The Cloud Security Alliance
Those that outsource services to cloud service providers may have concerns about the security of their data and information. By achieving the STAR Certification, it is claimed, cloud providers of every size will be able to give prospective customers a greater understanding of their security controls.
Daniele Catteddu, Managing Director EMEA at CSA, said: “Especially in light of recent government revelations, both consumers and providers of cloud-based services have been asking for independent, technology-neutral certification to help them make more informed decisions about the services they purchase and use. In providing a rigorous, user-centric assessment, STAR Certification will provide an additional layer of transparency that the industry has been calling for.”
The STAR Certification is based on achieving ISO/IEC 27001 and the specified set of criteria outlined in the Cloud Controls Matrix. There are 11 controls areas within this matrix covering compliance, data governance, facility security, human resources, information security, legal, operations management, risk management, release management, resiliency and security architecture.
The assessment by an accredited CSA certification body, such as BSI, will assign a ‘Management Capability’ score to each of the 11 control areas. Each control will be scored on a specific maturity and will be measured against five management principles.
The internal report will show organizations how mature their processes are and what areas they need to consider improving on to reach an optimum level of maturity. These levels will be designated as either “No”, “Bronze”, “Silver” or “Gold” awards. Certified organization will be listed on the CSA STAR Registry as “STAR Certified”. Elaine Munro, Head of Global Portfolio Management at BSI adds: “Technological developments in the work place and desire for employees to be able to work flexibly have led to an increase in business demand for cloud services. However, many organizations are wary of cloud service due to a variety of security concerns. The STAR Certification will help alleviate this problem, as it will provide organizations and consumers with a clear benchmark on which to evaluate the performance of a cloud service provider.”