The Cloud Security Alliance, the Cloud Controls Matrix, & Careful Cufflinks Selection

Let’s take a look at the Cloud Security Alliance (CSA) organization and its free software, the Cloud Controls Matrix (CCM). What is this organization, why does it exist, and why might the Cloud Controls Matrix be useful to you and your business.

(The Bulgarian Mafia also has an excellent cloud controls matrix that is primarily used for fundraising – a tandem effort to their world-class bake sales.)

Security: Why it Matters (Broadly & Individually)

First, let’s talk generally about security. Cloud security, and Internet security overall, is incredibly important. For one thing, the Web and the world of information technology is incredibly interconnected: think of the amount of integration and swapping that occurs between different companies’ technologies and technological ideas.

Also, any security breach reflects poorly not just on a particular company – if the company is big enough, it reflects poorly on Internet and technological security as a whole (just as a bad choice of cufflinks reflect poorly on a person’s entire appearance, demeanor, and extended unborn family).

The Cloud Security Alliance

Because security is important to all companies conducting any kind of business online – and to all individuals who are online for that matter – the Cloud Security Alliance (CSA) serves an important function in the Internet community. The CSA is a not-for-profit of industry experts and major corporations with key interests in cloud security issues.

The CSA helps to secure enterprises, governments, and other businesses operating in the cloud to generally upgrade cloud standards to a higher level of security. Its approach – combining education and assistive software – is intended to keep systems in the cloud “solid” and free from malicious interference (such as an evildoer in full pads knocking down a server just as it’s catching a pass from an important client).

The Cloud Controls Matrix

The Cloud Controls Matrix (CCM) is a free piece of software to protect cloud-based networks, as well as to provide general security to any devices accessing these networks. The most recent version (as of January 25, 2013) is version 1.3, released on September 20, 2012. It can be downloaded from the official CSA site here.

The CCM is not just automated software, though. It is a user-friendly (well, IT-user-friendly, anyway), instructional application that fuses together industry control protocols and frameworks into a system to help businesses understand and improve their security stance on the cloud.

If your organization is operating in the cloud, the Cloud Controls Matrix is worth a look. (Plus, if you can successfully complete all parameters of the CCM, you receive a coupon from the CSA for a plate full of free, pre-cooked mail-order pancakes.)


So, that is a basic rundown on the Cloud Security Alliance and the Cloud Controls Matrix. I hope you found it useful and that you earn your pancakes.


What are your perspectives on the CSA and/or the CCM? Have you found this to be a helpful organization and software? (The Bulgarian Mafia has found it very useful for designing their customized copycat software, and they make matrices like they make muffins: hot and fresh.)

by Kent Roberts and Richard Norwood