STAR comprehensively includes crucial principles of transparency, auditing, and harmonization of standards. STAR certification provides multiple benefits, including assessment of cloud technology against industry-established best practices and validation of security posture of cloud offerings.
The Cloud Security Alliance has created the Cloud Controls Matrix (CCM) which is a baseline set of security controls to help enterprises assess the risk associated with a cloud computing provider. CCM v3.0.1 is available as a free download to help limitations exist for encrypting data in storage, data in transit and key management.
Domains of Cloud Control Matrix:
There are 16 domains identified in the CCM and TCL has complied to the 133 controls of all 16 domains. They are:
|Domain Name||No. of Controls|
|Application & Interface Security; Application Security||4|
|Audit Assurance & Compliance; Audit Planning||3|
|Business Continuity Management & Operational Resilience; Business Continuity Planning||11|
|Change Control & Configuration Management; New Development / Acquisition||5|
|Data Security & Information Lifecycle Management Classification||7|
|Datacenter Security; Asset Management||9|
|Encryption & Key Management Entitlement||4|
|Governance and Risk Management; Baseline Requirements||11|
|Human Resources; Asset Returns||11|
|Identity & Access Management; Audit Tools Access||13|
|Infrastructure & Virtualization Security; Audit Logging / Intrusion Detection||13|
|Interoperability & Portability; APIs||5|
|Mobile Security; Anti-Malware||20|
|Security Incident Management, E-Discovery & Cloud Forensics|
Contact / Authority Maintenance
|Supply Chain Management, Transparency and Accountability|
Data Quality and Integrity
|Threat and Vulnerability Management|
Anti-Virus / Malicious Software
CSA STAR Self-Assessment is open to all cloud technology players and allows them to submit self-assessment reports which records adoption and compliance to CSA-published best practices. CSA CCM is a framework which provides organizations with the needed structure, detail and precision relating to information security exercises that are tailored-made to the cloud industry.
To indicate TCL’s compliance with CSA best practices the Cloud Controls Matrix (CCM) was submitted, which provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains.
Contact us to learn how we can help you unleash collaboration, creativity, and commercial innovation.