EY helps Ribose Make History with First Cloud Security Alliance (CSA) STAR Attestation
News | The Cloud Security Alliance (CSA) today announced that global professional services organisation, Ernst & Young (EY), has helped Ribose become the first company worldwide to achieve the Cloud Security Alliance Security, Trust and Assurance Registry (STAR) Attestation level of third-party assessment.
Ribose is the first and only cloud service provider worldwide that has successfully completed a Service Organisation Control (SOC) 2 assessment using criteria from the American Institute of Certified Public Accountants (AICPA) Trust Service Principles and the CSA Cloud Controls Matrix 3.01, according to AICPA’s Attest Engagement AT Section 101.
“Transparency has always been a significant part of the CSA’s mission and, in doing so, we are constantly strengthening our guidelines and standards to help providers give their customers confidence and assurance when it comes to cloud computing,” said Jim Reavis, CEO of the CSA. “Since its introduction, the CSA STAR programme has played a critical role to encourage transparency of security practices within cloud providers. We would like to congratulate Ribose on this achievement and their commitment to providing a safe, secure collaboration platform. We would also like to recognize EY for performing the assessment and staying on the leading edge of cloud security best practices for its clients.”
CSA STAR is the industry’s most powerful programme for assurance in the cloud and encompasses key principles of transparency, rigorous auditing, harmonisation of standards, and eventually continuous monitoring. As the first step in improving transparency, it is designed to recognise the varying assurance requirements and maturity levels of providers and consumers. It is used by customers, providers, industries and governments around the world to assess the security of the cloud providers they currently use or are considering contracting with. STAR consists of three levels of assurance, CSA STAR Self-Assessment, CSA STAR Certification and Attestation, and CSA STAR Continuous Monitoring. All offerings are based upon the CSA’s succinct, yet comprehensive list of cloud-centric control objectives in the CCM. CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations.
Vincent Chan, EY’s Advisory Services Leader, Hong Kong & Macau, says: “EY is proud to be the first firm globally to achieve the CSA STAR Attestation for a client, Ribose. The recognition is significant as we continue to build our expertise around helping cloud service providers (CSPs) prepare for and obtain cloud certifications, and help companies get ready to move into the cloud.”
Ronald Tse, founder of Ribose, and member of the CSA’s International Standardisation Council, says: “STAR Attestation provides cloud customers with an unparalleled level of assurance and verified transparency. This is the strongest cloud compliance scheme available to date – combining the depth of AICPA’s SOC engagements with the comprehensive cloud security coverage of the CCM. We consider this the most powerful way to convince customers: by showing an attestation report issued by an international auditing firm, fully listing all the organisation’s controls with their design and operational effectiveness described in detail, covering all criteria of TSP 100 and CCM 3.0.1.”
Tse continues on to say, “Ribose has always been a strong supporter of CSA initiatives. We were the first CSP to adopt and achieve STAR Certification to the newly released CCM 3.0 and 3.0.1 standards through BSI, and now the first CSP globally to achieve STAR Attestation through EY. We look forward to working with CSA in building an increasingly secure and responsible cloud industry.”
The CSA has seen tremendous growth in STAR, with more than 90 entries from major cloud players around the world, including Alibaba, Amazon Web Services, Box.com, Dropbox, HP, Microsoft, Red Hat, Telecom Italia and Terremark. These cloud providers recognise the need to provide transparency and assurance of their cloud services to corporations and end users, who are increasingly requesting visibility into the security controls provided by various cloud computing offerings. The CSA STAR is open to all cloud providers.
The Cloud Security Alliance is a not-for-profit organisation with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit their website or follow CSA on Twitter @cloudsa.
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services they deliver help build trust and confidence in the capital markets and in economies the world over. EY refers to the global organisation, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information, visit their website.
Ribose is a cloud collaboration platform that makes working together easy and fun. A forerunner in cloud security, Ribose is the world’s first cloud service provider certified to CSA STAR Attestation, STAR Certification (CCM 3.0.1) and MTCS. It is also certified to ISO/IEC 27001, ISO/IEC 20000 and CDSA CPS standards, and approved by the UK Government’s G-Cloud program for government use. Ribose is free to use.
Digital World image courtesy Ilco@freeimages.com