Cloud Security Alliance’s new guidelines focus on mobile, data management

Grazed from Network World. Author: Brandon Butler.

The Cloud Security Alliance has updated its Cloud Control Matrix (CCM), which is designed to help organizations vet the security credentials of cloud service providers. The CCM provides recommendations of best practices for securing the cloud. It covers a wide variety of areas, from data center, hardware and application security, to business continuity and vulnerability assessment. The third version of the CCM, released last week, includes guidelines for five new categories: mobile security; supply chain management, transparency and accountability; interoperability and portability; and encryption and key management.

Mobile was a natural area to focus new security best practices on because it’s becoming a popular use case for the cloud, says Sean Cordero, co-chair of the CCM Working Group that helped create the guidelines. The mobile best practices cover not only how cloud-based services are accessed via mobile devices, but also how software like mobile device management (MDM) tools are delivered through an SaaS offering…

One recommendation, for example, is to have a clearly-defined mobile use policy and to ensure that everyone within the organization is familiar with it. While somewhat obvious, many customers lack a fundamental policy to control which services users can access from their mobile devices, Cordero says…

Read more from the source @ http://www.networkworld.com/news/2013/093013-cloud-security-alliance-274325.html?hpg1=bn