Cloudanix

Cloud Security Controls and Guidelines

ISO 27017

ISO/IEC 27017 is an international standard that provides guidelines for information security controls specifically for cloud services. Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO 27017 supplements the general information security standard ISO 27001 with cloud-specific security controls. The standard addresses both cloud service providers and cloud service customers, offering guidance on shared security responsibilities across AWS, Azure, GCP, and OCI environments. ISO 27017 provides 37 cloud-specific controls covering areas like virtual machine configuration, cloud service customer data separation, virtual and cloud network environment security, and cloud administrative operations and procedures.

Understanding ISO 27017 for Cloud Environments

ISO 27017 extends ISO 27002's information security controls with additional implementation guidance specific to cloud computing. The standard addresses the unique security challenges of cloud environments including multi-tenancy, virtualization, data jurisdiction, and shared responsibility models. Cloud service customers (CSCs) using AWS, Azure, GCP, or OCI must implement appropriate controls on their side of the shared responsibility model. ISO 27017 helps organizations understand which security controls they're responsible for implementing and provides specific guidance for cloud-based information security management.

Just-In-Time Access for ISO 27017 Access Control

ISO 27017 emphasizes robust access controls in cloud environments, particularly controls CLD.6.2.1 (Identity and access management) and CLD.9.2.4 (Monitoring of cloud service customer activities). Cloudanix's Just-In-Time (JIT) access implements time-bound, temporary privileged access across AWS, Azure, GCP, and OCI. JIT access addresses ISO 27017's requirements for managing user access rights, limiting privileged access, and maintaining audit trails of access activities in cloud environments. Zero-standing-privileges approach minimizes security risks associated with permanent administrative access in multi-tenant cloud infrastructures.

Database Activity Monitoring (DAM) for ISO 27017 Compliance

ISO 27017 control CLD.12.4.1 addresses logging and monitoring in cloud environments, requiring organizations to establish procedures for monitoring cloud service usage and detecting security events. Cloudanix's DAM provides comprehensive database activity monitoring across AWS RDS, Azure SQL, Google Cloud SQL, and Oracle Cloud databases. DAM helps organizations comply with ISO 27017's requirements for security event logging, regular review of audit logs, and detection of unauthorized access attempts. Real-time monitoring and alerting ensure that security incidents in cloud databases are detected and investigated promptly as required by the standard.

Cloud Identity and Access Management

ISO 27017 CLD.6.2.1 specifically addresses identity and access management in cloud services, requiring proper management of both human users and non-human identities such as service accounts, API keys, and workload identities across multi-cloud environments. Cloudanix provides comprehensive identity governance across AWS IAM, Azure AD, GCP IAM, and OCI IAM, continuously monitoring permissions for all identity types. This includes detecting excessive privileges, enforcing least-privilege access, managing cloud service accounts and API keys, and ensuring proper segregation of duties in cloud environments as required by ISO 27017.

Secure Cloud Configuration Management

ISO 27017 control CLD.12.1.1 addresses secure configuration of cloud services, emphasizing the cloud service customer's responsibility to properly configure their cloud resources. Misconfigurations are a leading cause of cloud security incidents and data breaches. Cloudanix continuously scans AWS, Azure, GCP, and OCI environments for security misconfigurations including publicly accessible storage, unencrypted data, weak network controls, and insecure virtual machine configurations. Automated detection and remediation help organizations maintain secure cloud configurations aligned with ISO 27017 guidelines.

Cloud Workload Security and Virtual Machine Protection

ISO 27017 CLD.12.1.5 provides guidance on securing virtual machine instances, including proper configuration, hardening, and monitoring. Cloud workloads including containers, Kubernetes clusters, serverless functions, and virtual machines require comprehensive security controls. Cloudanix secures cloud workloads across AWS EC2/ECS/EKS, Azure VMs/AKS, GCP Compute/GKE, and OCI Compute through vulnerability scanning, runtime protection, configuration compliance monitoring, and network security enforcement. This comprehensive approach helps organizations meet ISO 27017's requirements for virtual environment security.

Software Supply Chain Security for Cloud Services

ISO 27017 emphasizes the importance of security throughout the cloud service supply chain. Organizations must understand and manage risks introduced by third-party software components, open-source libraries, and container images deployed in cloud environments. Cloudanix generates comprehensive Software Bill of Materials (SBOMs) for containerized applications and cloud workloads across AWS, Azure, GCP, and OCI. SBOM capabilities provide visibility into software components, identify known vulnerabilities, enable risk assessment of third-party dependencies, and support ISO 27017's requirements for managing supply chain security risks in cloud services.

Implement Cloud-Specific Security Controls

Cloudanix for ISO 27017 Cloud Security

ISO 27017 provides specific guidance for securing cloud services, addressing the unique challenges of cloud computing environments. Cloudanix helps organizations implement and maintain ISO 27017 controls across multi-cloud infrastructures.

Loading animation...

Shared Responsibility Clarity

ISO 27017 clarifies security responsibilities between cloud providers and customers. Cloudanix helps you manage your side of the shared responsibility model.

Clear visibility into customer-managed security controls
Automated assessment of configuration responsibilities
Documentation and evidence for ISO 27017 certification
Continuous monitoring of customer-controlled cloud resources

Multi-Cloud ISO 27017 Compliance

Achieve consistent ISO 27017 compliance across AWS, Azure, GCP, and OCI with unified security monitoring and control implementation.

Unified compliance dashboard for multi-cloud environments
Consistent security controls across different cloud platforms
Centralized audit logging and evidence collection
Simplified certification and compliance reporting

Customer Voice

We are excited to leverage Cloudanix's comprehensive multi-cloud DevSecOps solution to secure our production workloads on AWS. Cloudanix has demonstrated that it can solve many challenges that DevSecOps teams face while continually adding new features such as SOC2 compliance and drift detection.

Satish Mohan Co-founder & CTO, Airgap Networks

See all stories

Ready to see your graph?

Connect a cloud account in under 30 minutes. See every finding rooted in identity, asset, and blast radius — with a fix path attached.

Book a Demo

CLOUDANIX

Insights from Cloudanix

Explore guides, checklists, and blogs that simplify cloud security and help you secure your infrastructure.

AI Code Remediation

Learn how AI code remediation automates the process of finding and fixing software vulnerabilities. Discover various techniques for intellig…

What is Code Security?

Learn about code security fundamentals, OWASP Top 10, security tools like SAST/DAST, and best practices for embedding security throughout th…

Read the blog

Cloudanix docs

Cloudanix offers you a single dashboard to secure your workloads. Learn how to set up Cloudanix for your cloud platform from our documentati…

Take a look

Write Vulnerability-Free Code

A comprehensive guide to secure coding practices, covering vulnerabilities, prevention techniques, and industry standards

Know more

Changelog

A complete history of changes, improvements, and fixes for Cloudanix. Subscribe to get notified about the latest updates.

View Changelog

Privacy by Design

A framework for embedding privacy into the entire product development lifecycle, ensuring it is a proactive consideration, not an afterthoug…