RSA Europe: Risks and Rewards in Cloud Adoption

I just got off the stage at RSA Europe in London where I delivered a keynote during which I announced the release of our bi-annual Security Intelligence Report (SIRv13) and a new free Cloud Security Readiness Tool. If you’ve ever been to an  RSA event you’ll know that the audience comprises security professionals from a range of organizations, including government agencies and some of the world’s largest companies.

Faced with an audience of around 1,000 IT security pros I kicked off with a story about a recent holiday – not the traditional start to an RSA talk. I explained how, in a restaurant in the middle of a tiny town on a remote island off the coast of Croatia I heard a local news report that mentioned the Gauss malware several times.

The point of my story was that cyber threats are increasingly an everyday fact of life for the world’s consumers. For us as security professionals, information and intelligence  will continue to be critical to managing the potential impact of cyber threats. This is why we at the Trustworthy Computing Group work hard to produce the Microsoft Security Intelligence Report (SIR), the 13th volume of which, also known as SIRv13, was released during my keynote today.

It provides insights into the current threat landscape with detailed analysis of threat trends and mitigations to cope with them, both globally and in detail across 105 regions. You can download SIRv13 at

While many of the delegates at RSA Europe are seasoned security professionals, a good many of them work for small-to-medium sized companies, or for divisions of larger companies that are considering a transition to the cloud.

I know from many conversations with such customers that there’s a lot of information to wade through. To take a closer look at customers’ experiences, we commissioned a multi-country, independent study that looked at cloud adoption barriers for small to mid-size businesses (SMBs). We spoke to a group of companies that use the cloud and a group of companies that do not. You can see the research in more detail in an earlier blog. The bottom line is that when it comes to managing security, cloud users enjoy significant time and cost savings, as well as improved security.

So the natural question from there is: “if the cloud has clear security benefits, what is holding other companies back?” So, as part of our research, we asked them.

The answer comes as no real surprise. Many of the companies that want to transition to the cloud would like simple, well-organized information which boils down to help answer: a) where are we – in terms of our current IT state? And, b) where will we be – if we adopt a particular cloud service? In understanding these areas organizations are in a better place to evaluate cloud adoption.

To help with this I announced as part of my RSA Europe keynote a new, free Cloud Security Readiness Tool ( which organizations can use to understand their systems, processes, policies and practices and improve their current IT state, learn relevant industry regulations, and receive guidance on evaluating cloud adoption.

The tool builds on the Cloud Security Alliance’s Cloud Controls Matrix, so I spoke with Jim Reavis, executive director of the Cloud Security Alliance, who shared his thoughts on it:

“Organizations want to have a good understanding of how cloud adoption compares to their existing policies, procedures and compliance, and that can be a complex task. In the Cloud Security Alliance, industry leaders have collaborated to develop best practice security guidance and encourage vendor transparency.  Microsoft’s Cloud Security Readiness Tool builds on these efforts, providing a tool and custom report enabling organizations to better understand their IT state and more easily evaluate cloud services against critical areas and compliance with common industry standards.”

Once again, RSA Europe is proving to be a great event. It’s the third time I’ve keynoted and I always relish the opportunity to meet with fellow security professionals. I hope you get the chance to review the findings in SIRv13, and if transitioning to the cloud is something you’re working on I’d recommend taking a look at the Cloud Security Readiness Tool as well.

About the Author
Adrienne Hall

General Manager, Issues & Crisis Management

Adrienne Hall is the General Manager for Issues & Crisis Management at Microsoft, overseeing communication regarding a wide range of topics. Hall works closely with colleagues to ensure accurate and timely information is delivered, providing the details for customers and Read more »