CSA STAR is the industry's most powerful program for security assurance in the cloud.The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.
SAXO Bank - First Bank to achieve STAR Attestation
Saxo Bank became the first bank in the world to earn the Cloud Security Alliance STAR Level 2 Attestation and Trusted Cloud Provider accreditation.
This milestone in the bank’s technology aspirations means Saxo Bank qualifies for and adheres to the highest and most comprehensive principles in terms of transparency, privacy, security and harmonization of standards across its IT systems, services and infrastructure that supports the business and different client segments from back-office systems to open APIs. The CSA STAR Level 2 attestation is verified and validated by a third-party auditor.
The admission to the CSA and STAR Level 2 attestation demonstrates Saxo’s commitment to holistic security and is set to further accelerate the bank’s growth as a capital markets solutions provider for partners looking to run their investment infrastructure as a Service.
Listen as we interview Mads Hasling; Group CISO at Saxo Bank and he takes us on the journey to STAR Attestation from implementation, to successful attestation to looking at and measuring the ROI.
CSA CxO Trust Initiative Understanding the priorities of your peers within the C-Suite
The mission of the CSA CxO Trust is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and to also enable CISOs with tools to communicate business risk, governance, and compliance issues of cloud computing and cybersecurity in the proper context to their peers within the C-Suite and their boards of directors. This initiative will be forward looking and innovative in advancing cloud computing and cybersecurity within the C-Suite.
Join us as we interview Illena Armstrong; President of CSA and discuss the details about the CSA CxO as well as what are the biggest challenges for the "C-Suite" in today's environment, how the CxO initiative will help mitigate risk and some tips on how to engage with high-ranking officers of a company.
Objectives-based Security - Enabling Security Teams to deliver desired outcomes
"There is a proliferation of security products. As more high-value assets come online, the cybersecurity threats grow and the application environments rapidly change. Security teams are stretched thin trying to continuously map the desired business outcomes to disparate product configurations in these environments".
"What we lack as an industry is a cohesive and a high-level approach to enabling security teams to deliver cybersecurity outcomes. A different approach to security is needed".
~Vishwas Manral, Forbes Councils Member~
Join us as we interview Vishwas Manral Forbes Councils Member, founder and CEO at NanoSec (acquired by McAfee) and chief cloud architect of cloud security at McAfee as well as co-chair of the Cloud Security Alliance, Silicon Valley. We discuss a more powerful common sense approach to laying the ground work for a more robust cybersecurity posture that will ensure organizations are more resilient by using the core business requirements as the input.
The advantages and future of the Cloud Control Matrix
The Cloud Control Matrix (CCM) is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The CCM is considered the de-facto standard for cloud security and privacy.
Listen as we interview Harry Lu; The current Co-Chair of the Cloud Security Alliance Cloud Control Matrix Working Group and discuss the CCM, the advantages it brings to organizations, how it mitigates risk, the benefits, and how it facilitates the reduction of complexity in a business, plus an insight into the just-released CCM V4 and the future of the CCM.
A case study – CCM and STAR –Integrating with third-party assessments and regulations to avoid duplication of effort and cost.
The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR program promotes flexible, incremental, and multi-layered certifications that integrate with popular third-party assessments to avoid duplication of effort and cost. Security providers can fill out the extended question set that aligns with the CCM and send it to potential and current clients to demonstrate compliance to industry standards, frameworks, and regulations. It is recommended that providers submit the completed CAIQ to the STAR Registry so it is publicly available to all clients.
Join us as we interview Chris Dixon; Governance, Risk & Compliance Manager at TokenEx and listen as he takes us on their journey utilizing the CCM and STAR including
What problems does it solve or how did it help mitigate risk?How has using the CCM helped Tokenex reach some of its security targets?What are the major benefits?
The Business Value of STAR Attestation
As organizations look to cloud services to process more sensitive and critical data, security, and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. Based on the CSA’s Cloud Controls Matrix (CCM), STAR is the only meta-framework of cloud-specific security controls, mapped to leading standards, that enables third party audit review to give security teams the support and trust they require to enable this move to the cloud.
Listen as we interview Ashwin Chaudhary Director and CEO of Accedere group and discuss STAR Attestation, the advantages of SOC2 plus CCM, and the business value it brings to organizations.