Trend Micro issued a free security assessment tool designed to measure an organization's readiness for cloud, mobile security and targeted attacks. The firm says the assessment could help company's securely adopt cloud computing services and efficiently mitigate the risks imposed by mobile devices and targeted attacks.
"This tool provides you with insight into your current cloud usage from a security perspective, and gives you guidance on how to improve your overall security measures as you make the move to virtualization and cloud computing," the security company said in a statement.
The company said it bases its recommendations on hundreds of assessments it has conducted globally.
U.S.-based enterprises appear to be the most cloud-ready, according to Trend Micro's analysis. Approximately 89% of U.S. organizations encrypt important data in the cloud. Meanwhile, about 39% of Japanese firms encrypt cloud data. "U.S. and Canadian organizations are the highest-ranked when it comes to having a cloud security policy shared regularly with employees," Trend Micro said.
The assessment also measures whether organizations have a documented process for handling targeted attacks and regularly communicate security policies with employees.
Guidance documents, cloud security recommendations:
A number of organizations have come forward offering guidance and best practices for data security in the cloud. The Cloud Security Alliance, a non-profit industry consortium has produced dozens of documents outlining ways to protect data in the cloud and assess cloud providers to gauge their their security postures. The organization issued a report on data governance in the cloud last year, helping organizations understand the top requirements of governing operating data in the cloud.
In May, the National Institute of Standards in Technology (NIST) issued a detailed report providing recommendations for risk management (.pdf), security controls and other issues based on the cloud environment. NIST warns organizations to understand the terminology inservice agreements to understand the obligations of the cloud service provider in the event of an incident. Organizations should consider incident response, monitoring, data backup and failover procedures, NIST said. The development of the NIST guidance highlights the complexity of the issue, experts say.
The U.S. federal government's effort to streamline cloud provider security evaluations is also underway. FedRAMP is designed to place standards on cloud service providers when being evaluated for government contracts. A number of cloud providers expect to get FedRAMP certified by the end of the year.
~ Robert Westervelt