By Alan Eng, Senior Manager/Product Marketing, Vormetric
It is well documented that security is the leading concern hindering cloud adoption. However, it is not so clear cut how to build secure cloud services, or how to assess whether cloud services adhere to relevant security requirements. The Cloud Security Alliance (CSA) Cloud Control Matrix (CCM) framework was specifically designed to offer insights on these topics. The CCM framework provides fundamental security principles to guide cloud service providers (CSPs) and to assist prospective cloud customers in assessing the overall security risk of a cloud offering.
Using the latest CCM framework, version 3.0.1, Vormetric has created two white papers that shed further light on these critical topics. One paper helps cloud providers understand how to meet industry security guidelines with Vormetric data security solutions. The second paper explains how customers looking to adopt cloud services can assess whether their cloud vendors adhere to cloud security best practices. This paper also describes which Vormetric solutions to look for in complying with these standards.
The CCM is aligned with many industry standards and control frameworks, including International Organization for Standardization (ISO) 27001 and 27002, ISACA COBIT, National Institute of Standards and Technology (NIST), Jericho Forum, North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP), the Payment Card Industry Data Security Standard, version 3, and several others. As a result, CSPs can meet a number of industry security guidelines simply by adopting CCM requirements. In addition, the CCM framework features the Consensus Assessments Initiative Questionnaire (CAIQ), a detailed questionnaire that customers can use to assess the security capabilities of CSPs.
To develop our white papers, Vormetric staff worked with CSA CCM experts to identify which requirements pertained to data security. These white papers explain how the Vormetric Data Security Platform meets critical data security requirements.
By leveraging these white papers, security teams at CSPs can establish a clear path forward for securing data in their cloud environments. Further, executives at enterprises can use a concrete list of questions to assess and qualify prospective CSP offerings and ensure their data security needs are met. Below is a brief description of each white paper and the link to download the paper directly.
Industry Guidelines for Building Secure Cloud Services: This white paper explains how CSPs can use the Vormetric Data Security Platform to address CCM requirements for data segregation, persistent protection of customer data, data access monitoring and auditability, availability, and data destruction.
Best Practices for Assessing Your Cloud Data Security Services: This white paper offers a detailed look at how Vormetric solutions address the requirements specified in the CAIQ. In addition, the paper details what enterprise decision makers should look for in their cloud data security services.
Both white papers are also available on the Vormetric resources page.