Posted by Adrienne Hall, general manager, Trustworthy ComputingYesterday I shared some details of a study with U.S. and U.K. small and midsize businesses (SMB) about differences between perception and reality when it comes to security, privacy and reliability in the cloud. We asked SMBs that use an on-premise set up about their perceptions of the cloud and compared their responses to those SMBs using a cloud service.Today I’m pleased to share the study findings for SMBs in France. As with businesses in the U.S. and the U.K., similarly sized companies in France also had views prior to adopting a cloud solution that differed from their cloud using counterparts. Not surprising – I’ve yet to meet a person without a pre-set view on something – and I’m not absent, as well, on this front.
Posted by Adrienne Hall, general manager, Trustworthy ComputingI have some pre-conceived notions. Based on my own travel experiences over the years, I’ve had the view that Seattle’s June weather is consistently colder than London’s. Not so according to a side by side comparison on weather.com, which shows Seattle at an average 1 degree F higher than London over a twelve-month timeframe. This isn’t a big difference, but tells me that my own less scientific point of view was off-base. To the extent that perception does equal reality when there isn’t evidence to the contrary, new information is always valuable. Earlier I shared results of a study with small to midsized businesses (SMB) about the difference between perception and reality when it comes to the security, privacy and reliability of the cloud. In that post, I reported that U.S. SMBs using the cloud appear to be realizing benefits their counterparts still using an on-premise set up, are not.
I’m now here in London to release the small to mid-sized business Cloud Trust Study results for the U.K. SMB cloud users in the U.K. are realizing similar benefits. Fewer internal IT resources needed (58%) and time saved managing IT (49%) were considered the biggest benefits of cloud services. Also, 94% of U.K. SMBs have experienced security benefits in the cloud they didn’t have with their on-premises service, such as up-to-date systems, up-to-date antivirus protection and spam email management.
Posted by Adrienne Hall, general manager, Trustworthy Computing
This week I’m in Europe to share the results of a blind study that we commissioned with comScore to get a pulse on what small to mid-sized businesses (SMB) think about these topics in relation to cloud computing.
The study divided SMB respondents in France, Germany, the U.K. and the U.S. into two categories. The first category were businesses that have “on-premise” computing solutions, and we asked them what they thought of the cloud in terms of security, privacy and reliability. The second group were businesses that have adopted a cloud service, and we asked them the same questions. comScore didn’t ask participants using the cloud for information about the service offering or the service provider so that we could learn about cloud experiences generally and avoid focusing on any specific vendor’s offering or capability; including our own. This also allowed us to look for topical trends, independent of similarities or differences between vendor offerings.
Over the past five years we’ve seen many organizations benefit from their investments in cloud services. A number of factors continue to stimulate this momentum, including cost benefits, the ability to alter capacity quickly, and time back to focus on other areas of their businesses.
These return on investment categories are very important. However, there is one topic –security in the cloud – that is often regarded by some as a barrier to adoption. People also question the privacy and reliability of cloud services. Despite this, there are plenty of reports and studies that offer compelling information about the cloud delivering a trusted and dependable state for businesses – one that is positively contributing to their business success.
With the various cloud pros and cons floating around, we set out to cut through the clutter – to help companies in the evaluation and decision-making stages. Microsoft Trustworthy Computing recently commissioned a cloud trust study conducted by independent company comScore Inc. that focused on small and midsize businesses (SMBs) in the U.S, U.K., France and Germany. The study surveyed cloud users and non-cloud users and it was conducted blind — respondents were not aware of Microsoft Corp.’s connection with the research. Respondents were not qualified in terms of the cloud vendor, products or services they use.
The study had two goals:o To better understand the cloud’s benefits relating to improved security, privacy and enhanced service reliability; better time management; and cost savingso To better understand perceptions about security, privacy and reliability that act as barriers to cloud adoption
For the purpose of the research, we defined cloud users as companies using a subscription model service. For example: data storage, email or calendar and customer relationship management services.
We found some startling contradictions between the views of people that have adopted a cloud service and those that have not. As it turns out, security – in addition to some other benefits – is delivering a silver lining.
Businesses considering the move of one or more applications to a cloud service, the purchase of a cloud service for their organization, or the development of a service on a cloud platform solution, often want answers to a lot of questions. Many of them boil down to whether they can trust the cloud and their cloud vendor to protect their data, to keep their and their customers’ information private and to deliver a dependable service.
Recently we commissioned a study of companies with 499 PCs or less in France, Germany, the U.K. and the U.S. which looked at the security, reliability and privacy perceptions and realities of cloud services. We spoke to equal numbers of companies that both use the cloud and do not use the cloud. There was no mention of Microsoft being behind the research and no company, product or service names were discussed.
The results were very interesting! Companies that do not use the cloud have some serious concerns when it comes to security, privacy and reliability. In itself that’s perhaps not too surprising – plenty has been written about these “barriers” to adoption. What’s surprising is that the perceptions holding back companies from the cloud are in stark contrast to the realities (and benefits) experienced by similar companies that use cloud services.
We’ll be releasing the study throughout next week. In the meantime we filmed a short video preview. You can also check out the Microsoft News Center security news room, which is where we’ll be posting details once the study is live. You’ll also find details of a similar study we conducted a year ago with companies in Hong Kong, India, Malaysia, Singapore and the U.S.
Posted by Jacqueline Beauchere, Chief Online Safety Officer, Microsoft
“You can’t cook unless you’re in the kitchen; you can’t swim unless you’re in the pool, and you can’t teach kids about digital citizenship without having a conversation with them about online safety.” These are the words of Anne Collier, co-founder of Connectsafely.org, shared last week with school administrators, educators, parents, safety advocates, and industry leaders at the Digital Citizenship Summit held at Microsoft’s Mountain View, California campus.
