The Cloud Security Alliance is a non-profit organization that promotes the use of best practices for providing secure cloud computing. Since 2010, the CSA has released four versions of a free Cloud Controls Matrix for public use. This matrix is designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall risk of the service provider. Several different domains are included, including COBIT, NIST, HIPAA, and others. In March 2013, version 1.4 was released. This version includes two new columns that cater to the SOC 2 engagement.
One benefit of this matrix is the ability for service organizations to see the controls they should have in place in order to prepare for various engagements. Many of the same controls are used for different engagements, essentially enabling the service organization to “kill two birds with one stone.”
The Cloud Controls Matrix can be downloaded for free here.
Newel Linford is the co-founder of Linford & Co., LLP, the Managing Partner, and specializes in SOC and royalty examinations. He started his career with Ernst & Young in 1997. He has lectured at Data Center World, Rocky Mountain Area Conference for Finance & Accounting Professionals, University of Denver, and University of Colorado Boulder. He works closely with his clients so that the examinations meet the public needs and are performed in accordance with professional guidance.