Skip to main content
Industry
·
2 min read

Cloud security risk assessment for government

Assessing compliance and cloud security risk

Cloud computing presents many organizations with a dilemma. The cost benefits and flexibility are undeniable but the path to a decision appears thick with uncertainty. In reality cloud computing is just another option available to government organizations with different compliance obligations and risk characteristics and it is these which need to be examined systematically in order to arrive at the right outcome for your organization.

Microsoft has developed a structured way for customers to assess various cloud options against each other drawn from the ISO31000 Enterprise Risk Management standard. It is called “Assessing compliance & risk for cloud computing deployments”.

We provide a set of tools to achieve this that includes the following components downloadable from this page:

  1. Field book – A practical field book built on ISO 31000 for compliance assessment and risk-based decision-making in cloud computing. This field book is for both IT and non-IT individuals. No special training is needed and any competent business practitioner should be able to follow the process and achieve a decision.
  2. Case study – A detailed worked example based on a fictitious government agency that walks users through a scenario and provides guidance for their own investigations.
  3. Excel template – A way for users to record the findings of their own assessment. This includes drop down menus for populating input and color coding for summarizing findings. It is completely open and extensible by users and we have pre-populated 50 of the most common risks.
  4. Video – Listen to Microsoft Australia’s Chief Technology Officer talk about the Cloud Risk Assessment framework, tools and how he positions it with Microsoft partners and customers.

Taken together these four components will allow a competent program or project manager to investigate multiple cloud alternatives and arrive at the right outcome for your organization. A specialist risk practitioner is not required. Our experience indicates that the assessment should commence using the Field Book to understand the process steps, where to source input, and how to run the investigation. You can then utilize the detailed Case Study as a guide for your own analysis and then populate your results for the risk section into the Excel template.

You are then ready to make a decision!

Next steps:

The Office 365 Trust Center
The Microsoft Azure Trust Center
Microsoft Dynamics CRM Trust Center

Microsoft logo
Microsoft Industry for Government Team

Related posts