The CloudTrust Program instituted by Skyhigh Security is an objective and comprehensive assessment of a cloud service’s security capabilities based on the 66 risk attributes developed along with the Cloud Security Alliance (CSA). Skyhigh Security evaluates cloud services and awards those services that fully satisfy the program’s stringent requirements with the Skyhigh Security Enterprise-Ready™ seal. There are currently over 100 cloud service providers who are part of the CloudTrust program.
Skyhigh Security’s assessment of a cloud service consists of three steps:
- Assessment. Skyhigh Security collects and reviews attribute values from many sources, including public-facing company information, support forums, real-time news feeds, adverse security events, automated scripts, and questionnaires. The Skyhigh Security team also subscribes to the service and engages with support teams for more details about service attributes and security controls.
- Scoring. Skyhigh Security calculates a risk score for the cloud service.
- Validation. Skyhigh Security interacts with the cloud service provider to validate the attribute information and make sure the risk score is accurate. Once cloud service providers have gained entry into the CloudTrust program, they are needed to provide validation of their registry attributes on a quarterly basis.