Cloud Security Alliance launches registry: not a moment too soon

Summary:The CSA Security, Trust & Assurance Registry (STAR) is intended to encourage transparency of security practices within cloud providers.

It's about time:

The Cloud Security Alliance (CSA) announced it will soon be launching a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.

The new initiative, called the CSA Security, Trust & Assurance Registry (STAR), is intended to encourage transparency of security practices within cloud providers. The  registry will help users assess the security of cloud providers they currently use or are considering contracting with, CSA says.  CSA STAR will be online in Q4 of 2011.

CSA STAR is open to all all IaaS, SaaS, and PaaS providers, large and small, with a facility enabling them to submit self assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences.

Good stuff. One issue is there isn't a distinct "cloud" industry. The lines between cloud providers and cloud consumers are very blurry -- a single company can be both a cloud service provider and consumer. Should a company providing cloud or SaaS services to partners, or to affiliated businesses, participate as a provider in the registry? Private clouds have their own sets of security issues as well, as data may be exposed or more accessible beyond transaction points.

Here's the big carrot for cloud providers: CSA says by participating in the registry, cloud providers will see some of the most urgent and important security questions buyers are asking, "and can dramatically speed up the purchasing process for their services." CSA STAR will also be able to provide details as to who is best suited to help manage compliance issues -- often a show-stopper for cloud projects. "This will help customers extend their GRC [governance, risk, compliance] monitoring and reporting across their enterprise and in concert with multiple cloud provider relationships."

It's about time!

(Photo Credit: Wikimedia Commons.)

Topics: Security


Joe McKendrick is an author and independent analyst who tracks the impact of information technology on management and markets. Joe is co-author, along with 16 leading industry leaders and thinkers, of the SOA Manifesto, which outlines the values and guiding principles of service orientation. He speaks frequently on cloud, SOA, data, and... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.