News

Manifesto: Actioning Baseline Cloud Security by Default

June 25, 2024

Cathy Suykens

2 minutes reading time

Manifesto: Actioning Baseline Cloud Security by Default

Securing cloud environments requires extensive configuration, protection, and hardening tailored to each organization. The current approach tends to be fragmented and product-focused rather than comprehensive and strategic. Despite numerous training modules, conferences, and other initiatives aimed at sharing experiences, many organizations, both large and small, struggle to implement basic security controls effectively within their user infrastructure given the complexity of the cloud environment. This is why the Cyber Security Coalition has signed the Manifesto advocating for vendors to integrate baseline security controls into their user infrastructure by default.

Manifesto

Actioning Baseline Cloud Security by Default

We, the signed, endorse the call upon the main cloud providers to implement cloud baseline security by default across their entire customer infrastructure as well as upon EU and U.S. governments to support this endeavour. We sign this letter as evidence of our support to shift the responsibility for implementing baseline cybersecurity in cloud environments from the customers to the providers.

By now most organizations are dependent on cloud infrastructure and services from Microsoft, Amazon, and Google. In turn, our societies are reliant on their effective operations and ramifications are felt across our economies and societies. The cloud offers advantages in terms of availability and scalability, but the technical complexity of configuring and securing the cloud is beyond the capacity of most user organizations.

Sane security options currently must be enabled by customers and maintained on a continual basis or are only available as a separate service, if customers are even aware of them at all. The system whereby we rely on customers to implement secure configurations, controls, and policies results in our infrastructure being ill-configured and insecure by default. Few have the means to overcome this challenge, most do not. Existing initiatives to support customers with this burden are not comprehensive, consistent, or transparent enough to ensure the baseline level of security. This leaves the customers vulnerable to malicious attacks and breaches and creates unwarranted risk.

We call upon the main cloud providers to unburden their customers of the many duplicative efforts of verifying, implementing, and maintaining recommended security baselines for the benefit of society at large. The cloud providers have the experience, capabilities, and reach to implement cloud baseline security by default, as described in the paper “Improving the world’s cyber resilience, at scale“.

We, the signed, realize this is an ambitious project and are willing to contribute to the stakeholder interaction to accompany the cloud providers on this journey.

Supported and signed by:

Jan De Blauwe

President

Cyber Security Coalition

Feed your Mailbox

Cyber Pulse newsletter keeps you up-to-date on the latest cybersecurity news, community actions and member stories.

Subscribe on LinkedIn

Hear and Learn

Cyber Talk podcast covers the wide world of cybersecurity and is aimed to appeal to cybersecurity practitioners and business managers alike, but can be enjoyed by any cybersecurity enthusiast. Join us every first Monday of the month!

Subscribe on platforms

Tags: #cloudsecurity

Manifesto: Actioning Baseline Cloud Security by Default

Manifesto: Actioning Baseline Cloud Security by Default

You May Also Like

EDUbox Cybersécurité: la protection numérique comme bonne habitude

A message from our Chair Jan De Blauwe to the members of the Cyber Security Coalition

Learn how to create your own cyber security awareness plan

A new campaign to promote two-step verification

OK is not always OK! – Launch of the national awareness campaign

Chair Jan De Blauwe’s New Year’s Address 2022