Top 5 Stories


RSA Europe 2012: Microsoft offers free cloud security assessment

10 October 2012

In response to a recent independent study on cloud computing commissioned by Microsoft, the company took the wraps off a free online tool that helps organizations determine their security readiness to adopt cloud services

 The new online evaluator, called the Cloud Security Readiness Tool, was unveiled by Adrienne Hall, general manager of Microsoft’s Trustworthy Computing Group, during a keynote address at this week’s RSA Europe Conference in London.

This past spring, Microsoft commissioned an independent survey by ComScore to examine the perceived barriers to cloud adoption. The study found that 54% of small to medium-sized businesses surveyed in the US, India, Singapore, Malaysia, and Hong Kong felt their security posture had improved as a result of cloud adoption, with 57% citing the added benefit of time savings that allowed them more time to focus on core business activities, above and beyond the expected cost savings of cloud migration.

Conversely, 44% of those surveyed said security concerns were a barrier to cloud adoption. “They basically had a visceral concern” about security Hall told Infosecurity, especially when it comes to “relinquishing control” over their data and processes. The same survey found that 61% of respondents would be more confident in cloud adoption if their provider demonstrated a level of compliance with industry standards, such as ISO, PCI, etc. In addition, 59% of those who cited security as a concern said they would be more likely to adopt cloud offerings if their provider offered an adequate level of transparency into their security and compliance efforts.

For companies that have adopted cloud service offerings, Hall says that – anecdotally – customers have told her they have realized several security benefits. Among these are server updates now being performed by the cloud provider, and the additional features that come with various cloud packages, including spam blocking.

In response to these trends, Microsoft’s Cloud Security Readiness Tool assesses an organization’s current IT landscape for security processes, it’s propensity to make a move toward a cloud offering and which portions of a business might be most ready to make the migration.

The new online tool draws from many of the assessment questions that can be found in the Cloud Security Alliance’s (CSA) Cloud Control Matrix scheme. After answering a series of 27 questions, IT security managers and those in related positions can then generate a cloud readiness status report. As Hall outlined, each report provides an overview of an organization’s current state of security, recommendations, and what the advantages would be for moving to the cloud within a particular area of security policy. The assessment, she added, can be done for an entire organization, or can be performed to assess cloud security readiness for a particular subset within an enterprise.

Hall showed Infosecurity a sample 62-page report, which she and a member of her team took about 25 minutes to complete and generate. “It’s all free, and [platform] agnostic”, she told us. The aim in offering the assessment at no cost, Hall insisted, is to demonstrate Microsoft’s dedication to improving security, privacy, and trust across the entire computing ecosystem.

“We want to reduce the barriers, and we would like people to feel confident in adopting the cloud”, Hall told Infosecurity. “We want to be seen as a company that cares about the state of security broadly.”

This article is featured in:
Cloud Computing  •  Compliance and Policy  •  Industry News  •  Security Training and Education


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×