Microsoft launches cloud services due diligence checklist
Microsoft has launched a cloud services due diligence checklist aimed at providing organisations with more standardised procedures for their potential cloud push.
The checklist is based on the emerging ISO/IEC 19086 standard which focuses on cloud service level agreements, and gives structure to organisations of all sizes and sectors to identify their objectives and requirements, before comparing the offerings of different cloud service providers.
“Cloud adoption is no longer simply a technology decision,” Microsoft writes in a page explaining the checklist. “Because checklist requirements touch on every aspect of an organisation, they serve to convene all key internal decision makers – the CIO and CISO as well as legal, risk management, procurement, and compliance professionals.
“The checklist promotes a thoroughly vetted move to the cloud, providing a structured guidance and a consistent, repeatable approach to choosing a cloud service provider,” it adds.
It’s worth noting, as Microsoft does in the document, that the checklist is not intended to be, nor should be considered a substitute for the 19086 standard – its role is to essentially distil the 37 page standard document into two pages – yet it does go through performance, service, data management and governance checks.
In putting the checklist together, Microsoft also cited a Forrester research study which argued that more than 94% of organisations polled would change some terms in their current cloud agreement. Agreements often miss key considerations due to their complex nature, the research notes, while topics cloud buyers regret not having in their agreements are around security, privacy, and awareness around internal key stakeholders.
Earlier this month, Microsoft CEO Satya Nadella told delegates at the company’s Transform conference in London how cloud computing, through powering artificial intelligence and machine learning, was putting technology “in the hands of humanity.” Back in August, the company announced it had obtained ISO 27017 compliance, which gives additional controls specifically relating to cloud services.
You can download the full checklist here.
- » Mind the backup gap: Protecting born in the cloud data in Office 365
- » You've got 99 problems when it comes to public cloud compliance – but cryptojacking may not be one
- » If you’re planning a major move to the cloud – ask these 13 questions first
- » AWS launches new security offering which mitigates S3 misconfigurations – if customers get it right