JavaScript is turned off in your web browser. To take full advantage of Ribose features, please enable JavaScript and refresh the page.

Ribose wins Security Innovation of the Year by Cloud Security Alliance APAC

[Hong Kong] – 21 January 2016 – Ribose has been named Security Innovation of the Year by the Cloud Security Alliance (CSA), the premier organization for the cloud security industry.

Ribose received the award at the CSA APAC Inaugural Awards Ceremony on 3 December 2015 in Guangzhou, China after careful appraisal of professionalism, excellence, innovation and measurable success by the judging committee. The prestigious award recognizes the very best in the technology industry, rewarding industry-leading organizations for innovation and performance in the cloud sector. Ribose was named Security Innovation of the Year alongside Trend Micro and DBApp Security, recognizing its genuinely innovative approach to cloud security.

Ribose is actively involved with the CSA on cloud security matters, with Ribose founder Ronald Tse a member of its International Standardization Council – which develops international standards relating to cloud security with multiple partners including the ISO/IEC JTC1 SC27, the group that created the ISO/IEC 27001 international standard for Information Security Management Systems. Since joining the CSA in 2013, Ribose has participated in multiple CSA research programs to promote and develop improved cloud security practices for both users and providers.

As a result, Ribose holds numerous cloud security “firsts” and heavily participates in multi-jurisdictional cloud security programs, believing the practice should be an industry standard as Cloud Security Providers (CSPs) must ensure the security of users’ data across geopolitical and regulatory borders.

A pioneer in cloud security, Ribose was the first CSP to adopt and promote CSA’s CCM 3 control framework, and the world’s first CSP simultaneously certified to all three of CSA’s cloud security assessment schemes: STAR Certification to the highest Gold maturity level, STAR Attestation and C-STAR Assessment. Ribose was the first organization worldwide to achieve CSA STAR Attestation and STAR Certification using CCM 3.0 and CCM 3.0.1; as well as the first Software-as-a-Service (SaaS) to achieve STAR Certification and C-STAR Assessment.

According to Jim Reavis, CEO and co-founder of the CSA, “We first invited Ribose to join CSA having seen their dedication to providing the best security protection to their users. As pioneers in cloud security, Ribose is leading the industry in pursuing security assurance for its users, and became the world’s first organization simultaneously certified to all three of CSA’s cloud security assessment schemes: STAR Certification, STAR Attestation and C-STAR Assessment. In naming Ribose as Security Innovation of the Year, we are recognizing its dedication to providing the highest level of security protection for users and its commitment to benefitting the entire cloud security industry through its work with the CSA.”

“Ribose serves as a leading example for CSPs in Asia, setting best practices in user security and privacy,” said Aloysius Cheang, Managing Director APAC and Standards Secretariat of the CSA International Standardization Council. “Asia is fast rising as the next hub of innovation in the technology space, and certified world-class organizations like Ribose are leading the charge. By using CCM extensively, and assisting in its development, Ribose has pioneered a high bar approach to cloud security – adopting a streamlined process that provides robust protection for all users.”

“Winning this recognition is a high honor for Ribose, as we work closely with many industry bodies like the CSA – the authority on cloud security. We are thrilled to win this honor, which stands as an external testament to our deep commitment to cloud security and the effectiveness of our approach and implementation,” explained Ronald Tse, founder of Ribose.

Tse continued, “CSA is the de-facto cloud security industry body, and their research has strongly influenced the cloud security industry as well as the most – if not all – cloud security standards used around the world today. As a corporate member of the CSA and a leader in cloud security, we strongly support the CSA’s work and have helped them to develop and drive industry standards, thereby improving confidence for both cloud providers and users around the globe.”

“As a collaboration platform, Ribose depends on the highest levels of cloud security to protect our users’ intellectual property. Knowing that their work is protected by award-winning, internationally certified levels of security gives our users the peace of mind to focus on their tasks at hand,” Tse concluded.

