Cloud Security Alliance Recommends the Cloud Security Readiness Tool
Offers Enterprises a Simple Way to Evaluate IT Potential and Learn how to Adopt Cloud Services
Seattle, WA – January 17, 2013 – The Cloud Security Alliance (CSA) recommends the Cloud Security Readiness Tool (CSRT), a free tool from Microsoft designed to help organizations review and understand their IT maturity level and their readiness to consider adopting or growing cloud services. The tool uses the Cloud Control Matrix (CCM) to consider data security, privacy, and reliability factors as well as key compliance and regulatory standards. The tool is a simple way to adopt Security, Trust, and Assurance Registry (STAR) and CCM principles.
The tool helps organizations evaluate their IT potential and learn how they can adopt cloud services to reduce the overall cost of their operation. Organizations that are considering cloud adoption are faced with common decision difficulties, most of which relates to a lack of understanding about cloud computing. Information from more than 800 organizations that have used the CSRT shows that only a few of them are well prepared for cloud adoption. For example, only 25 percent of organizations in the Banking and Financial sector have embraced a formalized security program. A CCM control validates whether an organization has an information security program. A tool like the CSRT helps organizations better understand the full potential of embracing the STAR and the CCM.
“Organizations are often at a loss when it comes to how to go about determining which cloud services may be of value and whether deploying cloud services are appropriate in their environment. We hope this tool becomes every organization’s first step into the cloud,” says John Howie, COO of the CSA.
The CSRT is an interactive, easy-to-use, 10-to-15 minute survey of 27 questions that draw out information about an organization’s industry and the maturity level of the organization’s current IT infrastructure. The tool uses this information to provide relevant guidance in a custom report that helps organizations better understand their IT capabilities and more easily evaluate cloud services against critical areas and compliance with common industry standards. The tool considers several security, privacy, and reliability topic areas, including security policies capabilities, personnel capabilities, physical security capabilities, privacy capabilities, asset and risk management capabilities, and reliability capabilities. “Organizations are in varying degrees of readiness relative to capitalizing on the benefits of Cloud Computing. Anything that can help speed up those internal evaluations is a bonus. Customers have told us that they’re easily understanding the state of their current IT environment relative to Cloud through using this Tool and are pleased we found a way to cut through the clutter.” says Adrienne Hall, general manager, Trustworthy Computing, Microsoft. In addition to helping organizations understand their own capabilities, the CSRT helps them understand some important considerations of seeking a cloud service provider.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations, and other key stakeholders, including Microsoft. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.