CSA Official Press Release
Cloud Security Alliance Expands Star Provider Certification Into China
Called CSA C-STAR Assessment, program brings increased security assurance to cloud service providers in the Greater China area based upon CSA global best practices; adoption already underway
Guangzhou, CHINA, June 15, 2015 – The Cloud Security Alliance® (CSA) today announced the launch of CSA C-STAR Assessment, a technology-neutral assessment that leverages Chinese national standards to give customers a greater understanding of the security posture of cloud providers. Along with the launch, CSA announced that China-based Huawei and Bluedon, as well as Hong Kong-based Ribose are in the process of achieving C-STAR certification.
CSA C-STAR Assessment is the latest offering of the CSA’s Security, Trust and Assurance Registry (STAR) family, the world’s leading cloud provider assurance program. Joining CSA STAR’s self-assessment, ISO 27001 and SOC-2 products, C-STAR Assessment harmonizes CSA’s globally adopted cloud security framework with Chinese national standards, providing cloud providers and consumers with a trusted security benchmark. C-STAR’s independent assessment methodology establishes a robust security baseline for cloud providers and a roadmap for continuous improvement in security maturity.
“Organizations that outsource to cloud service providers often have a number of concerns about the security of their data and information,” said Aloysius Cheang, Managing Director of APAC for the Cloud Security Alliance. “By using the CSA C-STAR Assessment, cloud providers of every size, throughout the Greater China region, will be able to give customers a better understanding of their security management procedures.
We are pleased that leading cloud providers in the region are already achieving their certification, and look forward to expanding the number of certified providers in the coming months.”
The Managing Director of CEPREI, the Chinese national certification body, Mr. Zhao Guoxiang mentioned, ”CEPREI developed C-STAR based on CSA research results together with experience accumulated from more than 10 years of information security management work. As the first internationally aligned cloud security assessment in China, C-STAR is highly recognized by renowned corporations like Huawei, Bluedon and Ribose, and has gained nationwide attention in the cloud computing industry.”
Mainly used in the Greater China area, C-STAR is a rigorous third party independent assessment of the security management of a cloud service provider. C-STAR leverages the requirements of the GB/T 22080-2008 management system standard together with the CSA Cloud Controls Matrix. The C-STAR Assessment is based on GB/T 22080-2008 and the specified set of criteria outlined in the Cloud Controls Matrix, plus related requirements of GB/T 22239-2008 and GB/Z 28828-2012. C-STAR’s close alignment with the other STAR portfolio products provides a strong assurance bridge for Chinese cloud providers seeking to do business internationally and for international cloud providers seeking opportunities within China.
The Cloud Security Alliance C-STAR Assessment complies with all of the China national requirements and provides flexible solutions to senior management to show where the risks, threats and opportunities lie within a business.
For more information about the Cloud Security Alliance C-STAR Assessment, please visit www.cloudsecurityalliance.org/star/c-star.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. CSA has developed the definitive best practices for the industry, such as the “Security Guidance for Critical Areas of Focus in Cloud Computing”, the “Cloud Controls Matrix”, “Top Threats to Cloud Computing” and 50 other cloud security research artifacts. For further information, visit us at www.cloudsecurityalliance.org.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.