CSA Seeks Input on Cloud Data Protection Cert

The Cloud Security Alliance invites you to review the Cloud Data Protection Cert, a new candidate project proposed for inclusion in the CSA Research Portfolio.

The Cloud Data Protection Cert will be a web-based tool that presents cloud providers and cloud consumers with a tiered data-sensitivity model intended to help companies apply optimum data protection controls within cloud environments by reporting an overall protection score and controls guidance based on a maturity curve.

We are proposing that the Cloud Data Protection Cert be included as part of the CSA’s Governance, Risk Management and Compliance (GRC) Stack, as it will implement controls based on data type, taking into consideration that there are varying levels of controls between public and regulated data.

ACTION
We would like to ask reviewers of the Cloud Data Protection Cert for assistance in assessing the following:

  • Is there value in further project development?
  • Is the tiered data protection model useful?
  • Should this model be built into the CCM as a default model, versus a one-size-fits-all data protection model?
  • Should this model be a standalone tool within the GRC Stack, or should it be merged with the CCM?
  • Is the model’s present format accessible? What should stay the same? What should change?

To review the Cloud Data Protection Cert, visit: http://clouddataprotection.org/cert/

You may submit feedback and questions via the online form found at the end of the Cert, or you can email [email protected].