CSA Security, Trust & Assurance Registry (STAR) 
RegistryCSA Security, Trust and Assurance Registry (STAR) Overview
The CSA Security, Trust and Assurance Registry (STAR) Program is a comprehensive set of offerings for cloud provider trust and assurance. The CSA STAR Program is a publicly accessible registry designed to recognize the varying assurance requirements and maturity levels of providers and consumers, and is used by customers, providers, industries and governments around the world. STAR consists of 3 levels of assurance, which currently cover 4 unique offerings. All offerings are based upon our succinct yet comprehensive list of cloud-centric control objectives in our Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. Below is an overview of the STAR offerings.
CSA STAR PROGRAM OFFERINGS
CSA STAR is based upon two key research components of the CSA GRC Stack:
Cloud Controls Matrix (CCM) - As a controls framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. https://cloudsecurityalliance.org/research/ccm/
Consensus Assessments Initiative Questionnaire (CAIQ) - This is a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It provides a series of "yes or no" control assertion questions which can then be tailored to suit each unique cloud customer's evidentiary requirements. https://cloudsecurityalliance.org/research/cai/
LEVEL ONE: CSA STAR Self-Assessment
CSA STAR Self-Assessment is a free offering that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with. Cloud providers either submit a completed The Consensus Assessments Initiative Questionnaire (CAIQ), or to submit a report documenting compliance with Cloud Controls Matrix (CCM). This information then becomes publicly available, promoting industry transparency and providing customer visibility into specific provider security practices. www.cloudsecurityalliance.org/star/self-assessment/
LEVEL TWO: CSA STAR Attestation
CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix. STAR Attestation provides for rigorous third party independent assessments of cloud providers. www.cloudsecurityalliance.org/star/attestation/
LEVEL TWO: CSA STAR Certification
The CSA STAR Certification is a rigorous third party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2005 management system standard together with the CSA Cloud Controls Matrix. www.cloudsecurityalliance.org/star/certification/
LEVEL THREE: CSA STAR Continuous Monitoring
Currently under development and scheduled for 2015 release, CSA STAR Continuous Monitoring enables automation of the current security practices of cloud providers. Providers publish their security practices according to CSA formatting and specifications, and customers and tool vendors can retrieve and present this information in a variety of contexts. www.cloudsecurityalliance.org/star/continuous/
GETTING INVOLVED WITH CSA STAR
Users of Cloud Services
Users of cloud services should engage with their providers and insist that they participate in CSA STAR. This is very often done during the procurement of cloud services and during RFPs (Requests for Proposals). Having published security practices in STAR simplifies and accelerates your vetting of vendors, while assuring a more consistent level of security practices on the part of cloud providers on a global basis.
If your cloud providers refuse to participate in CSA STAR, you have the option of asking them to privately complete and return a copy of the Consensus Assessments Initiative Questionnaire (CAIQ) or Cloud Controls Matrix (CCM). However, we greatly encourage you to insist that the provider participate in STAR. One private CAIQ form helps you, but provider transparency helps the entire community of cloud users.
Cloud Service Providers
Cloud Service Providers receive many benefits by participating in CSA STAR. Ultimately, the most important product feature you are selling is Trust, and CSA STAR provides the most comprehensive assurance that your cloud services can be trusted.
- Exposure within the global STAR registry
- Use of the CSA STAR logos and brand
- Out of the box compliance with customer requirements
- Economies of scale in responding to customer due diligence and security vetting
IT Auditors and Certification bodies
If you are currently in the business of providing audit, attestation or certification services, we would encourage you to consider participating in CSA STAR Level Two. As large portions of our IT systems are migrated to cloud computing, your business of providing IT assurance will grow by offering the leading global standard for cloud-specific security assurance. Depending upon your specific business, location and focus, you may want to offer either CSA STAR Attestation or CSA STAR Certification or both.
Security Solution Providers and Consultants
If you provide professional services, CSA is encouraging the development of practices based upon CSA STAR to assist both providers and customers in secure cloud adoption – it is a shared responsibility. If you develop security products and security-as-a-service solutions, you may want to consider how you can integrate CSA STAR related data and best practices directly into your solution. Much of our intellectual property can be leveraged royalty free.
CSA STAR: The Future of Cloud Trust and Assurance
CSA STAR is the industry’s most powerful program for assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, harmonization of standards and eventually continuous monitoring. The best practices and initial level can be achieved at no cost, and we encourage providers and consumers to adopt STAR to enable trust in cloud computing.
For More Information
General Inquiries: [email protected]
CSA STAR Certification Auditors: https://cloudsecurityalliance.org/star/certification/#_auditors
CSA STAR Attestation Auditors: https://cloudsecurityalliance.org/star/attestation/#_auditors
STAR Registry Entries
Acer CyberCenter Services Inc.
http://www.aceredc.com/eDC/English/default.aspAcer CyberCenter Services Inc.(ACCSI) is 100% owned by Acer Inc. with about 250 employees. ACCSI runs the data center related services and is also known as Acer e-Enabling Data Center(Acer eDC). Investment of the data center is over US$100M to provide professional IT management services to businesses since 2001. Except data center hosting services, we…
Read More..Submission Info
Date Listed: November 20, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Achievers Corporation
http://www.achievers.com/Achievers delivers the only true cloud-based Employee Success Platform™ that enables remarkable business success. Designed specifically to meet the complex needs of today’s changing, modern workplace, it is the most engaging software specifically designed to engage, align and recognize employees. It is software employees love to use every day in over 110 countries.
Read More..Submission Info
Date Listed: April 16, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Acquia
http://www.acquia.comAcquia offers enterprises unparalleled freedom to innovate and increase business agility by creating extraordinary web experiences. The fastest growing open cloud platform for integrated digital experiences, Acquia enables content rich, complex global organizations to rapidly deploy and manage dynamic digital experiences in an open source way. Co-founded by the Drupal project’s creator in 2007, Acquia…
Read More..Submission Info
Date Listed: January 12, 2013
Last Modified: March 26, 2014.
Additional Info
What is this?Service category: Development
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Adallom
http://www.adallom.com/
Adallom is a leading cloud access security broker (CASB) delivering visibility, governance and protection for the top SaaS applications used by businesses worldwide. Adallom’s cloud application security platform allows customers to govern cloud application usage, secure corporate data and detect suspicious activities. The company was founded in 2012 and is backed by Sequoia Capital and…
Read More..Submission Info
Date Listed: January 05, 2015
Last Modified: February 27, 2015.
Alibaba Cloud Computing Ltd.
http://www.aliyun.com/
Founded on September 10th, 2009, Alibaba Cloud Computing Ltd. (hereinafter referred to as Aliyun) has R&D centers and operational branches in Hangzhou, Beijing, and Silicon Valley. Aliyun‘s mission is to become a data-centric Cloud Computing Service Company and build the No 1. Internet Data Sharing Platform. In the future Internet, cloud computing will become a…
Read More..Submission Info
Date Listed: April 23, 2014
Last Modified: February 27, 2015.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Amazon AWS
https://aws.amazon.com/
Amazon Web Services provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. With data center locations in the U.S., Europe, Brazil, Singapore, and Japan, customers across all industries are taking advantage of the following benefits: Low Cost, Agility and Instant…
Read More..Submission Info
Date Listed: July 20, 2012
Aria Systems
http://www.ariasystems.comThe Aria Subscription Billing Platform enables companies – from small businesses to enterprise organizations – to make the most of their digital commerce opportunities.
Read More..Submission Info
Date Listed: December 22, 2012
Last Modified: July 30, 2014.
Additional Info
What is this?Service category: Backoffice
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Aryaka
http://www.aryaka.com/Aryaka’s WAN Optimization-as-a-Service solution combines multi-tenant, purpose-built WAN Optimization technology with enterprise-grade connectivity via a dedicated, reliable core network based on globally distributed POPs, and centralized WAN and application layer visibility. It delivers LAN-like performance over the enterprise WAN without the high cost of MPLS or the cost and hassle of WAN Optimization appliance solutions,…
Read More..Submission Info
Date Listed: May 30, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Blackthorn Technologies
https://www.blackthorn.com/Blackthorn Technologies is recognised as a pioneer in providing digital forensics and governance, risk and compliance (GRC) services and solutions. The GRC services are delivered using an on-premise or hosted PaaS that allows GRC activities to be carried out. Working across the public and private sectors, our services provide the tools practitioners need to help…
Read More..Submission Info
Date Listed: June 11, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Box.com
https://www.box.com/
Founded in 2005, Box provides a secure content sharing platform that both users and IT love and adopt. Content on Box can be shared securely internally and externally, accessed through iPad, iPhone, Android and PlayBook applications, and extended to partner applications such as Google Apps, NetSuite and Salesforce. Headquartered in Los Altos, CA, Box is…
Read More..Submission Info
Date Listed: June 10, 2012
Last Modified: February 12, 2014.
Additional Info
What is this?Service category: Cloud Storage
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Brainloop
http://www.brainloop.com/
Founded in 2000, Brainloop provides its customers a secure SaaS or on premise document storage, collaboration, and rights management platform. Whether inside or outside the IT environments, companies spanning a wide range of industries rely on our software’s capability to provide adherence to corporate data handling procedures ranging from standards provided NIST, ITAR, FISMA, HIPAA,…
Read More..Submission Info
Date Listed: December 15, 2014
BroadBand Tower, Inc.
http://www.bbtower.co.jp/Broadband Tower, Inc. is one of the leading IT companies in Japan listed on JASDAQ stock market. The company provides Data Center and Cloud Computing services (c9) to Internet enterprises which handle and deal with huge data (Big Data) like major portal sites, e-commerce sites, video distribution websites and social media sites. The company obtained…
Read More..Submission Info
Date Listed: May 27, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
CapLinked
http://www.caplinked.comCapLinked’s intuitive, cloud-based platform makes it easier to manage and close business transactions. CapLinked enables its customers to coordinate on asset sales, financings, mergers & acquisitions, and other types of complex deals with secure workspaces. Customers can manage and syndicate deals, conduct due diligence, handle investor reporting, and network with other users.
