Microsoft has made public a recently conducted survey on IT practices adopted by organizations willing to shift into the cloud infrastructure.
The report titled “Trends in Cloud Computing” has been compiled by Microsoft using the information surveyed worldwide on personnel using Cloud Security Readiness Tool (CSRT) since the past six months. The CSRT is a tool developed by Microsoft and was released in late 2012. It is used to assess IT system’s processes and productivity of organizations to help them adopt the cloud technology, and is based on Security Alliance (CSA) and Cloud Controls Matrix (CCM).
According to Microsoft, as the cloud technology emerges and becomes more mature, it is likely to influence businesses worldwide to shift into the cloud infrastructure; however, a number of security concerns were voiced by organizations considering switching to cloud computing. To assist businesses in moving into the cloud with minimal IT costs, greater efficiency and flexibility, Microsoft has developed the CSRT tool which can be used by firms to evaluate their IT capabilities against cloud capabilities.
For the survey, Microsoft asked 27 questions from 5700 respondents, based on CSRT data collected between October 2012 and March 2013. The questions dealt with information related to organization’s industry and the maturity level of its existing IT infrastructure. They were mainly focused on control areas in CSA CCM, which were then used to formulate a guidance report that helps businesses, understand their existing IT capabilities and evaluate cloud services critically. The areas it covered include: security strategy capabilities, worker capabilities, material security capabilities, privacy capabilities, asset and risk management capabilities, and reliability capabilities.
The maturity level of IT security is determined using answers evaluated as positive or negative. As per the survey results, the areas which showed the highest maturity level have been using antivirus/antimalware software, security architecture and user access by role, and the ones with the least maturity are human resource security, resource planning, information security, legal agreements and equipment maintenance. For the identified weak areas, firms can consider cloud technology as an alternative which may help them in cutting the weaknesses and give fruitful results.
The organizational lack of maturity was accounted as 65 per cent asset management, while 70 per cent risk management. As mentioned in the report, almost 68 per cent organizations don’t even bother to ensure if the patches are properly configured and automatically installed. Nearly 64 per cent organizations don’t have centralized managed and scheduled antivirus software, where as about 66 per cent of them don’t have a powerful enough firewall.
According to Microsoft, the survey results have shown highest organizational maturity in enterprises operating over 500 personal computers. Almost 66 per cent were found mature in making antimalware efforts, while 49 per cent were found mature in handling vulnerabilities and patch management capabilities. The report also revealed that small and medium sized businesses having 25 to 500 PCs have not yet completely automated their business security and are still progressing from the elementary state.
Though the survey report isn’t directly linked with the cloud, and has discussed about organization’s IT security and infrastructure, the results may prove useful for businesses to become aware of their structural weaknesses in IT security as well as make a comparison between the capabilities they hold and the services and solutions a cloud can offer.