# # #

About Ribose

Ribose is the cloud collaboration platform that makes working together easy and fun while protecting users’ data with the highest, internationally certified levels of security. Triple-assured by the Cloud Security Alliance, Ribose is the world’s first cloud service provider certified to CSA STAR Attestation, CSA STAR Certification (Cloud Controls Matrix, CCM 3.0.1) and MTCS (Multi-Tier Cloud Security), and the first Software-as-a-Service platform to complete the CSA C-STAR Assessment. Ribose has been consistently awarded the industry's highest cloud security ratings: the highest security tier, Level 3, in MTCS and the highest maturity level, Gold, in STAR Certification.

In 2015, Ribose was selected as a Red Herring Top 100 Global company, joining a prestigious list of up-and-coming technology companies; won two Gold Stevie® Awards at the 2015 International Business Awards for Most Innovative Company in Asia and Best New Collaboration Service, and was also awarded the CSA APAC Enterprise Award for Security Innovation of the Year.

Ribose is also certified to ISO 9001, ISO 14001, OHSAS 18001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001, ISO/IEC 27018, ISO 50001, PAS 99, Cyber Essentials Plus, CDSA Content Protection Security (CPS) and AICPA Service Organization Control (SOC) standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use: ribose.com.

About The Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by the cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. CSA has developed the definitive best practices for the industry, including the Security Guidance for Critical Areas of Focus in Cloud Computing, the Cloud Controls Matrix, Top Threats to Cloud Computing and 50 other cloud security research artifacts.

For further information, visit us at www.cloudsecurityalliance.org.

Read More

Ribose becomes first cloud service provider outside Mainland China to complete CSA C-STAR Assessment on cloud security

24 June 2015 – Hong Kong / Guangzhou – Ribose has become the first cloud service provider (CSP) outside Mainland China to complete the Cloud Security Alliance’s (CSA) C-STAR Assessment, a newly established cloud security certification scheme with a focus on Greater China.

With this latest achievement, Ribose has become one of the first organizations – and the first Software-as-a-Service CSP – certified to C-STAR Assessment, and the world’s only CSP compliant to all three of CSA’s globally recognized cloud assurance programs in the Security, Trust and Assurance Registry (STAR) family: STAR Attestation, STAR Certification, and C-STAR Assessment.

C-STAR Assessment was jointly developed by the CSA and CEPREI Certification Body as a China-focused cloud security certification that harmonizes CSA’s Cloud Controls Matrix (CCM) with Chinese national standards. As a rigorous third-party assessment of a CSP’s security management, C-STAR Assessment aligns to Chinese information security requirements compliant to the following standards:

Raising the bar on established international standards, C-STAR Assessment consists of additional control requirements to those of STAR Certification and STAR Attestation, requiring 29 supplementary security and privacy controls on top of CCM 3.0.1. In particular, it requires organizations to respect and protect users’ privacy in accordance with internationally accepted privacy principles, as well as Chinese and international privacy laws and regulations, with explicit requirements on the personal-identifiable information (PII) lifecycle and risk assessments on PII.

Ribose was invited by the CSA and CEPREI to participate in the C-STAR Assessment pilot scheme based on its past participation in CSA STAR – as well as its previous collaboration with CEPREI in becoming the first CSP to complete the Hong Kong / Guangdong Cloud Security Assessment Scheme (HK/GD CSAC) pilot. Stemming from its involvement in the pilot scheme, Ribose assisted in translating C-STAR documentation and controls into English and providing feedback to the C-STAR scheme.

According to Jim Reavis, Co-founder and CEO of CSA, “We congratulate Ribose on becoming the first Cloud Service Provider outside Mainland China to complete the CSA C-STAR Assessment. As a pioneer in cloud security, Ribose has unquestionably demonstrated that Chinese and international cloud security standards are fully compatible. As the world's first CSP simultaneously certified to all three of our globally recognized assurance programs: STAR Attestation, STAR Certification, and C-STAR Assessment, Ribose has reinforced their commitment to protecting users by demonstrating their practices are triple-assured through independent validation. They definitely stand among industry role models for cloud security practices.”

