“The Cloud Security Alliance (CSA) and BSI today announced the launch of the STAR Certification program, a rigorous third party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2005 management system standard together with the CSA Cloud Control Matrix, a specified set of criteria that measures the capability levels of the cloud service.”
Organizations that place data on cloud providers have a number of concerns about the security. By achieving the STAR Certification, cloud providers of every size will be able to give prospective customers a greater understanding of their levels of security controls. At least, that’s the idea.
These sorts of certifications will likely show up in the next year or so. The objective is to remove validation and verification work from the enterprise that is adopting the cloud service and move it to the certification provider.
However, it’s difficult for those who provide standard certifications to create a validation and verification process that meets the needs of all cloud users. While there will be a few base security services validated, they can’t validate everything. Enterprises with special security needs may still be on their own.