Read More..Submission Info
Date Listed: April 17, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Capriza
http://www.capriza.comCapriza provides a unique and turnkey solution for enterprises to mobilize their business applications. The solution enables users to design, distribute, scale and manage enterprise mobile apps a magnitude faster and more cost effectively than any other mobile solution on the market. The traditional route to securely creating, distributing, and deploying enterprise mobile apps is…
Read More..Submission Info
Date Listed: September 25, 2014
Carbon60 Networks
http://www.carbon60.com/Established in 1999 and headquartered in Toronto, Carbon60 Networks specializes in “end-to-end” hosting solutions for public and private sector organizations in Canada with business-critical .NET, LAMP, and Java-based workloads. Our customers need a trusted partner that is flexible and responsive to their business requirements while consistently delivering exceptional levels of reliability, performance, and security.
Read More..Submission Info
Date Listed: May 01, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Caretower Ltd.
http://www.caretower.comFounded in 1998, one of only 7- Pro5 Public Sector Accredited Authorized IT Security Suppliers, Caretower is one of the top 5 leading IT Security Specialists in the UK. At Caretower we believe that a customer’s network’s security is the underpinning of the reputation and brand name of every organization small or large. That is…
Read More..Submission Info
Date Listed: December 13, 2014
CARI.net
https://www.cari.net/San Diego-based CARI.net owns and operates multiple data centers. Started in 1997 as a hosting provider, CARI.net has evolved into an Enterprise level IaaS provider. CARI.net is a Microsoft Gold partner and an Intel Platinum partner. CARI.net is SSAE 16, SOC I,and SOC II compliant. CARI.net specializes in building private secure clouds.
Read More..Submission Info
Date Listed: April 21, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
China Enterprise ICT Solutions Limited
http://www.china-entercom.com/China Enterprise ICT Solutions Limited (“China Entercom”), a wholly owned subsidiary of CITIC Group, is a trusted Information and Communications Technology (ICT) solutions provider. China Entercom possesses strong reputation, financial and regulatory background, wide network coverage, diversified products and services, as well as world-class infrastructure. It receives the Type-I and Type-II IP VPN license from…
Read More..Submission Info
Date Listed: April 25, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Chunghwa Telecom
http://www.cht.com.tw/en/Chunghwa Telecom is Taiwan’s leading telecom service provider. The company provides fixed-line, mobile, Internet, data and cloud services (hicloud) to consumer and business customers in Taiwan. Hicloud has comprehensive services with reliability, flexibility, high availability and security in IaaS, PaaS, SaaS domains, including hicloud CaaS, hicloud VPC, hicloud box(e), hicloud Mall, etc.
Read More..Submission Info
Date Listed: July 02, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Chunghwa Telecom Co., Ltd.
http://en.hicloud.hinet.net/en/Chunghwa Telecom is a leading Integrated Telecom Operator in Taiwan. The company provides fixed-line, mobile, Internet, data and cloud service (hicloud) to consumer and business customers in Taiwan. In Data Communications Business Group of Chunghwa Telecom, hicloud is an ISO27001 certified Cloud Services which is the first Cloud Service to attain the Cloud Security Alliance…
Read More..Submission Info
Date Listed: April 22, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Cirrity LLC
http://www.cirrity.com/Cirrity, a leading channel-only cloud services provider, helps our partners transform their business and drive increased profitability with a suite of secure, compliant cloud-based solutions that deliver recurring revenue, opportunities for add-on services and strong competitive differentiators. With Cirrity, partners can accelerate their market presence and expand their service offering with turnkey cloud solutions –…
Read More..Submission Info
Date Listed: September 04, 2014
Citrix ShareFile
http://www.sharefile.com/Citrix ShareFile provides software that helps businesses exchange files easily, securely and professionally. Designed specifically for business users, ShareFile offers customized usage and branding solutions, award-winning customer service, security for data transfer and storage, and mobile apps and tools that allow users to easily access and share files from any device — anytime, anywhere. The…
Read More..Submission Info
Date Listed: November 22, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Clari Inc.
http://www.clari.com/Clari brings mobile, design, and data science to sales. Our Sales Productivity Platform works with your existing enterprise systems to dramatically improve sales team productivity and increase sales forecast accuracy.
Read More..Submission Info
Date Listed: June 05, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Close IT Support T/A Support on the Spot
http://www.supportonthespot.co.uk/Support on the Spot are a specialist Private cloud service provider offering IaaS and the only UK provider to provide not only server infrastructure but also client desktop infrastructure as a service. having achieved qualifications and accreditations in our fields, Support on the Spot have a proven record as a Trusted Cloud Service Provider.
Read More..Submission Info
Date Listed: June 15, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service category: Cloud Infrastructure
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Cloud Dynamics Inc.
http://www.CloudDynamics.com/Cloud Dynamics delivers True Cloud services via carbon-neutral, 100% uptime, high-density cloud data centers. Our integrated solutions comprise patented green data center facilities, vendor-neutral IT infrastructure, advanced cloud infrastructure software and unique cloud governance tools all built on industry- standard Open Source platforms.
Read More..Submission Info
Date Listed: April 29, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
CloudAlly Ltd.
http://www.cloudally.com/CloudAlly provides online automated daily backups of leading cloud applications such as Office 365, SharePoint, Google Apps, Gmail, Salesforce, SimpleDB, DynamoDB and more to unlimited secure Amazon S3 Storage. Backup all or selected domains, accounts and users from CloudAlly’s centralized control panel, and then easily restore, export, view or migrate your data from any point…
Read More..Submission Info
Date Listed: November 13, 2014
CloudSigma AG
https://www.cloudsigma.com/CloudSigma is an innovative Infrastructure-as-a-Service (IaaS) provider. We provide high availability, flexible cloud servers and cloud hosting in both Europe and the US. CloudSigma was founded to meet the growing need for a pure IaaS that places little or no restrictions on how its users deploy their computing resources. With CloudSigma, customers can provision processing,…
Read More..Submission Info
Date Listed: July 31, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
CSC
http://www.csc.com
CSC is a global leader in next-generation IT services and solutions. We support clients in transforming their enterprise to enable greater agility and faster time to market, lower business risk and achieve lower overall IT operating costs. The company mission is to enable superior returns on our client’s technology investments through best-in –class industry solutions,…
Read More..Submission Info
Date Listed: April 18, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Cvent, Inc.
https://www.cvent.com/Cvent is the global leader in event management software. Since 1999, we have helped thousands of organizations to host hundreds of thousands of events. Along the way, we’ve developed additional software tools for event and meeting planners, marketers and other professionals. Customers in more than 100 countries now use Cvent software to plan events, find…
Read More..Submission Info
Date Listed: December 21, 2012
Last Modified: July 30, 2014.
Additional Info
What is this?Service category: Marketing
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Data Noah GmbH
http://www.datanoah.atData Noah is offering smart and higly secure online backup solutions. DataNoah services aim at customers who attach great importance to confidential and higly reliable backup of data. DataNoah services provide online backup for small and medium sized businesses in Austria. Data is stored to the DataNoah data centers which are located in Austria. Main…
Read More..Submission Info
Date Listed: December 06, 2014
Devellocus, LLC
http://www.devellocus.com/Devellocus provides strategic technology consulting, continuous delivery services and cloud-based software solutions delivery for the retail, healthcare and financial services industries.
Read More..Submission Info
Date Listed: August 05, 2014
Digital Sense Hosting
http://www.digitalsense.com.auDigital Sense is an Australian based data centre company and cloud services company.
