The ISO 27001 standard is managed by the international standards body ISO and the International Electrotechnical Commission. To get certified under the standard, Microsoft will need to show that its physical, logical, process and management controls for protecting its suite of cloud services meet a rigorous set of audit criteria. Though the ISO 27001 standard is widely recognized internationally, it has failed to gain much traction in the U.S. "Within the federal market, it is a cultural issue," Bill Billings, chief security officer of MSFT Federal, said. "This is really about making them feel comfortable about their partnership with Microsoft."
So the question now becomes, will it be totally impossible for a standard of care in cloud computing, or hosted services for that matter, to be determined since it appears that the two largest players in the industry are going along to different paths? Is it feasible to think that they, and other providers (i.e. Amazon), can even come to the table and agree on a standard? What is obvious, is that now the line has been drawn in the sand, and a battle over which standard the consumers believe is better will be waged. The outcome will be determined on who "wins over" the trust of consumers as the "Cloud" becomes an everyday part of the business landscape.
To read more about this, please click here: Microsoft Wants ISO Security Certification for its Cloud Services