Assess your Cloud Security Maturity with this 100% free tool
Find out how good your cloud security is with this free method
In my earlier posts I covered creating a Cloud Security roadmap and setting up a Governance framework as crucial steps for securing your cloud environment; let us now move to the phase where we want to see the fruits of our hard work.
The best way to get an objective and clear idea about your cloud security controls is via a Cloud Security Maturity Assessment ( CSMA ).
A CSMA is an independent assessment which is done of your environment to let you know how good your cloud controls are.
Just to be very clear, it is NOT any of the below :
An audit report
A Cloud penetration test report
A report generated by a Cloud Security Posture Management tool
Simply put a Cloud Security Maturity Assessment tells you in a structured way how good your cloud security program is .
This is not just an evaluation of your technical controls but a holistic view of what is working and what is not and where you need to invest money and resources in be it people, processes or tools
Cloud Security Maturity Assessment process
If your company is interested in having a CSMA done then there are a huge number of companies who specialize in doing these type of assessments.
Once you have engaged them the next step is to provide them information about your environment via the below :
Questionnaires
Technical tools which scan your environment
Workshops with the teams
A typical CSMA executes over a series of days of weeks and the output will be a comprehensive report with executive summaries / dashboards etc. along with a maturity score showing where you stand in your cloud security journey
Do not freak about out by the number of REDs that will be present as that is normal for your first CSMA

The meat of the report is usually recommendations from the experts about where you are and what your targets should be to reach the next level of maturity.
It will give you clear goals and an actionable roadmap for the next 12 to 18 months for reaching the next level which helps a lot when you need to ask management for investments.
For senior management they usually get an executive summary allowing them to see return on their investments and a current assessment of their cloud risk.
Once you have completed your CSMA it is recommended to repeat the process every 3 to 5 years as it will allow you see the growth in your maturity over time
How much do Cloud Security Maturity Assessments cost ?
As mentioned earlier CSMA usually involve a lot of information gathering via interviews / questionnaires / workshops with cloud security experts who then deliver the report to you and your senior management.
The bad news is that they are usually not cheap and require a significant investment of time and money. However this is worth it and they end up paying for themselves over the long run
However good news is that if your company is strapped for cash and cannot afford to shell out the big bucks then you are in luck as there is a free alternative available
IANs Cloud Security Maturity Model
IANs a Boston based cybersecurity firm have made a free Cloud Security Maturity Assessment tool available which helps companies assess their maturity across three the below three domains .
Foundational — Activities such as account creation, Identity and Access management , logging etc.
Structural — network, application, and data security and how to automate them
Procedural — processes surrounding your cloud activities e.g. how well security is integrated into your DevOps cycle
Its a completely free tool which can be accessed at iansresearch.com/cloudmaturity and lets you know where you stand and helps you make informed decisions about where to invest and prioritize .
Via a series of questionnaires which do not require you to divulge any sensitive information it will generate a full report showing your current level of cloud maturity as per the below benchmarks
Use the report to gain information about your current posture and where you need to invest to increase you maturity over the coming 12 to 18 months.
Next Steps
I hope this post helped out in understanding the value add of Cloud Security Maturity Assessments and how they can help you plan your next steps.
With the free tools available now , there is no reason not to do this for your organization today