Microsoft Faults IT Security Practices in 'Cloud Computing' Report

Microsoft this week published an assessment of organizational IT security, based on its own survey tool.

The report, "Trends in Cloud Computing" (PDF), used information polled globally through a new Microsoft survey instrument called the "Cloud Security Readiness Tool" (CSRT). Microsoft claims that its CSRT tool is based on the Cloud Security Alliance's Cloud Controls Matrix, and that organizations can use it to check their existing IT capabilities vs. cloud services capabilities.

Microsoft analyzed 5,700 responses to 27 questions using CSRT data gathered between October 2012 and March 2013. The answers were weighted as either positive or negative to determine IT security "maturity" levels.

The survey results were pretty abysmal, showing an overall lack of security maturity within organizations. However, many of the questions were about procedures or HR policies, rather than direct safeguards. Organizational maturity in handling security issues was only found in just one area – that is, in deploying antivirus or antimalware software. The remaining 26 questions elicited responses indicating an overall lack of organizational maturity on security matters among the respondents.

Lack of maturity was reported in terms of asset management (65 percent) and risk management (70 percent). Even patching seemed to be a disaster area, as described by the report:

  • "68 percent of organizations do not attempt to ensure that patches are configured and installed automatically
  • "64 percent of organizations do not run a centrally managed and scheduled antivirus program
  • "66 percent of organizations do not make use of a stateful firewall"

Numbers like those seem hard to believe, but Microsoft may have lumped together organizations of various sizes and expertise in the survey results.

Microsoft found the greatest organizational maturity among enterprise organizations, which was defined as having more than 500 PCs. The majority (66 percent) of enterprises had maturity in their antimalware efforts, with just 49 percent having maturity in their vulnerability and patch management capabilities.

As for small and medium-size businesses (25 to 500 PCs), the report states that they are "maturing from a very basic state and have not automated their security capabilities entirely."

Microsoft's "Trends in Cloud Computing" report is actually misnamed, because it's not clear that the respondents used cloud technologies or not. It seems to describe traditional IT practices more than cloud computing trends. However, Microsoft seems to be using the report to promote cloud technologies as an alternative to traditional IT approaches.

For instance, the report repeatedly points out that because IT departments aren't handling their own internal security matters well at all, per the survey results, they could solve a lot of these problems by using a cloud resource instead. So, readers can expect to find a big chunk of marketing, along with dispassionate analysis, in this report.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.