Read More..Submission Info
Date Listed: January 16, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Dropbox, Inc.
https://www.dropbox.com/business
Millions of people trust Dropbox to easily and reliably store, sync, and share their documents, photos, and videos across devices and platforms. Dropbox for Business helps organizations around the world collaborate effectively and increase productivity and brings IT admins the functionality, controls, and visibility they need to ensure the safety of their company data. Dropbox…
Read More..Submission Info
Date Listed: July 21, 2014
Dyn
http://dyn.com/Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever. Dyn is the leading Internet Performance provider to the most visited…
Read More..Submission Info
Date Listed: February 10, 2015
EDC Corporation – AIMS Parking
https://www.aimsparking.comAIMS Parking Management Software facilitates complete parking ticket and permit management. AIMS and our handheld Ticketers streamline Parking Enforcement, Permit Issuance and Tracking, and Boot/Tow Management. Comprehensive functionality for Ticket and Permit processing comes standard with our products. AIMS links your parker’s tickets, permits, vehicles, and tows to a single record, expediting customer service and…
Read More..Submission Info
Date Listed: July 17, 2014
Egnyte
http://www.egnyte.com/Egnyte is the only file sharing platform that adheres to data gravity – the simple idea that not all files were meant to be “up in the cloud”. Egnyte provides deployment models that solve all enterprise file sharing use cases: cloud-only file sharing (upload files from any computer or mobile device to the cloud for…
Read More..Submission Info
Date Listed: October 25, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Everbridge
http://www.everbridge.com/Everbridge provides a unified critical communication suite that helps clients be better prepared, make better decisions, and respond quickly and confidently during disruptive events. When an incident happens, whether it’s a natural disaster or an IT service outage, we automate communications to ensure that the right messages get to the right people at the right…
Read More..Submission Info
Date Listed: September 02, 2014
Evolve IP
http://www.EvolveIP.netEvolve IP is The Cloud Services Company™. Designed from the beginning to provide organizations with a unified option for cloud services, Evolve IP enables decision-makers to migrate all or select IT technologies to its award-winning cloud platform. Evolve IP’s combination of security, stability, scalability, and lower total cost of ownership is fundamentally superior to outdated…
Read More..Submission Info
Date Listed: May 01, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service category: Cloud Infrastructure
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Exostar LLC
http://www.exostar.com/Exostar was created to help companies access, utilize and share business-critical information and applications in an easy-to-use, secure environment. Leveraging over a decade of experience designing, developing and integrating identity & access management, collaboration and supply chain management solutions, our comprehensive Software as a Service (SaaS) model provides users with a secure single sign-on (SSO)…
Read More..Submission Info
Date Listed: June 12, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Exponential-e Ltd.
http://www.exponential-e.comThe Exponential-e difference is our own enterprise-class Cloud infrastructure and 100GigE Ethernet carrier-class network. We have integrated these technologies to deliver a non-stop compute platform for our clients, supported by true end-to-end SLA – that’s right, from the network all the way through to hosted services. Virtualisation, remote working, security, data back‐up and business continuity…
Read More..Submission Info
Date Listed: May 15, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Falk-Enrich GmbH License12
http://www.license12.com/Made for IT procurement professionals and executives, License12 web-based services allow for a systemic digitalization of a broad variety of software procurement contracts. Engineered as a SaaS solution from scratch, falk-enrich GmbH offers the platform to everyone seeking corporate access to all contracts via ContractSafe®, accompanied by in-depth value analytics and benchmark support for optimizing…
Read More..Submission Info
Date Listed: May 26, 2012
Last Modified: February 23, 2013.
Additional Info
What is this?Service category: IT Management
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
FASTWEB
http://www.fastweb.itFASTWEB is the largest alternative fixed-line telecommunications provider in Italy. The quality of FASTWEB’s service and its ability to meet customers’ needs are the two main assets of FASTWEB’s strategy. FASTWEB’s history is consistent with this, both as first telecommunications provider in the world to build a next-generation full-IP network and as the first company…
Read More..Submission Info
Date Listed: October 21, 2013
Last Modified: November 04, 2014.
FireHost
http://www.firehost.com
FireHost is the leader in secure cloud hosting, protecting critical data and brand reputations for companies with significant security, compliance, performance and managed services needs. Since 2009, it has made hacker awareness, management, and prevention a standard part of every customer’s secure cloud hosting environment, blocking more than 60 million attacks on behalf of its…
Read More..Submission Info
Date Listed: September 14, 2012
Last Modified: June 10, 2013.
Additional Info
What is this?Service category: Cloud Infrastructure
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Hewlett-Packard
http://www.hp.com
HP is a technology company that operates in more than 170 countries around the world. At HP, our mission is to invent technologies and services that drive business value, create social benefit and improve the lives of customers — with a focus on affecting the greatest number of people possible. HP is also an IT…
Read More..Submission Info
Date Listed: April 11, 2014
Last Modified: April 20, 2014.
HighRadius
http://www.highradius.com/HighRadius empowers corporations to modernize receivables in order to lower Days Sales Outstanding (DSO), minimize write-offs, and reduce operating expenses. We offer two product lines as well as implementation services. Receivables OnDemand is a cloud-based suite of solutions that automates and improves cash application, invoicing, and credit, collections, and deductions management. HighRadius Accelerators are certified…
Read More..Submission Info
Date Listed: July 24, 2014
HKT
http://www.hkt.com/HKT (SEHK: 6823) is Hong Kong’s premier telecommunications service provider. It meets the needs of the Hong Kong public and local and international businesses with a wide range of services including local telephony, local data and broadband, international telecommunications, mobile, and other telecommunications businesses such as customer premises equipment sale, outsourcing, consulting, and contact centers….
Read More..Submission Info
Date Listed: October 10, 2014
Last Modified: October 15, 2014.
HP Enterprise Cloud Services – Virtual Private Cloud (VPC)
http://www.hp.com/enterprise/cloud
HP Enterprise Cloud Services – Virtual Private Cloud (VPC) is the first enterprise-class vendor to publish a CSA STAR report. HP is the first enterprise-class vendor to provide both an assessment questionnaire and controls matrix. This service provides you with infrastructure and networking services without the high cost of owning and managing your own equipment…
Read More..Submission Info
Date Listed: March 28, 2013
Last Modified: May 19, 2014.
HP Enterprise Cloud Services for Government (ECS-G)
http://www.hp.com/enterprise/cloud
HP Enterprise Cloud Services for Government (ECS-G) is an ISO27001 certified Virtual Private Cloud (VPC) which is one of the first Cloud Services to gain the Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) Certification within the UK. This service provides our Public Sector clients with desktop, infrastructure and networking without the high…
Read More..Submission Info
Date Listed: December 13, 2013
Last Modified: May 19, 2014.
Hyland
http://www.onbase.com/For more than 20 years, Hyland, creator of OnBase has been dedicated to meeting organizations’ needs for document and process management. As OnBase and the OnBase Cloud have evolved through consistent product innovation, they remain focused on automating business processes that depend on documents, content and people to operate more effectively. Hyland is the pioneer…
Read More..Submission Info
Date Listed: July 03, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
iland
http://www.iland.comiland is an award-winning enterprise cloud infrastructure provider with seven datacenters located in Boston, Washington D.C., Houston, Los Angeles, Dallas, Manchester and London. iland was founded in 1995 and is a privately-owned and organically-grown company with extensive experience in the cloud market.
Read More..Submission Info
Date Listed: November 04, 2014
Intracom Telecom
http://www.intracom-telecom.comIntracom Telecom is a global telecommunication systems vendor and a system integrator. With 35 years experience and strong presence in the EMEA region, Intracom Telecom delivers Wireless Network Systems, Telecom Software Solutions and ICT Services & Solutions to telecommunication and enterprise customers. Intracom Telecom is the first system integrator to have designed, built and operated…
Read More..Submission Info
Date Listed: April 30, 2013
Last Modified: September 25, 2013.
Additional Info
What is this?Service category: Networking
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Krescendo
http://www.krescendo.comKrescendo offers advanced, global data management and analysis solutions built to client specification, developed rapidly and delivered as a service. On demand design and development, cloud-based delivery. Krescendo makes it easy for investment banks and multinationals to perform governance, budgeting and re-forecasting of people, projects, programs, assets, or enable service management.
Read More..Submission Info
Date Listed: October 12, 2012
Last Modified: July 30, 2014.
Additional Info
What is this?Service category: Backoffice
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Laconic Security
http://www.laconicsecurity.com/Laconic Security was founded in 2007 to address the vacuum in the cloud data security space with innovative and responsible solutions. Its premier product, Laconic Vaults, delivers absolute data privacy to help organizations maximize the potential of cloud storage savings.
Read More..Submission Info
Date Listed: March 02, 2013
Last Modified: July 04, 2013.
Additional Info
What is this?Service category: Security
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
MaaS360 by Fiberlink
http://www.maas360.com
Fiberlink is the recognized leader in cloud solutions for secure enterprise mobile device and application management. Its cloud-based MaaS360 platform provides IT organisations with mobility intelligence and control over mobile devices, applications and content to enhance the mobile user experience and keep corporate data secure across smartphones, tablets and laptops. MaaS360 helps companies monitor the…
Read More..Submission Info
Date Listed: December 31, 2012
Last Modified: January 02, 2013.
Additional Info
What is this?Service category: IT Management
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Microsoft Dynamics CRM Online
http://crm.dynamics.com/
Computing in the cloud raises questions about security, data protection, privacy, and data ownership. Microsoft Dynamics CRM Online is hosted in Microsoft data centers around the world, and it is designed to offer the performance, scalability, security, and service levels business customers expect. We have applied state-of-the-art technology and processes to maintain consistent and reliable…
Read More..Submission Info
Date Listed: April 05, 2012
Last Modified: July 30, 2014.
Additional Info
What is this?Service category: CRM
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Microsoft Office 365
http://www.microsoft.com/office365/
Computing in the cloud raises questions about security, data protection, privacy and data ownership. Microsoft® Office 365 (including Microsoft® Exchange Online, Microsoft® SharePoint Online, and Microsoft® Lync™ Online branded services) is hosted in Microsoft data centers, around the world and is designed to offer the performance, scalability, security and service levels business customers expect. We…
Read More..Submission Info
Date Listed: December 02, 2011
Last Modified: March 27, 2014.
Additional Info
What is this?Service category: Collaboration
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Microsoft Windows Azure
http://www.windowsazure.com/
Computing in the cloud raises questions about security, data protection, privacy, and data ownership. Windows Azure is hosted in Microsoft data centers around the world, and it is designed to offer the performance, scalability, security, and service levels business customers expect. We have applied state-of-the-art technology and processes to maintain consistent and reliable access, security,…
Read More..Submission Info
Date Listed: March 30, 2012
Last Modified: December 04, 2013.
