{"id":1262,"date":"2026-03-19T19:25:09","date_gmt":"2026-03-19T16:25:09","guid":{"rendered":"https:\/\/isocerthub.com\/?p=1262"},"modified":"2026-03-19T19:30:19","modified_gmt":"2026-03-19T16:30:19","slug":"iso-iec-270172015-kak-povysit-bezopasnost-oblachnykh-servisov-i-doveriye-kliyentov","status":"publish","type":"post","link":"https:\/\/isocerthub.com\/en\/iso-iec-270172015-kak-povysit-bezopasnost-oblachnykh-servisov-i-doveriye-kliyentov\/","title":{"rendered":"ISO\/IEC 27017:2015: How to Improve the Security of Cloud Services and Build Customer Trust"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"1262\" class=\"elementor elementor-1262\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-622936fc e-flex e-con-boxed e-con e-parent\" data-id=\"622936fc\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2310e9b5 elementor-widget elementor-widget-text-editor\" data-id=\"2310e9b5\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.21.0 - 15-04-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p><span style=\"font-weight: 400;\">Cloud computing has long ceased to be merely a convenient IT infrastructure. For businesses in Kazakhstan, Uzbekistan, Georgia, and Kyrgyzstan, it is already a working environment where customer data, financial documents, CRM systems, corporate email, and even critical business processes are stored. But together with convenience comes the key question: how can you prove to clients and partners that the cloud environment is genuinely secure? This is where ISO 27017 comes to the forefront \u2014 a practical guide to protecting cloud services for both providers and Cloud users.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">What ISO\/IEC 27017:2015 is and why it matters<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">ISO\/IEC 27017:2015 is an international standard that complements ISO\/IEC 27001 and focuses specifically on the security of cloud services. While ISO 27001 provides the overall framework for managing information security, ISO 27017 adds specific controls for the cloud model: who is responsible for what, how access should be segregated, how virtual environments should be managed, and how to reduce risks when transferring data to the Cloud.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For businesses, this is particularly important because responsibility in the cloud is always shared. The provider is responsible for part of the infrastructure, while the client is responsible for access settings, users, service configuration, and the way data is handled. In practice, many incidents occur not because of a \u201ccloud breach\u201d, but because one of the parties does not understand its area of responsibility.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That is why cloud computing security standards are becoming not a formality, but a tool for building trust. When a company demonstrates that it uses recognised international approaches to protecting its Cloud environment, it becomes easier to pass partner audits, participate in tenders, and reassure clients that their data is under control.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">What issues ISO 27017 addresses<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The main value of the standard lies in the fact that it turns the abstract idea of \u201ccloud security\u201d into specific management and technical actions. It helps establish clear rules both for the cloud provider and for the customer organisation.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Before implementing control measures, it is important to understand where the main risks are usually hidden:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">unclear allocation of responsibilities between the provider and the client;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">excessive access rights for employees and contractors;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">weak change control within the cloud infrastructure;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">insufficient protection of virtual machines and administrative panels;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">lack of transparency regarding backup, deletion, and return of data;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">risks of information leakage when using shared cloud resources;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">weak event logging and insufficient monitoring of suspicious activity.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This list clearly illustrates one simple idea: the cloud does not become secure \u201cby default\u201d. It becomes secure when processes, roles, and controls are configured just as carefully as a good autopilot in an aircraft: the system helps, but without crew discipline, it will not get very far.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Control measures for cloud service providers<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">For providers, ISO\/IEC 27017 sets a higher standard of transparency and manageability. Clients want to understand where their data is stored, how their environments are isolated from other tenants, and what happens in the event of an incident.