The Microsoft approach to cloud transparency – Part XII – Summary

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!
This entry is part of a wonderful series, Microsoft Cloud Transparency»

Thank you for coming back for the exciting Part XII of The Microsoft approach to cloud transparency


The Microsoft approach to cloud transparency


Using the Cloud Security Alliance’s Security, Trust & Assurance Registry (STAR)


Part XII – Summary

The decision about how to move forward with cloud deployment is an important one. As organizations see the benefits of cloud computing in rapid deployment and provisioning, up or down- scaling, and cost reduction, they find cloud migration a desirable approach to service delivery.

However, such migration and deployment of new services are sometimes slowed or prevented by the need to thoroughly research (or assess) the risk involved and mitigate such risk. In the process of implementing cloud computing, much of the risk is seen as new, or even exotic, when compared to existing, day-to-day, operational risk.

Some of the unease and complexity involved in selecting a cloud provider can be alleviated by using a common controls framework. Such a framework should be based upon industry best practices and a true understanding and evaluation of cloud-specific deployment considerations and risks. Such a framework should also help alleviate much of much of the cost involved in the evaluation of alternate solutions, and help to significantly manage risks that are inherent in the deployment of any new technology.


 The Security, Trust and Assurance Registry, created by the Cloud Security Alliance

(CSA), is such a framework.


The CSA publishes and maintains STAR, which was created to reduce much of the effort, ambiguity, and costs of getting the right information on cloud providers’ security and privacy practices. STAR uses the Cloud Controls Matrix (CCM) to provide a detailed understanding of security and privacy concepts and principles that are aligned with Cloud Security Alliance guidance.

The CSA CCM provides organizations with a framework that has the needed

structure, detail, and clarity with regard to information security, tailored to the cloud

computing services industry.


To help organizations deploy cloud computing solutions, Microsoft offers its detailed replies to STAR, which are publicly available at the CSA website. Microsoft‘s reply incorporates ISO 27000 guidelines, and exemplifies the commitment Microsoft makes and importance Microsoft places on its customers’ security and privacy.


Come back next week for Part XIII and and the Further Reading Section

Leave a Reply

Your email address will not be published. Required fields are marked *