Over 400 enterprise IT and security managers were questioned in a March 2011 survey by cloud service provider Savvis. Among those surveyed, security was overwhelmingly cited as their primary concern. Chris Richter, V.P. of managed security services at Savvis, said, “We’ve seen hesitance in moving enterprise applications into the cloud for fear of security. A lot of CIOs…don’t believe they know enough about the cloud.”
Microsoft’s Tim Rains identified a significant cause of lack of confidence from potential customers. “What [they are] trying to do is figure out a way to determine what are the questions they should be asking cloud providers and evaluate a service, evaluate the risk and whether it meets compliance requirements,” said Rains. “That’s what we are hearing from customers.”
To address these concerns, the Cloud Security Alliance’s Security Trust and Assurance Registry
, or STAR, was launched in the fourth quarter of 2011. Providers that join STAR agree to complete questionnaires designed according to ISO 27001, an international standard for information security management systems. Those questionnaires will ultimately be available to consumers. The Cloud Security Alliance is hopeful that the implementation of STARS will increase the transparency of cloud security standards and help consumers make informed decisions based on security practices of providers.