Manifesto: Actioning Baseline Cloud Security by Default

2 min leestijd

Securing cloud environments requires extensive configuration, protection, and hardening tailored to each organization. The current approach tends to be fragmented and product-focused rather than comprehensive and strategic. Despite numerous training modules, conferences, and other initiatives aimed at sharing experiences, many organizations, both large and small, struggle to implement basic security controls effectively within their user infrastructure given the complexity of the cloud environment. This is why the Cyber Security Coalition has signed the Manifesto advocating for vendors to integrate baseline security controls into their user infrastructure by default.


Actioning Baseline Cloud Security by Default


We, the signed, endorse the call upon the main cloud providers to implement cloud baseline security by default across their entire customer infrastructure as well as upon EU and U.S. governments to support this endeavour. We sign this letter as evidence of our support to shift the responsibility for implementing baseline cybersecurity in cloud environments from the customers to the providers.

By now most organizations are dependent on cloud infrastructure and services from Microsoft, Amazon, and Google. In turn, our societies are reliant on their effective operations and ramifications are felt across our economies and societies. The cloud offers advantages in terms of availability and scalability, but the technical complexity of configuring and securing the cloud is beyond the capacity of most user organizations.

Sane security options currently must be enabled by customers and maintained on a continual basis or are only available as a separate service, if customers are even aware of them at all. The system whereby we rely on customers to implement secure configurations, controls, and policies results in our infrastructure being ill-configured and insecure by default. Few have the means to overcome this challenge, most do not. Existing initiatives to support customers with this burden are not comprehensive, consistent, or transparent enough to ensure the baseline level of security. This leaves the customers vulnerable to malicious attacks and breaches and creates unwarranted risk.

We call upon the main cloud providers to unburden their customers of the many duplicative efforts of verifying, implementing, and maintaining recommended security baselines for the benefit of society at large. The cloud providers have the experience, capabilities, and reach to implement cloud baseline security by default, as described in the paper “Improving the world’s cyber resilience, at scale“.

We, the signed, realize this is an ambitious project and are willing to contribute to the stakeholder interaction to accompany the cloud providers on this journey.


Supported and signed by:

Jan De Blauwe


Cyber Security Coalition

(Visited 1,142 times, 1 visits today)

About the author

Cathy Suykens joined the Cyber Security Coalition in April 2018 as Operations Manager. She boasts a longstanding career in the financial services industry in different domains with various assignments abroad.