IANS, a Boston-based cybersecurity research and advisory firm, today announced the public availability of the Cloud Security Maturity Model (CSMM). The framework, developed in conjunction with Securosis, helps organizations understand their current cloud security practices and maturity across 12 categories over three domains.

"The CSMM is not a one-size-fits-all set of recommendations for any organization," said Kathy Sullaway, SVP of Client Success & Operations at IANS, who leads IANS' Faculty of over 60 expert security practitioners. "Instead, the model and associated diagnostic help organizations self-assess their existing cloud security activities, understand their strengths and weaknesses against the model and then make informed decisions about their cloud security strategy moving forward."

"As organizations move critical applications, data, and IP to the cloud, being intentional about the security of their cloud environment is critical," said Mike Rothman, President of Securosis. "The CSMM helps organizations of all sizes understand what the cloud security journey looks like as they move workloads and applications to the cloud. It's not about achieving level 5 maturity for every category, rather making conscious decisions having visibility of all aspects of their cloud security program when determining what makes sense for their organization."

IANS and Securosis are partnering with Cloud Security Alliance to integrate the CSMM into their cloud security research program. Jim Reavis, CEO, Cloud Security Alliance stated, "We are pleased to partner with IANS and Securosis to further the awareness and adoption of the Cloud Security Maturity Model within our community. Maturity models are a proven means for continuous improvement within information security and we intend to incorporate it within appropriate training programs and guidance."

The CSMM diagnostic evaluates 12 categories of cloud security capabilities over three domains:

• Foundational – Covers the activities organizations must consider as they begin to move to the cloud, including account creation, Identity and Access Management logging and monitoring, and incident response.
• Structural – Covers traditional network, application, and data security activities, and how those must evolve when moving to the cloud and optimizing for automation and elasticity.
• Procedural – The Procedural domain covers process oriented concepts that bring consistency and predictability to cloud deployments. This includes integrating security into software architecture to leverage secure design patterns, and into modern DevOps processes.

The CSMM diagnostic is available at iansresearch.com/cloudmaturity. Organizations can use the diagnostic to assess their cloud security program as a whole or an individual cloud project, then compare their results for each domain to other organizations. It helps justify and communicate security decisions by providing a common language and vocabulary to communicate what they need to achieve better cloud security.

About IANS

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision-making and articulating risk. We provide experience-basedsecurity insights for Chief Information Security Officers and their teams. The core of our value comes from the IANS Faculty, a network of seasoned practitioners. We support client decisions and executive communications with Ask-An-Expert inquiries, our peer community, deployment-focusedreports, tools and templates, and consulting. For more information, visit https://www.iansresearch.com.

About Securosis

Securosis is an information security research and advisory firm dedicated to transparency, objectivity, and quality. We are totally obsessed with improving the practice of information security. Our job is to save you money and help you do your job better and faster by helping you cut through the noise and providing clear, actionable, pragmatic advice on securing your organization. Following our guiding principle of totally transparent research, we provide nearly all our content for free. You can find out more about who we are, what we cover, and the services we offer at https://securosis.com/services.

About Cloud Security Alliance

Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA's activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For more information, visit https://www.cloudsecurityalliance.org.