Back in the day, Verisign went on to fortune and fame by having websites that were secured by their SSL certificates that displayed the "verified by Verisign" logo. It became the Good Housekeeping seal of approval for websites. Now highly touted security company Skyhigh Networks is seeking to do a similar thing for cloud apps with its CloudTrust Program
Working with the Cloud Security Alliance, Skyhigh has developed a comprehensive set of criteria for evaluating the enterprise worthiness of cloud-based apps and services. Broadly, this set of criteria can be broken down into five categories:
I had a chance to speak with Rajiv Gupta, CEO of Skyhigh Networks, about the program. Rajiv is very proud of his company working with the Cloud Security Alliance to put this together. What is really great about it is that there is no cost for any company to be evaluated for CloudTrust. The full report and findings are also made available for free to the company that was tested. This way, if they do not pass, they can see why and take steps on how to correct any deficits and become certified. Even better, any company seeking to find out the results of an evaluation of a cloud service or app can request and receive the report for free as well.
I know what you are asking. Why is Skyhigh doing this? I asked Gupta the same question. He said his company had to do this type of evaluation anyway as part of their underlying business model. By working with the CSA and promoting the whole CloudTrust program, Skyhigh wants to brand itself as the company providing this. The new Verisign, if you will.
What about companies receiving the certification? I reached out to my friends at Yesware, one of the companies certified, to get their take. I spoke with Cashman Andrus, CTO and co-founder of Yesware. Cashman thought that it was really a great indication of all of the hard work that Yesware's team has put in making sure their app and service is safe, secure and reliable. While he thinks there will be similar copy-cat kinds of certifications in the future, for now at least CloudTrust stands out as a one of a kind.
Yesware did not have to do anything special to be qualified. This was also gratifying to Cashman. Doing something just to be certified is not what the program should be about. The Yesware folks have written a nice blog on their involvement with the program here.
In the meantime, Yesware is only one of many companies that have been certified. Gupta says Skyhigh will be testing and certifying many more in the days, weeks and months to come. He hopes companies will begin looking for the blue and green logo and that it influences their decision to use or not use a cloud app or service.
Both Skyhigh Networks and the Cloud Security Alliance are committed to updating the testing criteria in the future as well.
Will this be the new Verisign logo program? I don't know, but I do know that something like this is needed. I think if people can trust it to show quality about the certified apps and services, it will catch on. My question is will this become Balkanized? By that, will we see a plethora of different testing companies watering down the quality and confusing customers? It could be, but with the Cloud Security Alliance as their partner, Rajiv Gupta says that Skyhigh Networks will rise above the noise as the voice of trust in this area. Good luck to them!