Most business IT environments are immature, analysis of data from Microsoft’s Cloud Security Readiness Tool has revealed.
Launched last October, the tool is an online survey of 27 questions drawn from that Cloud Security Alliance’s Cloud Controls Matrix, and is aimed at helping enterprises to assess their current IT environments and how they could benefit from best-practice cloud services.
The survey covers all the main cloud security control areas, including risk management, security architecture, operations management and resiliency, as well as information security.
The premise of the tool is that the better businesses understand their people, processes and technologies, the more they will be able to make informed comparisons and evaluate the benefits of cloud.
Analysis of almost 6,000 anonymised answers to the survey questions revealed that most organisations are relatively immature across all of the control areas represented in the tool.
“We expected many companies would benefit from cloud services, but because of the relative immaturity of existing IT environments, that was way higher than expected,” said Jeff Jones, director Trustworthy Computing.
Read more about cloud readiness
The data revealed that most organisations do not focus much effort on security areas such as operations management through capacity planning and information security through incident reporting.
Other areas of weakness included lack of prudent hiring practices in human resources, a lack of legal protection through non-disclosure agreements and a lack of effective equipment maintenance.
“It turns out that the areas that organisations focus on the least, tend to focus on the least tend to be handled effectively in cloud deployments,” said Jones.
“This means that although security factors must be considered when moving to the cloud, there are also benefits to be realised,” he said.
The only areas of strength revealed by the data were information security through the deployment of antivirus and antimalware software and datacentre security through controls on access to data.
The data also showed many companies are well-positioned to pinpoint, track and sequence security incidents through clock synchronisation of networked PCs.
“The self-assessment data from organisations around the world indicates that cloud computing has the potential for even greater security value and benefits than had been previously estimated,” said Jones.