Cloud Security Alliance updates controls matrix

The new matrix provides a guide to security principles for cloud vendors and customers

The Cloud Security Alliance (CSA) has launched a revision of the Cloud Controls Matrix (CCM). The new matrix (version 1.1), available for free download here, is designed to provide fundamental security principles to guide cloud vendors and help prospective cloud customers assess the overall security risk of a cloud provider.

The matrix provides a controls framework that gives a detailed understanding of security concepts and principles that are aligned to the CSA's 13 domains. The foundations of the CCM rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as ISO 27001/27002, ISACA COBIT, PCI, and NIST. The latest version includes more thorough mapping around NIST and GAAP, as part of more "holistic guidance", according to CSA.

MORE ABOUT CLOUD SECURITY

According to the CSA, CCM strengthens existing security control environments by emphasizing business information security control requirements; identifies and reduces consistent security threats and vulnerabilities in the cloud; provides standardized security and operational risk management; and aims to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.

The latest version of the matrix was put together by more than 60 people worldwide in the last two months. "This is a bunch of security industry leaders that came together and said let's enable the cloud computing industry" to better handle security issues, says Phil Agcaoili, co-founder of the matrix and a CSA steering committee co-chair.

The latest version has the support of the Holistic Information Security Practitioner Institute (HISPI), an independent certification organization consisting of information security practitioners. Agcaoili says the HISPI community analyzed the matrix for quality assurance.

Becky Swain, program manager in the corporate security programs organization at Cisco and another founder of the matrix, says the long-term vision for CCM is to provide a framework for cloud service providers -- including those that deliver infrastructure services and those that provide applications -- to assess each other's security.

"The matrix provides a common criteria for assessing cloud providers," Swain says.

Read more about cloud security in CSOonline's Cloud Security section.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitycloud securitycloud computinginternetsoftwaredata protectionapplicationscloud security allianceapplication securityAccess control and authenticationData Protection | Cloud SecurityCloud Controls Matrix

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bob Violino

CSO (US)
Show Comments

Essentials

James Cook University - Master of Data Science Online Course

Learn more >

Mobile

Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Bitdefender 2018

Roam freely in the digital world. Critically acclaimed performance and security at your fingertips.

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?