Home
Topics
Cloud Computing Compliance, Audit and Data Governance
Cloud Computing Frameworks and Standards
Cloud Controls Matrix

Definition

Cloud Controls Matrix

The Cloud Controls Matrix (CCM) is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.

CCM is available for free download to help companies evaluate cloud providers and guide security efforts. Security remains a top concern for enterprises as they adopt cloud computing, and the Cloud Controls Matrix is an attempt to bridge the gap and provide a standard for security measures implemented in the cloud.

The Cloud Controls Matrix is part of a set of cloud computing standards from the Cloud Security Alliance called the GRC Stack. The toolkit includes CloudAudit, the Cloud Trust Protocol and the Consensus Assessments Initiative Questionnaire, a set of questions a cloud customer can ask a cloud provider to gauge its security. The Cloud Controls Matrix is aligned with the Cloud Security Alliance’s guidance in 13 security domains such as application security, identity and access management and data center operations and is mapped to multiple industry standards, regulations and frameworks that enterprises must follow, including ISO 27001/27002, PCI DSS, HIPAA and COBIT.

The Cloud Security Alliance released Version 2.1 of its Cloud Controls Matrix in August 2011.

Related glossary terms: SSAE 16, cloud computing, CloudAudit, Trusted Cloud Initiative, Computación en la nube , FedRAMP 3PAO (third-party assessment organization)

Contributor(s): Marcia Savage

This was last updated in October 2011

Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchCloudSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

(ISC)2, CSA partner on new cloud security certification

The yet-unnamed certification will seek to validate skills of cloud security pros, but it's unclear how it may complement or overlap with existing certs.
CSA offers new initiatives to address SMB cloud security issues

In response to growing SMB cloud security issues, the Cloud Security Alliance announced a new working group and membership level focused on SMBs.
NIST cloud security spec addresses cloud geolocation, data security

The new NIST cloud security proof-of-concept implementation details how to manage workloads based on cloud geolocation data.

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

Research More Tech Terms

Search thousands of tech definitions
Browse tech definitions
Browse Alphabetically:
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
- #

Powered by WhatIs.com

File Extensions and File Formats

File Extension and File Formats List:

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
#

Powered by WhatIs.com

More from Related TechTarget Sites

Security
Security Channel
Security UK
Cloud computing
Server Virtualization
VMware

Security
- Using EMET to harden Windows XP and other legacy applications
  
  Expert Michael Cobb details how using EMET, a free tool from Microsoft, can harden Windows XP and other legacy applications.
- Beyond privacy policies: Practical privacy for websites and mobile apps
  
  Posting a privacy policy is not enough. Here's practical advice for privacy on websites and mobile apps.
- Exploit kits evolved: How to defend against the latest attack toolkits
  
  Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.
Security Channel
- Websense Partner Program
  
  Learn about bandwidth management vendor Websense's partner program in this standardized checklist.
- Tripwire, Inc. Partner Program
  
  Learn more about configuration control software vendor Tripwire, Inc.'s partner program in this standardized checklist.
- Configuring privilege levels
  
  This section of the chapter excerpt focuses on supporting multiple administrative levels of router configuration.
Security UK
- Infosecurity 2012: IPv6 challenges to network security
  
  In this video interview, Ian Kilpatrick of Wick Hill discusses the IPv6 challenges that small and medium businesses are just beginning to address.
- Apache DDoS vulnerability requires immediate update to avoid threat
  
  Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.
- Learn how to utilize a free spam-filtering service for your SMB
  
  Learn how a Web-based free spam-filtering service can secure email and prevent spam from attacking your enterprise.
Cloud computing
- Google Compute Engine prices on par with AWS -- for now
  
  Conventional wisdom has Google and AWS locked in the Price War of the Titans with the launch of GCE, but a deeper look reveals a different truth.
- Limiting the effects of cloud computing outages
  
  After making the case for cloud based on high availability, IT pros are upset by cloud outages. With planning, there are ways to craft a strategy.
- Amazon Redshift an appealing alternative to on-premises data warehouse
  
  Amazon Redshift has intriguing pricing and features, but beware of its differences from a traditional, on-premises data warehouse.
Server Virtualization
- How can I enable automated VM resource provisioning?
  
  As with many other facets of virtualization, VM resource allocation is becoming automated. Find out what tools you can use for automated provisioning.
- Columbia Sportswear's move from virtualization to private cloud computing
  
  Columbia Sportswear parlayed server virtualization into a private cloud. Along the way, it found that its management tools needed serious rethinking.
- Power management a must for oVirt high availability
  
  Dodge dreaded downtime by enabling power management in your oVirt 3.1 environment.
VMware
- IT, meet security: Why vSphere security is all about collaboration
  
  Strong vSphere security comes from collaboration and the right server virtualization security tools and processes.
- How the VMware Hardware Compatibility Guide keeps everyone safe
  
  Enterprise IT is a balancing act between new innovative gadgets and proven tools. Find the middle ground with the VMware Hardware Compatibility Guide.
- Parsing the use of vSphere vs. ESXi to describe VMware virtualization
  
  VMware's virtualization hypervisor goes by ESX/ESXi and vSphere. The difference in when to use ESXi vs. vSphere terms is subtle.

All Rights Reserved,Copyright 2011 - 2013, TechTarget