CSA Official Press Release
EY helps Ribose Make History with First Cloud Security Alliance (CSA) STAR Attestation
Cloud Industry’s First Third Party Assessment Based Upon Joint CSA & AICPA Guidelines
Seattle, WA – January, 14 2015 – The
Cloud Security Alliance (CSA) today announced that global professional services organization, Ernst & Young (EY), has helped Ribose become the first company worldwide to achieve the Cloud Security Alliance Security, Trust and Assurance Registry (STAR) Attestation level of third-party assessment. Ribose is the first and only cloud service provider worldwide that has successfully completed a Service Organization Control (SOC) 2 assessment using criteria from the American Institute of Certified Public Accountants (AICPA) Trust Service Principles and the CSA Cloud Controls Matrix 3.01, according to AICPA’s Attest Engagement AT Section 101. “Transparency has always been a significant part of the CSA’s mission and, in doing so, we are constantly strengthening our guidelines and standards to help providers give their customers confidence and assurance when it comes to cloud computing,” said Jim Reavis, CEO of the CSA. “Since its introduction, the CSA STAR program has played a critical role to encourage transparency of security practices within cloud providers. We would like to congratulate Ribose on this achievement and their commitment to providing a safe, secure collaboration platform. We would also like to recognize EY for performing the assessment and staying on the leading edge of cloud security best practices for its clients.” CSA STAR is the industry’s most powerful program for assurance in the cloud and encompasses key principles of transparency, rigorous auditing, harmonization of standards, and eventually continuous monitoring. As the first step in improving transparency, it is designed to recognize the varying assurance requirements and maturity levels of providers and consumers. It is used by customers, providers, industries and governments around the world to assess the security of the cloud providers they currently use or are considering contracting with. STAR consists of three levels of assurance, CSA STAR Self-Assessment, CSA STAR Certification and Attestation, and CSA STAR Continuous Monitoring. All offerings are based upon the CSA’s succinct, yet comprehensive list of cloud-centric control objectives in the CCM. CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. Vincent Chan, EY’s Advisory Services Leader, Hong Kong & Macau, says: “EY is proud to be the first firm globally to achieve the CSA STAR Attestation for a client, Ribose. The recognition is significant as we continue to build our expertise around helping cloud service providers (CSPs) prepare for and obtain cloud certifications, and help companies get ready to move into the cloud.” Ronald Tse, founder of Ribose, and member of the CSA’s International Standardization Council, says: “STAR Attestation provides cloud customers with an unparalleled level of assurance and verified transparency. This is the strongest cloud compliance scheme available to date – combining the depth of AICPA’s SOC engagements with the comprehensive cloud security coverage of the CCM. We consider this the most powerful way to convince customers: by showing an attestation report issued by an international auditing firm, fully listing all the organization’s controls with their design and operational effectiveness described in detail, covering all criteria of TSP 100 and CCM 3.0.1.” Tse continues on to say, “Ribose has always been a strong supporter of CSA initiatives. We were the first CSP to adopt and achieve STAR Certification to the newly released CCM 3.0 and 3.0.1 standards through BSI, and now the first CSP globally to achieve STAR Attestation through EY. We look forward to working with CSA in building an increasingly secure and responsible cloud industry.” The CSA has seen tremendous growth in STAR, with more than 90 entries from major cloud players around the world, including Alibaba, Amazon Web Services, Box.com, Dropbox, HP, Microsoft, Red Hat, Telecom Italia and Terremark. These cloud providers recognize the need to provide transparency and assurance of their cloud services to corporations and end users, who are increasingly requesting visibility into the security controls provided by various cloud computing offerings. The CSA STAR is open to all cloud providers. About Cloud Security Alliance The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at cloudsecurityalliance.org, and follow us on Twitter @cloudsa. About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. About Ribose Ribose is a cloud collaboration platform that makes working together easy and fun. A forerunner in cloud security, Ribose is the world’s first cloud service provider certified to CSA STAR Attestation, STAR Certification (CCM 3.0.1) and MTCS. It is also certified to ISO/IEC 27001, ISO/IEC 20000 and CDSA CPS standards, and approved by the UK Government’s G-Cloud program for government use. Ribose is free to use: ribose.com. Contact Kari Walker for the CSA ZAG Communications 703.928.9996 [email protected] Gregor Ridley EY Global Media Relations +44 207 980 0597 [email protected] Ribose Media Relations +852 3976 3976 [email protected]
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.