Connect with us

Hi, what are you looking for?


Cloud Security

Agiliance Puts Cloud Security Alliance GRC Stack into Action

Agiliance, Inc., a provider of Governance, Risk and Compliance (GRC) solutions, today announced its RiskVision Cloud Risk Management Services embed content and controls from the Cloud Security Alliance (CSA)

Agiliance, Inc., a provider of Governance, Risk and Compliance (GRC) solutions, today announced its RiskVision Cloud Risk Management Services embed content and controls from the Cloud Security Alliance (CSA) GRC Stack, a suite of enabling tools for GRC in the cloud.

Whether implementing private, public or hybrid clouds, the shift to compute-as-a-service presents new challenges across the spectrum of GRC requirements. The Cloud Security Alliance GRC Stack, announced on November 17th, provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.Cloud Risk Managem

By implementing the CSA GRC Stack into RiskVision and making it the foundation for Agiliance’s recently launched Cloud Risk Management service, Agiliance says it is the first GRC vendor to bring this combined set of best practices to the GRC community. The new CSA-enabled RiskVision allows Agiliance customers to monitor compliance in the cloud against specific frameworks and regulations such as PCI and HIPAA.

“Cloud computing has created great interest as a means of revolutionizing enterprise IT, but concerns over data protection, privacy and security impede progress,” said John Katsaros, principal at Internet Research Group. “Products that adapt tools to cloud infrastructure and integrate industry best practices, such as the CSA GRC Stack, help organizations create an accountable implementation of enterprise policy and security assessments within the cloud.”

The Cloud Security Alliance GRC Stack is an integrated suite of three CSA initiatives: CloudAudit, Cloud Controls Matrix and Consensus Assessments Initiative Questionnaire. Agiliance RiskVision now ships with the two components made ready for use by CSA:

Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry.

Consensus Assessments Initiative Questionnaire (CAIQ) performs research, creates tools and creates industry partnerships to enable cloud computing assessments. The CAIQ provides industry-accepted ways to document what security controls exist in IaaS, PaaS and SaaS offerings, providing security control transparency. The questionnaire (CAIQ) provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider.

“We are pleased that Agiliance has embraced our initiatives around Cloud Controls Matrix, and the Consensus Assessments Initiative Questionnaire,” said Jim Reavis, executive director of the Cloud Security Alliance. “Agiliance shows leadership by adopting our new industry recommendations so quickly and helps evangelize best practices for providing security assurance within cloud computing.”

Advertisement. Scroll to continue reading.

More information on RiskVision with the integrated CSA GRC Stack is available here

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...