Cloud ComplianceIaaSSecurity

Leading the Charge in Cloud Security

ByJune 7, 2017
CSA STAR Certificationiland, in its constant pursuit of excellence in cloud security, was recently awarded the Cloud Security Alliance STAR Gold Certification, which is the highest level attainable for this type of certification, and iland is only the second Infrastructure-as-a-Service (IaaS) provider to receive the Gold level designation.

This certification was designed to provide a guide for cloud service providers to determine how to become more secure, and a guide for cloud customers in assessing the security aspects of their cloud service provider. iland’s achievement of the CSA Gold level designation means customers can be confident that iland is at the forefront of cloud security. This certification builds on iland’s Secure Cloud platform and services which, have advanced security features fully embedded and our compliance professional services team who guide iland customers through the process of ensuring cloud compliance to a broad range of industry regulations.

What certification processes did iland have to complete?

An accredited independent third party – the British Standards Institution (BSI) utilized the CSA auditing process, which is based upon completing both the ISO/IEC 27001 certification and additional criteria set out in the CSA Cloud Controls Matrix (CCM), to evaluate iland’s security controls. The benefit to being evaluated under this process versus other processes is that it is pre-mapped to other industry accepted frameworks, including HIPAA, PCI DSS, SOC2, ISO27001 and NIST. Once the evaluation was complete, the BSI scored iland’s security controls using a point based system that provides for more points for higher levels of organizational maturity. iland’s high level of maturity earned it enough points to be awarded the highest-level designation possible.

Why the Cloud Security Alliance?

The Cloud Security Alliance (CSA) is an international organization dedicated to improving cloud security, and one of the ways that it does this is by operating the CSA Security, Trust & Assurance Registry (STAR). STAR is a publicly accessible registry that allows for cloud providers that have received certifications from CSA to publish them so that potential customers can verify that the provider does indeed have the certification, and the registry is based on the CCM and the Consensus Assessments Initiative Questionnaire (CAIQ), the latter of which is an extensive control-based questionnaire that is designed to provide cloud provider customers with a core set of questions to ask a cloud provider before procuring their services.

How does this benefit iland customers?

The benefits of iland achieving the CSA Star Gold Certification for our customers include:
  1. Access – While an iland customer could view the certification itself on the CSA website the same way that the customers of other cloud service providers can, iland distinguishes itself from other cloud providers not only by providing both the auditor report and iland’s answered CAIQ in the iland Secure Cloud Console, but also by allowing its customers to view and download these documents at any time. This is invaluable when it comes to auditing time.
  2. Confidence – Customers can be confident that iland is constantly working on improving cloud security, and the CSA STAR Gold Certification validates this. They can also download the detailed documentation to prove their cloud security posture from the iland Secure Cloud Console at any time and provide this to their own customers to assure them. This is particularly important for channel partners or SaaS providers.
  3. Due Diligence – The CAIQ provides answers to many, if not most, of the most common questions in due diligence questionnaires, and customers have access to the information 24/7/365 on the iland Secure Cloud Console. This makes the evaluation process and the auditing and compliance processes much more straightforward and efficient.
  4. Transparency – The auditor’s report for the CSA STAR Gold Certification in the iland Secure Cloud Console will enable customers to see not only iland’s areas of strength, but also areas that iland has room to grow.
Overall, iland has invested in achieving the CSA STAR Gold Certification because we know the increasing importance that our customers place on ensuring the same levels of security in the cloud that they have on-premises. In this age of heightened risks from cybersecurity attacks including ransomware, iland is committed to investing in integrated best of breed security features in our cloud platform as well as compliance services to ensure our customers can confidently move forward with their cloud initiatives.
William McHenry

William McHenry

William is the Compliance Counsel based in iland’s Houston headquarters. He specializes in Data Protection Laws, such as GDPR and HIPAA, and Commercial Transactions. In order to achieve his objectives, he frequently coordinates with customers, vendors and various iland teams. He is licensed to practice law in Texas and holds both a Juris Doctor degree and an International and Comparative Law Certificate from Tulane University. Prior to joining iland, he worked for four years at a law firm in New Orleans that specialized in Litigation Management Solutions.