Learning Marketplace

Certification for the Cloud is finally here

Cloud Service Providers (CSPs) face unique information risks. End users are concerned with the security of their information and whether they can trust CSPs. The Cloud Security Alliance (CSA) has identified gaps within the IT ecosystem that are inhibiting market adoption of secure and reliable cloud services. The market needs a transparent feedback system that will help avoid costly mistakes in the adoption of cloud computing while enabling CSPs to demonstrate they can not only be trusted, but their processes and scope are fit-for-purpose. Organizations need to feel confident that their cloud computing services are safe, secure, and aligned with their organization's strategic interests.

The CSA in cooperation with BSI is enabling an understanding of the next level certification/assurance for the Cloud. Currently, there are self-certification options. Now there will be two independent certification/assurance options: 1) ISO/IEC 27001 and 2) SOC 2. Hear the latest developments on these initiatives.

Details released will include specifics on the following:

  • Explaining the new international standards and attestation initiatives currently under development which will take aim at cloud services, privacy, and vendor management.
  • Integrating the ISO/IEC 27001 certification with a proven benchmark process analysis and evaluation system to provide a transparent and consistent continuous monitoring process.
  • The new Cloud Control Matrix, which maps the trust principles used for Service Organization Control Report 2 (SOC 2) reporting.

Presenter Information

John DiMaria - John DiMaria is the ISO Product Manager for BSI Group America Inc. He has 28 years of successful experience in Management System Development, including Information Systems, and Quality Assurance. John is responsible for overseeing, product roll-out, and client/sales education. He is a product spokesperson for BSI Group America, Inc. regarding all product standards covering Risk, Quality, Sustainability and Regulatory Compliance.

John has been featured in many publications concerning various topics regarding information security, sustainability and business continuity such as Computer World, Quality Magazine, Continuity Insights, ABA Banking Journal, CPM Magazine, and Disaster Recovery Journal.

Audrey Katcher - Audrey Katcher is a RubinBrown partner who currently chairs the Service Organization Controls group within the America Institute of Certified Public Accountants. She recently took a role as the chair of the Open Certification Framework (OCF) STAR Assurance Working Group for CSA.

With over 20 years of experience in assessing internal control from security to SOX, Audrey brings a breadth of experience to the discussion of the unprecedented change in the controls space for the Cloud occurring now.