Why CSA CCM is a Good Starting Point in Your Compliance Journey?

  • May 24, 2021

It seems like every week, there is another cyberattack in the news. The tools and tactics used by cyber adversaries are more advanced than ever before. These attacks disrupt services, compromise client data, cost millions of dollars, and more. With new cyberattacks come new and more stringent regulations to protect data, users, businesses, and governments. 

At the same time, more organizations are using the cloud, which forces them to ensure the security of their own data and that of their clients and users. This use of the cloud must also comply with the new and ever-changing government regulations. Security and compliance truly go hand in hand. In fact, to stay compliant, your organization’s infrastructure must be secure. While it can be long and arduous, you must start your compliance journey with security. One of the best points to begin is with the Cloud Security Alliance (CSA) ’s Cloud Control Matrix (CCM). 


What is CSA CCM?

A leading organization in cloud security, the CSA is committed to defining the best practices to create a secure and protected cloud computing environment. They often serve as a bridge between government and industry as both work to make the digital economy safer and more secure. 

The CSA provides certifications and the tools to self-assess your organization’s maturity against market standards for free, including the Cloud Control Matrix (CCM). The CCM has 17 domains consisting of a total of 197 control objectives. The domains range from audit and assurance to governance, risk management and compliance, and many more.  A tool for the systematic evaluation of cloud implementation, CCM covers all major aspects of cloud technology and gives guidance on which security controls in the cloud supply chain should be implemented by which actor. 


Benefits of CSA Certification

The benefits of implementing the CSA CCM can not be overstated. They include but are not limited to:


  • A maturity level that can be cross-referenced with other companies and the market standard of your choice. 
  • Compatibility with ISO, NIST, etc.
  • The ability to check your maturity level against security controls and regulations across the industry.
  • Normalizes security terms and taxonomy, security expectations, and security measures in the cloud. 
  • Customer reassurance that their data is being protected in the cloud. 


The CCM Process

This process consists of guided self-assessments and checklists based on a methodology that has been evolving since 2009. It is in line with the CSA Security Guidance for Cloud Computing which has become the industry standard for security assurance and compliance. The current version, 4.0 of Cloud Control Matrix has been updated to include requirements derived from new cloud technologies, improved auditability of the controls, new controls and responsibility matrix, enhanced interoperability, and compatibility with other market standards. 

The road to compliance is not for the faint of heart. However, the CSA CCM is one of the best ways to become more secure and compliant and a very good place to start your journey. Once you have completed the CCM process, not only will you be able to assure your customers, clients, and your own stakeholders that their data is secure, but you will be on your way to compliance. 

Learn more about CSA CCM and how to start your compliance journey TODAY. 


Written by: Gaston Valdes
General corrections and edition: Diego Woitasen