CDSA Launches App & Cloud Assessment Program
The Content Delivery & Security Association (CDSA) has formally launched the CDSA App & Cloud Assessment Program, extending their long-running security and assessment work into the world of software-driven cloud technology.
This next step in securing an ever-evolving media and entertainment industry offers a unique approach toward addressing application and cloud security.
At its core is the new CDSA App & Cloud Control Framework, which was created by a group of 20 companies across the M&E space and seeks to allow technology vendors and their customers to identify and prevent application, device, storage and workflow vulnerabilities.
“We want the App & Cloud control framework to become a public, living document for the media and entertainment industry, allowing for unprecedented visibility into the complex ecosystem of creation and delivery,” said CDSA Chairman Ben Stanbury. “By de-mystifying the assessment process, the program can lead to increased usage of public, private and hybrid cloud, increased software development and cross-workflow integrations, and increased communication across physical and digital infrastructures.”
Other advancements include leveraging other security frameworks (such as SOC or PCI) that have overlap so we focus on the areas that are unique, dynamically linking to other data systems and feeds (such as the threats alerts that come from ME-ISAC), having this be “near-real-time versus past assessment approaches that tended to be once a year, incorporating configuration guidelines from app and cloud providers to that content tools are set up securely in the first place, and lastly having the results help our users and their businesses “manage risk” in easy to understand ways that complement their decision making.
Available in beta during the third quarter of 2021, with a full launch scheduled during the fourth quarter, CDSA App & Cloud high-level program goals include:
• Uniting cross-industry standards into a single control framework
• Aligning with major cloud providers certification programs
• Recognizing third-party cloud certifications and programs
• Assessments are not tied to a single date or physical location
• Affordable services across the ecosystem to companies of all sizes
• Tiered to size and scope of entity being assessed
“Our program goal is to provide consistency across multiple customers and cultures worldwide, allowing everyone to own their own security position, regardless of the product or service offered by any one company,” said Richard Atkinson, Executive Board Member and Treasurer, CDSA, noting that the App & Cloud control framework is not a set of priority controls, but is instead mapped to other authoritative, open-standard frameworks, including ISO, OWASP, CIS and CCM.
“We’re building an ecosystem of content, software, and cloud, with automated compliance and governance tools,” he added.