CSA Security Update

As organizations look to cloud services to process more sensitive and critical data, security, and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. Based on the CSA’s Cloud Controls Matrix (CCM), STAR is the only meta-framework of cloud-specific security controls, mapped to leading standards, that enables third party audit review to give security teams the support and trust they require to enable this move to the cloud.
Listen as we interview Ashwin Chaudhary Director and CEO of Accedere group and discuss STAR Attestation, the advantages of SOC2 plus CCM, and the business value it brings to organizations.

https://cloudsecurityalliance.org/star/

Excerpt from the most recent PODCAST interview with Jim Reavis; Co-Founder and CEO of Cloud Security Alliance discussing the activities and speakers at the upcoming CSA Summit at RSA!

https://cloudsecurityalliance.org/star/

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Services Criteria) and the CSA Cloud Controls Matrix.
Listen as we interview Debbie Zaller; Principal, practice leader, and SME for Schellman & Company, LLC who leads the Midwest Region along with the Privacy, SOC 2 and SOC 3 service lines. We take you inside a STAR attestation engagement following the process from start to finish along with discussing the value having successfully completed a STAR Attestation audit.

https://cloudsecurityalliance.org/star/

In this insightful episode, we explore the intricate world of GDPR compliance and how tools like codes of conduct can support cloud service providers. Our special guest, Gabriela Mercuri, Managing Director of SCOPE Europe, shares her expertise on the EU Cloud Code of Conduct (EU Cloud CoC), a pivotal GDPR compliance tool designed specifically for the cloud industry.

Join us as we discuss the significance of these codes of conduct, their role in ensuring data protection, and how they offer a practical framework for companies striving to meet GDPR requirements. We will also delve into the ongoing collaboration between the EU Cloud CoC and the CSA, highlighting how this partnership enhances transparency, trust, and compliance across the cloud services landscape.

Whether you’re a cloud service provider, a data protection professional, or simply interested in GDPR compliance, this episode will provide valuable insights into the evolving landscape of data protection and the practical steps companies can take to ensure compliance.

https://cloudsecurityalliance.org/star/

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles,AT 101) and the CSA Cloud Controls Matrix.
Requirements for the cloud can be quite different than non-cloud environments, so a generic approach to security compliance is not a viable solution for providing evidence of assurance in the cloud. Unique considerations must be given to:
• Understanding the scope of the cloud computing environment.
• Do the current security controls cover the unique aspects of the cloud environment?
• Can the current risk assessment capture the risks correctly?
• Audit trails that prove the effectiveness
Join me as I interview two Principles from Schellman, Ryan Mackie and Gary Nelson as they take you on a journey down the road to Cloud Attestation and provide details of the audit, advice on implementation and the value proposition.

https://cloudsecurityalliance.org/star/