Two Companion Guides have been launched to help enhance cloud security understanding and compliance with national cybersecurity standards
THE Cyber Security Agency of Singapore, in collaboration with the Cloud Security Alliance, has unveiled two Cloud Security Companion Guides designed to bolster adherence to national cybersecurity standards:
– Cyber Essentials
– Cyber Trust
The announcement was made by Mr. Tan Kiat How, Senior Minister of State for Communications and Information and for National Development, during the Singapore International Cyber Week 2023 on 17th October 2023.
The companion guides were developed in close collaboration with major cloud service providers in Singapore, including Amazon Web Services, Google Cloud, and Microsoft. These providers contributed invaluable insights based on their extensive experience with customers, offering relevant findings, statistics, and validating the content of the companion guides.
In recent years, enterprise cloud adoption has witnessed a substantial surge. Correspondingly, cybercriminals are increasingly targeting organizations’ cloud environments, leading to a significant rise in cloud-based attacks over the past two years. The companion guides extend crucial advice to cloud customers, including small and medium-sized enterprises (SMEs), helping them comprehend their cloud-specific risks and responsibilities. This encompasses employee training to ensure secure cloud operations and the implementation of mechanisms for tracking and monitoring cloud service inventory.
Common Point of Confusion
A common point of confusion arises when organizations migrate to the cloud – the division of responsibility between themselves as cloud users and their cloud providers. While in an on-premise deployment, the organization solely bears the responsibility for its cybersecurity, in a cloud deployment, there exists a shared responsibility model. This may lead to potential misconfigurations, malicious attacks, and data breaches.
The companion guide for Cyber Essentials, tailored for SMEs, adopts a shared responsibility model to clarify the responsibilities of organizations and their providers in securing the cloud environment.
In contrast, the companion guide for Cyber Trust, aimed at larger or more digitally mature organizations, aligns each cybersecurity preparedness domain in the Cyber Trust mark, such as cyber governance and oversight and cyber education, with the framework published by the Cloud Security Alliance. This mapping serves as a valuable and accessible reference for organizations, simplifying the implementation of measures required to attain the Cyber Trust mark.
As part of the collaborative effort in developing the companion guides, Amazon Web Services, Google Cloud, and Microsoft have also created provider-specific guides organized according to the measures outlined in the Cyber Essentials and Cyber Trust marks.
The companion guides are now available for free on the Cyber Security Agency of Singapore’s website. Cloud providers, Chief Information Security Officer-as-a-Service providers, and certification bodies designated for Cyber Essentials and Cyber Trust will also distribute them to their respective customers. These companion guides are anticipated to benefit approximately 27% of businesses in Singapore utilizing cloud computing services, based on statistics gathered from the Infocomm Media Development Authority’s Survey on Infocomm Usage by Enterprises in 2022.
To view or download the Infographics by the CSA (in pdf format) of the:
– Cyber Essentials Infographics click here.
– Cyber Trust Infographics click here
