What is CCM?

While the cloud’s business case is as compelling as ever, securing cloud infrastructure remains challenging. At the center of this challenge is the shared responsibility model that divides security responsibilities between cloud service providers (CSPs) and their customers. CSP customers are ultimately responsible for the security of their data, but they do not control all aspects of cloud security. The degree of control customers may exercise varies depending on the service provider, the CSP’s cloud business model, and the nature of the customer’s own cloud infrastructure.

The CSA created CCM to help clarify responsibilities and make cloud data more secure by:

  • Defining 17 domains of cloud technology.
  • Describing 197 security control objectives within those domains.
  • Providing guidance for appropriate implementation of these controls.
  • Mapping CCM controls to other security frameworks.
  • Creating a questionnaire for self-assessments of CCM compliance.

Every organization in the cloud supply chain can use CCM to enhance their security controls, assess vendor compliance, and reassure customers that their security systems follow the cloud computing industry’s best practices.