CSA Official Press Release
CSA STAR Registry Surpasses 100 Entries; New CSA STAR Watch Tool Now in Open Beta
Cloud Providers Globally Seek to Meet Security Baselines Established by CSA
San Francisco, CA – April 20, 2015 – The Cloud Security Alliance (CSA) today announced significant momentum for the CSA Security, Trust and Assurance Registry (STAR) program. CSA STAR is the industry’s comprehensive cloud assurance solution and includes leading cloud security standards and a repository of cloud provider security entries, as well as a new SaaS tool to help manage cloud security. The registry now has more than 100 entries, as cloud providers from all over the world have sought to meet the security baseline established by the CSA, and help end users assess the security of various cloud providers, accelerating their due diligence and leading to higher quality procurement experiences.
Other key milestones for the STAR program include:
- A new addition to the program in 2014, CSA STAR Attestation, which combines the CSA’s best practices with SOC 2 attestation reporting developed by the AICPA. Ernst and Young conducted the first CSA STAR Attestation, and several others have followed.
- Governments and enterprises around the world referenced CSA STAR in 2014 as a requirement for their RFPs. The European Commission, in a call for tender that aims to secure cloud services for a number of EU Institutions, makes explicit reference to the CSA STAR program and requests the candidate tenders to make use of the program to show compliance with security requirements established by the European Security Agency (ENISA).
- CSA is working with Chinese certification body CEPREI to develop a version of CSA STAR for the Chinese market, based upon the CSA CCM and Chinese national standard GB/T 22080, to be released later this year.
In addition, today the CSA announced an open beta for CSA STAR Watch, a SaaS tool in a database structure that allows organizations to manage both public and private cloud security assessments, based upon CCM and CAIQ.
“CSA STAR represents a major leap forward in industry transparency and encourages providers to make security capabilities a market differentiator,” said Jim Reavis, CEO of the CSA. “We are thrilled that the industry has embraced STAR to help customers better, more easily understand their security posture. We look forward to expanding the STAR program with additional tools and resources that encompass its key principles of transparency, rigorous auditing, and harmonization of standards.”
CSA STAR is based upon the research of the GRC Stack and provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders. The GRC Stack allows users to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements. Its components include:
- Cloud Controls Matrix (CCM) – the industry’s standard control meta-framework for cloud computing.
- Consensus Assessments Initiative Questionnaire (CAIQ) – assessment-friendly version of the CCM using Yes/No questions.
- Cloud Audit & Cloud Trust Protocol – research for machine readable and automation of portions of security assessment and compliance processes.
CSA STAR Certification is a third-party assessment based upon ISO 27001 and CCM that is conducted by qualified certification bodies. CSA STAR Attestation provides a specification for SOC 2 audit reports scoped with CCM control objectives.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
ContactKari Walker for the CSA ZAG Communications 703.928.9996 [email protected]
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.