“We believe C-STAR represents strong security assurance for cloud users,” said Aloysius Cheang, Managing Director APAC and the head of Standards Secretariat for the Cloud Security Alliance. “The certification process allows CSPs to simultaneously align to both international and Chinese standards, while achieving operational excellence through alignment of best practices and improved transparency. Using the CSA C-STAR Assessment, CSPs will be able to give customers greater peace of mind and a better understanding of their security management procedures.”

Mr. Zhao Guoxiang, Managing Director of CEPREI, China’s national certification body, explained, “C-STAR allows Chinese CSPs to demonstrate their commitment to cloud security, while also allowing foreign CSPs to demonstrate compliance with Chinese standards and regulations – giving them a competitive edge over other CSPs seeking to expand their operations in China. As China’s first internationally aligned cloud security assessment, C-STAR is being adopted by leading corporations including Ribose, Huawei and Bluedon – and has generated international interest from the cloud computing industry, demonstrating that Chinese and international cloud security standards are compatible and complementary.

“We would like to thank CEPREI and CSA for inviting Ribose to join the C-STAR pilot program,” said Ronald Tse, founder of Ribose. “In recent years, Asia has been a forerunner in the development of cloud security standards – with new standards being developed in Singapore, Hong Kong, Guangdong and now C-STAR, which is a nationwide Chinese standard. Based in Asia, Ribose was the first CSP to achieve Singapore’s Multi-Tier Cloud Security (MTCS, SS 584:2013) certification, where we achieved the highest security level, Level 3. We were also the first CSP to complete the HK CSAC scheme, as well as the first CSP outside mainland China to complete the C-STAR Assessment.”

Tse continued, “Ribose respects the development of regional cloud assessment schemes as each country has different cloud security requirements. Our platform is certified to multiple national, regional and international standards because we are committed to our users – wherever they are based. The need to collaborate is natural and universal.”

“Therefore, Ribose has adopted and advocates a ‘highest-bar’ approach to cloud security. By ensuring our cloud security meets the most stringent specified requirements, we are able to provide a higher level of security for all users,” concluded Tse. “Completing the C-STAR Assessment provides our international users with the benefit of tighter security oversight for greater peace of mind in working with colleagues around the globe.”

# # #

About Ribose

Ribose is a cloud collaboration platform that makes working together easy and fun while keeping your data safe. As the world’s first cloud service provider certified to MTCS (Multi-Tier Cloud Security), CSA STAR Attestation, CSA STAR Certification (Cloud Controls Matrix, CCM 3.0.1) and the first Software-as-a-Service platform to complete the CSA C-STAR Assessment, Ribose has been consistently awarded the industry's highest cloud security ratings year after year: the highest security tier, Level 3, in MTCS and the highest maturity level, Gold, in STAR Certification.

Ribose is also certified to ISO 9001, ISO 14001, OHSAS 18001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001, ISO 50001, PAS 99, Cyber Essentials Plus, CDSA Content Protection Security (CPS) and AICPA Service Organization Control (SOC) standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use: ribose.com.

About The Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by the cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. CSA has developed the definitive best practices for the industry, including the “Security Guidance for Critical Areas of Focus in Cloud Computing”, the “Cloud Controls Matrix”, “Top Threats to Cloud Computing” and 50 other cloud security research artifacts.

For further information, visit us at www.cloudsecurityalliance.org.

About CEPREI Certification Body

CEPREI Certification Body is the leading third-party certification body in China, having first introduced the concept of certification to China in 1979. Originating from the Inspection Division of the China Electronic Product Reliability and Environmental Research Institute (the Fifth Electronics Research Institute of the Ministry of Industry and Information Technology), the nation’s first scientific research organization engaging in product quality and reliability research, CEPREI operates in multiple jurisdictions around the world.

Accredited by CNAS (China National Accreditation Service), ANAB (ANSI-ASQ National Accreditation Board) and APMG International, its clients are well assured that their certifications are recognized worldwide.

For more information please visit: ceprei.org

###

 

Read More

Ribose becomes first collaboration platform to complete UK Cyber Essentials Plus

20 May 2015 – London / Hong Kong – Ribose has become the world’s first collaboration platform to complete the UK Cyber Essentials Plus assessment, a UK Government-backed and industry-supported scheme that helps to protect businesses against cyber threats.

