A big part of my job at Microsoft is talking to CISOs, CSOs, as well as VPs and directors about the security of their organization’s assets, including intellectual property and confidential data. Recently I had the opportunity to talk to a group of them about cloud computing.
There were a number of similarities between the concerns they raised and some of the findings I see reported in various industry surveys, such as Ernst & Young’s 14th annual Global Information Security Survey.
For example, in the report from Ernst & Young it states “61% [of survey respondents] are currently using, evaluating or planning to use cloud computing-based services within the next year.” I can believe that because all the people I talked to recently have either migrated some applications to the cloud or were evaluating doing so in the near term.
The report also finds, “48% of respondents listed the implementation of cloud computing as a difficult or very difficult challenge, and just over half have not implemented any controls to mitigate the risks associated with cloud computing… almost 90% believe that external certification would increase their trust in cloud computing.” Again, no argument from me based on the conversations I’ve had with security executives who share the same set of concerns around protecting their corporate data in the cloud.
One source of information that many of the people I have talked to have found helpful is the Microsoft Online Services Trust Center. The Trust Center offers some straight talk and tools to help you understand how Microsoft is approaching security, privacy and compliance for many of the cloud services we offer.
I hope you find these resources as useful as some of the people I have been talking to recently. I plan to highlight other such resources on this blog in the future.