MacStadium — a private Mac cloud provider enabling enterprise macOS workloads — has obtained Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) Level 1.

This means that MacStadium has publicly documented its compliance with CSA’s Cloud Controls Matrix (CCM), and that it joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.  

CSA STAR Level 1 (self-assessment) documents the security controls provided by various cloud computing offerings, helping users assess the security of the cloud providers they currently use or are considering using, according to MacStadium CEO KenTacelli. In order to achieve CSA STAR Level 1, cloud providers must submit the Consensus Assessments Initiative Questionnaire (CAIQ) to document compliance with the CCM.

CSA STAR is a free, publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. It encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in CCM and allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks to which they adhere. Developed to ensure cloud service providers are better able to maintain data confidentiality, integrity, and availability, CSA STAR is the industry’s most powerful program for security assurance in the cloud.

Participation in the STAR program provides multiple benefits, including indications of best practices and validation of security posture of cloud offerings. It consists of two levels of assurance (self-assessment and third-party certification), based upon:

  • The CSA Cloud Controls Matrix (CCM) v4, a cybersecurity control framework for cloud computing. It is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The controls framework is aligned to the CSA Security Guidance for Cloud Computing, and is considered a de-facto standard for cloud security assurance and compliance.
  • General Data Protection Regulation (GDPR) Compliance with the EU Cloud Code of Conduct (CoC). 

You can view MacStadium’s CSA Registry entry here: https://cloudsecurityalliance.org/star/registry/macstadium-inc .




Article provided with permission from AppleWorld.Today