Benchmarks and evaluation standards for cloud computing security is a topic that is top of mind for many organizations that are evaluating the potential uses of this new computing paradigm. Many of the customers I have talked to say they would benefit from standard evaluation criteria for cloud service providers. Many customers are trying to find an adequate method to communicate potential risk to internal and external auditors. Some customers are interested in using the European Network and Information Security Agency’s (ENISA’s) set of evaluation criteria for cloud service providers as a potential baseline for future cloud provider assessments, while other customers are looking to ISO 27001 or a future ISO standard that specifically addresses cloud computing technology, and others are looking at the potential of the Cloud Security Alliance’s Security Trust and Assurance Registry (STAR).
As I mentioned in my last article, Microsoft is collaborating very closely with the industry on drafting standards and baselines for cloud service providers. Laura Posey, a Senior Security Strategist in Trustworthy Computing at Microsoft, has been involved in this process. Please watch this latest video in the Trustworthy Computing Cloud Fundamentals Video Series where I discuss standards for cloud computing security with Laura.
If you haven’t seen the other videos in this series, you can check them out below:
Cloud Fundamentals Video Series
- Introducing the Cloud Fundamentals Video Series
- Cloud Computing & Business Agility
- Cloud Computing Requires Transparency
- Cloud Transparency as an Element of Trust
- The Benefits of Industry Collaboration to Cloud Computing Security
Please check back on this blog regularly as we continue the Cloud Fundamentals Video Series and explore topics that are top of mind for IT professionals related to cloud security, privacy, and reliability.