The Cloud Security Alliance has introduced the CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by various cloud computing providers. The goal of the offering is to give enterprise IT pros a tool to help them assess the security level of the cloud services they’re considering.
The program lets cloud providers submit self-assessment reports that document compliance to CSA published best practices. Enterprises will be able to search the registry and review the security practices of the providers, giving them more intelligence from which to make decisions about what services to deploy.
Many cloud service providers are on the member roster of CSA (along with a lot of security software developers) so the registry is a self-check of sorts. And with security so high on the list of priorities for enterprises considering a migration of part of all of their IT operations to the cloud, the resource should prove valuable and provide peace of mind, particularly for smaller companies with fewer IT resources.
Cloud providers can submit two different types of reports: The Consensus Assessments Initiative Questionnaire, consisting of 140 questions, provides industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings. The Cloud Controls Matrix provides a controls framework of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. Providers can submit their own documenting their compliance with Cloud Controls Matrix.
CSA STAR will be online in the fourth quarter of this year.