The new online evaluator, called the Cloud Security Readiness Tool, was unveiled by Adrienne Hall, general manager of Microsoft’s Trustworthy Computing Group, during a keynote address at this week’s RSA Europe Conference in London.
This past spring, Microsoft commissioned an independent survey by ComScore to examine the perceived barriers to cloud adoption. The study found that 54% of small to medium-sized businesses surveyed in the US, India, Singapore, Malaysia, and Hong Kong felt their security posture had improved as a result of cloud adoption, with 57% citing the added benefit of time savings that allowed them more time to focus on core business activities, above and beyond the expected cost savings of cloud migration.
Conversely, 44% of those surveyed said security concerns were a barrier to cloud adoption. “They basically had a visceral concern” about security Hall told Infosecurity, especially when it comes to “relinquishing control” over their data and processes. The same survey found that 61% of respondents would be more confident in cloud adoption if their provider demonstrated a level of compliance with industry standards, such as ISO, PCI, etc. In addition, 59% of those who cited security as a concern said they would be more likely to adopt cloud offerings if their provider offered an adequate level of transparency into their security and compliance efforts.
For companies that have adopted cloud service offerings, Hall says that – anecdotally – customers have told her they have realized several security benefits. Among these are server updates now being performed by the cloud provider, and the additional features that come with various cloud packages, including spam blocking.
In response to these trends, Microsoft’s Cloud Security Readiness Tool assesses an organization’s current IT landscape for security processes, it’s propensity to make a move toward a cloud offering and which portions of a business might be most ready to make the migration.
The new online tool draws from many of the assessment questions that can be found in the Cloud Security Alliance’s (CSA) Cloud Control Matrix scheme. After answering a series of 27 questions, IT security managers and those in related positions can then generate a cloud readiness status report. As Hall outlined, each report provides an overview of an organization’s current state of security, recommendations, and what the advantages would be for moving to the cloud within a particular area of security policy. The assessment, she added, can be done for an entire organization, or can be performed to assess cloud security readiness for a particular subset within an enterprise.
Hall showed Infosecurity a sample 62-page report, which she and a member of her team took about 25 minutes to complete and generate. “It’s all free, and [platform] agnostic”, she told us. The aim in offering the assessment at no cost, Hall insisted, is to demonstrate Microsoft’s dedication to improving security, privacy, and trust across the entire computing ecosystem.
“We want to reduce the barriers, and we would like people to feel confident in adopting the cloud”, Hall told Infosecurity. “We want to be seen as a company that cares about the state of security broadly.”