Enabling trust in the cloud

More and more businesses are considering adopting cloud computing, drawn by the huge savings and benefits the cloud can provide. But are they truly ready, and able to take advantage of this opportunity?

It’s a question that’s been on my mind as I prepare to deliver my presentation on Enabling Trust in the Cloud at the Cloud Security Alliance (CSA) Congress 2013 in Orlando, Florida, on December 4.

It’s clear that cloud computing can deliver significant value to organizations. In a study, commissioned by Microsoft and conducted by comScore in June 2013, strong majorities of small and medium-sized businesses (SMBs) experienced security benefits (94%), increased privacy protection (62%), and improved service availability (75%) after adopting cloud services.

You may be thinking: yes, I’m definitely ready for those benefits. But, as you examine your options for building the cloud into your organization’s future, it’s important to assess your readiness to make the move. The Cloud Security Readiness Tool (CSRT), launched by Microsoft Trustworthy Computing in October 2012, is designed to do exactly that.

The CSRT can help organizations better understand and improve their current IT state. It also offers guidance on how a cloud service provider could help reduce, or mitigate risks, and how relevant industry regulations map to key concerns.

The CSRT is based on the CSA’s Cloud Controls Matrix (CCM). It asks participants to answer 27 questions and then generates a detailed report on the current state of the respondent’s IT organization, ranking their responses into one of four maturity states: 1) Getting Started, 2) Making Progress, 3) Almost There, or 4) Streamlined. From there, the CSRT will offer specific recommendations that could help raise the respondent’s IT readiness and describe some potential advantages of adopting a cloud service.

Data from the CSRT show that many organizations could do more to prepare their IT environment for a shift to the cloud. The chart below illustrates how the majority of respondents report generally immature IT states relative to cloud preparedness.


The CSA also uses the same CCM criteria to document the security controls provided by various cloud computing offerings. The results are published in its Security, Trust and Assurance Registry, which is a great resource for organizations looking to choose a cloud provider.

Microsoft has been an active participant in STAR and other CSA programs. You can read the STAR entries for Microsoft Dynamics CRM Online, Microsoft Office 365, and Microsoft Windows Azure on the CSA site.

About the Author
Adrienne Hall

General Manager, Issues & Crisis Management

Adrienne Hall is the General Manager for Issues & Crisis Management at Microsoft, overseeing communication regarding a wide range of topics. Hall works closely with colleagues to ensure accurate and timely information is delivered, providing the details for customers and Read more »