If you were to a compare a current survey of “top concerns for cloud adoption” with one conducted say five years ago, you would see that the number one issue back then was security, followed by data privacy or protection. Fast forward five years and these concerns still haven’t gone away.
However, what is different today is that the concern for securing applications and data in the cloud is now driven more by practical security concerns rather than hypothetical ones. Five years ago CISOs were concerned about the conceptual security of the cloud, i.e. if I were to put my data in the cloud, would it be secure? Now they are anxious about the practical realities around how they can secure their systems as well as extend their existing cybersecurity skills, processes, and controls to enforce security policies and monitor activities in the cloud.
That’s because threats today are real and organisations of all shapes and sizes are being hit. I’m sure you’ve read the headlines and heard about the recent WannaCry attack. Hopefully you haven’t had to experience first-hand what a cyber-attack like this can do, and moreover, if you’re securing your systems in the cloud you want to ensure that your organisation never has to find out.
Pursuit of excellence
Here at iland we are in constant pursuit of excellence in cloud security. It is a top priority. In fact we were recently awarded the Cloud Security Alliance STAR Gold Certification, which is the highest level attainable for this type of certification, and I am proud to say that iland is only the second Infrastructure-as-a-Service (IaaS) provider to receive this Gold level certification.
For those not familiar with the CSA certification it was designed to provide a guide for cloud service providers to determine how to become more secure, and a guide for cloud customers in assessing the security aspects of their cloud service provider. iland’s achievement of the CSA Gold level designation means customers can be confident that iland is at the forefront of cloud security.
So what certification processes did we have to complete and why is this important?
An accredited independent third party – the British Standards Institution (BSI) - utilised the CSA auditing process, which is based upon completing both the ISO/IEC 27001 certification and additional criteria set out in the CSA Cloud Controls Matrix (CCM), to evaluate iland’s security controls. The benefit of being evaluated under this process versus other processes is that it is pre-mapped to other industry accepted frameworks including HIPAA, PCI DSS, SOC2, ISO27001 and NIST. Once the evaluation was complete, the BSI scored iland’s security controls using a point based system that designates more points for higher levels of organisational maturity. iland’s high level of maturity earned it enough points to be awarded the highest level possible.
The Cloud Security Alliance (CSA) is an international organisation dedicated to improving cloud security and one of the ways that it does this is by operating the CSA Security, Trust & Assurance Registry (STAR). STAR is a publicly accessible registry that allows for cloud providers that have received certifications from CSA to publish them so that potential customers can verify that the provider does indeed have the certification. The registry is based on the CCM and the Consensus Assessments Initiative Questionnaire (CAIQ), the latter of which is an extensive control-based questionnaire that is designed to provide cloud provider customers with a core set of questions to ask a cloud provider before procuring their services.
This is important because the benefits of achieving CSA Star Gold Certification are many, such as:
Access - While an iland customer could view the certification itself on the CSA website the same way that the customers of other cloud service providers can, iland distinguishes itself from other cloud providers not only by providing both the auditor report and iland’s answered CAIQ in the iland Secure Cloud Console, but also by allowing our customers to view and download these documents at any time. This is invaluable when it comes to auditing time.
Confidence – Customers can be confident that iland is constantly working on improving cloud security and the CSA STAR Gold Certification validates this. They can also download the detailed documentation to prove their cloud security posture from the iland Secure Cloud Console at any time and provide this to their own customers to assure them. This is particularly important for channel partners or SaaS providers.
Due Diligence – The CAIQ provides answers to many, if not most of the most common questions in due diligence questionnaires, and customers have access to the information 24/7/365 on the iland Secure Cloud Console. This makes the evaluation process and the auditing and compliance processes much more straightforward and efficient.
Transparency – The auditor’s report for the CSA STAR Gold Certification of the iland Secure Cloud Console will enable customers to see not only iland’s areas of strength, but also areas that iland has room to grow.
We have invested in the CSA STAR Gold Certification because we know the increasing importance that our customers place on ensuring the same levels of security in the cloud that they have on-premises. In this age of heightened risk of cybersecurity attacks including ransomware, we are committed to investing in integrated best of breed security features in our cloud platform as well as compliance services to ensure our customers can confidently move forward with their cloud initiatives.
Monica Brink is EMEA marketing director at iland