Cloud security transparency today equates to a non-disclosure-agreement discussion between an enterprise and service provider over the provider’s controls. The end result may satisfy the customer and lead to business for the provider, but the process isn’t efficient for either side.

Calls for cloud transparency, however, continue to resonate as IT evolves and moves onto cloud computing platforms, attractive for their efficiency and elasticity. Enterprises moving applications and data to the cloud, or consuming a provider’s services, need to understand cloud provider security. But providers remain hesitant to give up proprietary information, or expose themselves to exploit.

The Cloud Security Alliance’s Security Trust and Assurance Registry, or STAR, is the closest thing to a standards-based effort meeting this need. STAR launched in the fourth quarter of last year and its aim is to be a public repository of providers’ security controls. Providers who are STAR members can fill out either the CSA’s Consensus Assessments Initiative Questionnaire or the Cloud Controls Matrix framework questionnaire, both built according to the ISO 27001 standard, and ultimately agree to have that data published online and publicly accessible.

To read the entire article, please click on this link http://searchcloudsecurity.techtarget.com/news/2240114155/Calls-for-cloud-security-transparency-getting-louder