ATLANTA, GA (April 24, 2018) – The National Technology Security Coalition (NTSC) and the Cloud Security Alliance (CSA) announced a partnership to advance cloud computing security at the RSA Conference’s CSA Summit on Monday, April 16. Pete Chronis, CISO of Turner and an NTSC Board Member, announced the partnership during his talk “The CISOs' role in Shaping Public Policy” where he discussed the opportunities and challenges for CISOs to engage with government on public policy challenges impacting the enterprise and outlined the NTSC’s role in advocating for CISO issues.
By partnering together to promote the adoption of cybersecurity best practices, the NTSC and CSA will aim to improve vendor security. Specifically, the two organizations will help standardize and improve cloud security vendor reviews by promoting and strengthening the CSA’s Security, Trust & Assurance Registry (STAR) and related CSA tools as recommended practices for cloud security and vendor evaluations.
“We are excited to partner with the NTSC to make common cause toward raising the bar for cloud computing security and all new emerging technologies,” said Jim Reavis, CEO of Cloud Security Alliance. “CSA STAR is the world’s largest cloud computing assurance program which, combined with NTSC’s focus on CISO advocacy, will help accelerate trust of the cloud while preventing key stakeholders from reinventing the wheel.”
The NTSC and CSA are seeking to streamline the vendor security review process; reduce time, energy, and effort by encouraging best practices for vendors; and offer benefits to vendors who abide by this process and best practices. Together, the organizations will collaborate on a STAR-based questionnaire that maps to the most used compliance frameworks. A joint whitepaper will then provide information about this program, how CISOs can incorporate this program into their companies, and how vendors would incorporate the program when planning to work with organizations.
“The information security industry needs to evolve the way it assesses and improves cloud vendor security,” said Patrick Gaul, Executive Director of the NTSC. “CISOs don’t have the same kind of transparency with third party cloud security vendors as they do with their own network systems. I’m excited that the preeminent CISO and cloud security auditing associations are partnering together, and we look forward to promoting a more rigorous way to help CISOs vet cloud security vendors based on CSA’s successful STAR program.”
In addition to partnering on a cloud security vetting program, the CSA and the NTSC will also participate in each other’s events, discuss industry issues in working groups, and collaborate on research involving cloud security. The NTSC encourages dialogue about cybersecurity issues, laws, and regulations through advocacy engagement with congressional members, regional CISO policy roundtables, and an annual DC Fly-In as part of its National CISO Policy Conference. The CSA holds many conferences, summits, events, and forums around the world to promote the use of best practices for providing security assurance within cloud computing.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.
About the National Technology Security Coalition (NTSC)
The National Technology Security Coalition (NTSC) is a non-profit, on-partisan organization that serves as the preeminent advocacy voice for Chief Information Security Officers (CISOs) across the nation. Through dialogue, education, and government relations, we unite both public and private sector stakeholders around policies that improve national cybersecurity standards and awareness.
National Technology Security Coalition
Cloud Security Alliance