An enhancement to the international standard for IT security should help eradicate cloud cowboys.
The new Star Certification was developed by standards body BSI, incorporating NCSI, in partnership with the Cloud Security Alliance.
The certification certifies a client against a set of best practice in cloud computing – the Cloud Control Matrix – along with awarding a Gold, Silver or Bronze STAR rating based on how well the system has been embedded into an organisation.
Nick Koukoulas, managing director of BSI incorporating NCSI, said: "In response to recent concerns raised by the government, both consumers and providers of cloud-based services have been asking for independent, technology-neutral certification to help them make more informed decisions about the services they purchase and use.
"In providing a rigorous, user-centric assessment, Star Certification will provide an additional layer of transparency that the industry has been calling for," added Koukoulas.
It should spell good news for companies trying to bill themselves as a quality provider of cloud services; according to a 2013 report from Cyber Ark, 56% of organisations don’t know what their cloud service provider is doing to protect and monitor accounts.
At a recent CRN roundtable, specialist in the data centre and cloud field said that clients needed to be mindful of trusting their vital company data to untested start-ups and cowboys.
In terms of the certification, Jason Gomersall, managing director of data centre operator iSeek, said any push toward standards was a good thing.
Speaking generally, Gomersall said: "I think the market will be looking for some sort of certification or seal of approval.
"Security of information will be a big thing. From what I have read, [the Star Certification is] addressing the areas of key concern, and people will be looking for a certification or seal of approval. Is this the one? I can’t comment, but it looks like it has the right ingredients."
Nick Beaugeard, founder of cloud integrator HubOne, told CRN: "We welcome any and all cloud certification standards, and the more rigorous we become on these, the better. You wouldn’t purchase a child seat without the Australian Standards Logo, would you?"
He pointed to a number of existing standards already active in the market: ISO 27000/27001, SAS 70, the US Federal Information Security Management Act of 2002 (FISMA) and the US government's FedRamp.
"I believe, especially in Australia, a certification from the government would help businesses understand which clouds were right and good for their businesses," said Beaugeard.
"The Star Certification described below, in my opinion, offers a well rounded and rigorous set of criteria. However as it comes from the BSi, do we need to wait for Standards Australia to also adopt here?"