JavaScript is turned off in your web browser. To take full advantage of Ribose features, please enable JavaScript and refresh the page.

Ribose becomes first cloud service provider outside Mainland China to complete CSA C-STAR Assessment on cloud security

24 June 2015 – Hong Kong / Guangzhou – Ribose has become the first cloud service provider (CSP) outside Mainland China to complete the Cloud Security Alliance’s (CSA) C-STAR Assessment, a newly established cloud security certification scheme with a focus on Greater China.

With this latest achievement, Ribose has become one of the first organizations – and the first Software-as-a-Service CSP – certified to C-STAR Assessment, and the world’s only CSP compliant to all three of CSA’s globally recognized cloud assurance programs in the Security, Trust and Assurance Registry (STAR) family: STAR Attestation, STAR Certification, and C-STAR Assessment.

C-STAR Assessment was jointly developed by the CSA and CEPREI Certification Body as a China-focused cloud security certification that harmonizes CSA’s Cloud Controls Matrix (CCM) with Chinese national standards. As a rigorous third-party assessment of a CSP’s security management, C-STAR Assessment aligns to Chinese information security requirements compliant to the following standards:

Raising the bar on established international standards, C-STAR Assessment consists of additional control requirements to those of STAR Certification and STAR Attestation, requiring 29 supplementary security and privacy controls on top of CCM 3.0.1. In particular, it requires organizations to respect and protect users’ privacy in accordance with internationally accepted privacy principles, as well as Chinese and international privacy laws and regulations, with explicit requirements on the personal-identifiable information (PII) lifecycle and risk assessments on PII.

Ribose was invited by the CSA and CEPREI to participate in the C-STAR Assessment pilot scheme based on its past participation in CSA STAR – as well as its previous collaboration with CEPREI in becoming the first CSP to complete the Hong Kong / Guangdong Cloud Security Assessment Scheme (HK/GD CSAC) pilot. Stemming from its involvement in the pilot scheme, Ribose assisted in translating C-STAR documentation and controls into English and providing feedback to the C-STAR scheme.

According to Jim Reavis, Co-founder and CEO of CSA, “We congratulate Ribose on becoming the first Cloud Service Provider outside Mainland China to complete the CSA C-STAR Assessment. As a pioneer in cloud security, Ribose has unquestionably demonstrated that Chinese and international cloud security standards are fully compatible. As the world's first CSP simultaneously certified to all three of our globally recognized assurance programs: STAR Attestation, STAR Certification, and C-STAR Assessment, Ribose has reinforced their commitment to protecting users by demonstrating their practices are triple-assured through independent validation. They definitely stand among industry role models for cloud security practices.”

“We believe C-STAR represents strong security assurance for cloud users,” said Aloysius Cheang, Managing Director APAC and the head of Standards Secretariat for the Cloud Security Alliance. “The certification process allows CSPs to simultaneously align to both international and Chinese standards, while achieving operational excellence through alignment of best practices and improved transparency. Using the CSA C-STAR Assessment, CSPs will be able to give customers greater peace of mind and a better understanding of their security management procedures.”

Mr. Zhao Guoxiang, Managing Director of CEPREI, China’s national certification body, explained, “C-STAR allows Chinese CSPs to demonstrate their commitment to cloud security, while also allowing foreign CSPs to demonstrate compliance with Chinese standards and regulations – giving them a competitive edge over other CSPs seeking to expand their operations in China. As China’s first internationally aligned cloud security assessment, C-STAR is being adopted by leading corporations including Ribose, Huawei and Bluedon – and has generated international interest from the cloud computing industry, demonstrating that Chinese and international cloud security standards are compatible and complementary.

“We would like to thank CEPREI and CSA for inviting Ribose to join the C-STAR pilot program,” said Ronald Tse, founder of Ribose. “In recent years, Asia has been a forerunner in the development of cloud security standards – with new standards being developed in Singapore, Hong Kong, Guangdong and now C-STAR, which is a nationwide Chinese standard. Based in Asia, Ribose was the first CSP to achieve Singapore’s Multi-Tier Cloud Security (MTCS, SS 584:2013) certification, where we achieved the highest security level, Level 3. We were also the first CSP to complete the HK CSAC scheme, as well as the first CSP outside mainland China to complete the C-STAR Assessment.”

Tse continued, “Ribose respects the development of regional cloud assessment schemes as each country has different cloud security requirements. Our platform is certified to multiple national, regional and international standards because we are committed to our users – wherever they are based. The need to collaborate is natural and universal.”

“Therefore, Ribose has adopted and advocates a ‘highest-bar’ approach to cloud security. By ensuring our cloud security meets the most stringent specified requirements, we are able to provide a higher level of security for all users,” concluded Tse. “Completing the C-STAR Assessment provides our international users with the benefit of tighter security oversight for greater peace of mind in working with colleagues around the globe.”

