As I am preparing our company for ISO 27001 certification I am spending a lot of time answering due diligence questions from customers about which of the 133 ISO controls we have in place.
The most concerning thing is the first question on all of these questionaires – “Are you ISO 27001 certified? (if so include certificate, skip to end, sign and return)”. This would indicate that most prospects think their data is safe with a cloud vendor that is ISO 27001 certified, they couldn’t be more wrong.
Trying to implement ISO 27001 using ISO 27002 controls well...
We’re preparing to go through our ISO 27001 certification at the moment and it struck me quite how different it is to certify as a cloud service vendor rather than as a traditional company.
Excuse my over simplification of the ISO 27001 process for those not involved in it, but effectively there are four stages:
A common method is to conduct...
It appears that Argos, one of the UK’s largest retailers, has been sending customer credit card information, including full name, address, credit-card number and the three-digit Credit Card Verification (CCV) number embedded within the HTML of confirmation emails.
The whole point of the CCV number was that it could be used to verify the physical possession of the credit...
As I am preparing our company for ISO 27001 certification I am spending a lot of time answering due diligence questions from customers about which of the 133 ISO controls we have in place.
The most concerning thing is the first question on all of these questionaires – “Are you ISO 27001 certified? (if so include certificate, skip to end, sign and return)”. This would indicate that most prospects think their data is safe with a cloud vendor that is ISO 27001 certified,...
Eric Schmidt, Google’s CEO, stated during an interview recently “I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”, this is a shocking statement from the CEO of a company that holds more personal information on individuals than any other organisation on earth, including intelligence agencies.
You have to consider what business Google is in. Google is not a philanthropic...
Cloud service providers need to remember the relationships that they have with their customers, we’re the custodians of our customer’s data – not the owners.
Take the recent case of an employee at the Rocky Mountain Bank sending confidential personal information about 1,800 of its customers in error to a Google Mail account – a case of the wrong attachment sent to the wrong...
We’re preparing to go through our ISO 27001 certification at the moment and it struck me quite how different it is to certify as a cloud service vendor rather than as a traditional company.
Excuse my over simplification of the ISO 27001 process for those not involved in it, but effectively there are four stages:
James Blake is the Group Chief Security Officer for Mimecast, award-winning specialists in enterprise email hygiene, continuity, archiving and ediscovery services delivered from the cloud.
As GCSO Jimmy is responsible for the security of internal systems and service delivery platforms across three continents supporting well over half-a-million subscribers. Good security is a key differentiator for Software-as-a-Service vendors, where customers frequently have concerns with regards the confidentiality and availability of their data. Under James\' stewardship, Mimecast has established an impeccable record on security, enabling Mimecast to attain customer retention of over 97%, the highest for any cloud services vendor of this size.
Jimmy has over 20 years experience in information security and business continuity gained in commercial organisations and the military. Jimmy holds a PhD in Information Security Management and is a Certified Information Systems Security Professional (CISSP).
