|
Up In The Cloud: How Secure Is A Cloud Service?
When selecting a cloud service for your company, many factors must be considered, but among the top considerations is the security of the service. Cloud services must protect against catastrophic data loss and the possibility of your data falling into unauthorized hands. However, the problem with evaluating a service’s security is that it’s extremely difficult to rate anyone’s claims. How do you know that what a service claims is what it practices? And if you’re not fluent in the technical jargon a detailed explanation requires, how can you understand what it all means?
These are critical questions that can cause all kinds of confusion in a fast-growing and rapidly-evolving sphere of business, when stories of security breaches make the news almost weekly. The stakes are high for providers and consumers, which is partly why a not-for-profit organization called the Cloud Security Alliance was established in 2008. As a third-party certifying agency whose mission is to “promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing,” it recognizes cloud service providers (CSPs) who meet its standards for data security.
The CSA was founded by volunteers in several realms of technology and business, working collaboratively to establish guidelines for security in cloud computing. Since then, its membership has grown to 80,000 members worldwide with sixteen full-time employees, contract staff, and 400 volunteers who continue to research and report on best practices. It also offers training and hosts regional events each year, including an international congress.
Most directly useful to a company selecting a cloud service is its CSA Security, Trust, & Assurance program, abbreviated to CSA STAR. The program allows cloud service providers the opportunity to demonstrate their practices in keeping data secure, and an accessible registry of these providers with the level of assurance CSA STAR verifies.
CSA STAR offers three levels of assurance. At its base is the self-assessment, a report submitted by the provider in response to CSA’s framework for best practices. You may not have time to learn and understand the components of this framework, but if you trust CSA’s team of volunteers, you at least have the organization’s assurance that its listed providers satisfy the criteria for best practices at this most basic level. The registry includes links to each provider’s self-assessment for those wishing to see the details.
The second level of assurance involves “certification” and “attestation,” the result of a “rigorous third-party, independent assessment of the security of a cloud service provider.” This evaluation rates criteria toward an assessment in each of several domains of its “cloud control matrix,” with a progressively stepped “maturity” level, telling the provider and potential customer how far the service’s security is from its highest rating, with “bronze,” “silver,” “gold,” and “none” designations.
CSA’s third level of assurance is still in development, according to the organization’s website, but it will be called CSA STAR Continuous, and it will involve a continuous auditing and assessment of a provider’s relevant security properties.
In the way you might check the Better Business Bureau before you commit to relationships with a service provider, or Charity Navigator before making a donation to a nonprofit, you can see whether a cloud service provider meets the criteria established by CSA. This is obviously not the only lens through which you will evaluate a provider, but it’s a good first step in establishing how conscientious a provider is in keeping its clients’ data secure from bad luck or bad intentions.
Reference Link:
The Cloud Security Alliance’s registry: https://cloudsecurityalliance.org/star/#_registry
 |
| |
RMA® Executive Search Recruiting Firm Locations: |
| |
| United States & Canada: |
|
Europe, Asia & Pacific: |
| |
- Atlanta, Georgia
- Austin, Texas
- Baltimore, Maryland
- Boston, Massachusetts
- Charleston, South Carolina
- Charlotte, North Carolina
- Chicago, Illinois
- Cleveland, Ohio
- Columbus, Ohio
- Dallas, Texas
- Denver, Colorado
- Detroit, Michigan
- Honolulu, Hawaii
- Houston, Texas
- Indianapolis, Indiana
- Jacksonville, Florida
- Kansas City, Missouri
- Las Vegas, Nevada
- Los Angeles, California
- Memphis, Tennessee
|
- Miami, Florida
- Milwaukee, Wisconsin
- Minneapolis, Minnesota
- Montreal, Canada
- Nashville, Tennessee
- New York, New York
- Oklahoma City, Oklahoma
- Philadelphia, Pennsylvania
- Phoenix, Arizona
- Portland, Oregon
- Raleigh, North Carolina
- Saint Louis, Missouri
- San Antonio, Texas
- San Diego, California
- San Francisco, California
- San Jose, California
- Seattle, Washington
- Tampa, Florida
- Toronto, Canada
- Washington, DC
|
- Bangkok, Thailand
- Beijing, China
- Berlin, Germany
- Hong Kong, China
- Kuala Lumpur, Malaysia
- London, England
- Madrid, Spain
- Melbourne, Australia
- Moscow, Russia
- Mumbai, India
- New Delhi, India
- Paris, France
- Prague, Czech Republic
- Rome, Italy
- Stockholm, Sweden
- Sydney, Australia
- Tokyo, Japan
- Vienna, Austria
- Wellington, New Zealand
- Zurich, Switzerland
|
| |
| Visit Our Executive Search Recruiting Firm Locations Area For More Details. |
| |
 |
|
|