# # #

About Ribose

Ribose is a cloud collaboration platform that makes working together easy and fun while keeping your data safe. As the world’s first cloud service provider certified to MTCS (Multi-Tier Cloud Security), CSA STAR Attestation, CSA STAR Certification (Cloud Controls Matrix, CCM 3.0.1) and the first Software-as-a-Service platform to complete the CSA C-STAR Assessment, Ribose has been consistently awarded the industry's highest cloud security ratings year after year: the highest security tier, Level 3, in MTCS and the highest maturity level, Gold, in STAR Certification.

Ribose is also certified to ISO 9001, ISO 14001, OHSAS 18001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001, ISO 50001, PAS 99, Cyber Essentials Plus, CDSA Content Protection Security (CPS) and AICPA Service Organization Control (SOC) standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use: ribose.com.

About The Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by the cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. CSA has developed the definitive best practices for the industry, including the “Security Guidance for Critical Areas of Focus in Cloud Computing”, the “Cloud Controls Matrix”, “Top Threats to Cloud Computing” and 50 other cloud security research artifacts.

For further information, visit us at www.cloudsecurityalliance.org.

About CEPREI Certification Body

CEPREI Certification Body is the leading third-party certification body in China, having first introduced the concept of certification to China in 1979. Originating from the Inspection Division of the China Electronic Product Reliability and Environmental Research Institute (the Fifth Electronics Research Institute of the Ministry of Industry and Information Technology), the nation’s first scientific research organization engaging in product quality and reliability research, CEPREI operates in multiple jurisdictions around the world.

Accredited by CNAS (China National Accreditation Service), ANAB (ANSI-ASQ National Accreditation Board) and APMG International, its clients are well assured that their certifications are recognized worldwide.

For more information please visit: ceprei.org

###

 

Read More

Ribose update: new Poll capp!

Hello everyone,

In case you did not notice, last week we introduced a new collaborative application called Poll to every space -- indeed, a new application in quite some time!

The Poll capp is a much requested feature from our existing users, who wanted to gauge sentiment or find group consensus in a space. With Poll, you can easily host polls to achieve this:


  1. Enter the Space then the Poll capp

  2. Click on "New Poll"

  3. Fill in the poll title, description, the deadline and possible choices

  4. Publish by clicking "Publish"!

Other space members will be notified about the new poll in real-time (and by notification emails), and can participate in the poll right away.

Some features of note:


  • Any member can create a Poll.

  • Poll creator and space admins are able to see the ongoing voting results and statistics. Regular voters will only see poll results after the poll has closed (after the deadline has passed).

  • Poll deadline must be at least 5 minutes after poll open.

  • Each poll automatically provides an "abstain" choice for voters. This is to allow voters to indicate an explicit "abstain" decision while participating. Abstain votes are counted in the participation rate in poll results to differentiate from non-participation (voters who did not vote).

  • After a poll is created, it cannot be modified. This is to maintain the credibility of voting results by preventing poll owners from manipulating votes. For example, a malicious poll owner may create a false consensus by switching vote choices that have already been voted on, or by changing the description of the poll. On the other hand, a poll can be deleted by the owner to indicate cancellation of the poll.

The last feature might be a bit confusing, but we believe one of the most important attributes for both the poll owner and voters is that the poll is transparent and fair, representing a genuine outcome. 

Please feel free to let us know how this feature works for you -- what works for you, works with us. Happy polling!

Read More

Ribose becomes first collaboration platform to complete UK Cyber Essentials Plus

20 May 2015 – London / Hong Kong – Ribose has become the world’s first collaboration platform to complete the UK Cyber Essentials Plus assessment, a UK Government-backed and industry-supported scheme that helps to protect businesses against cyber threats.

Launched in June 2014, Cyber Essentials was developed by CESG (the information security arm of GCHQ) and the Department of Business, Innovation and Skills in conjunction with BSI (British Standards Institution), the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF). Since October 2014, Cyber Essentials certification has been mandatory for UK central government ICT (Information and Communications Technology) suppliers that handle sensitive and personal information.

A two-level program, Cyber Essentials certification is awarded upon completion of a self-assessment questionnaire with independent verification. Cyber Essential Plus certification is optional, and provides a higher level of assurance through independent security controls testing by an external certifying body, focusing on resilience against external cyber threats.

“Ribose is proud to be the world’s first collaboration platform to achieve both Cyber Essentials and Cyber Essential Plus certification,” commented Ronald Tse, founder of Ribose. “After being awarded our Cyber Essentials certification by IASME in August 2014, we were excited to receive Cyber Essential Plus certification accredited by CREST following an independent assessment by Cyberis.”

“Cyber Essentials Plus provides independent, third-party verification of our security systems and controls, and also demonstrates our commitment to information security – especially in respect of the UK market,” Tse explained.

