Video: Use CCM and Caiq to assess cloud provider offerings

Have a look at this video to understand how the Cloud Controls Matrix (CCM) and the Consensus Assessment Initiative Questionnaire (CAIQ) can help in secure cloud adoption.

The “Old Skool” approach for provider evaluation is that every company creates their own long list of questions in their request for proposal (RFP). Each cloud provider will then get hundreds of lists of questions, all different.

This is not an efficient process.

The CCM was developed by the Cloud Security Alliance (CSA) to act as a cloud specific set of controls. The CAIQ is a set of questions that is based on the CCM, and can be used as the core of a standard set of questions.

Cloud consumers don’t need to reinvent the wheel in thinking up these questions. At the same time, cloud providers then need to answer most of these questions only once.

In fact they can then record their standard answer in the CSA’s “Security, Trust & Assurance Registry” (STAR), which optimizes the process even further.

Watch the video for a brief explanation of this.

Tell me more about CCSK v4

Enter your name and email to get my regular cloud computing tips, more information on CCSK and how to attain it, starting with a one-pager.

By registering here you consent to receiving regular emails from me (Peter van Eijk) with updates, tips and ideas on Cloud Computing along with the occasional promotion for my products and services, until you unsubscribe. Click below for my detailed privacy policy.

dit veld niet invullen s.v.p.

CCSK online training

I deliver the CCSK online training in three different packages. Find the one that best matches your learning objectives and background. Not ready for the full training yet? Go to the bottom of this page (link) to get some free resources.


Gabe Camacho

Very grateful.  Thank you!

Didier Raelet

I have appreciated very well most topics and particulary the Security Risk & compliance topics. Comparison on IT process on premise with those in the Cloud is quite good. But, it could be done deeper.

Vincent Yesue

This class is great. Good balance between you talking, and us chatting. You keep control of the syllabus and the schedule, and we provide some information on what the facts mean to us and how we understand them in our context. Brilliant stuff.


Very professional domain, but very clear explained! Thanks


Most useful: Technical context, risk knowledge and exam approach

Ali Isikli

Experienced trainer. Reflects his experience well within the context

Ken Tola

Peter is incredibly knowledgeable and takes the time to answer questions and actually work with his students. The course is also an amazing way to learn how AWS actually works and, by the end of the labs, you feel ready to manage your own cloud! The materials are easy to understand and yet technical enough to get real-life security implemented. This was a great course and far beyond most of the accreditation courses I have completed.

Carlo Tyrberg

I attended Peter’s CCSK-training and found it very useful, because 1) the sessions gave me more insight on several other aspects of cloud computing than only security, 2) it “inspired” (/forced) me to study the CSA guide/ENISA more thorughly and not least 3) I manage to pass the exam 🙂

Frank Cerney

I had very little to no experience wit the CLOUD, so this training was incredibly valuable to me. My new professional responsibilities are becoming more and more cloud centric. I have a greatly improved level of confidence because I know I have a solid educational foundation that the training and exam preparation has provided for me. I cannot recommend it highly enough!