Certifications or attestations championed through the CSA STAR program, ISO/IEC, or AICPA, have been a critical driver in the adoption of cloud service across the globe. However, for some cloud customers insensitive or highly-regulated industries such as banking or healthcare, these certifications or attestations are not sufficient because they do not provide a continuous level of assurance as they rely on annual or bi-annual audits only.
To address the concerns of this segment of the industry, the Cloud Security Alliance (CSA) is building a continuous auditing framework designed to assure customers on a monthly, daily, or even hourly basis. This framework can be applied either to self-assessments or third-party certifications.