The best SaaS application is nothing without strong security. 

As a cloud service provider, Templafy has always been built with a security-first approach, and now we are happy to share that we have achieved full ISO 27017 certification, recognizing our compliance with the highest international cloud security standards.

“For Templafy customers, these rigid standards and processes go the extra mile in keeping their data safe,” explained Ellen Benaim, Chief Information Security Office at Templafy.

This brief explainer article shares why ISO 27017 is important, how it protects and benefits our customers, what enterprises can do to best protect their data, and why, in Ellen’s own words: “We’re the only company among our peers to have taken this additional step.”

What is ISO 27017 certification?

ISO 27017 is an internationally recognized certification to address the best practices of a cloud service supplier. 

Developed by the International Organization for Standardization (ISO), this framework provides additional guidance on the standards outlined in ISO/IEC 27002, as well as providing new guidelines on shared roles and responsibilities, the monitoring of cloud services activity, alignment of the security management of virtual and cloud network environments, and more. 

The processes and procedures outlined in ISO 27017 are designed to keep information stored in the cloud secure by defining:

• The roles and responsibilities of cloud service providers and their customers
• How to safely remove and return cloud service assets when a contract has been terminated
• When and how to properly segregate virtual computing environments
• The secure hardening of virtual machines
• Standard procedures for critical operations
• How cloud service customers should be able to monitor relevant activities 
• Security management for both virtual and physical networks

The importance of enhanced cloud security

For many enterprises, data is their most valuable asset. Whether that data relates to their customers, their employees, or their financial and legal records, data security is a must-have that cannot be compromised.

Increasingly, that data is stored and transmitted through external cloud servers, which means companies need to have a high level of trust in their technology partners. 

Cloud server misconfigurations pose the greatest threat to cloud security. These vulnerabilities present opportunities to hackers to access private or sensitive data. 

In 2022, IBM published a report showing that cloud vulnerabilities had risen 28% since the previous year, making this a growing area of concern. 

Cloud-specific standards support the implementation of risk controls to ensure the ongoing security of cloud services. ISO 27017 in particular standardizes the relationship between cloud vendors and customers, clarifying responsibilities and ensuring transparency.

Voluntary ISO 27017 certification shows a commitment to enhanced cloud security. 

Q&A: Ellen Benaim answers your FAQs

As Templafy’s Chief Information Security Officer, Ellen Benaim provides answers and explanations to some of the most commonly-asked questions about cloud security and ISO certification.

What are the consequences of using a tool that does not have an ISO 27017 certification?

Enterprise data on third-party platforms is often cloud-based, which can leave them open to security risks. In 2021, 45% of businesses experienced a cloud-based data breach, so the stakes are high. 

Given that most of these breaches are caused by cloud misconfiguration, we’ve increased our maturity in the cloud to protect against these outside threats. 

How is security and compliance built into Templafy’s development? 

Complying with the additional requirements has been made possible by introducing Infrastructure as Code, or IaC, to the Templafy environment. 

We’ve configured all resources in our cloud to be centrally managed through IaC in order to mitigate against misconfiguration issues.

This enables our engineers to create new compliant resources when needed that follow our strict change management processes. As a result, our engineers are focused on output and productivity, with a security-first approach that’s embedded into their daily work.

How can enterprises best keep their documents safe?

Enterprises create thousands of documents every day, and each one contains sensitive data.

But when individuals are responsible for ensuring document security — despite their best intentions and efforts — mistakes and non-compliance are inevitable. 

Templafy helps by automating the creation, standardization, and classification of documents so individual employees don’t have to. 

That means that security is embedded into the everyday process of employees, so organizations can feel confident in the knowledge that all documents created are handled in accordance with its security policies every time.

Security-first mindset

Templafy is committed to the highest data and security standards, and is trusted by 600+ enterprises to exceed industry standards across every part of our platform.