Managed services and cloud computing are not exactly the same thing, but the terms are sometimes used interchangeably because IT solutions that harness the cloud are tools that many managed services providers use. As more businesses move to a managed services model that incorporates cloud security provisions, some are looking for more transparency about the security services provided.
According to Tim Rains, who works for Microsoft as a director in its Trustworthy Computing Group, customers are trying to "figure out a way to determine what are the questions they should be asking cloud providers and evaluate a service, evaluate the risk and whether it meets compliance requirements. Customers want to compare service offerings on an apples-to-apples basis. They need a standard set of questions to ask and get consistent set of answers. That’s what we’re hearing from customers.”
One possible solution for customers may be STAR, or the Security Trust and Assurance Registry, an initiative by the Cloud Security Alliance. Launched to the public near the end of 2011, the goal of STAR is to provide businesses and other organizations with transparent information about the security controls that various cloud providers have implemented. To be included in the registry, providers must be STAR members and fill out a detailed questionnaire that will become accessible to the public at large.
Many large providers have already participated in the STAR effort, but little data has been published yet because legal issues are still being resolved. Still, for businesses looking for more transparency from their cloud security providers, STAR may be a step in the right direction.