Address UK NCSC’s Cloud Security Principles for Microsoft Azure workloads using Cloudneeti
Seattle, WA –September 20, 2018 –Today Cloudneeti announced the release of automated validations for UK NCSC’s Cloud Security Principles for Microsoft Azure workloads. The UK NCSC guidance works like a bridge between government and industry, with the proviso of a unified source of inputs, advices, leadership, and platform for Cyber-Security, including the management of Cyber-Security incidents. The NCSC provides a unique opportunity to build effective Cyber-Security partnerships between government, industry and the public to ensure that the UK is safer online.
“Cloudneeti’s security validation engine enables businesses to improve the security posture of their cloud workloads on Azure. The product allows continuous monitoring of workload configurations and brings in the needed transparency for collaborative efforts across DevOps, Security Operations Center and Compliance teams” said Andy Zhulenev, President, Cloudneeti.
The NCSC works like a bridge between government and industry, with the proviso of a unified source of inputs, advices, leadership, and platform for Cyber-Security, including the management of Cyber-Security incidents.
“Cloudneeti provide depth expertise in cloud security and cloud automation, designed to help organisations to better understand and meet their the security, privacy and compliance obligations. Cloud automation is a key enabler for businesses looking to transform” said John Doyle, Director, Cloud & AI, Worldwide Health Industry, Microsoft.
NCSC launched on 1 October 2016. The NCSC provides a unique opportunity to build effective Cyber-Security partnerships between government, industry and the public to ensure that the UK is safer online. It will provide cyber incident response and be the UK’s authoritative voice on Cyber-Security. For the first time, key sectors will be able to engage directly with NCSC staff to get the best possible advice and support on securing networks and systems from cyber threats.
The NCSC provides:
a unified source of advice for the Government’s Cyber-Security threat intelligence and information assurance
the strong public face of the Government’s action against cyber threats
a public-facing organization with reach back into GCHQ to draw on necessarily secret intelligence.
The UK faces huge threats of cyber-attacks from states, serious crime gangs, hacking groups, and terrorists. As part of the Government’s new National Cyber-Security strategy, the NCSC will be a critical asset in the UK’s evolving national security climate.
The NCSC will not just be restricted to helping the financial services sector, however. It will also raise awareness of government intent around cyber, undertake dialogue that shapes service delivery and demonstrate serious commitment to listen and develop sustainable engagement channels with the UK cyber-security ecosystem.
The Cloud Security Guidance published by NCSC lists 14 essential principles to consider when evaluating cloud services, and why these may be important improve the underlying security of the UK internet and to protect critical services from cyber-attacks.
UK NCSC Cloudneeti Dashboard
Customer and Cloud service providers both are responsible for ensuring that Cloud platform and workloads are secure. They must identify critical systems and regularly assess their vulnerability against an evolving technological landscape and threat. They must invest in technology and their staff to reduce vulnerabilities in current and future systems. Cloudneeti validates 7 essential Cloud Security Principles which can be automated.
Cloud Security Principle 4: Governance framework –The service provider should have a security governance framework which coordinates and directs its management of the service and information within it. Any technical controls deployed outside of this framework will be fundamentally undermined.
Cloud Security Principle 5: Operational security –The service needs to be operated and managed securely in order to impede, detect or prevent attacks. Good operational security should not require complex, bureaucratic, time consuming or expensive processes.
Cloud Security Principle 9: Secure user management –Your provider should make the tools available for you to securely manage your use of their service. Management interfaces and procedures are a vital part of the security barrier, preventing unauthorized access and alteration of your resources, applications and data.
Cloud Security Principle 13: Audit information for users –You should be provided with the audit records needed to monitor access to your service and the data held within it. The type of audit information available to you will have a direct impact on your ability to detect and respond to inappropriate or malicious activity within reasonable timescales.
Benchmarks help you safeguard systems, software, and networks against today’s evolving cyber threats. UK NCSC guidelines are developed by the NCSC GCHQ body, Cloudneeti’s specific benchmark and related policies are an interpretation and potential applicability of requirements to the public cloud (Microsoft Azure). UK NCSC has not published a benchmark specifically for Microsoft Azure. The rules & policies listed here are based on auditor interpretations, interaction with our customers and various Industry security analysts.
Cloudneeti, a business unit of Avyan Corp, a global leader in Cloud Workload Assurance, is a privately held company headquartered in Redmond, WA, USA with offices and development centers in US, India and Eastern Europe, enables organizations to accelerate cloud adoption by proactively managing their security and compliance posture natively. Cloudneeti solves the challenges of managing security and compliance by providing instant visibility of cloud security posture, active validation of cloud configuration & compliance, and ongoing governance of cloud assets.