Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

New CSA Certification Tests Security of Cloud Services Providers

The Cloud Security Alliance (CSA) has teamed up with BSI, an organization that provides standard-based solutions and services, and has announced a new third party certification program designed to assess the security of cloud service providers.

The Cloud Security Alliance (CSA) has teamed up with BSI, an organization that provides standard-based solutions and services, and has announced a new third party certification program designed to assess the security of cloud service providers.

Dubbed “STAR”, the certification program takes a technology-neutral approach, and leverages the requirements of the ISO/IEC 27001:2005 standard together with the CSA Cloud Control Matrix, a specified set of criteria that measures the capability levels of the cloud service.

“Organizations that outsource services to cloud service providers have a number of concerns about the security of their data and information,” the CSA said in a statement. “By achieving the STAR Certification, cloud providers of every size will be able to give prospective customers a greater understanding of their levels of security controls.”

“Especially in light of recent government revelations, both consumers and providers of cloud-based services have been asking for independent, technology-neutral certification to help them make more informed decisions about the services they purchase and use,” said Daniele Catteddu, Managing Director EMEA at CSA. “In providing a rigorous, user-centric assessment, STAR Certification will provide an additional layer of transparency that the industry has been calling for.”

The independent assessment by an accredited CSA certification body, such as BSI, will assign a ‘Management Capability’ score to each of the 11 control areas, the CSA said. Each control will be scored on a specific maturity and will be measured against 5 management principles.

The internal report will show organizations how mature their processes are and what areas they need to consider improving on to reach an optimum level of maturity. These levels will be designated as either “No,” “Bronze,” “Silver” or “Gold” awards. Certified organization will be listed on the CSA STAR Registry as “STAR Certified.”

The CSA originally launched the STAR (Security, Trust & Assurance Registry) initiative at the end of 2011 as a step in improving transparency and assurance in the cloud. The CSA offers a publicly accessible registry that documents the security controls provided by various cloud computing offerings, helping users assess the security of cloud providers they currently use or are considering contracting with.

Last August, the CSA shared details on its Open Certification Framework, an industry initiative to provide security certification for cloud providers, and announced that the STAR Certification would be coming in 2013.

More information on STAR Certification is available here.

Related: Five Security Questions You Should Ask Your Cloud Services Provider

Related: Ten Questions to Ask When Developing a Cloud Security Policy

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...