Cloud Security Alliance Releases New Guidelines Providing Insight On Using Its Industry-Leading Security Assurance and Assessment Tools Effectively
BELLEVUE, Washington – (COMMERCIAL THREAD) – The Cloud Security Alliance (CSA), the leading global organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of a new document, Implementation Guidelines for the Cloud Controls Matrix (CCM) v4. The Implementation Guidelines are a new addition to CCM v4, CSA’s flagship cybersecurity framework for cloud computing, and have been developed to help users apply CCM controls correctly, while providing additional guidance and recommendations. adapted to the control specifications for each of the CCMs v4. 17 cloud security domains.
“Due to the specific nature of cloud infrastructure and architecture, CSA cannot provide detailed and prescriptive advice relevant to every organization and cloud service implementation or technology. That being said, the guidelines represent an ideal compendium of CCM controls, as they provide a higher level of detail regarding best practices for cloud security and privacy. We believe the implementation guidelines are a very useful tool to help cloud service providers and cloud customers adopt CCM requirements, ”said Daniele Catteddu, CTO, Cloud Security Alliance.
The guidelines are available in spreadsheet and PDF form: the former allows organizations to leverage the guidelines in conjunction with the full CCM v4 component list, while the PDF provides structured guidance on using the CCM framework. . Note that the document is not meant to be a “how-to” manual for implementing CCM controls. Given the nature of CCM controls, their operationalization will depend on many factors, largely the IT / service architecture, type of technology used, risks involved, applicable regulations and organizational policies, among others.
The CCM Implementation Guidelines are a collaborative product of the CCM Volunteer Working Group and are based on the shared experiences of cloud service providers and cloud service customers in implementing and securing cloud services and l use of CCM controls. The task force’s analysis covers a myriad of topics and queries, including how organizations can best:
implementing controls for the first time
improve an existing implementation
answer a question from the Consensus Assessment Initiative Questionnaire (CAIQ)
better understand a client’s security responsibilities
leverage CCM controls within a specific platform or architecture
CSA also released The Evolution of STAR: An Introduction to Continuous Auditing, which provides an overview of STAR Level 3, the most rigorous assurance level in CSA’s Safety, Trust, Assurance and Risk (STAR) program. STAR Level 3 enables certified service providers to demonstrate that critical security controls are continuously monitored and validated, providing customers with the ultimate level of transparency and assurance. It is therefore important that companies understand the critical role this plays in managing third party risk. The white paper reviews implementation concepts and process design, demonstrating how ongoing security control auditing and certification provides world-class security transparency.
“When properly implemented, the CCM framework, the foundation of the STAR program, helps reduce cybersecurity risks by providing best-in-class security. It is therefore essential that those seeking STAR Level 3 certification understand and correctly apply the CCM set of controls to their organization, ”said John DiMaria, CSA Researcher, Assurance Investigatory Fellow, Cloud Security Alliance.
CSA is currently working with Solution Providers on a Proof of Concept (POC) to demonstrate how commercially available technology solutions can be leveraged to achieve STAR Level 3 certification. CSA is inviting other organizations, both providers of solutions and customers, to join the POC and expand its scope. For more information or to volunteer, please contact us at [email protected]
Download the Cloud Control Matrix (CCM) v4 and STAR Evolution: Intro to Continuous Auditing Implementation Guidelines now.
About the Cloud Security Alliance
The Cloud Security Alliance (CSA) is the leading global organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA draws on the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to deliver research, education, training, certifications, events and specific cloud security products. CSA’s activities, knowledge and vast network benefit the entire cloud-affected community – from suppliers and customers to governments, contractors and the insurance industry – and provide a forum through which different parties can work. together to create and maintain a trusted cloud ecosystem. For more information, visit us at www.cloudsecurityalliance.org and follow us on Twitter @cloudsa.