The Cloud Security Alliance has teamed up with business standards company ‘BSI Incorporating NCSI’ to create a new standard for security of cloud services and an independent system of certification for conformance to it.
According to Nick Koukoulas, managing director of BSI incorporating NCSI, both users and providers of cloud-based services have been asking for independent, technology-neutral certification to help them make more informed decisions about the services they purchase and use.
He said that STAR Certification would provide organisations and consumers with a clear benchmark on which to evaluate the performance of a cloud service provider.
The CSA’s STAR Certification combines assessment for conformance to the well-established ISO/IEC 27001:2005 management system standard and the CSA’s CSA Cloud Control Matrix, a specified set of criteria that measures the capability levels of the cloud service.
According to CSA, whilst ISO/IEC 27001 is widely respected there can be a perception that it does not focus in sufficient detail on certain areas of security that are critical for particular sectors such as cloud security. This, it says, is where STAR Certification comes in, by providing a service that sets standards specific to cloud computing security.
The Cloud Control Matrix (CCM) was developed by the CSA with an industry working group and is designed to provide a controls framework that addresses the unique security requirements demanded by customers of cloud security providers.
The controls cover: compliance, data governance, facility security, human resources, information security, legal, operations management, risk management, release management, resiliency and security architecture.
STAR Certification is achieved through the provider being assessed as meeting the requirements of ISO/IEC 27001 and being assessed on each of the 11 control areas of the Cloud Control Matrix against five capability factors: communication and stakeholder engagement; ownership, leadership and management; policies, plans and procedures and a systematic approach; monitoring and measuring; skills and expertise.
A performance score is given to each capability factor for every control area to indicate the maturity of the system. There are criteria for each individual score that contribute to an overall Gold, Silver or Bronze rating. Certified organisations will be listed on the CSA STAR Registry as being ‘STAR Certified’.
Assessments will be undertaken by an accredited CSA certification body, such as BSI incorporating NCSI.
Further information about STAR Certification can be found here http://tinyurl.com/lbokfr2.
Axelera’s Cloud Platform and Managed Services are a secure, flexible, cost effective solution supported by Australian specialists.
|Managed Cloud||Managed Services||Managed Azure™|