The Cloud Security Alliance's latest attempt to foster an environment of proactive security practices in the cloud computing industry involves a public registry through which vendors can showcase their efforts.
CSA STAR, short for the Cloud Security Alliance's Security, Trust & Assurance Registry, was launched with the goal of "helping users assess the security of cloud providers they currently use or are considering contracting with," according to a CSA press release. To jump-start the registry and spread the word about the most effective cloud computing security practices, the organization urges vendors throughout the IT industry to cooperate to the full extent.
"CSA STAR is open to all cloud providers, and allows them to submit self-assessment reports that document compliance to CSA published best practices," the press release reads. "The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher-quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator."
Two types of reports will be available for those looking to contribute, the first of which comes in the form of a questionnaire that begs information on IaaS, PaaS and SaaS security controls. The other form, called the Cloud Controls Maxim, is more detailed and elaborates on cloud computing security concepts and principles in 13 different domains, the CSA said.
Establishing a this kind of industry network is an innovative and proactive effort toward industry-wide standardization, which appears to be essential to increased adoption. Once connected to a network of security-focused cloud vendors, skeptics may become more comfortable with the latest practices in cloud security.
Confidence in cloud security standards is important, as many are interested in the technology but remain apprehensive. Although 70 percent of respondents to a Tecala survey issued earlier this year said they have experienced cost savings through the cloud, 18 percent said they would not increase cloud use because of security concerns.