Implementing CCM: Put Together a Business Continuity Management Plan

1 week ago 3
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

CSA’s Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It contains 197 control objectives structured into 17 domains that cover all key aspects of cloud technology. You can use CCM to systematically assess a cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which security controls.

CCM Domains

list of the 17 CCM domains

Today we’re taking a closer look at implementing the third domain of CCM: Business Continuity Management and Operational Resilience (BCR). The BCR domain consists of eleven control specifications:

  • Business Continuity Management Policy and Procedures
  • Risk Assessment and Impact Analysis
  • Business Continuity Strategy
  • Business Continuity Planning
  • Documentation
  • Business Continuity Exercises
  • Communication
  • Backup
  • Disaster Response Plan
  • Response Plan Exercise
  • Equipment Redundancy

These controls focus on safeguarding critical business processes, infrastructure, and services. They help minimize the impact of disruptions and ensure business continuity throughout disruptive events. Overall, BCR controls help cloud service providers (CSPs) and cloud service customers (CSCs) ensure uninterrupted delivery of cloud-based services.

Below, learn who is responsible for these controls and some best practices for their implementation.

The Shared Responsibility Model for BCR

The CCM and its associated implementation guidelines include guidance on which entities (CSP and/or CSC) are generally responsible for performing which control activities. Among the eleven BCR controls, there are seven controls that are generally shared independently. This means that the CSP and CSC have separate responsibilities for operating the controls. There are three that are shared dependently, in which the parties rely to some extent on one another for the operation of the control. There is one that the CSP is in full control of.

Keep in mind, the shared security responsibility model is just a rule of thumb. It indicates how the responsibilities are often shared between the CSP and CSC. The guidance is descriptive, not prescriptive. It helps in planning and establishing a reasonable baseline of expectations. The goal of working through the CCM with your CSP is to validate these expectations, making sure that all relevant responsibilities are defined and mutually agreed upon.

An example of a control responsibility that could be clarified this way are backups. Backups are commonly a shared dependent responsibility, and this is especially true for Software as a Service (SaaS) offerings. The CSC often relies on the SaaS provider for all backup services. However, while this is a common approach, some large SaaS providers do not provide full backup and restoration capabilities for their customer's data.

In such cases, the CSP may simply include full backup and restoration capabilities for its own equipment. They then provide the customer a basic API to leverage third-party services for backups of the customer's data. While such an approach is perfectly legitimate, the CSC may incorrectly assume that the CSP's backup processes cover the CSC’s backups too. The CCM controls and implementation guidelines can be used to ask the right questions to make sure that all these responsibilities are designated and mutually agreed upon.

BCR Risks and Best Practices

Service Outages

Outages are one of the top risks in BCR. The cause of an outage could be system failure, hardware or software malfunctions, cyber attacks, malicious activities like DDoS, attacks that overwhelm and encapsulate services, or natural disaster events such as earthquakes that physically damage the infrastructure. Outages can cause operational disruptions, interruptions in business operations leading to revenue loss, customer dissatisfaction, negative impacts on user experience and trust, and loss of critical data.

The best practices for mitigating service outages are:

  • Implement redundancy and use redundant systems and components to ensure continuous availability
  • Employ load balancers to distribute traffic across multiple servers
  • Develop, test, and update comprehensive disaster recovery plans regularly
  • Deploy automated failovers mechanisms to switch to backup system seamlessly
  • Use high availability architectures to minimize downtime
  • Implement strong security protocols, including firewalls and detection systems that regularly backup and patch systems to protect against vulnerabilities
  • Distribute data centers across multiple geographic locations
  • Use content delivery networks (CDNs) to enhance availability and performance
  • Employ continuous monitoring and alerting tools
Data Loss and Corruption

The next risk factor is software bugs, hardware failures, and cyber attacks that cause data loss or corruption. Malicious activities like ransomware, hacking, and data breaches can curb, steel, or delete data. This loss of critical data can result in halted business operations, legal fees/fines, reputational damage, and compliance issues.

Best practices for mitigating data loss and corruption include:

  • Perform regular backups of all critical data
  • Use automated backup solutions and ensure backups are stored in secure offsite locations
  • Encrypt data in transit and at rest
  • Use strong encryption standards and regularly update encryption keys
  • Implement random storage solutions, such as RAID, to ensure data availability even in case of harder failures
  • Implement data integrity checks and validation processes to detect incorrect data corruption early
  • Develop and regularly update a disaster recovery plan that includes recovery procedures
Vendor Lock-In

Another major risk is vendor lock-in. If you depend on a single cloud provider and the provider fails, this greatly hinders business continuity. The inability to quickly migrate to another provider can lead to downtime, potential data loss, and increased costs.

The best practices for mitigating vendor lock-ins are:

  • Use services from multi-cloud providers
  • Implement cross-cloud management tools to streamline operations across different platforms
  • Use open standards and technologies to ensure interoperability between different cloud providers
  • Conduct regular audits of cloud services to assess dependency levels and identify potential risks
  • Negotiate SLAs with CSPs that include uptime guarantees, response times, and penalties for non-compliance
  • Conduct regular risk assessments to identify potential threats and vulnerabilities
  • Use risk management frameworks to assess and prioritize risks
Gaps in the Backup Process

Unknown or unexpected gaps within backup processes cause risks as well. CSCs often find that the CSP-provided backup service is not sufficient to cover the CSC's needs.

Here are just a few of the things you should make sure a cloud backup strategy accounts for:

  • System failure
  • Accidental data deletion
  • Ransomware
  • Extortionware
  • Advanced persistent threats
  • Integrity monitoring
  • Access controls

Conclusion

The controls of the CCM’s BCR domain help CSPs and CSCs maintain resiliency and reliable cloud operations. They enable organizations to continue their business, even during disruptions.

We encourage you to download and review the Cloud Controls Matrix and CCM Implementation Guidelines. Explore these free resources and begin to strengthen and mature your organizational cloud security.

Read Entire Article