Page 2 of 2
Customizable to various vertical markets and the standards most applicable to each one, the tool measures security maturity in 10 areas. These include architecture, HR security, facility security, information security, data governance, legal, risk management, release management, resiliency and operational management. For each area, the tool assesses the systematic approach ranging from "we just wing it," to "we have extensive audits on a regularly scheduled basis." This culminates in a report of approximately 60 pages that describes their current state and provides recommendations on what the customer can do next to improve their status in that particular area.
"So it provides recommended mitigation, and it also describes what benefits you would get from adopting cloud-based security," said Microsoft's Jones.
Jones says that the initiative is aimed at end users and also channel partners seeking a systematic approach to better understanding the needs and circumstances of the client or prospect. He claims that the cloud recommendation is offered on an agnostic basis, given that Microsoft serves customers both through the cloud and on-prem.
"If I were a partner, I would make up a sample for myself with made-up answers, and then show to my customer as an example of what I could deliver," he said. "Even if they don't adopt cloud, you can help them to develop next steps around formal reviews and similar strategies that can make their approach to security more mature."