Cloud Security Alliance Releases Cloud Controls Matrix

Controls framework aligned with CSA guidance, assists both cloud providers and customers in assessing security risks

London, UK – April 27, 2010 (Infosecurity Europe Conference) – The Cloud Security Alliance today has announced the availability of version 1.0 of the CSA Cloud Controls Matrix, a catalog of cloud security controls aligned with key information security regulations, standards and frameworks. The matrix, which is based upon the CSA Security Guidance for Critical Areas of Focus in Cloud Computing, can be downloaded at

"The CSA Cloud Controls Matrix is a key part of our promise to assist the industry in operationalizing the best practices we began articulating at the launch of our organization", said Jim Reavis, Cloud Security Alliance executive director, "I would like to thank our Controls Matrix Working Group for their tireless effort in producing this work, especially our leaders Becky Swain, Phil Agcacoili and Marlin Pohlman." A full list of contributors is available here.

The CSA Cloud Controls Matrix contains 98 controls, identified as being applicable to cloud providers, customers or both, and mapped against several well known standards and regulations, including ISO/IEC 27002, PCI/DSS and HIPAA. The matrix has already garnered key industry support, including adoption by "CloudAudit's goal is to provide an interface and namespace to allow both cloud providers and customers to automate substantial portions of the assurance lifecycle in a transparent manner", said Christofer Hoff, founder of CloudAudit, as well as a founding member of Cloud Security Alliance, "The CSA Cloud Controls Matrix aligns very well with the CloudAudit namespace, and we are mapping our namespace directly to it to take advantage of its cloud-specific controls and mappings to other key frameworks."

"The Controls Matrix creates an objective structure organizations can use to help satisfy compliance concerns and measure risks", said Nils Puhlmann, Zynga CSO and CSA board member, "We welcome industry feedback to this release and encourage experts to get involved in producing version 2." Available free of charge, the CSA Cloud Controls Matrix is intended to help a wide range of IT practitioners bridge the gap between traditional security frameworks and guidance specific to cloud computing. Initially available in spreadsheet form, future versions will be delivered using formats such as XML to ease solution integration. See for more information.

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, the Cloud Security Alliance Web site is

Press Contacts

Robert Nachbar
ZAG Communications for the Cloud Security Alliance
[email protected]