How much will Cloud Security Alliance's STAR program do to increase transparency of cloud security?

TheCount

It is difficult to really evaluate the security practices of different cloud providers. For the most part, you just have to take them at their word. I've heard about a new program called the Security Trust and Assurance Registry (STAR) that is supposed to introduce a standard questionnaire that members complete to provide a standard of comparison so that potential customers searching for a cloud provider can make an informed decision when security is of concern (which is pretty much always). So far of CSA members, only Microsoft, Mimecast and Solutionary have agree to publication of their STAR responses. Will this actually help customers make knowledge based decisions, or is STARs a marketing gimmick?

Answer this Question

Answers

2 total
jimlynch
Vote Up (8)

I think it's a step in the right direction, and it may be useful as more providers sign onto it. Certainly having Microsoft involved lends it a certain amount of credibility.

Perhaps though it will be left to the users to try to encourage or force companies to participate. If enough users contact their providers and ask about it, it will probably wake up the providers to the need to provide this data.

So it's not perfect, but the industry has to start somewhere to build confidence among customers. This seems like a good step in that direction and I hope more companies will jump on the bandwagon and participate.

jlister
Vote Up (6)

Hopefully more than just three companies will release the information.  If they do, I could see it being very helpful, depending on the depth of the questionnaire.  I did a little research, and read that the questionnaire is developed according to ISO standards, which gives it some credibility, although it was not clear to me that it indicates that members actually MEET the ISO standard.  I would much rather see ISO certifcation than anything else to make sure that a process is being strictly followed.  I think the greatest benefit is the ability to at least compare how different companies respond to the questions, so there is something of an apple to apple comparison possible between different providers. 

Ask a question

Join Now or Sign In to ask a question.
Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.
According to a new dataset, the big names in technology lag well behind actors, politicians and athletes in terms of global cultural significance
Five weeks after announcing a lower-cost subscription to Office, Microsoft today started selling Office 365 Personal to consumers.
Big data analytics are driving rapid growth for public cloud computing vendors with revenues for the top 50 public cloud providers shooting up 47% in the fourth quarter last year to $6.2 billion, according to Technology Business Review Inc.
Google has expanded its Cloud Platform to include locally hosted computing capacity, storage and data bases for the Asia-Pacific region.
The space agency has published a catalog of its software being made available to the public, and it includes code for things other than flying a rocket to the moon
Box has patched the Heartbleed security hole on its servers and has advised its customers to change their passwords.
For companies in the cloud storage business, standing out from the pack isn't getting any easier, as many competing services are racing to the bottom with both free and paid offerings.
The latest entrant into cloud-based Wi-Fi plans to apply the technique to public Wi-Fi hotspots, helping enterprises and service providers to better manage and monetize their networks.
The cloud is more than just dirt-cheap data storage and lightning-fast apps. These six innovations show that it's possible to manage servers, develop applications, run virtual machines and even sequence the human genome using cloud technology.