National Cyber Security Centre
Organisations offered streamlined guidance to help them move to the cloud
Cloud security guidance refreshed to support small businesses to large organisations moving to cloud-based services.
- Flagship Cloud Security Guidance refreshed to support increasing uptake of cloud services
- Cloud guidance follows newly published NCSC principles which set out more adaptable approach to assuring technology of the future
- Guidance published on first day of NCSC’s CYBERUK 2022 conference in Wales
UK ORGANISATIONS of all sizes will benefit from more accessible guidance as increasing numbers switch to cloud services.
The refreshed guidance from the National Cyber Security Centre – a part of GCHQ – will help organisations support the secure migration of their data and online services into the cloud.
Public and private sector organisations are increasingly utilising the benefits of cloud solutions to streamline their operations, and the updated Cloud Security Guidance has been made more accessible to meet the increasingly diverse range of organisations that are moving their operations online.
First launched in 2014, the refreshed collection combines two frameworks which enable everyone from small businesses to large enterprises to confidently ensure their current or prospective cloud service has appropriate security measures in place.
It also emphasises the importance of conducting appropriate due diligence of providers to reduce the risk of breaches or accidental leaking or loss of sensitive data.
Paul Maddinson, Director of National Resilience and Strategy at the NCSC, recently said:
“The cloud plays an increasingly vital role in the functioning of online services across the UK, and this trend will continue into the future.
“Our refreshed Cloud Security Guidance has the philosophy of security-by-design at its heart, meaning that organisations can have confidence when choosing a provider.
“I’d strongly encourage network defenders at organisations of all sizes to make use of the actionable advice set out in our refreshed Cloud Security Guidance.”
The new Cloud Security Guidance collection adheres to the NCSC’s newly published principles-based technology assurance approach, which enable thorough consideration of how a technology or system can keep itself, and the people and systems that depend on it, safe from threats it is likely to encounter throughout its lifetime.
Chris Hayman, Director, UK Public Sector at Amazon Web Services (AWS), recently said:
“Organisations are using cloud computing for ever more diverse and mission sensitive use cases, and we’re pleased to see the NCSC’s updated guidance reflect that.
“The NCSC is a world leader in the development of advice and guidance on the security benefits of cloud, and we look forward to continuing our work with them to support their mission to help make the UK the safest place to live and work online.
“Security matters to everyone and for our part, we will continue to innovate and help raise the security bar for everyone.”
- Examining the security differences between different types of cloud services, such as Infrastructure as a Service (IaaS) and Software as a Service (SaaS), and the risks introduced by their deployment.
- Highlighting how a cloud can be secure be default, which includes enforcing the use of multi-factor authentication.
- Recommending cloud vendors that make it easy for customers to fulfil their security responsibilities.
- Encouraging customers to delegate as much responsibility for doing their security well to their cloud provider as practicable.
Latest News from
National Cyber Security Centre
UK joins international cyber agency partners to release supply chain guidance12/05/2022 14:20:00
Joint advisory sets out practical steps to take for managed service providers and their customers to protect themselves.
NCSC joins industry to offer unprecedented protection for public from scams12/05/2022 13:20:00
Data sharing collaboration will allow ISPs to instantly block access to fraudulent sites.
Chancellor of the Duchy of Lancaster speech at Cyber UK11/05/2022 16:12:00
Steve Barclay today gave a speech at the Cyber UK conference in Wales.
Russia behind cyber attack with Europe-wide impact an hour before Ukraine invasion11/05/2022 15:43:00
New UK and US intelligence suggests Russia was behind an operation targeting commercial communications company Viasat in Ukraine.
New email security tool launched to help organisations check their defences11/05/2022 10:33:00
A free email security check service helps organisations identify vulnerabilities.
NCSC significantly expands services to protect UK from record number of online scams11/05/2022 09:15:00
A record number of scams were removed from the internet in 2021 thanks to the Active Cyber Defence programme.
NCSC and allies publish advisory on the most commonly exploited vulnerabilities in 202127/04/2022 16:10:00
A joint advisory from the NCSC and international partners details the 15 most commonly exploited vulnerabilities in 2021.
Schools offered free cyber defence tools to help keep out attackers26/04/2022 16:15:00
UK education settings can sign up for the NCSC's Web Check and Mail Check services to protect their websites and email servers from cyber attacks.