CSA Interact website will be hosting the draft version of CCM v3.0 with the peer review option available until March 27, 2013. The final release of CCM v3.0 will be on April 1, 2013.
According to the Cloud Security Alliance, the Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CCM provides a control framework that gives a detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains
The latest version supposedly realigns the CCM control domains for attaining tighter integration with the CSA’s “Security Guidance for Critical Areas of Focus in Cloud Computing version 3” and also proposes three new control domains namely “Mobile Security,” “Supply Change Management, Transparency and Accountability”, and “Interoperability & Portability.”
Built over CSA’ Security Guidance for Critical Areas of Mobile Computing, v1.0, the “Mobile Security” controls are stated to be first ever mobile device with specific controls added into CCM, while the Supply Change Management, Transparency and Accountability domain is for fixing issues involved in governing data with the cloud. The Interoperability & Portability is for bringing down service disruptions usually caused by change in cloud vendor relationship or expansion of services.
CCM strengthens existing information security control environments by emphasizing business information security control requirements and reducing and identifying consistent security threats and vulnerabilities in the cloud.
During the CSA Cloud Controls Matrix Working Group Session to be conducted on February 28 in San Francisco, attendees will be provided a chance to meet working group members and learn about the Cloud Controls Matrix from CSA’ industry experts.