Dropbox’s cloud storage service for enterprises has scored a major new stamp of approval, at least in terms of ensuring user privacy and protecting data.
Dropbox for Business is ISO 27018-compliant, the company announced today. “We’re excited to announce that Dropbox for Business is one of the first major cloud service providers to achieve certification with ISO 27018 — an emerging global standard for privacy and data protection in the cloud,” blogged Tolga Erbay, Security Risk and Compliance Manager for Dropbox.
ISO 27018 is a privacy standard that governs how cloud providers manage and protect personally identifiable information (PII). “ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations,” notes the International Organization for Standardization’s (ISO) online abstract on the standard.
For businesses, ISO 27018 certification ensures that Dropbox will be transparent about how user information is used and what happens to their data when it winds up in the company’s cloud data centers.
“We only use the personal information you give us to provide you the services you signed up for,” assured Erbay. “You can add, modify, or delete data from Dropbox when you need to.” Similarly, he pledged that customers will be made aware of the company’s trusted partners and changes to the service. Dropbox will also be forthcoming on where data resides on its servers and what happens to data after it is deleted or its respective account is closed.
When combined with ISO 27001, a data security standard for IT organizations, the new certification helps businesses round out their cloud storage compliance efforts. “We received ISO 27001 certification in October 2014, and the requirements for security and privacy under ISO 27018 — such as those around encryption and strict employee access controls — go hand in hand,” stated Erbay.
“We’re pleased to be one of the first companies to achieve ISO 27018 certification,” continued Erbay. “Privacy and data protection regulations and norms vary around the world, and we’re confident this certification will help our customers meet their global compliance needs.”
Dropbox joins another major provider of cloud software and services to embrace ISO 27018.
In February, Microsoft announced that Azure had adopted the standard, earning it the distinction of being the first cloud computing platform to do so. “ISO 27018 assures enterprise customers that privacy will be protected in several distinct ways,” noted Brad Smith, general counsel and executive vice president, Legal and Corporate Affairs, Microsoft, in a statement. “It ensures that there are defined restrictions on how we handle personally identifiable information, including restrictions on its transmission over public networks, storage on transportable media, and proper processes for data recovery and restoration efforts.”