Maestro Security: a New Star on the Cloud Sky


There are various assessment and audit services that let providers prove their offerings are safe and won’t bring a Trojan horse into a customer’s enterprise citadel.

Among them, the Cloud Security Alliance stands out. This is a world’s leading organization dedicated to establishing and promoting security best practices for Cloud computing environments.

One of the CSA activities is the creation and support for the STAR (the Security, Trust, Assurance, and Risk) Registry – a one that docments the security and privacy controls provided by cloud computing offerings. And we are glad to announce that Maestro has just reached the Level 1 within the program, thus proofed its maturity and reliability. You can find the Maestro listing on the CSA STAR Registry page.

What does this mean, practically?

STAR level 1 means that Maestro team has passed the self-assessment by filling the Consensus Assessments Initiative Questionnaire (CAIQ) to verify that Maestro is compliant with the CSA Cloud Controls Matrix (CCM).

The CCM is a cybersecurity control framework for cloud computing. It includes 197 objectives within 17 domains around all key aspects of cloud technologies. The framework describes the controls to be implemented within an offering, the actors that must implement each of them, as well as the place within the cloud supply chain where the control should be implemented.

The framework is a standard that should be kept to by cloud offerings providers. By submitting the matrix, we ensured that Maestro meets the high security standards, not only in terms of technical implementation, but also in terms of development processes organization and employees education.

The CCM v.4, passed by Maestro, maps to 12 standards:

  • AICPA TSC (2017)
  • CCM v3.0.1
  • CIS v8.0
  • ISF SOGP 2022
  • ISO/IEC 27001 (2013, 2022)
  •  ISO/IEC 27002 (2013, 2022)
  • ISO/IEC 27017 (2015)
  • ISO/IEC 27018 (2019)
  • NIST CSF v1.1
  • NIST 800-53r5
  • PCI DSS v3.2.1
  • PCI DSS v4.0

This means that you can be sure that Maestro is a highly secure offering, and will keep to this status, as all the processes and procedures behind Maestro creation are aligned with the industry best practices.

Why should I select a product having CSA STAR Level 1?

Selecting Maestro as a STAR Level 1 offering, you get: 

  • Enhanced Security: CSA Level 1 certification signifies that Maestro adheres to security best practices outlined in the Cloud Controls Matrix (CCM), and has implemented fundamental security controls.
  • Risk Mitigation: With Maestro, you reduce the risk of security breaches, data leaks, and other security incidents.  The Questionnaire evaluates Maestro against established security criteria, and helps you make a more informed decision about Maestro security approaches.
  • Compliance Assistance: CSA Level 1 certification aligns Maestro with industry-recognized security standards and controls. This alignment can simplify compliance efforts for organizations that need to meet regulatory requirements or internal security policies.
  • Transparency: CSA certification provides transparency into a product's security capabilities and practices. Users can access documentation and information about the product's security controls, making it easier to assess its suitability for their specific needs.
  • Vendor Accountability: When selecting Maestro as a CSA Level 1 certified product, you can hold Maestro vendor accountable for maintaining a certain level of security. This can provide peace of mind that we take security seriously.
  • Continuous Improvement: Products that maintain CSA certification are subject to ongoing monitoring and improvement of their security practices. This commitment to continuous improvement helps ensure that Maestro remains secure in the face of evolving threats.

By reviewing Maestro information on the listing, you can find more details about the ways Maestro meets each of the specific controls, match it to your organization’s expectations and needs related to a Cloud Management Solution you expect to have.

Popular posts from this blog

Maestro Analytics: Essentials at the Fingertips

Image
Infrastructure analytics is one of the cornerstones for effective cloud management. Each cloud provider offers its own set of features and services for such purpose. We can say that AWS QuickSight, Google Data Studio, and Microsoft BI are among the top of the native analytics and BI offerings. They are deeply integrated into their native infrastructures, provide the detailed review of the infrastructure state, events and cost, and allow to take a deep dive into details, being powered by strong internal mechanisms and AI/ML engines. However, in many cases they provide a huge volume of data which needs a BI expert to cope with, as well as may have limited customization possibilities in terms of the covered data scope. Also, if you use more than one cloud, or have private datacenters, the fact that each of these tools is limited to its vendor, may be a reason for you to find a third-party analytics tool. Here is where you may consider solutions such as CloudHealth, AppOptics, or IBM C
Read more

Maestro: Greeting the Green Dragon

Image
The year is coming to the end, and it's high time for our traditional lookback on Maestro evolution, changes, and important events. The year of 2023 has been dynamic and full of updates, both technical and strategic.  We kept to our previous commitments , meanwhile adjusting to the new trends in Cloud and technologies in general.  We met our user's expectation and need for  cross-cloud FinOps, automated infrastructure analytics, security assessment and the "Fix it" button , aimed to simplify issues remediation. We also took into account the rising demand for  Open Stack-based resources, Cloud Native approaches,  AI/ML integrations .  As a result, we came up with our standard "six release per year" cycle, highlighted with the following milestones: Maestro Insights With the ML technologies growth, the amount of services offering infrastructure recommendations and analytics, grow. This is true for the public cloud providers' native services, as well as thir
Read more

Maestro Orchestrator: Product? SaaS? Framework!

Image
In 2012, EPAM Cloud Orchestrator was created as a cloud solution for the EPAM Systems community. It appeared when the issue of redesigning the growing infrastructure of more than 500 projects became critical. After a thorough analysis of the existing solutions, EPAM experts had to admit that none of them fit the company needs. However, that was not a problem but a challenge. If no perfect solution existed, EPAM created its own from scratch. In six years, EPAM Cloud Orchestrator evolved into a true hybrid cloud with over 8000 virtual machines in hundreds of projects. In addition to its basic function - hosting virtual resources - it supports a number of related components helping the users to be in full control of their virtual infrastructures, such as audit, monitoring, billing, reporting. Meanwhile, a time has come to go out of the box of an enterprise solution and meet the market. This is how the new generation of EPAM Cloud Orchestrator - Maestro was born. Maestro is
Read more