The CSA (Cloud Security Alliance) is the world’s leading organization dedicated to defining and raising awareness about the security best practices, which will help ensure a secure cloud computing environment. CSA governs the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and podcasts.
CSA has involved deeply in building a strong foundation for the cloud security ecosystem. In a recent RSA Conference, held at San Francisco, CSA announced an invitation for the security professionals to review its flagship document, the Cloud Controls Matrix (CCM) Version 4. The announced version will be released in the second half of the year.
CCM v4 promises to reflect the current scenario of the cloud industry, providing cloud end-users with a comprehensive security framework and guidelines to facilitate both implementation and audit.
What is Cloud Controls Matrix (CCM)?
The Cloud Controls Matrix is acknowledged as a de facto standard in the market. The most recent version will include new control objectives in areas such as container and microservices, cryptography, and identity and access management, along with implementation guidelines, and is expected to improve as existing controls goes through scrutiny.
In addition to this, CSA announced the Certificate of Cloud Auditing Knowledge (CCAK), and the subject-matter expert working group has held meetings for initial developments. The details related to CCAK will be presented at the CSA’s SECtember conference scheduled on Sep. 14-18 at Seattle.
Suggested Reads: How India’s cloud market will take shape by 2023?
What is a Certificate of Cloud Auditing Knowledge (CCAK)?
The CCAK is a new standard certification for industry professionals governed by CSA. The CCAK certified professionals will hold expertise in the fundamental principles of evaluating and auditing cloud computing systems.
This will help in providing a common baseline of knowledge and shared terminology to ensure that IT and security professionals, as well as the auditors, have the right expertise that too equipped with the right set of tools. The experts can understand and assess the level of cloud security controls.
Suggested Reads: SASE: A sassy future of network security in cloud defined by Gartner
Why is there a need for CCM v4 and CCAK?
The security breaches have created havoc in the virtual world. Even the cloud has not been left untouched by security breaches, and every year the number of breaches breaks the record.
The most prominent reason is the lack of skilled professionals to understand cloud security systems clearly. Cloud auditing skills are considered as pre-requisites for the IT auditors. The traditional IT audit knowledge and certification are not enough to assess and tackle the cloud security issues. The CCAK bridges this gap and prepares professionals to demonstrate the security expertise in cloud systems.
CSA calls for security professionals
The cloud has brought a paradigm shift, and security as you know it is changing. Cloud Security Alliance (CSA) is holding the baton to set the security benchmarks for the dynamic cloud systems. CSA’s flagship document Cloud Controls Matrix is ready to introduce its Version 4. In the light of mega security breaches last year, there is a need for updating the previous documents to analyze and tackle the cloud vulnerabilities.
CSA is calling the professionals to review CCM v4 to set the top-notch guidelines to secure cloud systems.
CMI is dedicated to bringing out the best information around cloud technology. Subscribe to our newsletter to think beyond the traditional cloud concepts.