Additional Info
What is this?Service category: Cloud Infrastructure
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
MicroStrategy
https://www.microstrategy.com/Founded in 1989, MicroStrategy (Nasdaq: MSTR) is a leading worldwide provider of enterprise software platforms. With direct operations in 26 countries worldwide and over 3,200 employees, our mission is to provide the most flexible, powerful, scalable and user-friendly platforms for analytics, mobile, identity and loyalty—offered either on premises or in the cloud. With over 25%…
Read More..Submission Info
Date Listed: November 02, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Mimecast
http://www.mimecast.comMimecast provides email management as a single service in the cloud that helps customers slash on-premise email storage requirements, ensure complete email availability, email security and email compliance, while providing services to help customers get more from their email. Mimecast’s core Services are Email Continuity, Security and Archiving. Mimecast’s service is low risk, future proof,…
Read More..Submission Info
Date Listed: January 09, 2012
Last Modified: December 12, 2013.
Additional Info
What is this?Service category: Cloud Storage
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Netskope
http://www.netskope.com/
Netskope is the cloud app analytics and policy company. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility and enforcing sophisticated policies in cloud apps. Netskope performs deep analytics and lets decision-makers create policies in a few clicks that protect corporate data and optimize cloud app usage…
Read More..Submission Info
Date Listed: January 07, 2014
New Century Inforcomm Tech Co., Ltd.
http://www.fetnet.net/enterpriseNew Century Inforcomm Tech (NCIC) is part of Far EasTone Telecommunications (FET), a leading company in Taiwan which provides telecommunications and digital application services. FET continues to improve its Internet infrastructure, strengthen vertical integration of the ICT industry, and customize more flexible, more comprehensive and secure enterprise cloud services for the business community. As a…
Read More..Submission Info
Date Listed: October 15, 2014
New Relic
http://newrelic.com/New Relic is a Software Analytics company that makes sense of billions of metrics across millions of apps. We help the people who build modern software understand the stories their data is trying to tell them.
Read More..Submission Info
Date Listed: August 14, 2014
New World Telecommunications Limited
http://www.newworldtel.com
New World Telecommunications Limited (NWT), a member of New World Development Company Limited (HK Stock Code: 17), is a pioneering telecom service provider in Hong Kong. Being a customer-focused company, NWT is dedicated to offering top-quality international voice and innovative data services for its customers in Hong Kong and overseas. NWT’s Cloud Enterprise Solution (CES)…
Read More..Submission Info
Date Listed: September 05, 2013
Last Modified: October 07, 2014.
NewBase Computer Services Pty Ltd
http://www.newbase.com.au/NewBase was established in Queensland Australia in 1992 with a specific focus: ‘Technology for Business Solutions’. Our philosophy leads us to work towards ensuring strong customer relationships by providing exceptional client service and support by means of: employing only the highest calibre staff, focusing on only “best of breed” products and supporting an internal structure…
Read More..Submission Info
Date Listed: February 24, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
O4IT
http://cloudnow.com/O4IT’s CloudNow is an all-in-one platform aimed at service providers that covers every element to create a successful cloud service operation: Provisioning, billing, support, and infrastructure converge around a single point solution that allows companies to set up and manage a cloud store with a complete portfolio of world class products. Marketing, sales tools, technical…
Read More..Submission Info
Date Listed: February 13, 2015
Okta Inc.
https://www.okta.com/
Okta is an enterprise grade identity management service, built from the ground up in the cloud and delivered with an unwavering focus on customer success. The Okta service provides directory services, single sign-on, strong authentication, provisioning, workflow, and built in reporting. Enterprises everywhere are using Okta to manage access across any application, person or device…
Read More..Submission Info
Date Listed: August 10, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
OneLogin, Inc.
http://www.onelogin.com
OneLogin, Inc. enables enterprises to realize today’s “identity first” imperative – the ability to have identity policy executed against all applications inside and outside the firewall, for all internal and external users, across all of their devices. The OneLogin Enterprise Identity Management solution provides a platform for managing user identities in the cloud and behind…
Read More..Submission Info
Date Listed: August 13, 2014
Last Modified: February 10, 2015.
OneNet
OneNet is a pioneer and New Zealand market leader in cloud computing. Established in 2000, OneNet is the third entrepreneurial IT business established by its founders since 1983. The first company, Financial Systems Limited, was a systems integrator servicing multinational firms operating in New Zealand. The second company, The Great Elk Company Limited, was a…
Read More..Submission Info
Date Listed: June 15, 2012
Last Modified: February 23, 2013.
Additional Info
What is this?Service category: Cloud Infrastructure
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
OVH
http://www.ovh.com/us/dedicated-cloud/Need to set up a real datacentre in a matter of minutes? That’s what the OVH Dedicated Cloud service is offering. Using their customer Interface; VMware vSphere or vCloud; or Microsoft Hyper-V or Microsoft Azure, professionals can easily build their own virtualised infrastructure. And as the name would suggest, all elements that make up a…
Read More..Submission Info
Date Listed: December 29, 2014
Peer 1 Hosting
http://www.peer1.com/Peer 1 Hosting provides Managed Hosting, Dedicated Hosting, Colocation, Cloud Hosting and Network Services. We strive to be the most human experience on the web, where every interaction matters.
Read More..Submission Info
Date Listed: June 03, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Perfecto Mobile
http://www.perfectomobile.com/Perfecto Mobile, the world’s leader in mobile app quality, provides a hybrid cloud-based Continuous Quality Lab that enables mobile app development and testing teams to deliver better apps faster. The Continuous Quality Lab supports testing processes earlier and more often in the development cycle, giving way to faster feedback and improved time to market. Users…
Read More..Submission Info
Date Listed: November 19, 2014
Last Modified: November 21, 2014.
Perspectium Corp
http://www.perspectium.comFounded by ServiceNow pioneers with a deep insider understanding of the ServiceNow platform, Perspectium provides a unified set of tools/services to optimize ServiceNow platform performance and minimize the challenges with production data access and integration. Perspectium increases the utility and value of ServiceNow to the enterprise by reducing complexity that results in increased productivity and…
Read More..Submission Info
Date Listed: February 19, 2015
Ping Identity
https://www.pingidentity.com
Ping Identity believes secure professional and personal identities underlie human progress in a connected world. Our identity and access management platform gives enterprise customers and employees one-click access to any application from any device. Over 900 companies, including 45 of the Fortune 100, rely on our award-winning products to make the digital world a better…
Read More..Submission Info
Date Listed: April 08, 2013
Last Modified: July 04, 2013.
Additional Info
What is this?Service category: Security
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
PIPED BITS CO.,LTD.
http://www.pi-pe.co.jp/We, PIPED BITS Co.,Ltd., run a business with the concept of the “Bank of Information Asset” by providing information systems which store, manage and uses customer’s various source of information securely. Our mission is to contribute tomorrow’s richer information society which such systems. Used widely in the public, finance, service, education sectors and so on,…
Read More..Submission Info
Date Listed: May 23, 2014
Platform9 Systems Inc.
http://www.platform9.com/Platform9 Managed OpenStack is a cloud service that enables Enterprises to manage their internal server infrastructure as efficient private clouds. Your servers, workloads and data stay in your data centers. Our service seamlessly layers on top to enable automation and self-service. Unified management across data centers, geographies, and diverse environments—KVM, VMware vSphere and Docker1
Read More..Submission Info
Date Listed: March 04, 2015
PODFather Ltd
http://www.podfather.comPODFather is a business software company specialising in solutions for mobile field force, with a focus on logistics, construction and field service. A secure, cloud-based management application used by scheduling staff, has a companion secure PDA application used by the mobile field force.
Read More..Submission Info
Date Listed: December 12, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Poste Italiane S.P.A.
http://www.poste.itPoste Italiane is a national leader in digital services providing financial, logistics, postal, insurance, digital communication, mobile, TLC, cyber security and cloud services to large companies, Public Administrations, SMEs and professionals. To provide secure services and protect customers, on-line services and transaction, Poste Italiane has created its internal Computer Emergency Response Team (CERT), called PI…
Read More..Submission Info
Date Listed: January 31, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Projectplace International
https://www.projectplace.com/Projectplace is Europe’s leading, social, project-collaboration software in the cloud. Over 120,000 projects have benefited from using our all-in-one tool.
Read More..Submission Info
Date Listed: April 24, 2013
Last Modified: July 04, 2013.
Additional Info
What is this?Service category: Project Management
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
PT Sigma Cipta Caraka
http://www.telkomsigma.co.idPT Sigma Cipta Caraka is an Indonesian-based information and communications technology business solution provider.
Read More..Submission Info
Date Listed: December 31, 2014
Pulsant Limited
http://www.pulsant.comPulsant are leading providers of Cloud Hosting, Colocation, Network and Managed Hosting services across the UK and Europe. Our 10 state of the art data centre facilities deliver efficiency, resiliency, continuity and ultra-fast connectivity and flexible packages allow your hosting needs to grow with your business. Our PulsantEnterprise Cloud solution is designed for organisations who…
Read More..Submission Info
Date Listed: November 06, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
RapidCompute – Division of Cybernet
http://www.rapidcompute.comRapidCompute is the latest in a long list of IT service offerings from Cybernet. RapidCompute is an Infrastructure-as-a-Service (IaaS) cloud platform that combines enterprise class infrastructure with the expertise and support structure that is the hallmark of Cybernet’s product portfolio. RapidCompute offers a high performing, standards-based, flexible and robust cloud solution. It is our core…
Read More..Submission Info
Date Listed: July 14, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Recall Corporation
http://www.recall.com/Recall is orchestrating the dynamic future of transformational information management. Recall gives organizations complete control over their information with an integrated approach to securely manage physical and digital assets, wherever it resides, with one information management partner. Our solutions empower customers to make better business decisions throughout the information lifecycle while keeping compliant in the…
Read More..Submission Info
Date Listed: January 10, 2015
Red Hat OpenShift
https://www.openshift.com
OpenShift is Red Hat’s free, auto-scaling Platform as a Service (PaaS) for applications. As an application platform in the cloud, OpenShift manages the stack so you can focus on your code.
