The Cloud Security Alliance, a not-for-profit organization promoting security best practices for cloud computing, has updated its Cloud Control Matrix placing emphasis on mobile security and several other new categories.
The broad coalition of industry practitioners, corporations and associations releases the CCM to provide recommendations on cloud security. It covers areas such as data centre, hardware and software security and vulnerability assessment.
The latest version of the CCM covers the new categories of mobile security; supply chain management, transparency and accountability; interoperability and portability; encryption; and key management.
It was only natural to focus on mobile security because the area is becoming more and more popular these days, according to Sea Cordero, co-chair of the CCM working group and president of the cloud security consultancy firm Cloud Watchmen.
He said the coverage was spurred by the “organic growth of BYOD,” it is necessary for business users to be clear on what the “rules of the game” are.
Cordero said the mobile category will cover best practices regarding how to access cloud-based services using mobile devices, how mobile device management (MDM) tools are delivered through software-as-a-service (SaaS) channels and clearly defined mobile use policies.
Another new area tackled by the updated CCM is supply chain management, transparency and accountability.
Cordero said customers need to have a clear understanding of how data is handled by their provider. There are instances, he said, when a provider is working with a third-parties and this presents an added security risk.
Customers need to know the entire supply chain of their data, he said.