The Cloud Security Alliance (CSA),
the world's leading organization dedicated to defining standards,
certifications and best practices to help ensure a secure cloud
computing environment, today announced a call for subject-matter experts
to support the ongoing review of its flagship document, the Cloud Controls Matrix (CCM),
Version 4 of which will be released later this year. CCM v4 will
reflect the current cloud technology landscape, providing cloud users
with a better, more comprehensive security framework and guidelines to
facilitate both implementation and audit.
Additionally, CSA is pleased to announce that the Certificate of Cloud Auditing Knowledge (CCAK) subject-matter
expert working group has held initial program development meetings and
that the CCAK credential and courseware will be previewed at CSA's SECtember conference
(Seattle, Sept. 14-18). The CCAK is a new credential for industry
professionals that demonstrates expertise in the essential principles of
assessing and auditing cloud computing systems and will be released in
the second half of 2020. The CCAK will provide a common baseline of
knowledge and shared nomenclature to ensure that IT and security
professionals, as well as auditors, have the right expertise and tools
to appropriately and accurately understand and measure the effectiveness
of cloud security controls.
"For
11 years, the Cloud Security Alliance has led the industry in
delivering the necessary innovations to build the trusted cloud
ecosystem on a global basis. In 2020, CSA will focus on supporting the
cloud community in acquiring the necessary tools, skills, and expertise
to ensure that the many iterations of cloud meet robust security and
privacy objectives," said Daniele Catteddu, Chief Technology Officer,
Cloud Security Alliance. "As organizations adopt DevOps, CI/CD, and
related innovations, the audit function must keep pace. With the release
of CCM and CCAK, we continue to support the community in their cloud
journeys."
The
Cloud Controls Matrix is the de facto standard in the market. Its
latest iteration will include new control objectives in areas such as
container and microservices, cryptography, and identity and access
management, along with implementation guidance, and will improve upon
the auditability of existing controls.
Cloud
auditing skills are becoming a mandatory requirement for IT auditors
and will become fundamental expertise for any IT manager and
professional, especially in the areas of governance, risk management,
compliance, and vendor/supply chain management. Traditional IT audit
education and certification do not adequately prepare professionals for
the challenges cloud provides. Recent breaches demonstrate the knowledge
and responsibility gap that comprehensive cloud auditing frameworks
such as the CCAK will solve.
Those interested in contributing to the development of the CCAK are encouraged to join the CSA Cloud Audit Expert Group. Group members should be familiar with CSA's best practices and control frameworks, such as the Cloud Controls Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ), and CSA STAR levels of assessment,
as well as have knowledge in such key areas as cloud risk management,
compliance, continuous auditing, and more. Members will be tasked with
reviewing and providing advice on the scope, curriculum, objectives
structure, go-to-market, and value proposition for the CCAK.