Cloud Security Alliance and Cyber ​​Risk Institute Partner to Create Addendum to Cloud Control Matrix (CCM) for Financial Industry

SEATTLE–(BUSINESS WIRE)–The Cloud Security Alliance (CSA), the leading global organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced its partnership with the Cyber ​​Risk Institute (CRI)a non-profit coalition of financial institutions and professional associations, to develop an addendum to its Cloud Control Matrix (CCM)written specifically for the financial industry.

For many years, the cloud has been a tempting, albeit forbidden, fruit for financial institutions. However, while cloud service provider (CSP) security measures have improved to meet most, if not all, financial industry regulatory requirements, a growing number of financial institutions are now looking to extend their rate. cloud adoption. Unfortunately, until now, there has been no framework that adequately addresses the industry’s unique regulatory security requirements in the context of cloud computing.

“Rather than layering new controls on top of the CCM core set, we chose to partner with another like-minded organization, which would allow us to mutually leverage the work each of us has done on cybersecurity and cloud security. We are excited to further develop our relationship with CRI in what we see as the first step in creating a release of CSA Security, Trust, Assurance and Risk (STAR) Level 2 specific to financial institutions,” said Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance.

While CCM has become the de facto standard for cloud security assurance and compliance, it has yet to evolve to the point where it is sufficient to satisfy the security and compliance requirements of every industry. . Consequently, the CRI Profile, the financial industry’s benchmark for cyber risk assessment, covered many cybersecurity requirements unique to the financial industry, but lacked the specificity of cloud security. After mapping the controls into their respective frameworks, CSA and CRI performed a gap analysis to create and integrate the cloud-specific controls into the CRI profile and, accordingly, the financial industry-specific requirements into the CCM.

“When we released the CRI cloud profile in March of this year, we knew this was a great step forward for financial institutions that wanted to move to the cloud with confidence by defining roles and responsibilities. This recent CSA-to-profile reverse mapping is the missing piece that allows cloud service providers to speak the language of the financial industry,” said CRI Founder and President Josh Magri. “It’s not the end, however. We are delighted to continue our collaboration with the ASC and look forward to building on this success. »

Financial organizations interested in learning more about the CRI profile are invited to attend the session, The Cloud Profile: A Rosetta Stone for Cloud, Security, and Finance Sector Compliance, at CxO Summit in Barcelona June 29.

Learn more about the cloud control matrix and the financial services addendum.

About Cyber ​​Risk Institute

The Cyber ​​Risk Institute (CRI) is a non-profit coalition of financial institutions and trade associations. CRI strives to protect the global economy by improving cybersecurity and resilience through the standardization of ratings. Its Cyber ​​Profile tool is the benchmark for cybersecurity and resilience in the financial services industry. Learn more about https://cyberriskinstitute.org/.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA leverages the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to deliver safety-specific research, education, training, certification, events and products from the cloud. CSA’s activities, knowledge and extensive network benefit the entire cloud-affected community – from vendors and customers to governments, contractors and the insurance industry – and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For more information, visit www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

About Florence L. Silvia

Check Also

Manchester’s new art space is set to open next year

A contemporary dance performance directed by filmmaker Danny Boyle and designed by British artist Es …