Essential Guide

Browse Sections

How to evaluate cloud providers
The realities of working with a cloud provider
Cloud provider metrics and controls
Expert advice for potential CSP customers
- Guard security with a careful cloud provider evaluation
- What cloud providers' customers must know about security standards and provider visibility
Do you know cloudspeak?

BACKGROUND IMAGE: iSTOCK/GETTY IMAGES

This content is part of the Essential Guide: How to evaluate, choose and work securely with cloud service providers

Definition

Cloud Controls Matrix

WhatIs.com

Contributor(s): Marcia Savage

The Cloud Controls Matrix (CCM) is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.

The Cloud Controls Matrix is aligned with CSA’s guidance in 16 security domains, including application security, identity and access management, mobile security, encryption and key management and data center operations. CCM, which is part of the CSA Governance, Risk and Compliance (GRC) Stack, is mapped to multiple industry standards, regulations and frameworks that enterprises must follow, including ISO 27001/27002, PCI DSS, HIPAA and COBIT.

CCM v3.0.1 is available as a free download to help companies evaluate cloud providers and guide security efforts. The matrix can also be used by cloud providers who wish to submit themselves to the CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by cloud computing service providers.

The Cloud Controls Matrix is designed to align well with the Consensus Assessments Initiative Questionnaire (CAIQ), a yes/no question set for identifying specific topics that a customer may want to discuss with potential cloud service providers.

This was last updated in July 2014

Continue Reading About Cloud Controls Matrix

Cloud security standards provide assessment guidelines

CSA on its Cloud Controls Matrix

CSA cloud provider registry aims to boost cloud transparency

CSA licenses cloud transparency tool from CSC

CSA Cloud Controls Matrix page

Essential Guide

Cloud Controls Matrix

Continue Reading About Cloud Controls Matrix

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchSecurity

Project Zero finds Logitech Options app critically flawed

Risk & Repeat: NRCC breach stokes election security fears

Operation Sharpshooter targets infrastructure around the world

SearchCloudComputing

When to manage APIs with cloud-native vs. third-party tools

Microsoft doubles down on Kubernetes with Azure Monitor, AKS

Microsoft ups its AI game with Azure Machine Learning service

SearchAWS

A look at the AWS hardware update that fuels its A1 instances

DynamoDB pricing option makes it a go-to for serverless apps

AWS enterprise strategy targets industry verticals

SearchCloudApplications

Microsoft Azure Dev Spaces, Google Jib target Kubernetes woes

With progressive web applications, developers blur the lines

Web app development morphs as apps and websites merge

SearchServerVirtualization

Review the top 9 virtualization techniques of the year

Manage large volumes of VM data with these storage tactics

AIOps use cases address complexity in virtual data centers

SearchVMware

VMware Pulse IoT could be the future of edge computing

How to use a VMware content library

New vSphere HTML5 client features, future direction explained

ComputerWeekly.com

Global server revenue hits record quarterly high as hyperscale demand for datacentre kit soars

Iranian cyber espionage highlights human element

Ofcom tells ISPs to be upfront about better broadband deals

Continue Reading About Cloud Controls Matrix

Related Terms

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.

File Extensions and File Formats