CSA Security Update
CSA STAR is the industry's most powerful program for security assurance in the cloud.The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.
CSA Security Update
The Business Case Behind Continuous Monitoring - Guest: Stephen Boyer; Founder & CTO, BitSight
Continuous Monitoring enables automation of the current security practices of cloud providers. Providers publish their security practices according to CSA formatting and specifications, which customers and tool vendors can then retrieve and present in a variety of contexts.
Continuous monitoring/auditing improves on the traditional point-in-time certification in both trust and transparency.
Point-in-time audits while the foundation of many respected certifications, often contain a considerable time gap between audits, and by adopting continuous monitoring/auditing with an increased audit frequency, chances of deviation of the security posture becomes less. This empowers cloud service providers to make precise statements on compliance status of their cloud services covered by the continuous audit process, achieving an “always up-to-date” compliance status.
There has been considerable amount of research and science that has gone into proving the business case for continuous monitoring and its effectiveness. Listen as we discuss the data in detail with Stephen Boyer, Founder and CTO of BitSight Technologies along with use cases that show how the paradigm is changing once again on how industry defines risk and security.
https://cloudsecurityalliance.org/star/