For some time now, the Cloud Security Alliance (CSA) has been offering impartial advice on how best to go about securing a cloud computing environment. Now CSA is now beta testing a software-as-a-service (SaaS) application to help better manage the process.
CSA CEO Jim Reavis says rather than relying on questionnaires developed by CSA that IT organizations then need to record the answers to using a spreadsheet, the CSA decided it would create a STARWatch cloud application that would make it simpler for organizations to share cloud security information. Rather than trying to reconcile multiple spreadsheets, Reavis says that IT organizations can make use of STARWatch to share information about any one of the cloud service providers they deal with, regardless of their physical location.
“We think that’s going to be more efficient than trying to use spreadsheets to keep track of assessments,” says Reavis.
STARWatch, for the moment at least, is a crowd-funded SaaS application. Reavis says that CSA hopes to be able to make the metadata generated by STARWatch available to IT organizations. CSA is also interested in analyzing metadata generated by multiple organizations using STARWatch to provide more insights into industry trends and issues. But any use of that data would require an approach that maintained organizational confidentiality, says Reavis.
In the meantime, CSA plans to charge a fee to use the application. But during the beta period, it’s offering a 70 percent discount that starts at $895 for a three-user license.
It’s now obvious to almost everyone that organizations of all types are trying to hold cloud service providers to be more accountable when it comes to security. The best place to begin that process is by providing everyone involved with a common understanding of what needs to be measured.