Evolutio's analysis methodology for the cloud security assessment has been based on the CCM (Cloud Control Matrix) international security controls, published by CSA (Cloud Security Alliance). The consultancy consists of a series of workshops with the aim of gathering information about controls and obtaining insights at compliance level. Next, a critical analysis is carried out based on CCM (Control Maturity Model scoring from 0-5 to achieve the maturity levels. Subsequently, a report will be generated that will collect the maturity in all the domains of the CCM framework, a set of recommendations by domain and a roadmap about the actions or tools that are recommended to be incorporated to improve the security posture in the AWS cloud.

The CCM v4.0 includes 17 cloud security domains. These domains are listed below:

· A&A: Audit & Assurance · AIS: Aplication & Interface Security · BCR: Business Continuity Mgmt & Op Resilience · CCC: Change Control & Configuration Management · CEK: Cryptography, Encryption & Key Management · DCS: Datacenter Security · DSP: Data Security & Privacy · GRC: Governance, Risk Management & Compliance · HRS: Human Resources Security · IAM: Identity & Access Management · IPY: Interoperability & Portability · IVS: Infrastructure & Virtualization Security · LOG: Logging & Monitoring · SEF: Sec. Incident Mgmt, E-Disc & Cloud Forensics · STA: Supply Chain Mgmt, Transparency & Accountability · TVM: Threat & Vulnerability Management · UEM: Universal EndPoint Management