According to Geoff Jones, Director of Cyberis, "Cyberis is pleased to award a successful pass certificate to Ribose under the CREST Cyber Essentials Plus scheme. This shows a clear commitment to information security within Ribose, and demonstrates fundamental technical security controls are in place to help defend against Internet-borne threats."

# # #

About Ribose

Ribose is a cloud collaboration platform that makes working together easy and fun while keeping your data safe. As the world’s first cloud service provider certified to MTCS (Multi-Tier Cloud Security), STAR Attestation and STAR Certification (CCM 3.0.1), Ribose has been consistently awarded the industry's highest cloud security ratings year after year: including the highest security tier, Level 3, in MTCS and the highest maturity level, Gold, in STAR Certification.

Ribose is also certified to ISO 9001, ISO 14001, OHSAS 18001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001, ISO 50001, CDSA CPS and SOC standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use: ribose.com.

About Cyberis

Cyberis is a company of the CESG IT Health Check Service and is an information security consultancy that prides itself in offering pragmatic solutions for risk management and remediation. Cyberis works closely with clients to understand their business pressures and information assets, and to provide relevant and contextualized advice to meet their information security needs.

###

Read More

Race for Water!

Ribose recently sent out a team of four brave young souls to conquer the Victoria Peak and the Aberdeen Country Park.

The mission was to carry water on the back while walking 15km, up and down the slopes.

We started out at the Peak Galleria. Our team name was "Watercooler". It had an immediate effect on the weather...

The brave young souls...

... with 4.5kg of water on their backs! We weren't allow to drink from it though, otherwise it would defeat the purpose of the event, so we all carried an extra bottle of liquid or two.

Ready to roll!


... Makes me so proud // I'm gonna shout it out loud...

Shuffling to the Starting point...

And we're all eager to capture the moment with our phones.

... except for Desmond who, I later gathered, was on an important mission to "attack enemy portals".

Peter looks down on the first slope of the day. Careful, Peter!

Team having a strong start! ... By the way, anyone seen Desmond?

Moments later, a wandering spirit was found, with one hand holding tightly onto a strange device, a device that led to another reality...

Lemmings!

Another slope taking a sweet sweet revenge on Peter, slowly sapping energy from him. (Later, I heard it worked out to be 30% of his total energy, whatever that means.)

As with everything in life, there're ups...

... and then there're downs.

But we all made it to the finish line. Go Team Ribose! (Please don't ask about our pose. We were tired.)

Afterwards, George found a quiet space for meditation. Very zen. (I mean, look at the flowers growing behind him!)

And we all went home feeling exhausted, happy, and accomplished. "We should totally do 30km next year."

Read More

Ribose joins Open Invention Network

Forerunner in secure cloud collaboration signs on to protect Linux

16 March 2015 – Hong Kong – Cloud collaboration platform provider Ribose has joined the Open Invention Network (OIN), an organization created to foster patent non-aggression for Linux producers and users. With over 1,300 members, OIN is the world’s largest IPR community, undertaking a range of activities to reduce members’ software patent risk.

As an OIN licensee, Ribose joins other community members in royalty-free cross-licensing of Linux System patents to one another. Members agree to a patent non-aggression pact, foregoing patent disputes between member organizations in Linux and adjacent technologies.

“Ribose’s powerful, intuitive, and highly secure platform makes collaboration easier and faster for distributed teams. In joining OIN, Ribose is demonstrating its commitment to the Linux environment – and to working with the global Linux development community,” said Shane Coughlan, Global Director of Licensing.

“Ribose was established to help make collaboration easy and fun,” explained Ribose’s founder Ronald Tse. “This spirit underlies our core philosophy – and is a commonly held value amongst OIN members. As Linux and open source technologies are key to achieving our goals, joining OIN gives Ribose access to core Linux technology patents that support our platform’s ongoing development.”

Mr Tse concluded, “We strongly support OIN’s efforts, and look forward to collaborating with the wider Linux user community to create a positive, nurturing environment for long-term development.”

# # #

About Ribose

Ribose is a cloud collaboration platform that makes working together easy and fun. A forerunner in cloud security, Ribose is the world’s first cloud service provider certified to MTCS, STAR Attestation and STAR Certification (CCM 3.0.1). It is also certified to ISO/IEC 27001, ISO/IEC 20000, CDSA CPS and SOC standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use: ribose.com.

About Open Invention Network

Open Invention Network (OIN) is the largest patent non-aggression community in history and supports freedom of action in Linux as a key element of open source software. Funded by Google, IBM, NEC, Philips, Red Hat, Sony and SUSE, OIN has more than 1,300 OIN community members and owns more than 950 global patents and applications. Member cross-licenses and OIN patent licenses are available royalty free to any party that joins OIN. For more information, visit http://www.openinventionnetwork.com.

###

 

Read More

Get Started

Getting Started