Visibility into a cloud provider’s security controls remains a major issue for organizations looking to move applications and services to the public cloud model. There’s no standard way for companies to evaluate a cloud provider’s security or for providers to document their controls, but there are efforts underway to fill that gap.
In this video interview, conducted at RSA Conference 2012, Tim Rains, director of product management in Microsoft’s Trustworthy Computing group, talks about emerging cloud computing security standards efforts, and cloud customers’ need for cloud provider transparency, especially in the area of application security. He talks about Microsoft’s participation in Cloud Security Alliance projects, including the Cloud Controls Matrix and the Security, Trust and Assurance Registry (STAR) program. The STAR program will allow cloud customers to compare cloud service providers on an apples-to-apples basis, according to Rains.