The public data collected and housed by international governments—critical national security assets for intelligence, defense and homeland security operations— is some of the most sensitive in the world, and hosting it comes with tremendous responsibility.
As global national security and public safety organizations continue to evaluate cloud computing options for cost savings and efficiency benefits, they are also looking for more consistent ways to vet and validate cloud providers’ security practices to ensure the highest standards in data protection.
The good news is that the Cloud Security Alliance (CSA) has developed a solution to reduce the ambiguity in in assessing cloud providers’ privacy practices in response to this growing need. The Security, Trust and Assurance Registry (STAR) program, which is open to all providers, includes a Cloud Control Matrix (CCM) of 100 questions about security and privacy solutions that a provider can respond to, and then register with the CSA to host the responses.
Standards such as the STAR CCM not only help to bring best practices together, but they offer greater insight into the security controls cloud providers use to protect highly sensitive data. For example, using the STAR solution enables Microsoft to provide consistency and scale responses so that national security customers can make informed decisions about Office 365 cloud solutions. The CSA has also noted that, increasingly, "major consumers of cloud services plans are requiring STAR reports moving forward as part of their procurement process."
Cloud solutions providers must continue to take their responsibility for data protection seriously and give global organizations clear insight into privacy and security practices. Increased transparency around a provider’s confidentiality, integrity and security practices will continue to be a key issue in how national security bodies understand and select cloud services, and the CCM is an extremely helpful mechanism to leverage in this ongoing pursuit.
Have a comment or opinion on this post or a question for the author? Let me know @MicrosoftPSNS or email us at firstname.lastname@example.org.