Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Join AT&T Cybersecurity in Chicago to learn top 2024 resilience tactics on May 21st!

Cloud Controls Matrix: How to Secure Your Journey to the Cloud

Home
Industry Insights
Cloud Controls Matrix: How to Secure Your Journey to the Cloud

Blog Article Published: 08/25/2023

Originally published by Contino.

Written by Kevin Davies.

If you’re in a highly regulated industry, it can be hard to embrace all the possibilities that cloud computing can offer while still maintaining control of your data assets in the public cloud.

That’s why it’s vital to have security cornerstones in place before you start your cloud journey.

In the UK, commercial organisations have been relatively quick to embrace the rapid flexibility provided by cloud computing, but the public sector has seen slower progress, despite the government introducing the ‘Cloud First’ policy in 2013.

The policy has at least led to a number of departments dabbling in the public cloud, primarily utilising Infrastructure as a Service (IaaS) offerings—allowing them to move away from traditional on-premises or data centre hosting arrangements.

While we’ve already seen many well-reported benefits of this transition to cloud in the sector, including the rapid deployment of the Coronavirus Job Retention Scheme, some still have reservations about whether the public cloud is secure enough for sensitive government data assets.

Cloud computing gives organisations considerable benefits in agility, resilience and cost—especially when it comes to managing their data. Organisations can move quickly, avoiding the need to purchase and provision expensive hardware, but there remains a risk of losing control of where this data resides—you could be a couple of mouse clicks away from moving data halfway across the globe. The result is a greater need for governance, risk and compliance expertise rather than relying solely on IT operations teams for support and oversight.

Governance, compliance, risk management, data visibility, cybersecurity—these are all key to a successful and prosperous future with cloud computing, but how can you make sure you’ve got everything covered?

We recommend starting with our four cloud security best practices, and implementing an appropriate cloud control framework, such as the Cloud Controls Matrix from the Cloud Security Alliance (CSA), which can inform and provide visibility for staff at all levels across departments.


4 Cloud Security Best Practices

  1. Make sure your organisation fully understands the controls it is responsible for vs the cloud provider. This is typically defined in a shared responsibility model.
  2. Make use of testing approaches such as chaos engineering to build solutions that are fault tolerant, utilising architecture that copes with unplanned failures.
  3. Invest in cyber security to embed secure foundations for teams to be able to work smarter rather than harder—providing new challenges and development opportunities to staff, rather than focussing IT resources on mundane and repetitive tasks that can impact on staff retention.
  4. Follow a cloud controls framework to enable your organisation to understand its current posture and help drive focused improvements and develop capability.


Why Do You Need a Cloud Control Framework?

A cloud control framework enables you to build on the visibility of your cloud environment—giving you the ability to make more informed decisions on appropriate policy, procedures and guidance to support implementation of proportionate security controls. This allows the organisation to protect its assets in the cloud as well as its reputation.

It is a common mistake for organisations to rely on existing policies and procedures and make minor changes and assume they will be fit for purpose in cloud computing—it’s vital therefore to align to an appropriate set of security controls.

Read the full article here.


About the Author

Kevin Davies is an experienced cyber security professional with over 10 years experience working for a range of public and private sector clients, as well as in retail banking, utilities and law enforcement. He's worked in large public sector organisations where he has been instrumental in securing public cloud platforms that have been developed to host numerous cloud services consumed within the UK today.

Cloud Controls MatrixCompliance

Share this content on your favorite social network today!

Cloud Assurance
Related Resources
STAR
The industry's standard for security assurance in the cloud.
Certificate of Cloud Auditing Knowledge (CCAK)
The industry's first global auditing credential.
Trusted Cloud Provider
Demonstrate your commitment to holistic security.
Latest from CSA
Virtual Cloud Trust Summit 2024
AT&T Cybersecurity in Seattle
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Audit Cloud Providers with Confidence & Enroll in STAR Lead Auditor Training
Related Articles:
How DSPM Can Help Solve Healthcare Cybersecurity Attacks

Published: 04/30/2024

Your Ultimate Guide to Security Frameworks

Published: 04/29/2024

The Future of Cloud Cybersecurity

Published: 04/29/2024

CPPA AI Rules Cast Wide Net for Automated Decisionmaking Regulation

Published: 04/26/2024