Manifesto
Actioning Baseline Cloud Security by Default
We, the signed, endorse the call upon the main cloud providers to implement cloud baseline security by default across their entire customer infrastructure as well as upon EU and U.S. governments to support this endeavour. We sign this letter as evidence of our support to shift the responsibility for implementing baseline cybersecurity in cloud environments from the customers to the providers.
By now most organizations are dependent on cloud infrastructure and services from Microsoft, Amazon, and Google. In turn, our societies are reliant on their effective operations and ramifications are felt across our economies and societies. The cloud offers advantages in terms of availability and scalability, but the technical complexity of configuring and securing the cloud is beyond the capacity of most user organizations.
Sane security options currently must be enabled by customers and maintained on a continual basis or are only available as a separate service, if customers are even aware of them at all. The system whereby we rely on customers to implement secure configurations, controls, and policies results in our infrastructure being ill-configured and insecure by default. Few have the means to overcome this challenge, most do not. Existing initiatives to support customers with this burden are not comprehensive, consistent, or transparent enough to ensure the baseline level of security. This leaves the customers vulnerable to malicious attacks and breaches and creates unwarranted risk.
We call upon the main cloud providers to unburden their customers of the many duplicative efforts of verifying, implementing, and maintaining recommended security baselines for the benefit of society at large. The cloud providers have the experience, capabilities, and reach to implement cloud baseline security by default, as described in the paper “Improving the world’s cyber resilience, at scale“.
We, the signed, realize this is an ambitious project and are willing to contribute to the stakeholder interaction to accompany the cloud providers on this journey.
Supported and signed by:
Jan De Blauwe
President
Cyber Security Coalition