Vendor Security Credentials
“Asked to flash its cloud security credentials at an industry forum, Google pointed to its SAS 70 certification, giving more support to that set of standards as a measure of how well cloud providers lock down customer data. ‘We need to prove we are secure,’ says Rajen Sheth, the product manager at Google who came up with Google Apps, speaking at a panel on cloud services at the Enterprise 2.0 conference in Boston.*”
Microsoft announced that it recently gained SAS 70 Type I and Type II attestations and ISO/IEC 27001:2005 certification.
Amazon Web Services (AWS) has successfully completed SAS 70 Type II Audit from independent auditors, and has stated that it will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of our infrastructure and services. An overview of Security Processes applicable to Amazon Web Services is available at http://awsmedia.s3.amazonaws.com/pdf/AWS_Security_Whitepaper.pdf.
Rackspace has achieved ISO/IEC 27001, ISO 17799, SAS 70 Type II audit process, Microsoft Gold Partner, Gartner Leader, Dell Partner, and Cisco Powered Network Certification.
» Salesforce.com and Force.com
Salesforce.com and Force.com are SAS 70 Type 2, SysTrust, and ISO 27001 compliant.
In addition to SAS 70 and ISO 27001 certifications, Serve-Path has a particularly rigorous service level agreement (SLA), which they call 10,000% Guaranteed®. It states:
For every minute ServePath fails to deliver, we will provide you with 100 minutes of service credit.
• The SLA covers the following elements of service:
• Network performance
• Hardware replacement (within 60 minutes)
• Support response time (30 minutes for server down, packet loss, or routing issues)
• Domain name services
• Power availability and performance
• Cooling and environment
• Server power cycling
• Physical security
• 24 x 365 onsite engineering
However, no credit will exceed one hundred percent (100%) of Customer’s fees for the service feature in question for the then-current billing month. Details of the SLA are available at http://servpath.com/pdfs/ServePathSLA.pdf
The Unisys Secure Cloud Solution allows balancing workloads across a global network of Unisys data centers, which are certified to key international standards such as ISO/IEC 27001:2005 for security, ISO/IEC 20000 for service management and the SAS 70 Type II auditing standard.
Verizon announced that it had successfully completed the first annual SAS 70 Type II examination of controls for its cloud computing data centers.
IBM offers customers Security Assessment services. Of course, its own cloud offerings are fully compliant.
Source of Information : Implementing and Developing Cloud Computing Applications 2011