How much will Cloud Security Alliance's STAR program do to increase transparency of cloud security?

TheCount

It is difficult to really evaluate the security practices of different cloud providers. For the most part, you just have to take them at their word. I've heard about a new program called the Security Trust and Assurance Registry (STAR) that is supposed to introduce a standard questionnaire that members complete to provide a standard of comparison so that potential customers searching for a cloud provider can make an informed decision when security is of concern (which is pretty much always). So far of CSA members, only Microsoft, Mimecast and Solutionary have agree to publication of their STAR responses. Will this actually help customers make knowledge based decisions, or is STARs a marketing gimmick?

Answer this Question

Answers

2 total
jlister
Vote Up (13)

Hopefully more than just three companies will release the information.  If they do, I could see it being very helpful, depending on the depth of the questionnaire.  I did a little research, and read that the questionnaire is developed according to ISO standards, which gives it some credibility, although it was not clear to me that it indicates that members actually MEET the ISO standard.  I would much rather see ISO certifcation than anything else to make sure that a process is being strictly followed.  I think the greatest benefit is the ability to at least compare how different companies respond to the questions, so there is something of an apple to apple comparison possible between different providers. 

jimlynch
Vote Up (11)

I think it's a step in the right direction, and it may be useful as more providers sign onto it. Certainly having Microsoft involved lends it a certain amount of credibility.

Perhaps though it will be left to the users to try to encourage or force companies to participate. If enough users contact their providers and ask about it, it will probably wake up the providers to the need to provide this data.

So it's not perfect, but the industry has to start somewhere to build confidence among customers. This seems like a good step in that direction and I hope more companies will jump on the bandwagon and participate.

Ask a question

Join Now or Sign In to ask a question.
Technology companies make up almost half of the businesses ranked highest by their employees for culture and values in a new survey
Microsoft has extended the data loss prevention features in Office 365 so that they are available not only for its email tools but also for data in SharePoint Online and OneDrive for Business.
Salesforce.com's development teams are continuing their steady pace of improvements to the Salesforce1 mobile application, which first debuted at last year's Dreamforce conference.
Responding to the growth of enterprise software development teams, Microsoft will allow occasional contributors to access the Visual Studio Online project development environment at no cost.
Dropbox is consolidating its three Pro account options into a single plan that's priced at US$9.99 per month and includes 1TB of storage and added controls for document sharing and security.
Use your coding powers to raise money for a worthy cause, no ice water involved
To beef up its cloud platform with more specialized packages, Google is acquiring Zync for its large scale rendering service for movie special effects, called Zync Render.
McAfee, part of Intel Security, has made improvements to its Server Security Suites portfolio with the introduction of performance optimisation and additional management efficiency to increase security for servers in physical, virtualised and Cloud environments.
A new analysis of Reddit comments shows which language’s developers seem to be the happiest - and which are the most foul-mouthed
Google's Slides presentation app can now be used without an Internet connection on iOS devices, joining the two other core office productivity tools in the company's suite, the Docs word processor and Sheets spreadsheet software.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness