Share this article on:
CloudHealth by VMware has announced it became a Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) registrant on January 23, 2020.
The Cloud Security Alliance is a not-for-profit organization that promotes the use of best practices to provide security assurance in cloud computing. The CSA has developed a library of online courses to help its 80,000 worldwide members ensure their cloud environments are properly secured. The CSA also hosts many webinars, events, and community discussions as part of its efforts to educate the business community on cloud security.
Cloud service providers can take advantage of the CSA Security, Trust & Assurance Registry Program, which allows them to become certified against industry standards. Cloud customers can use the registry to find cloud companies that meet the level of assurance they need, and to find out more about the measures each vendor has implemented to protect cloud infrastructure and safeguard cloud data.
Cloud service providers that have validated their cloud security offerings and been certified can easily demonstrate to current and future customers that they have implemented a range of controls to ensure security. The program helps cloud service providers establish trust through transparency.
Cloud customers can use the CSA’s Consensus Assessments Initiative Questionnaire (CAIQ) to determine which security controls have been implemented in IaaS, PaaS, and SaaS offerings and can use the questionnaire to determine compliance to the Cloud Controls Matrix (CCM).
The questions cover security controls in 16 categories, including Application & Interface Security, Audit Assurance & Compliance, Business Continuity Management & Operational Resilience, Data Security & Information Lifecycle Management, Datacenter Security, Governance & Risk Management, Interoperability & Portability, Security Incident Management, E-Discovery, & Cloud Forensics and Threat & Vulnerability Management.
By completing the questionnaire, cloud customers can easily ascertain the security posture of prospective cloud service providers and make an informed decision about which services have the appropriate level of security to meet their needs.