Read More..Submission Info
Date Listed: April 15, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service category: Cloud Infrastructure
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Ribose
http://www.ribose.com
Ribose helps individuals and organizations worldwide cooperate effectively through its social collaboration platform. By focusing on the “whole of collaboration”, Ribose has taken online social collaboration to a new level. Whether planning social events for family and friends or running complex business projects, you will find that Ribose makes it easy, effective and genuinely fun.
Read More..Submission Info
Date Listed: October 30, 2013
Last Modified: October 24, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
ServiceNow
http://www.servicenow.comServiceNow is the enterprise IT cloud company. We transform IT by automating and managing IT service relationships across the global enterprise. Organizations deploy our service to create a single system of record for IT and automate manual tasks, standardize processes, and consolidate legacy systems. Using our extensible platform, our customers create custom applications and evolve…
Read More..Submission Info
Date Listed: January 03, 2014
Last Modified: January 26, 2015.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
SHI International, Corp.
http://www.shicloud.com/From software and hardware procurement to deployment planning, configuration, data center optimization, IT asset management and cloud computing, SHI offers custom IT solutions for every aspect of your environment. Privately-held and under the guidance of our current ownership since 1989, SHI has experienced tremendous growth in size and scope through neither merger nor acquisition. Our…
Read More..Submission Info
Date Listed: March 23, 2012
Last Modified: February 23, 2013.
Additional Info
What is this?Service category: Cloud Infrastructure
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Shibumi
http://www.shibumi.comShibumi is a cloud-based application that makes it easier to manage initiatives and deliver results. Reduce the need for time-consuming manual effort in compiling status, identifying impact and aligning to results. Shibumi keeps teams focused on the goals and business drivers while providing them a platform to execute effectively.
Read More..Submission Info
Date Listed: May 06, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Skyhigh Networks
http://www.skyhighnetworks.com/
Skyhigh Networks allows our customers to enable and accelerate the safe and profitable adoption of cloud services across their company. We leverage our 20 years of experience and expertise in Internet technologies and businesses, and the latest in data analysis, networking, cloud-scaling and security technologies to deliver a game changing, highly available, service provider-scale, multi-tenant,…
Read More..Submission Info
Date Listed: February 28, 2013
Last Modified: July 30, 2014.
Additional Info
What is this?Service category: Security
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Sliced Tech
http://www.slicedtech.com.au/Sliced Tech is a leading Australian managed services provider providing enterprise public, community and private cloud services. Sliced Tech provides services to commercial and government customers seeking IaaS, PaaS and SaaS solutions backed by contracts and SLAs. Sliced Tech has owns and manages cloud infrastructure within data centres across Australia, enabling customers to leverage a…
Read More..Submission Info
Date Listed: February 24, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Slovak Telekom
http://www.telekom.skSlovak Telekom is the largest Slovak multimedia operator. Slovak Telekom offers a full-array of data and voice services, private, public and hybrid cloud infrastructure and services, owns and operates the fixed and mobile telecommunications network, operates the Next Generation Network (NGN) and is the largest broadband provider in the country. As the first multimedia operator,…
Read More..Submission Info
Date Listed: December 06, 2014
SoftLayer
http://www.softlayer.com
SoftLayer provides global cloud infrastructure built at Internet scale. Our full-featured API and sophisticated automation tools let you control a powerful, on-demand platform that seamlessly spans physical and virtual devices. With 100,000 servers under management, we are the largest privately held Infrastructure-as-a-Service provider in the world, with 25,000 leading-edge customers ranging from technology startups to…
Read More..Submission Info
Date Listed: November 09, 2012
Last Modified: July 30, 2014.
Additional Info
What is this?Service category: Cloud Infrastructure
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Solutionary
http://www.solutionary.com/
As a cloud-based Managed Security Services provider, Solutionary reduces the information security and compliance burden, delivering flexible managed security services that align with client goals, enhancing organizations’ existing security program, infrastructure and personnel. The company’s services are based on experienced security professionals, data-driven and actionable threat intelligence, and the ActiveGuard® service platform that provide expert…
Read More..Submission Info
Date Listed: December 02, 2011
Last Modified: February 23, 2013.
Additional Info
What is this?Service category: Security
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
StarRez
https://www.starrez.com/StarRez is the global market leader in providing software solutions for residential living communities in higher education. StarRez provide enterprise level residential management software that helps empower student self-service to more than 450 higher education institutions.
Read More..Submission Info
Date Listed: May 29, 2014
Symantec.cloud
http://www.symanteccloud.com/
Symantec.cloud provides a management platform service that helps a business to administer, monitor, and protect its enterprise information resources more effectively. Our portfolio of protection services for E-Mail, Web, Instant Messaging and Cloud Managed Endpoint Solutions assists IT leaders in their effort to provide security, enforce policy and regulations, maintain their service delivery levels and…
Read More..Submission Info
Date Listed: October 19, 2012
Last Modified: February 23, 2013.
Additional Info
What is this?Service category: Security
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
TechonoArt Corp.
http://www.technoart.co.jp/TechnoArt emphasizes advanced-technology venture business in Fukuoka and Kumamoto, both of which are in the Kyushu Region in Japan. TechnoArt’s slogan is “Able to do everywhere and so makes it successful.” TechnoArt can provide system development and security business as well, and also in Tokyo.
Read More..Submission Info
Date Listed: January 29, 2015
Telecom Italia S.p.a. Hosting Evoluto
http://www.telecomitalia.com/
Telecom Italia offers technological infrastructures and platforms in which voice and data are converted into advanced telecommunications services – as well as the latest ICT and Media solutions. Telecom Italia, TIM, Virgilio, La7 and MTV Italia, Olivetti are the Group’s main brands, symbols familiar to consumers and a guarantee of reliability and skill. Being close…
Read More..Submission Info
Date Listed: May 19, 2012
Last Modified: February 23, 2013.
Additional Info
What is this?Service category: Cloud Infrastructure
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Telvent Global Services, S.A.U.
http://www.Telvent.com/Telvent Global Services is a global IT solutions and business information services provider dedicated to helping improve efficiency, safety and security for the world’s leading companies. Telvent serves markets that are critical to the sustainability of the planet.
Read More..Submission Info
Date Listed: February 19, 2015
Terremark
http://www.terremark.com/
Terremark, a Verizon Company, is a leader in transforming and securing enterprise-class IT on a global scale. A subsidiary of Verizon Communications Inc. (NYSE, Nasdaq:VZ), Terremark sets the standard for IT deployments with advanced infrastructure and managed service offerings that deliver the scale, security, and reliability necessary to meet the demanding requirements of enterprises and…
Read More..Submission Info
Date Listed: June 10, 2012
Last Modified: March 31, 2014.
Additional Info
What is this?Service category: Cloud Infrastructure
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Think On Inc.
http://www.thinkon.com/ThinkOn is Canada’s only wholesale only infrastructure as a Service provider. We offer enterprise grade compute and data storage services through channel partners in Canada to mid-sized and large organizations. Our service offers are focused on disaster recovery, data vaulting and application hosting services.
Read More..Submission Info
Date Listed: May 01, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
TokenEx, LLC
http://tokenex.com/TokenEx is an enterprise-class data security platform that offers virtually unlimited flexibility in how customers can access, store, and secure data. TokenEx extends flexibility by working with multiple data acceptance channels and by maintaining a processor-agnostic approach. Moreover, TokenEx is able to tokenize and secure almost any data type a company works with, including payment…
Read More..Submission Info
Date Listed: February 25, 2015
Trackyou Ltd
http://www.trackyou.co.uk/Trackyou are an award winning supplier of web based vehicle / asset tracking and associated telematics. Trackyou are the telematics industry’s leading innovators regularly developing and deploying bespoke, industry leading solutions across all sectors.
Read More..Submission Info
Date Listed: February 12, 2014
Last Modified: July 30, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Varolii Corporation
http://www.varolii.com/Varolii Corporation’s cloud-based SaaS Interact product provides customer interaction management and business continuity communications voice, text, email and smartphone solutions for over 450 clients from the healthcare, finance, airlines/transportation, telecomm, utilities and retail industries.
Read More..Submission Info
Date Listed: November 14, 2012
Last Modified: February 23, 2013.
