Cloud Security Alliance updates controls matrix

The new matrix provides a guide to security principles for cloud vendors and customers

The Cloud Security Alliance (CSA) has launched a revision of the Cloud Controls Matrix (CCM). The new matrix (version 1.1), available for free download here, is designed to provide fundamental security principles to guide cloud vendors and help prospective cloud customers assess the overall security risk of a cloud provider.

The matrix provides a controls framework that gives a detailed understanding of security concepts and principles that are aligned to the CSA's 13 domains. The foundations of the CCM rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as ISO 27001/27002, ISACA COBIT, PCI, and NIST. The latest version includes more thorough mapping around NIST and GAAP, as part of more "holistic guidance", according to CSA.

MORE ABOUT CLOUD SECURITY

According to the CSA, CCM strengthens existing security control environments by emphasizing business information security control requirements; identifies and reduces consistent security threats and vulnerabilities in the cloud; provides standardized security and operational risk management; and aims to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.

The latest version of the matrix was put together by more than 60 people worldwide in the last two months. "This is a bunch of security industry leaders that came together and said let's enable the cloud computing industry" to better handle security issues, says Phil Agcaoili, co-founder of the matrix and a CSA steering committee co-chair.

The latest version has the support of the Holistic Information Security Practitioner Institute (HISPI), an independent certification organization consisting of information security practitioners. Agcaoili says the HISPI community analyzed the matrix for quality assurance.

Becky Swain, program manager in the corporate security programs organization at Cisco and another founder of the matrix, says the long-term vision for CCM is to provide a framework for cloud service providers -- including those that deliver infrastructure services and those that provide applications -- to assess each other's security.

"The matrix provides a common criteria for assessing cloud providers," Swain says.

Read more about cloud security in CSOonline's Cloud Security section.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bob Violino

CSO (US)
Topics: applications, Access control and authentication, cloud security alliance, cloud security, Data Protection | Cloud Security, application security, software, data protection, internet, cloud computing, Cloud Controls Matrix, security
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
Use WhistleOut's technology to compare:
Mobile phone plans & deals
Mobile phone models
Mobile phone carriers
Broadband plans & deals
Broadband providers
Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?