With the rise of mobile business environments, cloud services, IoT, and bring-your-own-device (BYOD) policies, the nature of security has changed dramatically. Perimeters are extinct, and our data is everywhere. Meanwhile, hackers are armed with the newest technology and techniques and are taking advantage of the changing data security landscape.
The types and frequency of security threats continue to grow.
Since 2005, the number of breaches has risen consistently in the United States, with 1,473 breaches recorded in 2019, exposing over 164.68 million sensitive records.
For all of these reasons, organizations today need to have formal plans in place to mitigate cybersecurity risks and protect their valuable assets.
Here at Hyperproof, our mission from day one has been to help organizations mitigate risk, by providing software that helps infosec and compliance teams build effective compliance programs.
To achieve this mission, we’ve built software that enables our customers to understand and implement best-in-class cybersecurity and data privacy standards in their organizations (e.g. NIST SP 800-53, ISO 27001). Implementing these security standards can help organizations ensure they have a solid security baseline and, more importantly, practice good hygiene on an ongoing basis to build resiliency, a necessity in our dynamic risk environment.
To that end, as experts in cybersecurity, network security, and data privacy enhance their knowledge of how specific threat vectors work and develop best practices for protection and mitigation, Hyperproof incorporates these expert-developed frameworks into our product so our customers can use them to improve their security posture.
At this time, Hyperproof’s compliance operations platform has added support for the premier compliance framework for managing cloud security: Cloud Security Alliance Cloud Controls Framework (CSA CCM).
In this article, we’ll provide some key facts on this framework and why you may want to leverage it to ensure a continuously secure posture in your cloud environments. We’ll also highlight how to use Hyperproof to manage your compliance effort.
What is the Cloud Security Alliance Cloud Controls Matrix (CCM)?
According to the Cloud Security Alliance, the Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and assist potential cloud customers in assessing the overall security risk of a cloud provider. Organizations implement the CCM as a way to strengthen their existing information security control environments. It delineates control guidance by service provider and consumer and by differentiating according to the specific cloud model type and environment.
If you are a cloud vendor and your organization wants to conduct business with the government or any security-conscious enterprise, achieving cloud security certifications is the procurement gate. Cloud compliance frameworks like the CSA CCM provide the guidelines and structure necessary for maintaining the level of security your customers demand.
The CCM contains 16 control domains that are cross-walked to other industry-accepted standards, regulations, and control frameworks to simplify audits. The crosswalks include but are not limited to: ISO 27001/27002/27017/27018, NIST SP 800-53, AICPA TSC, ENISA Information Assurance Framework, German BSI C5, PCI DSS, ISACA COBIT, NERC CIP, and many others.
The latest version of CCM (v3.0) contains the following domains:
- Application and Interface Security
- Audit Assurance and Compliance
- Business Continuity Management and Op Resilience
- Chance Control and Configuration Management
- Data Security and Information Lifecycle Management
- Datacenter Security
- Encryption and Key Management
- Governance and Risk Management
- Human Resources Security
- Identity and Access Management
- Infrastructure and Virtualization
- Interoperability and Portability
- Mobile Security
- Security Incident Management, E-discovery, and Cloud Forensics
- Supply Chain Management, Transparency, and Access
- Threat and Vulnerability Management
While some of your cloud solution customers may be satisfied knowing that you have met the requirements of CMM, others may need greater assurance through third-party verification. To that end, The Cloud Security Alliance has developed a certification program called STAR. The value-added CSA STAR certification verifies an above and beyond cloud security stance that carries weight with customers. Further, the STAR registry documents the security and privacy controls provided by popular cloud computing offerings so cloud customers can assess their security providers to make good purchasing decisions.
How Hyperproof Supports Your Implementation Journey
In Hyperproof, you can utilize a program template that helps you put controls in place for each CCM control domain. Once you start adding controls, you can associate evidence to document that a control is implemented or tested and the result of the test. Hyperproof makes it easy to collaborate with other colleagues whose work touches the domains within the CCM. The application comes with dashboards so you can gauge your progress as you work towards the STAR certification.
In Hyperproof, you can utilize the CSA CCM (Version 3.0.1) template to expedite your implementation. The template contains 133 control objectives that are structured in 16 domains, covering all key aspects of the cloud technology.
With the Hyperproof template, you can start to customize the controls to fit your specific circumstances and then collect evidence to show that a control is implemented and working as intended. Hyperproof also makes it easy to collaborate with other colleagues. For instance, you can assign control owners and invite others to work on controls in Hyperproof and set automated reminders for colleagues to evaluate controls. And Hyperproof provides dashboards so you can gauge your progress as you work through control domains.
Not only does Hyperproof help you implement the framework faster, it allows you to ensure that controls are managed on an ongoing basis so you can keep up with events that may change your risk profile.
If you’d like to learn more about how Hyperproof can help you achieve the oversight, consistency, and efficiency you need to run an effective compliance program — we’d love to talk to you.
Monthly Newsletter