The pressure on cloud suppliers to prove their credentials has stepped up in the security space with the launch of a certification that is designed to give customers they are dealing with a safe pair of hands.
The launch of the STAR certification by the Cloud Security Alliance (CSA) and the BSI uses a third party independent assessment to check that a security cloud provider is delivering high levels of service.
The certification combines some of the requirements of the ISO/IEC 27001:2005 standard as well as the CSA Cloud Control Matrix so that resellers can prove to customers they have security controls in place.
To get the STAR accreditation a provider must get a tick in the box on 11 control areas that cover the likes of data governance, information security, legal, risk management and compliance. There will be gold, silver and bronze levels for those that get through the process.
Daniele Catteddu, managing director EMEA at CSA, said that more customers were asking for some way of proving that their potential supplier had got some substance behind their pitch.
"Especially in light of recent government revelations, both consumers and providers of cloud-based services have been asking for independent, technology-neutral certification to help them make more informed decisions about the services they purchase and use,” she said.
“In providing a rigorous, user-centric assessment, STAR Certification will provide an additional layer of transparency that the industry has been calling for," she added.
Elaine Munro, head of global portfolio management at BSI, added that there was an increased demand for cloud services but security concerns continued to dog the willingness of customers to make the move to a hosted environment.
“Many organizations are wary of cloud service due to a variety of security concerns. The STAR Certification will help alleviate this problem, as it will provide organizations and consumers with a clear benchmark on which to evaluate the performance of a cloud service provider," she said.