On January 23, 2020, CloudHealth by VMware announced the company became a Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) registrant.
The Cloud Security Alliance is a not-for-profit organization with more than 80,000 members worldwide. The aim of CSA is to promote the use of best practices to provide security assurance in cloud computing. CSA has developed free online courses, runs many webinars and events, and hosts community discussions to help educate the cloud community about cloud security to help them keep their cloud environments secure.
The CSA has developed a Security, Trust & Assurance Registry Program through which cloud security providers can be certified against industry standards. The registry is accessible to the public and can be used by cloud customers to find organizations that meet the level of assurance they require and see the controls that companies have put in place to protect cloud data.
Through the CSA Star Program, cloud service providers can validate their cloud security offerings and the certification provides proof to their customers that all of the necessary controls have been put in place, helping them to establish trust through transparency.
CSA has developed a Consensus Assessments Initiative Questionnaire (CAIQ) that can be used by cloud customers to determine the security controls that exist in IaaS, PaaS, and SaaS services. The questionnaire provides a set of yes/no questions that can be asked of a cloud service provider to determine compliance to the Cloud Controls Matrix (CCM).
The questions cover security controls across the following 16 categories
- Application & Interface Security
- Audit Assurance & Compliance
- Business Continuity Management & Operational Resilience
- Change Control & Configuration Management
- Data Security & Information Lifecycle Management
- Datacenter Security
- Encryption & Key Management
- Governance & Risk Management
- Human Resources
- Identity & Access Management
- Infrastructure & Virtualization Security
- Interoperability & Portability
- Mobile Security
- Security Incident Management, E-Discovery, & Cloud Forensics
- Supply Chain Management, Transparency, and Accountability
- Threat & Vulnerability Management
By completing the questionnaire, cloud customers can easily ascertain the security posture of prospective cloud service providers, such as CloudHealth by VMware, so they can then make decisions about whether their services are suitably secure.