“The only category that received a relatively mature average was the organisation’s anti-virus and anti-malware protection”, said Jeff Jones, director, Microsoft Trustworthy Computing. “To be honest, I expected that more organisations would demonstrate maturity in more categories.”
Other areas of maturity detected from the results were “security architecture through clock synchronization of networked PCs and facility security through controlling user access to data.”
The 5,700 CSRT questionnaires completed between October 2012 and March 2013 were aggravated, scrubbed, anonymised and averaged to create high-level exposure to the ‘cloud readiness’ of its respondents.
CSRT responses indicate that there are five specific areas which are particularly immature for the average respondent:
- Human resources security through prudent hiring practices
- Operations management through effective capacity planning
- Information security through consistent incident reporting
- Legal protection through use of non-disclosure agreements (NDA)
- Operations management through effective equipment maintenance
“The areas that organisations focus on the least tend to be handled effectively in cloud deployments”, said Jones. “The self-assessment data from organisations around the world indicates that cloud computing has the potential for even greater security value and benefit than had been previously estimated.”
Perhaps unsurprisingly, non-for-profit organisations displayed a significantly lower maturity than the overall average result.
In order to successfully determine the challenges and benefits of adopting cloud services, customers need to understand where they are now, and where they’d be in the cloud, Jones advised. “We need to move towards the benefits of the cloud: scalability, agility, flexibility and IT infrastructure.”
The Cloud Security Readiness Tool is available free of charge at: http://technet.microsoft.com/en-us/security/jj554736 .