BSI and CSA launch certification programme to improve confidence in cloud
The Cloud Security Alliance (CSA) and the British Standards Institute (BSI) Wednesday announced the launch of a certification programme for cloud service providers designed to improve confidence in cloud computing among consumers and enterprises.
The STAR certification programme includes an assessment of the security of cloud service providers, measuring how well these companies measure up to the ISO/IEC 27001:2005 information management system standard, and the CSA Cloud Control Matrix, a set of 11 criteria developed by the organisation which measures the capability levels of the cloud service providers including compliance, data governance, facility security, human resources, information security, legal, operations management, risk management, release management, resiliency and security architecture.
The assessment will be administered by a CSA accredited body, in this case BSI, which will apply a “management capability” score to each of the abovementioned areas. Cloud service providers will then receive an internal report that gives them a sense of how mature their internal processes.
These levels will be designated as either “No”, “Bronze”, “Silver” or “Gold,” and certified organization will be listed on the CSA STAR Registry as “STAR Certified.”
Both the BSI and CSA say that cloud providers who opt to become certified under the STAR programme will be able to give their customers more transparency around their security practices, developing more trust in cloud computing – which some say has eroded in light of recent revelations involving government snooping.
“Especially in light of recent government revelations, both consumers and providers of cloud-based services have been asking for independent, technology-neutral certification to help them make more informed decisions about the services they purchase and use,” said Daniele Catteddu, managing director emea at CSA.
“In providing a rigorous, user-centric assessment, STAR Certification will provide an additional layer of transparency that the industry has been calling for,” Catteddu added.
Speaking on behalf of the BSI, Elaine Munro, head of global portfolio management said that no one can really dispute the increased prevalence of cloud computing in enterprises today, but many are still worried about security. “The STAR Certification will help alleviate this problem, as it will provide organizations and consumers with a clear benchmark on which to evaluate the performance of a cloud service provider,” Munro said.