Dropbox becomes latest cloud provider to adopt emerging ISO 27018 standard

James has more than a decade of experience as a tech journalist, writer and editor, and served as Editor in Chief of TechForge Media between 2017 and 2021. James was named as one of the top 20 UK technology influencers by Tyto, and has also been cited by Onalytica, Feedspot and Zsah as an influential cloud computing writer.


(c)iStock.com/KIVILCIM PINAR

Cloud storage provider Dropbox has announced it has achieved certification with the emerging privacy standard ISO/IEC 27018, boosting its security credentials.

ISO 27018 was published on July 30 2014 by the International Organisation for Standardisation (ISO) as a follow up to the widely accepted ISO 27001 information security standard. It aims to put together a code of practice for protection of personally identifiable information (PII) in public clouds. The standard has already been taken up by Microsoft, as CloudTech reported back in February.

The benefits for consumers of Dropbox taking up this standard includes transparency on what the storage vendor does and doesn’t do with your data, the ability to add, modify or delete data from Dropbox at any time, as well as annual audits from an independent third party.

“We’re pleased to be one of the first companies to achieve ISO 27018 certification,” the company said. “Privacy and data protection regulations and norms vary around the world, and we’re confident this certification will help our customers meet their global compliance needs.”

“Businesses in the UK and all over the world are trusting Dropbox to make collaboration easier and boost productivity,” said Mark van der Linden, Dropbox UK country manager. “Our ISO 27018 accreditation shows we put users in control of their data, we are transparent about where we store it, and we operate to the highest standards of security. Dropbox is one of the first cloud services for business to be recognised with this latest independently-verified standard.”

Dropbox has had its fair share of security worries, including the recent development of a phishing attack, which asks users to download confidential documents.

The company’s certificate, which can be seen here, runs from May 13 2015 to September 30 2017.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *