xAAS makes companies save money, first of all, paying only OpEx, non also CapEx.
Obviously, Cloud Providers are not prodiving gifts to customers: they are financially prosperous, earning from the strong efficiency coming from standardization.
Moreover, this means also limiting the available configuration options of the products.
However, it leads to a general security enhancement, especially for little customers (having little IT department). Let’s see how.
CSA Security, Trust & Assurance Registry (STAR)
Not all Cloud providers are equal. Not all offered services are at same quality level. RSA is aware of. CSA (Cloud Security Alliance) has published the last version of STAR attestation (https://cloudsecurityalliance.org/star/ ). It encompasses 3 levels of certification:
- Auto Assessment
- External (3rd party) Assessment
- Continous Monitoring
RSA is the main sponsor of the initiative.
Cloud Controls Matrix
The most important component for executing such an assessment is the list of controls to check against. It should be maintained. Periodic updates.
Actually, version 3.0.1. is the latest, published on December 2014. It encompassess:
- 16 domains (in the picture are mapped against the 8 CISSP domains)
- 133 controls (an average of 8-9 controls for each domain)
- 2 STAR domains for each CISSP one
For more information, see: