Figure 3: Example of an event-driven reference architecture for IoT sensor data. Image source: AWS
learning (ML) processing in the next step. In addition, anomalous data can be identified that may require accelerated analysis and decision making. ML training and analysis are ongoing processes as more and more data becomes available. In this final block of the architecture, mobile apps or business applications can be used to access the raw data in near real-time or look at the results of the ML processing. Automatic reporting and alerts can provide the insights needed to support manual or automatic management of the devices that were the sources of the original sensor data. IEC 27017 and IEC 27018 – why you need both Developers of Cloud solutions need IEC 27017 and IEC 27018. 27017 defines information security controls for Cloud services, while
27018 defines how to protect user privacy in the Cloud. They were developed under the ISO/IEC JTC 1/SC 27 joint subcommittee and are part of the IEC 27002 family of security standards. IEC 27017 provides recommended practices for both Cloud service providers and Cloud service customers. It is designed to help customers understand the shared responsibilities in the Cloud and provides customers with insights on what they should expect from Cloud service suppliers. For example, it adds seven additional controls for Cloud services to the 37 controls specified in the base IEC 27002 standard. The additional controls relate to the following: ■ Division of responsibilities between service providers and Cloud users ■ Return of assets at the end of a Cloud contract ■ Separation and protection of the user’s virtual environment
■ Virtual machine configuration responsibilities ■ Administrative procedures and operations to support the Cloud environment ■ Monitoring and reporting Cloud activity ■ Alignment and coordination of the Cloud and virtual network environments IEC 27018 was developed to help Cloud service providers assess risk and implement controls for protecting users’ personally identifiable information (PII). When combined with IEC 27002, IEC 27018 creates a standard set of security controls and categories and controls for public Cloud computing service providers that process PII. Among its several objectives, IEC 27018 outlines how to provide a mechanism for Cloud service customers to exercise audit and compliance rights. This mechanism is especially important where individual Cloud service
we get technical
47
Powered by FlippingBook