Major Cloud Providers to Participate In CSA STAR – CSA Security, Trust and Assurance Registry
Google, Microsoft, Verizon, Intel and McAfee to Submit Reports;
Major Consumers of Cloud Services Begin to Require Reports as Part of Procurement Process
Orlando, FL – Nov 16, 2011 – The Cloud Security Alliance (CSA) today announced that Google, Verizon, Intel, McAfee, and Microsoft plan to submit reports to the CSA Security, Trust and Assurance Registry (STAR), a newly announced, free and publicly accessible registry that documents the security controls provided by various cloud computing offerings. In addition, major consumers of cloud services plan to require STAR reports moving forward, as part of their procurement process.
“The CSA STAR is a key step in helping users assess the security of cloud providers they currently use or are considering contracting with,” said Nirav Mehta, Director of Product Management at RSA, The Security Division of EMC, sponsor of the CSA STAR. “We applaud Google, Microsoft and Verizon efforts to further the transparency of their security controls, and encourage other providers to participate as well, helping them make security capabilities a market differentiator. RSA’s solutions will be engineered to complement this foundational capability to help enable richer interaction between cloud service providers and their users.”
“As the world’s largest online marketplace, we recognize the importance of protecting our users’ privacy and security,” said Dave Cullinane, CISO of eBay. “To help us further this goal, we will be requiring every cloud vendor we work with to submit an entry to the CSA STAR, so that we may evaluate their security controls in a consistent, open manner.”
“At Microsoft we have a long history of delivering world class security, data protection, and privacy both in the cloud and through our on premises offerings” said Kore Koubourlis, Senior Director of Office 365 Risk Management, Microsoft. “In addition to our ongoing efforts to secure industry compliance standards, develop security whitepapers and provide access to the Online Services Trust Center, we’re pleased to work with CSA STAR to make it even simpler for organizations to discover, understand and differentiate the processes we’ve put in place when making a purchasing decision.”
“Sallie Mae is the nation’s No. 1 financial services company specializing in education. Our 23 million customers depend on us to not only offer innovative financial solutions to save and pay for college, but also to make sure that their data and dollars are secure,” said Jerry Archer, SVP and CSO of Sallie Mae. “We applaud the CSA for taking this much needed step, and will be looking for cloud vendors we work with to demonstrate their security capabilities via the STAR.”
“As a leading provider of cloud services through our Terremark subsidiary, Verizon is keenly focused on security in the cloud and uses our leading security solutions and rigorous approach to protect our cloud customers,” said Bart Vansevenant, executive director, Global Security Solutions, Verizon. “With efforts like CSA Star, Verizon is helping the industry move forward and answer many of the challenges directed at trust and transparency in the cloud.”
The McAfee Cloud Security Platform and Intel® Expressway line of products will go through the CSA Star certification process to help ensure cloud traffic channels of web, email, and identity authentication are secured to CSA standards. “Intel applauds the creation of a public registry like CSA Star to help enterprises discover and compare high quality cloud security solutions,” said Girish Juneja, director, Application Security & Identity Products at Intel.
CSA STAR is open to all cloud providers, and allows them to submit self assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences.
Cloud providers can submit either a Consensus Assessments Initiative Questionnaire (CAIQ) or Cloud Controls Matrix (CCM) response to indicate their compliance with CSA best practices (see August 4th announcement for further details).
Participating vendors will address some of the most urgent and important security questions buyers are asking, and can dramatically speed up the purchasing process for their services. In addition to cloud provider self assessments, CSA STAR will also provide listings to solution providers who have integrated CAIQ, CCM and other GRC Stack components into their compliance management tools. This will help customers extend their GRC monitoring and reporting across their enterprise and in concert with multiple cloud provider relationships.
CSA STAR will be online in Q4 of 2011. Providers interested in submitting should monitor https://www.cloudsecurityalliance.org/star/ for more details and updates.
Tweet this: Major cloud providers/consumers commit to CSA STAR #Google #Microsoft #Verizonbusiness #eBay #SallieMae #Mcafee,#Intel http://bit.ly/tdJgz3
About the Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing , and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.