CITIC Telecom has become the first IaaS provider to receive the ISO 27017 cloud security certification in Hong Kong. The company says it's a step to achieving the high standard of cloud security needed for all customers.

Daniel Kwong, CITIC Telecom's senior vice president in Information Technology and Security Services, says the certification showcases the company's dedication to its customers.

He says the company “Is committed to providing our customers with secured and flexible cloud platform, addressing to their varying needs. ISO 27017 is thus serving as the controls and guidance for us to follow in achieving high standard of cloud security."

The company runs an IaaS service known as SmartCloud Compute, a business development platform. This sits across CITIC's broader cloud services.

As the first IaaS provider in Hong Kong to receive the certification, the company says it is committed to cloud and its various benefits.

However, because cloud is by nature an open environment and includes network access, flexibility, resource and functionality complexities, applying security can be a difficult task.

The company says demand for compliance will be crucial for cloud providers and customers who want to ensure data remains safe and risk-free.

The “ISO 27017 Code of Practice for Information Security Controls for Cloud Services” certification is an internationally recognized code of practice for security controls across cloud services.

"This certification is a fitting recognition of CITIC Telecom CPC long standing pursuit for excellence within the cloud computing environment. It further reassures our customers that they will be giving the highest and trustworthy quality services backed by strong quality management standard,” Kwong says.

The company now holds five different ISO certifications.