Cloud security through the new Control 5.23 - Conclusion
According to a study conducted by Statista in 2022, 84% of all German companies use cloud services. In addition, 13 percent are in the decision-making or planning phase for their use. This means that the protection of personal information and confidential data is becoming increasingly important.
With the new security measure, ISO and IEC are closing an important gap in the protection of modern ICT architectures and sensitive data of companies, organizations and authorities. It means that the information security standard ISO 27001, as a global standard, now also contributes to consistent, systematic cloud security.
Regardless of whether your company operates in a public cloud, private cloud or hybrid cloud environment, information security solutions and best practices are essential. This is the only way to ensure business continuity and compliance. Especially in times of skills shortages and decentralized corporate networks, data security in the cloud will continue to grow in importance in the coming years.
The new Control 5.23 from Appendix A provides users of cloud services with a framework. They can use it to put their existing information security measures to the test and adjust them if necessary.
In addition to a large number of basic organizational requirements, the new control also underlines the importance of close cooperation with the cloud service provider in order to maintain the mutual exchange of information at all times. This promotes reciprocal mechanisms to monitor defined service features and to identify and report breaches of the agreed obligations.