The Cloud Security Alliance (CSA) announced in Thursday the official release of CSA Cloud Control matrix (CCM) version 3.0, fully upgraded to assess the cloud center information security risks of the industry gold standard. Since the release of the CSA-pioneering guidance field, the CCM3.0 Edition extends its control field to the address change of cloud security risk, and "focus on the key areas of cloud computing Security Guidance version 3.0" has taken a big step towards closer integration.
Fully absorb industry-recognized safety standards, terms, and control frameworks such as ISO 27001/2, the European Union Network and Information Security Agency (ENISA) Information guarantee Framework, the ISACA (International Information Systems Audit Association) on information and related Technology Control terms, American Association of Certified Public Accountants Trust services and clients Payment Card Industry data security standards, and federal risk and authorization management procedures, upgraded CSA CCM control domain to provide users with the cohesion of the control device, this cohesion is necessary to manage the cloud center information security risks. The CCM reorganization captures the need for cloud management in the near future, which will be an annual inspection of the upgrade control device to further ensure that the CCM is still compliant with future technology and policy changes.
"As cloud applications continue to improve, our security controls must also go with it," said Ivrin Desosa, co-chairman of the CCM Working Group and Cisco Systems Data Center and cloud security expert. "We now have to address the expansion of cloud data access and the necessary care for the supply chain of cloud service providers, Service disruption should be minimized in the face of a cloud service provider's relationship transition. With additional new key control domains and improved clarity, providers and consumers will use CCM as an increasingly reliant tool to ensure greater transparency, trust, and security in the cloud.
The CCM3.0 version includes the following upgrades:
5 new control domains that describe information security risks during operations such as access, transfer, and protection of cloud data: Mobile security, supply chain management, transparency and accountability, interoperability and portability, and encryption and key management
Improved security guidance compatibility with 3.0 key areas of cloud computing
The control audit ability of the whole control domain and the single extended control recognition naming contract is improved
"Deciding to use a cloud service should consider the next question, whether I am confident that the provider has the ability to manage and protect my data," said Sean Cordero, the CCM Working Group co-Chair and industry expert. The use of CCM provides cloud service providers with a manageable set of deployed control devices that map global security standards. For customers, it plays a catalytic role in the security posture dialogue with cloud service providers, which was previously impossible. Maintaining this balance in the CCM3.0 version is an important task that cannot be separated from the efforts of more than 120 members from CSA member companies such as Microsoft, Salesforce, PricewaterhouseCoopers and global peer review. We appreciate their dedication. ”
In the fall of the upcoming CSA Conference CSA will hold 3 CCM professional chapters. This week, Evelyn De Souza will lead the CCM3.0 team to introduce and guide new controls and improvements to participants at the CSA Conference in Edinburgh, Scotland, in Europe, the Middle East, and Africa. She will also host a seminar entitled "Seizing the opportunity to build the future of the CSA Cloud Control Matrix"
In addition, in December 2013 3-5th in Orlando, Fla., 2013 CSA Conference, CSA will host a lecture entitled "CSA and the British Standards Institute: CCM, Public opinion Assessment Program Questionnaire (CAIQ) and CSA security, credit and insurance registration (STAR) cloud management, Risk and compliance ". By then Sean Cordero and other inline majors will provide attendees with a new version of CCM theory and design, how to map the agency requirements to CCM, and how best to make use of the key partners of CSA GRC Stack: CCM3.0, Caiq and star.
As a non-profit organization, CSA is responsible for promoting the security of cloud computing applications and providing educational training on cloud computing applications designed to help secure other forms of computing. CSA is an industry of practitioners, enterprises, associations and other key shareholders in the broad participation of the alliance.