Cloud Security

Keeping IT networks and data secure is critical to business. The need for more cost-effective storage and software solutions together with mobile access has led to a rise in the adoption of cloud computing – and while cloud computing has opened up many new opportunities, it also presents a number of new security risks to company information. Through the implementation of ISO/IEC 27001, the most widely adopted international information security management standard, organizations can ensure that they have full understanding of the risks involved and the business impacts such that controls can put in place to protect business critical information. 


What is STAR certification?

As with all management system standards, ISO/IEC 27001 has been written in such a way that it can be applied to any organization, large or small, across all industries. As such, it is felt that there are special requirements specific to cloud computing that are either not covered or need to be covered more precisely.

Developed by the Cloud Security Alliance (CSA) the Cloud Controls Matrix (CCM) bridges this gap, by providing an additional set of controls for cloud service providers.

A joint agreement was signed by the CSA and BSI in August 2012 to develop a third party certification scheme for cloud security called STAR certification. The scheme incorporates the requirements of ISO 27001, and a maturity rating to indicate how well an organization is complying with the additional cloud specific requirements and also to drive optimization efforts by assessing the organizations capabilities and complexities as well.

This new scheme will assist in the adoption of cloud services by business by promoting greater transparency and allowing cloud service providers (CSPs) to provide their stakeholders with confidence that they have the necessary controls in place to secure the data they hold.


What are the benefits of STAR certification?

While there are no regulatory mandates, STAR certification will allow:

• Full visibility for top management to evaluate the effectiveness of their management system in relation to expectations of the international standard and the cloud security industry

• A tailored audit to be implemented which will reflect how an organization’s objectives are aimed at optimizing the cloud services

• An organization to demonstrate progress & performance levels via an independently validated award from an external certified body 

• Organizations to benchmark their performance against their peers.

STAR certification will give prospective customers of the certified organization a greater understanding of the level of controls that are in place as well as highlighting areas in which an organization might wish to focus.


Who is STAR certification for?

The scheme is available to any organization offering cloud services that has, or is in the process of certifying to ISO/IEC 27001. The scope of the ISO/IEC 27001 certification must not be less than the scope of the STAR certification.

While there are no regulatory drivers for companies to seek certification, Cloud Service Providers (CSP) are now seeking more robust certification arrangements. As their clients put a high level of trust in them, a CSP will need to demonstrate greater assurance that this trust is not misplaced. For IT suppliers, this is particularly important as their customers will often not be experts in IT security and therefore will look for independent third-party certification as an indication of the organizations competency to deliver cloud services.

STAR certification will provide reassurance as it requires the organization to address the specific issues that are critical to cloud security and the maturity model assesses how well managed the activities in the control areas are.


Why choose BSI?

One Company, One Solution. By packaging assessment, training and a management system toolset, BSI delivers a business improvement solution that combines it all in a comprehensive service offering and allows us to provide an integrated approach to meet the needs of an organization and embed excellence across the business. BSI presents a one-stop value proposition from the decision to improve systems through to registration and continual improvement. From start to finish, BSI helps turn complexity into simplicity. 



BSI Client Pulsant explains why they jumped at the opportunity to get certified to new CSA STAR Certification scheme for Cloud Service Providers.



Watch this educational webinar titled - CSA Cloud STAR certification: The Paradigm Has Changed - approx 50min