CSA STAR + SOC2 - From Readiness to Attestation

05/26/20 • 31 min

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix.
1. What is CSA STAR & SOC2? What is CSA STAR & SOC2?

2. What are the prevalent business drivers which lead to the necessity of obtaining a CSA STAR & SOC2 attestation?

3. Why should my business plan for a CSA STAR & SOC2 rather than react to the demand for the attestation?
Join us as we interview Audrey Katcher; partner of RubinBrown’s Business Advisory Services Group, overseeing the group’s Information Technology Risk Services. She also serves as the Open Certification Framework Working group liaison for AICPA and made a significant contribution to the STAR Attestation guidelines.
Listen as Audrey answers these questions and more regarding STAR Attestation and the assessment process.

https://cloudsecurityalliance.org/star/

2. What are the prevalent business drivers which lead to the necessity of obtaining a CSA STAR & SOC2 attestation?

https://cloudsecurityalliance.org/star/

Previous Episode

CSA STAR Certification Case Study Guest: Larry Greenblatt, CISSP, CCSP; Information Security Specialist at QAD

The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.

The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.
Listen as we interview Larry Greenblatt, Information Security Specialist at QAD as he takes us through his journey to CSA STAR Certification from business case to implementation to through the audit process as well as discussing the ROI and the importance the maturity evaluation and how this has facilitated improving their business overall.

https://cloudsecurityalliance.org/star/

Next Episode

How to Engage with Cloud Customers

As a cloud service provider (CSP) customer engagement is crucial.
It impacts customer loyalty, which directly impacts the bottom line. The potential cost of incompetent customer engagement should be concerning to CSPs.
The lines between cloud providers and cloud consumers keep getting fuzzier every day.
What are the main challenges of cloud computing that users face?

What is the growing paradigm shift in what users will expect from CSP’s moving forward as a minimum requirement?

What are the top 3 or 4 risks of cloud computing they should be aware of on their end?
Get answers to these questions and more as we interview Jennifer "Jen" Chermoshnyuk; Security and Trust Engineer for GitHub and shed some light on this critical subject matter.

https://cloudsecurityalliance.org/star/