I think the announcement of this little gem got lost somewhat in the news around InfoSec Europe. The CloudSecurityAlliance released the Cloud Controls Matrix on the 27th April during the InfoSec Europe event in London/UK. As the press release states “The CSA Cloud Controls Matrix contains 98 controls, identified as being applicable to cloud providers, customers or both, and mapped against several well known standards and regulations, including ISO/IEC 27002, PCI/DSS and HIPAA.”
Similar to the Unified Compliance Framework the CCM is mapping key control areas like Compliance, Data Governance, Legal, Information Security, etc against common standards and regulations providing an overview to decision makers and implementers. This should be a good starting point for organisations considering a move into ‘the Cloud’ (let’s just pretend for a minute that there is such a thing as ‘the Cloud’) but are unsure about the scope of challenges. This release is just in time as questions about security, auditing and compliance seem to be on everyone’s mind as seen e.g. during the cloud panels at InfoSec Europe last week.
The CSA Cloud Controls Matrix is available here.