Cloud Security Best Practices and Recommended Resources

As cloud computing begins to mature, organizations are looking at ways to understand the opportunities and assess their own current IT environment with regard to security, privacy and reliability practices, policies and compliance.  To help organizations make informed security decisions and evaluate IT readiness for moving assets to the cloud, I recommend two resources:

First, the Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing guidance provides enterprises with a set of best security practices based on 14 domains involved in governing or operating the cloud. The domains align with industry standards and best practices and are written to emphasize security, stability and privacy.

The CSA recommends that organizations adopt a risk-based approach to moving to the cloud and selecting security options. Their approach can help IT leaders make more informed security decisions and help reduce risk when adopting the cloud.

Last fall I announced Microsoft’s new free Cloud Security Readiness Tool, which builds on CSA’s Cloud Controls Matrix (CCM). The tool provides organizations with a solid baseline into their current security, privacy and reliability practices, understand relevant regulations, and determine their readiness for cloud adoption. The tool offers a short survey and custom report to better understand systems, processes, policies and practices and evaluate how to improve your current IT state. Technical business leaders can evaluate cloud services against critical areas and compliance within common industry standards. I spoke with Jim Reavis at the Cloud Security Alliance about cloud security best practices and he shared:

“Organizations want to have a good understanding of how cloud adoption compares to their existing policies, procedures and compliance, and that can be a complex task. In the Cloud Security Alliance, industry leaders have collaborated to develop best practice security guidance and encourage vendor transparency,” says Jim Reavis, executive director of the Cloud Security Alliance. “Microsoft’s Cloud Security Readiness Tool builds on these efforts, providing a tool and custom report enabling organizations to better understand their IT state and more easily evaluate cloud services against critical areas and compliance with common industry standards.”

Microsoft has more than two decades experience building and investing in sound security practices and policies that combine learnings in different geographies and industry verticals. Our company manages a cloud-based infrastructure supporting more than 200 services, 1 billion customers, and 20 million businesses in more than 76 markets worldwide. We understand what it takes to build and deliver highly-reliable cloud platforms, solutions, and services that are secure and private. To learn more about our practices, I recommend our Trustworthy Computing cloud site; Office 365 trust center security page and watch the security video; and visit the Windows Azure trust center security page.



About the Author
Adrienne Hall

General Manager, Issues & Crisis Management

Adrienne Hall is the General Manager for Issues & Crisis Management at Microsoft, overseeing communication regarding a wide range of topics. Hall works closely with colleagues to ensure accurate and timely information is delivered, providing the details for customers and Read more »