Cloud Security Alliance updates controls matrix

The new matrix provides a guide to security principles for cloud vendors and customers

The Cloud Security Alliance (CSA) has launched a revision of the Cloud Controls Matrix (CCM). The new matrix (version 1.1), available for free download here, is designed to provide fundamental security principles to guide cloud vendors and help prospective cloud customers assess the overall security risk of a cloud provider.

The matrix provides a controls framework that gives a detailed understanding of security concepts and principles that are aligned to the CSA's 13 domains. The foundations of the CCM rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as ISO 27001/27002, ISACA COBIT, PCI, and NIST. The latest version includes more thorough mapping around NIST and GAAP, as part of more "holistic guidance", according to CSA.

MORE ABOUT CLOUD SECURITY

According to the CSA, CCM strengthens existing security control environments by emphasizing business information security control requirements; identifies and reduces consistent security threats and vulnerabilities in the cloud; provides standardized security and operational risk management; and aims to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.

The latest version of the matrix was put together by more than 60 people worldwide in the last two months. "This is a bunch of security industry leaders that came together and said let's enable the cloud computing industry" to better handle security issues, says Phil Agcaoili, co-founder of the matrix and a CSA steering committee co-chair.

The latest version has the support of the Holistic Information Security Practitioner Institute (HISPI), an independent certification organization consisting of information security practitioners. Agcaoili says the HISPI community analyzed the matrix for quality assurance.

Becky Swain, program manager in the corporate security programs organization at Cisco and another founder of the matrix, says the long-term vision for CCM is to provide a framework for cloud service providers -- including those that deliver infrastructure services and those that provide applications -- to assess each other's security.

"The matrix provides a common criteria for assessing cloud providers," Swain says.

Read more about cloud security in CSOonline's Cloud Security section.

Join the PC World newsletter!

Error: Please check your email address.

Tags applicationsapplication securityData Protection | Cloud Securitycloud securitycloud security allianceAccess control and authenticationsoftwarecloud computinginternetdata protectionCloud Controls Matrixsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bob Violino

CSO (US)
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?