By Peter Silva | Article Rating: |
|
August 17, 2011 09:00 AM EDT | Reads: |
5,520 |
The Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, recently announced that they are launching (Q4 of 2011) a publicly accessible registry that will document the security controls provided by various cloud computing offerings. The idea is to encourage transparency of security practices within cloud providers and help users evaluate and determine the security of their current cloud provider or a provider they are considering. The service will be free.
CSA STAR (Security, Trust and Assurance Registry) is open to all cloud providers whether they offer SaaS, PaaS or IaaS and allows them to submit self assessment reports that document compliance in relation to the CSA published best practices. The CSA says that the searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher-quality procurement experiences. There are two different types of reports that the cloud provider can submit to to indicate their compliance with CSA best practices. The Consensus Assessments Initiative Questionnaire (CAIQ), a 140 question document which provides industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings and the Cloud Control Matrix (CCM) which provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in areas like ISACA COBIT, PCI, and NIST.
Providers who chose to take part and submit the documents are on the ‘honor system’ since this is a self assessment and users will need to trust that the information is accurate. CSA is encouraging providers to participate and says, in doing so, they will address some of the most urgent and important security questions buyers are asking, and can dramatically speed up the purchasing process for their services. In addition to self-assessments, CSA will provide a list of providers who have integrated CAIQ and CCM and other components from CSA’s Governance, Risk Management and Compliance (GRC) stack into their compliance management tools.
This should help with those who are still a bit hesitant about Cloud services. The percentage of those claiming ‘security issues’ as a deterrent for cloud deployments has steadily dropped over the last year. Last year around this time on any given survey, anywhere from 42% to 73% of those respondents said cloud technology does not provide adequate security safeguards and that that security concerns have prevented their adoption of cloud computing. In a recent cloud computing study from TheInfoPro, only 13% cited security worries as a cloud roadblock, after up-front costs at 15%. Big difference than a year ago. In this most recent survey, they found that ‘fear of change’ to be the biggest hurdle for cloud adoption. Ahhhh, change. One of the things most difficult for humans. Change is constant yet the basics are still the same – education, preparation, and anticipation of what cloud is about and what it can offer is a necessity for success.
ps
References:
- CSA focuses best-practice lens on cloud security
- Assessing the security of cloud providers
- CSA Registry Strives for Security Transparency of Providers
- Cloud Security Alliance Introduces Provider Trust and Assurance Registry
- Transparency Key To Cloud Security
- Cloud Security Alliance launches registry: not a moment too soon
- Fear of Change Impedes Cloud Adoption for Many Companies
- F5 Cloud Computing Solutions
Technorati Tags: F5, CSA, integration, cloud computing, Pete Silva, security, business, education, technology, application delivery, cloud, context-aware, infrastructure 2.0, web, internet
Connect with Peter: | Connect with F5: |
![]() ![]() ![]() ![]() |
![]() ![]() ![]() ![]() |
Read the original blog entry...
Published August 17, 2011 Reads 5,520
Copyright © 2011 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
More Stories By Peter Silva
Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.
Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.
Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.
Apr. 19, 2018 08:00 PM EDT Reads: 2,478 |
By Elizabeth White ![]() Apr. 19, 2018 07:00 PM EDT Reads: 5,915 |
By Pat Romanski ![]() Apr. 19, 2018 02:30 PM EDT Reads: 5,407 |
By Pat Romanski Apr. 19, 2018 02:00 PM EDT Reads: 1,968 |
By Pat Romanski Apr. 19, 2018 01:45 PM EDT Reads: 1,109 |
By Pat Romanski Apr. 19, 2018 01:30 PM EDT Reads: 2,047 |
By Elizabeth White Apr. 19, 2018 01:30 PM EDT Reads: 1,509 |
By Pat Romanski ![]() Apr. 19, 2018 01:30 PM EDT Reads: 1,583 |
By Liz McMillan Apr. 19, 2018 01:15 PM EDT Reads: 1,562 |
By Pat Romanski ![]() Apr. 19, 2018 12:45 PM EDT Reads: 5,174 |
By Yeshim Deniz Apr. 19, 2018 12:30 PM EDT Reads: 3,861 |
By Yeshim Deniz ![]() Apr. 19, 2018 12:30 PM EDT Reads: 1,621 |
By Yeshim Deniz Apr. 19, 2018 12:15 PM EDT Reads: 4,787 |
By Liz McMillan ![]() Apr. 19, 2018 12:00 PM EDT Reads: 5,324 |
By Liz McMillan ![]() Apr. 19, 2018 11:00 AM EDT Reads: 6,989 |
By Elizabeth White ![]() Apr. 19, 2018 10:45 AM EDT Reads: 4,444 |
By Elizabeth White Apr. 19, 2018 09:45 AM EDT Reads: 4,118 |
By Liz McMillan ![]() Apr. 19, 2018 09:15 AM EDT Reads: 3,537 |
By Yeshim Deniz Apr. 19, 2018 08:45 AM EDT Reads: 2,240 |
By Yeshim Deniz ![]() Apr. 19, 2018 08:30 AM EDT Reads: 1,803 |
By Yeshim Deniz Apr. 19, 2018 08:30 AM EDT Reads: 2,979 |