Organizations are however still reluctant to embrace cloud solutions amid concerns around security, stability and suitability. This is supported by research findings that 51% of organizations are reluctant to migrate to the cloud due to concerns about data security flaws.
Customers of CSP’s are often not be experts in IT security, however looking for CSP’s with independent third-party CSA STAR certification will provide reassurance of the organizations competency to deliver cloud services.
In response, the CSA has launched its new STAR Certification, by working with industry to develop a matrix of security measures. This matrix has been designed to provide a framework that addresses the unique security requirements demanded by customers of Cloud Security Providers.
The controls cover 11 areas:
CSA STAR Certification demonstrates that the CSP’s information security defences are robust and they have addressed the specific issues critical to cloud security. It is therefore widely excepted that this new scheme, as an extension of the CSP’s standard ISO/IEC 27001 Information Security Management system, will be used by customers to underpin service level agreements (SLA’s) and contractual terms. Additionally, as a cloud-service customer, the Gold, Silver and Bronze rating provides users with a greater understanding of the level of security measures that are in place.