The Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, recently announced that it has joined hands with BSI, the business standards company, to launch the STAR (News - Alert) Certification program, a third party independent assessment of the security of a cloud service provider.
To be certified under the program, the companies will have to achieve ISO/IEC (News - Alert) 27001 and the specified set of criteria outlined in CSA Cloud Controls Matrix. The new certification will enable cloud companies to give prospective customers a greater understanding of their levels of security controls. The companies will be assessed by an accredited CSA certification body which will assign a 'Management Capability' score to 11 control areas within the Cloud Controls Matrix. The accredited CSA certification body will then prepare a report which will show organizations how mature their processes are and what areas they need to consider improving on to reach an optimum level of maturity.
"Especially in light of recent government revelations, both consumers and providers of cloud-based services have been asking for independent, technology-neutral certification to help them make more informed decisions about the services they purchase and use," said Daniele Catteddu, Managing Director EMEA at CSA. "In providing a rigorous, user-centric assessment, STAR Certification will provide an additional layer of transparency that the industry has been calling for."
Elaine Munro, Head of Global Portfolio Management at BSI, adds, "Technological developments in the work place and desire for employees to be able to work flexibly have led to an increase in business demand for cloud services. However, many organizations are wary of cloud service due to a variety of security concerns. The STAR Certification will help alleviate this problem, as it will provide organizations and consumers with a clear benchmark on which to evaluate the performance of a cloud service provider."