ISO Standard for Cloud Security to augment the Cloud Controls Matrix

 

The Cloud Security Alliance (CSA) has announced that it will partner with ISO to develop key standards for cloud security.

 

CSA will have a key role in the development of cloud security and privacy standards under ISO/IEC.

 


CSA will initially collaborate on two projects. One is a new work item proposal for cloud security, reinforcing previous work done on the Code of Practice for Information Security Management (ISMS) found in the ISO/IEC 27002 International Standard. The aim is to provide guidelines on information security controls for the use of cloud computing services based on ISMS security controls. The other project involves information security for supplier relationships.

 

Cloud Security is still a major concern for many companies. According to the Eight Annual Global Information Security Survey, despite the value many companies see in cloud Computing, companies are still afraid of the security implications. A key concern that was articulated by respondents to the survey was the uncertainity about their ability to enforce security policies at a provider site.

 

CSA has provided a framework called the Cloud Controls Matrix (CCM) which is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains.

 

The Cloud Controls Matrix can be downloaded here.