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is important for the provider to establish clear rules in the following areas:<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Segregation of roles and responsibilities<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The client should clearly understand which security measures are provided by the provider and which remain on the client\u2019s side. This reduces the risk of false expectations and gaps in protection.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Protection of the virtual environment<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The creation, modification, and deletion of virtual machines, containers, and cloud instances must be controlled, and images and templates must be protected against unauthorised changes.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Management of privileged user access<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">A cloud administrator is rather like a person holding a master key to the entire building. For this reason, the actions of such users must be strictly controlled, logged, and reviewed on a regular basis.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Secure deletion and return of data<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">At the end of the contract, the client must understand exactly how their data will be returned and how any residual information will be securely removed from the provider\u2019s environment.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Monitoring and incident response<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">It is important for the provider not merely to record events, but to have a clear procedure for notification, investigation, and interaction with the client in the event of security breaches.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">What Cloud users should control<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Customer organisations cannot simply \u201cleave everything to the provider\u201d either. Even the strongest provider will not protect a business from weak passwords, uncontrolled allocation of access rights, or employees storing sensitive documents in open folders.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Cloud users should pay attention to the following measures:<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Access rights configuration<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Access should be granted on the basis of the principle of least privilege. The fewer unnecessary permissions there are, the lower the chance of error or misuse.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Configuration control<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Incorrect configuration of storage, networks, APIs, and administrative panels is one of the most common causes of incidents in the Cloud.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Data classification<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">It is important to determine in advance which data may be stored in the cloud, which requires additional encryption, and which is better kept in isolated environments.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Review of contractual terms<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">It is essential to analyse the SLA, backup arrangements, data storage locations, incident notification procedures, and the responsibilities of each party.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Staff training<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Even the best ISO 27017 standard will not work without people who understand how to use cloud services securely in their day-to-day work.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Once these measures have been implemented, a company gains not just a \u201csecurity tick-box\u201d, but a clear system for managing risks. For a business, this means fewer disruptions, greater process predictability, and more confidence on the part of clients.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">How ISO 27017 Helps Strengthen Customer Trust<\/span><\/h2>\n<p><span style=\"font-weight: 400;\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignright wp-image-1269 size-medium\" src=\"http:\/\/isocerthub.com\/wp-content\/uploads\/2026\/03\/iso_27017_client_trust-300x200.webp\" alt=\"How ISO 27017 Helps Strengthen Customer Trust\" width=\"300\" height=\"200\" srcset=\"https:\/\/isocerthub.com\/wp-content\/uploads\/2026\/03\/iso_27017_client_trust-300x200.webp 300w, https:\/\/isocerthub.com\/wp-content\/uploads\/2026\/03\/iso_27017_client_trust-1024x683.webp 1024w, https:\/\/isocerthub.com\/wp-content\/uploads\/2026\/03\/iso_27017_client_trust-768x512.webp 768w, https:\/\/isocerthub.com\/wp-content\/uploads\/2026\/03\/iso_27017_client_trust-1536x1024.webp 1536w, https:\/\/isocerthub.com\/wp-content\/uploads\/2026\/03\/iso_27017_client_trust-18x12.webp 18w, https:\/\/isocerthub.com\/wp-content\/uploads\/2026\/03\/iso_27017_client_trust-930x620.webp 930w, https:\/\/isocerthub.com\/wp-content\/uploads\/2026\/03\/iso_27017_client_trust.webp 2048w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>When a company works with the cloud, the client is effectively entrusting it not only with a service, but also with their data, reputation, and sometimes even business continuity. That is why trust is built not on promises, but on verified practices.