Additional Info
What is this?Service category: Customer Support
Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Virtustream, Inc.
http://www.virtustream.comThe Virtustream Enterprise Class Cloud provides a secure, highly available, Infrastructure as a Service (IaaS) to enterprises and government customers. xStream, Virtustream’s cloud management software for private, public, and hybrid clouds, enables customers to move existing mission-critical and production applications to the cloud. Powered by Virtustream µVM technology, xStream delivers enterprise-grade security and compliance, performance…
Read More..Submission Info
Date Listed: July 17, 2014
Last Modified: February 06, 2015.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
VMware, Inc.
http://www.vmware.com/VMware vCloud® Air™ is a public cloud platform built on the trusted foundation of vSphere, compatible with your on-premises data center, that includes infrastructure, disaster recovery, and various applications as service offerings. vCloud Air allows you to extend your workloads into the cloud with ease. You can migrate existing onsite virtual machines (VMs) to the…
Read More..Submission Info
Date Listed: December 30, 2014
Vocera Communications, Inc.
http://www.vocera.comVocera Communications, Inc. [NYSE:VCRA] empowers secure, integrated, intelligent communication by instantly connecting people in mobile, mission-critical environments such as healthcare, hospitality, energy, education, retail and more. One of the fastest growing mobile technology companies, Vocera is widely recognized for developing smarter ways to communicate that improve patient, customer and employee satisfaction in more than 1,000…
Read More..Submission Info
Date Listed: November 26, 2014
Websense Inc.
http://www.websense.comWebsense, Inc. a global leader in unified web security, email security, mobile security, and data loss prevention (DLP), delivers the best content security for modern threats at the lowest total cost of ownership to tens of thousands of enterprise, mid-market, and small organizations around the world. Distributed through a global network of channel partners and…
Read More..Submission Info
Date Listed: December 06, 2014
Wipro Technologies
http://www.wipro.comWipro Ltd (NYSE:WIT) is a global information technology, consulting and outsourcing company with 145,000 employees serving over 900 clients in 61 countries. The company posted revenues of $6.9 billion for the financial year ended Mar 31, 2013. Wipro helps customers to do business better leveraging our industry-wide experience, deep technology expertise, comprehensive portfolio of services…
Read More..Submission Info
Date Listed: January 11, 2014
Last Modified: August 20, 2014.
Zendesk
https://www.zendesk.com/product/features/zendesk-security
Zendesk builds cloud software for better customer service, bringing companies and their customers closer together. With Zendesk, companies engage directly and openly with customers, building more meaningful customer relationships that last a lifetime. More than 40,000 customers use Zendesk to provide service to more than 300 million people worldwide.
Read More..Submission Info
Date Listed: March 26, 2014
Last Modified: August 21, 2014.
Additional Info
What is this?Service supports enterprise identity.
Service supports file sharing.
Service supports a mobile app.
Service performs penetration testing.
Zscaler
http://www.zscaler.com
Zscaler is a global, carrier—grade Internet security platform used by more than 5,000 enterprises, governments and military organizations. Much like Amazon Web Services, Salesforce.com, Office 365 or Google Apps, Zscaler is a massive, global cloud computing-based security and compliance system built into the fabric of the Internet.
Read More..Submission Info
Date Listed: January 07, 2015
FAQ
1) Q. What is the CSA STAR?
A. The CSA Security, Trust & Assurance Registry (STAR) is a publicly accessible registry that documents the security controls provided by various cloud computing services, thereby helping users assess the security of cloud providers that they currently use or with whom they are considering contracting. It is a simple but powerful idea, cloud providers post self assessments of their cloud services, CSA makes these assessments publicly available and cloud consumers can use this data to make informed purchasing decisions.
The CSA STAR service is based upon the CSA Governance, Risk and Compliance (GRC) Stack, a collection of four integrated research projects that provide a framework for cloud-specific security controls, assessment, greater automation, and real time GRC management. In addition to registry entries for cloud providers, we will also include special entries for technology solutions and services that integrate CSA GRC Stack components.2) Q. When will the CSA STAR be publicly available?
A. The CSA STAR has been available for provider submissions since early in Q4 2011, and is located at https://cloudsecurityalliance.org/star/.
3) Q. Are there any costs for CSA STAR listings or usage?
A. The CSA STAR Self Assessment is free for both providers to submit registry entries and for consumers to use the registry for research.
The only cost for STAR is associated with the CSA STAR Certification CERTIFICATE. For more information please see “STAR Certification, Policy & Price” at https://cloudsecurityalliance.org/star/certification/#_price
4) Q. What are the Consensus Assessments Initiative Questionnaire and Cloud Controls Matrix, and how do I use them for my own self assessment?
A. The Cloud Controls Matrix (CCM), provides a controls framework that gives detailed descriptions of security concepts and principles in 13 domains that are aligned with Cloud Security Alliance guidance. As a framework, the CSA CCM provides organizations with necessary structure, detail, and clarity regarding information security in the cloud industry. Providers may choose to submit a report documenting compliance with Cloud Controls Matrix.
The Consensus Assessments Initiative Questionnaire (CAIQ, pronounced “cake”) is based upon CCM and provides industry-accepted ways to document which CCM security controls exist in IaaS, PaaS, and SaaS offerings. CAIQ provides a set of over 140 questions that a cloud consumer and cloud auditor may wish to ask of a cloud provider. Providers may opt to submit a completed CAIQ, which will likely be the easiest option for those provider that have not already developed a CCM report.
A special LinkedIn forum (http://www.linkedin.com/groups?home=&gid=4066598) dedicated to CSA STAR support questions is available and moderated by volunteer experts from the community.
5) Q. Why did the CSA feel it was necessary to launch CSA STAR?
A. CSA believes that encouraging transparency and positive competition among cloud providers, with security as a market differentiator, is the right way to think about security in our computer systems. In these early days of cloud adoption, voluntary self-regulation of cloud providers is preferable to heavy-handed governmental regulation.
6) Q. How does the process work for getting listed on CSA STAR?
A. Cloud providers submit a completed CAIQ or CCM whitepaper through our website. CSA will verify submission authenticity and will perform a basic check of content accuracy. CSA will then digitally sign the entry and add it to the public registry.
As for September 2013, companies can also submit their entry as STAR Certification, third party assessment.7) Q. What are the benefits to cloud providers of being listed on CSA STAR?
A. Cloud providers have the benefit of being recognized as a security conscious organization. They will gain exposure to information security, assurance and risk management professionals, who are a key part of the cloud service procurement process. Providers will also be able to streamline their responses to customer due diligence inquiries and “one off” audits.
8) Q. What are the consumer benefits for CSA STAR?
A. Consumers have the benefit of accessing greater information about the security protections cloud providers are promoting. Informed consumers make better decisions.
9) Q. Won’t a public registry of security self assessments create new threat vectors for hackers to exploit?
A. No. The CAIQ is intended to allow a provider to document its security practices without going into a level of detail that would expose sensitive information. For example, a provider will likely document whether or not they regularly perform application layer penetration testing, but would not likely publish detailed results of web scanning tools.
10) Q. Can I get private help with my self-assessment questions?
A. Yes, a special mailbox, [email protected] has been setup for questions you do not wish to post in the LinkedIn group, and is managed by our volunteer experts. Be aware that the amount of support you are able to get may not be sufficient depending upon your questions, and you may need to engage with a professional services firm to assist you.
11) Q. As a consumer, how do I use the CSA STAR?
A. How a consumer uses CSA STAR will depend upon their business requirements, the type of cloud service they intend to use, and their tolerance of risk. In general it will tend to reduce the scope of their provider due diligence and provide information to assist in narrowing the focus of audits and other provider inquiries.
12) Q. Is CSA providing independent verification of the provider security controls?
A. No. The CSA does not guarantee the accuracy of CSA STAR Self-Assessment entries.
13) Q. Does the CSA STAR automatically update registry entries when the provider changes its security controls?
A. No. Providers should update their entries to reflect material changes.
14) Q. What will prevent a cloud provider from providing false and misleading information about the security of their cloud service?
A. Public scrutiny will challenge inappropriate uses of CSA STAR. Individuals concerned about objectively false information in the CSA STAR may contact us at [email protected].
15) Q. Will cloud providers be required to maintain their registry entries?
A. Yes. CSA will mark entries older than one year to be deprecated, and will remove the entries completely after an additional 6 months.
