@SabrinaLopes
Increasing use of IT resources for data use / storage, access to software and systems, had an influence on the migration to the Wloud computing (Cloud Computing).
Enterprises have adhered to this service over the past decade, driven by a significant reduction in operating costs and infrastructure, as well as improved usability (made possible through a connection to Internet access files and perform tasks through services online).
However the facilities coming from this feature still have the security questioned by ordinary users and large companies. Three elements need to be considered to adhere to cloud security: confidentiality, integrity, and availability.
THE Cloud Security Alliance (CSA) In partnership with other organizations and in order to establish best practices for cloud computing, has created the Cloud Control Matrix CCM, which specifies the relevant controls that should be adopted by the ISPs. Cloud Services (CSP's). The certification CSA Star It is designed to meet the following standards:
- ISO 19011: 2012, Guidelines for management systems auditing;
- ISO / IEC 17021: 2011, Conformity Assessment & #8211; Requirements for bodies providing auditing and certification of management systems;
- ISO / IEC 27006: 2011, Information Technology & #8211; Security Techniques & #8211; Requirements for bodies providing audit and certification of information security management systems
- ISO / IEC 27001: 2013 & #8211; Information Technology & #8211; Security techniques and information security management systems (mandatory for CSPs wishing to obtain CSA Star)).
The Cloud Control Matrix (CCM), evaluates the following controls:
- Conformity;
- Data governance;
- Facility security;
- Human Resources;
- Information security;
- Legal requirements;
- Operations management;
- Risk management;
- Release Management
- Resilience;
- Security architecture.
Maturity levels are individually assessed for the following capacity factors:
- Communication and involvement of stakeholders;
- Ownership, leadership and management;
- Policies, plans and procedures and a systematic approach;
- Monitoring and measurement;
- Skills and experience.
The certification is based on the controls already established by the standard. ISO / IEC 27001: 2013, together with a maturity analysis of the controls defined in (CCM), maturity levels are classified as “Gold”, “Silver” and “Bronze”. Being exclusively applicable to services Cloud.
Benefits
Benefits include users, service providers, auditors, and IT professionals regarding:
- Provide a clear view of best practices adopted by service providers;
- Demonstrate a higher level of maturity with competitors;
- Contribute to increased competitive advantage;
- Contribute to improving strategic management, making it easier to define roles and accountability among stakeholders and top management.
Conclusion
Combining cost savings and ease of use with reliable, secure service will be the challenge for the coming years for organizations looking to offer the increasingly competitive marketplace services. Cloud.
In the same vein are large organizations that want to make sure their data is secure and their services will have the expected availability of confidentiality.
Obtaining CSA Star certification leaves the service provider Cloud in a prominent position, making it differential in its field of activity, for potential clients and stakeholders.
Want to know more about certification? See this link
* Sabrina Lopes - She is an Information Security Consultant for [SAFEWAY]
