SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

CSA Pushes Security Certification Scheme for Cloud Providers

The Cloud Security Alliance (CSA) today announced additional details on its Open Certification Framework, an industry initiative to provide security certification for cloud providers.

The Cloud Security Alliance (CSA) today announced additional details on its Open Certification Framework, an industry initiative to provide security certification for cloud providers.

Cloud Security Alliance StandardsFounded roughly five years, the Cloud Security Alliance is an industry collective that promotes security standards and best practices for cloud providers. In a document describing the certification framework, the group states that consumers lack a simple cost-effective way to evaluate and compare the resilience, data protection capabilities and service portability of cloud providers.

The CSA Open Certification Framework has three parts. The first level is the CSA STAR Self-Assessment, in which cloud providers can submit reports to the CSA STAR Registry to demonstrate compliance with CSA best practices. The second level is known as ‘CSA Star Certification’, which requires an assessment by an independent third-party and proof the provider meets the requirements of the ISO/IEC 27001:2005 management systems standard as well as the CSA Cloud Controls Matrix (CCM). These assessments can only be performed by approved certification bodies. 

The final level will involve continuous monitoring and is currently under development, according to the group. The STAR Certification level will be ready by the first half of 2013, and will be developed jointly by the CSA and the British Standards Institution (BSI).  

“A key challenge the cloud industry faces is reassuring its customers that the service they provide is not only secure but can recover from any incidents with minimal disruption,” said David Brown, Director of Corporate Development at BSI, in a statement. “By adopting the Open Certification Framework, cloud service providers will benefit from reducing their risks, improving the incident recovery time and demonstrating good information governance.”

“By partnering with the CSA, we are able to combine our expertise to develop a comprehensive Framework against which cloud providers can be independently benchmarked and which encourages continual improvement to ensure customers receive the best service possible,” he said. 

More information on the Open Certification Framework is available here.

Written By

Marketing professional with a background in journalism and a focus on IT security.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Kim Larsen is new Chief Information Security Officer at Keepit

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

More People On The Move

Expert Insights

Related Content

Cybersecurity Regulations Insights Cybersecurity Regulations Insights

Compliance

Cyber Insights 2023 | Regulations

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

February 2, 2023
DMARC Implemented on Half of U.S. Government Domains

Compliance

DMARC Implemented on Half of U.S. Government Domains

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

January 3, 2018
VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

December 13, 2022
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

December 12, 2022
Web Scraping – Is It Legal and Can It Be Prevented?

Compliance

Web Scraping – Is It Legal and Can It Be Prevented?

Web scraping is a sensitive issue. Should a third party be allowed to visit a website and use automated tools to gather and store...

November 7, 2022
Securing Email Securing Email

Cloud Security

Proofpoint to Acquire Tessian for AI-Powered Email Security Tech

Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails.

October 30, 2023
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks

Application Security

Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

December 13, 2022
LastPass Says Password Vault Data Stolen in Data Breach

Application Security

LastPass Says Password Vault Data Stolen in Data Breach

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

December 22, 2022