Cloud Security Alliance announces collaboration with HITRUST

CSA launches Cloud Controls Matrix Tool, incorporating HITRUST Common Security Framework

London, UK – April 27, 2010 (Infosecurity Europe Conference) and Frisco, TX – The Health Information Trust Alliance (HITRUST) and Cloud Security Alliance (CSA) today announced a joint collaboration focused on addressing cloud security initiatives related to improving the state of security and compliance in the healthcare industry. The two organizations will work together on cloud-based healthcare information security issues and with one another’s respective communities to develop and promote security best practices. As evidence of the value of this collaboration, CSA today announced the release of the Cloud Controls Matrix, a tool that maps security practices for the cloud with traditional security regulations and standards, such as PCI, HIPAA and ISO 27000. Part of the mapping is achieved by leveraging the HITRUST Common Security Framework (CSF), a comprehensive security framework that provides prescriptive guidance and best practices and incorporates the existing security requirements of healthcare organizations, including federal (e.g., HIPAA and HITECH), state, third party (e.g., PCI and COBIT), and governmental agencies (e.g., NIST, FTC and CMS). The Cloud Controls Matrix strengthens existing cloud information security by emphasizing business information security control requirements, normalizing cloud taxonomy, and encouraging consistent security measures. “By partnering with HITRUST, the CSA community will benefit from HITRUST guidance and resources that were developed in collaboration with healthcare, professional services and information technology organizations,” said Jim Reavis, Executive Director and Co-founder of the CSA. “Our organizations share the common goal of advancing the state of security through collaboration and education and believe that together we can make a real and lasting impact.” Through the partnership, HITRUST has agreed to lead CSA’s healthcare working group, which will further promote education and best practices for securing healthcare data in cloud environments. “Cisco is committed to supporting healthcare organizations with best practices and the necessary guidance and resources to support their information security needs,” said Frank Grant, Senior Director, U.S. Healthcare, Cisco Systems. “As a member of the HITRUST Executive Council and an active member of the CSA, we know firsthand the contributions that these organizations have already made and we are excited by the future output resulting from their combined knowledge and expertise.” “As an organization that is involved with both CSA and HITRUST, we welcome the collaboration between the two parties and are pleased to be involved in this first collaborative working group,” said Bryan Whorton, Director, Security Technical Sales, CA, Inc. “We look forward to playing a part in the development of a framework for authentication and automated provisioning of electronic health record systems.” “Trust is a foundational component for healthcare stakeholders securely exchanging health data,” said Jeff Barnett, Director of Healthcare Solutions, VeriSign. “VeriSign is committed to working with the healthcare industry to develop cost-effective, adoptable and scalable approaches to protect the privacy of health information and applications. We look forward to working with CSA and HITRUST to develop meaningful guidance to healthcare organizations that leverage a cloud-based approach to exchanging sensitive health information.” “Healthcare applications delivered in the cloud are increasingly becoming an integral part of a healthcare organization’s strategy,” said Daniel Nutkis, Chief Executive Officer, HITRUST. “This collaboration with CSA will have a significant impact on the healthcare industry as we work together to ensure greater protection of these systems. Our combined roles in the overall protection of health information are a great complement to initiatives already underway by both CSA and HITRUST.”

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, the Cloud Security Alliance Web site is www.cloudsecurityalliance.org.

About HITRUST

The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit HITRUSTalliance.net. All product and company names herein may be trademarks of their respective owners.

Media Contacts

Mary Hall HITRUST 972.330.4919 [email protected] Robert Nachbar ZAG Communications for the Cloud Security Alliance 206.427.0389 [email protected]