Government Cloud Honored with CSA STAR Certification by Cloud Security Alliance
In the digital era, Cloud is playing a vital role in people’s daily routines. Users of Cloud are familiar with searching for knowledge-based information and entertainment details via the Internet. Both public and private Cloud providers have always been expected to develop the most efficient and reliable service features with the highest level of service security to boost greater confidence and trust among an increasing number of users.
To ensure the highest level of service security, Thailand’s Cloud services are certified by globally renowned organizations. They are Euro Cloud Star Audit (ECSA), Cloud Security Alliance (CSA), and International Organization for Standardization (ISO). As users of Cloud services can be certain of standardized service quality and security, each government agency has developed its own service standards with uniquely excellent quality. As a result, Cloud providers are encouraged to pay close attention to the certification and accreditation of standardized Cloud services, where service users have been urged to understand terms and conditions of services provided by different Cloud providers.
Cloud Security Alliance (CSA) is a non-profit organization with a mission to promote the use of best practices for providing security assurance with Cloud Computing. The company has developed its Security Technology for Cloud Computing to ensure the highest satisfaction and confidence of users of Cloud services, with its own “CSA-STAR” service standard.
Reportedly, CSA-STAR is an abbreviation of Cloud Security Alliance (CSA)-Security, Trust, and Assurance Registry (STAR). Originated in late 2011, the standard aimed to increase transparency of Cloud service providers, while boosting greater service confidence for users. CSA-STAR is considered the strategic public registration designed to provide a set of security standards for Cloud services evolved by various program developers. Users of Cloud services are allowed to make their personalized security assessments appropriate for individual uses. It can be said that CSA-STAR is developed as an addition to the ISO 27001 standard, but the CSA-STAR standard focuses mainly on the security of Cloud services. For the compliance with laws and requirements related to Cloud services as well as privacy of data, Cloud service providers are required to pursue the Cloud Control Matrix (CCM) security principles and be certified with ISO 27001 standard.
CSA-STAR Certificate is categorized in three major levels including:
STAR Self Assessment – is required to unveil the personalized assessment results obtained from the CSA Consensus Assessment Initiative (CAI) and/or Cloud Control Matrix (CCM).
STAR Certification/Attestation – is required to declare the assessment results conducted by a third party with the application of Cloud Control Matrix (CCM) and ISO 27001 or AICPA SOC2 standards.
STAR Continuous – is required to reveal the assessment results and security levels on a personalized Cloud system continuously using Cloud Trust Protocol (CTP).
It is obvious that the CSA-STAR certification provides various benefits for all government organizations as it helps boost confidence in using Cloud services and builds a greater image for a particular government agency. With regard to the certification, Cloud users can ensure that the services they require are genuinely secure. Cloud providers will also gain a number of benefits, for example, the assessment of management efficiency related to the Cloud and ISO/IEC 27001 standards, expected to be more competitive compared to those provided by other Cloud service rivals. Currently, there are several globally renowned companies certified with the CSA-STAR standard. They are HP (England), Pulsant (England), Alibaba (China), BroadBand Tower (Japan), Chunghwa Telecom (China), and more.
The Electronic Government Agency (Public Organization) (EGA), considered the provider of G-Cloud, has recognized the importance of service security, with the application of the ISO/IEC 27001:2013 standard used as a guideline for operational requirements approved by a team of internal auditors. To boost confidence in applying G-Cloud services for its users, the EGA has determined to pursue the security management guideline initiated by Cloud Security Alliance (CSA). In 2016, the EGA was certified with the second-level CSA-STAR standard by an external audit agency. All government agencies applying G-Cloud can be certain of the standardized quality and functional capacity of G-Cloud in accordance with the required international standards.
(The CSA-STAR certificate is officially issued by BSI, a certified audit agency)