Feedback Friday: Industry Experts Comment on Hive Ransomware Takedown

Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

CSA Pushes Security Certification Scheme for Cloud Providers

The Cloud Security Alliance (CSA) today announced additional details on its Open Certification Framework, an industry initiative to provide security certification for cloud providers.

The Cloud Security Alliance (CSA) today announced additional details on its Open Certification Framework, an industry initiative to provide security certification for cloud providers.

Cloud Security Alliance StandardsFounded roughly five years, the Cloud Security Alliance is an industry collective that promotes security standards and best practices for cloud providers. In a document describing the certification framework, the group states that consumers lack a simple cost-effective way to evaluate and compare the resilience, data protection capabilities and service portability of cloud providers.

The CSA Open Certification Framework has three parts. The first level is the CSA STAR Self-Assessment, in which cloud providers can submit reports to the CSA STAR Registry to demonstrate compliance with CSA best practices. The second level is known as ‘CSA Star Certification’, which requires an assessment by an independent third-party and proof the provider meets the requirements of the ISO/IEC 27001:2005 management systems standard as well as the CSA Cloud Controls Matrix (CCM). These assessments can only be performed by approved certification bodies. 

The final level will involve continuous monitoring and is currently under development, according to the group. The STAR Certification level will be ready by the first half of 2013, and will be developed jointly by the CSA and the British Standards Institution (BSI).  

“A key challenge the cloud industry faces is reassuring its customers that the service they provide is not only secure but can recover from any incidents with minimal disruption,” said David Brown, Director of Corporate Development at BSI, in a statement. “By adopting the Open Certification Framework, cloud service providers will benefit from reducing their risks, improving the incident recovery time and demonstrating good information governance.”

“By partnering with the CSA, we are able to combine our expertise to develop a comprehensive Framework against which cloud providers can be independently benchmarked and which encourages continual improvement to ensure customers receive the best service possible,” he said. 

More information on the Open Certification Framework is available here.

Written By

Click to comment

Expert Insights

Related Content

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Compliance

The Federal Communications Commission (FCC) is proposing tighter rules on the reporting of data breaches by wireless carriers.The updated rules, the FCC says, will...