UK cyber security body the National Cyber Security Centre (NCSC) has released a refreshed set of guidelines for businesses and other groups looking to migrate to the cloud.
Launching the updated guidance on the first day of its flagship conference CyberUK22, the NCSC said that the guidance would help ensure a “more adaptable approach”.
It is aimed at organisations of any size, from across the public and private sectors, to reflect the increasing number of companies and groups switching to cloud-based services and data storage.
The Cloud Security Guidance was first issued nearly a decade ago and helped to guide buyers through issues of cloud security through 14 core principles.
The refreshed guidance is now available across two frameworks to improve accessibility and provide suitable guidance for organisations of all shapes and sizes, from small businesses to huge enterprises.
Paul Maddinson, director of national resilience and strategy at the NCSC, said that the cloud was playing an increasingly important role in online services across the country, with that trend only set to continue.
He added that the refreshed guidance was based on the principle of “security by design” and urged organisations of all types to make use of the actionable advice.
Refreshed guidance emphasises supply chain security
The guidance reflects an increasing awareness of supply chain security, including elements related to cloud services, emphasising the importance of thoroughly assessing potential suppliers.
The NCSC also said that sticking to a principles-based technology assurance approach allowed an assessment of how technologies can keep other systems and the people who relied on them safe from threats throughout those technologies’ lifespans.
Held across two days this week, the CyberUK22 conference returned in person after the 2020 event was cancelled and CyberUK21 was held in a virtual format.
Speaking at the opening of the conference on Monday, GCHQ director Jeremy Fleming spoke of the security organisation’s commitment to a “whole-of-society” cyber-strategy.
He said that the past two years had emphasised the importance of a shared life online, increasing awareness of supply chain vulnerabilities and the general risks from cyber-criminals.
Reflecting on the Government’s National Cyber Strategy, he said that this whole-of-society approach incorporated citizens, businesses of different sizes, academia, government bodies, and more.
He added that he felt that the strategy broke new ground and covered the whole of the cyber-world for the first time.
Today’s news was brought to you by TD SYNNEX – the UK’s number one solutions distributor.
Read more of our latest Cloud stories
