LockPath, a provider of GRC solutions, has joined the Cloud Security Alliance, a non-profit group that promotes best practices for securing cloud computing.
LockPath’s Keylight GRC Platform is used to manage IT and enterprise risk and demonstrate regulatory compliance. With its fully integrated suite of applications designed to manage all facets of GRC programs, including compliance frameworks, risk assessments and control libraries, Keylight brings order to information governance, risk management and IT security.
LockPath will work with CSA to provide the Cloud Controls Matrix (CCM), a controls framework that gives detailed understanding of security concepts and principles. The CCM is designed to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.
The CCM is based on industry security standards, regulations, and controls frameworks, such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP. As a framework, the CSA CCM provides organizations with the structure, detail and clarity required for tailoring information security to the cloud industry.
LockPath will also provide CSA’s Consensus Assessments Initiative Questionnaire (CAIQ), which was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments. This initiative is focused on providing industry best practices for documenting security controls in IaaS, PaaS, and SaaS offerings, providing security control transparency.