Cloud Security Alliance launches registry: not a moment too soon

Cloud Security Alliance launches registry: not a moment too soon

Summary: The CSA Security, Trust & Assurance Registry (STAR) is intended to encourage transparency of security practices within cloud providers.

SHARE:
TOPICS: Security
0

It's about time:

The Cloud Security Alliance (CSA) announced it will soon be launching a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.

The new initiative, called the CSA Security, Trust & Assurance Registry (STAR), is intended to encourage transparency of security practices within cloud providers. The  registry will help users assess the security of cloud providers they currently use or are considering contracting with, CSA says.  CSA STAR will be online in Q4 of 2011.

CSA STAR is open to all all IaaS, SaaS, and PaaS providers, large and small, with a facility enabling them to submit self assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences.

Good stuff. One issue is there isn't a distinct "cloud" industry. The lines between cloud providers and cloud consumers are very blurry -- a single company can be both a cloud service provider and consumer. Should a company providing cloud or SaaS services to partners, or to affiliated businesses, participate as a provider in the registry? Private clouds have their own sets of security issues as well, as data may be exposed or more accessible beyond transaction points.

Here's the big carrot for cloud providers: CSA says by participating in the registry, cloud providers will see some of the most urgent and important security questions buyers are asking, "and can dramatically speed up the purchasing process for their services." CSA STAR will also be able to provide details as to who is best suited to help manage compliance issues -- often a show-stopper for cloud projects. "This will help customers extend their GRC [governance, risk, compliance] monitoring and reporting across their enterprise and in concert with multiple cloud provider relationships."

It's about time!

(Photo Credit: Wikimedia Commons.)

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion