Evaluate the Security of Your Cloud Service Provider with the CSA STAR Registry

The CSA STAR Registry is kind of a big deal in the cloud security world. It's a global database filled with over 2,000 assessments completed by cloud service providers (CSPs), documenting their security, privacy, and governance policies. Anyone can access the Registry for free to find cloud services that offer the right level of security and data privacy for their organization.

So why is the STAR Registry such a big deal?

Well, it's a win-win for both CSPs and their current and prospective customers. It:

• Sets CSPs apart, showing they're transparent and committed to top-tier security.
• Provides easily accessible information on CSPs' security commitments and capabilities, allowing current customers to easily check if their CSP is keeping up with compliance.
• Allows potential customers to pick the best cloud service from a single list, simplifying the selection process.
• Clarifies who's responsible for what when it comes to security between CSPs and customers.
• Makes life easier for CSPs, who can direct stakeholders to the Registry instead of filling out unique questionnaires for each potential customer.

As a cloud customer, how can I use the STAR Registry?

It’s pretty easy. Visit the Registry on CSA’s website and use the search bar to find a specific CSP that you’re interested in. If they’re in the Registry, you can view their listings and download their assessments for details on their security posture. If your CSP isn’t in the Registry, you can request for them to complete an assessment.

Alternatively, you can browse the listings to find a CSP that meets your specific requirements, using filter options to narrow your search. Here’s a little more about what the various filters mean:

• CSA Trusted Cloud Providers: The organization is a CSA Corporate Member that’s also fulfilled additional training and volunteer requirements, demonstrating a commitment to the professional development of their employees’ cloud security competency.
• STAR Enabled Solutions: The organization is a CSA Corporate Member that leverages or incorporates CSA’s Cloud Controls Matrix (CCM) into their commercial offerings. They demonstrate alignment with CSA best practices.
• STAR Level 1: The organization has completed a self-assessment that documents their security controls.
• EU Cloud CoC: The organization complies with the European Union’s Cloud Code of Conduct.
• STAR Level 2: The organization has completed a third-party audit that builds off of other industry standards and makes them specific to the cloud.
• Certification: The organization has been audited against the requirements of the ISO/IEC 27001 management system standard together with CCM.
• Attestation: The organization has been audited against SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and CCM.
• C-STAR: The organization complies with CSA best practices and Chinese national standards, including the requirements of the GB/T 22080-2008 management system standard and 29 related controls from GB/T 22239-2008 and GB/Z 28828-2012.

Your one-stop shop for cloud assurance

If you're a cloud customer or planning to become one, be sure to check out the STAR Registry to confirm that your organization's security and compliance standards are being met. You can trust that a CSP that has invested their time, energy, and effort into a STAR submission is serious about security.