Submit a Question
Have questions you would like to see answered? Please direct them to [email protected] or through the form below:
PGP Public Key Block
Key ID: 7E8A54CF
Key Fingerprint: F391 743C 652C 50DA F089 AFD9 1E16 5E37 7E8A 54CF
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)
mQINBE6smA4BEADQMxewlNg25UgEnbfp6CXt4SEPOeglQD4Mi4BK4W4dwJpCoDdx
7rICE7hzdSAiSDeCg49Kkdii9Liq7oOGXdcMioOqVeEQYwP183564r6GoQPKdGSz
fZJKgEHlXqBtjoYUBm9pX495L0KueJQxhhzCPAEvOrUFuw7MW6XhiNzsohGchclD
7xLzrgZawsy0jeD6vh4ttpy5gzzzfBwEq+aYzg1FDAAPQbMuhzP88uG+SdEKbkPy
szgt0A2a4ODKpqrisnnfH9SR3PWvH8lOf+nouuwucbTcgNvXAGaArCwlJk239WLh
0RmS3cynQyF0NFBqQKBCiu1JBHGcUF0F15ShLdsPkX7ajoPOPJDKYlMpB9n9BOY8
oiCCQLvG307A3LpVdOoMCg02ABZFITf2viSzrX09JVdcMu9zdCr3gd+cS7BpBeif
EUH+IfDlsyhmeBQrY9t9IWkMZIjahm9nwj1lIUbzkJpiSa5Ew5255jOmAndPM/1j
GX2omAyzazD0s3Dxu8fD7MNmAtJUDJQ6aZIkKHVE7f5ZulHvi8m9c59LC3camc+q
EY02qcNH6GgRmcJ+3VdbTwkgjZGLVK80tKUfYD1yK/Zk4alN3oiR7/XtAMXHYUL5
5436zuRoGsAITaEtavGpHclcNzFQu8l/iZnyLKqq//kXSAOJCyAW0Cc3wwARAQAB
tD1DbG91ZFNlY3VyaXR5QWxsaWFuY2UgU1RBUlMgPHN0YXJzQGNsb3Vkc2VjdXJp
dHlhbGxpYW5jZS5vcmc+iQI+BBMBAgAoBQJOrJgOAhsDBQkSzAMABgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAAKCRAeFl43fopUzxMZD/9ptlGOXJfr+WW/mAFKzgV/
yvPTMwRQ7IpMt+OhIHmNIZ70h7/zcQQOXXvh9QaczJlA2ixv599kLCPkx4ixSiln
kZmvN4y/Qg/tbEIHl60TRLnjrBQAx5leQrdiL0QZbWiBpRncYG4VUn+alqlRvtuD
xPgKgLCHdiyD1YM7ggHIDA71daN/sJHyTSdHVz4Kevi1ozglcHQceQgz8Jqd56MR
50okpqlZOoics3qfwWx6zFRU0yr+3pr3zIIXlsyvS/ZzmhIp/g3rxT3RR9UUelG3
08n2D401XJVjWadAYRZVBjb4VqugWyASuhY7RiDmaF1qQbMp+NB625RgVmHRRpgO
MmUtwXfK4TmJHEtbzKnaJueF5hDjmCgMHg3JrjKSnThGawjNcLgVc9G9Ovnz0TM5
wKuENk8R+FLh78uBSWikAKMVsrt+HYEfI6TlxevP8Yqrovk3+96z8NKNlN6F4V4S
5zJuu74ZeK6FwdvOr8xMvDNCE9zd6WmfCQV26c2mHIdxXRXAHKNJgVNRCFKUv7Ar
8h407PGOktVRTFd+ojmPLBtAFN4u0Cbn0Lkn5FTTpcTXbh64yi80uLNcF61THcKr
E4QyOxiEJhA+XK5Fd37eRLkSv0+I/KH3z/04iYKY5mMoq4UDUsWPz14JYGX/Vclg
Ox3axwPFZkC/cb741h2h17kCDQROrJgOARAA9N4csh5F21Jc/LGWJLGn+RPYLWkQ
4B9CSWuQUhCVTcKWj/Wnc7J97Xpg2tB5dFMNwTkotI93JKPE1GpxwKAuTWXwhEgw
tT77+VvCOFN1jOGaK/xlwLAN9P8cRokQlHNw82TpawiHwcw8Kf25U3h9MbgSwWmC
A5vkKQqUm2hx8UrgIgK7qB0tKSmVeCgoOS4uUaYp7YgGArbF8TcoEXZ51Hm5XXUO
wxwLbfiZEhEV6lDAMgzhqfqE3T3uXDbuwqsS6oMsrJbhy6zJN14FI0gtD/mITfcg
S7LFBB5wdxgpYe28C2ZlLn41iIxcmQ3waLivO5iuhx6o9IV3TKiovfDaDKz+TFCM
Epi6w2ClbI+XFxz0LxOt99uNzNhVmB6PCVLwsktUVgf5ufa2iC1JV1HW/fkSBVaL
5mZeAxt7HlJfbDNfYTVTL2AxFljFz5AiiM9m0JfXBqHAbBxbsIqFZhRfWAvPqx7K
ee0IXymcmB+CMKw//8/+sJ9oi1eIT8wTo4BgZJadVoL2J70QcUscws5eGCc9F3z2
W/Y9vruno0sHkxN0hhDh6Vs1hAtilx4I1nPVO/Xim4gC0HyVz3UYEm7g1tMpUx0o
bvFCbQiYUZY5nRE1Gu0V8XCBQwaYU39gfRKytDRXVqCePz3eWTGwaItHiPB/woJV
JDiD9GzAvDnnLzEAEQEAAYkCJQQYAQIADwUCTqyYDgIbDAUJEswDAAAKCRAeFl43
fopUz+4QEACSFsbkUFbjxHRVcQiNXimiTVR3Km5ZLIBwLFvc+hGNOMtTr75kZqA5
pQf/XI/nuh7MuoVXFxxJ5LIS86cdRfLAMGDRM/d4MWDLvnU1HxG45+H8nqCqPJIU
V5BVfJjVrlkIp4oQDbeRJyP4LrkQsyM2Phm5Xkoj74bRlg7M3ETxkkIigpV7s9bO
aHYEJuRiVo38DXC0S7kiQZauvlHFLnyH74c4ZOGg+DUVm6OqNgxiDUZsyS5aeGRL
3gh8HZhxsPpcB9uqQBiAIGsFUhW4Ri4QUhk18tNgYN9hZDQWKhGATzzhqpkywGIp
sJE6uNC9deR6jCIl1jK/dQfT/TvnmO5a64rfoBk3VbJhbbCWVb3u71vF/CQ5lgf9
BjH1+iJSF+MG3Q3sHrJkJzajovkV4MH2K0j8an8Fjxr3epCUds3oGXSy7/p+N+j3
E5Eje48TgTYVamQL6zTVH00c8GkyhRrrc6z/0vgnHBSMkJcfswv0ML6JBLcRNCVx
xZvP0c30ilOBisnTth2kOOuJnLgcsEZopU55EZOhenonVLzJX9dGuvLwPrw8i3Q0
HWbKuTeNwy2U82mSBHoXeNNke5aPaB1U17+eLflb9QOWy3YoOt+mGN8h+TI/dN26
juO9IqyGcfBJOAbeaAT+AWWTay10321NrK4h9Cz0ccrqn5cxVa6YNg==
=i7uM
-----END PGP PUBLIC KEY BLOCK-----
Key Links & Resources
STAR Overview PDF
The CSA STAR Program is a publicly accessible registry designed to recognize the varying assurance requirements and maturity levels of providers and consumers, and is used by customers, providers, industries and governments around the world.
Release Date: July 18, 2014
Terms & Conditions
Effective as of November 14, 2011
These Terms and Conditions (“Terms”) constitute a binding agreement between the Cloud Security Alliance (CSA) and the entity (“Provider”) submitting a document for posting (“Security Disclosure”) on the Cloud Security Alliance Security Trust & Assurance Registry (“CSA STAR℠ Registry”).
BY SUBMITTING YOUR CSA STAR™ SECURITY DISCLOSURE FOR POSTING ON THE CSA STAR℠ REGISTRY, YOU ACKNOWLEDGE AND AGREE TO THE FOLLOWING TERMS.
1. The Cloud Security Alliance CSA STAR℠ Registry
The CSA STAR℠ Registry is a publicly accessible registry that documents the security controls provided by various cloud computing offerings. It is based upon the CSA Governance, Risk, and Compliance (GRC) Stack, a collection of four integrated research projects that provide a framework for cloud-specific security controls, assessment, and greater automation and real-time GRC management.
2. Submission of Security Disclosure
Provider may submit a description of its security controls to the CSA for display on the CSA STAR℠ Registry by doing the following:
- Provider must prepare a Security Disclosure, which is a written document that contains its response to the CSA Consensus Assessments Initiative Questionnaire (CAIQ) or that describes its compliance with the controls that are set forth in the CSA Cloud Controls Matrix (CCM);
- Provider must upload the Security Disclosure and the completed STAR Application Form on the CSA STAR℠ website as explained in the CSA STAR℠ FAQs;
After Provider has uploaded its Security Disclosure, CSA will verify the authenticity of the submission, perform a basic check to ensure that the application is complete, and upload the Security Disclosure on the CSA STAR℠ Registry.
CSA may refuse to post, or may delete, any Security Disclosure that in its sole judgment violates these Terms.
3. Ongoing Use and Maintenance
Provider must update its Security Disclosure from time to time, but not less than once in any twelve (12) month period, in order to take into account the changes in its internal security controls and procedures.
CSA will mark any Security Disclosure that is older than 365 days to be deprecated, and will remove from the CSA STAR℠ Registry any such obsolete Security Disclosure within six months if the Security Disclosure has not been updated.
When the Security Disclosure has been accepted for posting on the CSA STAR℠, Provider may indicate on its website and in its promotional material that:
“[Company]’s Security Disclosure is posted on the Cloud Security Alliance STAR Registry, www.cloudsecurityalliance.org/STAR.”
If a Security Disclosure has not been updated in the prior 365 days, Provider must promptly remove any such notice from its website and promotional materials.
Provider is allowed to link from its website to the page of the CSA STAR℠ Registry where its Security Disclosure is posted.
4. Rules of the CSA STAR℠ Registry
Provider will not do any of the following:
- Post any content or material that infringes any copyright, trademark, patent, trade secret or other intellectual property right of a third party or that is unlawful, harmful, tortious, defamatory, libelous, objectionable or inappropriate as determined by CSA, or could constitute or encourage conduct that would be considered a criminal offense, give rise to civil liability, or violate any law or regulation;
- Post any content or material that it is under a contractual obligation to keep private or confidential;
- Impersonate any person or organization, or misrepresent an affiliation with another person or organization;
- Upload to the Registry any file or link that do not comply with these Terms or that contains viruses, corrupted files, or any other similar software or programs that may adversely affect the operation of the CSA STAR℠ Registry or the CSA website, or any feature of the CSA website;
- Share or transfer password or other access information that allows for making modifications to the Security Disclosures with any other party, temporarily or permanently.
5. Termination; Suspension
CSA may delete or block any or all Security Disclosures associated with Provider at any time and without notice, if CSA determines in its sole discretion that Provider has violated these Terms, the law, or for any other reason.