The goal of the Summit was to galvanize key stakeholders and stimulate proactive conversations about how we must all come together to help teach responsible and appropriate use of technology, what Microsoft and others call fostering digital citizenship.
Many schools do not teach or have access to a comprehensive, in-classroom online safety curriculum, even though experts and many Internet safety organizations identify education as an effective means of helping to protect children from online risks. Microsoft believes online safety curricula should be an integral part of a school’s efforts to achieve technological literacy for its students, particularly as more students use mobile devices, including at school. Indeed, data show 52 percent of youth ages eight to 12, and 77 percent between 12 and 17, own mobile phones.
Posted by Adrienne Hall, general manager, Trustworthy Computing Today there is an unprecedented amount of information, often referred to as Big Data, being collected in our society. Using big data strategically can create value for businesses by making information transparent and usable at a much higher frequency; and moving to the cloud can lead to significant security advantages over the existing distributed systems model.
For organizations, big data may involve higher level services in apps that may lead to saving time, cost and resources. Companies are using information to help solve important social and economic problems and make sense of data that can lead to new business insights and decisions. In Scott Charney's Trustworthy Computing Next whitepaper, he profiles big data and cloud security trends over the next decade.
Posted by David Bills, chief reliability strategist, Trustworthy ComputingI’ve written before on the complexity of the cloud, including the notion that things will go wrong and the importance of planning ahead to minimize impact to customers when things do go wrong. Today Microsoft released a new whitepaper titled, “Resilience by design for cloud services”, which provides a methodology for resilience modeling, along with detailed guidance and example templates for cloud services teams to use. The goal is to make implementation easy and consistent.The paper describes resilience modeling and analysis (RMA), which is based on an industry-standard technique called failure mode and effects analysis (FMEA), but we’ve adapted it to more effectively prioritize work in the areas of detection, mitigation and recovery from failures – all of which are significant factors in reducing time to recover (TTR) for cloud services.There are four key phases of the RMA process:1. Pre-work. This is one of the most critical phases of the process and it’s important to remember that the quality of the artifacts produced during this phase will have a significant influence on the final output. This phase covers two separate activities. First, the team develops a complete logical diagram, (or schematic), for their service which depicts every component, data source and data flow visually. Second, the team uses the logical diagram to identify all of the components susceptible to failure, (a.k.a. failure points). The team makes sure they understand the interactions, or connections, between these components and how each component in the ecosystem works.2. Discover. In this step the team identifies all potential failure modes for each component including the underlying service infrastructure elements and the various dependencies between those elements. The goal is to capture where the system can fail, (points), and how it can fail, (modes). We help guide this conversation with a pre-populated failure category checklist.3. Rate. In this phase, the team analyzes and records the effects that could result from each of the failures identified during the Discover phase. The RMA workbook contains a series of drop-down selections which help determine the effect and likelihood of a particular failure. These columns include the effect of the failure; the portion of users affected by the failure; the time it takes to detect the failure; the time it takes to recover from the failure and the likelihood of the failure occurring. This phase produces a list of calculated risk values for every failure type, and allows the team to prioritize their engineering investments based on those risk values.4. Act. The final phase is to take action on the items captured in the RMA worksheet and make the necessary investments to improve the reliability of the service. The ranking of failures captured during the Rate phase will allow teams to target their efforts toward the improvements which will have the biggest impact.If you are designing and deploying cloud services at scale, I encourage you to download this paper to read more about resilience modeling and analysis (RMA) and consider how implementing this process may help to improve the reliability of your online services.
Posted by Kim Sanchez, director, TwC Online Safety Communications, Microsoft
From loud talkers, to people who answer their cell phone while you’re in mid-sentence, there are a number of mobile phone pet peeves that are getting under people’s skin. Microsoft’s Safer Online Facebook poll asked our social media fans; What do they find most annoying about the way people use their mobile phone? Have their ever…and, who is safer? Here’s what they told us;
Their “Top Five” most selected pet peeves include:• Constant phone checking (44 percent of the respondents included this in their top five)• Loud talkers (41 percent)• Using or not silencing the phone when appropriate, for instance in social settings (40 percent)• Using the phone during face-to-face conversations (39 percent)• Delaying traffic (35 percent)
Have they ever…oh yes they did! Respondents shared with us, a number of entertaining stories; like pocket dialing while singing along to the radio. This may be simply irritating to some, but it’s a great example of how you may be doing more than just annoying your social circles, or becoming a social outcast. In fact, you could be putting your personal information at risk.
Our Microsoft Safer Online poll found that: • Nearly half of respondents (47percent) said they have lost their mobile phone,• Exactly half (50 percent) said they have pocket dialed someone, and• More than half (58 percent) have shared their location
By Adrienne Hall, general manager, Trustworthy ComputingMany organizations considering cloud adoption can benefit from timely trends research and simple, well-organized information about their current IT state to better assess the benefits of adopting a particular cloud service.
Today Microsoft released the new Trends in cloud computing report, which analyzes the results of current IT maturity and adoption practices of organizations worldwide that have used the free Cloud Security Readiness Tool (CSRT). The data consists of answers provided by people who used the CSRT over a six-month period between October 2012 and March 2013. This trends report helps organizations understand and evaluate IT security areas that are strengths and weaknesses. For example, areas of strength for those who utilized the tool are information security (through deployment of antivirus /antimalware software), security architecture, and facility security. Areas of weakness are human resources security, operations security, information security (through consistent incident reporting), legal protection and operations management.