The Cloud Security Alliance (CSA) runs a program called the CSA Security, Trust, and Assurance (STAR) registry focused on keeping your data secure in the cloud. It relies on self-assessment, auditing, and certification to identify companies that follow the organization’s rigorous framework for the security of data in the cloud. CSA STAR guidelines are relevant for cloud service providers (CSPs). Though your online store doesn’t participate in this program, your cloud service provider may, indicating that they have strong security guidelines protecting your customer data in the cloud.

How is CSA STAR different from ISO 27001?

ISO 27001 are the minimum security requirements for your CSP. Certification in this program acknowledges that your CSP has an active security program that meets certain standards in protecting data from outside security risks.

CSA STAR is a complementary program to ISO 27001. CSPs that meet the requirements meet a higher level of security built on a rigorous assessment and testing rubric. It’s mostly a value addition; if your CSP is CSA STAR certified, it means they go above and beyond to protect your data from attacks.

What elements of a CSP does CSA STAR evaluate?

By measuring the maturity level of a CSP’s security framework, CSA STAR certification looks at five areas.

1. How well a CSP is prepared to communicate with stakeholders should any problems arise.
2. What kind of documentation a CSP has in place around policies and procedures for certain kinds of security situations.
3. How knowledgeable and skilled the organization’s security staff are.
4. How well everything is managed.
5. What kind of monitoring and measurement tools are in place.

How do CSPs get certified as a CSA STAR company?

CSPs go through a rigorous process to get certified. They follow a self-assessment to see where they meet standards. Then, when they think they’re ready for evaluation, a third-party certification comes in to check everything out. To stay certified, CSA continues to audit member organizations.

What does CSA STAR have to do with online stores?

The trust of your customers is one of the most valuable things you have. Online stores can do a lot to ensure they protect customer data. But that data resides in the cloud, and there’s only so much control an ecommerce business can exert on it there. It’s up to you to choose a cloud service provider that does everything in its power to protect the data of its customers.

Though online stores don’t have an active role in CSA STAR certification, it’s your choice who you partner with for cloud services. CSA certification is extra insurance that your CSP takes the security of your data seriously.