Cloud Security Alliance Releases Cloud Controls Matrix v1.2
Palo Alto, CA –Aug 26, 2011 – The Cloud Security Alliance (CSA) today published Version 1.2 of the Cloud Controls Matrix (CCM), which is designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. Version 1.2 adds Corporate Governance, mapped to the existing 13 domains, as well as Architectural Relevance and Scope Applicability controls.
Becky Swain, co-chair of the CCM working group, noted, “The CSA CCM v1.2 update addresses the inter and intra-organizational challenges of persistent information security by clearly delineating control ownership by not only cloud provider type (SaaS, PaaS, IaaS), tenant or customer, but also by architectural relevance to ensure that shared accountability is accurately identified at all layers of the stack and at the corporate governance level for those controls that are architecturally irrelevant or agnostic. Further, this update enhances the existing mapping of regulations, standards and control frameworks with the addition of Jericho Forum and NERC CIP.”
The foundations of the CCM rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, and NIST, and will augment or provide internal control direction for SAS 70 attestations provided by cloud providers. As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry. The CSA CCM strengthens existing information security control environments by emphasizing business information security control requirements, reduces and identifies consistent security threats and vulnerabilities in the cloud, provides standardize security and operational risk management, and seeks to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.
The Cloud Controls Matrix is part of the CSA GRC Stack.
About the Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at cloudsecurityalliance.org, and follow us on Twitter @cloudsa.