Cloud Security Alliance releases new model to assist cloud computing risk assessment
- Published: Wednesday, 26 June 2019 07:47
The Cloud Security Alliance (CSA) has developed the Cloud Octagon Model, a new approach to overcoming the challenges involved in cloud computing environments. This model, which can be used in conjunction with CSA’s Cloud Controls Matrix (CCM) or Consensus Assessments Initiative Questionnaire (CAIQ), makes it easier for organizations to identify, represent, and assess risks in the context of their cloud implementation across multiple factors by introducing a logical approach to holistically dealing with security aspects involved in moving to the cloud.
The Cloud Octagon Model stems from an approach conceptualized and implemented by the Cloud Security Group within the Technology & Engineering department, Corporate Information Security Office (CISO), ABN AMRO Bank NV (Netherlands). It counts such aspects as procurement, IT governance, architecture, development and engineering, service providers, risk processes, data classification, and country. The model provides practical guidance and structure to all involved risk parties in order to keep pace with rapid changes in privacy and data protection laws and regulations, and changes in technology and its security implications. The model aims to:
- Reduce risks associated with cloud computing;
- Improve the effectiveness of the cloud risk team;
- Improve manageability of the solution; and
- Improve security.
The model can be supplementary to an organization’s existing risk assessment methodology in the event, for example, that it already has procedures and tools for cloud risk assessment or its regulator demands that the risk assessment methodology be supported by international standards.