | Entries (RSS) | Comments (RSS)