Click on the image at right to view my chat with Tim Rains.
“Bill Gates started Trustworthy Computing (TWC) about 11 years ago around the time of the Code Red attack. His belief was that technology would ultimately be like electricity with an emphasis on reliable and secure,” according to Rains. The team was placed inside Microsoft Research and generated the Microsoft Security Intelligence Report with more than 1,000 pages of security intelligence designed to educate people on threats. It also developed the Security Development Lifecycle (SDL), which is a tool at www.microsoft.com/sdl to help everyone reduce vulnerabilities.
“Everything we learned about security on the boxed products is now being brought to the cloud,” Rains added. He went on to give a big shout out to the cloud reliability findings in the “Bridging the Gap” study (now in its second year). These surprising findings are:
· Over 42% of SMBs expressed concerns about reliability before moving to the cloud.
· But after moving to the cloud, 75% of SMBs expressed improved service levels (reliability) and 61% said both the frequency and downtime decreased after moving to the cloud.
Back to the NSA kerfuffle. This worldwide study found, for example in Germany, that pre-cloud 57% saw privacy as a barrier. But once adopted, 63% saw cloud privacy as a benefit. And lemme tell you–having just hosted a German foreign exchange student, the Germans take privacy very seriously. That translates into extremely positive findings in this study.
Finally, Rains shared a cool tool with me. It’s the Cloud Security Readiness Tool (aka.ms/csrt) that can be used to conduct a security assessment and generate a report. It allows you to essentially complete an in-depth online survey (that I found more enterprise-oriented than SMB) and make an informed decision about your cloud security fitness. Think of it as a “MyFitnessPal” health check-up for cloudies!
Rains said the tool is really meant to answer the following: “How do they (companies) know that moving to the cloud is more secure than on-premises?
The cool tool also delves into the compliance area that is beyond the scope of this blog but it is useful for companies that have compliance regulations. For example – there’s some HIPPA action.