CIO Influence
CIO Influence News IoT Networking

Cloud Security Alliance Updates Internet of Things (IoT) Controls Matrix with New Incident Management Domain and Enhanced Technical Clarity and Referencing

Cloud Security Alliance Updates Internet of Things (IoT) Controls Matrix with New Incident Management Domain and Enhanced Technical Clarity and Referencing
Expanded Matrix aimed at enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the Internet of Things (IoT) Controls Matrix Version 3 and the accompanying Guide to the CSA IoT Controls Matrix Version 3. Created by the CSA IoT Working Group, Version 3 of the Matrix builds upon previous iterations, increasing the number of controls to 199 while adding a new incident management domain and improving technical clarity and referencing. Together with the guide, the Matrix will help users – especially those with enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies – identify appropriate security controls and allocate them to specific architectural components, including devices, networks, gateways, and cloud services.

Latest ITechnology News: AudioCodes Is an Approved Partner for Microsoft Operator Connect Accelerator

“The IoT market continues to expand with newly introduced advances in connectivity and autonomy across industry sectors. But relying on IoT-generated data and features requires organizations that adopt these new technologies to plan for accessible, secure, and resilient deployments. Given the rapid evolution of connected technologies and the constant flow of new threats, it can be challenging without a roadmap on how to move forward,” said Aaron Guzman, IoT Working Group Co-chair and one of the paper’s lead authors.

Version 3 of the Matrix can be used across numerous IoT domains from systems processing only “low-value” data with limited impact potential to highly sensitive systems that support critical services. The companion guide explains how to use the Matrix to evaluate and implement an IoT system, and provides a column-by-column description and explanation. Additionally, it has been updated to include industry profiles, which represent starting points for securing industry-specific IoT devices, such as medical devices, vehicles, and autonomous systems.

“Creating a safe IoT environment requires security engineering that addresses unique risks and employs appropriate mitigation measures. The IoT Controls Matrix offers up a starting point for organizations looking to better understand and implement security controls within their IoT architecture,” said Michael Roza, Risk, Audit Control and Compliance Professional and one of CSA’s Research Fellows and a lead author of all three versions of the IoT Controls Matrix.

Latest ITechnology News: TiVo and TELEV8 Deliver Reimagined TV Experience for Hospitality and Visitor-based Venues

The IoT Controls Matrix (formerly called the IoT Security Controls Framework), first released in early 2019, introduced 155 base-level security controls required to mitigate many of the risks associated with an IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies. Today, it continues to be used by system architects, developers, and security engineers along with auditors and penetration testers in evaluating their implementations’ security as they progress through the development lifecycle to ensure they meet industry-specified best practices.

The IoT Controls Matrix complements the CSA Cloud Controls Matrix, CSA Enterprise Architecture, and other best practices as part of a holistic approach to securing the cloud ecosystem. The Matrix and accompanying guide are free resources and are available for download now.

The CSA IoT Working Group develops frameworks, processes and best practices for securing connected systems. The Working Group addresses topics including data privacy, safety and security at the edge and in the cloud. Individuals interested in becoming involved in future IoT research and initiatives are invited to visit the Join page.

Latest ITechnology News: Medecision Joins Google Cloud Partner Advantage Program

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Rackspace Technology Introduces a New Cloud DNS v2 API

Ferret Raises $4 Million Seed Round to Scale the First ‘Relationship Intelligence’ Platform

CrowdStrike Introduces Humio for Falcon, Redefining Threat Hunting with Unparalleled Scale and Speed

Leave a Comment