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this respect, cloud computing security standards serve as a clear international language between the company, the client, and the partner. If an organisation has implemented processes in line with ISO\/IEC 27017, this means that issues such as access, monitoring, allocation of responsibilities, and protection of the cloud environment are addressed systematically rather than \u201cas circumstances arise\u201d.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For companies operating in the markets of Central Asia and the Caucasus, this is also a competitive advantage. International clients are increasingly assessing suppliers not only on price, but also on the maturity of their risk management. For this reason, ISO 27017 certification in Kazakhstan and neighbouring countries is becoming increasingly relevant for IT companies, SaaS providers, data centres, fintech projects, and service organisations.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Who particularly needs the ISO 27017 standard<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The standard is especially beneficial for those who:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">provide cloud services;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">store personal, financial, or commercially sensitive data in the cloud;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">undergo audits by clients or investors;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">participate in tenders and international projects;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">want to reduce the risks of data breaches, downtime, and claims from customers.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">If your company is already developing an information security management system, it is useful to align cloud control measures with the overall security architecture. In this context, it is worth looking at the<\/span><a href=\"https:\/\/isocerthub.com\/en\/iso-iec-27017-zashchita-oblachnykh-servisov-po-mezhdunarodnym-standartam\/\"><span style=\"font-weight: 400;\"> ISO\/IEC 27017<\/span><\/a><span style=\"font-weight: 400;\"> service and assessing how the implementation of the standard can be adapted to your business.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For companies that want to grow, work with major clients, and strengthen their reputation, ISO\/IEC 27017 becomes a strong argument in favour of a mature approach to security. And the System Management team across the CIS can help you move through this process more quickly \u2014 from understanding the requirements to preparing for certification and strengthening trust in your business.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>\u041e\u0431\u043b\u0430\u043a\u043e \u0434\u0430\u0432\u043d\u043e \u043f\u0435\u0440\u0435\u0441\u0442\u0430\u043b\u043e \u0431\u044b\u0442\u044c \u043f\u0440\u043e\u0441\u0442\u043e \u0443\u0434\u043e\u0431\u043d\u043e\u0439 \u0418\u0422-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439. \u0414\u043b\u044f \u0431\u0438\u0437\u043d\u0435\u0441\u0430 \u0432 \u041a\u0430\u0437\u0430\u0445\u0441\u0442\u0430\u043d\u0435, \u0423\u0437\u0431\u0435\u043a\u0438\u0441\u0442\u0430\u043d\u0435, \u0413\u0440\u0443\u0437\u0438\u0438 \u0438 \u041a\u044b\u0440\u0433\u044b\u0437\u0441\u0442\u0430\u043d\u0435 \u044d\u0442\u043e \u0443\u0436\u0435 \u0440\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0440\u0435\u0434\u0430, \u0433\u0434\u0435 \u0445\u0440\u0430\u043d\u044f\u0442\u0441\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b, CRM, \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u0430\u044f \u043f\u043e\u0447\u0442\u0430 \u0438 \u0434\u0430\u0436\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u0435 \u0431\u0438\u0437\u043d\u0435\u0441-\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b. \u041d\u043e \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u0443\u0434\u043e\u0431\u0441\u0442\u0432\u043e\u043c \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442 \u0438 \u0433\u043b\u0430\u0432\u043d\u044b\u0439 \u0432\u043e\u043f\u0440\u043e\u0441: \u043a\u0430\u043a \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0438 \u043f\u0430\u0440\u0442\u043d\u0451\u0440\u0430\u043c, \u0447\u0442\u043e \u043e\u0431\u043b\u0430\u0447\u043d\u0430\u044f \u0441\u0440\u0435\u0434\u0430 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u0430? \u0417\u0434\u0435\u0441\u044c \u043d\u0430 \u043f\u0435\u0440\u0432\u044b\u0439 \u043f\u043b\u0430\u043d \u0432\u044b\u0445\u043e\u0434\u0438\u0442&hellip;&nbsp;<a href=\"https:\/\/isocerthub.com\/en\/iso-iec-270172015-kak-povysit-bezopasnost-oblachnykh-servisov-i-doveriye-kliyentov\/\" class=\"\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">ISO\/IEC 27017:2015: How to Improve the Security of Cloud Services and Build Customer Trust<\/span><\/a><\/p>","protected":false},"author":2,"featured_media":1263,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[12],"tags":[],"class_list":["post-1262","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-12"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":7,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1272,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1272"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/media\/1263"}],"wp:attachment":[{"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/isocerthub.com\/en\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}