It’s official – cloud security assurance is being taken to the next level. The recent announcement by the CSA (Cloud Security Alliance) and BSI (British Standards Institute) of the first independently audited cloud security certification is a tremendous leap forward in bringing transparency to the industry. The new STAR certification builds on the existing CSA self-certification and international security standard ISO27001 control set, adding specific cloud-focused controls.
Considering recent events highlighted in the media regarding the safety and privacy of data, customers and consumers of the cloud are becoming increasingly aware of what to look for and which questions to ask when selecting cloud services and providers
Pulsant has significant experience using accreditations in ISO 27001 and ISO 9001 which are internationally recognised and respected, and these do provide significant assurance to customers around processes and controls related to cloud deployment. However, these standards do not necessarily treat the unique security challenges faced when delivering cloud platforms in sufficient detail. Many providers like Pulsant deliver secure cloud products but to date the lack of appropriate assurance mechanisms has made this harder to convey in basic terms to customers.
Presenting customers with a cloud specific security certification will increase confidence in the security of a company’s cloud proposition and is increasingly important as the cloud market continues to expand. The customer wants to know the vendor is doing it ‘right’, and in a market where the number of vendors is increasing, customers need confidence they are selecting the best vendor for their needs. While accreditation cannot guarantee security, the CSA STAR will certainly make the market more transparent and holds infinitely more weight than existing self-assessment / self-certification models as it is administered by an independent body.
In the bigger picture, vendors with a STAR certification are more likely to inspire confidence in customers, and as the industry matures and the need for assurance increases, there just might be a greater demand for cloud providers with the appropriate credentials. As a cloud vendor we recognise this need and feel the progress by the CSA on the new standard is a very positive addition to the industry and will commit to pursuing this line of certification.