I was watching the Suze Orman Show on television the other night, and it occurred to me that her job is really all about helping people understand the risk associated with their decisions. For those who aren’t familiar with Suze Orman, she’s a personal finance expert who helps people evaluate whether they can afford something they want to buy. If their financial risk is low (i.e. they have enough money and other assets), she gives the purchase her stamp of approval. But if the risk is too high, the word, “DENIED,” flashes across the screen in big letters.
Watching her show, I was thinking, wouldn’t it be great if we could transform Suze Orman from personal finance expert into cloud computing guru who helps individual enterprises weigh the risk versus the opportunity of moving to the cloud. How would she describe the opportunities? And what advice would she give enterprises for mitigating the risks they face?
The opportunities presented by the cloud are many. Among them include:
But what about the risks? Many IT pros are concerned about the risk of compromising security, the privacy of their information, the reliability of their systems, and a lack of operational control.
Our approach has been to mitigate the risks of cloud computing so that enterprises can fully reap the opportunities. How? By placing the same high value on security in the cloud that we’ve developed through years of experience managing security risks in traditional computing environments.
Our philosophy is simple: If you want an effective security program, you need a culture that places a high value on security. The Microsoft leadership team has long been committed to making the proper investments to drive secure behavior. Trustworthy Computing – and its four pillars of privacy, security, reliability, and business practices – has been in place since 2002. It’s a core corporate value of Microsoft, and guides nearly everything we do.
So how does a culture that values security translate this into an approach enterprises can trust when it comes to the cloud? Microsoft takes a defense-in-depth approach to security in the cloud that includes robust security measures across all service layers, frequent internal and external evaluation of practices and capabilities, and the continual evaluation and incorporation of measures to comply with government and industry mandates as they evolve.
Here is an example of our approach: We have a team devoted to cloud security called the Online Services Security and Compliance (OSSC) team. Each year, OSSC conducts a comprehensive assessment of threats to the Microsoft cloud infrastructure, and calculates the severity of each potential risk. The assessment leads to additional reviews throughout the year, and guides the development of security controls and related activities. It’s a very proactive and comprehensive approach. And it’s just one example.
If you’ve watched the Suze Orman Show, I’m sure you’ve noticed she’s not one to take uncalculated risks. Yet if Suze were a cloud computing guru, I’m sure she’d give Microsoft’s approach her full stamp of approval. She might even make Microsoft technology a condition of moving to the cloud.
To learn more about our approach to cloud security, please watch a short video called “Security and the Cloud.” Also, please share how your organization is assessing the risk vs. the opportunity of cloud-based computing. We’re eager to hear from you!