Cloud // Infrastructure as a Service
News
8/11/2011
09:46 AM
Connect Directly
RSS
E-Mail
50%
50%

Transparency Key To Cloud Security

Customers get help assessing compliance, security practices of cloud vendors through Cloud Security Alliance's STAR program.

Slideshow: Cloud Security Pros And Cons
Slideshow: Cloud Security Pros And Cons
(click image for larger view and for full slideshow)
Is secrecy the key to security? Not according to the Cloud Security Alliance, which is looking to gather up information on how cloud service providers are securing their services. The truth of the matter is that it is not secrecy that builds effective security; it is adopting and adhering to best practices and standards that create a secure environment--secrecy is best left to end users protecting their passwords and logon credentials.

Perhaps that is the point the CSA is trying to get across to the purveyors of cloud services with STAR, which is open to all cloud providers. STAR allows cloud providers to submit self-assessment reports that document compliance to CSA-published best practices. According to the CSA, the searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher-quality procurement experiences.

The CSA claims that STAR will offer a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator. Ideally, STAR can become another metric for customers to validate if a cloud service provider meets their internal security needs, especially in the world of compliance--where security practices are often dictated by law.

For those looking to build private clouds or internal clouds, the results of the assessment process could provide valuable guidance and clues on how to implement security for internal cloud services. What's more, the best practices offered by the CSA will further speed the security planning process for those building clouds.

CSA STAR will be online in Q4 of 2011. Cloud providers can submit two different types of reports to indicate their compliance with CSA best practices:

-- The Consensus Assessments Initiative Questionnaire (CAIQ), which provides industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings. The questionnaire (CAIQ) provides a set of over 140 questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. Providers may opt to submit a completed Consensus Assessments Initiative Questionnaire.

Read the rest of this article on Network Computing.

The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Here's how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own company's security ignores the bigger picture. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.