Any cloud organization who is serious about securing their solution should review the latest updates to the CSA’s guidance documentation. In a press release, the CSA is announcing that it has released updated to some of its most popular literature which helps establish standards for security. The Cloud Controls Matrix, which is referred to as CCM, and the Consensus Assessments Initiative Questionnaire are both updated to version 3.0.1.
Jim Reavis, the CEO of CSA is quoted as saying, “With the release of the new CAIQ and CCM, alongside a strong migration path to CSA’s Security, Trust & Assurance Registry, we have intentionally created a much needed one-stop-shop in the cloud provider assessment process.” Having a one-stop-shop as Reavis puts it for all of your cloud security intelligence is critical in this ever evolving technical landscape.
Reavis described the advantages of the new updates by saying, “This will allow cloud providers to be more transparent in the baseline assessment process, helping accelerate the implementation process where cloud consumers will be able to make smart, efficient decisions. We expect the new versions to have an enormous and positive impact on the cloud industry.”
The updates also streamline security guidelines for cloud providers. The press release goes on to say that the updates to the guidance documentation reduce redundancies while increasing clarification on high level topics. Managing director Danielle Catteddu mentions, “With the release of the new CCM and CAIQ, we are creating an incredibly efficient and effective process for cloud providers to better demonstrate transparency and improve trust in the cloud, which is the ultimate mission of the CSA.”
What exactly is the CAIQ? It is a simple yes or no questionnaire that is designed to foster a discussion between a provider and a prospective client. The answers in this document essential become a score card for the organization who answers the questions. What about the CCM? The CSA describes the CCM as being “Specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.”