“The rise of cloud as a global compute utility creates a mandate to better harmonize compliance concerns,” said Daniele Catteddu, managing director for EMEA at the CSA, in a statement. “A key challenge the cloud industry faces is reassuring its customers that the service they provide is not only secure but can recover from any incidents with minimal disruption.”
Forrester Analyst Holger Kisker agrees. He pointed out that in taking a look at cloud-delivered app success so far, the leaders are customer relationship management (CRM), collaboration, human capital management (HCM) and e-procurement, which have all reached a healthy cloud adoption of about 25% in North America and Western Europe. That’s followed by a drop-off however, with business intelligence and analytics (BI) the next most successful application, used in cloud form by 17% of companies. The main challenges for cloud and software-as-a-service (SaaS) applications are data security and integration efforts, and they continue to take a toll on uptake.
The Open Certification Framework, created in conjunction with the British Standards Institution (BSI), aims to change that. It will eventually support an independent third-party assessment of the state of a company’s security measures, but the initiative is starting off with an immediately available self-assessment process, which allows cloud providers to submit reports to the CSA STAR Registry to indicate their compliance with CSA best practices.
In the first half of 2013, the CSA Star Certification will offer third-party assessment from approved certification bodies, which will certify compliance with the ISO/IEC 27001:2005 management systems standard together with the CSA Cloud Controls Matrix (CCM).
Assessors will numerically score a company’s performance against the CCM, allowing senior management at the cloud operator to measure improvement year over year.
As a third level, the STAR Certification will eventually include continuous monitoring-based certification for ongoing compliance.
Overall, the end result of all three efforts is the establishment of a framework, “against which cloud providers can be independently benchmarked and which encourages continual improvement to ensure customers receive the best service possible,” according to David Brown, director of corporate development at BSI.