Organisations of all sizes will from today (Tuesday) benefit from
more accessible security guidance as increasing numbers switch to
cloud services.
The refreshed guidance from the National Cyber Security Centre –
a part of GCHQ – will help organisations support the secure
migration of their data and online services into the cloud.
Public and private sector organisations are increasingly
utilising the benefits of cloud solutions to streamline their
operations, and the updated Cloud Security Guidance has been made
more accessible to meet the increasingly diverse range of
organisations that are moving their operations online.
First launched in 2014, the refreshed collection presents two
frameworks which enable everyone from small businesses to large
enterprises to confidently ensure their current or prospective
cloud service has appropriate security measures in place.
It also emphasises the importance of conducting appropriate due
diligence of providers to reduce the risk of breaches or
accidental leaking or loss of sensitive data.
Paul Maddinson, Director of National Resilience and
Strategy at the NCSC, said:
“The cloud plays an increasingly vital role in the functioning of
online services across the UK, and this trend will continue into
the future.
“Our refreshed Cloud Security Guidance has the philosophy of
security-by-design at its heart, meaning that organisations can
have confidence when choosing a provider.
“I’d strongly encourage network defenders at organisations of all
sizes to make use of the actionable advice set out in our
refreshed Cloud Security Guidance.”
The new Cloud Security Guidance collection adheres to the NCSC’s
newly published principles-based technology assurance approach,
which enable thorough consideration of how a technology or system
can keep itself, and the people and systems that depend on it,
safe from threats it is likely to encounter throughout its
lifetime.
Chris Hayman, Director, UK Public Sector at Amazon Web
Services (AWS), said:
“Organisations are using cloud computing for ever more diverse
and mission sensitive use cases, and we’re pleased to see the
NCSC’s updated guidance reflect that.
“The NCSC is a world leader in the development of advice and
guidance on the security benefits of cloud, and we look forward
to continuing our work with them to support their mission to help
make the UK the safest place to live and work online.
“Security matters to everyone and for our part, we will continue
to innovate and help raise the security bar for everyone.”
The refreshed Cloud Security Guidance can be found in full on the
NCSC website, and supports customers to achieve the security
benefits of a good service. It does this by
- Examining the security differences between different types of
cloud services, such as Infrastructure as a Service (IaaS) and
Software as a Service (SaaS), and the risks introduced by their
deployment;
- Highlighting how a cloud can be secure be default, which
includes enforcing the use of multi-factor authentication;
- Recommending cloud vendors that make it easy for customers to
fulfil their security responsibilities.
- Encouraging customers to delegate as much responsibility for
doing their security well to their cloud provider as practicable.
