An independent auditor report is a method that can be used by a cloud service provider (CSP) with a cloud customer that does not want to share security and control information. An independent auditor report is a document that provides assurance on the CSP's security and control environment, based on an audit conducted by a qualified third-party auditor. The audit can be based on various standards or frameworks, such as ISO
27001, SOC 2, CSA STAR, etc. The independent auditor report can provide the cloud customer with the necessary information to evaluate the CSP's security and control posture, without disclosing sensitive or proprietary details. The CSP can also use the independent auditor report to demonstrate compliance with relevant regulations or contractual obligations.
References:
* ISACA, Certificate of Cloud Auditing Knowledge (CCAK) Study Guide, 2021, p. 83-84.
* ISACA, Cloud Computing Audit Program, 2019, p. 6-7.

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) would be the best information security control framework to implement for a new company that has all its operations in the cloud. The CCM is a cybersecurity control framework for cloud computing that is aligned to the CSA best practices and is considered the de-facto standard for cloud security and privacy. The CCM covers 17 domains and 197 control objectives that address all key aspects of cloud technology, such as data security, identity and access management, encryption and key management, incident response, audit assurance, and compliance. The CCM also maps to other industry-accepted security standards, regulations, and frameworks, such as ISO 27001/27002/27017/27018, NIST SP 800-53, PCI DSS, COBIT, FedRAMP, etc., which can help the company to achieve multiple compliance goals with one framework. The CCM also provides guidance on the shared responsibility model between cloud service providers and cloud customers, and helps to define the organizational relevance of each control12.
Reference:
Cloud Controls Matrix (CCM) - CSA
Cloud Controls Matrix and CAIQ v4 | CSA - Cloud Security Alliance

A double blind penetration test is a type of pen test where the hacker has no prior knowledge of the target's defenses, assets, or channels, and the target's security team is not notified in advance of the scope of the audit and the test vectors. This mode simulates a real-world attack scenario, where both the attacker and the defender have to rely on their skills and resources to achieve their objectives. A double blind penetration test can help evaluate the effectiveness of the target's security posture, detection and response capabilities, and incident management procedures12.
Reference:
What is Penetration Testing | Step-By-Step Process & Methods | Imperva
7 Types of Penetration Testing: Guide to Pentest Methods & Types