Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

CSA Pushes Security Certification Scheme for Cloud Providers

The Cloud Security Alliance (CSA) today announced additional details on its Open Certification Framework, an industry initiative to provide security certification for cloud providers.

The Cloud Security Alliance (CSA) today announced additional details on its Open Certification Framework, an industry initiative to provide security certification for cloud providers.

Cloud Security Alliance StandardsFounded roughly five years, the Cloud Security Alliance is an industry collective that promotes security standards and best practices for cloud providers. In a document describing the certification framework, the group states that consumers lack a simple cost-effective way to evaluate and compare the resilience, data protection capabilities and service portability of cloud providers.

The CSA Open Certification Framework has three parts. The first level is the CSA STAR Self-Assessment, in which cloud providers can submit reports to the CSA STAR Registry to demonstrate compliance with CSA best practices. The second level is known as ‘CSA Star Certification’, which requires an assessment by an independent third-party and proof the provider meets the requirements of the ISO/IEC 27001:2005 management systems standard as well as the CSA Cloud Controls Matrix (CCM). These assessments can only be performed by approved certification bodies. 

The final level will involve continuous monitoring and is currently under development, according to the group. The STAR Certification level will be ready by the first half of 2013, and will be developed jointly by the CSA and the British Standards Institution (BSI).  

“A key challenge the cloud industry faces is reassuring its customers that the service they provide is not only secure but can recover from any incidents with minimal disruption,” said David Brown, Director of Corporate Development at BSI, in a statement. “By adopting the Open Certification Framework, cloud service providers will benefit from reducing their risks, improving the incident recovery time and demonstrating good information governance.”

“By partnering with the CSA, we are able to combine our expertise to develop a comprehensive Framework against which cloud providers can be independently benchmarked and which encourages continual improvement to ensure customers receive the best service possible,” he said. 

More information on the Open Certification Framework is available here.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.