CSA assumes no liability for any such deletion or blocking, and reserves the right to permanently prohibit Provider from posting Security Disclosures on the CSA STAR℠ Registry.
6. Fees
The CSA STAR℠ Registry is free to Providers to submit Security Disclosures for posting on the STAR Registry, and for consumers to use the Registry for research. In the future, CSA may elect to charge a fee for posting to the STAR Registry, or to limit the number of postings that a single entity may post on the CSA STAR℠ Registry at no cost.
7. Representations and Warranties of Provider
Provider represents and warrants that:
- It has the right and authority to post the Security Disclosure without any restriction;
- Its Security Disclosure is and will remain at all times true, accurate, correct, complete and up-to-date;
- The information provided in the Security Disclosure is not confidential or trade secret information of Provider or any third party, and may be published on the CSA STAR℠ Registry without restriction;
- It owns the content submitted, displayed, published or posted on the Security Disclosure and the display of the Security Disclosure on the CSA STAR℠ Registry will not violate the copyrights, trademark rights, trade secrets, or any other intellectual property rights, contract rights or other rights of any person or entity.
8. Representations and Warranties of CSA
CSA has no obligation to ensure that a Security Disclosure is true, accurate, correct, complete, or up-to-date.
CSA DOES NOT MAKE ANY REPRESENTATION OR WARRANTY WITH RESPECT TO THE CSA STAR℠ REGISTRY. THE CSA STAR℠ REGISTRY IS PROVIDED “AS IS” WITHOUT ANY WARRANTY OF ANY KIND, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT.
9. Limitation of Liability
Provider will be solely responsible for any direct, indirect, incidental, consequential, or punitive damages, or any other losses, costs, or expenses of any kind (including legal fees, expert fees, or other disbursements) that may arise, directly or indirectly, from the Security Disclosure submitted by Provider, including but not limited to any harm caused by any misrepresentation, inaccuracy, errors, in the Security Disclosure.
CSA does not endorse any provider or any posting. CSA is not responsible for the information or other material that may appear in any Security Disclosure posted by Provider or any third party on the CSA STAR℠ Registry. CSA assumes no responsibility or liability that may arise from or be related to the content of the CSA STAR℠ Registry, including but not limited to claims for negligence, misrepresentation, unfair or deceptive practices, defamation, libel, or slander.
UNDER NO CIRCUMSTANCES, INCLUDING NEGLIGENCE, SHALL CSA BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT RESULT FROM THE USE OR INABILITY TO USE THE CSA REGISTRY OR THE DECISIONS MADE OR ACTIONS TAKEN BY CUSTOMERS OR POTENTIAL CUSTOMERS OR PROVIDER BASED ON THE INFORMATION POSTED ON A SECURITY DISCLOSURE; OR FROM PROVIDER’S USE OF, OR INABILITY TO USE, THE CSA STAR℠ REGISTRY; OR FROM MISTAKES, OMISSIONS, INTERRUPTIONS, DELETION OF FILES, ERRORS, DEFECTS, OR DELAYS IN OPERATION OR TRANSMISSION; OR FROM LOSS OF PROFITS, USE, DATA, GOODWILL, OR OTHER INTANGIBLES; OR FROM THE COST OF PROCUREMENT OF SUBSTITUTE PRODUCTS OR SERVICES; OR FROM THE LOSS OF SECURITY OF INFORMATION THAT PROVIDER SUBMITTED IN CONNECTION WITH THE POSTING OF THE SECURITY DISCLOSURES ON THE CSA STAR℠ REGISTRY, OR THE UNAUTHORIZED INTERCEPTION OF ANY SUCH INFORMATION BY THIRD PARTIES, OR FROM ANY FAILURE OF PERFORMANCE WHETHER OR NOT CAUSED BY EVENTS BEYOND CSA’S REASONABLE CONTROL, INCLUDING BUT NOT LIMITED TO ACTS OF GOD, COMMUNICATIONS LINE FAILURE, THEFT, DESTRUCTION, OR UNAUTHORIZED ACCESS TO THIS SITE’S RECORDS, PROGRAMS, OR SERVICES.
IN NO EVENT SHALL CSA’S TOTAL LIABILITY FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION RELATED TO, OR CONNECTED WITH ANY SECURITY DISCLOSURE EXCEED ONE DOLLAR (US $1.00). SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES; AS A RESULT, THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO PROVIDER.
10. Intellectual Property
CSA is the copyright owner of the CSA STAR℠ Registry. No portion of the CSA STAR℠ Registry may be used in any manner, or for any purpose, without CSA’s express written permission, except as provided for herein.
CSA or its licensors own the trademark CSA STAR℠, and all names, logos, trademarks, or service marks posted on or contained in the CSA STAR℠ Registry. None of these names, logos, or marks may be used without CSA’s prior written approval.
Provider retains all right, title, and interest, including all intellectual property rights in its Security Disclosure. Provider shall have the right to use its Security Disclosure in any way it chooses, subject to these Terms. However, except as otherwise specifically agreed in advance and in writing by CSA, any communication or material that Provider transmits to the CSA STAR℠ Registry in any manner and for any reason will not be treated as confidential or proprietary.
11. License to Display Security Disclosure
By submitting a Security Disclosure for posting on the CSA STAR℠ Registry, Provider hereby grants to CSA a limited, non-exclusive, sub-licensable, worldwide, fully-paid, royalty free license to use, modify (for formatting purposes), publicly display, reproduce, and distribute such Security Disclosure without the need to obtain any third party’s permission. This license includes the right to host, index, cache, and tag any Security Disclosure, as well as the right to post the Security Disclosure on any media or platform known or hereinafter developed.
12. Indemnification
Provider will indemnify, defend and hold harmless CSA and its officers, employees, agents from and against any and all loss, costs, expenses (including reasonable attorneys’ fees and expenses), claims, damages and liabilities resulting from, related to or associated with the Security Disclosure(s) (including all versions or drafts thereof) that Provider posts or uploads on the CSA STAR℠ Registry and any violation of these Terms by Provider, including but not limited to any action by a third party claiming that the Security Disclosure is not true, accurate, correct, complete and up-to-date, or otherwise do not meet any requirement set forth in these Terms.
13. Miscellaneous
Conflict – If there is any conflict between these Terms and any other terms posted on the CSA Site with respect to the operation of the CSA STAR℠ Registry, these Terms will govern and supersede any such other terms.
Entire Agreement – These Terms, together with the general Terms and Conditions of use of the CSA site, make up the entire agreement between CSA and Provider relating to the CSA STAR℠ Registry, and replace any prior understandings or agreements (whether oral or written) regarding the CSA STAR℠ Registry.
Force Majeure – CSA’s failure to comply with these Terms because of an act of God, war, fire, riot, terrorism, earthquake, actions of federal, state or local governmental authorities or for any other reason beyond the reasonable control of CSA, will not be deemed a breach of these Terms.
Governing Law – This Agreement will be governed by and construed in accordance with the laws of the State of California without regard to conflicts of law principles. All disputes regarding this the CSA STAR℠ Registry or this Agreement will be subject to the federal, state, and local courts for Santa Clara County, California.
Headings – The headings in these Terms are for Provider’s convenience and reference and do not limit or affect these Terms.
Modifications – CSA reserves the right to revise the Terms at any time and for any reason, and such revisions shall be effective immediately upon notice thereof, which may be given by any means including posting the updated version of the Terms on the site. If Provider does not request that its Security Disclosure be removed from the CSA STAR℠ Registry within ten (10) days after such notice has been given, Provider will be deemed to have accepted the revised terms.
No Partnership – The posting of Provider’s Security Disclosure on the CSA STAR℠ Registry forms no partnership. Neither Provider nor CSA has the power or the authority to obligate or bind the other.
Severability – If any provision of these Terms is found by a court of applicable jurisdiction to be unlawful, void, or unenforceable, the provision will be deemed severed from these Terms and will not affect the validity and enforceability of any remaining provisions.
Waiver – If CSA fails to act with respect to Provider’s breach of these Terms on any occasion, CSA is not waiving its right to act with respect to future or similar breaches.
14. How to Contact CSA STAR™
If you have any question about this document or about the CSA STAR℠ Registry, please contact us a [email protected].
STAR Certification & STAR Attestation Submission
Please contact [email protected] for information about these Level 2 Certifications.
STAR Self-Assessment Submission
Eligibility for listing on the STAR Registry is contingent on the submission of self-assessment reports that document compliance to CSA-published best practices. The registry is intended to allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences.
The CSA STAR Information Center provides an FAQ, Support Forum and more.
Cloud providers can submit two different types of reports to indicate their compliance with CSA best practices:
- Consensus Assessments Initiative Questionnaire (CAIQ) Download here
- Cloud Controls Matrix (CCM) Download here
CSA STAR Registry Terms and Conditions
Your submission is subject to the CSA STAR Terms and Conditions. We encourage you to review these Terms and Conditions, which govern your use of the CSA STAR Registry.
Submitting self-assessment reports to CSA easy!
Simply fill out the required fields in the form below. Then click the “Browse” button to select the self-assessment report from your computer. When you are finished, click the “Submit” button and your submission is complete.
Your submission will be reviewed by CSA for accuracy and we will follow up via email to verify your entry. If you have questions about your submission, please contact: [email protected]
If you have difficulty using this form, please contact: [email protected]
Security, Trust
& Assurance Registry
STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
Welcome New Members
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
Kronos- Palerra
- Inspur
- Battelle
- EMC
Translate CSA
Get Involved
Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.
