National Cyber Security Centre
Printable version

Organisations offered streamlined guidance to help them move to the cloud

Cloud security guidance refreshed to support small businesses to large organisations moving to cloud-based services.

Graphics of gears and clouds

  • Flagship Cloud Security Guidance refreshed to support increasing uptake of cloud services
  • Cloud guidance follows newly published NCSC principles which set out more adaptable approach to assuring technology of the future
  • Guidance published on first day of NCSC’s CYBERUK 2022 conference in Wales

UK ORGANISATIONS of all sizes will benefit from more accessible guidance as increasing numbers switch to cloud services.

The refreshed guidance from the National Cyber Security Centre – a part of GCHQ – will help organisations support the secure migration of their data and online services into the cloud.

Public and private sector organisations are increasingly utilising the benefits of cloud solutions to streamline their operations, and the updated Cloud Security Guidance has been made more accessible to meet the increasingly diverse range of organisations that are moving their operations online.

First launched in 2014, the refreshed collection combines two frameworks which enable everyone from small businesses to large enterprises to confidently ensure their current or prospective cloud service has appropriate security measures in place.

It also emphasises the importance of conducting appropriate due diligence of providers to reduce the risk of breaches or accidental leaking or loss of sensitive data.

Paul Maddinson, Director of National Resilience and Strategy at the NCSC, recently said:

“The cloud plays an increasingly vital role in the functioning of online services across the UK, and this trend will continue into the future.

“Our refreshed Cloud Security Guidance has the philosophy of security-by-design at its heart, meaning that organisations can have confidence when choosing a provider.

“I’d strongly encourage network defenders at organisations of all sizes to make use of the actionable advice set out in our refreshed Cloud Security Guidance.”

The new Cloud Security Guidance collection adheres to the NCSC’s newly published principles-based technology assurance approach, which enable thorough consideration of how a technology or system can keep itself, and the people and systems that depend on it, safe from threats it is likely to encounter throughout its lifetime.

Chris Hayman, Director, UK Public Sector at Amazon Web Services (AWS), recently said:

“Organisations are using cloud computing for ever more diverse and mission sensitive use cases, and we’re pleased to see the NCSC’s updated guidance reflect that.

“The NCSC is a world leader in the development of advice and guidance on the security benefits of cloud, and we look forward to continuing our work with them to support their mission to help make the UK the safest place to live and work online.

“Security matters to everyone and for our part, we will continue to innovate and help raise the security bar for everyone.”

The refreshed Cloud Security Guidance can be found in full on the NCSC website, and supports customers to achieve the security benefits of a good service. It does this by:

  • Examining the security differences between different types of cloud services, such as Infrastructure as a Service (IaaS) and Software as a Service (SaaS), and the risks introduced by their deployment.
  • Highlighting how a cloud can be secure be default, which includes enforcing the use of multi-factor authentication.
  • Recommending cloud vendors that make it easy for customers to fulfil their security responsibilities.
  • Encouraging customers to delegate as much responsibility for doing their security well to their cloud provider as practicable.


Channel website:

Original article link:

Share this article

Latest News from
National Cyber Security Centre