Cloud Security Alliance updates controls matrix

The new matrix provides a guide to security principles for cloud vendors and customers

The Cloud Security Alliance (CSA) has launched a revision of the Cloud Controls Matrix (CCM). The new matrix (version 1.1), available for free download here, is designed to provide fundamental security principles to guide cloud vendors and help prospective cloud customers assess the overall security risk of a cloud provider.

The matrix provides a controls framework that gives a detailed understanding of security concepts and principles that are aligned to the CSA's 13 domains. The foundations of the CCM rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as ISO 27001/27002, ISACA COBIT, PCI, and NIST. The latest version includes more thorough mapping around NIST and GAAP, as part of more "holistic guidance", according to CSA.

MORE ABOUT CLOUD SECURITY

According to the CSA, CCM strengthens existing security control environments by emphasizing business information security control requirements; identifies and reduces consistent security threats and vulnerabilities in the cloud; provides standardized security and operational risk management; and aims to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.

The latest version of the matrix was put together by more than 60 people worldwide in the last two months. "This is a bunch of security industry leaders that came together and said let's enable the cloud computing industry" to better handle security issues, says Phil Agcaoili, co-founder of the matrix and a CSA steering committee co-chair.

The latest version has the support of the Holistic Information Security Practitioner Institute (HISPI), an independent certification organization consisting of information security practitioners. Agcaoili says the HISPI community analyzed the matrix for quality assurance.

Becky Swain, program manager in the corporate security programs organization at Cisco and another founder of the matrix, says the long-term vision for CCM is to provide a framework for cloud service providers -- including those that deliver infrastructure services and those that provide applications -- to assess each other's security.

"The matrix provides a common criteria for assessing cloud providers," Swain says.

Read more about cloud security in CSOonline's Cloud Security section.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags applicationsapplication securityData Protection | Cloud Securitycloud securitycloud security allianceAccess control and authenticationsoftwarecloud computinginternetdata protectionCloud Controls Matrixsecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bob Violino

CSO (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?