Microsoft has released a Cloud Security Readiness Tool to help "organizations better understand and improve their current IT state, identify relevant industry regulations, and evaluate whether cloud adoption will meet their business needs," according to Adrienne Hall, general manager, Trustworthy Computing, Microsoft.
The Tool takes the form of a 27-item questionnaire that asks questions including "Which of these statements best describes ho your organiszation restricts access by role" and "Which of these statements best describes your disaster recovery plan?"
The answers to these questions are used to automatically generate a customised report for the organisation.
The report compares the organisation's current state with a suggested state, and also outlines the advantages of moving to cloud services, eg SaaS.
For instance, "Cloud providers typically conduct operations in high-security facilities protected by a range of mechanisms that control access to sensitive areas. Common security mechanisms include doors secured by biometric or ID badge readers, front desk personnel who are required to positively identify authorized employees and contractors, and policies that require escorts and guest badges for authorized visitors."
However, the tool makes some excessively broad assumptions, such as suggesting that PCI DSS v2.0 be considered without asking whether cardholder data is used. Other industry and control standards used, depending on responses, include HIPAA and ISO 27001.
"Microsoft’s Cloud Security Readiness Tool builds on these efforts, providing a tool and custom report which enables organisations to better understand their current IT state and more easily evaluate cloud services against critical areas and compliance with common industry standards."
The tool is avaiable here.