Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
What is a “Cloud Service Provider”

Published: 04/30/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceDefining what is a Cloud Service Provider is not as easy as one might think, especially if you are an enterprise organization wondering if your vendors are servicing you from the cloud or not. A cloud service provider, or CSP...

Why use the CAIQ for vendor analysis vs. other questionnaires?

Published: 04/04/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceSecurity assessments, security questionnaires, vendor assessments, RFPs are all unavoidable in today’s world of cloud computing and drain valuable resources and time when completing them. However, they’re a big part of closin...

Continuous Auditing and Continuous Certification

Published: 03/20/2020

By Alain Pannetrat, Senior Researcher at Cloud Security Alliance and Founder of Omzlo.comFor some cloud customers in sensitive or highly-regulated industries, such as banking or healthcare, “traditional” annual or bi-annual audits do not provide enough assurance to move to the cloud. To address t...

Using SOC Reports for Cloud Security and Privacy

Published: 02/10/2020

By Ashwin Chaudhary, Chief Executive Officer, Accedere Inc Data security and privacy are increasingly challenging in today’s cloud-based environments. Many organizations are storing a significant amount of data in distributed and hybrid cloud and even unmanaged environments, increasing challenge...

It's all about the Data! - Preventative Security

Published: 10/08/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceI have always said I am a "data guy." Decisions made with data eliminate all bias, opinions, and ad hoc decisions that cause potential costly moves.In my most recent podcast interview with Phillip Merrick, CEO of Fugue, he di...

CAIQ V3 Updates

Published: 09/17/2019

Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1.The CAIQ offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It pr...

How to Share the Security Responsibility Between the CSP and Customer

Published: 09/05/2019

By Dr. Kai Chen, Chief Security Technology Officer, Consumer BG, Huawei Technologies Co. Ltd. The behemoths of cloud service providers (CSPs) have released shared security responsibility related papers and articles, explaining their roles and responsibilities in cloud provisioning. Althou...

CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings

Published: 08/02/2019

Victor Chin and Lefteris Skoutaris, Research Analysts, CSA The CSA Cloud Controls Matrix (CCM) Working Group is glad to announce the new update to the CCM v3.0.1. This minor update will incorporate the following mappings: Association of International Certified Professional Accountants (AI...

Using The CAIQ-Lite to Assess Third Party Vendors

Published: 07/01/2019

By Dave Christiansen, Marketing Director, WhisticThe mere mention of “security questionnaires” can evoke thoughts of hundreds of questions aimed at auditing internal processes in order to mitigate third party risk. This typically means a lengthy process prime to be optimized. While we don’t disag...

CSA STAR – The Answer to Less Complexity, Higher Level of Compliance, Data Governance, Reduced Risk and More Cost-Effective Management of Your Security and Privacy System

Published: 03/28/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceWe just launched a major refresh of the CSA STAR (Security, Trust and Assurance Risk) program, and if you were at the CSA Summit at RSA, you got preview of what’s in store. So let me put things in a bit more context regarding...

CCM Addenda Updates for Two Additional Standards

Published: 01/21/2019

By the CSA CCM Working GroupWe're happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards: — German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5) — ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC ...

Weigh in on the Cloud Control Matrix Addenda

Published: 11/20/2018

Dear Colleagues,The Cloud Security Alliance would like to invite you to review and comment on the Cloud Control Matrix (CCM) addenda for the following standards:—German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5). (Add your comments to CCM-C5.)...

Cloud Security Alliance Releases Minor Update to CCM v3.0.1

Published: 11/12/2018

By the CSA Research TeamThe Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5).The CCM is specifically designed to provide fundamental...

Methodology for the Mapping of the Cloud Controls Matrix

Published: 07/09/2018

By Victor Chin, Research Analyst, Cloud Security AllianceThe Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. To reduce compliance fatigue i...

Updated CCM Introduces Reverse Mappings, Gap Analysis

Published: 06/26/2018

By Sean Cordero, VP of Cloud Strategy, NetskopeSince its introduction in 2010, the Cloud Security Alliance’s Cloud Control Matrix (CCM) has led the industry in the measurement of cloud service providers (CSP). The CCM framework continues to deliver for CSPs and cloud consumers alike a uniform set...

Why the Cloud Cannot be treated as a One-size-fits-all when it comes to Security

Published: 06/24/2013

Despite the fact that cloud providers have long since differentiated themselves on very distinct offerings based on cloud platform type, I often see the cloud written about as though it is a single, uniformservice. And, the problem with that is while there are commonalities, it is downright misle...

Browse by Topic