Launched in June 2014, Cyber Essentials was developed by CESG (the information security arm of GCHQ) and the Department of Business, Innovation and Skills in conjunction with BSI (British Standards Institution), the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF). Since October 2014, Cyber Essentials certification has been mandatory for UK central government ICT (Information and Communications Technology) suppliers that handle sensitive and personal information.

A two-level program, Cyber Essentials certification is awarded upon completion of a self-assessment questionnaire with independent verification. Cyber Essential Plus certification is optional, and provides a higher level of assurance through independent security controls testing by an external certifying body, focusing on resilience against external cyber threats.

“Ribose is proud to be the world’s first collaboration platform to achieve both Cyber Essentials and Cyber Essential Plus certification,” commented Ronald Tse, founder of Ribose. “After being awarded our Cyber Essentials certification by IASME in August 2014, we were excited to receive Cyber Essential Plus certification accredited by CREST following an independent assessment by Cyberis.”

“Cyber Essentials Plus provides independent, third-party verification of our security systems and controls, and also demonstrates our commitment to information security – especially in respect of the UK market,” Tse explained.

According to Geoff Jones, Director of Cyberis, "Cyberis is pleased to award a successful pass certificate to Ribose under the CREST Cyber Essentials Plus scheme. This shows a clear commitment to information security within Ribose, and demonstrates fundamental technical security controls are in place to help defend against Internet-borne threats."

# # #

About Ribose

Ribose is a cloud collaboration platform that makes working together easy and fun while keeping your data safe. As the world’s first cloud service provider certified to MTCS (Multi-Tier Cloud Security), STAR Attestation and STAR Certification (CCM 3.0.1), Ribose has been consistently awarded the industry's highest cloud security ratings year after year: including the highest security tier, Level 3, in MTCS and the highest maturity level, Gold, in STAR Certification.

Ribose is also certified to ISO 9001, ISO 14001, OHSAS 18001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001, ISO 50001, CDSA CPS and SOC standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use: ribose.com.

About Cyberis

Cyberis is a company of the CESG IT Health Check Service and is an information security consultancy that prides itself in offering pragmatic solutions for risk management and remediation. Cyberis works closely with clients to understand their business pressures and information assets, and to provide relevant and contextualized advice to meet their information security needs.

###

Read More

Ribose achieves world’s first CSA STAR Attestation from Ernst & Young: First CSP to achieve STAR Attestation and STAR Certification simultaneously

Hong Kong / Seattle / London, 14 January 2015 – Ribose has become the world’s first cloud service provider (CSP) to achieve Cloud Security Alliance's (CSA) STAR Attestation, and is currently the only CSP to have achieved both STAR Certification and STAR Attestation.

STAR Attestation provides a framework for Certified Public Accountants to express an opinion of key factors relating to CSPs’ service descriptions, as well as suitability and effectiveness of systems controls. Ribose’s achievement was accomplished through completing a Service Organization Controls (SOC) 2 attestation performed by global professional services organization Ernst & Young (EY), using criteria from the 2014 edition of American Institute of Certified Public Accountants' (AICPA) Trust Service Principles and Criteria (TSP 100) together with CSA’s Cloud Controls Matrix (CCM) 3.0.1.

According to Jim Reavis, CEO of CSA, “Our mission is to promote trust and transparency in the cloud, and STAR Attestation plays a key role in achieving this goal. As the first CSP to achieve STAR Attestation, Ribose has strengthened its position as a pioneer in cloud security – and also proven the tremendous value of demonstrating cloud security compliance through AICPA attestations with CCM. This is a major milestone for both Ribose and CSA.”

“This engagement is the first STAR Attestation globally, representing a significant achievement for Ribose, CSA and EY. In fact, our professionals had to develop new methodology to integrate the new CCM and TSP 100 standards in a streamlined attestation process,” explained Vincent Chan, Advisory Services Leader for EY Hong Kong and Macau. “EY was a natural choice for Ribose’s attestation as our partners were involved with the development of the STAR attestation scheme.”

