CLOUD SOLUTIONS
CLOUD SECURITY ALLIANCE AND CYBER RISK INSTITUTE CREATE CLOUD CONTROLS MATRIX
The Cloud Security Alliance ( CSA ), one of the world ’ s leading organisations dedicated to defining standards , certifications and best practices to help ensure a secure cloud computing environment , has announced that it has partnered with the Cyber Risk Institute ( CRI ), a non-profit coalition of financial institutions and trade associations , to develop an addendum to its Cloud Controls Matrix ( CCM ) – written specifically for the financial sector .
For many years , the cloud was a tempting , albeit forbidden , fruit for financial institutions . However , as Cloud Service Providers ’ ( CSP ) security measures have improved to accommodate most , if not all , of the financial sector ’ s regulatory requirements , increasing numbers of financial institutions are now looking to extend their rate of cloud adoption . Unfortunately , until now there hasn ’ t been a framework that adequately addresses this sector ’ s unique regulatory security requirements within the context of cloud computing .
“ Rather than layer new controls over CCM ’ s core set , we chose to partner with another like-minded organisation that would allow us to mutually take advantage of the work each of us has done in addressing cyber and cloud security . We are excited to further build on our relationship with CRI in what we see as the first step in creating a version of CSA Security , Trust , Assurance , and Risk ( STAR ) Level 2 specific to financial institutions ,” said Daniele Catteddu , Chief Technology Officer , Cloud Security Alliance . every business sector . Correspondingly , the CRI Profile , the financial sector ’ s benchmark for cyber-risk assessment , covered many of the financial sector ’ s unique cybersecurity requirements but lacked the specificity of cloud security . After mapping the controls within their respective frameworks , CSA and CRI performed a gap analysis to create and incorporate both cloud-specific controls into the CRI Profile , and correspondingly , financial sector-specific requirements into CCM .
“ When we released the CRI Cloud Profile in March 2022 , we knew it was a tremendous step forward for financial institutions looking to move to the cloud with confidence by outlining roles and responsibilities ,” said Josh Magri , Founder and President , CRI . “ This recent reverse mapping by CSA to the Profile is the missing piece that allows cloud service providers to speak financial sector language . This is not the end , though . We are excited to continue our collaboration with CSA and look forward to building on this success .” �
Cloud service providers ’ security measures have improved to accommodate most , if not all , of the financial sector ’ s regulatory requirements .
While CCM has become the de facto standard for cloud security assurance and compliance , it has not yet evolved to the point where it ’ s sufficient to satisfy the security and compliance requirements for
52 www . intelligentfin . tech