UK NCSC refreshes cloud security guidance for all organisations

The UK’s National Cyber Security Centre says the updated guidance will help businesses better support the secure migration of data and online services into the cloud.

cloud security concept picture id1164614988
iStock

The UK National Cyber Security Centre (NCSC) has refreshed its cloud security guidance for organisations of all sizes. The NCSC said the updated guidance will help organisations support the secure migration of data and online services into the cloud as increasing numbers of businesses switch to cloud services. The refreshed guidance was announced on day one of the UK government’s flagship cybersecurity conference CYBERUK 2022 in Wales.

Updated guidance implements new security principles, adaptable approach for securing future technology

First launched 2014, the cloud security guidance supports organisations of all sizes to navigate the array of technologies which make up the cloud and the management models which underpin their use, ensuring they have appropriate security measures in place. Following its refresh, the guidance now implements recently published NCSC principles which set out more adaptable approaches to assuring technology of the future. These include:

  • Examining the security differences between different types of cloud services, such as infrastructure as a service (IaaS) and software as a service (SaaS), and the risks introduced by their deployment
  • Highlighting how a cloud can be secure be default, which includes enforcing the use of multi-factor authentication
  • Recommending cloud vendors that make it easy for customers to fulfil their security responsibilities
  • Encouraging customers to delegate as much responsibility for doing their security well to their cloud provider as practicable

Commenting on the guidance update, Paul Maddinson, director of national resilience and strategy at the NCSC, said, “The cloud plays an increasingly vital role in the functioning of online services across the UK, and this trend will continue into the future. Our refreshed cloud security guidance has the philosophy of security-by-design at its heart, meaning that organisations can have confidence when choosing a provider. I’d strongly encourage network defenders at organisations of all sizes to make use of the actionable advice set out in our refreshed cloud security guidance.”

Chris Hayman, director, UK Public Sector at Amazon Web Services (AWS), added that the NCSC’s updated guidance reflects the fact that organisations are using cloud computing for ever more diverse and mission sensitive use cases. “The NCSC is a world leader in the development of advice and guidance on the security benefits of cloud, and we look forward to continuing our work with them to support their mission to help make the UK the safest place to live and work online. Security matters to everyone and for our part, we will continue to innovate and help raise the security bar for everyone.”

Related:

Copyright © 2022 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022