Will my provider be transparent about how they manage their systems, organization governance, etc?Will I be considered compliant?Do I know where my data is?Will a lack of standards drive unexpected obsolescence? Is my provider really better at security than me?Are the hackers waiting for me in the cloud?Will I get fired?How can we gracefully “lose control” of IT
The CSA Security, Trust & Assurance Registry (STAR) is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with.CSA STAR is open to all cloud providers, and allows them to submit self assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.
Sample entry from Verizon Terremark
We can start having fun scrutinizing entries!
Transcript of "Global Efforts to Secure Cloud Computing "
www.cloudsecurityalliance.org7enterpriseboundarypublic cloudsprivate cloudscloud of usersNotionalorganizationalboundary• Cloud + Mobile• Dispersal of applications• Dispersal of data• Dispersal of users• Dispersal of endpointdevices