To overcome this trust barrier, Microsoft has created an online library of security tools to assist in getting to the bottom of what these exploits are all about using such tools as the Attack Surface Analyser, the Auto Cross Site Scripting Library and the Enhanced Mitigation Experience Toolkit, all available directly from Microsoft.
Adrienne Hall, the General Manager of Trustworthy Computing at Microsoft, was in attendance at last week's RSA Conference Europe 2012 event speaking about the shift in exploit trends and more specifically the perceived barrier to cloud adoption.
She explained that despite security often being seen as a barrier, Microsoft nonetheless found in a study it performed that 57% of those who had already adopted the cloud had yielded time savings regarding security management and 54% saw an overall improvement in security.
Of those who have not yet embraced the cloud, the main detractors were seen as security (44%), lack of industry standards (61%) and lack of transparency (59%).
In order to remove such barriers, such organisations as the Cloud Security Alliance (CSA) and the International Standards Organisation (ISO) are collaborating and consulting with industry experts in order to provide more consolidated guidance and release standards.
In addition to this, Microsoft has launched its own initiative with the "Cloud Security Readiness Tool", a web based specification guide which is based on the Cloud Security Alliance's Cloud Control Matrix which enables organisations which use the tool to probe deeply into the specific security requirements based on the scope and level of their adoption.
Despite sounding like a heavyweight, resource intensive tool, Microsoft's online guide is quite simple to complete with the ability to save and break whilst gathering further information needed to complete the specification process.
This innovative and useful tool provides extensive detail in the output report and is tailored to specific industries. It includes a section on all the relevant regulations and controls that are required to be met to ensure good governance and compliance based on the industry (eg PCI DSS requirements if appropriate).
Thus the tool provides a complete guide to what is required from a security and compliance standpoint for companies wishing to adopt the cloud and should provide the means to breaking down another barrier to the adoption of cloud computing.