Securely moving a service to the cloud while meeting compliance obligations can seem difficult and complex. But in reality, it can be done quite simply with some basic understanding about core security requirements either implemented on your behalf by Azure solutions or enabled quickly by you.
This week my team released a paper in which we provide guidance on 13 effective security controls that can be easily implemented to help address ISO 27001 compliance obligations. While we recognize there is still a need to address all controls in ISO 27001, this paper focuses on several of the problems most organizations face when thinking about cloud adoption.
13 Effective Security Controls for ISO 27001 Compliance provides details on the following key recommendations:
- Enable identity and authentication solutions
- Use appropriate access controls
- Implement and use an industry-recommended antimalware solution
- Ensure that an effective certificate acquisition and management solution is enabled
- Address the need to encrypt all customer data
- Review penetration testing and threat modeling processes
- Log security events
- Implement monitoring and visualization capabilities for security events
- Be able to determine the root cause of incidents
- Train all staff in cybersecurity issues
- Patch all systems and ensure security updates are deployed
- Keep service and server inventory current and up-to-date
- Maintain clear server configuration with security in mind
We hope you find the information useful and that it helps enable you to move confidently into the Azure cloud.