Ribose founder Ronald Tse remarked, “Achieving STAR Attestation in conjunction with our existing STAR Certification is powerful, independent proof that Ribose provides the highest standards of security and availability – which means our users can rely on our platform to collaborate on valuable intellectual property and confidential data with peace of mind.”

# # #

About Ribose

Ribose is a cloud collaboration platform that makes working together easy and fun. A forerunner in cloud security, Ribose is the world’s first cloud service provider certified to MTCS, STAR Attestation and STAR Certification (CCM 3.0.1). It is also certified to ISO/IEC 27001, ISO/IEC 20000, CDSA CPS and SOC standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use: ribose.com.

About CSA

The Cloud Security Alliance is a not-for-profit organization led by a broad industry coalition. Dedicated to promote the use of best practices for providing security assurance within cloud computing, CSA also provides education on the uses of cloud computing to help secure all other forms of computing: cloudsecurityalliance.org­­.

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. For more information, visit ey.com.

###

 

Read More

Ribose becomes first cloud service provider to complete Hong Kong/Guangdong cloud security assessment and certification pilot scheme

Hong Kong/Guangzhou, 14 January 2015Ribose has completed the first Hong Kong/Guangdong cloud security assessment and certification pilot scheme.

Supported by the Hong Kong/Guangdong Expert Committee on Cloud Computing Services and Standards, the scheme is sponsored by the Economic and Information Commission of Guangdong Province (GDEI) and operated by Guangzhou-based CEPREI Certification Body. The Office of the Government Chief Information Officer (OGCIO) coordinates Hong Kong cloud service providers’ (CSPs’) participation in the scheme.

The scheme evaluates CSPs’ compliance with CEPREI’s newly developed cloud security management standard, based on international and China-specific information security and data protection standards, including: GB/T 22080-2008 (ISO/IEC 27001:2005), GB/T 22239-2008, GB/Z 28828-2012 and CSA’s Cloud Control Matrix 3.0.

Ribose represented Hong Kong as one of the participants in the pilot scheme, helping to improve standards and operational details, by drawing on its experience in cloud security compliance and best practices.

“We are pleased that Ribose, a pioneer in cloud security, participated in the pilot scheme. Given its small company size, Ribose’s achievement demonstrates its excellence in innovation,” remarked Victor Lam, the Acting Government Chief Information Officer of Hong Kong. “Ribose has shown Hong Kong’s strength as Asia’s leading digital city and our natural advantage in connecting China to the world.”

Liu Xiaoyin, Technical Director of CEPREI, commented, “As China’s first cloud security certification body, we believe regional cloud security standards must harmonize with international specifications. The fact that Ribose, a non-mainland-China-based company, has successfully completed the assessment demonstrates that Chinese and international standards are compatible and complementary.”

“Ribose was honored to participate in this cross-border cloud security assessment pilot,” said Ronald Tse, founder of Ribose. “As the first CSP to pass the assessment, Ribose demonstrated that our systems meet the highest international and Chinese information security standards. With our security focus, our customers in China can freely collaborate and innovate with confidence and peace of mind.”

# # #

About Ribose

Ribose is a cloud collaboration platform that makes working together easy and fun. A forerunner in cloud security, Ribose is the world’s first cloud service provider certified to CSA STAR using CCM 3.0.1 and MTCS. It is also certified to ISO/IEC 27001, ISO/IEC 20000-1, CDSA CPS and SOC standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use: ribose.com.

About OGCIO

The Office of the Government Chief Information Officer of the Hong Kong Special Administrative Region Government provides leadership for the development of information and communications technology (ICT) within and outside the Government, and is responsible for ICT policies, strategies, programs and measures under the Digital 21 Strategy: ogcio.gov.hk

About CEPREI Certification Body

CEPREI Certification Body is the leading third-party certification body in China, having first introduced the concept of certification to China. Originating from the China Electronic Product Reliability and Environmental Research Institute (the Fifth Electronic Institute), the nation’s first scientific research organization engaging in product quality and reliability research, CEPREI operates internationally: ceprei.org

###

 

Read More

Get Started

Getting Started