Cloud Security Alliance Launches Transparency Initaitve
No-Size-Fits-All! An Application-Down Approach for Your Cloud Transformation REGISTER >
The Cloud Security Alliance announced the launch of a new initiative to encourage transparency of security practices within cloud providers. The CSA Security, Trust and Assurance Registry (STAR) is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with.
CSA STAR is open to all cloud providers, and allows them to submit self-assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. "CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator," the organization said in a statement.
The STAR initiative will be online in Q4 of 2011, and cloud providers can submit two different types of reports to indicate their compliance with CSA best practices. The Consensus Assessments Initiative Questionnaire (CAIQ) provides industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings. The questionnaire (CAIQ) provides a set of over 140 questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. Providers may opt to submit a completed Consensus Assessments Initiative Questionnaire.
The Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry. Providers may choose to submit a report documenting compliance with Cloud Controls Matrix.