Video

Strengthen Your Cloud Governance and Compliance Framework

CISOs and CIOs Need to Make Cloud Security Decisions Based on Data and Evidence
Daniele Catteddu, CTO at Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA) is in the process of updating its guidelines from v4.0 to 5.0. The revised guidelines, to be released around Q3 2023, are a collection of recommendations and best practices for cloud infrastructure security.

See Also: The State of Enterprise Mobile App Security 2023: Results Analysis

"CIOs and CISOs should start pushing security controls into the DevOps function," says Daniele Catteddu, CTO at CSA. "The typical developer environments focus on delivering codes faster and not so much on delivering codes securely. This mindset has to change."

CSA has also unveiled Cloud Controls Matrix (CCM) - a set of 197 controls structured in 17 domains. As part of CCM, a detailed questionnaire needs to be filled out by both enterprises and cloud service providers to check whether those controls are in place. It also contains implementation and audit guidelines.

In Part 1 of this interview with Information Security Media Group, Catteddu explored how organizations should keep a close watch on common pitfalls like over-provisioning, cloud misconfigurations, privileged user access, IAM and API security. In Part 2, he discusses:

  • How to address low-hanging fruits to secure cloud;
  • The need to embed security in DevOps;
  • Adherence to security controls to ensure cloud governance, compliance and risk management.

Catteddu identifies technology trends, global policies and their impact on information security and CSA's activities. In his career spanning more than two decades, he worked at CSA as managing director for the EMEA region and at European Network and Information Security Agency as an expert in areas of critical information infrastructure protection.


About the Author

Rahul Neel Mani

Rahul Neel Mani

Founding Director of Grey Head Media and Vice President of Community Engagement and Editorial, ISMG

Neel Mani is responsible for building and nurturing communities in both technology and security domains for various ISMG brands. He has more than 25 years of experience in B2B technology and telecom journalism and has worked in various leadership editorial roles in the past, including incubating and successfully running Grey Head Media for 11 years. Prior to starting Grey Head Media, he worked with 9.9 Media, IDG India and Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cio.inc, you agree to our use of cookies.