How much will Cloud Security Alliance's STAR program do to increase transparency of cloud security?

TheCount

It is difficult to really evaluate the security practices of different cloud providers. For the most part, you just have to take them at their word. I've heard about a new program called the Security Trust and Assurance Registry (STAR) that is supposed to introduce a standard questionnaire that members complete to provide a standard of comparison so that potential customers searching for a cloud provider can make an informed decision when security is of concern (which is pretty much always). So far of CSA members, only Microsoft, Mimecast and Solutionary have agree to publication of their STAR responses. Will this actually help customers make knowledge based decisions, or is STARs a marketing gimmick?

Answer this Question

Answers

2 total
jimlynch
Vote Up (9)

I think it's a step in the right direction, and it may be useful as more providers sign onto it. Certainly having Microsoft involved lends it a certain amount of credibility.

Perhaps though it will be left to the users to try to encourage or force companies to participate. If enough users contact their providers and ask about it, it will probably wake up the providers to the need to provide this data.

So it's not perfect, but the industry has to start somewhere to build confidence among customers. This seems like a good step in that direction and I hope more companies will jump on the bandwagon and participate.

jlister
Vote Up (7)

Hopefully more than just three companies will release the information.  If they do, I could see it being very helpful, depending on the depth of the questionnaire.  I did a little research, and read that the questionnaire is developed according to ISO standards, which gives it some credibility, although it was not clear to me that it indicates that members actually MEET the ISO standard.  I would much rather see ISO certifcation than anything else to make sure that a process is being strictly followed.  I think the greatest benefit is the ability to at least compare how different companies respond to the questions, so there is something of an apple to apple comparison possible between different providers. 

Ask a question

Join Now or Sign In to ask a question.
The public cloud market is set for what one analyst firm calls 'hypergrowth.'
Hewlett Packard has unveiled enterprise-class flash-driven storage that is cheaper than traditional storage workloads.
Enterprise workloads are shifting to cloud and hosting environments in ever greater numbers and attacks that have historically targeted on-premises environments are following them, according to a new report.
Salesforce.com was so impressed by the Mayday customer support feature that Amazon.com rolled out for its Kindle Fire HDX tablets that it's now working to create its own version.
Many business users say they're fed up with what they perceive as sluggish IT departments, but cringe at the thought of outsourcing to a managed services provider. However, the rise of BYOD, consumer tech and cloud computing may be clearing a path for change.
But the more Microsoft pushes change, the more enterprises will resist.
Amazon Web Services has increased the number of simultaneous queries its hosted data warehouse Redshift can handle, improving performance in cases where many small queries are now forced to wait.
Salesforce.com recently celebrated its 15th year in existence, and as the SaaS (software-as-a-service) vendor races toward US$5 billion in revenue its influence on the industry is being felt more than ever. At the same time, some signs indicate that Salesforce.com is having a few growing pains, as well as showing some trappings of the mega-vendors it once mocked with its "End of Software" marketing campaign.
Mainframe operators using BMC software may now be able to enjoy the speedy, devops-style development pace that is quickly becoming the norm for customer-facing mobile applications and Internet services.
Mobile office suite Polaris Office now offers a cloud option for storing your documents. But in all the metrics that matter--price, privacy, and functionality--you'd be better served by passing it by.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+