I have so many questions that comes to my mind when we go into cloud computing. What is the security controls that your cloud provider maintains? Sometime you may get the details of their security practices but most of the time you don’t get it. Even if you get the security practises that your cloud provider offers, how do you verify their credibility? Cloud provider will need to have their security controls and methods reviewed by an approved by a recognized party.
In recent past there has been tremendous progress with regards to improving your cloud provider transparency. There is a nonprofit Cloud Security Alliance (CSA) which has led to a standard framework for handling cloud security.
STAR(Security, Trust and Assurance Registry) was established in 2011. It provides a standard based public repository of cloud provider security controls. STAR is open to all cloud providers and allows them to submit self assessment reports that document their security compliance. It has rather been in a slow take off since even by now only four cloud providers submitted their publishing documentation of their security controls. One of latest and giant cloud provider Microsoft has enrolled its products Windows Azure, Microsoft Dynamics, Office 365 security documentation for self assessment.
There are different independent bodies that in the process of being established including Open Certification Framework with the aim of providing cloud customers and users with security assurance via offering certifications that a cloud provider implements control in line with CSA’s guidance
Well, very few governments are making efforts to have standards and controls that protect the technology consumers. CSA forges ahead with the standard security approach but as user you still are in vulnerable situation exposing your data to Cloud Providers.